milan/usl-mm
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

initial_manjaro

Browse source
This commit is contained in:
Milan Meduna 2019-07-06 23:16:01 +02:00
parent cfb9c2b5ed
commit e929bb9312
3 changed files with 50 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
README.md
View file

@ -1,40 +1,34 @@
__Features:__ __Features:__
setup-usl-mm_install_requirements -> setup-msl-mm_install_requirements ->
configure main and universe repo in sources.list,
install dialog utility install dialog utility
setup-usl-mm setup-msl-mm
1. Pre-reboot script -> 1. Pre-reboot script ->
install zfs-utils and disable zpool auto-scrub, install linux50-zfs,
change timezone to Prague, change timezone to Prague,
crypt swap partition with ecryptfs-utils, crypt swap partition with ecryptfs-utils,
crypt some partition with dmcrypt to use with /var/lib/lxd and LXD ZFS storage, crypt some partition with dmcrypt to use with /var/snap/lxd/common/lxd/* and LXD ZFS storage,
add some config to sysctl.conf, add some config to sysctl.conf,
disable lxd service, disable snapd.lxd service,
delete everything in /var/lib/lxd/*, delete everything in /var/snap/lxd/common/lxd/*,
delete netplan, install ifupdown,
configure bridged networking (you can put LXD container to your network simple by add br0 to container),
create zpool with ashift=12, create zpool with ashift=12,
set compression=on on crypted zpool, set compression=on on crypted zpool,
configure zfs cache min 256MB max 1536MB, configure zfs cache min 256MB max 1536MB,
do dist-upgrade,
create /root/onstart script to decrypt crypted parition with password and start lxd (you need start this script on every reboot), create /root/onstart script to decrypt crypted parition with password and start lxd (you need start this script on every reboot),
reboot reboot
2. Post-reboot script -> 2. Post-reboot script ->
for sure, stop lxd service and delete everything in /var/lib/lxd/*, for sure, stop snapd.lxd service and delete everything in /var/snap/lxd/common/lxd/*,
exec /root/onstart to decrypt partition and import zpool, exec /root/onstart to decrypt partition and import zpool,
configure LXD to use encrypted partition as storage, configure LXD to use encrypted partition as storage,
add some config to /root/.screenrc (for gnuscreen utility), add some config to /root/.screenrc (for gnuscreen utility),
install htop mc zfsnap smartmontools and screen install htop mc smartmontools and screen
3. Install uptrack-upgrade ->
install ksplice tool for kernel live patching
__Requirements:__ __Requirements:__
Fresh installation of Ubuntu 18.04.1, swap partition and some paritition to crypted data Fresh installation of Manjaro with linux50 kernel package, swap partition and some paritition to crypted data

