Simulate an instalation using chroot on an Qemu machine
See this Qemu script to start an virtual machine on windows 10 with one disk to boot, 4 disks to simulate an RAID and 1 usbdisk, and 2 nic devices
Start Alpine from iso file and setup to save config into usbdisk
Hint: first user is root with no password
OBS: Do not setup disks yet
echo -e "/dev/sdf1\t/media/usb\tvfat\trw\t0\t0" > /etc/fstab
mount /media/usb
setup-alpine
sed -i '/cdrom/s/cdrom/sr0/' /etc/apk/repositories
apk update
apk add btrfs-progs e2fsprogs
modprobe btrfs
modprobe ext4
echo "btrfs" >> /etc/modules
echo "ext4" >> /etc/modules
fdisk /dev/sde # option n and w
mkfs.ext4 /dev/sde1
mkfs.btrfs -d raid1 -m raid1 -f /dev/sda /dev/sdb /dev/sdc /dev/sdd
/sbin/btrfs device scan
mount -t btrfs UUID=4e48a335-a9a6-4c32-b349-d95f998c4211 /mnt
mkdir /mnt/Alpine
btrfs subvol create /mnt/Alpine/rootfs
umount /mnt
echo -e "UUID=4e48a335-a9a6-4c32-b349-d95f998c4211\t/mnt\tbtrfs\tnoatime,nodiratime,subvol=Alpine/rootfs\t0\t1" >> /etc/fstab
mount /mnt
# btrfs hack
sed -i '/btrfs/s/^U/#U/' /etc/fstab
mkdir /mnt/boot
echo -e "/dev/sde1\t/mnt/boot\text4\tdefaults\t0\t0" >> /etc/fstab
mount /mnt/boot
umount /mnt/boot
umount /mnt
cat > /etc/init.d/btrfs-scan <<'EOF'
#!/sbin/openrc-run
name="btrfs-scan"
depend() {
before localmount
}
start() {
/sbin/btrfs device scan
}
EOF
chmod +x /etc/init.d/btrfs-scan
rc-update add btrfs-scan boot
sync
lbu commit -v usb
umount /media/usb
btrfs filesystem show
Label: none uuid: 4e48a335-a9a6-4c32-b349-d95f998c4211
Total devices 4 FS bytes used 128.00KiB
devid 1 size 32.00GiB used 0.00B path /dev/sda
devid 2 size 32.00GiB used 0.00B path /dev/sdb
devid 3 size 32.00GiB used 2.01GiB path /dev/sdc
devid 4 size 32.00GiB used 2.01GiB path /dev/sdd
cat > /etc/local.d/hack.start <<'EOF'
#!/bin/sh
apk aupdate
apk add btrfs-progs
/sbin/btrfs device scan
umount /mnt/boot
sed -i '/btrfs/s/^#//' /etc/fstab
mount /mnt
mount /mnt/boot
umount /media/sdf1
mount /media/usb
EOF
chmod +x /etc/local.d/hack.start
cat > /etc/local.d/hack.stop <<'EOF'
#!/bin/sh
sed -i '/btrfs/s/^U/#U/' /etc/fstab
umount /mnt/boot
umount /mnt
umount /media/usb
EOF
chmod +x /etc/local.d/hack.stop
cat > /etc/conf.d/local <<'EOF'
rc_verbose=yes
EOF
rc-update add local default
sed -i '/btrfs/s/^U/#U/' /etc/fstab
sync
lbu commit -v usb
sed -i '/PermitRootLogin/s/prohibit-password/yes/' /etc/ssh/sshd_config
sed -i '/PermitRootLogin yes/s/^#//' /etc/ssh/sshd_config
passwd
service sshd restart
cd /mnt/
wget http://linorg.usp.br/AlpineLinux/latest-stable/main/x86_64/apk-tools-static-2.10.5-r1.apk
tar -xzf apk-tools-static-*.apk
./sbin/apk.static -X http://linorg.usp.br/AlpineLinux/latest-stable/main -U \
--allow-untrusted --arch x86_64 \
--root /mnt --initdb add \
acct musl-utils alpine-base alpine-mirrors \
linux-lts mkinitfs linux-firmware xtables-addons-lts \
e2fsprogs btrfs-progs dosfstools lvm2 mdadm iptables \
grub grub-bios pigz mkinitfs xfsprogs ssl_client \
bridge ip6tables iptables-doc
./sbin/apk.static -X http://linorg.usp.br/AlpineLinux/latest-stable/main -U \
--allow-untrusted --arch x86_64 \
--root /mnt --initdb add acf-core mini_httpd haserl lua \
