tange/config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

ubuntu-20.04: Installation script.

Browse source
This commit is contained in:
Ole Tange 2020-05-09 17:47:28 +02:00
parent 2aa2229c5e
commit 095166fe6d
1 changed files with 236 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

236
ubuntu-20.04/install-zfs-luks.sh Normal file
View file

@ -0,0 +1,236 @@
#!/bin/bash
# Boot Live CD
# Start terminal
# sudo su -
# apt update
# apt install openssh-server
# passwd ubuntu
password=${password:-MyLUKSPassword}
hostname=${hostname:-myhostname}
DISK=${DISK:-/dev/disk/by-id/ata-ST1000LM024_HN-M101MBB_S2R8JX0D400082}
export password
export DISK
install_build_software() {
apt-add-repository universe
apt update
apt install --yes debootstrap gdisk zfs-initramfs cryptsetup-bin
}
partitiondisk() {
sgdisk --zap-all $DISK
sgdisk -n2:1M:+512M -t2:EF00 $DISK
sgdisk -a 4096 -n3:0:+2G -t3:BF01 $DISK
# TODO better way to find the max size rounded to 8192
sgdisk -a 4096 -n4:0:1953521663 -t4:8300 $DISK
fdisk -l $DISK
# Needed for partitiontable to be visible
sleep 5
}
setup_zpool_for_boot() {
zpool create -f -o ashift=12 -d \
-o feature@async_destroy=enabled \
-o feature@bookmarks=enabled \
-o feature@embedded_data=enabled \
-o feature@empty_bpobj=enabled \
-o feature@enabled_txg=enabled \
-o feature@extensible_dataset=enabled \
-o feature@filesystem_limits=enabled \
-o feature@hole_birth=enabled \
-o feature@large_blocks=enabled \
-o feature@lz4_compress=enabled \
-o feature@spacemap_histogram=enabled \
-o feature@userobj_accounting=enabled \
-o overlay=on \
-O acltype=posixacl -O canmount=off -O compression=lz4 -O devices=off \
-O normalization=formD -O relatime=on -O xattr=sa \
-O mountpoint=/ -R /mnt bpool ${DISK}-part3
}
setup_zpool_for_root() {
cryptsetup luksClose luks1
echo "$password" | cryptsetup -y -v luksFormat --sector-size 4096 \
--pbkdf-memory 4000000 --pbkdf argon2id --iter-time 3000 \
${DISK}-part4
echo "$password" | cryptsetup luksOpen ${DISK}-part4 luks1
zpool create -o ashift=12 \
-O acltype=posixacl -O canmount=off -O compression=lz4 \
-O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa \
-O mountpoint=/ -R /mnt rpool /dev/mapper/luks1
}
create_zfs_mounts() {
zfs create -o canmount=off -o mountpoint=none rpool/ROOT
zfs create -o canmount=off -o mountpoint=none bpool/BOOT
zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/ubuntu
zfs mount rpool/ROOT/ubuntu
zfs create -o canmount=noauto -o mountpoint=/boot bpool/BOOT/ubuntu
zfs mount bpool/BOOT/ubuntu
}
bootstrap_debian() {
debootstrap focal /mnt
# Do not allow device files in rpool (why?)
zfs set devices=off rpool
}
make_stage2() {
cat <<_stage2_eof >/mnt/stage2.sh
set_hostname() {
echo $hostname > etc/hostname
echo 127.0.1.1 $hostname >> etc/hosts
}
add_apt_sources() {
perl -pe 's/\s*$/\n/' <<EOF > etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu focal main universe
deb-src http://archive.ubuntu.com/ubuntu focal main universe
deb http://security.ubuntu.com/ubuntu focal-security main universe
deb-src http://security.ubuntu.com/ubuntu focal-security main universe
deb http://archive.ubuntu.com/ubuntu focal-updates main universe
deb-src http://archive.ubuntu.com/ubuntu focal-updates main universe
EOF
ln -s /proc/self/mounts /etc/mtab
apt update
locale-gen --purge "en_US.UTF-8"
update-locale LANG=en_US.UTF-8 LANGUAGE=en_US
dpkg-reconfigure --frontend noninteractive locales
#dpkg-reconfigure tzdata
}
install_initrd_tools() {
apt install --yes nano
apt install linux-modules-5.4.0-26-generic
apt install --yes --no-install-recommends linux-image-generic
apt install --yes zfs-initramfs
apt install --yes grub-efi-amd64
}
install_luks() {
apt install --yes cryptsetup
# Add LUKS device for root in /etc/crypttab
echo luks1 UUID=$(blkid -s UUID -o value ${DISK}-part4) none \
luks,discard,initramfs > /etc/crypttab
}
install_efi() {
umount /boot/efi
apt install dosfstools
mkdosfs -F 32 -s 1 -n EFI ${DISK}-part2
mkdir -p /boot/efi
echo PARTUUID=$(blkid -s PARTUUID -o value ${DISK}-part2) \
/boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab
mount /boot/efi
apt install --yes grub-efi-amd64-signed shim-signed
}
install_zfs_systemd_service() {
perl -pe 's/\s*$/\n/' <<EOF > /etc/systemd/system/zfs-import-bpool.service
[Unit]
DefaultDependencies=no
Before=zfs-import-scan.service
Before=zfs-import-cache.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zpool import -N -o cachefile=none bpool
[Install]
WantedBy=zfs-import.target
EOF
systemctl enable zfs-import-bpool.service
}
adduser_group() {
addgroup --system lpadmin
addgroup --system sambashare
echo "root:$password" | chpasswd
}
install_grub() {
grub-probe /boot
echo "### These are OK:"
echo " cryptsetup: ERROR: Couldn't resolve device rpool/ROOT/ubuntu"
echo " cryptsetup: WARNING: Couldn't determine root device"
update-initramfs -c -k all
(
echo GRUB_TERMINAL=console
echo GRUB_TIMEOUT=5
echo 'GRUB_CMDLINE_LINUX="root=ZFS=rpool/ROOT/ubuntu"'
echo GRUB_TIMEOUT_STYLE=''
echo 'GRUB_CMDLINE_LINUX_DEFAULT=""'
echo GRUB_TIMEOUT=5
) >>/etc/default/grub
update-grub
grub-install --target=x86_64-efi --efi-directory=/boot/efi \
--bootloader-id=ubuntu --recheck --no-floppy
}
ready_for_first_boot() {
zpool export bpool
zpool export rpool
echo "Now reboot"
echo "You may have to do this on first boot"
echo " zpool import -f bpool"
echo " zpool import -f rpool"
}
stage2() {
set_hostname
add_apt_sources
install_initrd_tools
install_luks
install_efi
install_zfs_systemd_service
adduser_group
install_grub
ready_for_first_boot
}
stage2
_stage2_eof
}
stage1() {
install_build_software
partitiondisk
setup_zpool_for_boot
setup_zpool_for_root
create_zfs_mounts
bootstrap_debian
make_stage2
}
doall() {
stage1
mount --rbind /dev /mnt/dev
mount --rbind /proc /mnt/proc
mount --rbind /sys /mnt/sys
chroot /mnt /usr/bin/env DISK=$DISK bash -x /stage2.sh
umount /mnt/boot || umount -l /mnt/boot
zpool export bpool || zpool export -f bpool
umount /mnt || umount -l /mnt
zpool export rpool || zpool export -f rpool
}