##### end configuration
+
+add-part() {
+ local d ret
+ if [[ $# == 1 ]]; then
+ d=$dev
+ part=$1
+ else
+ d=$1
+ part=$2
+ fi
+ if [[ $d == /dev/disk/by-id/* ]]; then
+ ret=$d-part$part
+ else
+ ret=$d$part
+ fi
+ echo $ret
+}
+
+bootdev() { add-part $@ $bootn; }
+rootdev() { add-part $@ $rootn; }
+swapdev() { add-part $@ $swapn; }
+bios_grubdev() { add-part $@ $bios_grubn; }
+
+crypt-dev() { echo /dev/mapper/crypt_dev_${1##*/}; }
+crypt-name() { echo crypt_dev_${1##*/}; }
+root-cryptdev() { crypt-dev $(rootdev $@); }
+swap-cryptdev() { crypt-dev $(swapdev $@); }
+root-cryptname() { crypt-name $(rootdev $@); }
+swap-cryptname() { crypt-name $(swapdev $@); }
+
+
+##### end function defs
+
if ifclass REPARTITION;then
partition=true # force a full wipe
else
# install all ssds, or if there are none, all hdds
if (( ${#ssds[@]} > 0 )); then
- devs=( ${ssds[@]} )
+ short_devs=( ${ssds[@]} )
else
- devs=( ${hds[@]} )
+ short_devs=( ${hds[@]} )
+fi
+
+# check if the partitions exist have the right filesystems
+#blkid="$(blkid -s TYPE)"
+for dev in ${short_devs[@]}; do
+ ! $partition || break
+ y=$(readlink -f $dev)
+ x=($y[0-9])
+ [[ ${#x[@]} == "${lastn}" ]] || partition=true
+ for (( i=1; i <= lastn; i++ )); do
+ [[ -e ${dev}$i ]] || partition=true
+ done
+ # On one system, blkid is missing some partitions.
+ # maybe we need a flag, like FUZZY_BLKID or something, so we
+ # can check that at least some exist.
+ # for x in "`rootdev`: TYPE=\"crypto_LUKS\"" "`bootdev`: TYPE=\"btrfs\""; do
+ # echo "$blkid" | grep -Fx "$x" &>/dev/null || partition=true
+ # done
+done
+
+if $partition && ifclass PARTITION_PROMPT; then
+ echo "Press any key except ctrl-c to continue and partition these drives:"
+ echo " ${short_devs[@]}"
+ read
fi
+devs=()
+shopt -s extglob
+for short_dev in ${short_devs[@]}; do
+ devs+=($(devbyid $short_dev))
+done
+
+
+
boot_devs=()
