From 54bb7f0a4160d995d7d7f8500495922f9f37d2b7 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sat, 16 Jan 2016 23:56:48 -0800 Subject: [PATCH] working raid + luks + btrfs disk setup --- fai/config/disk_config/demohost | 11 --- fai/config/hooks/extrbase.demohost | 3 + fai/config/hooks/instsoft.demohost | 11 +++ fai/config/hooks/partition.demohost | 104 ++++++++++++++++++++++++++++ 4 files changed, 118 insertions(+), 11 deletions(-) delete mode 100644 fai/config/disk_config/demohost create mode 100755 fai/config/hooks/extrbase.demohost create mode 100755 fai/config/hooks/instsoft.demohost create mode 100755 fai/config/hooks/partition.demohost diff --git a/fai/config/disk_config/demohost b/fai/config/disk_config/demohost deleted file mode 100644 index 38e0f6f..0000000 --- a/fai/config/disk_config/demohost +++ /dev/null @@ -1,11 +0,0 @@ -disk_config vda -primary - 20GiB - - -primary - 4GiB - - - -disk_config vdb -primary - 20GiB - - -primary - 4GiB - - - -disk_config raid -raid1 / vda1,vdb1 ext3 rw -raid1 swap vda2,vdb2 swap sw diff --git a/fai/config/hooks/extrbase.demohost b/fai/config/hooks/extrbase.demohost new file mode 100755 index 0000000..3f5e25c --- /dev/null +++ b/fai/config/hooks/extrbase.demohost @@ -0,0 +1,3 @@ +#!/bin/bash + +chattr -Rf +C /target diff --git a/fai/config/hooks/instsoft.demohost b/fai/config/hooks/instsoft.demohost new file mode 100755 index 0000000..f0f1bc2 --- /dev/null +++ b/fai/config/hooks/instsoft.demohost @@ -0,0 +1,11 @@ +#!/bin/bash + +f=$target/root/keyscript +cat > $f < 1)); then + crypt=md0 + yes | mdadm --create /dev/$crypt --level=raid0 --force --run \ + --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]] + else + crypt=${dev##/dev/}3 + fi + head -c 2048 /dev/urandom | od > /tmp/fai/crypt_dev_$crypt + yes YES | cryptsetup luksFormat /dev/$crypt /tmp/fai/crypt_dev_$crypt \ + -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]] + yes $(cat /var/lib/fai/config/distro-install-common/luks/traci) | \ + cryptsetup luksAddKey --key-file \ + /tmp/fai/crypt_dev_$crypt /dev/$crypt || [[ $? == 141 ]] + # this would remove the keyfile. we will do that manually later. + # yes 'test' | cryptsetup luksRemoveKey /dev/... \ + # /key/file || [[ $? == 141 ]] + cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt --key-file \ + /tmp/fai/crypt_dev_$crypt + parted ${devs[0]} set 1 boot on + mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt + mount /dev/mapper/crypt_dev_$crypt /mnt + cd /mnt + btrfs subvolume create a + btrfs subvolume create root + btrfs subvolume set-default $(btrfs subvolume list . | grep 'root$' | awk '{print $2}') . + cd / + umount /mnt +else + /var/lib/fai/config/distro-install-common/reset-btrfs-root +fi + +cat > /tmp/fai/crypttab <> /tmp/fai/crypttab < /tmp/fai/fstab </tmp/fai/disk_var.sh <