Clean zfs-related files

master
blallo 2 years ago
parent a543387976
commit 6bc49fed98
  1. 75
      create_pools.sh
  2. 218
      guide_rosa.txt
  3. 30
      install_zfsonlinux.sh
  4. 52
      zfs.patch

@ -1,75 +0,0 @@
#!/bin/bash
BY_ID=/dev/disk/by-id
DISK1=${BY_ID}/wwn-0x5000c5004fdf987b
DISK2=${BY_ID}/wwn-0x5000c5004fdfcad4
# Pre-clean
sgdisk --zap-all ${DISK1}
sgdisk --zap-all ${DISK2}
# Partitioning
sgdisk -n1:1M:+512M -t1:EF00 ${DISK1}
sgdisk -n2:0:+512M -t2:BF01 ${DISK1}
sgdisk -n3:0:0 -t3:BF01 ${DISK1}
sgdisk -n1:+512M:+512M -t1:BF01 ${DISK2}
sgdisk -n2:0:0 -t2:BF01 ${DISK2}
mkfs.vfat ${DISK1}-part1
# Verify
sgdisk --print ${DISK1}
sgdisk --print ${DISK2}
read -p "Are you sure? " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
fi
# Env
set -x
encryption_options=(-O encryption=on -O keylocation=prompt -O keyformat=passphrase)
bpool_mirror_arg=${DISK2}-part1
rpool_mirror_arg=${DISK2}-part2
#set +x
# Create ZFS pools
rm -rf /mnt/*
zpool create -f \
"${encryption_options[@]}" \
-o ashift=12 \
-O acltype=posixacl \
-O compression=off \
-O dnodesize=auto \
-O relatime=on \
-O xattr=sa \
-O normalization=formD \
-O devices=off \
-O mountpoint=/ \
-R /mnt \
rpool mirror ${DISK1}-part3 ${rpool_mirror_arg}
zfs create -o canmount=noauto -o mountpoint=/ rpool/root
mkdir -p /mnt/boot
zpool create \
-d -o ashift=12 \
-O devices=off \
-O mountpoint=/boot \
-R /mnt/ \
bpool mirror ${DISK1}-part2 ${bpool_mirror_arg}
mkdir -p /mnt/boot/efi
mount ${DISK1}-part1 /mnt/boot/efi

@ -1,218 +0,0 @@
-------------------------------------
## HOST
Permit root login, disable ipv6, keyfile, install dropbear e configure (porta, fix ip) e upgrade initraf, script dentro initramfs blocca riavvio e fa partire bear, console su kernel
check backport in repository debian
# Install zfs
Site: https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Buster%20Root%20on%20ZFS.html#step-1-prepare-the-install-environment
Site: https://saveriomiroddi.github.io/Installing-Ubuntu-on-a-ZFS-root-with-encryption-and-mirroring/#procedure
echo "deb http://deb.debian.org/debian buster main contrib" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian buster-backports main contrib" >> /etc/apt/sources.list
apt-get update
apt install --yes gdisk dkms dpkg-dev linux-headers-$(uname -r)
apt install --yes -t buster-backports --no-install-recommends zfs-dkms
modprobe zfs
apt install --yes -t buster-backports zfsutils-linux
# Dropbear install
# Site: https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/
# Site: https://matt.ucc.asn.au/dropbear/dropbear.html
apt-get --yes install dropbear-initramfs
echo 'DROPBEAR_OPTIONS="-s -j -k -p 4747"' >> /etc/dropbear-initramfs/config
# Generate local key with ssh-keygen -t rsa -b 4096 and copy to machine
COPY_LOCAL_SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLkDWpZ9MfP47Q9gzapCRxwXCLdYT6zOid5ras7cdmuHZEDtCA/sSpn6Ro3g/EF8FaDNltG26NMnTV1q3hWY19hK1ukL6QMnCQ+SxeowQ7RcPV9kHuybA9VtIhfEBN3hyWmzm7S2G4tDZlF2cKRe9G6yTHiNVcQLoCSYULo6gFPw== hank@joe"
#echo "no-port-forwarding,no-agent-forwarding,no-x11-forwarding ssh-rsa $COPY_LOCAL_SSH_KEY" >> /etc/dropbear-initramfs/authorized_keys
echo "$COPY_LOCAL_SSH_KEY" >> /etc/dropbear-initramfs/authorized_keys
# IP-GATEWAY-NETMASK-DEVINAME (Insert network static ip server value)
echo 'IP="192.168.69.116::192.168.69.1:255.255.255.0::enp1s0:off"' >> /etc/initramfs-tools/initramfs.conf
file: /usr/share/initramfs-tools/scripts/local
search: local_mount_root
file: /usr/share/initramfs-tools/init
search: local_bottom
count_steps=0
max_steps=60 #Wait 1 hour and boot
while [ ! -f "/condor" ] && [ "$count_steps" -lt "$max_steps" ]
do
count_steps=$(( count_steps + 1))
sleep 60
echo "DROPBEAR ACTIVE $count_steps min."
