Last active
July 31, 2016 13:17
-
-
Save jlgaddis/87817a62e8ae7a0f1f9de395de136920 to your computer and use it in GitHub Desktop.
Ubuntu 16.04.1 ("Xenial") Installation with ZFS on Root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # WFM. YMMV. No purchase necessary. Void where prohibited. | |
| # | |
| # dd if=/dev/zero of=/dev/sda bs=512 count=2048 seek=210996000 | |
| # dd if=/dev/zero of=/dev/sda bs=512 count=4096 | |
| sgdisk --zap-all /dev/sda | |
| wipefs --all /dev/sda | |
| apt-add-repository universe | |
| apt update | |
| apt install -y zfsutils-linux debootstrap | |
| parted -- /dev/sda mklabel msdos Y | |
| parted -- /dev/sda mkpart primary zfs 0% 90% | |
| echo 'KERNEL=="sd*[!0-9]", IMPORT{parent}=="ID_*", SYMLINK+="$env{ID_BUS}-$env{ID_SERIAL}"' >> /etc/udev/rules.d/90-zfs.rules | |
| echo 'KERNEL=="sd*[0-9]", IMPORT{parent}=="ID_*", SYMLINK+="$env{ID_BUS}-$env{ID_SERIAL}-part%n"' >> /etc/udev/rules.d/90-zfs.rules | |
| udevadm trigger | |
| zpool create -m none -o ashift=12 zroot /dev/sda1 | |
| zfs set mountpoint=none zroot | |
| zfs set checksum=fletcher4 zroot | |
| zfs set atime=off zroot | |
| zfs set relatime=off zroot | |
| zpool export zroot | |
| zpool import -d /dev/disk/by-id/ -R /mnt zroot | |
| zfs create -o mountpoint=none -o canmount=off -o readonly=on -o reservation=10G zroot/reserved | |
| zfs create -o mountpoint=/ -o zroot/nightstand | |
| zfs create -o mountpoint=none zroot/nightstand/usr | |
| zfs create -o mountpoint=/usr/local zroot/nightstand/usr/local | |
| zfs create -o mountpoint=/var zroot/nightstand/var | |
| zfs create -o compression=lz4 -o exec=off -o setuid=off zroot/nightstand/var/backups | |
| zfs create -o compression=lz4 -o exec=off -o setuid=off zroot/nightstand/var/cache | |
| zfs create -o compression=lz4 -o setuid=off zroot/nightstand/var/tmp | |
| zfs create -o mountpoint=/home -o compression=lz4 -o setuid=off zroot/home | |
| zfs create zroot/home/bofh | |
| zfs create -o mountpoint=/opt -o compression=lz4 -o setuid=off zroot/opt | |
| zfs create -o mountpoint=/srv -o compression=lz4 -o setuid=off zroot/srv | |
| zfs create -o mountpoint=/tmp -o compression=lz4 -o setuid=off zroot/tmp | |
| zfs create -o mountpoint=none zroot/var | |
| zfs create -o mountpoint=/var/log -o compression=lz4 -o exec=off -o setuid=off zroot/var/log | |
| zfs create -o mountpoint=/var/mail -o compression=lz4 -o exec=off -o relatime=on -o setuid=off zroot/var/mail | |
| chmod 1777 /mnt/tmp /mnt/var/tmp | |
| debootstrap xenial /mnt | |
| zfs set devices=off zroot | |
| grep -v cdrom /etc/apt/sources.list > /mnt/etc/apt/sources.list | |
| cp /etc/udev/rules.d/90-zfs.rules /mnt/etc/udev/rules.d/90-zfs.rules | |
| echo nightstand > /mnt/etc/hostname | |
| echo "127.0.1.1 nightstand" > /mnt/etc/hosts | |
| export INTERFACE=$(ip addr list | grep ^[0-9]: | grep -v lo | awk '{ print $2 }' | cut -d ":" -f 1 | head -n 1) | |
