fix keeping non system fses and idempotency

diff --git a/fai-redep b/fai-redep
index 935e96c5af2b696ac375b70ab6ff00f4d8962250..d7ba0043f9979f1292f620168417974c9f41d0e3 100755 (executable)
--- a/fai-redep
+++ b/fai-redep
@@ -22,14 +22,13 @@ EOF
 scp ~/.ssh/id_rsa.pub \
     root@faiserver:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
 s scp -r /q/root/luks root@faiserver:/srv/fai/config/distro-install-common
-ssh root@faiserver chmod -R a+r /srv/fai/config/distro-install-common
+ssh root@faiserver chmod -R a+rX /srv/fai/config/distro-install-common
 
 s virshrm demohost ||:
-# this one doesn't need to be done every time
-s qemu-img create -o preallocation=metadata -f qcow2 \
-  /var/lib/libvirt/images/demohost 30G
-s qemu-img create -o preallocation=metadata -f qcow2 \
-  /var/lib/libvirt/images/demohostb 30G
+
+for f in /var/lib/libvirt/images/demohost{,b}; do
+    [[ -e $f ]] || s qemu-img create -o preallocation=metadata -f qcow2 $f 30G
+done
 # osinfo-query os | gr jessie
 s virt-install --os-variant debian8 --cpu host -n demohost --pxe -r 2048 --vcpus 1 \
   --disk path=/var/lib/libvirt/images/demohost \

diff --git a/fai/config/hooks/instsoft.demohost b/fai/config/hooks/instsoft.demohost
index f0f1bc22ff9baf4d1b5c157aa090371fe00ee599..fa93c6b2fe90984dd537cf9972d8b8ad697ea31f 100755 (executable)
--- a/fai/config/hooks/instsoft.demohost
+++ b/fai/config/hooks/instsoft.demohost
@@ -4,7 +4,7 @@ f=$target/root/keyscript
 cat > $f <<EOFOUTER
 #!/bin/sh
 cat <<'EOF'
-$(cat /tmp/fai/crypt_dev_*)
+$(cat /var/lib/fai/config/distro-install-common/luks/host-$HOSTNAME)
 EOF
 EOFOUTER
 

diff --git a/fai/config/hooks/partition.demohost b/fai/config/hooks/partition.demohost
index 7208465febf93d1d0e34574f5b7fd96ef95a7e87..2adaad9a48d41578f37df46c5365d8a945a57084 100755 (executable)
--- a/fai/config/hooks/partition.demohost
+++ b/fai/config/hooks/partition.demohost
@@ -7,7 +7,11 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
 # # so we do it ourself :)
 skiptask partition
 
-repartition=true
+repartition=false
+
+# keyfiles generated like:
+# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
+luks_dir=/var/lib/fai/config/distro-install-common/luks
 
 letters=(a)
 
@@ -17,25 +21,40 @@ if ifclass VM; then
 else
     d=/dev/sd
 fi
+devs=()
+for letter in ${letters[@]}; do
+    devs+=($d$letter)
+done
 
 
 boot_end=504
 
 ! ifclass tp || letters=(a b)
 
-devs=()
+md() { ((${#letters[@]} > 1)); }
+
+if md; then
+    # if partition with md0, then reboot into the installer,
+    # it becomes md127. So might as well start with 127 for simplicity.
+    crypt=md127
+else
+    crypt=${d##/dev/}a3
+fi
+
+
 
 # 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
 swap_end=$(( $(grep ^MemTotal: /proc/meminfo| awk '{print $2}') * 3/(${#letters[@]} * 2 ) / 1000 + boot_end ))MiB
 
+shopt -s nullglob
 if $repartition; then
     mkdir -p /tmp/fai
-    for letter in ${letters[@]}; do
-        dev=$d$letter
-        devs+=($dev)
-        [[ -e $dev[0-9] ]] && for x in $dev[0-9]; do wipefs -a $x; done
+    for dev in ${devs[@]}; do
+        for x in /dev/md*; do [[ -d $x ]] || mdadm --stop $x; done
+        for x in $dev[0-9]; do wipefs -a $x; done
         parted -s $dev mklabel gpt
         # gpt ubuntu cloud image uses ~4. fai uses 1 MiB. ehh, i'll do 4.
+        # also, using MB instead of MiB causes complains about alignment.
         parted -s $dev mkpart primary "ext3" 4MB ${boot_end}MiB
         parted -s $dev set 1 boot on
         parted -s $dev mkpart primary "linux-swap" ${boot_end}MiB $swap_end
@@ -47,24 +66,21 @@ if $repartition; then
         sleep .1
         mkfs.ext4 -F ${dev}1
     done
-    if ((${#devs[@]} > 1)); then
-        crypt=md0
+    if md; then
         yes | mdadm --create /dev/$crypt --level=raid0 --force --run \
-              --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]]
-    else
-        crypt=${dev##/dev/}3
+                    --raid-devices=${#devs[@]} ${devs[@]/%/3} || [[ $? == 141 ]]
     fi
-    head -c 2048 /dev/urandom | od > /tmp/fai/crypt_dev_$crypt
-    yes YES | cryptsetup luksFormat /dev/$crypt /tmp/fai/crypt_dev_$crypt \
+
+    yes YES | cryptsetup luksFormat /dev/$crypt $luks_dir/host-$HOSTNAME \
                          -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
-    yes $(cat /var/lib/fai/config/distro-install-common/luks/traci) | \
+    yes $(cat $luks_dir/traci) | \
         cryptsetup luksAddKey --key-file \
-                   /tmp/fai/crypt_dev_$crypt /dev/$crypt || [[ $? == 141 ]]
+                   $luks_dir/host-$HOSTNAME /dev/$crypt || [[ $? == 141 ]]
     # this would remove the keyfile. we will do that manually later.
     #    yes 'test' | cryptsetup luksRemoveKey /dev/... \
         #                            /key/file || [[ $? == 141 ]]
     cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt --key-file \
-               /tmp/fai/crypt_dev_$crypt
+               $luks_dir/host-$HOSTNAME
     parted ${devs[0]} set 1 boot on
     mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt
     mount /dev/mapper/crypt_dev_$crypt /mnt
@@ -75,7 +91,22 @@ if $repartition; then
     cd /
     umount /mnt
 else
-    /var/lib/fai/config/distro-install-common/reset-btrfs-root
+    for dev in ${devs[@]}; do
+        mkfs.ext4 -F ${dev}1
+    done
+    yes $(cat $luks_dir/traci) | \
+        cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt || [[ $? == 141 ]]
+    sleep 1
+    mount -o subvolid=0 /dev/mapper/crypt_dev_$crypt /mnt
+    # systemd creates subvolumes we want to delete.
+    s=($(btrfs subvolume list --sort=-path /mnt |
+                sed -rn 's#^.*path\s*(root/\S+)\s*$#\1#p'))
+    for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done
+    btrfs subvolume set-default 0 /mnt
+    btrfs subvolume delete /mnt/root
+    btrfs subvolume create /mnt/root
+    btrfs subvolume set-default $(btrfs subvolume list /mnt | grep 'root$' | awk '{print $2}') /mnt
+    umount /mnt
 fi
 
 cat > /tmp/fai/crypttab <<EOF