kris/debianzfs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: kris:main
Branches Tags
kris:main kris:testing
..
compare: kris:cef71d557a82a38021210edfd00f08cd86e671bf
Branches Tags
kris:main kris:testing

1 Commits
main ... cef71d557a

Author SHA1 Message Date
Kris Lamoureux
cef71d557a testing 2022-11-27 15:56:41 -05:00
4 changed files with 130 additions and 225 deletions
Expand all files Collapse all files

9
Makefile
View File

@@ -1,13 +1,6 @@
all: debianzfs.qcow2 all: debianzfs.qcow2
# Generate password debianzfs.qcow2: export PKR_VAR_password = "$(pwgen -s 8 1)"
debianzfs.qcow2: export PKR_VAR_password="$(pwgen -s 8 1)"
# Release info
debianzfs.qcow2: export PKR_VAR_release=12.0.0
debianzfs.qcow2: export PKR_VAR_codename=bookworm
debianzfs.qcow2: export PKR_VAR_sha256=fa3960f6f692fc60a43eec4362d60f754b4a246ab64aa662270dd879a946de84
debianzfs.qcow2: debianzfs.qcow2:
packer build -color=false . | tee debianzfs.log packer build -color=false . | tee debianzfs.log

16
debianzfs.pkr.hcl
View File

@@ -1,11 +1,9 @@
# Set 'password' using shell var: PKR_VAR_password=$(pwgen -s 8 1) # Set 'password' using shell var: PKR_VAR_password=$(pwgen -s 8 1)
variable "password" {} variable "password" {}
variable "release" {}
variable "sha256" {}
source "qemu" "debian-live" { source "qemu" "bullseye-live" {
iso_url = "https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-${var.release}-amd64-standard.iso" iso_url = "https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.5.0-amd64-standard.iso"
iso_checksum = "sha256:${var.sha256}" iso_checksum = "sha256:8172b188061d098080bb315972becbe9bd387c856866746cee018102cd00fc9b"
output_directory = "output" output_directory = "output"
shutdown_command = "echo 'packer' | sudo -S shutdown -P now" shutdown_command = "echo 'packer' | sudo -S shutdown -P now"
disk_size = "5000M" disk_size = "5000M"
@@ -21,7 +19,7 @@ source "qemu" "debian-live" {
disk_interface = "virtio" disk_interface = "virtio"
boot_wait = "5s" boot_wait = "5s"
boot_command = [ boot_command = [
"<enter><wait20>", "<enter><wait10>",
"<enter><wait>", "<enter><wait>",
"sudo -i<enter><wait>", "sudo -i<enter><wait>",
"read -s userpw<enter><wait>", "read -s userpw<enter><wait>",
@@ -35,11 +33,11 @@ source "qemu" "debian-live" {
build { build {
name = "zfs" name = "zfs"
sources = ["source.qemu.debian-live"] sources = ["source.qemu.bullseye-live"]
provisioner "file" { provisioner "file" {
source = "debianzfs.sh" source = "debianzfs.sh"
destination = "/tmp/debianzfs" destination = "/tmp/debianzfs.sh"
} }
provisioner "shell" { provisioner "shell" {
@@ -47,7 +45,7 @@ build {
} }
provisioner "shell" { provisioner "shell" {
inline = ["sudo /tmp/debianzfs -i -s0 -p 'changeme' -P 'letmeinzfs!' /dev/vda debianzfs"] inline = ["sudo /tmp/debianzfs.sh -p changeme -P letmeinzfs! /dev/vda debianzfs"]
} }
} }

328
debianzfs.sh
View File

@@ -1,131 +1,98 @@
#!/bin/bash #!/bin/bash
# This script is originally based off the "Debian Bullseye Root on ZFS" guide # Script is based off official guide: see "Debian Bullseye Root on ZFS"
# https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Bullseye%20Root%20on%20ZFS.html # https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Bullseye%20Root%20on%20ZFS.html
################# #################
### Functions ### ### Functions ###
################# #################
function usage () { function usage () {
echo "Usage: $(basename "$0") [-ghimpPrs] <DISK> [HOSTNAME]" echo "Usage: ./$(basename "$0") [-mpPr] <DISK> <HOSTNAME>"
echo -e "\t-g\n\t\tMirror GRUB after the installation. Requires: -m"
echo -e "\n\t-h\n\t\tThe help menu, i.e., the menu you're seeing now."
echo -e "\n\t-i\n\t\tIgnore the check for the /dev/disk/by-id/* format. You'll likely want: -s"
echo -e "\n\t-m <MIRROR>\n\t\tSet the MIRROR disk for a ZFS mirror installation."
echo -e "\n\t-p <PASSWORD>\n\t\tSet the password for root. Caution: saves to file temporarily."
echo -e "\n\t-P <PASSWWORD>\n\t\tSet the password for encrypting the root zpool."
echo -e "\n\t-r <ZFSROOT>\n\t\tSet the path for the new ZFS chroot. Defaults to /mnt"
echo -e "\n\t-s <PARTSUFFIX>\n\t\tSet the partition suffix for disks, defaults to: -part"
echo -e "\t\tSet to a zero '0' to remove the suffix entirely, i.e., -s0"
} }
function disk_check () { function disk_check () {
local DISK="$1" DISK_TYPE=$(file "$1" | awk '{ print $2$3 }')
local DISK_TYPE if [ "$DISK_TYPE" != "blockspecial" ]; then
[ -L "$DISK" ] && DISK=$(readlink -f "$DISK") echo "ERROR: Disk '$1' is not a block device"
DISK_TYPE=$(file "$DISK" | awk '{ print $2$3 }') exit 1
if [ "$DISK_TYPE" != "blockspecial" ]; then fi
echo "ERROR: Disk '$DISK' is not a block device"
exit 1
fi
} }
function disk_status () { function disk_status () {
local OUTPUT OUTPUT=$(wipefs "$1")
OUTPUT=$(wipefs "$1") if [ -n "$OUTPUT" ]; then
if [ -n "$OUTPUT" ]; then echo "ERROR: $1 is not empty"
echo "ERROR: $1 is not empty" echo "$OUTPUT"
echo "$OUTPUT" exit 1
exit 1 fi
fi
} }
function password_prompt () { function password_prompt () {
local password unset PASSWORD_PROMPT_RESULT
local password_confirm while true; do
unset PASSWORD_PROMPT_RESULT read -r -s -p "${1}: " password
while true; do echo ''
read -r -s -p "${1}: " password read -r -s -p "${1} (confirm): " password_confirm
echo '' echo ''
read -r -s -p "${1} (confirm): " password_confirm if [ "$password" == "$password_confirm" ]; then
echo '' if [ -z "$password" ]; then
if [ "$password" == "$password_confirm" ]; then echo "Password can not be empty, try again."
if [ -z "$password" ]; then else
echo "Password can not be empty, try again." break
else fi
break else
fi echo "Passwords did not match, try again."
