tool=${0%/*}
. "$tool"/env.sh
+. "$tool"/inc.sh
rule_help () {
cat >&2 <<-EOF
Voir \`$tool/ateliers_hosted' pour les utilitaires côté VM hébergée.
SYNTAX: $0 \$RULE \${RULE}_SYNTAX
RULES:
- $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$0")
+ $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/env.sh "$0")
ENVIRONMENT:
TRACE # affiche les commandes avant leur exécution
$(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/env.sh "$0")
EOF
}
-readonly vm_dev_disk="/dev/xvda"
+readonly vm_dev_disk=/dev/mapper/domU-$(printf %s "$vm_fqdn-disk" | sed -e 's/-/--/g')
readonly vm_dev_disk_boot="${vm_dev_disk}1"
rule_xen_config_init () {
}
rule_disk_mount () { # DESCRIPTION: montage du disque de la VM depuis l'hôte
- sudo xm block-attach 0 phy:/dev/domU/$vm_fqdn-disk $vm_dev_disk w
- # NOTE: on pourrait utiliser kpartx à la place je pense ; détail.
+ sudo kpartx -a -v /dev/domU/$vm_fqdn-disk
+ #sudo xm block-attach 0 phy:/dev/domU/$vm_fqdn-disk $vm_dev_disk w
}
rule_disk_umount () { # DESCRIPTION: démontage du disque de la VM depuis l'hôte
rule_part_boot_umount
;;
(*) exit 1;;
esac
- sudo xm block-detach 0 $vm_dev_disk
+ sudo kpartx -d -v /dev/domU/$vm_fqdn-disk
+ #sudo xm block-detach 0 $vm_dev_disk
+ # XXX: DANGEREUX ; si jamais il bloque parce que le disque était encore utilisé :
+ # utiliser xm block-detach 0 $vm_dev_disk --force ;
+ # ôter les éventuels mappages LVM concernés avec dmsetup table et dmsetup remove --force ;
+ # ôter les mappages concernés dans /etc/lvm/cache/.cache,
+ # et pour bien trouver tous les mappages :
+ # % sudo find /dev -type l -exec sh -c 'printf "%s -> " "$@"; readlink "$@"' - {} \; | grep $vm_dev_disk
+ # enfin, ôter l'éventuel verrou dans /var/lock/lvm/
}
case $vm_use_lvm in
-(no)
+ (no)
readonly vm_dev_disk_swap="${vm_dev_disk}5"
readonly vm_dev_disk_root="${vm_dev_disk}6"
readonly vm_dev_disk_var="${vm_dev_disk}7"
readonly vm_dev_disk_home="${vm_dev_disk}8"
;;
-(yes)
+ (yes)
readonly vm_lvm_pv="${vm_dev_disk}2"
- readonly vm_lvm_vg=$vm
- readonly vm_lvm_dev=$(printf %s $vm_lvm_vg | sed -e 's/-/--/g')
- readonly vm_lvm_lv=$vm
- readonly vm_dev_disk_swap=/dev/mapper/$vm_lvm_dev-${vm_lvm_lv}_swap
- readonly vm_dev_disk_root=/dev/mapper/$vm_lvm_dev-${vm_lvm_lv}_root
- readonly vm_dev_disk_var=/dev/mapper/$vm_lvm_dev-${vm_lvm_lv}_var
- readonly vm_dev_disk_home=/dev/mapper/$vm_lvm_dev-${vm_lvm_lv}home
+ readonly vm_dev_disk_swap=/dev/$vm_lvm_vg/${vm_lvm_lv}_swap
+ readonly vm_dev_disk_root=/dev/$vm_lvm_vg/${vm_lvm_lv}_root
+ readonly vm_dev_disk_var=/dev/$vm_lvm_vg/${vm_lvm_lv}_var
+ readonly vm_dev_disk_home=/dev/$vm_lvm_vg/${vm_lvm_lv}_home
;;
-(*)
+ (*)
exit 1;;
esac
;;
(*) exit 1;;
esac
- sudo partprobe $vm_dev_disk
+ #sudo partprobe $vm_dev_disk
+ sudo kpartx -u -v /dev/domU/$vm_fqdn-disk
}
rule_part_lvm_format () {
local part=$1
eval "local dev=\$vm_dev_disk_$part"
test ! -e /dev/mapper/${vm}_root_deciphered ||
- sudo /lib/cryptsetup/scripts/decrypt_derived ${vm}_root_deciphered |
- sudo cryptsetup luksFormat --hash=sha512 --key-size=512 \
- --cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $dev
+ sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm}_root_deciphered |
+ cryptsetup luksFormat --hash=sha512 --key-size=512 \
+ --cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $dev"
}
rule__part_encrypted_mount () { # SYNTAX: $part
local part=$1
eval "local dev=\$vm_dev_disk_$part"
- test ! -e /dev/mapper/${vm}_root_deciphered ||
- sudo /lib/cryptsetup/scripts/decrypt_derived ${vm}_root_deciphered |
- sudo cryptsetup luksOpen --key-file=- $dev ${vm}_${part}_deciphered
+ test -e /dev/mapper/${vm}_${part}_deciphered ||
+ sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm}_root_deciphered |
+ cryptsetup luksOpen --key-file=- $dev ${vm}_${part}_deciphered"
}
rule__part_encrypted_umount () { # SYNTAX: $part
local part=$1
--cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $vm_dev_disk_root
sudo cryptsetup luksOpen --key-file=- $vm_dev_disk_root ${vm}_root_deciphered
sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \
- -E resize=15G${vm_e2fs_extended_options} \
+ -E resize=30G${vm_e2fs_extended_options} \
