root/zfs-hetzner-vm
1
0
Fork 0
mirror of https://github.com/terem42/zfs-hetzner-vm.git synced 2026-01-04 20:55:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated encryption

Browse Source
This commit is contained in:
Andrey Prokopenko
2020-02-23 17:27:03 +01:00
parent 6da37d37ce
commit b1acba9640
2 changed files with 35 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
hetzner-debian10-zfs-setup.sh
View File

@@ -5,7 +5,7 @@
fully automatic script to install Debian 10 with ZFS root on Hetzner VPS fully automatic script to install Debian 10 with ZFS root on Hetzner VPS
WARNING: all data on the disk will be destroyed WARNING: all data on the disk will be destroyed
How to use: add SSH key to the rescue console, set it OS to linux64, then press mount rescue and power sysle How to use: add SSH key to the rescue console, set it OS to linux64, then press mount rescue and power sysle
Next, connect via SSH to console, and run the script Next, connect via SSH to console, and run the script
Answer script questions about desired hostname and ZFS ARC cache size Answer script questions about desired hostname and ZFS ARC cache size
To cope with network failures its higly recommended to run the script inside screen console To cope with network failures its higly recommended to run the script inside screen console
screen -dmS zfs screen -dmS zfs
@@ -19,10 +19,10 @@ set -o nounset
# Variables # Variables
v_bpool_name= v_bpool_name=
v_bpool_tweaks= v_bpool_tweaks=
v_rpool_name= v_rpool_name=
v_rpool_tweaks= v_rpool_tweaks=
declare -a v_selected_disks declare -a v_selected_disks
v_swap_size= # integer v_swap_size= # integer
v_free_tail_space= # integer v_free_tail_space= # integer
v_hostname= v_hostname=
@@ -126,9 +126,9 @@ function check_prerequisites {
echo "SSH pubkey file is absent, please add it to the rescue system setting, then reboot into rescue system and run the script" echo "SSH pubkey file is absent, please add it to the rescue system setting, then reboot into rescue system and run the script"
exit 1 exit 1
fi fi
if ! dpkg-query --showformat="\${Status}" -W dialog 2> /dev/null | grep "install ok installed" &> /dev/null; then if ! dpkg-query --showformat="\${Status}" -W dialog 2> /dev/null | grep "install ok installed" &> /dev/null; then
apt install --yes dialog apt install --yes dialog
fi fi
} }
function initial_load_debian_zed_cache { function initial_load_debian_zed_cache {
@@ -139,7 +139,7 @@ function initial_load_debian_zed_cache {
chroot_execute "zed -F &" chroot_execute "zed -F &"
local success=0 local success=0
if [[ ! -e /mnt/etc/zfs/zfs-list.cache/rpool ]] || [[ -e /mnt/etc/zfs/zfs-list.cache/rpool && (( $(ls -l /mnt/etc/zfs/zfs-list.cache/rpool 2> /dev/null | cut -d ' ' -f 5) == 0 )) ]]; then if [[ ! -e /mnt/etc/zfs/zfs-list.cache/rpool ]] || [[ -e /mnt/etc/zfs/zfs-list.cache/rpool && (( $(ls -l /mnt/etc/zfs/zfs-list.cache/rpool 2> /dev/null | cut -d ' ' -f 5) == 0 )) ]]; then
chroot_execute "zfs set canmount=noauto rpool" chroot_execute "zfs set canmount=noauto rpool"
@@ -151,9 +151,9 @@ function initial_load_debian_zed_cache {
break break
else else
sleep 1 sleep 1
fi fi
done done
else else
success=1 success=1
fi fi
@@ -173,7 +173,7 @@ function find_suitable_disks {
udevadm trigger udevadm trigger
# shellcheck disable=SC2012 # shellcheck disable=SC2012
ls -l /dev/disk/by-id | tail -n +2 | perl -lane 'print "@F[8..10]"' > "$c_disks_log" ls -l /dev/disk/by-id | tail -n +2 | perl -lane 'print "@F[8..10]"' > "$c_disks_log"
local candidate_disk_ids local candidate_disk_ids
