-
-
Save ghfields/92660bc9199fee6c78e34b6913531722 to your computer and use it in GitHub Desktop.
| # Run as root | |
| # sudo -i | |
| # Prepare LiveCD Environment | |
| add-apt-repository -y ppa:jonathonf/zfs | |
| apt install -y zfs-dkms | |
| systemctl stop zfs-zed.service | |
| modprobe -r zfs | |
| modprobe zfs | |
| # Manually Partition Disk | |
| sgdisk -n2:1M:+2G -t2:8300 /dev/vda | |
| mkfs /dev/vda2 | |
| sgdisk -n3:0:0 -t3:BF07 /dev/vda | |
| # Create pool | |
| zpool create -o ashift=12 -O compression=lz4 -O relatime=on -O dnodesize=auto -O recordsize=1M -O xattr=sa -O normalization=formD -O acltype=posixacl -O encryption=aes-256-gcm -O keylocation=prompt -O keyformat=passphrase rpool /dev/vda3 | |
| # Create temp ZVOL, and run ubiquity installer | |
| zfs create -V 10G rpool/ubuntu-temp | |
| ubiquity --no-bootloader #(install to /dev/zd0) | |
| # Create root dataset and boot mountpoint, mount /boot and rsync | |
| zfs create rpool/ROOT | |
| zfs create rpool/ROOT/ubuntu-1 | |
| mkdir /rpool/ROOT/ubuntu-1/boot | |
| mount /dev/vda2 /rpool/ROOT/ubuntu-1/boot | |
| rsync -avPX --exclude '/swapfile' /target/. /rpool/ROOT/ubuntu-1/. | |
| # Turn off swap and destroy temp ZVOL, set up chroot and enter chroot | |
| swapoff -a | |
| umount /target | |
| zfs destroy rpool/ubuntu-temp | |
| for d in proc sys dev; do mount --bind /$d /rpool/ROOT/ubuntu-1/$d; done | |
| cp /etc/resolv.conf /rpool/ROOT/ubuntu-1/etc/resolv.conf | |
| # Inside chroot, install zfs | |
| chroot /rpool/ROOT/ubuntu-1 add-apt-repository -y ppa:jonathonf/zfs | |
| chroot /rpool/ROOT/ubuntu-1 apt install -y zfs-dkms zfs-initramfs | |
| # Fix fstab and grub defaults | |
| sed -e '/\s\/\s/ s/^#*/#/' -i /rpool/ROOT/ubuntu-1/etc/fstab #Comment out / line | |
| sed -e '/\sswap\s/ s/^#*/#/' -i /rpool/ROOT/ubuntu-1/etc/fstab #Comment out /swap line | |
| echo UUID=$(blkid -s UUID -o value /dev/vda2) /boot ext4 noatime 0 2 >> /rpool/ROOT/ubuntu-1/etc/fstab # Add /boot line | |
| echo 'GRUB_DISABLE_OS_PROBER=true' >> /rpool/ROOT/ubuntu-1/etc/default/grub # Silent an error during grub-probe | |
| # In my case, vt_handoff kernel option sometimes blocks TTY prompt | |
| # # Change vt_handoff="1" to "0" in /etc/default/grub | |
| sed -i '/vt_handoff/ s/="[^"][^"]*"/="0"/' /rpool/ROOT/ubuntu-1/etc/grub.d/10_linux | |
| #grub-probe doesn't work to produce poolname with encryption enabled. Replaced with "zdb -l" command | |
| sed -i 's/.*fs_label*/\trpool=\`zdb -l ${GRUB_DEVICE} \| grep \" name\"\| grep -o \"\x27.*\x27\"\| sed \"s\/\x27\/\/g\"/' /rpool/ROOT/ubuntu-1/etc/grub.d/10_linux | |
| # Make grub.cfg and fix grub.cfg, make init, make bios_grub partition, install grub | |
| chroot /rpool/ROOT/ubuntu-1 update-grub | |
| chroot /rpool/ROOT/ubuntu-1 update-initramfs -u | |
| chroot /rpool/ROOT/ubuntu-1 sgdisk -a1 -n1:512:2047 -t1:EF02 /dev/vda | |
| chroot /rpool/ROOT/ubuntu-1 grub-install /dev/vda | |
| # Unmount everything, set mountpoint, export pool and reboot | |
| umount -R /rpool/ROOT/ubuntu-1 | |
| zfs set mountpoint=/ rpool/ROOT/ubuntu-1 | |
| zpool export rpool | |
| # Restart computer | |
| # shutdown -r 0 |
@linsomniac You could try to modify the Ubiquity zsys installer to make it create an encrypted pool. I did this to 19.10, but here is my gist:
https://gist.github.com/ghfields/b9d070e4e4a3f9e29f03634ac05b5b36
You modify the /usr/share/ubiquity/zsys-setup on the livecd before running the installer. Use it for inspiration since it is for 19.10.
@ghfelds: That's an interesting idea, I'll try giving that a shot in a bit. I'm currently doing a "zfs recv" on an encrypted pool after dumping from a normal install, then I was going to try some of your changes above (vt_handoff, prober), to see if that would work. But I'll take a look at your gist a bit later.
I do still want to try @ghfields installer mod, but I was able to get an encrypted setup going using the roundabout method of: install, "zfs send" the rpool/ROOT and rpool/USERDATA, re-create the rpool with encryption, then "zfs recv", and use part of the above workflow. Annoying, but seems to work. I do get an os-prober error during update-grub, but the result seems to work.
Notes for future-me or someone else:
- Do normal install using zfs.
- Boot live CD.
- Recursive snapshot of ROOT and USERDATA: zfs snapshot -r rpool/ROOT@copy; zfs snapshot -r rpool/USERDATA
- Send dumps to another system: zfs send -R rpool/ROOT | gzip | nc REMOTEIP:PORT ; and same for rpool/USERDATA
- "zfs export rpool" and reformat using encryption from line 18 above.
- "zfs load-key rpool"
- Load ROOT and USERDATA from dumps: "nc -l PORT | gunzip | zfs recv -x encryption rpool/ROOT" and same for USERDATA.
- "zfs set mountpoint=/mnt" for the root filesystem and "/mnt/boot" for the /boot.
- zfs mount -a
- Steps 36-37, 45-57 above, but using /mnt instead. I just "chroot /mnt" and modify files as absolute path. I also commented out the swap entry from /etc/fstab.
- Then unmount -R /mnt; change the mountpoints back to absolute; zpool export bpool; zpool export rpool; reboot
@ghfields: Ok, that Ubiquity hack worked totally brilliantly! Thanks!
@ideologysec: I'm wanting to use encrypted ZFS, which, sadly, is not supported by the installer.