fi
# for calling outside of FAI without args:
-# fai-redep
#
# source /b/fai/fai-wrapper
# - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true...
# happen to already be setup.
#
# mktab: for running outside of fai and generating a crypttab for
-# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelnabia.
+# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelaramo.
#
# Example use in a bootstrap distro:
# scp /a/bin/fai/fai/config/{distro-install-common/devbyid,hooks/partition.DEFAULT} root@HOST:
#
# environment variables:
#
-# HOSTNAME: if frodo, we exclude 2 devices from the /boot array, which
-# the bios does not see. if demohost, we set the luks password to just
-# 'x'.
+# HOSTNAME: if demohost, we set the luks password to just
+# 'x'. Used in various other ways too.
#
# SPECIAL_DISK: For use outside of fai. A base disk name like
# /dev/sdk. If set, we just cryptsetup and partition this one disk then
# boot
-
-
##### end configuration
##### begin function defs
zilap() {
case $HOSTNAME in
- sy|bo)
+ sy|bo|so)
return 0
;;
esac
dev=${boot_devs[0]}
fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"
- if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+ if [[ $DISTRO == *_bootstrap ]]; then
cat > /tmp/fai/fstab <<EOF
$first_boot_dev / btrfs noatime,subvol=$boot_vol 0 0
$first_efi /boot/efi vfat nofail,$fstabstd 0 0
SWAPLIST=\${SWAPLIST:-"${swap_devs[@]}"}
EOF
+ if [[ $HOSTNAME == frodo ]]; then
+ big_disks=(
+ ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1
+ ata-Hitachi_HDS722020ALA330_JK1121YAG7SY4S-part1
+ ata-Hitachi_HDS723030ALA640_MK0311YHG2WUSA-part1
+ ata-ST4000DM000-1F2168_Z300AZ6K-part1
+ ata-ST6000DM001-1XY17Z_Z4D2WMZK-part1
+ ata-TOSHIBA_MD04ACA500_8539K4TQFS9A-part1
+ ata-TOSHIBA_MD04ACA500_85NAK4T2FS9A-part1
+ ata-TOSHIBA_MD04ACA500_9551K615FS9A-part1
+ ata-TOSHIBA_MD04ACA500_Y5IFK6IJFS9A-part1
+ )
+ for d in ${big_disks[@]}; do
+ cat >>/tmp/fai/crypttab <<EOF
+crypt_dev_$d /dev/disk/by-id/$d /mnt/root/q/root/luks/iank discard,luks
+EOF
+ done
+ cat >> /tmp/fai/fstab <<EOF
+/dev/mapper/crypt_dev_${big_disks[0]} /mnt/i btrfs nofail,$fstabstd,noatime,subvolid=0 0 0
+EOF
+ fi
if [[ $HOSTNAME == kd ]]; then
# note, having these with keyscript and initramfs causes a luks error in fai.log,
# but it is safely ignorable and gets us the ability to just type our password
# todo: update for lvm
doroot2() {
+
# We write to these files instead of just /etc/fstab, /etc/crypttab,
# because these are filesystems created after our current root, and so
# this allows us to update other root filesystems too.
echo $0: error: found partition=true but have mkroot2 arg
exit 1
fi
+
+
root2_devs=()
for vg in ${vgs[@]}; do
+
+
root2_devs+=(/dev/mapper/crypt-$vg-root2)
if $mkroot2; then
+ lvcreate -y -L $root2_part_mib $vg -n root2
+ lvcreate -y -L $boot2_part_mib $vg -n boot2
luks-setup /dev/$vg/root2 crypt-$vg-root2
fi
cat >>/mnt/root/root2-crypttab <<EOF
boot_part_mib=$(( boot_mib * raid_duplication / ${#boot_devs[@]} ))
if zilap; then
- boot2_part_mib=0
- root2_part_mib=0
-else
boot2_part_mib=$(( boot2_mib * raid_duplication / ${#boot_devs[@]} ))
root2_part_mib=$(( root2_mib * raid_duplication / ${#root_devs[@]} ))
+else
+ boot2_part_mib=0
+ root2_part_mib=0
fi
### end calculate boot partition space
if [[ ! $DISTRO ]]; then
- if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+ if ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ DISTRO=debianbookworm_bootstrap
+ elif ifclass VOL_BULLSEYE_BOOTSTRAP; then
DISTRO=debianbullseye_bootstrap
elif ifclass VOL_STRETCH; then
DISTRO=debianstretch
fi
fi
-if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+if [[ $DISTRO == *_bootstrap ]]; then