93
setup-usl-mm
View file

@ -12,23 +12,22 @@ else
exit 1 exit 1
fi fi
echo "Exec ifconfig" echo "Doing pacman -Syy"
ifconfig pacman -Syy
read -p "Enter interface for configure bridge:" NET_IF
echo "Starting lsblk" echo "Starting lsblk"
lsblk lsblk
read -p "Enter partition to encrypt:" PARTITION read -p "Enter partition to encrypt:" PARTITION
echo "Installing requirements" echo "Installing requirements"
apt install cryptsetup ecryptfs-utils zfsutils-linux -y pacman -S --noconfirm cryptsetup ecryptfs-utils linux50-zfs parted
echo "Loading ZFS kernel module"
modprobe zfs
echo "Setting timezone to Prague" echo "Setting timezone to Prague"
timedatectl set-timezone Europe/Prague timedatectl set-timezone Europe/Prague
echo "Disabling zpool auto-scrub"
sed -i 's/^/#/' /etc/cron.d/zfsutils-linux
echo "Starting ecryptfs-setup-swap" echo "Starting ecryptfs-setup-swap"
ecryptfs-setup-swap -f ecryptfs-setup-swap -f
@ -49,16 +48,22 @@ zfs create crypt/lxd
zfs create crypt/lxd/dir zfs create crypt/lxd/dir
zfs create crypt/lxd/storage zfs create crypt/lxd/storage
echo "Install snapd and lxd"
pacman -S snapd --noconfirm
systemctl start snapd
sleep 5
snap install lxd
echo "Stopping and disabling lxd" echo "Stopping and disabling lxd"
systemctl disable lxd systemctl disable snap.lxd.daemon
systemctl disable lxd.socket systemctl disable snap.lxd.daemon.unix.socket
systemctl stop lxd systemctl stop snap.lxd.daemon
echo "Deleting everything in /var/lib/lxd/*" echo "Deleting everything in /var/snap/lxd/common/lxd/*"
rm /var/lib/lxd/* -r rm /var/snap/lxd/common/lxd/* -r
echo "Creating mountpoint /var/lib/lxd to crypt/lxd/dir" echo "Creating mountpoint /var/snap/lxd/common/lxd to crypt/lxd/dir"
zfs set mountpoint=/var/lib/lxd crypt/lxd/dir zfs set mountpoint=/var/snap/lxd/common/lxd crypt/lxd/dir
echo "Configuring sysctl" echo "Configuring sysctl"
echo "vm.swappiness = 1" > /etc/sysctl.d/50-usl-mm.conf echo "vm.swappiness = 1" > /etc/sysctl.d/50-usl-mm.conf
@ -69,35 +74,11 @@ echo "Configuring arc cache for zfs to min 256MB and max 1536MB"
echo "options zfs zfs_arc_min=268435456" > /etc/modprobe.d/zfs.conf echo "options zfs zfs_arc_min=268435456" > /etc/modprobe.d/zfs.conf
echo "options zfs zfs_arc_max=1610612736" >> /etc/modprobe.d/zfs.conf echo "options zfs zfs_arc_max=1610612736" >> /etc/modprobe.d/zfs.conf
echo "Doing update-initramfs -u" echo "Doing mkinitcpio -g /boot/initramfs-5.0-x86_64.img"
update-initramfs -u mkinitcpio -g /boot/initramfs-5.0-x86_64.img
echo "Configuring network to use bridge" echo "Doing pacman -Suu"
echo "auto lo" > /etc/network/interfaces pacman -Suu --noconfirm
echo "iface lo inet loopback" >> /etc/network/interfaces
echo " " >> /etc/network/interfaces
echo "iface $NET_IF inet manual" >> /etc/network/interfaces
echo "iface $NET_IF inet6 manual" >> /etc/network/interfaces
echo "auto br0" >> /etc/network/interfaces
echo "iface br0 inet dhcp" >> /etc/network/interfaces
echo " bridge_ports $NET_IF" >> /etc/network/interfaces
echo " bridge_stp off" >> /etc/network/interfaces
echo " bridge_fd 0" >> /etc/network/interfaces
echo " " >> /etc/network/interfaces
echo "iface br0 inet6 auto" >> /etc/network/interfaces
echo " bridge_ports $NET_IF" >> /etc/network/interfaces
echo " bridge_stp off" >> /etc/network/interfaces
echo " bridge_fd 0" >> /etc/network/interfaces
echo "Purging netplan,disabling dhcpcd and install ifupdown"
apt purge nplan -y
rm /etc/netplan/* -f
apt install bridge-utils ifupdown -y
echo "Doing apt update and apt dist-upgrade"
apt update
apt dist-upgrade -y
echo "Creating onstart script in /root" echo "Creating onstart script in /root"
echo "#!/bin/bash" > /root/onstart echo "#!/bin/bash" > /root/onstart
@ -110,11 +91,16 @@ echo "else" >> /root/onstart
echo "echo \"Passwords not match!\"" >> /root/onstart echo "echo \"Passwords not match!\"" >> /root/onstart
