Compare commits
4 Commits
264177d09d
...
c5efe3b056
Author | SHA1 | Date |
---|---|---|
Jeff Moe | c5efe3b056 | 3 years ago |
Jeff Moe | fbb1bef592 | 3 years ago |
Jeff Moe | 950b1c3c36 | 3 years ago |
Jeff Moe | 2ffb2062a3 | 3 years ago |
@ -0,0 +1,23 @@
|
|||||||
|
Encrypted root partitions
|
||||||
|
|
||||||
|
RAID partitions
|
||||||
|
|
||||||
|
Move installer ssh to port other than 22
|
||||||
|
|
||||||
|
Use local debian mirror
|
||||||
|
|
||||||
|
sshd_config
|
||||||
|
|
||||||
|
vim config
|
||||||
|
|
||||||
|
Private LAN between data centers
|
||||||
|
|
||||||
|
am6 is on slower serial console ?
|
||||||
|
|
||||||
|
|
||||||
|
Set up partitioning
|
||||||
|
set up second ethernet interface
|
||||||
|
|
||||||
|
|
||||||
|
SSH keys per project, auto-generate
|
||||||
|
|
@ -0,0 +1,196 @@
|
|||||||
|
# Crypto with LVM
|
||||||
|
d-i partman-auto/disk string /dev/sda
|
||||||
|
d-i partman-auto/method string crypto
|
||||||
|
# When disk encryption is enabled, skip wiping the partitions beforehand.
|
||||||
|
d-i partman-auto-crypto/erase_disks boolean true
|
||||||
|
# max swap size
|
||||||
|
d-i partman-auto/cap-ram string 4096
|
||||||
|
# File to load for expert recipe
|
||||||
|
# d-i partman-auto/expert_recipe_file string <string>
|
||||||
|
|
||||||
|
|
||||||
|
### Description: Encryption passphrase:
|
||||||
|
# You need to choose a passphrase to encrypt ${DEVICE}.
|
||||||
|
# .
|
||||||
|
# The overall strength of the encryption depends strongly on this
|
||||||
|
# passphrase, so you should take care to choose a passphrase that is
|
||||||
|
# not easy to guess. It should not be a word or sentence found in
|
||||||
|
# dictionaries, or a phrase that could be easily associated with you.
|
||||||
|
# .
|
||||||
|
# A good passphrase will contain a mixture of letters, numbers and
|
||||||
|
# punctuation. Passphrases are recommended to have a length of 20 or
|
||||||
|
# more characters.
|
||||||
|
# d-i partman-crypto/passphrase password <password>
|
||||||
|
|
||||||
|
### Description: Re-enter passphrase to verify:
|
||||||
|
# Please enter the same passphrase again to verify that you have typed it
|
||||||
|
# correctly.
|
||||||
|
# d-i partman-crypto/passphrase-again password <password>
|
||||||
|
|
||||||
|
### Description: Devices to encrypt:
|
||||||
|
# Please select the devices to be encrypted.
|
||||||
|
# .
|
||||||
|
# You can select one or more devices.
|
||||||
|
# d-i partman-crypto/create/partitions multiselect <choice(s)>
|
||||||
|
# Possible choices: ${PARTITIONS}
|
||||||
|
|
||||||
|
|
||||||
|
#### partman-md_90_all.udeb
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# d-i partman-auto/select_disk select <choice>
