X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=fsf%2Fcreate-vm-disk;fp=fsf%2Fcreate-vm-disk;h=37cc45f34803036702aefbfffe7cf0783c76f41d;hp=0000000000000000000000000000000000000000;hb=137ffae7de84a51c4b438ccf2fb50f5571f522a6;hpb=14f283f82afc48d6cec1bb7498ec34ac2b0da77c

diff --git a/fsf/create-vm-disk b/fsf/create-vm-disk
new file mode 100755
index 0000000..37cc45f
--- /dev/null
+++ b/fsf/create-vm-disk
@@ -0,0 +1,160 @@
+#!/bin/bash
+# Copyright (C) 2022 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# todo: put this script and this library into ansible
+source /usr/local/lib/err
+
+#### begin arg processing ###
+usage() {
+  cat <<EOF
+Usage: ${0##*/} [mdraid] hdd|sdd size_in_GB fqdn
+create disk for vm
+
+-h|--help  Print help and exit.
+
+EOF
+  exit $1
+}
+m() { printf "%s\n" "$*";  "$@"; }
+
+
+mdraid=false
+case $1 in
+  mdraid)
+    mdraid=true
+    shift
+    ;;
+  --help)
+    usage
+    ;;
+esac
+
+if (( $# != 3 )); then
+  echo "$0: error: expected 3 arguments" >&2
+  usage 1
+fi
+
+read -r disk_type gb hostname  <<<"$@"
+#### end arg processing ###
+
+if ! type -p apg &>/dev/null; then
+  apt install -y apg
+fi
+
+if ! mountpoint -q /mnt2; then
+  echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2
+fi
+
+case $disk_type in
+  hdd)
+    volgroups=(
+      vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M
+      vgata-ST4000DM000-1F2168_Z3028BKA
+      vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017
+    )
+    ;;
+  sdd)
+    volgroups=(
+      vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K
+      vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V
+      vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K
+    )
+    ;;
+esac
+
+for vg in ${volgroups[@]}; do
+  lvdev=/dev/$vg/$hostname
+  if [[ -e $lvdev  ]]; then
+    echo "$0: skipping creation of existing lv: $lvdev"
+  else
+    m lvcreate -L ${gb}g -n $hostname $vg
+  fi
+done
+
+keyfile=/mnt2/$hostname
+if [[ ! -s $keyfile ]]; then
+  apg -m 25 -x 25 -n1 | tr -d '\n' >$keyfile
+  # directory is already 700, just being thorough
+  m chmod 600 $keyfile
+fi
+
+crypttab_err=false
+
+mountdir=/mnt/$hostname
+mkdir -p $mountdir
+integrity_devs=()
+if $mdraid; then
+  for vg in ${volgroups[@]}; do
+    lvdev=/dev/$vg/$hostname
+    integrity_name=integrity-$vg-$hostname
+    integrity_dev=/dev/mapper/$integrity_name
+    integrity_devs+=($integrity_dev)
+    if [[ -e $integrity_dev ]]; then
+      echo "$0: skipping creation of existing integrity dev: $integrity_dev"
+    else
+      m time integritysetup --batch-mode format $lvdev
+      m integritysetup open --allow-discards $lvdev $integrity_name
+    fi
+  done
+  mddev=/dev/md/md$hostname
+  if [[ -e $mddev ]]; then
+    echo "$0: skipping creation of existing mddev: $mddev"
+  else
+    # get stable auto-assembled names
+    # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0
+    if ! grep -Fxq "HOMEHOST <ignore>" /etc/mdadm/mdadm.conf; then
+      sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf
+      echo "HOMEHOST <ignore>" >>/etc/mdadm/mdadm.conf
+      m update-initramfs -u -k all
+    fi
+    yes yes | m mdadm --create /dev/md/md$hostname --level 1 --raid-devices=3  ${integrity_devs[@]} || [[ $? == 141 ]]
+  fi
+  luks_name=crypt-$hostname
+  luks_dev=/dev/mapper/$luks_name
+  if [[ -e $luks_dev ]]; then
+    echo "$0: skipping creation of existing luks dev: $luks_dev"
+  else
+    yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]]
+    echo appending to /etc/crypttab
+    echo "$luks_name $mddev $keyfile discard,luks" | tee -a /etc/crypttab
+    m cryptdisks_start $luks_name
+  fi
+  m mkfs.ext4 $luks_dev
+else
+
+  luks_devs=()
+  for vg in ${volgroups[@]}; do
+    lvdev=/dev/$vg/$hostname
+    # todo add apg to automatically installed packages
+    yes YES | m cryptsetup luksFormat $lvdev $keyfile  || [[ $? == 141 ]]
+    luks_name=crypt-$vg-$hostname
+    echo appending to /etc/crypttab
+    line="$luks_name $lvdev $keyfile discard,luks,noauto"
+    if grep -Fq "$lvdev" /etc/crypttab; then
+      if grep -Fx "$line" /etc/crypttab; then
+        echo "$0: crypttab line already found ^. not adding"
+      else
+        echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:"
+        echo "$line"
+        echo "saving exit 1 until script completes. manual intervention required"
+        crypttab_err=true
+      fi
+    else
+      echo "appending to /etc/crypttab:"
+      echo "$line" | tee -a /etc/crypttab
+    fi
+    m cryptdisks_start $luks_name
+    luks_devs+=(/dev/mapper/$luks_name)
+  done
+
+  m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${luks_devs[@]}
+  m mount ${luks_devs[0]} $mountdir
+  m btrfs sub create $mountdir/root
+  m umount $mountdir
+fi
+
+if $crypttab_err; then
+  echo "$0: crypttab error, exiting 1, see above."
+  exit 1
+fi