fi
# for calling outside of FAI without args:
-# fai-redep
#
# source /b/fai/fai-wrapper
# - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true...
# happen to already be setup.
#
# mktab: for running outside of fai and generating a crypttab for
-# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelnabia.
+# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelaramo.
#
# Example use in a bootstrap distro:
# scp /a/bin/fai/fai/config/{distro-install-common/devbyid,hooks/partition.DEFAULT} root@HOST:
#
# environment variables:
#
-# HOSTNAME: if frodo, we exclude 2 devices from the /boot array, which
-# the bios does not see. if demohost, we set the luks password to just
-# 'x'.
+# HOSTNAME: if demohost, we set the luks password to just
+# 'x'. Used in various other ways too.
#
# SPECIAL_DISK: For use outside of fai. A base disk name like
# /dev/sdk. If set, we just cryptsetup and partition this one disk then
esac
fi
+if [[ ! $SPECIAL_DISK ]] && ! $mkroot2 && ! $mkroot2tab && ! $mktab \
+ && ! ifclass IANK && ! ifclass FSF; then
+ echo $0: error: need class IANK or FSF or SPECIAL_DISK for running in fai
+fi
+
if [[ $SPECIAL_DISK ]]; then
export CLASS_REPARTITION=true
# boot
-
-
##### end configuration
##### begin function defs
zilap() {
case $HOSTNAME in
- sy|bo)
+ sy|bo|so)
return 0
;;
esac
dev=${boot_devs[0]}
fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"
- if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+ if [[ $DISTRO == *_bootstrap ]]; then
cat > /tmp/fai/fstab <<EOF
$first_boot_dev / btrfs noatime,subvol=$boot_vol 0 0
$first_efi /boot/efi vfat nofail,$fstabstd 0 0
$first_efi /boot/efi vfat nofail,$fstabstd 0 0
$first_boot_dev /mnt/boot btrfs nofail,$fstabstd,noatime,subvolid=0 0 0
EOF
+ if ! fsf; then
+ cat >> /tmp/fai/fstab <<EOF
+/dev/mapper/crypt-${vgs[0]}-o /mnt/o btrfs nofail,$fstabstd,noatime,subvolid=0$mopts 0 0
+EOF
+ fi
rm -f /tmp/fai/crypttab
for vg in ${vgs[@]}; do
if ! fsf; then
cat >>/tmp/fai/crypttab <<EOF
crypt-$vg-root /dev/$vg/root none keyscript=/root/keyscript,discard,luks,initramfs
+crypt-$vg-o /dev/$vg/o none keyscript=/root/keyscript,discard,luks,initramfs
crypt-$vg-swap /dev/$vg/swap /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
fi
SWAPLIST=\${SWAPLIST:-"${swap_devs[@]}"}
EOF
+ if [[ $HOSTNAME == frodo ]]; then
+ big_disks=(
+ ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1
+ ata-Hitachi_HDS722020ALA330_JK1121YAG7SY4S-part1
+ ata-Hitachi_HDS723030ALA640_MK0311YHG2WUSA-part1
+ ata-ST4000DM000-1F2168_Z300AZ6K-part1
+ ata-ST6000DM001-1XY17Z_Z4D2WMZK-part1
+ ata-TOSHIBA_MD04ACA500_8539K4TQFS9A-part1
+ ata-TOSHIBA_MD04ACA500_85NAK4T2FS9A-part1
+ ata-TOSHIBA_MD04ACA500_9551K615FS9A-part1
+ ata-TOSHIBA_MD04ACA500_Y5IFK6IJFS9A-part1
+ )
+ for d in ${big_disks[@]}; do
+ cat >>/tmp/fai/crypttab <<EOF
+crypt_dev_$d /dev/disk/by-id/$d /mnt/root/q/root/luks/iank discard,luks
+EOF
+ done
+ cat >> /tmp/fai/fstab <<EOF
+/dev/mapper/crypt_dev_${big_disks[0]} /mnt/i btrfs nofail,$fstabstd,noatime,subvolid=0 0 0
