The following hook should create an enrypted LVM partition which
provides two logical volumes: / and swap. / is formatted as btrfs with
various subvolumes. It all works so far, but during install /dev/vda1 -
which acts as an unencrypted ext4 partition - does not get mounted to
/target/boot, so GRUB is not installed (at least not to /dev/vda1).
What makes matters worse is that during install /dev/vda1 seems to be
mounted:
root@test2:~# mount | grep boot
/dev/vda1 on /target/boot type ext4
(rw,noatime,errors=remount-ro,data=ordered)
root@test2:~# grep boot /proc/mounts
/dev/vda1 /target/boot ext4 rw,noatime,errors=remount-ro,data=ordered 0 0
root@test2:~# grep boot /etc/mtab
/dev/vda1 /target/boot ext4 rw,noatime,errors=remount-ro,data=ordered 0 0
root@test2:~# findmnt | grep /boot
|-/target/boot /dev/vda1
ext4 rw,noatime,errors=remount-ro,data=ordered
And /target/boot actually contains the bootloader:
root@test2:/tmp/fai# ls /target/boot
System.map-4.15.0-38-generic config-4.15.0-38-generic
initrd.img-4.15.0-38-generic vmlinuz-4.15.0-38-generic
abi-4.15.0-38-generic grub retpoline-4.15.0-38-generic
But the mount is just an illusion; the mount simply does not exist:
root@test2:~# df | grep boot
root@test2:/tmp/fai# umount /target/boot
umount: /target/boot: not mounted
In reality /target/boot resides on the same btrfs filesystem as / and
GRUB just happily got installed into the encrypted btrfs volume, which
obviously does not work. /dev/vda1 stays empty:
root@test2:~# mount /dev/vda1 /target/boot
root@test2:~# ls /target/boot/
lost+found
However, if /dev/vda1 gets mounted to /target/boot manually during early
stages of the boot (right after task_mountdisks has finished):
root@test2:~# mount /dev/vda1 /target/boot
mount: mount point /target/boot does not exist
root@test2:~# ls /target/
@ boot etc lib media opt root sbin sys usr
bin dev home lib64 mnt proc run srv tmp var
root@test2:~# umount /target/boot
umount: /target/boot: not mounted
root@test2:~# mount /dev/vda1 /target/boot
then /target/boot gets mounted as expected and the bootloader is
correctly installed to /dev/vda1.
What is keeping FAI from correctly mounting /dev/vda1 to /target/boot
during install?
Attached is the hook (many thanks to Ingo Wichmann [1] for the template).
[1] https://lists.uni-koeln.de/pipermail/linux-fai/2016-January/011209.html
#!/bin/bash
#####################################################################
# hooks/partition.STORAGE_VM_BTRFS_CRYPT
#
# Root filesystem on btrfs subvolumes on LVM on LUKS.
# Swap on LVM on LUKS.
# /boot unencrypted.
#
#
+-----------------------------------------------------------------------------------------------+
# | /boot | / | [SWAP] |
/srv |
# | | | |
|
# | ext4 | btrfs | swap |
zfs |
# | | | |
|
# | | /dev/vgmain/root | /dev/vgmain/swap |
|
# | +-----------------------+-----------------------+
|
# | | Physical volume |
|
# | | |
|
# | | /dev/vgmain |
|
# | | |
|
# | | /dev/mapper/vda2_crypt |
/dev/mapper/vda3_crypt|
# |
+-----------------------------------------------+-----------------------+
# | | LUKS encrypted |
LUKS encrypted |
# | | partition |
partition |
# | | |
|
# | /dev/vda1 | /dev/vda2 |
/dev/vda3 |
#
|-----------------------+-----------------------------------------------+-----------------------+
# |
|
# | /dev/vda
|
#
+-----------------------------------------------------------------------------------------------+
#
# root@system:~# lsblk
# NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
# vda 252:0 0 50G 0 disk
# ├─vda1 252:1 0 1G 0 part /boot
# ├─vda2 252:2 0 46G 0 part
# │ └─crypt_dev_vda2 253:0 0 46G 0 crypt
# │ ├─vgmain-root 253:1 0 44,6G 0 lvm /
# │ └─vgmain-swap 253:2 0 1G 0 lvm [SWAP]
# ├─vda3 252:3 0 2G 0 part
# │ └─crypt_dev_vda3 253:3 0 2G 0 crypt
# └─vda4 252:4 0 1G 0 part
#
#
# This file has been seeded by FAI.
#####################################################################
###[CUSTOMCHANGE BEGIN]###
skiptask partition
: ${BOOT_DEVICE:=/dev/vda}
: ${LOGDIR:=/tmp/fai}
: ${target:=/target}
# setup-storage fails to wipe sometimes
[ -b ${BOOT_DEVICE} ] && wipefs -a -f ${BOOT_DEVICE}
# Set up partitions, LUKS and LVM
cat <<-SETUPSTORAGE > $LOGDIR/setup-storage.conf
# <type> <mountpoint> <size> <fs> <mount options>
<misc options>
# Physical disks
disk_config disk1 bootable:1 fstabkey:uuid
primary /boot 1G ext4
defaults,errors=remount-ro
primary - 12G- - -
primary - 2G - -
primary - 1G - -
# LUKS layer
disk_config cryptsetup
luks:"fai" - disk1.2 - -
lukscreateopts="-c aes-xts-plain64 -h sha512"
luks:"fai" - disk1.3 - -
lukscreateopts="-c aes-xts-plain64 -h sha512"
# LVM layer
disk_config lvm fstabkey:uuid
vg vgmain disk1.2
vgmain-root - 10G- - -
vgmain-swap swap 1G swap sw
SETUPSTORAGE
setup-storage -f $LOGDIR/setup-storage.conf -X 2>&1 | tee $LOGDIR/format.log
# Define storage locations
BOOT_CONTAINER=/dev/vda1
ROOT_CONTAINER=/dev/vgmain/root
SWAP_CONTAINER=/dev/vgmain/swap
DATA_CONTAINER=/dev/vda4
# Create btrfs filesystem
mkfs.btrfs -f $ROOT_CONTAINER
# Get the UUID of the storage locations
uuid_boot=$(lsblk -n -o uuid $BOOT_CONTAINER)
uuid_root=$(lsblk -n -o uuid $ROOT_CONTAINER)
uuid_swap=$(lsblk -n -o uuid $SWAP_CONTAINER)
uuid_data=$(lsblk -n -o uuid $DATA_CONTAINER)
# Print the UUID of the storage locations
echo $BOOT_CONTAINER UUID=$uuid_boot
echo $ROOT_CONTAINER UUID=$uuid_root
echo $SWAP_CONTAINER UUID=$uuid_swap
echo $DATA_CONTAINER UUID=$uuid_data
# Create btrfs subvolumes
mkdir $target
mount UUID=$uuid_root $target || exit
btrfs subvolume create ${target%/}/@
btrfs subvolume create ${target%/}/@/home
btrfs subvolume create ${target%/}/@/opt
btrfs subvolume create ${target%/}/@/root
btrfs subvolume create ${target%/}/@/srv
btrfs subvolume create ${target%/}/@/tmp
mkdir -p ${target%/}/@/usr
btrfs subvolume create ${target%/}/@/usr/local
btrfs subvolume create ${target%/}/@/var
btrfs subvolume create ${target%/}/@/var/tmp
btrfs subvolume create ${target%/}/@/.snapshots
mkdir -p ${target%/}/@/.snapshots/1
btrfs subvolume create ${target%/}/@/.snapshots/1/snapshot
subvolid=$(btrfs subvolume show $target/@/.snapshots/1/snapshot | sed -rn
's/.*Object ID:\s+//p')
btrfs subvolume set-default "$subvolid" "$target"
umount $target
# Set disk_vars
cat <<-DISK_VAR > $LOGDIR/disk_var.sh
BOOT_DEVICE=\${BOOT_DEVICE:-${BOOT_DEVICE}}
BOOT_PARTITION=\${BOOT_PARTITION:-${BOOT_CONTAINER}}
ROOT_PARTITION=\${ROOT_PARTITION:-${ROOT_CONTAINER}}
SWAPLIST=\${SWAPLIST:-"${SWAP_CONTAINER}"}
DISK_VAR
# Insert btrfs subvolumes into the fstab
cat <<-FSTAB >> $LOGDIR/fstab
# device during installation: ${ROOT_CONTAINER}
UUID=$uuid_root / btrfs defaults
0 0
UUID=$uuid_root /home btrfs
subvol=@/home,defaults,noexec,nosuid,nodev 0 0
UUID=$uuid_root /opt btrfs subvol=@/opt
0 0
UUID=$uuid_root /root btrfs subvol=@/root
0 0
UUID=$uuid_root /srv btrfs
subvol=@/srv,defaults,noexec,nosuid,nodev 0 0
UUID=$uuid_root /tmp btrfs
subvol=@/tmp,defaults,noexec,nosuid,nodev 0 0
UUID=$uuid_root /usr/local btrfs subvol=@/usr/local
0 0
UUID=$uuid_root /var btrfs subvol=@/var,defaults,nosuid
0 0
UUID=$uuid_root /var/tmp btrfs
subvol=@/var/tmp,defaults,noexec,nosuid,nodev 0 0
UUID=$uuid_root /.snapshots btrfs subvol=@/.snapshots
0 0
FSTAB
###[CUSTOMCHANGE END]#####
