From 2a722bedf8b909fc33820a00569bed42772b61d9 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Wed, 21 Sep 2022 00:58:10 -0400 Subject: [PATCH] An almost automated ZFS install from Debian Live --- .gitignore | 2 + README.md | 9 ++ debianzfs.pkr.hcl | 51 +++++++++ debianzfs.sh | 270 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/setup.sh | 3 + 5 files changed, 335 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 debianzfs.pkr.hcl create mode 100644 debianzfs.sh create mode 100644 scripts/setup.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f3f5545 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +packer_cache +output \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..bdd49aa --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# Debian ZFS installation +## Development +`PKR_VAR_password=$(pwgen -s 8 1) packer build -color=false .` + +## Using `debianzfs.sh` +1. Download script +2. `chmod +x debianzfs.sh` +3. `./debianzfs.sh /dev/sdX` +4. Profit diff --git a/debianzfs.pkr.hcl b/debianzfs.pkr.hcl new file mode 100644 index 0000000..f23f939 --- /dev/null +++ b/debianzfs.pkr.hcl @@ -0,0 +1,51 @@ +# Set 'password' using shell var: PKR_VAR_password=$(pwgen -s 8 1) +variable "password" {} + +source "qemu" "bullseye-live" { + iso_url = "https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.5.0-amd64-standard.iso" + iso_checksum = "sha256:8172b188061d098080bb315972becbe9bd387c856866746cee018102cd00fc9b" + output_directory = "output" + shutdown_command = "echo 'packer' | sudo -S shutdown -P now" + disk_size = "5000M" + memory = 2048 + format = "qcow2" + accelerator = "kvm" + http_directory = "." + ssh_username = "user" + ssh_password = var.password + ssh_timeout = "5m" + vm_name = "debianzfs.qcow2" + net_device = "virtio-net" + disk_interface = "virtio" + boot_wait = "5s" + boot_command = [ + "", + "", + "sudo -i", + "read -s userpw", + "${var.password}", + "PASSWORD=$(echo $userpw | openssl passwd -1 -stdin)", + "usermod -p \"$PASSWORD\" user", + "apt-get update && apt-get install -y ssh && \\", + "systemctl start ssh && exit" + ] +} + +build { + name = "zfs" + sources = ["source.qemu.bullseye-live"] + + provisioner "file" { + source = "debianzfs.sh" + destination = "/tmp/debianzfs.sh" + } + + provisioner "shell" { + scripts = ["scripts/setup.sh"] + } + + provisioner "shell" { + inline = ["sudo /tmp/debianzfs.sh /dev/vda"] + } + +} diff --git a/debianzfs.sh b/debianzfs.sh new file mode 100644 index 0000000..8a47afc --- /dev/null +++ b/debianzfs.sh @@ -0,0 +1,270 @@ +#!/bin/bash +set -e + +# argv +DISK=$1 +ZFSHOST=$2 +[ -z "$ZFSHOST" ] && ZFSHOST="debianzfs" + +# Settings +export DEBIAN_FRONTEND=noninteractive +CODENAME="bullseye" +ZFSROOT="/mnt" + +# Confirm DISK choice +#if [ -n "$DISK" ]; then +# read -rp "You selected to OVERWRITE '${DISK}' as hostname '${ZFSHOST}', are you sure? [y/N] " yn +# echo "assuming yes lol" +#else +# echo "ERROR: No disk selected. Pass through a disk path, e.g., ./zfslive.sh /dev/sdX" +# exit 1; +#fi + +#case $yn in +# [yY] ) ;; +# * ) echo "ERROR: User aborted" +# exit 1;; +#esac + +# Stop on error +set -x + +# Is the DISK path a block device? +DISK_TYPE=$(file "${DISK}" | awk '{ print $2$3 }') +if [ "$DISK_TYPE" != "blockspecial" ]; then + echo "ERROR: Disk '${DISK}' is not a block device" + exit 1; +fi + +# Update sources list +SOURCES_LIST="/etc/apt/sources.list" +[ -f "$SOURCES_LIST" ] && mv "$SOURCES_LIST" "$SOURCES_LIST.