... | ... | @@ -2640,9 +2640,15 @@ be reclaimed eventually. |
|
|
|
|
|
cumin -p 0 'C:roles::ganeti::chi' 'puppet agent -t'
|
|
|
|
|
|
10. partition the extra disks:
|
|
|
|
|
|
mdadm --create --verbose --level=10 --metadata=1.2 --raid-devices=6 /dev/md2 /dev/sd[abcdef] &&
|
|
|
10. partition the extra disks, SSD:
|
|
|
|
|
|
for disk in /dev/sd[abcdef]; do
|
|
|
parted -s $disk mklabel gpt;
|
|
|
parted -s $disk -a optimal mkpart primary 0% 100%;
|
|
|
done &&
|
|
|
mdadm --create --verbose --level=10 --metadata=1.2 --raid-devices=6 /dev/md2 /dev/sd[abcdef]1 &&
|
|
|
dd if=/dev/random bs=64 count=128 of=/etc/luks/crypt_dev_md2 &&
|
|
|
chmod 0 /etc/luks/crypt_dev_md2 &&
|
|
|
cryptsetup luksFormat --key-file=/etc/luks/crypt_dev_md2 /dev/md2 &&
|
|
|
cryptsetup luksOpen --key-file=/etc/luks/crypt_dev_md2 /dev/md2 crypt_dev_md2 &&
|
|
|
pvcreate /dev/mapper/crypt_dev_md2 &&
|
... | ... | @@ -2650,10 +2656,28 @@ be reclaimed eventually. |
|
|
echo crypt_dev_md2 UUID=$(lsblk -n -o UUID /dev/md2 | head -1) /etc/luks/crypt_dev_md2 luks,discard >> /etc/crypttab &&
|
|
|
update-initramfs -u
|
|
|
|
|
|
NVMe:
|
|
|
|
|
|
for disk in /dev/nvme[23]n1; do
|
|
|
parted -s $disk mklabel gpt;
|
|
|
parted -s $disk -a optimal mkpart primary 0% 100%;
|
|
|
done &&
|
|
|
mdadm --create --verbose --level=1 --metadata=1.2 --raid-devices=2 /dev/md3 /dev/nvme2n1p1 /dev/nvme3n1p1 &&
|
|
|
dd if=/dev/random bs=64 count=128 of=/etc/luks/crypt_dev_md3 &&
|
|
|
chmod 0 /etc/luks/crypt_dev_md3 &&
|
|
|
cryptsetup luksFormat --key-file=/etc/luks/crypt_dev_md3 /dev/md3 &&
|
|
|
cryptsetup luksOpen --key-file=/etc/luks/crypt_dev_md3 /dev/md3 crypt_dev_md3 &&
|
|
|
pvcreate /dev/mapper/crypt_dev_md3 &&
|
|
|
vgcreate vg_ganeti_nvme /dev/mapper/crypt_dev_md3 &&
|
|
|
echo crypt_dev_md3 UUID=$(lsblk -n -o UUID /dev/md3 | head -1) /etc/luks/crypt_dev_md3 luks,discard >> /etc/crypttab &&
|
|
|
update-initramfs -u
|
|
|
|
|
|
Normally, this would have been done in the `setup-storage`
|
|
|
configuration, but we were in a rush.
|
|
|
|
|
|
TODO: `vg_ganeti_nvme` configuration.
|
|
|
configuration, but we were in a rush. Note that we create
|
|
|
partitions because we're worried replacement drives might not have
|
|
|
exactly the same size as the ones we have. The above gives us a
|
|
|
1.4MB buffer at the end of the drive, and avoids having to
|
|
|
hard code disk sizes in bytes.
|
|
|
|
|
|
11. Reboot to test the LUKS configuration:
|
|
|
|
... | ... | |