| echo "auto $INTERFACE" >> /mnt/etc/network/interfaces.d/$INTERFACE | |
| echo "iface $INTERFACE inet dhcp" >> /mnt/etc/network/interfaces.d/$INTERFACE | |
| cat << EOF >> /mnt/etc/fstab | |
| zroot/home /home zfs defaults,noatime,nodev,nosuid 0 0 | |
| zroot/home/bofh /home/bofh zfs defaults,noatime,nodev,nosuid 0 0 | |
| zroot/opt /opt zfs defaults,noatime,nodev,nosuid 0 0 | |
| zroot/srv /srv zfs defaults,noatime,nodev,nosuid 0 0 | |
| zroot/tmp /tmp zfs defaults,noatime,nodev,nosuid 0 0 | |
| zroot/nightstand/usr/local /usr/local zfs defaults,noatime,nodev 0 0 | |
| zroot/nightstand/var /var zfs defaults,noatime 0 0 | |
| zroot/nightstand/var/backups /var/backups zfs defaults,noatime,nodev,noexec,nosuid 0 0 | |
| zroot/nightstand/var/cache /var/cache zfs defaults,noatime,nodev,noexec,nosuid 0 0 | |
| zroot/nightstand/var/tmp /var/tmp zfs defaults,noatime,nodev,nosuid 0 0 | |
| zroot/var/log /var/log zfs defaults,noatime,nodev,noexec,nosuid 0 0 | |
| zroot/var/mail /var/mail zfs defaults,nodev,noexec,nosuid,relatime 0 0 | |
| EOF | |
| for FS in dev dev/pts proc sys ; do mount --bind /$FS /mnt/$FS ; done | |
| chroot /mnt /bin/bash --login | |
| locale-gen en_US.UTF-8 | |
| echo 'LANG="en_US.UTF-8"' >> /etc/default/locale | |
| apt update | |
| apt install -y zfsutils-linux zfs-initramfs grub-pc linux-image-generic openssh-server | |
| dpkg-reconfigure tzdata | |
| update-initramfs -c -k all | |
| sed -i '/^GRUB_TIMEOUT=/s/10$/3/' /etc/default/grub | |
| sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT\)=.*/\1=""/g' /etc/default/grub | |
| sed -i 's|^\(GRUB_HIDDEN_TIMEOUT=.*\)|#\1|g' /etc/default/grub | |
| sed -i 's/^\(GRUB_CMDLINE_LINUX\)="\(.*\)"/\1="boot=zfs \2"/g' /etc/default/grub | |
| ln -s /proc/mounts /etc/mtab | |
| update-grub | |
| groupadd -g 2222 ssh-ok | |
| groupadd -g 2525 ansible | |
| useradd -c ansible -d /home/ansible -g ansible -G ssh-ok -m -s /bin/bash -u 2525 ansible | |
| groupadd -g 4242 bofh | |
| useradd -c bofh -d /home/bofh -g bofh -G adm,dialout,plugdev,ssh-ok -s /bin/bash -u 4242 bofh | |
| find /etc/skel -exec cp {} /home/bofh/. \; | |
| echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible | |
| echo "bofh ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/bofh | |
| mkdir /home/ansible/.ssh /home/bofh/.ssh | |
| echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwZK5kGHXD0lEjlATawBjTNmJqNnTXrZh87keJnbUzJCCkLpDyf7G4PgSDWOoYmA97SBNgXHrZ0P3YChvlaF2LiSdc8AJjCnNI4y8yZ1ASHoAVxNPnhu3wEdwxyF5jOH+I7D9V3/UlUinLkHxIoJHiEIVAK+adti6gyTq/KRntYoC6eByd79PshIggt+SF+kiv9gWMHTT+bw5GqmC80XPhSiD830CAvERXpwcSHRAjpbDMUz4fDIgCnnZZJIvp63snWdOO8O4+p+ZoYqpU4LExp/dshtRU+c5H6nTWukdMkYGAfAztBO/XXW+bcoZozWONKQ5jCz50pn+t51lPG530x5SXhWozB+uQT0kgvYMVfRRXV53ZpsqpJ+voSLfQQjbbYhTN5rJOrHNFfHycoB8Wf36dh7m4NfxL742Wb95YCqfSgSa4PGh3cGTSuU81KoNTaS2vePpxpPGix3YMPWKAhPXUIlwMk5g0BwcPXpAhalgT6qjWCo9J+g5wmq7dXK50jPNPAQz3y+Tu5KYyWZ1koy+T6xxINb/t4FX4veYy1BEQmVJW2q/lZGY0OjVGQlBd7Iwso15spYGsZtSM/FfrV2YC2IZ4FTfdPPzP62lhlg3ol3UmX6x1exVFq9q0/STpdOKpAwMPaxuTlTp48nBhsSrQsrmqTA8IaFjG0b8QNw==' > /home/ansible/.ssh/authorized_keys | |
| echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwZK5kGHXD0lEjlATawBjTNmJqNnTXrZh87keJnbUzJCCkLpDyf7G4PgSDWOoYmA97SBNgXHrZ0P3YChvlaF2LiSdc8AJjCnNI4y8yZ1ASHoAVxNPnhu3wEdwxyF5jOH+I7D9V3/UlUinLkHxIoJHiEIVAK+adti6gyTq/KRntYoC6eByd79PshIggt+SF+kiv9gWMHTT+bw5GqmC80XPhSiD830CAvERXpwcSHRAjpbDMUz4fDIgCnnZZJIvp63snWdOO8O4+p+ZoYqpU4LExp/dshtRU+c5H6nTWukdMkYGAfAztBO/XXW+bcoZozWONKQ5jCz50pn+t51lPG530x5SXhWozB+uQT0kgvYMVfRRXV53ZpsqpJ+voSLfQQjbbYhTN5rJOrHNFfHycoB8Wf36dh7m4NfxL742Wb95YCqfSgSa4PGh3cGTSuU81KoNTaS2vePpxpPGix3YMPWKAhPXUIlwMk5g0BwcPXpAhalgT6qjWCo9J+g5wmq7dXK50jPNPAQz3y+Tu5KYyWZ1koy+T6xxINb/t4FX4veYy1BEQmVJW2q/lZGY0OjVGQlBd7Iwso15spYGsZtSM/FfrV2YC2IZ4FTfdPPzP62lhlg3ol3UmX6x1exVFq9q0/STpdOKpAwMPaxuTlTp48nBhsSrQsrmqTA8IaFjG0b8QNw==' > /home/bofh/.ssh/authorized_keys | |
| chmod 0700 /home/{ansible,bofh} /home/{ansible,bofh}/.ssh | |
| chmod 0600 /home/{ansible,bofh}/.ssh/authorized_keys /etc/sudoers.d/{ansible,bofh} | |
| chown -R ansible:ansible /home/ansible | |
| chown -R bofh:bofh /home/bofh | |
| exit | |
| for FS in dev/pts dev proc sys ; do umount /mnt/$FS ; done | |
| zfs umount zroot/home/bofh | |
| zfs umount zroot/home | |
| zfs umount zroot/nightstand/usr/local | |
| zfs umount zroot/nightstand/var/backups | |
| zfs umount zroot/nightstand/var/cache | |
| zfs umount zroot/nightstand/var/tmp | |
| zfs umount zroot/opt | |
| zfs umount zroot/srv | |
| zfs umount zroot/tmp | |
| zfs umount zroot/var/log | |
| zfs umount zroot/var/mail | |
| zfs umount zroot/nightstand/var | |
| zfs set mountpoint=legacy zroot/home/bofh | |
| zfs set mountpoint=legacy zroot/home | |
| zfs set mountpoint=legacy zroot/nightstand/usr/local | |
| zfs set mountpoint=legacy zroot/nightstand/var/backups | |
| zfs set mountpoint=legacy zroot/nightstand/var/cache | |
| zfs set mountpoint=legacy zroot/nightstand/var/tmp | |
| zfs set mountpoint=legacy zroot/opt | |
| zfs set mountpoint=legacy zroot/srv | |
| zfs set mountpoint=legacy zroot/tmp | |
| zfs set mountpoint=legacy zroot/var/log | |
| zfs set mountpoint=legacy zroot/var/mail | |
| zfs set mountpoint=legacy zroot/nightstand/var | |
| grub-probe /mnt | |
| grub-install --root-directory=/mnt /dev/sda | |
| zfs umount zroot/nightstand | |
| reboot | |
| # At this point the system should be usable, for the most part. | |
| ########## NOTES ########## | |
| N.B.: I forgot to create a swap partition. Fix: | |
| # apt install parted | |
| # parted -- /dev/sda mkpart primary linux-swap 90% 92% | |
| # echo '/dev/sda2 none swap defaults 0 0' >> /etc/fstab | |
| # mkswap /dev/sda2 && swapon /dev/sda2 | |
| ----- | |
| Ansible needs Python 2, but Xenial ships with Python 3. Fix: | |
| # apt install python-minimal | |
| ----- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment