X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fhooks%2Fpartition.DEFAULT;h=11a7ee51f57839a01d04bc1436601b0c4e310d7b;hb=HEAD;hp=e953cf19a238381fb3b9c107396e5fe961043667;hpb=14f283f82afc48d6cec1bb7498ec34ac2b0da77c;p=automated-distro-installer

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index e953cf1..530a34d 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -27,7 +27,6 @@ if [[ $EUID != 0 ]]; then
 fi
 
 # for calling outside of FAI without args:
-# fai-redep
 #
 # source /b/fai/fai-wrapper
 # - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true...
@@ -43,7 +42,7 @@ fi
 # happen to already be setup.
 #
 # mktab: for running outside of fai and generating a crypttab for
-# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelnabia.
+# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelaramo.
 #
 # Example use in a bootstrap distro:
 # scp /a/bin/fai/fai/config/{distro-install-common/devbyid,hooks/partition.DEFAULT} root@HOST:
@@ -61,9 +60,8 @@ fi
 #
 # environment variables:
 #
-# HOSTNAME: if frodo, we exclude 2 devices from the /boot array, which
-# the bios does not see. if demohost, we set the luks password to just
-# 'x'.
+# HOSTNAME: if demohost, we set the luks password to just
+# 'x'. Used in various other ways too.
 #
 # SPECIAL_DISK: For use outside of fai. A base disk name like
 # /dev/sdk. If set, we just cryptsetup and partition this one disk then
@@ -122,6 +120,11 @@ if [[ $1 ]]; then
   esac
 fi
 
+if [[ ! $SPECIAL_DISK ]] && ! $mkroot2 && ! $mkroot2tab && ! $mktab \
+     && ! ifclass IANK && ! ifclass FSF; then
+  echo $0: error: need class IANK or FSF or SPECIAL_DISK for running in fai
+fi
+
 
 if [[ $SPECIAL_DISK ]]; then
   export CLASS_REPARTITION=true
@@ -163,8 +166,6 @@ fi
 #  boot
 
 
-
-
 ##### end configuration
 
 ##### begin function defs
@@ -179,7 +180,7 @@ bpart() { # btrfs a partition
 
 zilap() {
   case $HOSTNAME in
-    sy|bo)
+    sy|bo|so)
       return 0
       ;;
   esac
@@ -271,7 +272,7 @@ mktab() {
   dev=${boot_devs[0]}
   fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"
 
-  if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+  if [[ $DISTRO == *_bootstrap ]]; then
     cat > /tmp/fai/fstab <<EOF
 $first_boot_dev  /  btrfs  noatime,subvol=$boot_vol  0 0
 $first_efi  /boot/efi  vfat          nofail,$fstabstd  0 0
@@ -289,11 +290,17 @@ $first_boot_dev  /boot  btrfs        nofail,$fstabstd,noatime,subvol=$boot_vol
 $first_efi  /boot/efi  vfat          nofail,$fstabstd  0 0
 $first_boot_dev  /mnt/boot  btrfs    nofail,$fstabstd,noatime,subvolid=0  0 0
 EOF
+    if ! fsf; then
+      cat >> /tmp/fai/fstab <<EOF
+/dev/mapper/crypt-${vgs[0]}-o  /mnt/o  btrfs       nofail,$fstabstd,noatime,subvolid=0$mopts  0 0
+EOF
+    fi
     rm -f /tmp/fai/crypttab
     for vg in ${vgs[@]}; do
       if ! fsf; then
         cat >>/tmp/fai/crypttab <<EOF
 crypt-$vg-root /dev/$vg/root  none  keyscript=/root/keyscript,discard,luks,initramfs
+crypt-$vg-o    /dev/$vg/o     none  keyscript=/root/keyscript,discard,luks,initramfs
 crypt-$vg-swap /dev/$vg/swap  /dev/urandom  swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
 EOF
       fi
@@ -321,14 +328,35 @@ ROOT_PARTITION=\${ROOT_PARTITION:-$first_root_dev}
 SWAPLIST=\${SWAPLIST:-"${swap_devs[@]}"}
 EOF
 