else fi
echo "Passwords did not match, try again." done
fi PASSWORD_PROMPT_RESULT="$password"
done export PASSWORD_PROMPT_RESULT
PASSWORD_PROMPT_RESULT="$password"
export PASSWORD_PROMPT_RESULT
} }
function disk_format () { function disk_format () {
sgdisk -n2:1M:+512M -t2:EF00 "$1" sgdisk -n2:1M:+512M -t2:EF00 "$1"
sgdisk -n3:0:+1G -t3:BF01 "$1" sgdisk -n3:0:+1G -t3:BF01 "$1"
sgdisk -n4:0:0 -t4:BF00 "$1" sgdisk -n4:0:0 -t4:BF00 "$1"
} }
function create_boot_pool () { function create_boot_pool () {
# shellcheck disable=SC2086 zpool create -f \
zpool create -f \ -o ashift=12 \
-o ashift=12 \ -o autotrim=on -d \
-o autotrim=on -d \ -o cachefile=/etc/zfs/zpool.cache \
-o cachefile=/etc/zfs/zpool.cache \ -o feature@async_destroy=enabled \
-o feature@async_destroy=enabled \ -o feature@bookmarks=enabled \
-o feature@bookmarks=enabled \ -o feature@embedded_data=enabled \
-o feature@embedded_data=enabled \ -o feature@empty_bpobj=enabled \
-o feature@empty_bpobj=enabled \ -o feature@enabled_txg=enabled \
-o feature@enabled_txg=enabled \ -o feature@extensible_dataset=enabled \
-o feature@extensible_dataset=enabled \ -o feature@filesystem_limits=enabled \
-o feature@filesystem_limits=enabled \ -o feature@hole_birth=enabled \
-o feature@hole_birth=enabled \ -o feature@large_blocks=enabled \
-o feature@large_blocks=enabled \ -o feature@livelist=enabled \
-o feature@livelist=enabled \ -o feature@lz4_compress=enabled \
-o feature@lz4_compress=enabled \ -o feature@spacemap_histogram=enabled \
-o feature@spacemap_histogram=enabled \ -o feature@zpool_checkpoint=enabled \
-o feature@zpool_checkpoint=enabled \ -O devices=off \
-O devices=off \ -O acltype=posixacl -O xattr=sa \
-O acltype=posixacl -O xattr=sa \ -O compression=lz4 \
-O compression=lz4 \ -O normalization=formD \
-O normalization=formD \ -O relatime=on \
-O relatime=on \ -O canmount=off -O mountpoint=/boot -R "$1" \
-O canmount=off -O mountpoint=/boot -R "$1" \ bpool "$2"
bpool $2
} }
function create_root_pool () { function create_root_pool () {
# shellcheck disable=SC2086 echo "$3" | zpool create -f \
echo "$3" | zpool create -f \ -o ashift=12 \
-o ashift=12 \ -o autotrim=on \
-o autotrim=on \ -O encryption=on -O keylocation=prompt -O keyformat=passphrase \
-O encryption=on -O keylocation=prompt -O keyformat=passphrase \ -O acltype=posixacl -O xattr=sa -O dnodesize=auto \
-O acltype=posixacl -O xattr=sa -O dnodesize=auto \ -O compression=lz4 \
-O compression=lz4 \ -O normalization=formD \
-O normalization=formD \ -O relatime=on \
-O relatime=on \ -O canmount=off -O mountpoint=/ -R "$1" \
-O canmount=off -O mountpoint=/ -R "$1" \ rpool "$2"
rpool $2
}
function mirror_grub () {
umount /boot/efi
dd if="$1" of="$2"
efibootmgr -c -g -d "$2" -p 2 \
-L "debian-${3}" -l '\EFI\debian\grubx64.efi'
mount /boot/efi
}
function disk_byid_check () {
local BYID="/dev/disk/by-id/"
if [ ! "${1:0:${#BYID}}" == "$BYID" ]; then
echo "ERROR: DISK needs to be ${BYID}* format"
exit 1
fi
} }
################ ################
@@ -133,22 +100,19 @@ function disk_byid_check () {
################ ################
# Static # Static
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
CODENAME="bookworm" CODENAME="bullseye"
# Options # Options
while getopts ':ghim:p:P:r:s:' OPTION; do while getopts ':m:p:P:r:' OPTION; do
case "$OPTION" in case "$OPTION" in
g) GRUB_MIRROR="true";; m) MIRROR="$OPTARG";;
i) IGNORE_BYID="true";; p) ROOTPW="$OPTARG";;
m) MIRROR="$OPTARG";; P) RPOOLPW="$OPTARG";;
p) ROOTPW="$OPTARG";; r) ZFSROOT="$OPTARG";;
P) RPOOLPW="$OPTARG";; ?)
