From: Ian Kelling <ian@iankelling.org>
Date: Sun, 14 Feb 2016 04:20:48 +0000 (-0800)
Subject: btrfs and raid the boot partition
X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=commitdiff_plain;h=3962448edf08228464cb1ad72095935f3308a3f8

btrfs and raid the boot partition
---

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index c45c4dc..c4514c5 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -46,8 +46,9 @@ bpart() {
 
 devs=(${letters[@]/#//dev/${d}})
 crypt_devs=(${letters[@]/#//dev/mapper/crypt_dev_${d}})
+first_boot_dev=${devs[0]}$bootn
 
-partition=true
+partition=false
 
 # somewhat crude detection of whether to partition
 for dev in ${devs[@]}; do
@@ -106,43 +107,32 @@ if $partition; then
         parted -s $dev set $bootn boot on # generally not needed on modern systems
         # the mkfs failed randomly on a vm, so I threw a sleep in here.
         sleep .1
-        mkfs.ext4 -F ${dev}1
-        # 3 is device which simply holds a key for the 4's,
-        # so we can unlock multi-device btrfs fs with 1 manually entered passphrase.
-        #
-        # Background: It's of course possible modify the initramfs to
-        # put the input from a passphrase prompt into a variable and use
-        # it to unlock multiple devices, but that would require figuring
-        # more things out.
+
+
+        luks_dev=$dev$rootn
+        yes YES | cryptsetup luksFormat $luks_dev $luks_dir/host-$HOSTNAME \
+                             -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+        yes "$lukspw" | \
+            cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
+                       $luks_dev || [[ $? == 141 ]]
+        # background: Keyfile and password are treated just
+        # like 2 ways to input a passphrase, so we don't actually need to have
+        # different contents of keyfile and passphrase, but it makes some
+        # security sense to a really big randomly generated passphrase
+        # as much as possible, so we have both.
         #
-        for luks_dev in ${dev}3; do
-            yes YES | cryptsetup luksFormat $luks_dev $luks_dir/host-$HOSTNAME \
-                                 -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
-            yes "$lukspw" | \
-                cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
-                           $luks_dev || [[ $? == 141 ]]
-            # background: Keyfile and password are treated just
-            # like 2 ways to input a passphrase, so we don't actually need to have
-            # different contents of keyfile and passphrase, but it makes some
-            # security sense to a really big randomly generated passphrase
-            # as much as possible, so we have both.
-            #
-            # This would remove the keyfile.
-            #    yes 'test' | cryptsetup luksRemoveKey /dev/... \
-                #                            /key/file || [[ $? == 141 ]]
-
-            cryptsetup luksOpen $luks_dev crypt_dev_${luks_dev##/dev/} \
-                       --key-file $luks_dir/host-$HOSTNAME
-        done
+        # This would remove the keyfile.
+        #    yes 'test' | cryptsetup luksRemoveKey /dev/... \
+            #                            /key/file || [[ $? == 141 ]]
+
+        cryptsetup luksOpen $luks_dev crypt_dev_${luks_dev##/dev/} \
+                   --key-file $luks_dir/host-$HOSTNAME
     done
-    #bpart ${devs[@]/%/$rootn}
-    bpart ${crypt_devs[@]/%/3}
-    parted ${devs[0]} set 1 boot on
+    bpart ${crypt_devs[@]/%/$rootn}
     mount $crypt /mnt
 else
     for dev in ${devs[@]}; do
-        mkfs.ext4 -F ${dev}1
-        cryptsetup luksOpen ${dev}3 crypt_dev_${dev##/dev/}3 \
+        cryptsetup luksOpen $dev$rootn crypt_dev_${dev##/dev/}$rootn \
                    --key-file $luks_dir/host-$HOSTNAME || [[ $? == 141 ]]
     done
     sleep 1
@@ -154,6 +144,8 @@ else
     btrfs subvolume set-default 0 /mnt
     btrfs subvolume delete /mnt/root
 fi
+bpart ${devs[@]/%/$bootn}
+
 
 ## create subvols ##
 cd /mnt
@@ -170,6 +162,13 @@ btrfs subvolume set-default \
 chattr -Rf +C root
 cd /
 umount /mnt
+mount $first_boot_dev /mnt
+cd /mnt
+btrfs subvolume create boot
+btrfs subvolume set-default \
+      $(btrfs subvolume list . | grep 'boot$' | awk '{print $2}') .
+cd /
+umount /mnt
 ## end create subvols ##
 
 
@@ -179,10 +178,9 @@ $crypt  /  btrfs  noatime,subvol=/root  0 0
 $crypt  /q  btrfs  noatime,subvol=/q  0 0
 /q/a  /a  none  bind  0 0
 $crypt  /home  btrfs  noatime,subvol=/home  0 0
-${devs[0]}1  /boot  ext4  noatime  0 2
+$first_boot_dev  /boot  btrfs  noatime,subvol=/boot  0 0
 EOF
 
-
 swaps=()
 for dev in ${devs[@]}; do
     s=crypt_swap_${dev##/dev/}$swapn
@@ -200,7 +198,7 @@ done
 # swaplist seems to do nothing.
 cat >/tmp/fai/disk_var.sh <<EOF
 ROOT_PARTITION=\${ROOT_PARTITION:-$crypt}
-BOOT_PARTITION=\${BOOT_PARTITION:-${devs[0]}1}
+BOOT_PARTITION=\${BOOT_PARTITION:-$first_boot_dev}
 BOOT_DEVICE=\${BOOT_DEVICE:-"${devs[0]}"}
 SWAPLIST=\${SWAPLIST:-"${swaps[@]}"}
 EOF