|
||||||
|
d-i partman-auto/select_disk select /dev/sda
|
||||||
|
|
||||||
|
d-i partman/default_filesystem string ext4
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# ls -l /dev/sd* /dev/nvme*
|
||||||
|
crw------- 1 root root 246, 0 Feb 9 18:27 /dev/nvme0
|
||||||
|
brw------- 1 root root 259, 0 Feb 9 21:19 /dev/nvme0n1
|
||||||
|
crw------- 1 root root 246, 1 Feb 9 18:27 /dev/nvme1
|
||||||
|
brw------- 1 root root 259, 1 Feb 9 21:19 /dev/nvme1n1
|
||||||
|
brw------- 1 root root 8, 0 Feb 9 21:23 /dev/sda
|
||||||
|
brw------- 1 root root 8, 1 Feb 9 21:23 /dev/sda1
|
||||||
|
brw------- 1 root root 8, 5 Feb 9 21:23 /dev/sda5
|
||||||
|
brw------- 1 root root 8, 16 Feb 9 21:19 /dev/sdb
|
||||||
|
|
||||||
|
|
||||||
|
# Non-LUKS, non-RAID version
|
||||||
|
|
||||||
|
# fdisk -l /dev/sda
|
||||||
|
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
|
||||||
|
|
||||||
|
/dev/sda1 /boot 1G
|
||||||
|
/dev/sda2 SWAP 4G
|
||||||
|
/dev/sda3 / 50G
|
||||||
|
/dev/sda4 /home 169G
|
||||||
|
|
||||||
|
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
|
||||||
|
Units: sectors of 1 * 512 = 512 bytes
|
||||||
|
Sector size (logical/physical): 512 bytes / 4096 bytes
|
||||||
|
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
|
||||||
|
Disklabel type: dos
|
||||||
|
Disk identifier: 0x71de2bac
|
||||||
|
|
||||||
|
Device Boot Start End Sectors Size Id Type
|
||||||
|
/dev/sda1 * 2048 2099199 2097152 1G 83 Linux
|
||||||
|
/dev/sda2 2099200 10487807 8388608 4G 82 Linux swap / Solaris
|
||||||
|
/dev/sda3 10487808 115345407 104857600 50G 83 Linux
|
||||||
|
/dev/sda4 115345408 468862127 353516720 168.6G 83 Linux
|
||||||
|
|
||||||
|
# fdisk -l /dev/sdb
|
||||||
|
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
|
||||||
|
|
||||||
|
/dev/sdb1 FREE 224G
|
||||||
|
|
||||||
|
# fdisk -l /dev/nvme0n1
|
||||||
|
Disk /dev/nvme0n1: 3.5 TiB, 3840755982336 bytes, 7501476528 sectors
|
||||||
|
|
||||||
|
GPT
|
||||||
|
/dev/nvme0n1p1 FREE 3.5T
|
||||||
|
|
||||||
|
# fdisk -l /dev/nvme1n1
|
||||||
|
Disk /dev/nvme1n1: 3.5 TiB, 3840755982336 bytes, 7501476528 sectors
|
||||||
|
|
||||||
|
GPT
|
||||||
|
/dev/nvme1n1p1 FREE 3.5T
|
||||||
|
|
||||||
|
|
||||||
|
#############################
|
||||||
|
# Simple partition:
|
||||||
|
d-i partman-auto/select_disk select /dev/sda
|
||||||
|
|
||||||
|
partman-auto/text/atomic_scheme ::
|
||||||
|
|
||||||
|
500 10000 1000000 ext4
|
||||||
|
$primary{ }
|
||||||
|
$bootable{ }
|
||||||
|
method{ format }
|
||||||
|
format{ }
|
||||||
|
use_filesystem{ }
|
||||||
|
filesystem{ ext4 }
|
||||||
|
mountpoint{ / } .
|
||||||
|
|
||||||
|
64 512 300% linux-swap
|
||||||
|
method{ swap }
|
||||||
|
format{ } .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Ubuntu LVM + encryption
|
||||||
|
#Partitioning
|
||||||
|
d-i partman-auto/disk string /dev/sda
|
||||||
|
d-i partman-lvm/device_remove_lvm boolean true
|
||||||
|
d-i partman-md/device_remove_md boolean true
|
||||||
|
d-i partman-lvm/confirm boolean true
|
||||||
|
d-i partman-auto-lvm/guided_size string max
|
||||||
|
d-i partman-auto/method string crypto
|
||||||
|
d-i partman-auto/choose_recipe select boot-crypto
|
||||||
|
d-i partman-auto-lvm/new_vg_name string crypt
|
||||||
|
d-i partman-auto/expert_recipe string boot-crypto :: \
|
||||||
|
250 35 250 ext4 $primary{ } $bootable{ } \
|
||||||
|
method{ format } format{ } \
|
||||||
|
use_filesystem{ } filesystem{ ext4 } \
|
||||||
|
mountpoint{ /boot } \
|
||||||
|
.\
|
||||||
|
3072 75 3072 ext4 $lvmok{ } lv_name{ root } \
|
||||||
|
in_vg { crypt } method{ format } format{ } \
|
||||||
|
use_filesystem{ } filesystem{ ext4 } mountpoint{ / } \
|
||||||
|
.\
|
||||||
|
100% 75 100% linux-swap $lvmok{ } lv_name{ swap } \
|
||||||
|
in_vg { crypt } method{ swap } format{ } \
|
||||||
|
.\
|
||||||
|
2048 50 3072 ext4 $lvmok{ } lv_name{ usr } \
|
||||||
|
in_vg { crypt } method{ format } format{ } \
|
||||||
|
use_filesystem{ } filesystem{ ext4 } mountpoint{ /usr } \
|
||||||
|
.\
|
||||||
|
512 50 1024 ext4 $lvmok{ } lv_name{ tmp } \
|
||||||
|
in_vg { crypt } method{ format } format{ } \
|
||||||
|
use_filesystem{ } filesystem{ ext4 } mountpoint{ /tmp } \
|
||||||
|
.\
|
||||||
|
256 25 1000000 ext4 $lvmok{ } lv_name{ home } \
|
||||||
|
in_vg { crypt } method{ format } format{ } \
|
||||||
|
use_filesystem{ } filesystem{ ext4 } mountpoint{ /home } \
|
||||||
|
.\
|
||||||
|
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||||
|
d-i partman/choose_partition select finish
|
||||||
|
d-i partman/confirm boolean true
|
||||||
|
d-i partman/confirm_nooverwrite boolean true
|
||||||
|
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: ethtool-lite: ens3f0: carrier up
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: Found link on ens3f0
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: found link on interface ens3f0, making it the default.
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: Could not find valid BOOTIF= entry in /proc/cmdline
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface ens3f0
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface ens3f1
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: Taking down interface lo
|
||||||
|
Feb 9 22:28:49 netcfg[1038]: INFO: Activating interface ens3f0
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
Feb 9 22:29:44 md-devices: mdadm: No arrays found in config file or automatically
|
||||||
|
Feb 9 22:29:45 kernel: [ 60.363875] device-mapper: uevent: version 1.0.3
|
||||||
|
Feb 9 22:29:45 kernel: [ 60.363948] device-mapper: ioctl: 4.39.0-ioctl (2018-04-03) initialised: dm-devel@redhat.com
|
||||||
|
Feb 9 22:29:45 partman: No matching physical volumes found
|
||||||
|
Feb 9 22:29:45 partman: Reading all physical volumes. This may take a while...
|
||||||
|
|
||||||
|
##################################################################################
|
||||||
|
### GPT
|
||||||
|
d-i partman-basicfilesystems/choose_label string gpt
|
||||||
|
d-i partman-basicfilesystems/default_label string gpt
|
||||||
|
d-i partman-partitioning/choose_label string gpt
|
||||||
|
d-i partman-partitioning/default_label string gpt
|
||||||
|
d-i partman/choose_label string gpt
|
||||||
|
d-i partman/default_label string gpt
|
||||||
|
|
||||||
|
|
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "nothing yet"
|
||||||
|
exit
|
||||||
|
packet \
|
||||||
|
ssh-key \
|
||||||
|
--json \
|
||||||
|
get \
|
||||||
|
2>/dev/null
|
||||||
|
|
@ -0,0 +1,46 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# eqx-market-convert-spot
|
||||||
|
# Convert a "spot" server into "on demand" server
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
# eqx-market-convert-spot [device id]
|
||||||
|
# Example:
|
||||||
|
# eqx-market-convert-spot 00000001-2000-3000-4000-500000000000
|
||||||
|
|
||||||
|
EQXTOKEN=`cat ~/.packet-cli.json | jq ".token" --raw-output`
|
||||||
|
EQXDEVICEID="$1"
|
||||||
|
|
||||||
|
if [[ $1 == "" ]]
|
||||||
|
then \
|
||||||
|
echo -e "Need device ID"
|
||||||
|
echo -e "To get device IDs in a project, run:"
|
||||||
|
echo -e "eqx-get-project-devices [project name]"
|
||||||
|
echo
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
EQXFACILITY=`eqx-get-deviceid-facility $EQXDEVICEID`
|
||||||
|
generate_post_data()
|
||||||
|
{
|
||||||
|
cat <<EOF
|
||||||
|
{
|
||||||
|
"facility": "$EQXFACILITY",
|
||||||
|
"spot_instance": false
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Is spot? `eqx-market-deviceid-spot $EQXDEVICEID`"
|
||||||
|
|
||||||
|
echo "Converting to on demand..."
|
||||||
|
|
||||||
|
curl \
|
||||||
|
-X PUT \
|
||||||
|
--silent \
|
||||||
|
--header 'Content-Type: application/json' \
|
||||||
|
--header "X-Auth-Token: ${EQXTOKEN}" \
|
||||||
|
"https://api.equinix.com/metal/v1/devices/$EQXDEVICEID" \
|
||||||
|
--data "$(generate_post_data)" 1>/dev/null 2>/dev/null
|
||||||
|
|
||||||
|
echo "Is spot? `eqx-market-deviceid-spot $EQXDEVICEID`"
|
||||||
|
|
@ -0,0 +1,37 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# eqx-market-convert-spot-project
|
||||||
|
# Convert all the devices in a project from spot to on demand pricing.
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
# eqx-market-convert-spot-project [project name]
|
||||||
|
# Example:
|
||||||
|
# eqx-market-convert-spot-project fooproject
|
||||||
|
|
||||||
|
EQXPROJECT="$1"
|
||||||
|
|
||||||
|
if [[ $1 == "" ]]
|
||||||
|
then \
|
||||||
|
echo -e "Need project name, such as:\n"
|
||||||
|
eqx-get-project-names
|
||||||
|
echo
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
EQXPROJECTID=`eqx-get-project-uuid $EQXPROJECT`
|
||||||
|
|
||||||
|
EQXDEVICEIDS=`packet \
|
||||||
|
device \
|
||||||
|
get \
|
||||||
|
--json \
|
||||||
|
--project-id \
|
||||||
|
$EQXPROJECTID \
|
||||||
|
2>/dev/null \
|
||||||
|
| jq '.[].id' | \
|
||||||
|
sed -e 's/"//g'`
|
||||||
|
|
||||||
|
for i in $EQXDEVICEIDS
|
||||||
|
do \
|
||||||
|
echo "Converting $i ..."
|
||||||
|
eqx-market-convert-spot $i
|
||||||
|
done
|
||||||
|
|
@ -0,0 +1,18 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# eqx-market-spot-history
|
||||||
|
|
||||||
|
|
||||||
|
# curl -X GET -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/market/spot/prices
|
||||||
|
|
||||||
|
EQXTOKEN=`cat ~/.packet-cli.json | jq ".token" --raw-output`
|
||||||
|
|
||||||
|
curl \
|
||||||
|
--silent \
|
||||||
|
-X GET \
|
||||||
|
--header 'Accept: application/json' \
|
||||||
|
--header "X-Auth-Token: ${EQXTOKEN}" \
|
||||||
|
'https://api.equinix.com/metal/v1/market/spot/prices'
|
||||||
|
|
||||||
|
|
||||||
|
# jq '.spot_market_prices.da11."c3.small.x86".price'
|
||||||
|
|
Loading…
Reference in new issue