+EOF
+ fi
if [[ $HOSTNAME == kd ]]; then
# note, having these with keyscript and initramfs causes a luks error in fai.log,
# but it is safely ignorable and gets us the ability to just type our password
# in once at boot. A downside is that they are probably needed to be plugged in to boot.
cat >>/tmp/fai/crypttab <<EOF
-crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} none keyscript=decrypt_keyctl,discard,luks,initramfs
-crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 none keyscript=decrypt_keyctl,discard,luks,initramfs
-crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 none keyscript=decrypt_keyctl,discard,luks,initramfs
+crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /mnt/root/q/root/luks/iank discard,luks
+crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /mnt/root/q/root/luks/iank discard,luks
+crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /mnt/root/q/root/luks/iank discard,luks
EOF
cat >> /tmp/fai/fstab <<EOF
# r7 = root partition7. it isnt actually #7 anymore, not a great name, but whatever
# todo: update for lvm
doroot2() {
+
# We write to these files instead of just /etc/fstab, /etc/crypttab,
# because these are filesystems created after our current root, and so
# this allows us to update other root filesystems too.
echo $0: error: found partition=true but have mkroot2 arg
exit 1
fi
+
+
root2_devs=()
for vg in ${vgs[@]}; do
+
+
root2_devs+=(/dev/mapper/crypt-$vg-root2)
- if $mkroot2; then
+ if $mkroot2; then
+ lvcreate -y -L $root2_part_mib $vg -n root2
+ lvcreate -y -L $boot2_part_mib $vg -n boot2
luks-setup /dev/$vg/root2 crypt-$vg-root2
fi
cat >>/mnt/root/root2-crypttab <<EOF
##### begin variable setup
+
+
partition=false
if ifclass REPARTITION; then
partition=true # force a full wipe
pvn=1
+bootn=2
+
# rootn=1
# root2n=2
# swapn=3
# bootn=4
# boot2n=5
-efin=2
+efin=3
# ext partition so grub can write persistent variables,
# so it can do a one time boot. grub can't write to
# btrfs or any cow fs because it's more
# more complicated to do and they don't want to.
-grub_extn=3
+grub_extn=4
# bios boot partition,
# https://wiki.archlinux.org/index.php/GRUB
-bios_grubn=4
+bios_grubn=5
# for an even raid (raid 1), when one disk is bigger, this partition goes on the big disk
-even_bign=5
-lastn=$even_bign
+even_bign=6
+# even_bign only exists in some cases
+lastn=$bios_grubn
# check if the partitions exist have the right filesystems
#blkid="$(blkid -s TYPE)"
for dev in ${short_devs[@]}; do
if $partition && ifclass PARTITION_PROMPT; then
echo "Press any key except ctrl-c to continue and partition these drives:"
- echo " ${short_devs[*]}"
+ if [[ $SPECIAL_DISK ]]; then
+ echo $SPECIAL_DISK
+ else
+ echo " ${short_devs[*]}"
+ fi
read -r
fi
devs=()
vgs=()
root_devs=()
+o_devs=()
swap_devs=()
shopt -s extglob
partsuffix=-part
dname=${dev##*/}
vg=vg$dname
+ vg=${vg//:/}
vgs+=("$vg")
devs+=("$dev")
if fsf; then
root_devs+=(/dev/$vg/root)
swap_devs+=(/dev/$vg/swap)
else
+ o_devs+=(/dev/mapper/crypt-$vg-o)
root_devs+=(/dev/mapper/crypt-$vg-root)
swap_devs+=(/dev/mapper/crypt-$vg-swap)
fi
done
first_root_dev=${root_devs[0]}
-if [[ ! ${devs[0]} ]]; then
+if [[ ! $SPECIAL_DISK && ! ${devs[0]} ]]; then
echo "$0: error: failed to detect devs" >&2
exit 1
fi
-
pvsuf=$partsuffix$pvn
+bootsuf=$partsuffix$bootn
efisuf=$partsuffix$efin
grub_extsuf=$partsuffix$grub_extn
-bios_grubsuf=$partsuffix$bios_grubn
+# We dont do anything with this partition here, so this
+# is be unused, but left as a comment for completing the pattern
+# of all the suffixes.
+#bios_grubsuf=$partsuffix$bios_grubn
even_bigsuf=$partsuffix$even_bign
boot2_devs=()
