This commit is contained in:
Milan Meduna 2019-04-17 15:14:29 +02:00
parent 288bfe799a
commit c75f311eee
3 changed files with 22 additions and 21 deletions

View file

@ -9,10 +9,10 @@ setup-usl-mm
install zfs-utils and disable zpool auto-scrub,
change timezone to Prague,
crypt swap partition with ecryptfs-utils,
crypt some partition with dmcrypt to use with /var/lib/lxd and LXD ZFS storage,
crypt some partition with dmcrypt to use with /var/snap/lxd/common/lxd/* and LXD ZFS storage,
add some config to sysctl.conf,
disable lxd service,
delete everything in /var/lib/lxd/*,
disable snapd.lxd service,
delete everything in /var/snap/lxd/common/lxd/*,
delete netplan, install ifupdown,
configure bridged networking (you can put LXD container to your network simple by add br0 to container),
create zpool with ashift=12,
@ -23,18 +23,16 @@ create /root/onstart script to decrypt crypted parition with password and start
reboot
2. Post-reboot script ->
for sure, stop lxd service and delete everything in /var/lib/lxd/*,
for sure, stop snapd.lxd service and delete everything in /var/snap/lxd/common/lxd/*,
exec /root/onstart to decrypt partition and import zpool,
configure LXD to use encrypted partition as storage,
add some config to /root/.screenrc (for gnuscreen utility),
install htop mc zfsnap smartmontools and screen
3. Install uptrack-upgrade ->
install ksplice tool for kernel live patching
__Requirements:__
Fresh installation of Ubuntu 18.04.1, swap partition and some paritition to crypted data
Fresh installation of Ubuntu 19.04, swap partition and some paritition to crypted data

View file

@ -50,15 +50,15 @@ zfs create crypt/lxd/dir
zfs create crypt/lxd/storage
echo "Stopping and disabling lxd"
systemctl disable lxd
systemctl disable lxd.socket
systemctl stop lxd
systemctl disable snap.lxd.daemon
systemctl disable snap.lxd.daemon.unix.socket
systemctl stop snap.lxd.daemon
echo "Deleting everything in /var/lib/lxd/*"
rm /var/lib/lxd/* -r
echo "Deleting everything in /var/snap/lxd/common/lxd/*"
rm /var/snap/lxd/common/lxd/* -r
echo "Creating mountpoint /var/lib/lxd to crypt/lxd/dir"
zfs set mountpoint=/var/lib/lxd crypt/lxd/dir
echo "Creating mountpoint /var/snap/lxd/common/lxd to crypt/lxd/dir"
zfs set mountpoint=/var/snap/lxd/common/lxd crypt/lxd/dir
echo "Configuring sysctl"
echo "vm.swappiness = 1" > /etc/sysctl.d/50-usl-mm.conf
@ -110,11 +110,14 @@ echo "else" >> /root/onstart
echo "echo \"Passwords not match!\"" >> /root/onstart
echo "exit 1" >> /root/onstart
echo "fi" >> /root/onstart
echo "echo \"Stopping LXD snap daemon and deleting /var/snap/lxd/common/lxd/*\"" >> /root/onstart
echo "systemctl stop snap.lxd.daemon" >> /root/onstart
echo "rm /var/snap/lxd/common/lxd/* -rf" >> /root/onstart
echo "echo \"Opening encrypted partition\"" >> /root/onstart
echo "echo \$pass_var | cryptsetup open $PARTITION crypt -c -" >> /root/onstart
echo "partprobe" >> /root/onstart
echo "zpool import -d /dev/mapper crypt -f -m" >> /root/onstart
echo "systemctl start lxd" >> /root/onstart
echo "systemctl start snap.lxd.daemon" >> /root/onstart
chmod +x /root/onstart
read -p "Press any key for reboot"
@ -122,9 +125,9 @@ reboot
}
post_reboot_script () {
echo "Stopping lxd and delete /var/lib/lxd/*"
systemctl stop lxd
rm /var/lib/lxd/* -r
echo "Stopping lxd and delete /var/snap/lxd/common/lxd/*"
systemctl stop snap.lxd.daemon
rm /var/snap/lxd/common/lxd/* -r
echo "Executing /root/onstart"
bash /root/onstart

View file

@ -1,6 +1,6 @@
#!/bin/bash
echo "deb http://archive.ubuntu.com/ubuntu bionic main universe" > /etc/apt/sources.list
echo "deb http://archive.ubuntu.com/ubuntu bionic-security main universe" >> /etc/apt/sources.list
echo "deb http://archive.ubuntu.com/ubuntu bionic-updates main universe" >> /etc/apt/sources.list
echo "deb http://archive.ubuntu.com/ubuntu disco main universe" > /etc/apt/sources.list
echo "deb http://archive.ubuntu.com/ubuntu disco-security main universe" >> /etc/apt/sources.list
echo "deb http://archive.ubuntu.com/ubuntu disco-updates main universe" >> /etc/apt/sources.list
apt update
apt install dialog