$(date +%s).bak" +echo "deb http://deb.debian.org/debian/ ${CODENAME} main contrib" > "$SOURCES_LIST" +apt-get update + +# Install ZFS (and pwgen) +apt-get install -y debootstrap gdisk pwgen zfsutils-linux + +# Ensure swap isn't in use +swapoff --all + +# Partition +sgdisk -n2:1M:+512M -t2:EF00 "$DISK" +sgdisk -n3:0:+1G -t3:BF01 "$DISK" +sgdisk -n4:0:0 -t4:BF00 "$DISK" + +# Create boot pool +zpool create -f \ + -o ashift=12 \ + -o autotrim=on -d \ + -o cachefile=/etc/zfs/zpool.cache \ + -o feature@async_destroy=enabled \ + -o feature@bookmarks=enabled \ + -o feature@embedded_data=enabled \ + -o feature@empty_bpobj=enabled \ + -o feature@enabled_txg=enabled \ + -o feature@extensible_dataset=enabled \ + -o feature@filesystem_limits=enabled \ + -o feature@hole_birth=enabled \ + -o feature@large_blocks=enabled \ + -o feature@livelist=enabled \ + -o feature@lz4_compress=enabled \ + -o feature@spacemap_histogram=enabled \ + -o feature@zpool_checkpoint=enabled \ + -O devices=off \ + -O acltype=posixacl -O xattr=sa \ + -O compression=lz4 \ + -O normalization=formD \ + -O relatime=on \ + -O canmount=off -O mountpoint=/boot -R "$ZFSROOT" \ + bpool "${DISK}3" + +# Create root pool +ZFSPW="$(pwgen 8 2)" +echo "$ZFSPW" | \ +zpool create -f \ + -o ashift=12 \ + -o autotrim=on \ + -O encryption=on -O keylocation=prompt -O keyformat=passphrase \ + -O acltype=posixacl -O xattr=sa -O dnodesize=auto \ + -O compression=lz4 \ + -O normalization=formD \ + -O relatime=on \ + -O canmount=off -O mountpoint=/ -R "$ZFSROOT" \ + rpool "${DISK}4" +unset ZFSPW + +# Create filesystem datasets to act as containers +zfs create -o canmount=off -o mountpoint=none rpool/ROOT +zfs create -o canmount=off -o mountpoint=none bpool/BOOT + +# Create filesystem datasets for the root and boot filesystems +zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/debian +zfs mount rpool/ROOT/debian +zfs create -o mountpoint=/boot bpool/BOOT/debian + +# Create datasets +zfs create rpool/home +zfs create -o mountpoint=/root rpool/home/root +chmod 700 "$ZFSROOT/root" +zfs create -o canmount=off rpool/var +zfs create -o canmount=off rpool/var/lib +zfs create rpool/var/log +zfs create rpool/var/spool +zfs create -o com.sun:auto-snapshot=false rpool/var/cache +zfs create -o com.sun:auto-snapshot=false rpool/var/lib/nfs +zfs create -o com.sun:auto-snapshot=false rpool/var/tmp +chmod 1777 "$ZFSROOT/var/tmp" +zfs create -o canmount=off rpool/usr +zfs create rpool/usr/local +zfs create rpool/var/lib/AccountsService +zfs create rpool/var/lib/NetworkManager +zfs create -o com.sun:auto-snapshot=false rpool/var/lib/docker + +# Mount a tmpfs at /run +mkdir "$ZFSROOT/run" +mount -t tmpfs tmpfs /mnt/run +mkdir "$ZFSROOT/run/lock" + +# Install minimal system +debootstrap "$CODENAME" /mnt + +# Copy in zpool.cache +mkdir "$ZFSROOT/etc/zfs" +cp /etc/zfs/zpool.cache "$ZFSROOT/etc/zfs/" + +# Configure hostname +hostname "$ZFSHOST" +hostname > "$ZFSROOT/etc/hostname" +sed "/^127.0.0.1.*localhost/a 127.0.1.1\\t$ZFSHOST" "$ZFSROOT/etc/hosts" | tee "$ZFSROOT/etc/hosts" + +# Configure network device +NETWORK_DEVICES=$(ip a | awk '$1 ~ /^[0-9][:]/ {print substr($2, 0, length($2)-1)}') +while read -r INTER; do + if [ ! "$INTER" = "lo" ]; then + cat <<-EOF > "$ZFSROOT/etc/network/interfaces.d/$INTER" + auto ${INTER} + iface ${INTER} inet dhcp + EOF + fi +done <<< "$NETWORK_DEVICES" + +# Update sources list in ZFSROOT +ZFS_SOURCES_LIST="$ZFSROOT/etc/apt/sources.list" +[ -f "$ZFS_SOURCES_LIST" ] && mv "$ZFS_SOURCES_LIST" "$ZFS_SOURCES_LIST.