|
|
@@ -0,0 +1,33 @@
|
|
|
+#!/bin/bash
|
|
|
+
|
|
|
+# 1. Open LUKS devices and sets up a mapping under /dev/mapper/
|
|
|
+cryptsetup luksOpen /dev/sda guests
|
|
|
+cryptsetup luksOpen /dev/sdb magnetic
|
|
|
+echo "Device mappings:" `find /dev/mapper/ -type l`
|
|
|
+
|
|
|
+# 2. Mount LUKS volumes
|
|
|
+mount --verbose /dev/mapper/guests /srv/guests
|
|
|
+mount --verbose /dev/mapper/magnetic /srv/magnetic
|
|
|
+
|
|
|
+# 3. Create a bind-mounts so we are not on the unecryped root volume
|
|
|
+mount --verbose --bind /srv/guests/lib/docker /var/lib/docker
|
|
|
+mount --verbose --bind /srv/guests/docker /opt/docker
|
|
|
+mount --verbose --bind /srv/guests/lib/libvirt /var/lib/libvirt
|
|
|
+mount --verbose --bind /srv/guests/etc/libvirt /etc/libvirt
|
|
|
+
|
|
|
+# 4. Start docker and libvird
|
|
|
+# Those services should have been disabled
|
|
|
+# systemctl disable docker libvirtd libvirt-guests
|
|
|
+systemctl start docker &
|
|
|
+sleep 2 && systemctl status --no-pager docker
|
|
|
+systemctl start libvirtd &
|
|
|
+sleep 2 && systemctl status --no-pager libvirtd
|
|
|
+systemctl start libvirt-guests &
|
|
|
+sleep 2 && systemctl status --no-pager libvirt-guests
|
|
|
+
|
|
|
+# 4. Fix forward chain which was set to default deny by docker
|
|
|
+# so our KVM containers on br0 have access to the network
|
|
|
+iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT
|
|
|
+
|
|
|
+# Start docker containers
|
|
|
+# docker-compose --file /opt/docker/proxy/docker-compose.yml up --detach reverse-proxy
|
