X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=fsf%2Fcreate-vm-disk;fp=fsf%2Fcreate-vm-disk;h=0000000000000000000000000000000000000000;hp=37cc45f34803036702aefbfffe7cf0783c76f41d;hb=79cd04733bf570db299ef09195c498a63f3f3fd5;hpb=d9993568d38dd7d2d18ced6b5007e9cc07d1e576 diff --git a/fsf/create-vm-disk b/fsf/create-vm-disk deleted file mode 100755 index 37cc45f..0000000 --- a/fsf/create-vm-disk +++ /dev/null @@ -1,160 +0,0 @@ -#!/bin/bash -# Copyright (C) 2022 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later - -# todo: put this script and this library into ansible -source /usr/local/lib/err - -#### begin arg processing ### -usage() { - cat <&2 - usage 1 -fi - -read -r disk_type gb hostname <<<"$@" -#### end arg processing ### - -if ! type -p apg &>/dev/null; then - apt install -y apg -fi - -if ! mountpoint -q /mnt2; then - echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2 -fi - -case $disk_type in - hdd) - volgroups=( - vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M - vgata-ST4000DM000-1F2168_Z3028BKA - vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017 - ) - ;; - sdd) - volgroups=( - vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K - vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V - vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K - ) - ;; -esac - -for vg in ${volgroups[@]}; do - lvdev=/dev/$vg/$hostname - if [[ -e $lvdev ]]; then - echo "$0: skipping creation of existing lv: $lvdev" - else - m lvcreate -L ${gb}g -n $hostname $vg - fi -done - -keyfile=/mnt2/$hostname -if [[ ! -s $keyfile ]]; then - apg -m 25 -x 25 -n1 | tr -d '\n' >$keyfile - # directory is already 700, just being thorough - m chmod 600 $keyfile -fi - -crypttab_err=false - -mountdir=/mnt/$hostname -mkdir -p $mountdir -integrity_devs=() -if $mdraid; then - for vg in ${volgroups[@]}; do - lvdev=/dev/$vg/$hostname - integrity_name=integrity-$vg-$hostname - integrity_dev=/dev/mapper/$integrity_name - integrity_devs+=($integrity_dev) - if [[ -e $integrity_dev ]]; then - echo "$0: skipping creation of existing integrity dev: $integrity_dev" - else - m time integritysetup --batch-mode format $lvdev - m integritysetup open --allow-discards $lvdev $integrity_name - fi - done - mddev=/dev/md/md$hostname - if [[ -e $mddev ]]; then - echo "$0: skipping creation of existing mddev: $mddev" - else - # get stable auto-assembled names - # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0 - if ! grep -Fxq "HOMEHOST " /etc/mdadm/mdadm.conf; then - sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf - echo "HOMEHOST " >>/etc/mdadm/mdadm.conf - m update-initramfs -u -k all - fi - yes yes | m mdadm --create /dev/md/md$hostname --level 1 --raid-devices=3 ${integrity_devs[@]} || [[ $? == 141 ]] - fi - luks_name=crypt-$hostname - luks_dev=/dev/mapper/$luks_name - if [[ -e $luks_dev ]]; then - echo "$0: skipping creation of existing luks dev: $luks_dev" - else - yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]] - echo appending to /etc/crypttab - echo "$luks_name $mddev $keyfile discard,luks" | tee -a /etc/crypttab - m cryptdisks_start $luks_name - fi - m mkfs.ext4 $luks_dev -else - - luks_devs=() - for vg in ${volgroups[@]}; do - lvdev=/dev/$vg/$hostname - # todo add apg to automatically installed packages - yes YES | m cryptsetup luksFormat $lvdev $keyfile || [[ $? == 141 ]] - luks_name=crypt-$vg-$hostname - echo appending to /etc/crypttab - line="$luks_name $lvdev $keyfile discard,luks,noauto" - if grep -Fq "$lvdev" /etc/crypttab; then - if grep -Fx "$line" /etc/crypttab; then - echo "$0: crypttab line already found ^. not adding" - else - echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:" - echo "$line" - echo "saving exit 1 until script completes. manual intervention required" - crypttab_err=true - fi - else - echo "appending to /etc/crypttab:" - echo "$line" | tee -a /etc/crypttab - fi - m cryptdisks_start $luks_name - luks_devs+=(/dev/mapper/$luks_name) - done - - m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${luks_devs[@]} - m mount ${luks_devs[0]} $mountdir - m btrfs sub create $mountdir/root - m umount $mountdir -fi - -if $crypttab_err; then - echo "$0: crypttab error, exiting 1, see above." - exit 1 -fi