r) ZFSROOT="$OPTARG";; usage
s) PARTSUFFIX="$OPTARG";; exit 1;;
?) esac
usage
exit 1;;
esac
done done
shift "$((OPTIND -1))" shift "$((OPTIND -1))"
@@ -156,81 +120,50 @@ shift "$((OPTIND -1))"
DISK=$1 DISK=$1
ZFSHOST=$2 ZFSHOST=$2
# Post-boot grub mirror?
if [ "$GRUB_MIRROR" == "true" ]; then
while true; do
echo -e "ORIGINAL GRUB: $DISK\nMIRROR TO: $MIRROR"
read -r -p "Would you like to mirror GRUB? [y/N]: " yn
case $yn in
[Yy]*)
disk_check "$DISK"
disk_check "$MIRROR"
[ -z "$IGNORE_BYID" ] && disk_byid_check "$DISK"
[ -z "$IGNORE_BYID" ] && disk_byid_check "$MIRROR"
mirror_grub "$DISK" "$MIRROR" 2
exit 0;;
?)
echo "ABORTED: User did not confirm mirroring"
exit 1;;
esac
done
fi
# Verify variables # Verify variables
[ -z "$ZFSROOT" ] && ZFSROOT="/mnt" [ -z "$ZFSROOT" ] && ZFSROOT="/mnt"
if [ -z "$PARTSUFFIX" ]; then
PARTSUFFIX="-part"
elif [ "$PARTSUFFIX" == "0" ]; then
PARTSUFFIX=""
fi
if [ -z "$DISK" ]; then if [ -z "$DISK" ]; then
echo "ERROR: DISK not set" echo "ERROR: DISK not set"
usage usage
exit 1 exit 1
fi fi
if [ -z "$ZFSHOST" ]; then if [ -z "$ZFSHOST" ]; then
echo "ERROR: HOSTNAME not set" echo "ERROR: HOSTNAME not set"
usage usage
exit 1 exit 1
fi fi
if [ -z "$ROOTPW" ]; then if [ -z "$ROOTPW" ]; then
password_prompt "Root Passphrase" password_prompt "Root Passphrase"
ROOTPW="$PASSWORD_PROMPT_RESULT" ROOTPW="$PASSWORD_PROMPT_RESULT"
unset PASSWORD_PROMPT_RESULT unset PASSWORD_PROMPT_RESULT
fi fi
if [ -z "$RPOOLPW" ]; then if [ -z "$RPOOLPW" ]; then
password_prompt "ZFS Encryption Passphrase" password_prompt "ZFS Encryption Passphrase"
RPOOLPW="$PASSWORD_PROMPT_RESULT" RPOOLPW="$PASSWORD_PROMPT_RESULT"
unset PASSWORD_PROMPT_RESULT unset PASSWORD_PROMPT_RESULT
fi fi
if [ "$DEBUG" == "true" ]; then if [ "$DEBUG" == "true" ]; then
echo "CODENAME='${CODENAME}'" echo "CODENAME=${CODENAME}"
echo "DISK='${DISK}'" echo "DISK=${DISK}"
echo "ZFSHOST='${ZFSHOST}'" echo "ZFSHOST=${ZFSHOST}"
echo "ZFSROOT='${ZFSROOT}'" echo "ZFSROOT=${ZFSROOT}"
echo "MIRROR='${MIRROR}'" echo "MIRROR=${MIRROR}"
echo "ROOTPW='${ROOTPW}'" echo "ROOTPW=${ROOTPW}"
echo "RPOOLPW='${RPOOLPW}'" echo "RPOOLPW=${RPOOLPW}"
echo "PARTSUFFIX='${PARTSUFFIX}'"
echo "GRUB_MIRROR='${GRUB_MIRROR}'"
echo "IGNORE_BYID='${IGNORE_BYID}'"
fi fi
# Are the DISK paths block devices? AND # Are the DISK paths block devices? AND
# Are the DISK pathes empty devices? i.e., no filesystem signatures # Are the DISK pathes empty devices? i.e., no filesystem signatures
disk_check "$DISK" disk_check "$DISK"
disk_status "$DISK" disk_status "$DISK"
[ -z "$IGNORE_BYID" ] && disk_byid_check "$DISK"
if [ -n "$MIRROR" ]; then if [ -n "$MIRROR" ]; then
disk_check "$MIRROR" disk_check "$MIRROR"
disk_status "$MIRROR" disk_status "$MIRROR"
[ -z "$IGNORE_BYID" ] && disk_byid_check "$MIRROR"
fi fi
############################################### ###############################################