-L ${vm}_root \
/dev/mapper/${vm}_root_deciphered
! mountpoint -q /mnt/$vm_fqdn
mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/proc
mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/sys
mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/var
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/root
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/root/tool
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/root/tool/ateliers
sudo umount -v /mnt/$vm_fqdn
+ sudo cryptsetup luksClose ${vm}_root_deciphered
fi
}
rule_part_root_mount () {
test -e /dev/mapper/${vm}_root_deciphered ||
sudo cryptsetup luksOpen $vm_dev_disk_root ${vm}_root_deciphered
- ! mountpoint -q /mnt/$vm_fqdn ||
- sudo mount -v /dev/mapper/${vm}_root_deciphered /mnt/$vm_fqdn
+ mountpoint -q /mnt/$vm_fqdn ||
+ sudo mount -v -t ext4 /dev/mapper/${vm}_root_deciphered /mnt/$vm_fqdn
}
rule_part_root_umount () {
! mountpoint -q /mnt/$vm_fqdn ||
! test -e /dev/mapper/${vm}_root_deciphered ||
sudo cryptsetup luksClose ${vm}_root_deciphered
}
+rule_part_root_backup_luks () {
+ sudo cryptsetup luksHeaderBackup $vm_dev_disk_root --header-backup-file ./root.luks
+ }
rule_part_swap_format () {
rule__part_encrypted_format swap
rule__part_encrypted_mount swap
rule_part_boot_mount () {
mountpoint -q /mnt/$vm_fqdn
test -d /mnt/$vm_fqdn/boot
- mountpoint -q /mnt/$vm_fqdn/boot ||
- sudo mount -v $vm_dev_disk_boot /mnt/$vm_fqdn/boot
+ mountpoint -q /mnt/$vm_fqdn/boot ||
+ sudo mount -v -t ext2 $vm_dev_disk_boot /mnt/$vm_fqdn/boot
}
rule_part_boot_umount () {
! mountpoint -q /mnt/$vm_fqdn/boot ||
rule_part_var_mount () {
rule__part_encrypted_mount var
mountpoint -q /mnt/$vm_fqdn/var ||
- sudo mount -v /dev/mapper/${vm}_var_deciphered /mnt/$vm_fqdn/var
+ sudo mount -v -t ext4 /dev/mapper/${vm}_var_deciphered /mnt/$vm_fqdn/var
}
rule_part_var_umount () {
! mountpoint -q /mnt/$vm_fqdn/var ||
rule__part_encrypted_mount home
sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $vm_e2fs_block_size \
-E resize=400G${vm_e2fs_extended_options} \
- -O quota \
-L ${vm}_home \
/dev/mapper/${vm}_home_deciphered
+ # NOTE: -O quota pas supporté par e2fsprogs/squeeze
rule__part_encrypted_umount home
}
rule_part_home_mount () {
rule__part_encrypted_mount home
mountpoint -q /mnt/$vm_fqdn/home ||
- sudo mount -v /dev/mapper/${vm}_home_deciphered /mnt/$vm_fqdn/home
+ sudo mount -v -t ext4 /dev/mapper/${vm}_home_deciphered /mnt/$vm_fqdn/home
}
rule_part_home_umount () {
! mountpoint -q /mnt/$vm_fqdn/home ||
}
rule_debian_install () {
+ rule_part_root_mount
+ rule_part_boot_mount
+ rule_part_var_mount
sudo DEBOOTSTRAP_DIR=/usr/share/debootstrap/ debootstrap \
--arch=$vm_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
--exclude=vim-tiny \
http://ftp.fr.debian.org/debian/
}
rule_chroot () {
- rule_part_boot_mount
rule_part_root_mount
+ rule_part_boot_mount
rule_part_var_mount
#rule_part_home_mount
mountpoint -q /mnt/$vm_fqdn/proc ||
- mount -t proc proc /mnt/$vm_fqdn/proc
+ sudo mount -t proc proc /mnt/$vm_fqdn/proc
mountpoint -q /mnt/$vm_fqdn/sys ||
- mount -t sysfs sys /mnt/$vm_fqdn/sys
+ sudo mount -t sysfs sys /mnt/$vm_fqdn/sys
mountpoint -q /mnt/$vm_fqdn/dev ||
- mount --bind /dev /mnt/$vm_fqdn/dev
- sudo chroot /mnt/$vm_fqdn /bin/bash || true
+ sudo mount --bind /dev /mnt/$vm_fqdn/dev
+ mountpoint -q /mnt/$vm_fqdn/root/tool/ateliers ||
+ sudo mount --bind "$tool" /mnt/$vm_fqdn/root/tool/ateliers
+ sudo chroot /mnt/$vm_fqdn /bin/dash || true
rule__chroot_clean
}
rule__chroot_clean () {
- umount -v /mnt/$vm_fqdn/dev
- umount -v /mnt/$vm_fqdn/sys
- umount -v /mnt/$vm_fqdn/proc
- #rule_part_home_umount
+ ! sudo mountpoint -q /mnt/$vm_fqdn/root/tool/ateliers ||
+ sudo umount -v /mnt/$vm_fqdn/root/tool/ateliers
+ ! mountpoint -q /mnt/$vm_fqdn/dev ||
+ sudo umount -v /mnt/$vm_fqdn/dev
+ ! mountpoint -q /mnt/$vm_fqdn/sys ||
+ sudo umount -v /mnt/$vm_fqdn/sys
+ ! mountpoint -q /mnt/$vm_fqdn/proc ||
+ sudo umount -v /mnt/$vm_fqdn/proc
+ rule_part_home_umount
rule_part_var_umount
- rule_part_root_umount
rule_part_boot_umount
+ rule_part_root_umount
}
rule=${1:-help}
dépôts / lhc / ateliers.git / blobdiff