# # so we do it ourself :)
skiptask partition
-repartition=true
+repartition=false
+
+# keyfiles generated like:
+# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
+luks_dir=/var/lib/fai/config/distro-install-common/luks
letters=(a)
else
d=/dev/sd
fi
+devs=()
+for letter in ${letters[@]}; do
+ devs+=($d$letter)
+done
boot_end=504
! ifclass tp || letters=(a b)
-devs=()
+md() { ((${#letters[@]} > 1)); }
+
+if md; then
+ # if partition with md0, then reboot into the installer,
+ # it becomes md127. So might as well start with 127 for simplicity.
+ crypt=md127
+else
+ crypt=${d##/dev/}a3
+fi
+
+
# 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
swap_end=$(( $(grep ^MemTotal: /proc/meminfo| awk '{print $2}') * 3/(${#letters[@]} * 2 ) / 1000 + boot_end ))MiB
+shopt -s nullglob
if $repartition; then
mkdir -p /tmp/fai
- for letter in ${letters[@]}; do
- dev=$d$letter
- devs+=($dev)
- [[ -e $dev[0-9] ]] && for x in $dev[0-9]; do wipefs -a $x; done
+ for dev in ${devs[@]}; do
+ for x in /dev/md*; do [[ -d $x ]] || mdadm --stop $x; done
+ for x in $dev[0-9]; do wipefs -a $x; done
parted -s $dev mklabel gpt
# gpt ubuntu cloud image uses ~4. fai uses 1 MiB. ehh, i'll do 4.
+ # also, using MB instead of MiB causes complains about alignment.
parted -s $dev mkpart primary "ext3" 4MB ${boot_end}MiB
parted -s $dev set 1 boot on
parted -s $dev mkpart primary "linux-swap" ${boot_end}MiB $swap_end
sleep .1
mkfs.ext4 -F ${dev}1
done
- if ((${#devs[@]} > 1)); then
- crypt=md0
+ if md; then
yes | mdadm --create /dev/$crypt --level=raid0 --force --run \
- --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]]
- else
- crypt=${dev##/dev/}3
+ --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]]
fi
- head -c 2048 /dev/urandom | od > /tmp/fai/crypt_dev_$crypt
- yes YES | cryptsetup luksFormat /dev/$crypt /tmp/fai/crypt_dev_$crypt \
+
+ yes YES | cryptsetup luksFormat /dev/$crypt $luks_dir/host-$HOSTNAME \
-c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
- yes $(cat /var/lib/fai/config/distro-install-common/luks/traci) | \
+ yes $(cat $luks_dir/traci) | \
cryptsetup luksAddKey --key-file \
- /tmp/fai/crypt_dev_$crypt /dev/$crypt || [[ $? == 141 ]]
+ $luks_dir/host-$HOSTNAME /dev/$crypt || [[ $? == 141 ]]
# this would remove the keyfile. we will do that manually later.
# yes 'test' | cryptsetup luksRemoveKey /dev/... \
# /key/file || [[ $? == 141 ]]
cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt --key-file \
- /tmp/fai/crypt_dev_$crypt
+ $luks_dir/host-$HOSTNAME
parted ${devs[0]} set 1 boot on
mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt
mount /dev/mapper/crypt_dev_$crypt /mnt
cd /
umount /mnt
else
- /var/lib/fai/config/distro-install-common/reset-btrfs-root
+ for dev in ${devs[@]}; do
+ mkfs.ext4 -F ${dev}1
+ done
+ yes $(cat $luks_dir/traci) | \
+ cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt || [[ $? == 141 ]]
+ sleep 1
+ mount -o subvolid=0 /dev/mapper/crypt_dev_$crypt /mnt
+ # systemd creates subvolumes we want to delete.
+ s=($(btrfs subvolume list --sort=-path /mnt |
+ sed -rn 's#^.*path\s*(root/\S+)\s*$#\1#p'))
+ for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done
+ btrfs subvolume set-default 0 /mnt
+ btrfs subvolume delete /mnt/root
+ btrfs subvolume create /mnt/root
+ btrfs subvolume set-default $(btrfs subvolume list /mnt | grep 'root$' | awk '{print $2}') /mnt
+ umount /mnt
fi
cat > /tmp/fai/crypttab <<EOF