acf-openssh openssh chrony acf-chrony kbd-bkeymaps \
acf-alpine-baselayout acf-dnsmasq dnsmasq acf-samba \
tzdata acf-openssl acf-apk-tools acf-alpine-conf acf-iptables \
lxc lxcfs lxc-templates debootstrap rsync gnupg xz \
docker docker-compose iputils iproute2 drill
cd /mnt/
mkdir -p ./root/config-backups
echo LBU_BACKUPDIR=/root/config-backups >> ./etc/lbu/lbu.conf
cat > ./etc/resolv.conf <<-EOF
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2620:0:ccc::2
nameserver 2001:470:20::2
EOF
cat > ./etc/network/interfaces <<-EOF
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
bridge-ports eth0
bridge-stp 0
bridge_maxwait 0
address 192.168.1.1
netmask 255.255.255.0
hostname alpine1
auto lxc0
iface lxc0 inet static
bridge-ports dummy0
bridge-stp 0
address 192.168.10.1
netmask 255.255.255.0
hostname alpine1
auto eth1
iface eth1 inet dhcp
udhcpc_opts -O search
hostname alpine1
iface eth1 inet6 manual
pre-up echo 1 > /proc/sys/net/ipv6/conf/eth1/accept_ra
EOF
mkdir -p ./etc/apk
cat > ./etc/apk/repositories <<-EOF
http://linorg.usp.br/AlpineLinux/v3.12/main
http://linorg.usp.br/AlpineLinux/v3.12/community
EOF
rmdir -p ./media/cdrom
rmdir -p ./media/floppy
sed -i '/ttyS0/s/^#ttyS0/ttyS0/' ./etc/inittab
echo ttyS0 >> ./etc/securetty
echo -e features=\"ata base bootchart ide nvme cdrom ext4 keymap kms mmc raid scsi usb virtio dhcp network https lvm squashfs ubifs btrfs ext4 ext2 f2fs xfs\" > ./etc/mkinitfs/mkinitfs.conf
mkdir -p ./etc/default
cat > ./etc/default/grub <<- EOF
GRUB_TIMEOUT=2
GRUB_DISABLE_SUBMENU=y
GRUB_DISABLE_RECOVERY=true
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 --rtscts=off"
GRUB_CMDLINE_LINUX_DEFAULT="rootwait modules=sd-mod,usb-storage,btrfs,ext4 rootfstype=btrfs nomodeset console=tty0 console=ttyS0,115200n8 cgroup_enable=memory swapaccount=1"
EOF
cat > ./etc/fstab <<-EOF
# <fs> <mountpoint> <type> <opts> <dump/pass>
UUID=4e48a335-a9a6-4c32-b349-d95f998c4211 / btrfs subvol=Alpine/rootfs,noatime,nodiratime,noacl,nossd 0 1
UUID=3b5c772a-40cd-4a42-b69c-2b9a26155b6e /boot ext4 defaults 0 1
cgroup /sys/fs/cgroup cgroup defaults 0 0
EOF
mkdir -p ./etc/acf
echo "root:x:Admin account:ADMIN" > ./etc/acf/passwd
chmod 600 ./etc/acf/passwd
mv ./var/www/localhost/htdocs ./var/www/localhost/htdocs.old
mkdir -p ./var/www/localhost/
mkdir -p ./etc/ssl/mini_httpd
cat > ./etc/ssl/mini_httpd/mini_httpd.cnf <<-EOF
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
OU=HTTPS server
CN=alpine1
emailAddress=vanaware@vanaware.com
[ cert_type ]
nsCertType = server
EOF
openssl genrsa 2048 > ./etc/ssl/mini_httpd/server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key ./etc/ssl/mini_httpd/server.key \
-config ./etc/ssl/mini_httpd/mini_httpd.cnf > ./etc/ssl/mini_httpd/server.crt
cat ./etc/ssl/mini_httpd/server.key >> ./etc/ssl/mini_httpd/server.crt
rm ./etc/ssl/mini_httpd/server.key
mv ./etc/ssl/mini_httpd/server.crt ./etc/ssl/mini_httpd/server.pem
mkdir -p ./etc/mini_httpd
cat > ./etc/mini_httpd/mini_httpd.conf <<-EOF
nochroot
dir=/var/www/localhost/htdocs
user=nobody
cgipat=cgi-bin**
certfile=/etc/ssl/mini_httpd/server.pem
port=443
ssl