for dev in ${devs[@]}; do
vg=vg${dev##*/}
+ vg=${vg//:/}
# I ran into a machine (frodo) where the bios doesn't know about some disks,
# so 1st stage of grub also doesn't know about them.
# Also, grub does not support mounting degraded btrfs as far as
if $bad_disk; then
continue
fi
- boot_devs+=(/dev/$vg/boot)
+ boot_devs+=($dev$bootsuf)
boot2_devs+=(/dev/$vg/boot2)
boot_space=$(( boot_space + $(parted -m $dev unit MiB print | \
sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
1c3) boot_space=$(( boot_space / 3 )) ;;
esac
if fsf; then
- boot_mib=4000
+ boot_mib=6000
elif (( boot_space > 900000 )); then
# this is larger than needed for several /boot subvols,
# becuase I keep a minimal debian install on it for
boot_part_mib=$(( boot_mib * raid_duplication / ${#boot_devs[@]} ))
if zilap; then
- boot2_part_mib=0
- root2_part_mib=0
-else
boot2_part_mib=$(( boot2_mib * raid_duplication / ${#boot_devs[@]} ))
root2_part_mib=$(( root2_mib * raid_duplication / ${#root_devs[@]} ))
+else
+ boot2_part_mib=0
+ root2_part_mib=0
fi
### end calculate boot partition space
if [[ ! $DISTRO ]]; then
- if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+ if ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ DISTRO=debianbookworm_bootstrap
+ elif ifclass VOL_BULLSEYE_BOOTSTRAP; then
DISTRO=debianbullseye_bootstrap
elif ifclass VOL_STRETCH; then
DISTRO=debianstretch
fi
fi
-if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+if [[ $DISTRO == *_bootstrap ]]; then
# this is just convenience for the libreboot_grub config
# so we can glob the other ones easier.
boot_vol=$DISTRO
if $partition; then
### begin wipefs
if [[ ! $SPECIAL_DISK ]]; then
- for lv in $(lvs --noheadings -o lv_path); do
- wipefs -a $lv
+
+ # we do lvm removals just for the disks we are using
+ pv_wipes=()
+ vg_wipes=()
+ declare -A vg_map
+ pv_devs=$(pvs --noheadings -o pvname)
+ for pv_dev in $pv_devs; do
+ for short_dev in ${short_devs[@]}; do
+ if [[ $pv_dev == $short_dev* ]]; then
+ pv_wipes+=($pv_dev)
+ vgs_of_pv=$(pvs --noheadings -o vgname $pv_dev)
+ for vg in $vgs_of_pv; do
+ if [[ ${vg_map[$vg]} ]]; then
+ continue
+ fi
+ vg_map[$vg]=t
+ vg_wipes+=($vg)
+ lvs=$(vgs --noheadings -o lv_path $vg)
+ for lv in $lvs; do
+ wipefs -a $lv
+ done
+ done
+ fi
+ done
done
- for vg in $(vgs --noheadings -o vgname); do
+
+ for vg in ${vg_wipes[@]}; do
vgchange -an $vg
vgremove -ff $vg
done
- for pv in $(pvs --noheadings -o pvname); do
+
+ for pv in ${pv_wipes[@]}; do
pvremove -ff $pv
done
+
for dev in ${devs[@]}; do
# if we repartition to the same as an old partition,
# we don't want any old fses hanging around.
while ! wipefs -a $dev; do
sleep 2
count_down=$((count_down - 1))
- (( count_down > 0 )) || exit 1
+ if (( count_down <= 0 )); then
+ echo "$0: wipefs failed 10 times. exiting" >&2
+ exit 1
+ fi
done
done
fi
fi
fi
+ if [[ $SPECIAL_DISK ]]; then
+ devs=($(devbyid $SPECIAL_DISK))
+ fi
for dev in ${devs[@]}; do
vg=vg${dev##*/}
- if [[ $SPECIAL_DISK ]]; then
- dev=$(devbyid $SPECIAL_DISK)
- fi
+ vg=${vg//:/}
# parted will round up the disk size. Do -1 so we can have
# fully 1MiB unit partitions for easy resizing of the last partition.
# MiB because parted complains about alignment otherwise.
pcmd="parted -a optimal -s -- $dev"
# main lvm partition
- $pcmd mkpart primary ext3 524MiB ${disk_mib}MiB
+
+ pv_end=$(( disk_mib - boot_part_mib ))
+ $pcmd mkpart primary ext3 524MiB ${pv_end}MiB
$pcmd name $pvn pv
- pvcreate -y $dev$pvsuf
- vgcreate -y $vg $dev$pvsuf
+ # + 794 pvcreate -y /dev/disk/by-id/ata-ST4000DM000-1F2168_Z3028BKA-part1
+ # WARNING: Device /dev/sde1 not initialized in udev database even after waiting 10000000 microseconds.
+ # No device found for /dev/disk/by-id/ata-ST4000DM000-1F2168_Z3028BKA-part1.
+ # sleep 10 was not enough.