@@ -238,7 +171,7 @@ fi
############################################### ###############################################
# Display commands # Display commands
set -xe set -x
# 1. Boot the Debian GNU/Linux Live CD... done # 1. Boot the Debian GNU/Linux Live CD... done
# 2. Setup and update the repositories # 2. Setup and update the repositories
@@ -266,26 +199,19 @@ swapoff --all
# UEFI booting + boot pool + ZFS native encryption # UEFI booting + boot pool + ZFS native encryption
disk_format "$DISK" disk_format "$DISK"
[ -n "$MIRROR" ] && disk_format "$MIRROR" [ -n "$MIRROR" ] && disk_format "$MIRROR"
sleep 5
# Check for partitions 3 and 4
disk_check "${DISK}${PARTSUFFIX}3"
disk_check "${DISK}${PARTSUFFIX}4"
if [ -n "$MIRROR" ]; then
disk_check "${DISK}${PARTSUFFIX}3"
disk_check "${DISK}${PARTSUFFIX}4"
fi
# 4. Create the boot pool # 4. Create the boot pool
if [ -z "$MIRROR" ]; then
create_boot_pool "$ZFSROOT" "${DISK}3"
else
create_boot_pool "$ZFSROOT" "mirror ${DISK}3 ${MIRROR}3"
fi
# 5. Create the root pool # 5. Create the root pool
if [ -z "$MIRROR" ]; then if [ -z "$MIRROR" ]; then
create_boot_pool "$ZFSROOT" "${DISK}${PARTSUFFIX}3" create_root_pool "$ZFSROOT" "${DISK}4" "$RPOOLPW"
create_root_pool "$ZFSROOT" "${DISK}${PARTSUFFIX}4" "$RPOOLPW"
else else
create_boot_pool "$ZFSROOT" \ create_root_pool "$ZFSROOT" "mirror ${DISK}4 ${MIRROR}4" "$RPOOLPW"
"mirror ${DISK}${PARTSUFFIX}3 ${MIRROR}${PARTSUFFIX}3"
create_root_pool "$ZFSROOT" \
"mirror ${DISK}${PARTSUFFIX}4 ${MIRROR}${PARTSUFFIX}4" "$RPOOLPW"
fi fi
################################### ###################################
@@ -373,38 +299,28 @@ deb http://deb.debian.org/debian ${CODENAME}-updates main contrib
deb-src http://deb.debian.org/debian ${CODENAME}-updates main contrib deb-src http://deb.debian.org/debian ${CODENAME}-updates main contrib
EOF EOF
# Copy self and GRUB mirror helper script into chroot
if [ -n "$MIRROR" ]; then
cp "$0" "$ZFSROOT/usr/local/bin/debianzfs"
chmod +x "$ZFSROOT/usr/local/bin/debianzfs"
HELPER_SCRIPT="/root/MIRROR_GRUB_POSTINSTALL.sh"
cat <<-GRUBMIRROR > "${ZFSROOT}${HELPER_SCRIPT}"
#!/bin/bash
# Post-install GRUB mirror helper script
/usr/local/bin/debianzfs \
-gm ${MIRROR}${PARTSUFFIX}2 \
${DISK}${PARTSUFFIX}2
GRUBMIRROR
fi
# 4. Bind the virtual filesystems from the LiveCD environment to the new system and chroot into it # 4. Bind the virtual filesystems from the LiveCD environment to the new system and chroot into it
# Copy DISK/MIRROR vars under ZFSROOT
echo -e "DISK=${DISK}\nROOTPW=${ROOTPW}" > "$ZFSROOT/var/tmp/zfsenv"
# Bind
mount --make-private --rbind /dev /mnt/dev mount --make-private --rbind /dev /mnt/dev
mount --make-private --rbind /proc /mnt/proc mount --make-private --rbind /proc /mnt/proc
mount --make-private --rbind /sys /mnt/sys mount --make-private --rbind /sys /mnt/sys