+    if [[ $HOSTNAME == frodo ]]; then
+      big_disks=(
+        ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1
+        ata-Hitachi_HDS722020ALA330_JK1121YAG7SY4S-part1
+        ata-Hitachi_HDS723030ALA640_MK0311YHG2WUSA-part1
+        ata-ST4000DM000-1F2168_Z300AZ6K-part1
+        ata-ST6000DM001-1XY17Z_Z4D2WMZK-part1
+        ata-TOSHIBA_MD04ACA500_8539K4TQFS9A-part1
+        ata-TOSHIBA_MD04ACA500_85NAK4T2FS9A-part1
+        ata-TOSHIBA_MD04ACA500_9551K615FS9A-part1
+        ata-TOSHIBA_MD04ACA500_Y5IFK6IJFS9A-part1
+      )
+      for d in ${big_disks[@]}; do
+        cat >>/tmp/fai/crypttab <<EOF
+crypt_dev_$d  /dev/disk/by-id/$d  /mnt/root/q/root/luks/iank  discard,luks
+EOF
+      done
+      cat >> /tmp/fai/fstab <<EOF
+/dev/mapper/crypt_dev_${big_disks[0]}  /mnt/i  btrfs  nofail,$fstabstd,noatime,subvolid=0  0 0
+EOF
+    fi
     if [[ $HOSTNAME == kd ]]; then
       # note, having these with keyscript and initramfs causes a luks error in fai.log,
       # but it is safely ignorable and gets us the ability to just type our password
       # in once at boot. A downside is that they are probably needed to be plugged in to boot.
       cat >>/tmp/fai/crypttab <<EOF
-crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf}  none  keyscript=decrypt_keyctl,discard,luks,initramfs
-crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1  none  keyscript=decrypt_keyctl,discard,luks,initramfs
-crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1  none  keyscript=decrypt_keyctl,discard,luks,initramfs
+crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf}  /mnt/root/q/root/luks/iank  discard,luks
+crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1  /mnt/root/q/root/luks/iank  discard,luks
+crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1  /mnt/root/q/root/luks/iank  discard,luks
 EOF
       cat >> /tmp/fai/fstab <<EOF
 # r7 = root partition7. it isnt actually #7 anymore, not a great name, but whatever
@@ -347,6 +375,7 @@ EOF
 # todo: update for lvm
 doroot2() {
 
+
   # We write to these files instead of just /etc/fstab, /etc/crypttab,
   # because these are filesystems created after our current root, and so
   # this allows us to update other root filesystems too.
@@ -355,10 +384,16 @@ doroot2() {
     echo $0: error: found partition=true but have mkroot2 arg
     exit 1
   fi
+
+
   root2_devs=()
   for vg in ${vgs[@]}; do
+
+
     root2_devs+=(/dev/mapper/crypt-$vg-root2)
-      if $mkroot2; then
+    if $mkroot2; then
+      lvcreate -y -L $root2_part_mib $vg -n root2
+      lvcreate -y -L $boot2_part_mib $vg -n boot2
       luks-setup /dev/$vg/root2 crypt-$vg-root2
     fi
     cat >>/mnt/root/root2-crypttab <<EOF
@@ -382,6 +417,8 @@ EOF
 
 
 ##### begin variable setup
+
+
 partition=false
 if ifclass REPARTITION; then
   partition=true # force a full wipe
@@ -452,24 +489,27 @@ fi
 
 pvn=1
 
+bootn=2
+
 # rootn=1
 # root2n=2
 # swapn=3
 # bootn=4
 # boot2n=5
 
-efin=2
+efin=3
 # ext partition so grub can write persistent variables,
 # so it can do a one time boot. grub can't write to
 # btrfs or any cow fs because it's more
 # more complicated to do and they don't want to.
-grub_extn=3
+grub_extn=4
 # bios boot partition,
 # https://wiki.archlinux.org/index.php/GRUB
-bios_grubn=4
+bios_grubn=5
 # for an even raid (raid 1), when one disk is bigger, this partition goes on the big disk
-even_bign=5
-lastn=$even_bign
+even_bign=6
+# even_bign only exists in some cases
+lastn=$bios_grubn
 # check if the partitions exist have the right filesystems
 #blkid="$(blkid -s TYPE)"
 for dev in ${short_devs[@]}; do
@@ -490,13 +530,18 @@ done
 
 if $partition && ifclass PARTITION_PROMPT; then
   echo "Press any key except ctrl-c to continue and partition these drives:"
-  echo "  ${short_devs[*]}"
+  if [[ $SPECIAL_DISK ]]; then
+    echo $SPECIAL_DISK
+  else
+    echo "  ${short_devs[*]}"
+  fi
   read -r
 fi
 
 devs=()
 vgs=()
 root_devs=()
+o_devs=()
 swap_devs=()
 shopt -s extglob
 partsuffix=-part
@@ -511,28 +556,33 @@ for short_dev in ${short_devs[@]}; do
 
   dname=${dev##*/}
   vg=vg$dname
+  vg=${vg//:/}
   vgs+=("$vg")
   devs+=("$dev")
   if fsf; then
     root_devs+=(/dev/$vg/root)
     swap_devs+=(/dev/$vg/swap)
   else
+    o_devs+=(/dev/mapper/crypt-$vg-o)
     root_devs+=(/dev/mapper/crypt-$vg-root)
     swap_devs+=(/dev/mapper/crypt-$vg-swap)
   fi
 done
 first_root_dev=${root_devs[0]}
-if [[ ! ${devs[0]} ]]; then
+if [[ ! $SPECIAL_DISK && ! ${devs[0]} ]]; then
   echo "$0: error: failed to detect devs" >&2
   exit 1
 fi
 
 
-
 pvsuf=$partsuffix$pvn
+bootsuf=$partsuffix$bootn
 efisuf=$partsuffix$efin
 grub_extsuf=$partsuffix$grub_extn
-bios_grubsuf=$partsuffix$bios_grubn
+# We dont do anything with this partition here, so this
+# is be unused, but left as a comment for completing the pattern
+# of all the suffixes.
+#bios_grubsuf=$partsuffix$bios_grubn
 even_bigsuf=$partsuffix$even_bign
 
 
@@ -542,6 +592,7 @@ boot_devs=()
 boot2_devs=()
 for dev in ${devs[@]}; do
   vg=vg${dev##*/}
+  vg=${vg//:/}
   # I ran into a machine (frodo) where the bios doesn't know about some disks,
   # so 1st stage of grub also doesn't know about them.
   # Also, grub does not support mounting degraded btrfs as far as
@@ -568,7 +619,7 @@ for dev in ${devs[@]}; do
   if $bad_disk; then
     continue
   fi
-  boot_devs+=(/dev/$vg/boot)
+  boot_devs+=($dev$bootsuf)
   boot2_devs+=(/dev/$vg/boot2)
   boot_space=$(( boot_space + $(parted -m $dev unit MiB print | \
                                   sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
@@ -607,7 +658,7 @@ case $raid_level in
   1c3) boot_space=$(( boot_space / 3 )) ;;
 esac
 if fsf; then
-  boot_mib=4000
+  boot_mib=6000
 elif (( boot_space > 900000 )); then
   # this is larger than needed for several /boot subvols,
   # becuase I keep a minimal debian install on it for
@@ -631,17 +682,19 @@ fi
 boot_part_mib=$(( boot_mib * raid_duplication / ${#boot_devs[@]} ))
 
 if zilap; then
-  boot2_part_mib=0
-  root2_part_mib=0
-else
   boot2_part_mib=$(( boot2_mib * raid_duplication / ${#boot_devs[@]}  ))
   root2_part_mib=$(( root2_mib * raid_duplication / ${#root_devs[@]}  ))
+else
+  boot2_part_mib=0
+  root2_part_mib=0
 fi
 ### end calculate boot partition space
 
 
 if [[ ! $DISTRO ]]; then
-  if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+  if ifclass VOL_BOOKWORM_BOOTSTRAP; then
+    DISTRO=debianbookworm_bootstrap
+  elif ifclass VOL_BULLSEYE_BOOTSTRAP; then
     DISTRO=debianbullseye_bootstrap
   elif ifclass VOL_STRETCH; then
     DISTRO=debianstretch
@@ -677,7 +730,7 @@ if [[ ! $DISTRO ]]; then
   fi
 fi
 
