crufty notes etc

master
Jeff Moe 3 years ago
parent 264177d09d
commit 2ffb2062a3

23
TODO

@ -0,0 +1,23 @@
Encrypted root partitions
RAID partitions
Move installer ssh to port other than 22
Use local debian mirror
sshd_config
vim config
Private LAN between data centers
am6 is on slower serial console ?
Set up partitioning
set up second ethernet interface
SSH keys per project, auto-generate

@ -0,0 +1,196 @@
# Crypto with LVM
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string crypto
# When disk encryption is enabled, skip wiping the partitions beforehand.
d-i partman-auto-crypto/erase_disks boolean true
# max swap size
d-i partman-auto/cap-ram string 4096
# File to load for expert recipe
# d-i partman-auto/expert_recipe_file string <string>
### Description: Encryption passphrase:
# You need to choose a passphrase to encrypt ${DEVICE}.
# .
# The overall strength of the encryption depends strongly on this
# passphrase, so you should take care to choose a passphrase that is
# not easy to guess. It should not be a word or sentence found in
# dictionaries, or a phrase that could be easily associated with you.
# .
# A good passphrase will contain a mixture of letters, numbers and
# punctuation. Passphrases are recommended to have a length of 20 or
# more characters.
# d-i partman-crypto/passphrase password <password>
### Description: Re-enter passphrase to verify:
# Please enter the same passphrase again to verify that you have typed it
# correctly.
# d-i partman-crypto/passphrase-again password <password>
### Description: Devices to encrypt:
# Please select the devices to be encrypted.
# .
# You can select one or more devices.
# d-i partman-crypto/create/partitions multiselect <choice(s)>
# Possible choices: ${PARTITIONS}
#### partman-md_90_all.udeb
# d-i partman-auto/select_disk select <choice>
d-i partman-auto/select_disk select /dev/sda
d-i partman/default_filesystem string ext4
# ls -l /dev/sd* /dev/nvme*
crw------- 1 root root 246, 0 Feb 9 18:27 /dev/nvme0
brw------- 1 root root 259, 0 Feb 9 21:19 /dev/nvme0n1
crw------- 1 root root 246, 1 Feb 9 18:27 /dev/nvme1
brw------- 1 root root 259, 1 Feb 9 21:19 /dev/nvme1n1
brw------- 1 root root 8, 0 Feb 9 21:23 /dev/sda
brw------- 1 root root 8, 1 Feb 9 21:23 /dev/sda1
brw------- 1 root root 8, 5 Feb 9 21:23 /dev/sda5
brw------- 1 root root 8, 16 Feb 9 21:19 /dev/sdb
# Non-LUKS, non-RAID version
# fdisk -l /dev/sda
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
/dev/sda1 /boot 1G
/dev/sda2 SWAP 4G
/dev/sda3 / 50G
/dev/sda4 /home 169G
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x71de2bac
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 2099199 2097152 1G 83 Linux
/dev/sda2 2099200 10487807 8388608 4G 82 Linux swap / Solaris
/dev/sda3 10487808 115345407 104857600 50G 83 Linux
/dev/sda4 115345408 468862127 353516720 168.6G 83 Linux
# fdisk -l /dev/sdb
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
/dev/sdb1 FREE 224G
# fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 3.5 TiB, 3840755982336 bytes, 7501476528 sectors
GPT
/dev/nvme0n1p1 FREE 3.5T
# fdisk -l /dev/nvme1n1
Disk /dev/nvme1n1: 3.5 TiB, 3840755982336 bytes, 7501476528 sectors
GPT
/dev/nvme1n1p1 FREE 3.5T
#############################
# Simple partition:
d-i partman-auto/select_disk select /dev/sda
partman-auto/text/atomic_scheme ::
500 10000 1000000 ext4
$primary{ }
$bootable{ }
method{ format }
format{ }
use_filesystem{ }
filesystem{ ext4 }
mountpoint{ / } .
64 512 300% linux-swap
method{ swap }
format{ } .
####################
# Ubuntu LVM + encryption
#Partitioning
d-i partman-auto/disk string /dev/sda
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/method string crypto
d-i partman-auto/choose_recipe select boot-crypto
d-i partman-auto-lvm/new_vg_name string crypt
d-i partman-auto/expert_recipe string boot-crypto :: \
250 35 250 ext4 $primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
.\
3072 75 3072 ext4 $lvmok{ } lv_name{ root } \
in_vg { crypt } method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } mountpoint{ / } \
.\
100% 75 100% linux-swap $lvmok{ } lv_name{ swap } \
in_vg { crypt } method{ swap } format{ } \
.\
2048 50 3072 ext4 $lvmok{ } lv_name{ usr } \
in_vg { crypt } method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } mountpoint{ /usr } \
.\
512 50 1024 ext4 $lvmok{ } lv_name{ tmp } \
in_vg { crypt } method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } mountpoint{ /tmp } \
.\
256 25 1000000 ext4 $lvmok{ } lv_name{ home } \
in_vg { crypt } method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } mountpoint{ /home } \
.\
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
#########################################################################
Feb 9 22:28:49 netcfg[1038]: INFO: ethtool-lite: ens3f0: carrier up
Feb 9 22:28:49 netcfg[1038]: INFO: Found link on ens3f0
Feb 9 22:28:49 netcfg[1038]: INFO: found link on interface ens3f0, making it the default.
Feb 9 22:28:49 netcfg[1038]: INFO: Could not find valid BOOTIF= entry in /proc/cmdline
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface ens3f0
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface ens3f1
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface lo
Feb 9 22:28:49 netcfg[1038]: INFO: Activating interface ens3f0
...
Feb 9 22:29:44 md-devices: mdadm: No arrays found in config file or automatically
Feb 9 22:29:45 kernel: [ 60.363875] device-mapper: uevent: version 1.0.3
Feb 9 22:29:45 kernel: [ 60.363948] device-mapper: ioctl: 4.39.0-ioctl (2018-04-03) initialised: dm-devel@redhat.com
Feb 9 22:29:45 partman: No matching physical volumes found
Feb 9 22:29:45 partman: Reading all physical volumes. This may take a while...
##################################################################################
### GPT
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
Loading…
Cancel
Save