From 6d2ea3b7342187b1d5209f1d1efef79427471c80 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Tue, 21 Jun 2016 14:23:30 +0200 Subject: [PATCH 1/1] Initial import --- .gitignore | 4 ++ config/distcook.conf | 2 + config/imgnames.conf | 3 + config/loop.conf | 4 ++ config/luks.conf | 2 + config/mdnames.conf | 6 ++ config/mountpoint.conf | 2 + config/virtualbox.conf | 2 + genimg | 62 +++++++++++++++++++ lib/boot.sh | 58 ++++++++++++++++++ lib/device.sh | 105 ++++++++++++++++++++++++++++++++ lib/export.sh | 132 +++++++++++++++++++++++++++++++++++++++++ lib/free.sh | 17 ++++++ lib/mkfs.sh | 15 +++++ lib/root.sh | 14 +++++ lib/sync.sh | 8 +++ 16 files changed, 436 insertions(+) create mode 100644 .gitignore create mode 100644 config/distcook.conf create mode 100644 config/imgnames.conf create mode 100644 config/loop.conf create mode 100644 config/luks.conf create mode 100644 config/mdnames.conf create mode 100644 config/mountpoint.conf create mode 100644 config/virtualbox.conf create mode 100755 genimg create mode 100644 lib/boot.sh create mode 100644 lib/device.sh create mode 100644 lib/export.sh create mode 100644 lib/free.sh create mode 100644 lib/mkfs.sh create mode 100644 lib/root.sh create mode 100644 lib/sync.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7c13094 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +config/root.conf +lib/config.sh +root +root.conf diff --git a/config/distcook.conf b/config/distcook.conf new file mode 100644 index 0000000..f2fefc3 --- /dev/null +++ b/config/distcook.conf @@ -0,0 +1,2 @@ +# Set here distcook path +DISTCOOK='../distcook' diff --git a/config/imgnames.conf b/config/imgnames.conf new file mode 100644 index 0000000..728c15b --- /dev/null +++ b/config/imgnames.conf @@ -0,0 +1,3 @@ +# sda img names +SDA='root/sda.img' +SDB='root/sdb.img' diff --git a/config/loop.conf b/config/loop.conf new file mode 100644 index 0000000..09aa460 --- /dev/null +++ b/config/loop.conf @@ -0,0 +1,4 @@ +# Loop A +LOOPA='/dev/loop0' +# Loop B +LOOPB='/dev/loop1' diff --git a/config/luks.conf b/config/luks.conf new file mode 100644 index 0000000..b46c774 --- /dev/null +++ b/config/luks.conf @@ -0,0 +1,2 @@ +# Luks password (apg -m 32 -x 32 -a 0 -d -n 1) +LUKSPASSWORD=`apg -m 32 -x 32 -a 0 -d -n 1` diff --git a/config/mdnames.conf b/config/mdnames.conf new file mode 100644 index 0000000..d22a708 --- /dev/null +++ b/config/mdnames.conf @@ -0,0 +1,6 @@ +# boot md names +MDBOOT='mdboot' +# slash md names +MDSLASH='mdslash' +# data md names +MDDATA='mddata' diff --git a/config/mountpoint.conf b/config/mountpoint.conf new file mode 100644 index 0000000..d0def73 --- /dev/null +++ b/config/mountpoint.conf @@ -0,0 +1,2 @@ +# mount point +MOUNTPOINT='/media/slash' diff --git a/config/virtualbox.conf b/config/virtualbox.conf new file mode 100644 index 0000000..d56e489 --- /dev/null +++ b/config/virtualbox.conf @@ -0,0 +1,2 @@ +# VirtualBox hard disk directory +VBHDDIR='virtualbox' diff --git a/genimg b/genimg new file mode 100755 index 0000000..9091ac2 --- /dev/null +++ b/genimg @@ -0,0 +1,62 @@ +#! /bin/sh -xe + +# Export safe locale +export LC_ALL=C + +# Get distcook path +. config/distcook.conf + +# Copy distcook root config +cp $DISTCOOK/root.conf config/ + +# Extract configuration +echo '#! /bin/sh -e' > lib/config.sh +cat config/*.conf | perl -pne 'if (/^#/) {undef $_;} else {s/^/export /}' >> lib/config.sh + +# Source config +. lib/config.sh + +# Test mapper entries +if [ -f "/dev/mapper/$SLASHNAME" -o -f "/dev/mapper/$DATANAME" ]; then + echo "Mapper name already exists, try to run:" + echo "cryptsetup close $SLASHNAME" + echo "cryptsetup close $DATANAME" + exit 1 +fi + +# Test loopa and loopb +if [ `losetup ${LOOPA} >/dev/null 2>&1; echo $?` -ne 1 -o `losetup ${LOOPB} >/dev/null 2>&1; echo $?` -ne 1 ]; then + echo "Loopa or loopb already exists, try to run:" + echo "mdadm -S /dev/md/$MDBOOT" + echo "mdadm -S /dev/md/$MDSLASH" + echo "mdadm -S /dev/md/$MDDATA" + echo "losetup -d ${LOOPA}" + echo "losetup -d ${LOOPB}" + exit 1 +fi + +# Create root dir +if [ ! -d "$PWD/root" ]; then + mkdir "$PWD/root" +fi + +# Device creation +. lib/device.sh + +# Fs creation +. lib/mkfs.sh + +# Setup root +. lib/root.sh + +# Sync data +. lib/sync.sh + +# Setup boot +. lib/boot.sh + +# Free resources +. lib/free.sh + +# Export config +. lib/export.sh diff --git a/lib/boot.sh b/lib/boot.sh new file mode 100644 index 0000000..021a384 --- /dev/null +++ b/lib/boot.sh @@ -0,0 +1,58 @@ +#! /bin/sh -e + +# Bind mount /dev +mount --bind /dev ${MOUNTPOINT}/dev + +# Backup old mtab +mv ${MOUNTPOINT}/etc/mtab ${MOUNTPOINT}/etc/mtab.orig + +# Create new mtab +#cat /proc/self/mounts | grep -E '^(/dev/m|devtmpfs)' | perl -pne 's%/media(/?)%$1%' | sort | uniq > /media/etc/mtab +perl -pne "/^(devtmpfs \\/dev|\\/dev\\/(md|dm|mapper))/ || undef \$_; s%${MOUNTPOINT}/?%/%" /proc/self/mounts > ${MOUNTPOINT}/etc/mtab + +# Backup old device.map +mv ${MOUNTPOINT}/boot/grub/device.map ${MOUNTPOINT}/boot/grub/device.map.orig + +# Install grub +for i in $LOOPB $LOOPA; do + # Create new device map + echo "(hd0) $i" > ${MOUNTPOINT}/boot/grub/device.map + + # Fix grub + #XXX: e2fs_stage1_5 is 20 sectors embedded, but it fail with gpt + #XXX: we use install command directly instead of setup (hd0) because it fail with loop + cat << EOF | chroot ${MOUNTPOINT} grub --device-map=/boot/grub/device.map +root (hd0,0) +install --stage2=/boot/grub/stage2 /grub/stage1 (hd0) /grub/stage2 p /grub/menu.lst +EOF +done + +# Restore old device.map +mv -f ${MOUNTPOINT}/boot/grub/device.map.orig ${MOUNTPOINT}/boot/grub/device.map + +# Bind mount /proc +mount --bind /proc ${MOUNTPOINT}/proc + +# Bind mount /sys +mount --bind /sys ${MOUNTPOINT}/sys + +# Extract last kernel version +KVER=`chroot ${MOUNTPOINT} rpm -qa | perl -pne '/kernel-server-latest/||undef $_;s%^kernel-(server)-latest-([^-]+)-(.+)$%\2-\1-\3%'` +# Regenerate initrd +#XXX: force non hostonly else it don't store commandline : rd.luks.uuid rd.md.uuid ip=dhcp rd.neednet=1 +DRACUT_SKIP_FORCED_NON_HOSTONLY=1 chroot ${MOUNTPOINT} mkinitrd -f /boot/initrd-${KVER}.img ${KVER} + +# Umount dev +umount ${MOUNTPOINT}/sys + +# Umount dev +umount ${MOUNTPOINT}/proc + +# Umount dev +umount ${MOUNTPOINT}/dev + +# Reset mtab +mv -f ${MOUNTPOINT}/etc/mtab.orig ${MOUNTPOINT}/etc/mtab + +# Umount boot +umount ${MOUNTPOINT}/boot diff --git a/lib/device.sh b/lib/device.sh new file mode 100644 index 0000000..1957287 --- /dev/null +++ b/lib/device.sh @@ -0,0 +1,105 @@ +#! /bin/sh -e + +# Handle both devices +for i in ${SDA} ${SDB}; do + # Create empty file of 8GB + dd if=/dev/zero of=${i} bs=$((8192*1024)) count=1024 + # Create partition table + #XXX: we generate gpt table then fake mbr compat one + cat << EOF | fdisk ${i} +g +n +1 +2048 ++256M +t +29 +n +2 +526336 ++4G +t +2 +29 +n +3 +8914944 ++2G +t +3 +19 +n +4 +13109248 +16777182 +t +4 +29 +x +A +1 +M +r +d +n +p +1 +2048 ++256M +t +fd +n +p +2 +526336 ++4G +t +2 +fd +n +p +3 +8914944 ++2G +t +3 +82 +n +p +13109248 +16777182 +t +4 +fd +a +1 +p +x +M +r +p +w +EOF + # Add it with partition scan + losetup -f -P ${i} +done + +# Create raids +mdadm --create /dev/md/${MDBOOT} --level=1 --metadata=0.90 --homehost=${NETHOSTNAME} --name=${MDBOOT} --assume-clean --raid-devices=2 ${LOOPA}p1 ${LOOPB}p1 +mdadm --create /dev/md/${MDSLASH} --level=1 --metadata=default --homehost=${NETHOSTNAME} --name=${MDSLASH} --assume-clean --raid-devices=2 ${LOOPA}p2 ${LOOPB}p2 +mdadm --create /dev/md/${MDDATA} --level=1 --metadata=default --homehost=${NETHOSTNAME} --name=${MDDATA} --assume-clean --raid-devices=2 ${LOOPA}p4 ${LOOPB}p4 + +# Create slash luks partition +#XXX: low iter time, should need around 100000 minimum +echo -n $LUKSPASSWORD | cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --iter-time 2000 --use-urandom --uuid ${LUKSSLASHUUID} -d - --batch-mode luksFormat /dev/md/${MDSLASH} + +# Open luks partition +echo -n $LUKSPASSWORD | cryptsetup -d - --batch-mode luksOpen /dev/md/${MDSLASH} ${SLASHNAME} + +# Create data luks partition +#XXX: low iter time, should need around 100000 minimum +echo -n $LUKSPASSWORD | cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --iter-time 2000 --use-urandom --uuid ${LUKSDATAUUID} -d - --batch-mode luksFormat /dev/md/${MDDATA} + +# Open luks partition +echo -n $LUKSPASSWORD | cryptsetup -d - --batch-mode luksOpen /dev/md/${MDDATA} ${DATANAME} + diff --git a/lib/export.sh b/lib/export.sh new file mode 100644 index 0000000..9e16189 --- /dev/null +++ b/lib/export.sh @@ -0,0 +1,132 @@ +#! /bin/sh -e + +# Clear config +cat /dev/null > root.conf + +# Append every config parameters +for i in `cat config/*.conf | perl -pne 'undef $_ if /^#/; s/=.*$//'`; do + echo "$i='$(eval echo \$$i)'" | tee -a root.conf +done + +# Virtualbox doc +cat << EOF > root/virtualbox +# VirtualBox disk creation commands +VBoxManage internalcommands createrawvmdk -filename '$VBHDDIR/sda.vmdk' -rawdisk '${PWD}/${SDA}' +VBoxManage internalcommands createrawvmdk -filename '$VBHDDIR/sdb.vmdk' -rawdisk '${PWD}/${SDB}' + +Fix ownership of '${PWD}/${SDA}', '${PWD}/${SDB}', '${VBHDDIR}/sda.vmdk' and '${VBHDDIR}/sdb.vmdk' if you to use these as user + +# VirtualBox configuration +Go in file/preferences.../network/host-only networks" >> root.virtualbox +Add a new host-only networkd IPv4=${NETGATEWAY4}/IPv4 Mask=255.255.255.0/IPv6=${NETGATEWAY6}/IPv6 Mask=64/DHCP Server=disabled" >> root.virtualbox + +# Virtual Machine Configuration +Create a new virtual machine : Type=Linux/Version=Mageia(${ARCH})/Do not add a virtual hard disk +Open the settings of the virtual machine + +Section Storage +In controller SATA click on add hard disk, select choose existing disk, sda.vmdk, same with sdb.vmdk + +Section Network +Change 'Attached to' to 'Host-only adapter' +Under advanced change MAC Address to ${NETMAC} +EOF + +# Dhcpd.conf +cat << EOF > root/dhcpd.conf +# No ddns update +ddns-update-style none; + +# Set domain name +option domain-name "${NETHOSTNAME#*.}"; + +# Set server name +option domain-name-servers ${NETDNS/ /, }; + +# Set least timings +default-lease-time 600; +max-lease-time 1050; + +# ${NETADDRESS4%.*}.0/${NETADDRESS4#*/} subnet +subnet ${NETADDRESS4%.*}.0 netmask 255.255.255.0 { + # default gateway + option routers ${NETGATEWAY4}; +} + +host virtualbox { + hardware ethernet ${NETMAC}; + fixed-address ${NETADDRESS4%/*}; +} +EOF + +# Dhcpd6.conf +cat << EOF > root/dhcpd6.conf +# No ddns update +ddns-update-style none; + +# Set least timings +default-lease-time 600; +max-lease-time 7200; + +# Enable RFC 5007 support (same than for DHCPv4) +allow leasequery; + +# vboxnet0 shared network +shared-network vboxnet0 { + # Set domain name + option domain-name "${NETHOSTNAME#*.}"; + + # Set server name +# option dhcp6.name-servers ${NETGATEWAY6}; + + # private ${NETADDRESS6%::*}::/${NETADDRESS6#*/} subnet + subnet6 ${NETADDRESS6%::*}::/${NETADDRESS6#*/} { + # Default range + range6 ${NETADDRESS6%::*}::2 ${NETADDRESS6%::*}::ffff:ffff; + } + + # shared fe80::/64 subnet + subnet6 fe80::/64 { + } +} + +host virtualbox { + # Client DUID + #XXX: only work for ipv4 : hardware ethernet ${NETMAC}; + #XXX: see journalctl -u dhcpd6.service to get virtualbox machine DUID + host-identifier option dhcp6.client-id 00:00:00:00:00:00:00:00:00:00:00:00:00:00; + # Set address + fixed-address6 ${NETADDRESS6%/*}; +} +EOF + +# Radvd.conf +cat << EOF > root/radvd.conf +# Radvd configuration +interface vboxnet0 +{ + # Announce at regular interval + AdvSendAdvert on; + # Start service even if vboxnet0 is missing + IgnoreIfMissing on; + # Force the configuration of client through dhcpv6 + AdvManagedFlag on; + AdvOtherConfigFlag on; + + prefix ${NETADDRESS6%::*}::/${NETADDRESS6#*/} { + # Announce that all address prefix are on-link + AdvOnLink on; + # Announce that the prefix can be used for autonomous address configuration + #XXX: off require a dhcpd6 configuration + AdvAutonomous off; + # Announce that the interface address is sent instead of network prefix + AdvRouterAddr off; + }; + + prefix ${NETGATEWAY6}/128 { + AdvOnLink on; + AdvAutonomous off; + AdvRouterAddr on; + }; +}; +EOF diff --git a/lib/free.sh b/lib/free.sh new file mode 100644 index 0000000..a01b368 --- /dev/null +++ b/lib/free.sh @@ -0,0 +1,17 @@ +#! /bin/sh -e + +# Umount slash +umount ${MOUNTPOINT} + +# Close slash luks partition +cryptsetup close ${SLASHNAME} +cryptsetup close ${DATANAME} + +# Stop raids +mdadm --manage /dev/md/${MDBOOT} -S +mdadm --manage /dev/md/${MDSLASH} -S +mdadm --manage /dev/md/${MDDATA} -S + +# Detach loops +losetup -d ${LOOPA} +losetup -d ${LOOPB} diff --git a/lib/mkfs.sh b/lib/mkfs.sh new file mode 100644 index 0000000..1ccc671 --- /dev/null +++ b/lib/mkfs.sh @@ -0,0 +1,15 @@ +#! /bin/sh -e + +# Create /boot on it +#XXX: it seems it's not possible to boot from ext4 or xfs V5 with grub-legacy anymore +mkfs.ext3 -L 'boot' -U ${BOOTUUID} /dev/md/${MDBOOT} + +# Create swap on it +mkswap -U ${SWAPAUUID} ${LOOPA}p3 +mkswap -U ${SWAPBUUID} ${LOOPB}p3 + +# Create filesystem +mkfs.btrfs -L 'slash' -U ${SLASHUUID} /dev/mapper/${SLASHNAME} + +# Create filesystem +mkfs.btrfs -L 'data' -U ${DATAUUID} /dev/mapper/${DATANAME} diff --git a/lib/root.sh b/lib/root.sh new file mode 100644 index 0000000..6f6af1e --- /dev/null +++ b/lib/root.sh @@ -0,0 +1,14 @@ +#! /bin/sh -e + +# Make mount point +mkdir -p ${MOUNTPOINT} + +# Mount slash filesystem +mount /dev/mapper/${SLASHNAME} ${MOUNTPOINT} + +# Make boot in mount point +mkdir -p ${MOUNTPOINT}/boot + +# Mount boot filesystem +mount /dev/md/${MDBOOT} ${MOUNTPOINT}/boot + diff --git a/lib/sync.sh b/lib/sync.sh new file mode 100644 index 0000000..1d1109d --- /dev/null +++ b/lib/sync.sh @@ -0,0 +1,8 @@ +#! /bin/sh -e + +# Rsync files (removed P option) +rsync --delete -aAX $DISTCOOK/root/ ${MOUNTPOINT}/ + +# Fix by hand /var/log/journal +#XXX: see warning about copy on write on btrfs filesystem +chattr +C ${MOUNTPOINT}/var/log/journal -- 2.41.1