$(date +%s).bak" +cat <<-EOF > "$ZFS_SOURCES_LIST" +deb http://deb.debian.org/debian ${CODENAME} main contrib +deb-src http://deb.debian.org/debian ${CODENAME} main contrib + +deb http://deb.debian.org/debian-security ${CODENAME}-security main contrib +deb-src http://deb.debian.org/debian-security ${CODENAME}-security main contrib + +deb http://deb.debian.org/debian ${CODENAME}-updates main contrib +deb-src http://deb.debian.org/debian ${CODENAME}-updates main contrib +EOF + +# Copy DISK var under ZFSROOT +echo "DISK=\$DISK" > "$ZFSROOT/var/tmp/zfsenv" + +# Bind the virtual filesystems from the LiveCD environment to the new system +mount --make-private --rbind /dev /mnt/dev +mount --make-private --rbind /proc /mnt/proc +mount --make-private --rbind /sys /mnt/sys + +# Chroot +cat << CHROOT | chroot /mnt bash --login +# Setup +set -ex +. /var/tmp/zfsenv +unset CDPATH +cd + +# Configure a basic system environment +export DEBIAN_FRONTEND=noninteractive +export LC_CTYPE=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 +ln -s /proc/self/mounts /etc/mtab +apt-get update +apt-get upgrade -y +apt-get install -y console-setup locales +dpkg-reconfigure locales tzdata keyboard-configuration console-setup +apt-get install -y dpkg-dev linux-headers-generic linux-image-generic zfs-initramfs +echo REMAKE_INITRD=yes > /etc/dkms/zfs.conf + +# Install Grub for UEFI +apt-get install -y dosfstools +echo REMAKE_INITRD=yes > /etc/dkms/zfs.conf +mkdosfs -F 32 -s 1 -n EFI "${DISK}2" +mkdir /boot/efi +echo "${DISK}2" /boot/efi vfat defaults 0 0 >> /etc/fstab +mount /boot/efi +apt-get install -y grub-efi-amd64 shim-signed +apt-get purge -y os-prober +ROOTPW=$(pwgen 8 1) +echo "root:\$ROOTPW" | chpasswd +unset ROOTPW + +# Add bpool import service +cat <<- BPOOL > /etc/systemd/system/zfs-import-bpool.service +[Unit] +DefaultDependencies=no +Before=zfs-import-scan.service +Before=zfs-import-cache.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/zpool import -N -o cachefile=none bpool +# Work-around to preserve zpool cache: +ExecStartPre=-/bin/mv /etc/zfs/zpool.cache /etc/zfs/preboot_zpool.cache +ExecStartPost=-/bin/mv /etc/zfs/preboot_zpool.cache /etc/zfs/zpool.cache + +[Install] +WantedBy=zfs-import.target +BPOOL + +# Enable importing bpool service +systemctl enable zfs-import-bpool.service + +# Mount a tmpfs to /tmp +cp /usr/share/systemd/tmp.mount /etc/systemd/system/ +systemctl enable tmp.mount + +# Verify that the ZFS boot filesystem is recognized +grub-probe /boot + +# Refresh the initrd files +update-initramfs -c -k all + +# Workaround GRUB's missing zpool-features support +cat /etc/default/grub +sed -i "s/^\(GRUB_CMDLINE_LINUX=\).*/\1\"root=ZFS=rpool\/ROOT\/debian\"/" /etc/default/grub +sed -i "s/^\(GRUB_CMDLINE_LINUX_DEFAULT=\).*/\1\"\"/" /etc/default/grub +sed -i '/GRUB_TERMINAL/s/^#//g' /etc/default/grub + +# Update the boot configuration +update-grub + +# Install GRUB to the ESP +grub-install --target=x86_64-efi --efi-directory=/boot/efi \ + --bootloader-id=debian --recheck --no-floppy + +# Fix filesystem mount ordering +mkdir /etc/zfs/zfs-list.cache +touch /etc/zfs/zfs-list.cache/bpool +touch /etc/zfs/zfs-list.cache/rpool +timeout 10 zed -F + +# Fix the paths to eliminate /mnt +sed -Ei "s|/mnt/?|/|" /etc/zfs/zfs-list.cache/* + +# Snapshot the initial installation +zfs snapshot bpool/BOOT/debian@install +zfs snapshot rpool/ROOT/debian@install +exit +CHROOT + +mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | \ + xargs -I{} umount -lf {} +zpool export -a +exit 0 \ No newline at end of file diff --git a/scripts/setup.sh b/scripts/setup.sh new file mode 100644 index 0000000..0f325d7 --- /dev/null +++ b/scripts/setup.sh @@ -0,0 +1,3 @@ +#!/bin/bash +sudo passwd -d user +sudo chmod u+x /tmp/debianzfs.sh