- # gpt ubuntu cloud image uses ~4. fai uses 1 MiB. ehh, i'll do 4.
- # also, using MB instead of MiB causes complains about alignment.
- parted -s $dev mkpart primary "ext3" 4MB ${boot_end}MiB
- parted -s $dev set 1 boot on
- parted -s $dev mkpart primary "linux-swap" ${boot_end}MiB $swap_end
- parted -s -- $dev mkpart primary "" $swap_end -0
- parted -s $dev set 3 raid on
- parted -s $dev mkpart primary "" 1MiB 4MiB
- parted -s $dev set 4 bios_grub on
- # the mkfs failed randomly on a vm, so I threw a sleep in here.
- sleep .1
- mkfs.ext4 -F ${dev}1
- done
- if md; then
- yes | mdadm --create /dev/$crypt --level=raid0 --force --run \
- --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]]
- fi
+ # MiB because parted complains about alignment otherwise.
+ pcmd="parted -a optimal -s -- $dev"
+ $pcmd mkpart primary ext3 12MiB ${root_end}MiB
+ # without naming, systemd gives us misc errors like:
+ # dev-disk-by\x2dpartlabel-primary.device: Dev dev-disk-by\x2dpartlabel-primary.device appeared twice
+ $pcmd name $rootn root
+ # normally a swap is type "linux-swap", but this is encrypted swap. using that
+ # label will confuse systemd.
+ $pcmd mkpart primary "" ${root_end}MiB ${swap_end}MiB
+ $pcmd name $swapn swap
+ $pcmd mkpart primary "" ${swap_end}MiB ${disk_mib}MiB
+ $pcmd name $bootn boot
+ # i only need a few k, but googling min size,
+ # I found someone saying that gparted required
+ # required at least 8 because of their hard drive cylinder size.
+ # And 8 is still very tiny.
+ $pcmd mkpart primary "ext2" 4MiB 12MiB
+ $pcmd name $grub_extn grubext
+ # gpt ubuntu cloud image uses ~4 mb for this partition. fai uses 1 MiB.
+ # so, I use 3, whatever.
+ # note: parted manual saying cheap flash media
+ # should to start at 4.
+ $pcmd mkpart primary "" 1MiB 4MiB
+ $pcmd name $bios_grubn biosgrub
+ $pcmd set $bios_grubn bios_grub on
+ $pcmd set $bootn boot on # generally not needed on modern systems
+ # the mkfs failed before on a vm, which prompted me to add
+ # sleep .1
+ # then it failed again on a physical machine
+ # with:
+ # Device /dev/disk/by-id/foo doesn't exist or access denied,
+ # so I added a wait until it existed.
+ # Then I added the mkfs.ext2, which claimed to succeed,
+ # but then couldn't be found upon reboot. In that case we didn't
+ # wait at all. So I've added a 3 second minimum wait.
+ sleep 3
+ secs=0
+ while [[ ! -e `rootdev` ]] && (( secs < 10 )); do
+ sleep 1
+ secs=$((secs +1))
+ done
+ # Holds just a single file, rarely written, so
+ # use ext2, like was often used for the /boot partition.
+ # This exists because grub can only persist data to a non-cow fs.
+ # And we use persisting a var in grub to do a one time boot.
+ # We could pass the data on the kernel command line and persist it
+ # to grubenv after booting, but that relies on the boot always succeeding.
+ # This is just a bit more robust, and it could work for booting
+ # into ipxe which can't persist data, if we ever got that working.
+ mkfs.ext2 `grub_extdev`
+ yes YES | cryptsetup luksFormat `rootdev` $luks_dir/host-$HOSTNAME \
+ -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+ yes "$lukspw" | \
+ cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
+ `rootdev` || [[ $? == 141 ]]
+ # background: Keyfile and password are treated just
+ # like 2 ways to input a passphrase, so we don't actually need to have
+ # different contents of keyfile and passphrase, but it makes some
+ # security sense to a really big randomly generated passphrase
+ # as much as possible, so we have both.
+ #
+ # This would remove the keyfile.
+ # yes 'test' | cryptsetup luksRemoveKey /dev/... \
+ # /key/file || [[ $? == 141 ]]