for dev in ${devs[@]}; do
if ifclass frodo; then
# and I have mixed model disks, and I could see the 8 models which showed
# up in the bios, and thus see which 2 models were missing.
# hdparm -I /dev/sdh will give model info in linux.
- # However, in fai on jessie, that dir doesn't exist,
+ # However, in fai on jessie, /dev/disk/by-path dir doesn't exist,
# and I don't see another way, so I'm hardcoding them.
# We still put grub on them and partition them the same, for uniformity
# and in case they get moved to a system that can recognize them,
bad_disk=false
for id in ata-TOSHIBA_MD04ACA500_8539K4TQFS9A \
ata-TOSHIBA_MD04ACA500_Y5IFK6IJFS9A; do
- if [[ $(readlink -f $id) == $dev ]]; then
+ if [[ $(readlink -f $id) == "$(readlink -f $dev)" ]]; then
bad_disk=true
break
fi
done
- $bad_disk || boot_devs+=($dev$bootn)
+ $bad_disk || boot_devs+=(`bootdev`)
else
- boot_devs+=($dev$bootn)
+ boot_devs+=(`bootdev`)
fi
done
if [[ ! $DISTRO ]]; then
if ifclass STABLE; then
- DISTRO=debianjessie
+ DISTRO=debianstable
else
DISTRO=debiantesting
fi
bpart() { # btrfs a partition
- dev_n=$1
case ${#@} in
[1-3]) mkfs.btrfs -f $@ ;;
[4-9]*|[1-3]?*) mkfs.btrfs -f -m raid10 -d raid10 $@ ;;
esac
}
-first_boot_dev=${devs[0]}$bootn
-
-crypt_devs=()
-# somewhat crude detection of whether to partition
-for dev in ${devs[@]}; do
- crypt_devs+=( /dev/mapper/crypt_dev_${dev#/dev/} )
- x=($dev[0-9])
- [[ ${#x[@]} == ${lastn} ]] || partition=true
- for (( i=1; i <= $lastn; i++ )); do
- [[ -e ${dev}$i ]] || partition=true
- done
- for part in $dev$rootn $dev$bootn; do
- # type tells us it's not totally blank
- blkid | grep "^${part}:.*TYPE=" &>/dev/null || partition=true
- done
-done
+first_boot_dev=$(bootdev ${devs[0]})
# keyfiles generated like:
# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
fi
-crypt=${crypt_devs[0]}$rootn
+first_root_crypt=$(root-cryptdev ${devs[0]})
-bios_grub_end=4
+bios_grubn=4
# 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
swap_mib=$(( $(grep ^MemTotal: /proc/meminfo | \
awk '{print $2}') * 3/(${#devs[@]} * 2 ) / 1024 ))
# parted will round up the disk size. Do -1 so we can have
# fully 1MiB unit partitions for easy resizing of the last partition.
# Otherwise we would pass in -0 for the end argument for the last partition.
+ #
+ # parted print error output is expected. example:
+ # Error: /dev/vda: unrecognised disk label
disk_mib=$(( $(parted -m $dev unit MiB print | \
- sed -nr "s#^$dev:([0-9]+).*#\1#p") - 1))
+ sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
root_end=$(( disk_mib - swap_mib - boot_mib / ${#boot_devs[@]} ))
swap_end=$(( root_end + swap_mib))
$pcmd mkpart primary "" 1MiB 4MiB
$pcmd set $bios_grubn bios_grub on
$pcmd set $bootn boot on # generally not needed on modern systems
- # the mkfs failed randomly on a vm, so I threw a sleep in here.
- sleep .1
-
- luks_dev=$dev$rootn
- yes YES | cryptsetup luksFormat $luks_dev $luks_dir/host-$HOSTNAME \
+ # the mkfs failed before on a vm, which prompted me to add
+ # sleep .1
+ # then failed on a physical machine
+ # with:
+ # Device /dev/disk/by-id/foo doesn't exist or access denied,
+ # so here we wait.
+ secs=0
+ while [[ ! -e `rootdev` ]] && (( secs < 10 )); do
+ sleep 1
+ secs=$((secs +1))
+ done
+ yes YES | cryptsetup luksFormat `rootdev` $luks_dir/host-$HOSTNAME \
-c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
yes "$lukspw" | \
cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
- $luks_dev || [[ $? == 141 ]]
+ `rootdev` || [[ $? == 141 ]]
# background: Keyfile and password are treated just
# like 2 ways to input a passphrase, so we don't actually need to have
# different contents of keyfile and passphrase, but it makes some
# yes 'test' | cryptsetup luksRemoveKey /dev/... \
# /key/file || [[ $? == 141 ]]
- cryptsetup luksOpen $luks_dev crypt_dev_${luks_dev##/dev/} \
+ cryptsetup luksOpen `rootdev` `root-cryptname` \
--key-file $luks_dir/host-$HOSTNAME
done
- bpart ${crypt_devs[@]/%/$rootn}
+ ls -la /dev/btrfs-control
+ sleep 1
+ bpart $(for dev in ${devs[@]}; do root-cryptdev; done)
bpart ${boot_devs[@]}
else
for dev in ${devs[@]}; do
- cryptsetup luksOpen $dev$rootn crypt_dev_${dev##/dev/}$rootn \
- --key-file $luks_dir/host-$HOSTNAME || [[ $? == 141 ]]
