+++ /dev/null
-#!/bin/bash
-# Copyright (C) 2022 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# todo: put this script and this library into ansible
-source /usr/local/lib/err
-
-#### begin arg processing ###
-usage() {
- cat <<EOF
-Usage: ${0##*/} [mdraid] hdd|sdd size_in_GB fqdn
-create disk for vm
-
--h|--help Print help and exit.
-
-EOF
- exit $1
-}
-m() { printf "%s\n" "$*"; "$@"; }
-
-
-mdraid=false
-case $1 in
- mdraid)
- mdraid=true
- shift
- ;;
- --help)
- usage
- ;;
-esac
-
-if (( $# != 3 )); then
- echo "$0: error: expected 3 arguments" >&2
- usage 1
-fi
-
-read -r disk_type gb hostname <<<"$@"
-#### end arg processing ###
-
-if ! type -p apg &>/dev/null; then
- apt install -y apg
-fi
-
-if ! mountpoint -q /mnt2; then
- echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2
-fi
-
-case $disk_type in
- hdd)
- volgroups=(
- vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M
- vgata-ST4000DM000-1F2168_Z3028BKA
- vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017
- )
- ;;
- sdd)
- volgroups=(
- vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K
- vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V
- vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K
- )
- ;;
-esac
-
-for vg in ${volgroups[@]}; do
- lvdev=/dev/$vg/$hostname
- if [[ -e $lvdev ]]; then
- echo "$0: skipping creation of existing lv: $lvdev"
- else
- m lvcreate -L ${gb}g -n $hostname $vg
- fi
-done
-
-keyfile=/mnt2/$hostname
-if [[ ! -s $keyfile ]]; then
- apg -m 25 -x 25 -n1 | tr -d '\n' >$keyfile
- # directory is already 700, just being thorough
- m chmod 600 $keyfile
-fi
-
-crypttab_err=false
-
-mountdir=/mnt/$hostname
-mkdir -p $mountdir
-integrity_devs=()
-if $mdraid; then
- for vg in ${volgroups[@]}; do
- lvdev=/dev/$vg/$hostname
- integrity_name=integrity-$vg-$hostname
- integrity_dev=/dev/mapper/$integrity_name
- integrity_devs+=($integrity_dev)
- if [[ -e $integrity_dev ]]; then
- echo "$0: skipping creation of existing integrity dev: $integrity_dev"
- else
- m time integritysetup --batch-mode format $lvdev
- m integritysetup open --allow-discards $lvdev $integrity_name
- fi
- done
- mddev=/dev/md/md$hostname
- if [[ -e $mddev ]]; then
- echo "$0: skipping creation of existing mddev: $mddev"
- else
- # get stable auto-assembled names
- # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0
- if ! grep -Fxq "HOMEHOST <ignore>" /etc/mdadm/mdadm.conf; then
- sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf
- echo "HOMEHOST <ignore>" >>/etc/mdadm/mdadm.conf
- m update-initramfs -u -k all
- fi
- yes yes | m mdadm --create /dev/md/md$hostname --level 1 --raid-devices=3 ${integrity_devs[@]} || [[ $? == 141 ]]
- fi
- luks_name=crypt-$hostname
- luks_dev=/dev/mapper/$luks_name
- if [[ -e $luks_dev ]]; then
- echo "$0: skipping creation of existing luks dev: $luks_dev"
- else
- yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]]
- echo appending to /etc/crypttab
- echo "$luks_name $mddev $keyfile discard,luks" | tee -a /etc/crypttab
- m cryptdisks_start $luks_name
- fi
- m mkfs.ext4 $luks_dev
-else
-
- luks_devs=()
- for vg in ${volgroups[@]}; do
- lvdev=/dev/$vg/$hostname
- # todo add apg to automatically installed packages
- yes YES | m cryptsetup luksFormat $lvdev $keyfile || [[ $? == 141 ]]
- luks_name=crypt-$vg-$hostname
- echo appending to /etc/crypttab
- line="$luks_name $lvdev $keyfile discard,luks,noauto"
- if grep -Fq "$lvdev" /etc/crypttab; then
- if grep -Fx "$line" /etc/crypttab; then
- echo "$0: crypttab line already found ^. not adding"
- else
- echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:"
- echo "$line"
- echo "saving exit 1 until script completes. manual intervention required"
- crypttab_err=true
- fi
- else
- echo "appending to /etc/crypttab:"
- echo "$line" | tee -a /etc/crypttab
- fi
- m cryptdisks_start $luks_name
- luks_devs+=(/dev/mapper/$luks_name)
- done
-
- m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${luks_devs[@]}
- m mount ${luks_devs[0]} $mountdir
- m btrfs sub create $mountdir/root
- m umount $mountdir
-fi
-
-if $crypttab_err; then
- echo "$0: crypttab error, exiting 1, see above."
- exit 1
-fi