+ secs=0
+ while [[ ! -e $dev$pvsuf ]] && (( secs < 40 )); do
+ sleep 1
+ secs=$((secs +1))
+ done
+ sleep 3
+ pvcreate -y -ff $dev$pvsuf
+ vgcreate -y -ff $vg $dev$pvsuf
if fsf; then
root_mib=40000
else
+ # This would maximize it, but we are going for a separate filesystem in /o,
+ # so use fixed sizes to allow both to grow
# 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
- root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
+ #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
+ o_mib=$(( 180 * 1000 ))
+ # max minus o, minus a gig just for some extra space
+ max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
+ root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
+ if (( max_root_mib < root_mib )); then
+ root_mib=$max_root_mib
+ fi
fi
- # -L unit default mebibyte
- lvcreate -y -L $root_mib $vg -n root
- lvcreate -y -L $swap_mib $vg -n swap
- # unencrypted swap needs mkswap
- if fsf; then
- mkswap /dev/$vg/swap
+ if [[ $SPECIAL_DISK ]]; then
+ lvcreate -y -L $max_root_mib $vg -n data
+ else
+ # -L unit default mebibyte
+ lvcreate -y -L $root_mib $vg -n root
+ if ! fsf; then
+ lvcreate -y -L $o_mib $vg -n o
+ fi
+ lvcreate -y -L $swap_mib $vg -n swap
+ # unencrypted swap needs mkswap
+ if fsf; then
+ mkswap /dev/$vg/swap
+ fi
fi
- lvcreate -y -L $boot_part_mib $vg -n boot
- if zilap; then
- # todo: now that we are using lvm, this doesnt need to be done until mkroot2
- lvcreate -y -L $root2_part_mib $vg -n root2
- lvcreate -y -L $boot2_part_mib $vg -n boot2
- fi
+ $pcmd mkpart primary "" ${pv_end}MiB ${disk_mib}MiB
+ $pcmd name $bootn boot
+ $pcmd set $bootn boot on
# uefi partition, for normal bios systems, its just in case.
$pcmd mkpart primary "fat32" 12MiB 524MiB
# but then couldn't be found upon reboot. In that case we didn't
# wait at all. So I've added a 3 second minimum wait.
secs=0
- while [[ ! -e $dev$bios_grubsuf ]] && (( secs < 10 )); do
+ while [[ ! -e $dev$efisuf ]] && (( secs < 40 )); do
sleep 1
secs=$((secs +1))
done
mkfs.fat -F32 $dev$efisuf
if ! fsf && $even_big_part && [[ $dev == "$even_big_dev" ]]; then
- luks-setup $even_big_dev ${even_big_dev##*/}
- mkfs.btrfs -f /dev/mapper/${even_big_dev##*/}
+ luks-setup $even_big_dev$even_bigsuf ${even_big_dev##*/}$even_bigsuf
+ mkfs.btrfs -f /dev/mapper/${even_big_dev##*/}$even_bigsuf
fi
# Holds just a single file, rarely written, so
# into ipxe which can't persist data, if we ever got that working.
mkfs.ext2 $dev$grub_extsuf
+ if [[ $SPECIAL_DISK ]]; then
+ luks-setup /dev/$vg/data crypt-$vg-data
+ exit 0
+ fi
+
# for fsf, no encryption of root because root will not contain any
# sensitive data.
if ! fsf; then
luks-setup /dev/$vg/root crypt-$vg-root
+ luks-setup /dev/$vg/o crypt-$vg-o
fi
- if [[ $SPECIAL_DISK ]]; then
- exit 0
- fi
done
ls -la /dev/btrfs-control # this was probably for debugging...
sleep 1
bpart ${root_devs[@]}
+ if ! fsf; then
+ bpart ${o_devs[@]}
+ fi
bpart ${boot_devs[@]}
-else ## above: if $partition ##
+else ## end if $partition ##
if ! fsf; then
for vg in ${vgs[@]}; do
if $rerootfs; then
luks-setup /dev/$vg/root crypt-$vg-root
else
- cryptsetup luksOpen /dev/$vg/root $vg-root \
+ cryptsetup luksOpen /dev/$vg/root crypt-$vg-root \
+ --key-file $luks_file
+ cryptsetup luksOpen /dev/$vg/o crypt-$vg-o \
--key-file $luks_file
fi
done
fi
-if $wipe && [[ $DISTRO != debianbullseye_bootstrap ]]; then
+if $wipe && [[ $DISTRO != *_bootstrap ]]; then
# bootstrap distro doesn't use separate encrypted root.
mount -o subvolid=0 ${root_devs[0]} /mnt
# systemd creates subvolumes we want to delete.
# for libreboot systems. grub2 only reads from subvolid=0
mkdir -p /mnt/grub2
-# todo: this probably needs updating for our lvm transition
+# todo: this would need some rework if we moved boot into
+# lvm.
cp $FAI/distro-install-common/libreboot_grub.cfg /mnt/grub2
if $wipe && [[ -e /mnt/$boot_vol ]]; then
iankelling.org / git / automated-distro-installer / blobdiff