From 20b531449709f1e4961568ebc684d06bc99aa01c Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 25 Mar 2026 13:08:38 -0400 Subject: [PATCH] minor improvements --- fai/config/hooks/partition.DEFAULT | 38 ++++++++++++++++++------------ fai/config/scripts/DEBIAN/11-iank | 6 +++++ 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 522285f..9cbebfe 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -49,8 +49,6 @@ cat /tmp/fai/fstab >>/etc/fstab mapfile -t lines < <(awk '! /swap/ {print $2,$1}' /tmp/fai/crypttab ) for l in "${lines[@]}"; do cryptsetup luksOpen $l; done -# or alternatively, to avoid typing it many times: -read -r lukspw; for l in "${lines[@]}"; do yes "$lukspw" | cryptsetup luksOpen $l; done potentially useful later: sed 's#/root/keyscript,#decrypt_keyctl,#;s/$/,noauto/' /tmp/fai/crypttab >/etc/crypttab @@ -62,6 +60,8 @@ Options -d Create data partition instead of root partition. Meant for use with -s. It creates a single lvm pv/vg/lv called "data". +-k Exit after wiping one disk. Created this to fix an lvm naming conflict. + -m Create root/data partition with maximum size instead of the 1tb limit. Meant for use with -s. -s SPECIAL_DISK For use outside of fai. A base disk name like @@ -147,9 +147,10 @@ fi skip_o=false data_part=false +wipe_only=false max_size=false do_special_disk_prompt=true -temp=$(getopt -l help hc:dms:w:y "$@") || usage 1 +temp=$(getopt -l help hc:dkms:w:y "$@") || usage 1 eval set -- "$temp" while true; do case $1 in @@ -165,6 +166,7 @@ while true; do data_part=true skip_o=true ;; + -k) wipe_only=true ;; -m) max_size=true ;; -s) special_disk="$2"; shift ;; -w) swap_mib="$2"; shift ;; @@ -297,16 +299,17 @@ getluks() { # # note, corresponding changes in /b/ds/keyscript-{on,off} if ifclass demohost; then - lukspw=x + luks_file2=/tmp/luks_file2 + echo -n x >$luks_file2 elif [[ -e $luks_dir/$HOSTNAME ]]; then - lukspw=$(cat $luks_dir/$HOSTNAME) + luks_file2=$luks_dir/$HOSTNAME else - lukspw=$(cat $luks_dir/iank) + luks_file2=$luks_dir/iank fi if $mkroot2; then luks_file=$luks_dir/host-amy - lukspw=$(cat $luks_dir/amy) + luks_file2=$luks_dir/amy fi } @@ -339,14 +342,15 @@ luks-setup() { # https://wiki.archlinux.org/title/Advanced_Format#NVMe_solid_state_drives # and if sector arg was not given, that can be fixed. First, check that it is 1mib aligned, # eg. parted -m /dev/mapper/crypt-vgnvme-WD_BLACK_SN850X_8000GB_245244802091-root unit MiB print - # Then cryptsetup reencrypt --sector-size 4096 device - if [[ $luksdev == *nvme* ]]; then - sector_arg="--sector-size 4096" + # Then cryptsetup reencrypt --sector-size 4096 device. + # -s 256 because according to cryptsetup benchmark, it gives + # us about 9% faster encryption on the cpu. Default is 512. + # tm_d4_ssd is a usb nvme device. + if [[ ${luksdev,,} == *nvme* || ${luksdev,,} == tm_d4_ssd ]]; then + sector_arg="--sector-size 4096 -s 256" fi - yes YES | cryptsetup luksFormat $sector_arg $luksdev $luks_file || [[ $? == 141 ]] - yes "$lukspw" | \ - cryptsetup luksAddKey --key-file $luks_file \ - $luksdev || [[ $? == 141 ]] + cryptsetup luksFormat -q $sector_arg $luksdev $luks_file + cryptsetup luksAddKey --key-file $luks_file $luksdev $luks_file2 # background: Keyfile and password are treated just # like 2 ways to input a passphrase, so we don't actually need to have # different contents of keyfile and passphrase, but it makes some @@ -1038,6 +1042,10 @@ if $partition; then lvmwipe "${short_devs[@]}" devwipe "${devs[@]}" fi + if $wipe_only; then + echo "Got -k & wipe is finished so exiting" + exit 0 + fi ### end wipefs @@ -1243,7 +1251,7 @@ if $partition; then mkdir /mnt/nocow/{t,user} if ! $skip_o; then - bpart ${o_devs[@]} + bpart ${o_devs[@]} fi fi bpart ${boot_devs[@]} diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank index 37915bd..899dcd3 100755 --- a/fai/config/scripts/DEBIAN/11-iank +++ b/fai/config/scripts/DEBIAN/11-iank @@ -111,6 +111,12 @@ EOFOUTER cmdline_extra="$d16_cmdline $fsf_cmdline_extra" +if [[ $HOSTNAME == frodo ]]; then + # doing an lvremove on a 5tb partition lead to a bunch of discard + # timeouts. randomish big value here made that go away. milliseconds. + cmdline_extra+=" mitigations=off nvme_core.io_timeout=190000" +fi + # luks options, see man systemd-cryptsetup-generator # all i know is that with luks.crypttab=no, swap still timed out on boot. # and with rd.luks.crypttab=no, it works. -- 2.30.2