done
echo "End"
update-initramfs -u
--- REBOOT --- (Access with dropbear)
## initramfs
mkdir /mnt
cd /root
cp -a bin boot etc home initrd.img initrd.img.old lib lib32 lib64 libx32 media mnt opt root sbin srv tmp usr var vmlinuz vmlinuz.old /mnt/
cd /
umount /root
mkdir /mnt/proc
mkdir /mnt/sys
mkdir /mnt/run
#mkdir /mnt/tmp
mkdir /mnt/dev
mount -o rbind /proc/ /mnt/proc/
mount -o rbind /sys/ /mnt/sys/
mount -o rbind /run/ /mnt/run/
mount -o rbind /dev/ /mnt/dev/
## chroot mode
chroot /mnt /bin/bash --login
modprobe zfs
# !!! Remember to copy boot directory
mount /dev/vda2 /mnt/
cp -a /mnt/* /boot/
umount /mnt
# !!! SET GOOD NAME DEVICE HD
first_disk_id="/dev/vda"
second_disk_id="/dev/vdb"
# Delete data on disk
sgdisk --zap-all $first_disk_id
sgdisk --zap-all $second_disk_id
# Partion Disk with uefi space
sgdisk -n1:1M:+512M -t1:EF00 $first_disk_id # EFI boot
sgdisk -n2:0:+512M -t2:BF01 $first_disk_id # Boot pool
sgdisk -n3:0:0 -t3:BF01 $first_disk_id # Root pool
sgdisk -n1:+512M:+512M -t1:BF01 $second_disk_id # Boot pool
sgdisk -n2:0:0 -t2:BF01 $second_disk_id # Root pool
# Check partition
sgdisk --print /dev/vda
sgdisk --print /dev/vdb
#Install manager fat file system for UEFI boot and format
apt-get install dosfstools
modprobe vfat
modprobe nls_cp437
modprobe nls_ascii
mkfs.fat -F 32 -n EFI ${first_disk_id}1
#Set variables
bpool_mirror_arg=${second_disk_id}1
encryption_options=(-O encryption=on -O keylocation=prompt -O keyformat=passphrase)
rpool_mirror_arg=${second_disk_id}2
zpool create "${encryption_options[@]}" -o ashift=12 -O acltype=posixacl -O compression=off -O dnodesize=auto -O relatime=on -O xattr=sa -O normalization=formD -O devices=off -O mountpoint=/ -R /mnt rpool mirror ${first_disk_id}3 $rpool_mirror_arg
zfs create -o canmount=noauto -o mountpoint=/ rpool/root
mkdir /mnt/boot
zpool create -d -o ashift=12 -O devices=off -O mountpoint=/boot -R /mnt/ bpool mirror ${first_disk_id}2 $bpool_mirror_arg
cp -rf --preserve=all bin boot etc home initrd.img initrd.img.old lib lib32 lib64 libx32 media opt root sbin srv usr var vmlinuz vmlinuz.old tmp /mnt/
mkdir /mnt/{dev,proc,sys,run}
exit # Esci da chroot
mount -o rbind /dev/ /mnt/mnt/dev/
mount -o rbind /sys/ /mnt/mnt/sys/
mount -o rbind /proc/ /mnt/mnt/proc/
mount -o rbind /run/ /mnt/mnt/run/
chroot /mnt/mnt/ /bin/bash --login
first_disk_id="/dev/vda"
# !!! Comment line /etc/fstab
sed -i "s/^/#/g" /etc/fstab
apt install --yes zfs-initramfs zfs-dkms grub-efi-amd64-signed shim-signed
