
Replace a running Debian installation by Arch remotely over ssh - m-ou-se
https://gist.github.com/m-ou-se/863ad01a0928e184b2b8
======
bobmagoo
Just waiting for the hilarious/terrible moment when someone hooks this up to a
script scanning the internet for weak SSH passwords and singlehandedly
skyrockets the install base for Arch.

~~~
derFunk
Some modifications would be needed to let this run really unattended. Yet it
would be fun seeing one of the infamous "# curl [http://](http://)
install.coolstuff.io | bash" install processes :)

~~~
microcolonel
Especially if combined with a privilege escalation exploit or two.

------
qrmn
I've experimented with doing this kind of thing myself, especially with
servers where I don't have ready access to the console and where the provider
doesn't offer custom ISO support and I wanted a clean (and/or customised)
install, perhaps of something not yet supported.

While I did have some success with in-place install shenanigans, I eventually
settled on creating a customised install ISO for the distribution I wanted
(with a script to have it automatically listening for remote shell
connections, and so on), using isohybrid on the ISO (which makes the ISO's
first sector also a bootable MBR), and then simply dd if=install.iso
of=/dev/sda - right over the top of the partition table and everything.

It's inelegant, to say the very least, but it works just fine! I'm pretty sure
I saw that technique used a few times during Twitch Installs Arch Linux,
during the more exotic segments when some joker hijacked the effort
temporarily by installing Windows 95, and TempleOS, and so on.

~~~
voltagex_
How does something like the Arch Linux installer handle being "overwritten" as
it installs? Or do you skip the first ~700mb of the drive when installing?

~~~
microcolonel
Interesting approach, skipping the space. But I think it would be simpler to
just start with whatever's configured on the install disc. It's a pretty
normal archlinux install, just need to change the passwords.

------
bentpins
It reminds me of changing the wheels of a car while driving it

[https://www.youtube.com/watch?v=MQm5BnhTBEQ](https://www.youtube.com/watch?v=MQm5BnhTBEQ)

------
yuvadam
There's a battle tested script that already does this specifically for
DigitalOcean and can probably easily be adopted to other environments

[https://github.com/gh2o/digitalocean-debian-to-
arch](https://github.com/gh2o/digitalocean-debian-to-arch)

~~~
iheartmemcache
Your link: >> 13\. Reboot!

The OP: Instructions to replace a _live_ Debian installation with Arch

(Emphasis mine)

------
mverwijs
Heheh. People used to do this with Debian when Debian wasn't widely available
on remote hosts. Even made it to the official Debian manual it seems:

[https://www.debian.org/releases/etch/i386/apds03.html.en](https://www.debian.org/releases/etch/i386/apds03.html.en)

~~~
lozf
Also similar to Colin Percival's "Depenguinator"[0] script to replace Linux
with BSD (originally from 2003).

[0]:
[http://www.daemonology.net/blog/2008-01-29-depenguinator-2.0...](http://www.daemonology.net/blog/2008-01-29-depenguinator-2.0.html)

------
hspak
This reminds me of when the Twitch Installs Arch Linux took off, someone got a
script to run that installed gentoo over the arch install.

------
moreorless
Reminds me of depenguinator back from the days :)

[http://www.daemonology.net/blog/2008-01-29-depenguinator-2.0...](http://www.daemonology.net/blog/2008-01-29-depenguinator-2.0.html)

[https://github.com/allanjude/depenguinator](https://github.com/allanjude/depenguinator)

------
dantillberg
This is fantastic for e.g. EC2 where Arch Linux AMIs are hard to come by.
(where "hard to come by" just means that they're available at
[https://www.uplinklabs.net/projects/arch-linux-on-
ec2/](https://www.uplinklabs.net/projects/arch-linux-on-ec2/) but I don't know
who uplinklabs.net is nor whether I should trust their AMIs)

~~~
voltagex_
It really needs to be easier/cheaper to run your own image on EC2. I should
try again now I have enough upstream capacity to upload the disk image - but
don't you then pay for the AMI hosting forever?

Edit: looks like the scripts / source to create the AMI are available so you
could build it yourself if you wanted. Bonus points if you can build it on an
EC2 spot instance and deploy it, CI/CD style.

------
mfincham
Here's my attempt at partially automating this process for replacing Debianish
systems remotely with Debian by launching the installer initrd with kexec:
[https://github.com/fincham/kexec-remote-debian-
install](https://github.com/fincham/kexec-remote-debian-install)

Works on DigitalOcean etc.

------
namecast
Neato. Just one minor nitpick: I see two points where vim is invoked but no
way to tell what edits were made to the files (though it's easy enough to
guess from the filenames).

Switch those two out with appropriate sed or echo commands, add a bash shebang
at line 1, and baby, you've got a stew going!

------
clord
Instead of rebooting, it should (in theory) be possible to use the kexec
syscall to replace the kernel. I would rather just reboot for various
hardware-related reasons though...

------
nailer
They're nervous about this part:

    
    
      # Restart sshd in the new root.
      cp /mnt/etc/ssh/* /etc/ssh
      killall -HUP sshd
      # You'll have to reconnect at this point. Let's hope it works.
    

Use a dead man's switch: set an 'at' job to undo everything in 10 minutes. If
you screw up and get disconnected, the at job runs.

------
giggi89
I've been using
[https://github.com/drizzt/vps2arch](https://github.com/drizzt/vps2arch) since
a "long" time for the same task

------
emeraldd
Kind of like installing gentoo [https://www.gentoo.org/get-
started/](https://www.gentoo.org/get-started/)

------
mrpippy
I remember doing this to install Gentoo on a RedHat 7 (not RHEL 7, but RHL 7)
machine ~12 years ago.

------
kozukumi
These kind of things is what makes Linux so amazing [to me].

I wonder if this is possible with Windows at all?