+ cryptsetup luksOpen `rootdev` `root-cryptname` \
+ --key-file $luks_dir/host-$HOSTNAME
done
sleep 1
fi
-mount -o subvolid=0 $crypt /mnt
+mount -o subvolid=0 $first_root_crypt /mnt
# systemd creates subvolumes we want to delete.
s=($(btrfs subvolume list --sort=-path /mnt |
sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p"))
cat > /tmp/fai/fstab <<EOF
-$crypt / btrfs noatime,subvol=root_$DISTRO 0 0
-$crypt /q btrfs noatime,subvol=q 0 0
+$first_root_crypt / btrfs noatime,subvol=root_$DISTRO 0 0
+$first_root_crypt /q btrfs noatime,subvol=q 0 0
/q/a /a none bind 0 0
-$crypt /home btrfs noatime,subvol=home_$DISTRO 0 0
+$first_root_crypt /home btrfs noatime,subvol=home_$DISTRO 0 0
$first_boot_dev /boot btrfs noatime,subvol=boot_$DISTRO 0 0
EOF
swaps=()
for dev in ${devs[@]}; do
- s=crypt_swap_${dev##/dev/}$swapn
- swaps+=(/dev/mapper/$s)
+ swaps+=(`swap-cryptname`)
cat >>/tmp/fai/crypttab <<EOF
-crypt_dev_${dev##/dev/}$rootn $dev$rootn none keyscript=/root/keyscript,discard,luks
-$s $dev$swapn /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
+`root-cryptname` `rootdev` none keyscript=/root/keyscript,discard,luks
+`swap-cryptname` `swapdev` /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
cat >> /tmp/fai/fstab <<EOF
-/dev/mapper/$s none swap sw 0 0
+`swap-cryptdev` none swap sw 0 0
EOF
done
# swaplist seems to do nothing.
cat >/tmp/fai/disk_var.sh <<EOF
-ROOT_PARTITION=\${ROOT_PARTITION:-$crypt}
+ROOT_PARTITION=\${ROOT_PARTITION:-$first_root_crypt}
BOOT_PARTITION=\${BOOT_PARTITION:-$first_boot_dev}
-BOOT_DEVICE="${devs[@]}"
+BOOT_DEVICE="${short_devs[@]}"
SWAPLIST=\${SWAPLIST:-"${swaps[@]}"}
EOF
[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+e() { echo "$@"; "$@"; }
# for ubuntu:
#add-apt-repository -y ppa:fai/ppa
apt-get update
# all the dependencies except the dhcp server
-apt-get -y install $(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\
- sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')
+deps="$(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\
+ sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')"
+to_install=()
+for pkg in $deps; do
+ dpkg -s $pkg &>/dev/null && continue ||:
+ to_install+=($pkg)
+ echo $pkg >> /etc/fai/fai-manually-installed-packages
+done
+if [[ $to_install ]]; then
+ apt-get -y install ${to_install[@]}
+fi
+
sed -i 's/^#deb/deb/' /etc/fai/apt/sources.list
sed -i 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
# from man fai-make-nfsroot,
# Add debug to -f flag for more verbose output.
std_arg="-u nfs://faiserver/srv/fai/config"
-fai-chboot -Iv $std_arg default
+fai-chboot -Iv $std_arg default # reset so we are idempotent
kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
type -t host &>/dev/null || apt-get -y install dnsutils
my_ip=$(host faiserver $(route -n | sed -rn 's/^(0\.){3}0\s+(\S+).*/\2/p') | \
- sed -rn 's/^faiserver has address //p')
+ sed -rn 's/^\S+ has address //p')
k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/")
-fai-chboot -k "$k_args" -v -f verbose,sshd,createvt,reboot $std_arg $kernel default
+e fai-chboot -k "$k_args" -v -f verbose,sshd,createvt,reboot $std_arg $kernel default
# make the faiserver also the apt proxy server
apt-get -y install apt-cacher-ng
# random fai note: as far as I can tell, profiles are just for putting
# in a selectable boot menu, which I don't want.
-# somewhere I call it faiserver, but debian's default is faiserver.lan
-sed -ri 's/faiserver.lan/faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+# the logsave prompted because the hostname faiserver was uknown.
+# Here it was faiserver.lan when running from a faiserver vm.
+# When running from a normal host with faiserver alias, it was the normal hosts name.
+sed -ri 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+# ditch the logo banner up top which screws with less.
+touch /srv/fai/nfsroot/.nocolorlogo
iankelling.org / git / automated-distro-installer / commitdiff