echo PARTUUID=$(blkid -s PARTUUID -o value ${first_disk_id}1) /boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab
mkdir /boot/efi
# note modprobe nls_cp437 modprobe nls_ascii modprobe vfat
mount /dev/vda1 /boot/efi/
grub-install
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck
perl -i -pe 's/(GRUB_CMDLINE_LINUX=")/${1}root=ZFS=rpool /' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cat > /etc/systemd/system/zfs-import-bpool.service <<UNIT
[Unit]
DefaultDependencies=no
Before=zfs-import-scan.service
Before=zfs-import-cache.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zpool import -N -o cachefile=none bpool
[Install]
WantedBy=zfs-import.target
UNIT
systemctl enable zfs-import-bpool.service
# !!! grub.cfg remove quiet and console="ttyS0"
chmod u+w /boot/grub/grub.cfg
sed -i 's/quiet/console="ttyS0"/g' /boot/grub/grub.cfg
umount /boot/efi
umount /boot
zfs set mountpoint=legacy bpool
echo "bpool /boot zfs nodev,relatime,x-systemd.requires=zfs-import-bpool.service 0 0" >> /etc/fstab
echo RESUME=none > /etc/initramfs-tools/conf.d/resume
mount /boot
mount /boot/efi
# reconfigure initramfs
# clean script code from vi /usr/share/initramfs-tools/init
# modify /usr/share/initramfs-tools/scripts/zfs
ZFS_CMD="${ZPOOL} import -N ${ZPOOL_FORCE} ${ZPOOL_IMPORT_OPTS}"
ZFS_STDERR="$($ZFS_CMD "$pool" 2>&1)"
ZFS_ERROR="$?"
log_begin_msg "\nWait for Passowrd Encrypt Pool!!!\n"
#/sbin/zpool import -f rpool
#/sbin/zfs load-key -L prompt rpool
while [ ! -f "condor" ]
do
echo -e "Wathing for Key!\n"
sleep 60
done
/sbin/zfs set mountpoint=/root rpool
/sbin/zfs mount rpool
/sbin/zpool import -f bpool
/sbin/zfs set mountpoint=/root/boot bpool
KERNEL=`ls /usr/lib/modules/ | cut -d/ -f1 | sed 's/linux-image-//'`
update-initramfs -u -k $KERNEL
exit
# initramfs
sync
umount -l -r /boot/efi
umount -l -r /boot
umount -l -r /mnt/mnt/dev/
umount -l -r /mnt/mnt/proc
umount -l -r /mnt/mnt/sys
umount -l -r /mnt/mnt/run
umount -l -r /mnt/dev/
umount -l -r /mnt/proc
umount -l -r /mnt/sys
umount -l -r /mnt/run
umount -l -r /mnt/mnt
==== REBOOT AND LOGIN WITH DROPBEAR
ssh -c aes256-ctr -p 4747 root@HOST-IP
/sbin/zfs load-key -L prompt rpool && touch /condor

@ -1,30 +0,0 @@
#!/bin/bash
echo -e "\e[31m\e[1mATTENTION\e[0m
This script will attempt to install the current ZFSonLinux release
which is available in the ZFSonLinux git repository to the Rescue
System. \e[31m\e[1mIf this script fails, do not contact Hetzner Support, as
it is provided AS-IS and Hetzner will not support the installation
or usage of ZFSonLinux due to License imcompatiblity (see below)\e[0m.
