Debian telepítés, software raid, cryptsetup, lvm használatával, valamint proxmox virtuális környezet telepítése.

Boot to debian rescue
create GPT partition tables
create ESP partition (550M)
create Software RAID partition (remaining)
create Encrypted partition
create LVM (PV, VG, LVs), but before ¹

# Switch to shell
# RAID1 create
mdadm --create\
     --verbose\
     --level=1\
     --metadata=1.2\
     --raid-devices=2\
     /dev/md/3\
     /dev/sda2\
     /dev/sdb2
cryptsetup luksFormat --type luks1 /dev/md3
cryptsetup open /dev/md3 md3_crypt
pvcreate /dev/mapper/md3_crypt
vgcreate virt /dev/mapper/md3_crypt
lvcreate -L 20G virt -n root
lvcreate -L 33G -C virt -n swap
# reboot, install Debian

Before Disk detect

Install packages into Debian Installer

# Switch to shell
anna-install\
     cryptsetup-udeb\
     partman-crypto-dm\
     crypto-dm-modules\
     crypto-modules
depmod -a

Open crypted RAID and LVM

cryptsetup luksOpen /dev/md3 md3_crypt
vgscan
vgs
vgchange -ay

Continue with Disk detect…, install without Grub bootloader. Back to rescue, repeat above step. Execute shell in chroot.

GRUB, crypttab settings ²

apt install grub-efi
echo "GRUB_ENABLE_CRYPTODISK=y" >> /etc/default/grub
# if /etc/crypttab is empty
echo "md3_crypt \
    UUID=$(blkid -s UUID -o value /dev/md3) \
    none luks,discard" >> /etc/crypttab
grub-install –target=x86_64-efi –efi-directory=/boot/efi
update-grub
update-initramfs -u

Have boot messages stay on tty1 ³

mkdir -p /etc/systemd/system/getty@tty1.service.d/
cd /etc/systemd/system/getty@tty1.service.d/
cat <<EOF >noclear.conf
[Service]
TTYVTDisallocate=no
EOF

Root filesystem snapshots with LVM ⁴

cat <<EOF >/etc/systemd/system/mk-lvm-snapshots.service
[Unit]
Description=make LVM snapshots
Requires=local-fs-pre.target
Wants=local-fs.target
DefaultDependencies=no
Conflicts=shutdown.target
After=local-fs-pre.target
Before=local-fs.target

[Install]
WantedBy=make-snapshots.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/lvcreate -L20G -n snap-root -s virt/root
EOF

cat <<EOF >/etc/systemd/system/make-snapshots.target
[Unit]
Description=Make Snapshots
Requires=multi-user.target
EOF

systemctl enable mk-lvm-snapshots.service
sed -n '/\(^menuentry\) '\''\(.*{$\)/,/^}/p' /boot/grub/grub.cfg \
 | sed '/}/q' > /boot/grub/custom.cfg

nano /boot/grub/custom.cfg
menuentry '..., make snapshot' --class ... {
...
     linux   /boot/vmlinuz-4.19.0-10-amd64 root=/dev/mapper/virt-root ro systemd.unit=make-snapshots.target

Make snapshot

Just reboot, select … make snapshot Grub menu entry.

Revert snapshot

lvconvert --merge virt

Proxmox steps ⁵

# replace 127.0.1.1 with real static IP, then check it
nano /etc/hosts
hostname --ip-address
echo "deb \
http://download.proxmox.com/debian/pve \
buster \
pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg \
    -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
apt update && apt full-upgrade
echo "GRUB_ENABLE_CRYPTODISK=y" >> /etc/default/grub
apt remove os-prober
apt install proxmox-ve postfix open-iscsi
apt install ifupdown2

Intel I225 ethernet bug ⁶

Reset link speed from 2.5Gbps to 1Gbps.

ethtool ⁷

nano /etc/network/interfaces
...
auto enp6s0
iface enp6s0 inet manual
    pre-up /usr/sbin/ethtool -s enp6s0 speed 1000 duplex full autoneg on

Before Disk detect

Install packages into Debian Installer

Open crypted RAID and LVM

GRUB, crypttab settings 2

Have boot messages stay on tty1 3

Root filesystem snapshots with LVM 4