[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #32937 [Internal Services/Tor Sysadmin Team]: install a new node in the gnt-fsn cluster (fsn-node-03)
#32937: install a new node in the gnt-fsn cluster (fsn-node-03)
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: anarcat
Type: project | Status:
| accepted
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by anarcat):
okay, after help from MrFai on IRC, I got this config to work, which is
pretty frigging awesome:
{{{
# open questions
# --align=optimal?
# leave keys in /tmp/fai or specify passphrase?
# use sameas: to set all disk names earlier?
# bios_grub flag?
disk_config nvme0n1 disklabel:gpt bootable:2
# bios grub second stage
primary - 8MiB - -
# /boot
primary - 512MiB - -
# rest is RAID+LUKS+LVM
primary - 0- - -
disk_config nvme1n1 disklabel:gpt bootable:2
# same as above
primary - 8MiB - -
primary - 512MiB - -
primary - 0- - -
disk_config sda disklabel:gpt
primary - 0- - -
disk_config sdb disklabel:gpt
primary - 0- - -
disk_config raid fstabkey:uuid
raid1 /boot nvme0n1p2,nvme1n1p2 ext4 rw,noatime,errors=remount-
ro
raid1 - nvme0n1p3,nvme1n1p3 - -
raid1 - sda1,sdb1 - -
# FAI defaults to -c aes-xts-plain64 -s 256
disk_config cryptsetup
luks - /dev/md1 - -
luks - /dev/md2 - -
disk_config lvm fstabkey:uuid
# previous convention was "vg_$hostname"
vg vg_nvme md1
vg_nvme-root / 30G ext4 rw
vg_nvme-swap swap 1G swap sw
vg vg_hdd md2
# HDD disks config intentionally left blank
}}}
This gives us the following non-verbose run, which is also pretty awesome:
{{{
root@rescue ~ # setup-storage -f setup-storage-fsn-node-3 -X
Starting setup-storage 2.2
Using config file: setup-storage-fsn-node-3
No volume groups found.
Executing: wipefs -af /dev/nvme0n1p1
Executing: wipefs -af /dev/nvme1n1p1
Executing: mdadm --stop --scan
Executing: mdadm --assemble --scan --config=/tmp/fai/mdadm-from-
examine.conf
Executing: mdadm -W --stop /dev/md0
Executing: mdadm -W --stop /dev/md1
Executing: mdadm -W --stop /dev/md2
Executing: head -c 2048 /dev/urandom | od | tee /tmp/fai/crypt_dev_md1
Executing: head -c 2048 /dev/urandom | od | tee /tmp/fai/crypt_dev_md2
Executing: wipefs -af /dev/nvme0n1p2
Executing: wipefs -af /dev/nvme0n1p3
Executing: parted -s /dev/nvme0n1 mklabel gpt
Executing: parted -s /dev/nvme0n1 mkpart primary "" 1048576B 9437183B
Executing: parted -s /dev/nvme0n1 mkpart primary "" 9437184B 546308095B
Executing: parted -s /dev/nvme0n1 set 2 boot on
Executing: parted -s /dev/nvme0n1 mkpart primary "" 546308096B
960197107199B
Executing: wipefs -af /dev/sdb1
Executing: parted -s /dev/sdb mklabel gpt
Executing: parted -s /dev/sdb mkpart primary "" 1048576B 10000831331839B
Executing: wipefs -af /dev/sda1
Executing: parted -s /dev/sda mklabel gpt
Executing: parted -s /dev/sda mkpart primary "" 1048576B 10000831331839B
Executing: wipefs -af /dev/nvme1n1p2
Executing: wipefs -af /dev/nvme1n1p3
Executing: parted -s /dev/nvme1n1 mklabel gpt
Executing: parted -s /dev/nvme1n1 mkpart primary "" 1048576B 9437183B
Executing: parted -s /dev/nvme1n1 mkpart primary "" 9437184B 546308095B
Executing: parted -s /dev/nvme1n1 set 2 boot on
Executing: parted -s /dev/nvme1n1 mkpart primary "" 546308096B
960197107199B
Executing: parted -s /dev/nvme1n1 set 2 raid on
Executing: parted -s /dev/nvme0n1 set 2 raid on
Executing: parted -s /dev/nvme0n1 set 3 raid on
Executing: parted -s /dev/nvme1n1 set 3 raid on
Executing: parted -s /dev/sdb set 1 raid on
Executing: parted -s /dev/sda set 1 raid on
Executing: yes | mdadm --create /dev/md0 --level=raid1 --force --run
--raid-devices=2 /dev/nvme1n1p2 /dev/nvme0n1p2
Executing: mkfs.ext4 /dev/md0
Executing: yes | mdadm --create /dev/md1 --level=raid1 --force --run
--raid-devices=2 /dev/nvme0n1p3 /dev/nvme1n1p3
Executing: yes | mdadm --create /dev/md2 --level=raid1 --force --run
--raid-devices=2 /dev/sdb1 /dev/sda1
Executing: yes YES | cryptsetup luksFormat /dev/md1 /tmp/fai/crypt_dev_md1
Executing: cryptsetup luksOpen /dev/md1 crypt_dev_md1 --key-file
/tmp/fai/crypt_dev_md1
Executing: yes YES | cryptsetup luksFormat /dev/md2 /tmp/fai/crypt_dev_md2
Executing: cryptsetup luksOpen /dev/md2 crypt_dev_md2 --key-file
/tmp/fai/crypt_dev_md2
Executing: pvcreate -ff -y /dev/mapper/crypt_dev_md2
Executing: vgcreate vg_hdd /dev/mapper/crypt_dev_md2
Executing: vgchange -a y vg_hdd
Executing: pvcreate -ff -y /dev/mapper/crypt_dev_md1
Executing: vgcreate vg_nvme /dev/mapper/crypt_dev_md1
Executing: vgchange -a y vg_nvme
Executing: lvcreate --yes -n root -L 30720 vg_nvme
Executing: mkfs.ext4 /dev/vg_nvme/root
Executing: lvcreate --yes -n swap -L 1024 vg_nvme
Executing: mkswap /dev/vg_nvme/swap
/dev/md0 UUID=4bfcb3a7-c549-4c1b-be3a-ff2f5648525e
/dev/vg_nvme/swap UUID=71656b76-e3c0-46e0-b171-a6ff78fcd5c4
/dev/vg_nvme/root UUID=f96dc710-9044-485a-9120-3075f28aa697
}}}
This also leaves configuration files in `/tmp/fai`, including
`mdadm.conf`, `fstab`, (broken) crypttab (because it requires keyfiles)
and the two luks keyfiles.
i'll start with this and move ahead with the next step of the install
process.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32937#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs