Jeff Moe
4 years ago
parent
264177d09d
commit
2ffb2062a3
@ -0,0 +1,23 @@
|
||||
Encrypted root partitions
|
||||
|
||||
RAID partitions
|
||||
|
||||
Move installer ssh to port other than 22
|
||||
|
||||
Use local debian mirror
|
||||
|
||||
sshd_config
|
||||
|
||||
vim config
|
||||
|
||||
Private LAN between data centers
|
||||
|
||||
am6 is on slower serial console ?
|
||||
|
||||
|
||||
Set up partitioning
|
||||
set up second ethernet interface
|
||||
|
||||
|
||||
SSH keys per project, auto-generate
|
||||
|
||||
@ -0,0 +1,196 @@
|
||||
# Crypto with LVM
|
||||
d-i partman-auto/disk string /dev/sda
|
||||
d-i partman-auto/method string crypto
|
||||
# When disk encryption is enabled, skip wiping the partitions beforehand.
|
||||
d-i partman-auto-crypto/erase_disks boolean true
|
||||
# max swap size
|
||||
d-i partman-auto/cap-ram string 4096
|
||||
# File to load for expert recipe
|
||||
# d-i partman-auto/expert_recipe_file string <string>
|
||||
|
||||
|
||||
### Description: Encryption passphrase:
|
||||
# You need to choose a passphrase to encrypt ${DEVICE}.
|
||||
# .
|
||||
# The overall strength of the encryption depends strongly on this
|
||||
# passphrase, so you should take care to choose a passphrase that is
|
||||
# not easy to guess. It should not be a word or sentence found in
|
||||
# dictionaries, or a phrase that could be easily associated with you.
|
||||
# .
|
||||
# A good passphrase will contain a mixture of letters, numbers and
|
||||
# punctuation. Passphrases are recommended to have a length of 20 or
|
||||
# more characters.
|
||||
# d-i partman-crypto/passphrase password <password>
|
||||
|
||||
### Description: Re-enter passphrase to verify:
|
||||
# Please enter the same passphrase again to verify that you have typed it
|
||||
# correctly.
|
||||
# d-i partman-crypto/passphrase-again password <password>
|
||||
|
||||
### Description: Devices to encrypt:
|
||||
# Please select the devices to be encrypted.
|
||||
# .
|
||||
# You can select one or more devices.
|
||||
# d-i partman-crypto/create/partitions multiselect <choice(s)>
|
||||
# Possible choices: ${PARTITIONS}
|
||||
|
||||
|
||||
#### partman-md_90_all.udeb
|
||||
|
||||
|
||||
|
||||
# d-i partman-auto/select_disk select <choice>
|
||||
d-i partman-auto/select_disk select /dev/sda
|
||||
|
||||
d-i partman/default_filesystem string ext4
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# ls -l /dev/sd* /dev/nvme*
|
||||
crw------- 1 root root 246, 0 Feb 9 18:27 /dev/nvme0
|
||||
brw------- 1 root root 259, 0 Feb 9 21:19 /dev/nvme0n1
|
||||
crw------- 1 root root 246, 1 Feb 9 18:27 /dev/nvme1
|
||||
brw------- 1 root root 259, 1 Feb 9 21:19 /dev/nvme1n1
|
||||
brw------- 1 root root 8, 0 Feb 9 21:23 /dev/sda
|
||||
brw------- 1 root root 8, 1 Feb 9 21:23 /dev/sda1
|
||||
brw------- 1 root root 8, 5 Feb 9 21:23 /dev/sda5
|
||||
brw------- 1 root root 8, 16 Feb 9 21:19 /dev/sdb
|
||||
|
||||
|
||||
# Non-LUKS, non-RAID version
|
||||
|
||||
# fdisk -l /dev/sda
|
||||
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
|
||||
|
||||
/dev/sda1 /boot 1G
|
||||
/dev/sda2 SWAP 4G
|
||||
/dev/sda3 / 50G
|
||||
/dev/sda4 /home 169G
|
||||
|
||||
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
|
||||
Units: sectors of 1 * 512 = 512 bytes
|
||||
Sector size (logical/physical): 512 bytes / 4096 bytes
|
||||
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
|
||||
Disklabel type: dos
|
||||
Disk identifier: 0x71de2bac
|
||||
|
||||
Device Boot Start End Sectors Size Id Type
|
||||
/dev/sda1 * 2048 2099199 2097152 1G 83 Linux
|
||||
/dev/sda2 2099200 10487807 8388608 4G 82 Linux swap / Solaris
|
||||
/dev/sda3 10487808 115345407 104857600 50G 83 Linux
|
||||
/dev/sda4 115345408 468862127 353516720 168.6G 83 Linux
|
||||
|
||||
# fdisk -l /dev/sdb
|
||||
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
|
||||
|
||||
/dev/sdb1 FREE 224G
|
||||
|
||||
# fdisk -l /dev/nvme0n1
|
||||
Disk /dev/nvme0n1: 3.5 TiB, 3840755982336 bytes, 7501476528 sectors
|
||||
|
||||
GPT
|
||||
/dev/nvme0n1p1 FREE 3.5T
|
||||
|
||||
# fdisk -l /dev/nvme1n1
|
||||
Disk /dev/nvme1n1: 3.5 TiB, 3840755982336 bytes, 7501476528 sectors
|
||||
|
||||
GPT
|
||||
/dev/nvme1n1p1 FREE 3.5T
|
||||
|
||||
|
||||
#############################
|
||||
# Simple partition:
|
||||
d-i partman-auto/select_disk select /dev/sda
|
||||
|
||||
partman-auto/text/atomic_scheme ::
|
||||
|
||||
500 10000 1000000 ext4
|
||||
$primary{ }
|
||||
$bootable{ }
|
||||
method{ format }
|
||||
format{ }
|
||||
use_filesystem{ }
|
||||
filesystem{ ext4 }
|
||||
mountpoint{ / } .
