blallo
/
mafalda_how_to
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
mafalda_how_to/guide_rosa.txt

219 lines
7.1 KiB
Plaintext
Raw Blame History

-------------------------------------
## HOST
Permit root login, disable ipv6, keyfile, install dropbear e configure (porta, fix ip) e upgrade initraf, script dentro initramfs blocca riavvio e fa partire bear, console su kernel
check backport in repository debian
# Install zfs
Site: https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Buster%20Root%20on%20ZFS.html#step-1-prepare-the-install-environment
Site: https://saveriomiroddi.github.io/Installing-Ubuntu-on-a-ZFS-root-with-encryption-and-mirroring/#procedure
echo "deb http://deb.debian.org/debian buster main contrib" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian buster-backports main contrib" >> /etc/apt/sources.list
apt-get update
apt install --yes gdisk dkms dpkg-dev linux-headers-$(uname -r)
apt install --yes -t buster-backports --no-install-recommends zfs-dkms
modprobe zfs
apt install --yes -t buster-backports zfsutils-linux
# Dropbear install
# Site: https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/
# Site: https://matt.ucc.asn.au/dropbear/dropbear.html
apt-get --yes install dropbear-initramfs
echo 'DROPBEAR_OPTIONS="-s -j -k -p 4747"' >> /etc/dropbear-initramfs/config
# Generate local key with ssh-keygen -t rsa -b 4096 and copy to machine
COPY_LOCAL_SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLkDWpZ9MfP47Q9gzapCRxwXCLdYT6zOid5ras7cdmuHZEDtCA/sSpn6Ro3g/EF8FaDNltG26NMnTV1q3hWY19hK1ukL6QMnCQ+SxeowQ7RcPV9kHuybA9VtIhfEBN3hyWmzm7S2G4tDZlF2cKRe9G6yTHiNVcQLoCSYULo6gFPw== hank@joe"
#echo "no-port-forwarding,no-agent-forwarding,no-x11-forwarding ssh-rsa $COPY_LOCAL_SSH_KEY" >> /etc/dropbear-initramfs/authorized_keys
echo "$COPY_LOCAL_SSH_KEY" >> /etc/dropbear-initramfs/authorized_keys
# IP-GATEWAY-NETMASK-DEVINAME (Insert network static ip server value)
echo 'IP="192.168.69.116::192.168.69.1:255.255.255.0::enp1s0:off"' >> /etc/initramfs-tools/initramfs.conf
file: /usr/share/initramfs-tools/scripts/local
search: local_mount_root
file: /usr/share/initramfs-tools/init
search: local_bottom
count_steps=0
max_steps=60 #Wait 1 hour and boot
while [ ! -f "/condor" ] && [ "$count_steps" -lt "$max_steps" ]
do
count_steps=$(( count_steps + 1))
sleep 60
echo "DROPBEAR ACTIVE $count_steps min."
done
echo "End"
update-initramfs -u
--- REBOOT --- (Access with dropbear)
## initramfs
mkdir /mnt
cd /root
cp -a bin boot etc home initrd.img initrd.img.old lib lib32 lib64 libx32 media mnt opt root sbin srv tmp usr var vmlinuz vmlinuz.old /mnt/
cd /
umount /root
mkdir /mnt/proc
mkdir /mnt/sys
mkdir /mnt/run
#mkdir /mnt/tmp
mkdir /mnt/dev
mount -o rbind /proc/ /mnt/proc/
mount -o rbind /sys/ /mnt/sys/
mount -o rbind /run/ /mnt/run/
mount -o rbind /dev/ /mnt/dev/
## chroot mode
chroot /mnt /bin/bash --login
modprobe zfs
# !!! Remember to copy boot directory
mount /dev/vda2 /mnt/
cp -a /mnt/* /boot/
umount /mnt
# !!! SET GOOD NAME DEVICE HD
first_disk_id="/dev/vda"
second_disk_id="/dev/vdb"
# Delete data on disk
sgdisk --zap-all $first_disk_id
sgdisk --zap-all $second_disk_id
# Partion Disk with uefi space
sgdisk -n1:1M:+512M -t1:EF00 $first_disk_id # EFI boot
sgdisk -n2:0:+512M -t2:BF01 $first_disk_id # Boot pool
sgdisk -n3:0:0 -t3:BF01 $first_disk_id # Root pool
sgdisk -n1:+512M:+512M -t1:BF01 $second_disk_id # Boot pool
sgdisk -n2:0:0 -t2:BF01 $second_disk_id # Root pool
# Check partition
sgdisk --print /dev/vda
sgdisk --print /dev/vdb