# Copy DISK/MIRROR vars under ZFSROOT and chroot # Chroot
echo -e "DISK=\"$DISK\"\nPARTSUFFIX=\"${PARTSUFFIX}\"\nROOTPW=\"${ROOTPW}\"" > "$ZFSROOT/var/tmp/zfsenv"
cat << CHROOT | chroot /mnt bash --login cat << CHROOT | chroot /mnt bash --login
# Setup # Setup
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8
set -ex set -ex
. /var/tmp/zfsenv . /var/tmp/zfsenv
rm -f /var/tmp/zfsenv
unset CDPATH unset CDPATH
cd cd
# 5. Configure a basic system environment # 5. Configure a basic system environment
ln -fs /proc/self/mounts /etc/mtab ln -s /proc/self/mounts /etc/mtab
apt-get update && apt-get upgrade -y apt-get update && apt-get upgrade -y
apt-get install -y console-setup locales apt-get install -y console-setup locales
@@ -420,9 +336,9 @@ echo REMAKE_INITRD=yes > /etc/dkms/zfs.conf
# Install GRUB for UEFI booting # Install GRUB for UEFI booting
apt-get install -y dosfstools apt-get install -y dosfstools
mkdosfs -F 32 -s 1 -n EFI "\${DISK}\${PARTSUFFIX}2" mkdosfs -F 32 -s 1 -n EFI "\${DISK}2"
mkdir /boot/efi mkdir /boot/efi
BLKID_BOOT="/dev/disk/by-uuid/\$(blkid -s UUID -o value \${DISK}\${PARTSUFFIX}2)" BLKID_BOOT="/dev/disk/by-uuid/\$(blkid -s UUID -o value \${DISK}2)"
echo "\${BLKID_BOOT} /boot/efi vfat defaults 0 0" >> /etc/fstab echo "\${BLKID_BOOT} /boot/efi vfat defaults 0 0" >> /etc/fstab
mount /boot/efi mount /boot/efi
apt-get install -y grub-efi-amd64 shim-signed apt-get install -y grub-efi-amd64 shim-signed
@@ -487,7 +403,7 @@ update-grub
# 6. Install the boot loader # 6. Install the boot loader
# For UEFI booting, install GRUB to the ESP # For UEFI booting, install GRUB to the ESP
grub-install --target=x86_64-efi --efi-directory=/boot/efi \ grub-install --target=x86_64-efi --efi-directory=/boot/efi \
--bootloader-id=debian --recheck --no-floppy --bootloader-id=debian --recheck --no-floppy
# 7. Fix filesystem mount ordering # 7. Fix filesystem mount ordering
mkdir /etc/zfs/zfs-list.cache mkdir /etc/zfs/zfs-list.cache
@@ -516,11 +432,9 @@ CHROOT
# 3. Run these commands in the LiveCD environment to unmount all filesystems # 3. Run these commands in the LiveCD environment to unmount all filesystems
mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | \ mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | \
xargs -I{} umount -lf {} xargs -I{} umount -lf {}
# 4. If this fails for rpool, mounting it on boot will fail and you will need to # 4. If this fails for rpool, mounting it on boot will fail and you will need to
# zpool import -f rpool, then exit in the initamfs prompt # zpool import -f rpool, then exit in the initamfs prompt
zpool export -a || exit 0 zpool export -a || exit 0
[ -n "$HELPER_SCRIPT" ] && \
echo "NOTICE: A GRUB mirror helper script was placed at $HELPER_SCRIPT"
exit 0 exit 0

2
scripts/setup.sh
View File

@@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
sudo passwd -d user sudo passwd -d user
sudo chmod u+x /tmp/debianzfs sudo chmod u+x /tmp/debianzfs.sh