diff options
Diffstat (limited to '')
-rw-r--r-- | content/blog/miscellaneous/phoenix_reinstall.md | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/content/blog/miscellaneous/phoenix_reinstall.md b/content/blog/miscellaneous/phoenix_reinstall.md new file mode 100644 index 0000000..1332c91 --- /dev/null +++ b/content/blog/miscellaneous/phoenix_reinstall.md @@ -0,0 +1,141 @@ +--- +title: Reinstalling my backup server +description: How to install Alpine Linux with a custom raid1 partitioning +date: 2022-03-28 +tags: + - Alpine +--- + +## Introduction + +Last week I reinstalled my backup server. It was successfully running OpenBSD for a few years but I decided I wanted to run containers on it again for some experiments, so back to Linux. + +I hesitated with Gentoo but decided to give a fair shot to Alpine Linux instead. I have used it extensively on virtual machines but not so much on bare metal so here I go. In particular the documentation on how to perform a custom partitioning was a bit lacking so hopefully this blog post will fill in some gaps. + +## Booting the installer + +Booting the installer is straightforward : download the latest image from https://alpinelinux.org/downloads/ and copy it to a usb drive (`/dev/sdb` in the example bellow). I chose the extended version of the installer because I will need to install additional tools to setup the disks just right : +```sh +wget https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-extended-3.15.3-x86_64.iso +dd if=alpine-extended-3.15.3-x86_64.iso of=/dev/sdb bs=1M +sync +``` + +## Making the installer reachable through ssh + +This step is optional but I like being able to simply paste commands from this website during the installation process. The following will start ssh and setup static networking (the ips are to be customized to your network of course) : +```sh +apk add openssh +echo 'PermitRootLogin yes' > /etc/ssh/sshd_config +/etc/init.d/sshd start +ip a a 192.168.1.3/24 dev eth0 +ip l set up dev eth0 +ip r a default via 192.168.1.1 +echo 'nameserver 1.1.1.1' > /etc/resolv.conf +passwd +``` + +## RAID1 partitioning + +First we install a few tools: +```sh +echo 'http://dl-cdn.alpinelinux.org/alpine/latest-stable/main' > /etc/apk/repositories +apk add sgdisk mdadm xfsprogs grub efibootmgr dosfstools partx +``` + +For RAID1 I need two identical disks. Since in my case its two SSD drives, I use blkdiscard to clean them. + +I planed for 3 partitions: +- a 512M /boot that will be your UEFI partition +- a 16G / +- the remainder of the disks for an encrypted /data +```sh +for DEVICE in `echo sda sdb`; do + DISK=/dev/$DEVICE + blkdiscard $DISK + sgdisk -n1:0:+512M -t1:FD00 $DISK + sgdisk -n2:0:+16G -t2:FD00 $DISK + sgdisk -n3:0:0 -t3:FD00 $DISK + partx -a $DISK +done +``` + +If `partx` fails with a error and cannot reread the new partitions you will have to reboot. Sadly, it can happen with some consumer grade motherboards. + +The UEFI partition needs a raid metadata version 1.0 in order to have the metadata at the end of the partition. This will ensure the UEFI (which is not raid aware) can boot from a single disk: +```sh +mdadm --create --run --level=1 --raid-devices=2 --metadata=1.0 /dev/md1 /dev/sda1 /dev/sdb1 +mdadm --create --run --level=1 --raid-devices=2 /dev/md2 /dev/sda2 /dev/sdb2 +mdadm --create --run --level=1 --raid-devices=2 /dev/md3 /dev/sda3 /dev/sdb3 +blkdiscard /dev/md1 +blkdiscard /dev/md2 +blkdiscard /dev/md3 +``` + +I like xfs so that is what I will use for `/` (`/data` will come later): +```sh +mkfs.fat -F 32 -n efi-boot /dev/md1 +mkfs.xfs /dev/md2 +mount -t xfs /dev/md2 /mnt +mkdir -p /mnt/boot +mount -t vfat /dev/md1 /mnt/boot +``` + +## Running the installer + +You can run the installer normally, just beware at the end when choosing disks : you will not be able to install to `/dev/md2` so the installer will stop but still record all your answers. +```sh +setup-alpine +``` + +You just need to trigger the next step manually with: +```sh +setup-disk /mnt +``` + +## Post installation steps + +We need to customise some things before your system can boot. In order to do that we will need to chroot into your new system: +```sh +mount -t proc none /mnt/proc +mount -t sysfs none /mnt/sys +mount -o bind /dev /mnt/dev +chroot /mnt +``` + +First we want to preserve the mdadm numbering we need with the following: +```sh +mdadm --detail --scan >> /etc/mdadm.conf +mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / +echo "/dev/md2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 1 +/dev/md1 /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=utf8,shortname=mixed,errors=remount-ro 0 2 +" > /etc/fstab +``` + +Next the installer botched the UEFI part, here is how to fix it: +```sh +rm -rf /boot/efi/EFI +grub-install /dev/md2 --efi-directory=/boot +efibootmgr -c -g -d /dev/sda -p 1 -w -L grub_sda -l EFI/grub/grubx64.efi +efibootmgr -c -g -d /dev/sdb -p 1 -w -L grub_sdb -l EFI/grub/grubx64.efi +``` + +You can now exit your chroot then reboot: +```sh +exit +reboot +``` + +Don't forget to unplug the installation media! + +## Post install + +Here is how I setup my encrypted `/data`: +```sh +apk add cryptsetup +cryptsetup luksFormat --cipher aes-xts-plain64 /dev/md3 +cryptsetup luksOpen --allow-discards /dev/md3 data +mkdir /data +echo "/dev/mapper/data /data xfs noauto,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 0" >> /etc/fstab +mount /data +``` |