#Install manager fat file system for UEFI boot and format
apt-get install dosfstools
modprobe vfat
modprobe nls_cp437
modprobe nls_ascii
mkfs.fat -F 32 -n EFI ${first_disk_id}1
#Set variables
bpool_mirror_arg=${second_disk_id}1
encryption_options=(-O encryption=on -O keylocation=prompt -O keyformat=passphrase)
rpool_mirror_arg=${second_disk_id}2
zpool create "${encryption_options[@]}" -o ashift=12 -O acltype=posixacl -O compression=off -O dnodesize=auto -O relatime=on -O xattr=sa -O normalization=formD -O devices=off -O mountpoint=/ -R /mnt rpool mirror ${first_disk_id}3 $rpool_mirror_arg
zfs create -o canmount=noauto -o mountpoint=/ rpool/root
mkdir /mnt/boot
zpool create -d -o ashift=12 -O devices=off -O mountpoint=/boot -R /mnt/ bpool mirror ${first_disk_id}2 $bpool_mirror_arg
cp -rf --preserve=all bin boot etc home initrd.img initrd.img.old lib lib32 lib64 libx32 media opt root sbin srv usr var vmlinuz vmlinuz.old tmp /mnt/
mkdir /mnt/{dev,proc,sys,run}
exit # Esci da chroot
mount -o rbind /dev/ /mnt/mnt/dev/
mount -o rbind /sys/ /mnt/mnt/sys/
mount -o rbind /proc/ /mnt/mnt/proc/
mount -o rbind /run/ /mnt/mnt/run/
chroot /mnt/mnt/ /bin/bash --login
first_disk_id="/dev/vda"
# !!! Comment line /etc/fstab
sed -i "s/^/#/g" /etc/fstab
apt install --yes zfs-initramfs zfs-dkms grub-efi-amd64-signed shim-signed
echo PARTUUID=$(blkid -s PARTUUID -o value ${first_disk_id}1) /boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab
mkdir /boot/efi
# note modprobe nls_cp437 modprobe nls_ascii modprobe vfat
mount /dev/vda1 /boot/efi/
grub-install
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck
perl -i -pe 's/(GRUB_CMDLINE_LINUX=")/${1}root=ZFS=rpool /' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cat > /etc/systemd/system/zfs-import-bpool.service <<UNIT
[Unit]
DefaultDependencies=no
Before=zfs-import-scan.service
Before=zfs-import-cache.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zpool import -N -o cachefile=none bpool
[Install]
WantedBy=zfs-import.target
UNIT
systemctl enable zfs-import-bpool.service
# !!! grub.cfg remove quiet and console="ttyS0"
chmod u+w /boot/grub/grub.cfg
sed -i 's/quiet/console="ttyS0"/g' /boot/grub/grub.cfg
umount /boot/efi
umount /boot
zfs set mountpoint=legacy bpool
echo "bpool /boot zfs nodev,relatime,x-systemd.requires=zfs-import-bpool.service 0 0" >> /etc/fstab
echo RESUME=none > /etc/initramfs-tools/conf.d/resume
mount /boot
mount /boot/efi
# reconfigure initramfs
# clean script code from vi /usr/share/initramfs-tools/init
# modify /usr/share/initramfs-tools/scripts/zfs
ZFS_CMD="${ZPOOL} import -N ${ZPOOL_FORCE} ${ZPOOL_IMPORT_OPTS}"
ZFS_STDERR="$($ZFS_CMD "$pool" 2>&1)"
ZFS_ERROR="$?"
log_begin_msg "\nWait for Passowrd Encrypt Pool!!!\n"
#/sbin/zpool import -f rpool
#/sbin/zfs load-key -L prompt rpool
while [ ! -f "condor" ]
do
echo -e "Wathing for Key!\n"
sleep 60
done
/sbin/zfs set mountpoint=/root rpool
/sbin/zfs mount rpool
/sbin/zpool import -f bpool
/sbin/zfs set mountpoint=/root/boot bpool
KERNEL=`ls /usr/lib/modules/ | cut -d/ -f1 | sed 's/linux-image-//'`
update-initramfs -u -k $KERNEL
exit
# initramfs
sync
umount -l -r /boot/efi
umount -l -r /boot
umount -l -r /mnt/mnt/dev/
umount -l -r /mnt/mnt/proc
umount -l -r /mnt/mnt/sys
umount -l -r /mnt/mnt/run
umount -l -r /mnt/dev/
umount -l -r /mnt/proc
umount -l -r /mnt/sys
umount -l -r /mnt/run
umount -l -r /mnt/mnt
==== REBOOT AND LOGIN WITH DROPBEAR
ssh -c aes256-ctr -p 4747 root@HOST-IP
/sbin/zfs load-key -L prompt rpool && touch /condor
Reference in New Issue View Git Blame Copy Permalink