I run a few Raspberry Pi 4s, and I tend to set them up in the same way, in terms of LUKS with unlocking over ssh, and then the same, or very similar, hardening / securing.
I’m used to doing the same setup routine on each device by hand, and that can’t be the best way of doing it:
- it takes up my time
- it’s more prone to error than doing it automatically (assuming I get the set-up correct for the automatic implementation)
Two options come to mind:
- I script automation of this (and that would probably be the better approach), but that is going to take considerable time for me to write it and test it.
- I get one micro SD card set up the way I want it, as a base image, and then I clone it to other micro SD cards in the future.
I went with the second option, because it seemed like the easier approach.
I did an installation and configuration the way I wanted, shut down the Raspberry Pi, removed the micro SD card, and then put it into a card reader in my computer.
SD card to SD card cloning was too slow
Initially, I tried cloning it directly to another micro SD card, but that was going to take upwards of three hours. I was hoping for something faster than that.
SD card to .img, .img to SD card works better
The second approach, with thanks to a tip on Twitter, was to clone the micro SD card to a .img file on my computer, and then copy that .img file to a micro SD card whenever I want to provision a Pi.
This was a slightly quicker process in itself - about two hours - but it means that I now have the .img file on my computer, and it takes about an hour to create a new SD card image from it, or 1.5 hours if you include verification.
Creating the .img
sudo dd bs=16M if=/dev/sda of=/home/neil/Desktop/provisioning_pi.img conv=fsync status=progress
Creating an SD card based on that image
I was lazy, and used Balena’s Etcher. I could have used
I’ve only done a couple so far, but they have both worked.
An SD card duplicator is tempting
This process works, but I don’t really want to keep a 128GB .img file hanging around.
I am not sure I can readily shrink it, even though there is plenty of used space, because the majority of it is a LUKS partition.
I might be able to create it with a smaller LUKS partition, and then expanded in when loaded into a Pi, but that’s going to take even more time.
So an SD card duplicator looks attractive, and a small duplicator - which can do a one-to-one copy, rather than one-to-many - is about £120. Not cheap, but not dreadful, and, from a business point of view, far from a silly investment.