"
echo -e "\e[31m\e[1mLicenses of ZFS and Linux are incompatible\e[0m
ZFS is licensed under the Common Development and Distribution License (CDDL),
and the Linux kernel is licensed under the GNU General Public License Version 2
(GPL-2). While both are free open source licenses they are restrictive
licenses. The combination of them causes problems because it prevents using
pieces of code exclusively available under one license with pieces of code
exclusively available under the other in the same binary.
Please be aware that distributing of the binaries may lead to infringing.
Press \e[31m\e[1my\e[0m to accept this."
read -p "" -n 1 ;echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
cd $(mktemp -d)
wget $(curl -Ls https://api.github.com/repos/zfsonlinux/zfs/releases/latest| grep "browser_download_url.*tar.gz"|grep -E "tar.gz\"$"| cut -d '"' -f 4)
apt update && apt install libssl-dev uuid-dev zlib1g-dev libblkid-dev -y && tar xfv zfs*.tar.gz && rm *.tar.gz && cd zfs* && ./configure && make -j $(nproc) && make install && ldconfig && modprobe zfs || echo -e "\e[31m\e[1mInstall failed, please fix manually!\e[0m"

@ -1,52 +0,0 @@
diff --git a/tmp/zfs.script b/usr/share/initramfs-tools/scripts/zfs
index dbc4e253f11..a795fd39f60 100644
--- a/tmp/zfs.script
+++ b/usr/share/initramfs-tools/scripts/zfs
@@ -405,6 +405,8 @@ decrypt_fs()
ENCRYPTIONROOT="$(get_fs_value "${fs}" encryptionroot)"
KEYLOCATION="$(get_fs_value "${ENCRYPTIONROOT}" keylocation)"
+ echo "${ENCRYPTIONROOT}" > /run/zfs_fs_name
+
# If root dataset is encrypted...
if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
KEYSTATUS="$(get_fs_value "${ENCRYPTIONROOT}" keystatus)"
@@ -418,6 +420,7 @@ decrypt_fs()
# Prompt with plymouth, if active
elif [ -e /bin/plymouth ] && /bin/plymouth --ping 2>/dev/null; then
+ echo "plymouth" > /run/zfs_console_askpwd_cmd
while [ $TRY_COUNT -gt 0 ]; do
plymouth ask-for-password --prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}" | \
$ZFS load-key "${ENCRYPTIONROOT}" && break
@@ -426,6 +429,7 @@ decrypt_fs()
# Prompt with systemd, if active
elif [ -e /run/systemd/system ]; then
+ echo "systemd-ask-password" > /run/zfs_console_askpwd_cmd
while [ $TRY_COUNT -gt 0 ]; do
systemd-ask-password "Encrypted ZFS password for ${ENCRYPTIONROOT}" --no-tty | \
$ZFS load-key "${ENCRYPTIONROOT}" && break
@@ -434,7 +438,8 @@ decrypt_fs()
# Prompt with ZFS tty, otherwise
else
- # Setting "printk" temporarily to "7" will allow prompt even if kernel option "quiet"
+ # Temporarily setting "printk" to "7" allows the prompt to appear even when the "quiet" kernel option has been used
+ echo "load-key" > /run/zfs_console_askpwd_cmd
storeprintk="$(awk '{print $1}' /proc/sys/kernel/printk)"
echo 7 > /proc/sys/kernel/printk
$ZFS load-key "${ENCRYPTIONROOT}"
@@ -964,6 +969,11 @@ mountroot()
mount_fs "$fs"
done
+ touch /run/zfs_unlock_complete
+ if [ -e /run/zfs_unlock_complete_notify ]; then
+ read zfs_unlock_complete_notify < /run/zfs_unlock_complete_notify
+ fi
+
# ------------
# Debugging information
if [ -n "${ZFS_DEBUG}" ]
Loading…
Cancel
Save