|
||||
|
||||
64 512 300% linux-swap
|
||||
method{ swap }
|
||||
format{ } .
|
||||
|
||||
|
||||
|
||||
####################
|
||||
# Ubuntu LVM + encryption
|
||||
#Partitioning
|
||||
d-i partman-auto/disk string /dev/sda
|
||||
d-i partman-lvm/device_remove_lvm boolean true
|
||||
d-i partman-md/device_remove_md boolean true
|
||||
d-i partman-lvm/confirm boolean true
|
||||
d-i partman-auto-lvm/guided_size string max
|
||||
d-i partman-auto/method string crypto
|
||||
d-i partman-auto/choose_recipe select boot-crypto
|
||||
d-i partman-auto-lvm/new_vg_name string crypt
|
||||
d-i partman-auto/expert_recipe string boot-crypto :: \
|
||||
250 35 250 ext4 $primary{ } $bootable{ } \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /boot } \
|
||||
.\
|
||||
3072 75 3072 ext4 $lvmok{ } lv_name{ root } \
|
||||
in_vg { crypt } method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } mountpoint{ / } \
|
||||
.\
|
||||
100% 75 100% linux-swap $lvmok{ } lv_name{ swap } \
|
||||
in_vg { crypt } method{ swap } format{ } \
|
||||
.\
|
||||
2048 50 3072 ext4 $lvmok{ } lv_name{ usr } \
|
||||
in_vg { crypt } method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } mountpoint{ /usr } \
|
||||
.\
|
||||
512 50 1024 ext4 $lvmok{ } lv_name{ tmp } \
|
||||
in_vg { crypt } method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } mountpoint{ /tmp } \
|
||||
.\
|
||||
256 25 1000000 ext4 $lvmok{ } lv_name{ home } \
|
||||
in_vg { crypt } method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } mountpoint{ /home } \
|
||||
.\
|
||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||
d-i partman/choose_partition select finish
|
||||
d-i partman/confirm boolean true
|
||||
d-i partman/confirm_nooverwrite boolean true
|
||||
|
||||
|
||||
#########################################################################
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: ethtool-lite: ens3f0: carrier up
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: Found link on ens3f0
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: found link on interface ens3f0, making it the default.
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: Could not find valid BOOTIF= entry in /proc/cmdline
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface ens3f0
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface ens3f1
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface lo
|
||||
Feb 9 22:28:49 netcfg[1038]: INFO: Activating interface ens3f0
|
||||
|
||||
...
|
||||
|
||||
Feb 9 22:29:44 md-devices: mdadm: No arrays found in config file or automatically
|
||||
Feb 9 22:29:45 kernel: [ 60.363875] device-mapper: uevent: version 1.0.3
|
||||
Feb 9 22:29:45 kernel: [ 60.363948] device-mapper: ioctl: 4.39.0-ioctl (2018-04-03) initialised: dm-devel@redhat.com
|
||||
Feb 9 22:29:45 partman: No matching physical volumes found
|
||||
Feb 9 22:29:45 partman: Reading all physical volumes. This may take a while...
|
||||
|
||||
##################################################################################
|
||||
### GPT
|
||||
d-i partman-basicfilesystems/choose_label string gpt
|
||||
d-i partman-basicfilesystems/default_label string gpt
|
||||
d-i partman-partitioning/choose_label string gpt
|
||||
d-i partman-partitioning/default_label string gpt
|
||||
d-i partman/choose_label string gpt
|
||||
d-i partman/default_label string gpt
|
||||
|
||||
|
||||
Loading…
Reference in new issue