@@ -430,10 +430,10 @@ function unmount_and_export_fs {
zpools_exported=1 zpools_exported=1
echo "all zfs pools were succesfully exported" echo "all zfs pools were succesfully exported"
break; break;
else else
sleep 1 sleep 1
fi fi
done done
set -e set -e
if (( zpools_exported != 1 )); then if (( zpools_exported != 1 )); then
echo "failed to export zfs pools" echo "failed to export zfs pools"
@@ -472,12 +472,12 @@ ask_root_password
ask_hostname ask_hostname
clear clear
echo "===========remove unused kernels in rescue system=========" echo "===========remove unused kernels in rescue system========="
for kver in $(find /lib/modules/* -maxdepth 0 -type d | grep -v "$(uname -r)" | cut -s -d "/" -f 4); do for kver in $(find /lib/modules/* -maxdepth 0 -type d | grep -v "$(uname -r)" | cut -s -d "/" -f 4); do
apt purge --yes "linux-headers-$kver" apt purge --yes "linux-headers-$kver"
apt purge --yes "linux-image-$kver" apt purge --yes "linux-image-$kver"
done done
echo "======= installing zfs on rescue system ==========" echo "======= installing zfs on rescue system =========="
@@ -512,7 +512,7 @@ echo "======= create zfs pools and datasets =========="
bpool_disks_partitions=() bpool_disks_partitions=()
if [[ $v_encrypt_rpool == "1" ]]; then if [[ $v_encrypt_rpool == "1" ]]; then
encryption_options=(-O "encryption=on" -O "keylocation=prompt" -O "keyformat=passphrase") encryption_options=(-O "encryption=aes-256-gcm" -O "keylocation=prompt" -O "keyformat=passphrase")
fi fi
for selected_disk in "${v_selected_disks[@]}"; do for selected_disk in "${v_selected_disks[@]}"; do
@@ -524,7 +524,7 @@ echo "======= create zfs pools and datasets =========="
pools_mirror_option=mirror pools_mirror_option=mirror
else else
pools_mirror_option= pools_mirror_option=
fi fi
zpool create \ zpool create \
$v_bpool_tweaks -O canmount=off -O devices=off \ $v_bpool_tweaks -O canmount=off -O devices=off \
@@ -611,9 +611,7 @@ iface lo inet6 loopback
auto ens3 auto ens3
iface ens3 inet dhcp iface ens3 inet dhcp
dns-nameservers 213.133.98.98 213.133.99.99 213.133.100.100
# control-alias ens3
iface ens3 inet6 static iface ens3 inet6 static
address ${ip6addr_prefix}:1/64 address ${ip6addr_prefix}:1/64
gateway fe80::1 gateway fe80::1

34
hetzner-ubuntu18-zfs-setup.sh
View File

@@ -5,7 +5,7 @@
fully automatic script to install Ubuntu 18 LTS with ZFS root on Hetzner VPS fully automatic script to install Ubuntu 18 LTS with ZFS root on Hetzner VPS
WARNING: all data on the disk will be destroyed WARNING: all data on the disk will be destroyed
How to use: add SSH key to the rescue console, set it OS to linux64, then press mount rescue and power sysle How to use: add SSH key to the rescue console, set it OS to linux64, then press mount rescue and power sysle
Next, connect via SSH to console, and run the script Next, connect via SSH to console, and run the script
Answer script questions about desired hostname and ZFS ARC cache size Answer script questions about desired hostname and ZFS ARC cache size
To cope with network failures its higly recommended to run the script inside screen console To cope with network failures its higly recommended to run the script inside screen console
screen -dmS zfs screen -dmS zfs
@@ -19,10 +19,10 @@ set -o nounset
# Variables # Variables
v_bpool_name= v_bpool_name=
v_bpool_tweaks= v_bpool_tweaks=
v_rpool_name= v_rpool_name=
v_rpool_tweaks= v_rpool_tweaks=
declare -a v_selected_disks declare -a v_selected_disks
v_swap_size= # integer v_swap_size= # integer
v_free_tail_space= # integer v_free_tail_space= # integer
v_hostname= v_hostname=
@@ -126,9 +126,9 @@ function check_prerequisites {
echo "SSH pubkey file is absent, please add it to the rescue system setting, then reboot into rescue system and run the script" echo "SSH pubkey file is absent, please add it to the rescue system setting, then reboot into rescue system and run the script"
exit 1 exit 1
fi fi
if ! dpkg-query --showformat="\${Status}" -W dialog 2> /dev/null | grep "install ok installed" &> /dev/null; then if ! dpkg-query --showformat="\${Status}" -W dialog 2> /dev/null | grep "install ok installed" &> /dev/null; then
apt install --yes dialog apt install --yes dialog
fi fi
} }
@@ -138,7 +138,7 @@ function find_suitable_disks {
udevadm trigger udevadm trigger
# shellcheck disable=SC2012 # shellcheck disable=SC2012
ls -l /dev/disk/by-id | tail -n +2 | perl -lane 'print "@F[8..10]"' > "$c_disks_log" ls -l /dev/disk/by-id | tail -n +2 | perl -lane 'print "@F[8..10]"' > "$c_disks_log"
local candidate_disk_ids local candidate_disk_ids
@@ -395,10 +395,10 @@ function unmount_and_export_fs {
zpools_exported=1 zpools_exported=1
echo "all zfs pools were succesfully exported" echo "all zfs pools were succesfully exported"
break; break;
else else
sleep 1 sleep 1
fi fi
done done
set -e set -e
if (( zpools_exported != 1 )); then if (( zpools_exported != 1 )); then
echo "failed to export zfs pools" echo "failed to export zfs pools"
@@ -437,12 +437,12 @@ ask_root_password
ask_hostname ask_hostname
clear clear
echo "===========remove unused kernels in rescue system=========" echo "===========remove unused kernels in rescue system========="
for kver in $(find /lib/modules/* -maxdepth 0 -type d | grep -v "$(uname -r)" | cut -s -d "/" -f 4); do for kver in $(find /lib/modules/* -maxdepth 0 -type d | grep -v "$(uname -r)" | cut -s -d "/" -f 4); do
apt purge --yes "linux-headers-$kver" apt purge --yes "linux-headers-$kver"
apt purge --yes "linux-image-$kver" apt purge --yes "linux-image-$kver"
done done
echo "======= installing zfs on rescue system ==========" echo "======= installing zfs on rescue system =========="
@@ -477,7 +477,7 @@ echo "======= create zfs pools and datasets =========="
bpool_disks_partitions=() bpool_disks_partitions=()
if [[ $v_encrypt_rpool == "1" ]]; then if [[ $v_encrypt_rpool == "1" ]]; then
encryption_options=(-O "encryption=on" -O "keylocation=prompt" -O "keyformat=passphrase") encryption_options=(-O "encryption=aes-256-gcm" -O "keylocation=prompt" -O "keyformat=passphrase")
fi fi
for selected_disk in "${v_selected_disks[@]}"; do for selected_disk in "${v_selected_disks[@]}"; do
@@ -489,7 +489,7 @@ echo "======= create zfs pools and datasets =========="
pools_mirror_option=mirror pools_mirror_option=mirror
else else
pools_mirror_option= pools_mirror_option=
fi fi
zpool create \ zpool create \
$v_bpool_tweaks -O canmount=off -O devices=off \ $v_bpool_tweaks -O canmount=off -O devices=off \
@@ -539,12 +539,12 @@ if [[ $v_swap_size -gt 0 ]]; then
"$v_rpool_name/swap" "$v_rpool_name/swap"
udevadm settle udevadm settle
mkswap -f "/dev/zvol/$v_rpool_name/swap" mkswap -f "/dev/zvol/$v_rpool_name/swap"
fi fi
echo "======= setting up initial system packages ==========" echo "======= setting up initial system packages =========="
debootstrap --arch=amd64 bionic "$c_zfs_mount_dir" "$c_deb_packages_repo" debootstrap --arch=amd64 bionic "$c_zfs_mount_dir" "$c_deb_packages_repo"
zfs set devices=off "$v_rpool_name" zfs set devices=off "$v_rpool_name"