# this is just convenience for the libreboot_grub config
# so we can glob the other ones easier.
boot_vol=$DISTRO
# we do lvm removals just for the disks we are using
pv_wipes=()
vg_wipes=()
+ declare -A vg_map
pv_devs=$(pvs --noheadings -o pvname)
for pv_dev in $pv_devs; do
- pv_disk=${pv_dev%%[0-9]*}
for short_dev in ${short_devs[@]}; do
- if [[ $pv_disk == "$short_dev" ]]; then
+ if [[ $pv_dev == $short_dev* ]]; then
pv_wipes+=($pv_dev)
- vgs=$(pvs --noheadings -o vgname $pv_dev)
- for vg in $vgs; do
+ vgs_of_pv=$(pvs --noheadings -o vgname $pv_dev)
+ for vg in $vgs_of_pv; do
+ if [[ ${vg_map[$vg]} ]]; then
+ continue
+ fi
+ vg_map[$vg]=t
vg_wipes+=($vg)
lvs=$(vgs --noheadings -o lv_path $vg)
for lv in $lvs; do
while ! wipefs -a $dev; do
sleep 2
count_down=$((count_down - 1))
- (( count_down > 0 )) || exit 1
+ if (( count_down <= 0 )); then
+ echo "$0: wipefs failed 10 times. exiting" >&2
+ exit 1
+ fi
done
done
fi
# so use fixed sizes to allow both to grow
# 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
#root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
- root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb.
- o_mib=$(( 120 * 1000 ))
+ o_mib=$(( 180 * 1000 ))
+ # max minus o, minus a gig just for some extra space
+ max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
+ root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
+ if (( max_root_mib < root_mib )); then
+ root_mib=$max_root_mib
+ fi
fi
- if [[ ! $SPECIAL_DISK ]]; then
+ if [[ $SPECIAL_DISK ]]; then
+ lvcreate -y -L $max_root_mib $vg -n data
+ else
# -L unit default mebibyte
lvcreate -y -L $root_mib $vg -n root
if ! fsf; then
fi
fi
- if zilap; then
- # todo: now that we are using lvm, this doesnt need to be done until mkroot2
- lvcreate -y -L $root2_part_mib $vg -n root2
- lvcreate -y -L $boot2_part_mib $vg -n boot2
- fi
-
$pcmd mkpart primary "" ${pv_end}MiB ${disk_mib}MiB
$pcmd name $bootn boot
$pcmd set $bootn boot on
# into ipxe which can't persist data, if we ever got that working.
mkfs.ext2 $dev$grub_extsuf
+ if [[ $SPECIAL_DISK ]]; then
+ luks-setup /dev/$vg/data crypt-$vg-data
+ exit 0
+ fi
+
# for fsf, no encryption of root because root will not contain any
# sensitive data.
if ! fsf; then
luks-setup /dev/$vg/o crypt-$vg-o
fi
- if [[ $SPECIAL_DISK ]]; then
- exit 0
- fi
done
ls -la /dev/btrfs-control # this was probably for debugging...
sleep 1
fi
-if $wipe && [[ $DISTRO != debianbullseye_bootstrap ]]; then
+if $wipe && [[ $DISTRO != *_bootstrap ]]; then
# bootstrap distro doesn't use separate encrypted root.
mount -o subvolid=0 ${root_devs[0]} /mnt
# systemd creates subvolumes we want to delete.
iankelling.org / git / automated-distro-installer / blobdiff