host=192.168.1.1
EOF
mkdir -p ./var/cache/apk
echo "alpine1" > ./etc/hostname
cat > ./etc/hosts <<-EOF
192.168.1.1 alpine1.casa
#2001:470:ffff:ff::1 alpine1.casa
::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
EOF
mkdir -p ./etc/zoneinfo/America/
cp ./usr/share/zoneinfo/America/Sao_Paulo ./etc/zoneinfo/America/Sao_Paulo
echo "America/Sao_Paulo" | tee ./etc/timezone
mkdir -p ./etc/keymap
cp ./usr/share/bkeymaps/pt/pt.bmap.gz ./etc/keymap/pt.bmap.gz
echo KEYMAP=/etc/keymap/pt.bmap.gz >> ./etc/conf.d/loadkmap
echo "net.ipv4.ip_forward = 1" > ./etc/sysctl.d/ip_forward.conf
echo "options dummy numdummies=1" > ./etc/modprobe.d/dummy.conf
echo "dummy" >> ./etc/modules
echo "ipv6" >> ./etc/modules
mkdir -p ./etc/docker/
cat > ./etc/docker/daemon.json <<-EOF
{
"userns-remap": "dockremap",
"experimental": false,
"live-restore": true,
"ipv6": false,
"icc": false,
"no-new-privileges": false
}
EOF
cat >> ./etc/cgconfig.conf <<EOF
mount {
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
}
EOF
cd /mnt/
mount --bind /dev ./dev
mount -t devpts devpts ./dev/pts -o nosuid,noexec
mount -t sysfs sys ./sys -o nosuid,nodev,noexec,ro
mount -t proc proc ./proc -o nosuid,nodev,noexec
mount -t tmpfs tmp ./tmp -o mode=1777,nosuid,nodev,strictatime
mount -t tmpfs run ./run -o mode=0755,nosuid,nodev
mount -t tmpfs shm ./dev/shm -o mode=1777,nosuid,nodev
chroot . /usr/bin/env -i SHELL=/bin/sh HOME=/root TERM="$TERM" \
PATH=/usr/sbin:/usr/bin:/sbin:/bin PS1='chroot # ' /bin/sh -l "$@"
rc-update add devfs sysinit
rc-update add dmesg sysinit
rc-update add mdev sysinit
rc-update add hwdrivers sysinit
rc-update add cgroups sysinit
rc-update add hwclock boot
rc-update add modules boot
rc-update add sysctl boot
rc-update add hostname boot
rc-update add bootmisc boot
rc-update add syslog boot
rc-update add swap boot
rc-update add networking boot
rc-update add urandom boot
rc-update add loadkmap boot
rc-update add mount-ro shutdown
rc-update add killprocs shutdown
rc-update add savecache shutdown
rc-update add sshd default
rc-update add chronyd default
rc-update add mini_httpd default
rc-update add dnsmasq default
rc-update add iptables default
rc-update add ip6tables default
rc-update add lxc default
rc-update add docker boot
# force update of dependency cache
rc-update --update
passwd
acfpasswd -s root
ln -s /usr/share/acf/www/ /var/www/localhost/htdocs
lbu add /var/www/localhost/htdocs
ln -s /var/cache/apk /etc/apk/cache
ln -sf /etc/zoneinfo/America/Sao_Paulo /etc/localtime
grub-install /dev/sde
grub-mkconfig -o /boot/grub/grub.cfg
mkinitfs $(ls /lib/modules/)
adduser -SDHs /sbin/nologin dockremap
addgroup -S dockremap
echo dockremap:$(cat /etc/passwd|grep dockremap|cut -d: -f3):65536 >> /etc/subuid
echo dockremap:$(cat /etc/passwd|grep dockremap|cut -d: -f4):65536 >> /etc/subgid
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface br0 -j ACCEPT
iptables --append FORWARD --in-interface lxc0 -j ACCEPT
/etc/init.d/iptables save
lbu commit -v
cd /mnt
umount ./dev/shm
umount ./run
umount ./tmp
umount ./proc
umount ./sys
umount ./dev/pts
umount ./dev
https://nparsons.uk/blog/using-btrfs-on-alpine-linux