iankelling.org Git - automated-distro-installer/blob - fsf/create-vm-disk

   1 #!/bin/bash
   2 # Copyright (C) 2022 Ian Kelling
   3 # SPDX-License-Identifier: AGPL-3.0-or-later
   4
   5 # todo: put this script and this library into ansible
   6 source /usr/local/lib/err
   7
   8 #### begin arg processing ###
   9 usage() {
  10   cat <<EOF
  11 Usage: ${0##*/} [mdraid] hdd|sdd size_in_GB fqdn
  12 create disk for vm
  13
  14 -h|--help  Print help and exit.
  15
  16 EOF
  17   exit $1
  18 }
  19 m() { printf "%s\n" "$*";  "$@"; }
  20
  21
  22 mdraid=false
  23 case $1 in
  24   mdraid)
  25     mdraid=true
  26     shift
  27     ;;
  28   --help)
  29     usage
  30     ;;
  31 esac
  32
  33 if (( $# != 3 )); then
  34   echo "$0: error: expected 3 arguments" >&2
  35   usage 1
  36 fi
  37
  38 read -r disk_type gb hostname  <<<"$@"
  39 #### end arg processing ###
  40
  41 if ! type -p apg &>/dev/null; then
  42   apt install -y apg
  43 fi
  44
  45 if ! mountpoint -q /mnt2; then
  46   echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2
  47 fi
  48
  49 case $disk_type in
  50   hdd)
  51     volgroups=(
  52       vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M
  53       vgata-ST4000DM000-1F2168_Z3028BKA
  54       vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017
  55     )
  56     ;;
  57   sdd)
  58     volgroups=(
  59       vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K
  60       vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V
  61       vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K
  62     )
  63     ;;
  64 esac
  65
  66 for vg in ${volgroups[@]}; do
  67   lvdev=/dev/$vg/$hostname
  68   if [[ -e $lvdev  ]]; then
  69     echo "$0: skipping creation of existing lv: $lvdev"
  70   else
  71     m lvcreate -L ${gb}g -n $hostname $vg
  72   fi
  73 done
  74
  75 keyfile=/mnt2/$hostname
  76 if [[ ! -s $keyfile ]]; then
  77   apg -m 25 -x 25 -n1 | tr -d '\n' >$keyfile
  78   # directory is already 700, just being thorough
  79   m chmod 600 $keyfile
  80 fi
  81
  82 crypttab_err=false
  83
  84 mountdir=/mnt/$hostname
  85 mkdir -p $mountdir
  86 integrity_devs=()
  87 if $mdraid; then
  88   for vg in ${volgroups[@]}; do
  89     lvdev=/dev/$vg/$hostname
  90     integrity_name=integrity-$vg-$hostname
  91     integrity_dev=/dev/mapper/$integrity_name
  92     integrity_devs+=($integrity_dev)
  93     if [[ -e $integrity_dev ]]; then
  94       echo "$0: skipping creation of existing integrity dev: $integrity_dev"
  95     else
  96       m time integritysetup --batch-mode format $lvdev
  97       m integritysetup open --allow-discards $lvdev $integrity_name
  98     fi
  99   done
 100   mddev=/dev/md/md$hostname
 101   if [[ -e $mddev ]]; then
 102     echo "$0: skipping creation of existing mddev: $mddev"
 103   else
 104     # get stable auto-assembled names
 105     # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0
 106     if ! grep -Fxq "HOMEHOST <ignore>" /etc/mdadm/mdadm.conf; then
 107       sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf
 108       echo "HOMEHOST <ignore>" >>/etc/mdadm/mdadm.conf
 109       m update-initramfs -u -k all
 110     fi
 111     yes yes | m mdadm --create /dev/md/md$hostname --level 1 --raid-devices=3  ${integrity_devs[@]} || [[ $? == 141 ]]
 112   fi
 113   luks_name=crypt-$hostname
 114   luks_dev=/dev/mapper/$luks_name
 115   if [[ -e $luks_dev ]]; then
 116     echo "$0: skipping creation of existing luks dev: $luks_dev"
 117   else
 118     yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]]
 119     echo appending to /etc/crypttab
 120     echo "$luks_name $mddev $keyfile discard,luks" | tee -a /etc/crypttab
 121     m cryptdisks_start $luks_name
 122   fi
 123   m mkfs.ext4 $luks_dev
 124 else
 125
 126   luks_devs=()
 127   for vg in ${volgroups[@]}; do
 128     lvdev=/dev/$vg/$hostname
 129     # todo add apg to automatically installed packages
 130     yes YES | m cryptsetup luksFormat $lvdev $keyfile  || [[ $? == 141 ]]
 131     luks_name=crypt-$vg-$hostname
 132     echo appending to /etc/crypttab
 133     line="$luks_name $lvdev $keyfile discard,luks,noauto"
 134     if grep -Fq "$lvdev" /etc/crypttab; then
 135       if grep -Fx "$line" /etc/crypttab; then
 136         echo "$0: crypttab line already found ^. not adding"
 137       else
 138         echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:"
 139         echo "$line"
 140         echo "saving exit 1 until script completes. manual intervention required"
 141         crypttab_err=true
 142       fi
 143     else
 144       echo "appending to /etc/crypttab:"
 145       echo "$line" | tee -a /etc/crypttab
 146     fi
 147     m cryptdisks_start $luks_name
 148     luks_devs+=(/dev/mapper/$luks_name)
 149   done
 150
 151   m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${luks_devs[@]}
 152   m mount ${luks_devs[0]} $mountdir
 153   m btrfs sub create $mountdir/root
 154   m umount $mountdir
 155 fi
 156
 157 if $crypttab_err; then
 158   echo "$0: crypttab error, exiting 1, see above."
 159   exit 1
 160 fi