-if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+if [[ $DISTRO == *_bootstrap ]]; then
   # this is just convenience for the libreboot_grub config
   # so we can glob the other ones easier.
   boot_vol=$DISTRO
@@ -713,16 +766,41 @@ fi
 if $partition; then
   ### begin wipefs
   if [[ ! $SPECIAL_DISK ]]; then
-    for lv in $(lvs --noheadings -o lv_path); do
-      wipefs -a $lv
+
+    # we do lvm removals just for the disks we are using
+    pv_wipes=()
+    vg_wipes=()
+    declare -A vg_map
+    pv_devs=$(pvs --noheadings -o pvname)
+    for pv_dev in $pv_devs; do
+      for short_dev in ${short_devs[@]}; do
+        if [[ $pv_dev == $short_dev* ]]; then
+          pv_wipes+=($pv_dev)
+          vgs_of_pv=$(pvs --noheadings -o vgname $pv_dev)
+          for vg in $vgs_of_pv; do
+            if [[ ${vg_map[$vg]} ]]; then
+              continue
+            fi
+            vg_map[$vg]=t
+            vg_wipes+=($vg)
+            lvs=$(vgs --noheadings -o lv_path $vg)
+            for lv in $lvs; do
+              wipefs -a $lv
+            done
+          done
+        fi
+      done
     done
-    for vg in $(vgs --noheadings -o vgname); do
+
+    for vg in ${vg_wipes[@]}; do
       vgchange -an $vg
       vgremove -ff $vg
     done
-    for pv in $(pvs --noheadings -o pvname); do
+
+    for pv in ${pv_wipes[@]}; do
       pvremove -ff $pv
     done
+
     for dev in ${devs[@]}; do
       # if we repartition to the same as an old partition,
       # we don't want any old fses hanging around.
@@ -731,7 +809,10 @@ if $partition; then
       while ! wipefs -a $dev; do
         sleep 2
         count_down=$((count_down - 1))
-        (( count_down > 0 )) || exit 1
+        if (( count_down <= 0 )); then
+          echo "$0: wipefs failed 10 times. exiting" >&2
+          exit 1
+        fi
       done
     done
   fi
@@ -757,11 +838,12 @@ if $partition; then
     fi
   fi
 
+  if [[ $SPECIAL_DISK ]]; then
+    devs=($(devbyid $SPECIAL_DISK))
+  fi
   for dev in ${devs[@]}; do
     vg=vg${dev##*/}
-    if [[ $SPECIAL_DISK ]]; then
-      dev=$(devbyid $SPECIAL_DISK)
-    fi
+    vg=${vg//:/}
 
     # parted will round up the disk size. Do -1 so we can have
     # fully 1MiB unit partitions for easy resizing of the last partition.
@@ -778,33 +860,62 @@ if $partition; then
     # MiB because parted complains about alignment otherwise.
     pcmd="parted -a optimal -s -- $dev"
     # main lvm partition
-    $pcmd mkpart primary ext3 524MiB ${disk_mib}MiB
+
+    pv_end=$(( disk_mib - boot_part_mib ))
+    $pcmd mkpart primary ext3 524MiB ${pv_end}MiB
     $pcmd name $pvn pv
 
-    pvcreate -y $dev$pvsuf
-    vgcreate -y $vg $dev$pvsuf
+    #   + 794 pvcreate -y /dev/disk/by-id/ata-ST4000DM000-1F2168_Z3028BKA-part1
+    # WARNING: Device /dev/sde1 not initialized in udev database even after waiting 10000000 microseconds.
+    # No device found for /dev/disk/by-id/ata-ST4000DM000-1F2168_Z3028BKA-part1.
+    # sleep 10 was not enough.
+    secs=0
+    while [[ ! -e $dev$pvsuf ]] && (( secs < 40 )); do
+      sleep 1
+      secs=$((secs +1))
+    done
+    sleep 3
+    pvcreate -y -ff $dev$pvsuf
+    vgcreate -y -ff $vg $dev$pvsuf
 
     if fsf; then
       root_mib=40000
+    elif ifclass demohost; then
+      # just randomish numbers that seem ok for testing.
+      root_mib=25000
+      o_mib=1000
     else
+      # This would maximize it, but we are going for a separate filesystem in /o,
+      # so use fixed sizes to allow both to grow
       # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
-      root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
+      #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
+      o_mib=$(( 180 * 1000 ))
+      # max minus o, minus a gig just for some extra space
+      max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
+      root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
+      if (( max_root_mib < root_mib )); then
+        root_mib=$max_root_mib
+      fi
     fi
 
-    # -L unit default mebibyte
-    lvcreate -y -L $root_mib $vg -n root
-    lvcreate -y -L $swap_mib $vg -n swap
-    # unencrypted swap needs mkswap
-    if fsf; then
-      mkswap /dev/$vg/swap
+    if [[ $SPECIAL_DISK ]]; then
+      lvcreate -y -L $max_root_mib $vg -n data
+    else
+      # -L unit default mebibyte
+      lvcreate -y -L $root_mib $vg -n root
+      if ! fsf; then
+        lvcreate -y -L $o_mib $vg -n o
+      fi
+      lvcreate -y -L $swap_mib $vg -n swap
+      # unencrypted swap needs mkswap
+      if fsf; then
+        mkswap /dev/$vg/swap
+      fi
     fi
-    lvcreate -y -L $boot_part_mib $vg -n boot
 
-    if zilap; then
-      # todo: now that we are using lvm, this doesnt need to be done until mkroot2
-      lvcreate -y -L $root2_part_mib $vg -n root2
-      lvcreate -y -L $boot2_part_mib $vg -n boot2
-    fi
+    $pcmd mkpart primary "" ${pv_end}MiB ${disk_mib}MiB
+    $pcmd name $bootn boot
+    $pcmd set $bootn boot on
 
     # uefi partition, for normal bios systems, its just in case.
     $pcmd mkpart primary "fat32" 12MiB 524MiB
@@ -844,7 +955,7 @@ if $partition; then
     # but then couldn't be found upon reboot. In that case we didn't
     # wait at all. So I've added a 3 second minimum wait.
     secs=0
-    while [[ ! -e $dev$bios_grubsuf ]] && (( secs < 10 )); do
+    while [[ ! -e $dev$efisuf ]] && (( secs < 40 )); do
       sleep 1
       secs=$((secs +1))
     done
@@ -853,8 +964,8 @@ if $partition; then
     mkfs.fat -F32 $dev$efisuf
 
     if ! fsf && $even_big_part  && [[ $dev == "$even_big_dev" ]]; then
-      luks-setup $even_big_dev ${even_big_dev##*/}
-      mkfs.btrfs -f /dev/mapper/${even_big_dev##*/}
+      luks-setup $even_big_dev$even_bigsuf ${even_big_dev##*/}$even_bigsuf
+      mkfs.btrfs -f /dev/mapper/${even_big_dev##*/}$even_bigsuf
     fi
 
     # Holds just a single file, rarely written, so
@@ -867,23 +978,29 @@ if $partition; then
     # into ipxe which can't persist data, if we ever got that working.
     mkfs.ext2 $dev$grub_extsuf
 
+    if [[ $SPECIAL_DISK ]]; then
+      luks-setup /dev/$vg/data crypt-$vg-data
+      exit 0
+    fi
+
     # for fsf, no encryption of root because root will not contain any
     # sensitive data.
     if ! fsf; then
       luks-setup /dev/$vg/root crypt-$vg-root
+      luks-setup /dev/$vg/o crypt-$vg-o
     fi
 
-    if [[ $SPECIAL_DISK ]]; then
-      exit 0
-    fi
   done
   ls -la /dev/btrfs-control # this was probably for debugging...
   sleep 1
 
   bpart ${root_devs[@]}
+  if ! fsf; then
+    bpart ${o_devs[@]}
+  fi
   bpart ${boot_devs[@]}
 
-else ## above: if $partition ##
+else ## end if $partition ##
 
   if ! fsf; then
     for vg in ${vgs[@]}; do
@@ -893,7 +1010,9 @@ else ## above: if $partition ##
       if $rerootfs; then
         luks-setup /dev/$vg/root crypt-$vg-root
       else
-        cryptsetup luksOpen /dev/$vg/root $vg-root \
+        cryptsetup luksOpen /dev/$vg/root crypt-$vg-root \
+                   --key-file $luks_file
+        cryptsetup luksOpen /dev/$vg/o crypt-$vg-o \
                    --key-file $luks_file
       fi
     done
@@ -907,7 +1026,7 @@ else ## above: if $partition ##
 fi
 
 
-if $wipe && [[ $DISTRO != debianbullseye_bootstrap ]]; then
+if $wipe && [[ $DISTRO != *_bootstrap ]]; then
   # bootstrap distro doesn't use separate encrypted root.
   mount -o subvolid=0 ${root_devs[0]} /mnt
   # systemd creates subvolumes we want to delete.
@@ -945,7 +1064,8 @@ btrfs subvolume set-default 0 /mnt # already default, just ensuring it.
 
 # for libreboot systems. grub2 only reads from subvolid=0
 mkdir -p /mnt/grub2
-# todo: this probably needs updating for our lvm transition
+# todo: this would need some rework if we moved boot into
+# lvm.
 cp $FAI/distro-install-common/libreboot_grub.cfg /mnt/grub2
 
 if $wipe && [[ -e /mnt/$boot_vol ]]; then