#!/bin/bash -x set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR # # fai's setup-storage won't do btrfs on luks, # # so we do it ourself :) skiptask partition repartition=true letters=(a) if ifclass VM; then d=/dev/vd letters=(a b) else d=/dev/sd fi boot_end=504 ! ifclass tp || letters=(a b) devs=() # 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86 swap_end=$(( $(grep ^MemTotal: /proc/meminfo| awk '{print $2}') * 3/(${#letters[@]} * 2 ) / 1000 + boot_end ))MiB if $repartition; then mkdir -p /tmp/fai for letter in ${letters[@]}; do dev=$d$letter devs+=($dev) [[ -e $dev[0-9] ]] && for x in $dev[0-9]; do wipefs -a $x; done parted -s $dev mklabel gpt # gpt ubuntu cloud image uses ~4. fai uses 1 MiB. ehh, i'll do 4. parted -s $dev mkpart primary "ext3" 4MB ${boot_end}MiB parted -s $dev set 1 boot on parted -s $dev mkpart primary "linux-swap" ${boot_end}MiB $swap_end parted -s -- $dev mkpart primary "" $swap_end -0 parted -s $dev set 3 raid on parted -s $dev mkpart primary "" 1MiB 4MiB parted -s $dev set 4 bios_grub on # the mkfs failed randomly on a vm, so I threw a sleep in here. sleep .1 mkfs.ext4 -F ${dev}1 done if ((${#devs[@]} > 1)); then crypt=md0 yes | mdadm --create /dev/$crypt --level=raid0 --force --run \ --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]] else crypt=${dev##/dev/}3 fi head -c 2048 /dev/urandom | od > /tmp/fai/crypt_dev_$crypt yes YES | cryptsetup luksFormat /dev/$crypt /tmp/fai/crypt_dev_$crypt \ -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]] yes $(cat /var/lib/fai/config/distro-install-common/luks/traci) | \ cryptsetup luksAddKey --key-file \ /tmp/fai/crypt_dev_$crypt /dev/$crypt || [[ $? == 141 ]] # this would remove the keyfile. we will do that manually later. # yes 'test' | cryptsetup luksRemoveKey /dev/... \ # /key/file || [[ $? == 141 ]] cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt --key-file \ /tmp/fai/crypt_dev_$crypt parted ${devs[0]} set 1 boot on mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt mount /dev/mapper/crypt_dev_$crypt /mnt cd /mnt btrfs subvolume create a btrfs subvolume create root btrfs subvolume set-default $(btrfs subvolume list . | grep 'root$' | awk '{print $2}') . cd / umount /mnt else /var/lib/fai/config/distro-install-common/reset-btrfs-root fi cat > /tmp/fai/crypttab <> /tmp/fai/crypttab < /tmp/fai/fstab </tmp/fai/disk_var.sh <