~~~
recursive
The Windows 8 -> 10 update doesn't require much manual intervention.

~~~
pbhjpbhj
I did MS Win 7-10 over a VNC-like connection (Team viewer) - just like sitting
at the real computer.

~~~
kozukumi
I was thinking more from the can you do a manual in system replacement like
this on Windows. I guess in some ways doing an upgrade from 7/8 to 10 is
similar but it doesn't really feel the same.

------
agumonkey
shouldn't there be a sed line to uncomment some locales before actually
locale-gen them ?

ps: I was completely blind to that vim statement just above. Ha, humans.

pps: also learned about mount --move and pivot_root from util_linux.

------
BorisMelnik
This is nuts, I would have never guessed you could swap an entire OS out! I
scanned the code, this can be done without rebooting and while preserving
"uptime" yes?

~~~
toast42
Last command:

reboot # And pray it'll boot.

~~~
lolc
Well technically you're already running Arch with a Debian kernel before the
reboot. You could install and start services, the guide does so for sshd. Now
-- taking off my pedant hat -- clearly you wouldn't want to rely on this
chimera, and rather let it settle into one shape through a reboot.

My success rate with such projects is sufficiently low that I only attempt it
when I have no other option. And that's for Debian -> Debian bootstrapping.
Most of the time I manage to fumble a crucial parameter and the boot fails. I
wouldn't even think of doing this remotely except as a challenge.

But that's not to mean you shouldn't try it for the fun of it!

~~~
voltagex_
If the Debian kernel supports kexec it could be even more fun.

Is there any actual utility to scripting such a thing? I'm a strange person
who enjoys distro-hopping and setting up PXE servers and such, so it seems
like something I'd try.

------
Sleaker
This only works on a KVM host or one with actual mount points though, correct?
Like it wont work on a virtual host with a shared kernel correct?

------
digi_owl
[http://bedrocklinux.org/](http://bedrocklinux.org/) came to mind...

------
mixmastamyk
Too bad it doesn't replace Windows instead.

~~~
Daviey
I did once replace a remote running Windows 2000 server with ubuntu, via
netinst + repacked intrd with full preseeding bundled.

Rebooted the machine, waited 20 mins whilst apprehensively hammering it with
ssh.

------
geofft
If I'm reading this right, this creates a _new_ Arch rootfs onto /dev/xvda2
and abandons the old Debian one?

~~~
m-ou-se
At the start, /dev/xvda2 mounted as /, with Debian installed on it. The goal
was to wipe it and install arch on it, all remotely over ssh, since I didn't
have access to the console.

------
outworlder
That's actually one of the ways you can install Gentoo. That is, over a
running system. Which can be remote.

------
lsv1
reboot # And pray it'll boot.

Let's do this in production.

~~~
aruggirello
Let's do this in a cronjob, so your system swaps OS every 60 minutes or so...

------
unixhero
This is awesome. Totally a ballsy thing to do :)

------
wakwanza
so basically the tuxissa virus.

------
lutusp
My favorite line from the procedure:

> reboot # And pray it'll boot.

This kind of thing should be performed by a well-tested script, not an
interactive session. Otherwise you might have an "Oh, what did I just type?"
moment.

~~~
vacri
Before you can script it (and test that script), you have to know what
instructions to use in the first place.

------
dh997
Linux installs (apart from grub boot blocks and partitioning) are JBOF (just a
bunch of files).

Mostly, the non-user parts are /etc /boot /usr and /var (for package
management), and things aren't always in the same places and conf files may
vary in options because of version/patch differences.

Using symlinks and seperate directories, it's theoretically possible to switch
OSes at boot time assuming everything is symlink-agonistic (stow for operating
systems)

It's possible and rarely necessary except for personal playgrounds but a
production box would follow 12factors standards and lifecycle the entire OS by
switching the underlying base image with something like unionfs + hypervisor.

Lots of ways to shoot yourself in the feet, and in box rebuilds it's usually
much faster to just start fresh and deploy using configuration management than
try to hammer a bank into the shape of plane.

Definitely make verified backups before attempting a lobotomy on anything
real.