echo "exit 1" >> /root/onstart echo "exit 1" >> /root/onstart
echo "fi" >> /root/onstart echo "fi" >> /root/onstart
echo "echo \"Stopping LXD snap daemon and deleting /var/snap/lxd/common/lxd/*\"" >> /root/onstart
echo "systemctl stop snap.lxd.daemon" >> /root/onstart
echo "rm /var/snap/lxd/common/lxd/* -rf" >> /root/onstart
echo "echo \"Opening encrypted partition\"" >> /root/onstart echo "echo \"Opening encrypted partition\"" >> /root/onstart
echo "echo \$pass_var | cryptsetup open $PARTITION crypt -c -" >> /root/onstart echo "echo \$pass_var | cryptsetup open $PARTITION crypt -c -" >> /root/onstart
echo "partprobe" >> /root/onstart echo "partprobe" >> /root/onstart
echo "zpool import -d /dev/mapper crypt -f -m" >> /root/onstart echo "zpool import -d /dev/mapper crypt -f -m" >> /root/onstart
echo "systemctl start lxd" >> /root/onstart echo "systemctl start snapd" >> /root/onstart
echo "sleep 5" >> /root/onstart
echo "systemctl start snap.lxd.daemon" >> /root/onstart
chmod +x /root/onstart chmod +x /root/onstart
read -p "Press any key for reboot" read -p "Press any key for reboot"
@ -122,9 +108,9 @@ reboot
} }
post_reboot_script () { post_reboot_script () {
echo "Stopping lxd and delete /var/lib/lxd/*" echo "Stopping lxd and delete /var/snap/lxd/common/lxd/*"
systemctl stop lxd systemctl stop snap.lxd.daemon
rm /var/lib/lxd/* -r rm /var/snap/lxd/common/lxd/* -r
echo "Executing /root/onstart" echo "Executing /root/onstart"
bash /root/onstart bash /root/onstart
@ -168,7 +154,7 @@ echo "scrollback 5000" >> /root/.screenrc
echo "hardstatus string \"%{=b kw} %?%-Lw%?%{=br kw}[%n %t]%{=b kw}%?%+Lw%? %= %c\"" >> /root/.screenrc echo "hardstatus string \"%{=b kw} %?%-Lw%?%{=br kw}[%n %t]%{=b kw}%?%+Lw%? %= %c\"" >> /root/.screenrc
echo "Install utilities" echo "Install utilities"
apt install -y mc htop screen zfsnap smartmontools pacman -S --noconfirm mc htop screen smartmontools
echo "Set max processes to 1500 in default profile in LXD" echo "Set max processes to 1500 in default profile in LXD"
lxc profile set default limits.processes 1500 lxc profile set default limits.processes 1500
@ -178,11 +164,12 @@ main_menu
} }
install_uptrack () { install_uptrack () {
cd /tmp #cd /tmp
wget https://ksplice.oracle.com/uptrack/dist/bionic/ksplice-uptrack.deb #wget https://ksplice.oracle.com/uptrack/dist/bionic/ksplice-uptrack.deb
apt install libgtk2-perl dbus-x11 libglade2-0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib python python-cairo python-dbus python-gi python-glade2 python-gobject-2 python-gtk2 python-minimal python-pycurl python-yaml python2.7 python2.7-minimal -y #apt install libgtk2-perl dbus-x11 libglade2-0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib python python-cairo python-dbus python-gi python-glade2 python-gobject-2 python-gtk2 python-minimal python-pycurl python-yaml python2.7 python2.7-minimal -y
dpkg -i ksplice-uptrack.deb #dpkg -i ksplice-uptrack.deb
read -p "Done, press any key to return to main menu" #read -p "Done, press any key to return to main menu"
echo "NOT WORKING"
main_menu main_menu
} }
@ -191,7 +178,7 @@ main_menu () {
options=( options=(
1 "Pre-reboot script" 1 "Pre-reboot script"
2 "Post-reboot script" 2 "Post-reboot script"
3 "Install uptrack-upgrade" 3 "Install uptrack-upgrade - NOT WORK"
) )
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)

6
setup-usl-mm_install_requirements
View file

@ -1,6 +1,2 @@
#!/bin/bash #!/bin/bash
echo "deb http://archive.ubuntu.com/ubuntu bionic main universe" > /etc/apt/sources.list pacman -S dialog --noconfirm
echo "deb http://archive.ubuntu.com/ubuntu bionic-security main universe" >> /etc/apt/sources.list
echo "deb http://archive.ubuntu.com/ubuntu bionic-updates main universe" >> /etc/apt/sources.list
apt update
apt install dialog