From 54bb7f0a4160d995d7d7f8500495922f9f37d2b7 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 16 Jan 2016 23:56:48 -0800
Subject: [PATCH] working raid + luks + btrfs disk setup
---
fai/config/disk_config/demohost | 11 ---
fai/config/hooks/extrbase.demohost | 3 +
fai/config/hooks/instsoft.demohost | 11 +++
fai/config/hooks/partition.demohost | 104 ++++++++++++++++++++++++++++
4 files changed, 118 insertions(+), 11 deletions(-)
delete mode 100644 fai/config/disk_config/demohost
create mode 100755 fai/config/hooks/extrbase.demohost
create mode 100755 fai/config/hooks/instsoft.demohost
create mode 100755 fai/config/hooks/partition.demohost
diff --git a/fai/config/disk_config/demohost b/fai/config/disk_config/demohost
deleted file mode 100644
index 38e0f6f..0000000
--- a/fai/config/disk_config/demohost
+++ /dev/null
@@ -1,11 +0,0 @@
-disk_config vda
-primary - 20GiB - -
-primary - 4GiB - -
-
-disk_config vdb
-primary - 20GiB - -
-primary - 4GiB - -
-
-disk_config raid
-raid1 / vda1,vdb1 ext3 rw
-raid1 swap vda2,vdb2 swap sw
diff --git a/fai/config/hooks/extrbase.demohost b/fai/config/hooks/extrbase.demohost
new file mode 100755
index 0000000..3f5e25c
--- /dev/null
+++ b/fai/config/hooks/extrbase.demohost
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+chattr -Rf +C /target
diff --git a/fai/config/hooks/instsoft.demohost b/fai/config/hooks/instsoft.demohost
new file mode 100755
index 0000000..f0f1bc2
--- /dev/null
+++ b/fai/config/hooks/instsoft.demohost
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+f=$target/root/keyscript
+cat > $f <<EOFOUTER
+#!/bin/sh
+cat <<'EOF'
+$(cat /tmp/fai/crypt_dev_*)
+EOF
+EOFOUTER
+
+chmod +x $f
diff --git a/fai/config/hooks/partition.demohost b/fai/config/hooks/partition.demohost
new file mode 100755
index 0000000..7208465
--- /dev/null
+++ b/fai/config/hooks/partition.demohost
@@ -0,0 +1,104 @@
+#!/bin/bash -x
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+
+# # fai's setup-storage won't do btrfs on luks,
+# # so we do it ourself :)
+skiptask partition
+
+repartition=true
+
+letters=(a)
+
+if ifclass VM; then
+ d=/dev/vd
+ letters=(a b)
+else
+ d=/dev/sd
+fi
+
+
+boot_end=504
+
+! ifclass tp || letters=(a b)
+
+devs=()
+
+# 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
+swap_end=$(( $(grep ^MemTotal: /proc/meminfo| awk '{print $2}') * 3/(${#letters[@]} * 2 ) / 1000 + boot_end ))MiB
+
+if $repartition; then
+ mkdir -p /tmp/fai
+ for letter in ${letters[@]}; do
+ dev=$d$letter
+ devs+=($dev)
+ [[ -e $dev[0-9] ]] && for x in $dev[0-9]; do wipefs -a $x; done
+ parted -s $dev mklabel gpt
+ # gpt ubuntu cloud image uses ~4. fai uses 1 MiB. ehh, i'll do 4.
+ parted -s $dev mkpart primary "ext3" 4MB ${boot_end}MiB
+ parted -s $dev set 1 boot on
+ parted -s $dev mkpart primary "linux-swap" ${boot_end}MiB $swap_end
+ parted -s -- $dev mkpart primary "" $swap_end -0
+ parted -s $dev set 3 raid on
+ parted -s $dev mkpart primary "" 1MiB 4MiB
+ parted -s $dev set 4 bios_grub on
+ # the mkfs failed randomly on a vm, so I threw a sleep in here.
+ sleep .1
+ mkfs.ext4 -F ${dev}1
+ done
+ if ((${#devs[@]} > 1)); then
+ crypt=md0
+ yes | mdadm --create /dev/$crypt --level=raid0 --force --run \
+ --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]]
+ else
+ crypt=${dev##/dev/}3
+ fi
+ head -c 2048 /dev/urandom | od > /tmp/fai/crypt_dev_$crypt
+ yes YES | cryptsetup luksFormat /dev/$crypt /tmp/fai/crypt_dev_$crypt \
+ -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+ yes $(cat /var/lib/fai/config/distro-install-common/luks/traci) | \
+ cryptsetup luksAddKey --key-file \
+ /tmp/fai/crypt_dev_$crypt /dev/$crypt || [[ $? == 141 ]]
+ # this would remove the keyfile. we will do that manually later.
+ # yes 'test' | cryptsetup luksRemoveKey /dev/... \
+ # /key/file || [[ $? == 141 ]]
+ cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt --key-file \
+ /tmp/fai/crypt_dev_$crypt
+ parted ${devs[0]} set 1 boot on
+ mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt
+ mount /dev/mapper/crypt_dev_$crypt /mnt
+ cd /mnt
+ btrfs subvolume create a
+ btrfs subvolume create root
+ btrfs subvolume set-default $(btrfs subvolume list . | grep 'root$' | awk '{print $2}') .
+ cd /
+ umount /mnt
+else
+ /var/lib/fai/config/distro-install-common/reset-btrfs-root
+fi
+
+cat > /tmp/fai/crypttab <<EOF
+crypt_dev_$crypt /dev/$crypt none keyscript=/root/keyscript,discard,luks
+EOF
+
+for dev in ${devs[@]}; do
+ cat >> /tmp/fai/crypttab <<EOF
+swap ${dev}2 /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
+EOF
+done
+
+# this is duplicated in arch-init
+cat > /tmp/fai/fstab <<EOF
+/dev/mapper/crypt_dev_$crypt / btrfs noatime,subvol=/root 0 0
+/dev/mapper/crypt_dev_$crypt /a btrfs noatime,subvol=/a 0 0
+${devs[0]}1 /boot ext4 noatime 0 2
+EOF
+
+
+cat >/tmp/fai/disk_var.sh <<EOF
+ROOT_PARTITION=\${ROOT_PARTITION:-/dev/mapper/crypt_dev_$crypt}
+BOOT_PARTITION=\${BOOT_PARTITION:-${devs[0]}1}
+BOOT_DEVICE=\${BOOT_DEVICE:-"${devs[0]}"}
+SWAPLIST=\${SWAPLIST:-"${devs[@]/%/2}"}
+EOF
--
2.30.2