|
|
@@ -1,19 +1,22 @@
|
|
|
#!/bin/bash
|
|
|
|
|
|
+# Load configuration
|
|
|
+[ -f ./config.sh ] && source config.sh
|
|
|
+disk2=$disk"p3"
|
|
|
+
|
|
|
+
|
|
|
# 1. Open LUKS devices and sets up a mapping under /dev/mapper/
|
|
|
-cryptsetup luksOpen /dev/sda guests
|
|
|
-cryptsetup luksOpen /dev/sdb magnetic
|
|
|
+cryptsetup luksOpen $disk2 data
|
|
|
echo "Device mappings:" `find /dev/mapper/ -type l`
|
|
|
|
|
|
# 2. Mount LUKS volumes
|
|
|
-mount --verbose /dev/mapper/guests /srv/guests
|
|
|
-mount --verbose /dev/mapper/magnetic /srv/magnetic
|
|
|
+mount --verbose /dev/mapper/data /srv/data
|
|
|
|
|
|
# 3. Create a bind-mounts so we are not on the unecryped root volume
|
|
|
-mount --verbose --bind /srv/guests/lib/docker /var/lib/docker
|
|
|
-mount --verbose --bind /srv/guests/docker /opt/docker
|
|
|
-mount --verbose --bind /srv/guests/lib/libvirt /var/lib/libvirt
|
|
|
-mount --verbose --bind /srv/guests/etc/libvirt /etc/libvirt
|
|
|
+mount --verbose --bind /srv/data/guests/lib/docker /var/lib/docker
|
|
|
+mount --verbose --bind /srv/data/guests/docker /opt/docker
|
|
|
+mount --verbose --bind /srv/data/guests/lib/libvirt /var/lib/libvirt
|
|
|
+mount --verbose --bind /srv/data/guests/etc/libvirt /etc/libvirt
|
|
|
|
|
|
# 4. Start docker and libvird
|
|
|
# Those services should have been disabled
|
|
|
@@ -27,7 +30,4 @@ sleep 2 && systemctl status --no-pager libvirt-guests
|
|
|
|
|
|
# 4. Fix forward chain which was set to default deny by docker
|
|
|
# so our KVM containers on br0 have access to the network
|
|
|
-iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT
|
|
|
-
|
|
|
-# Start docker containers
|
|
|
-# docker-compose --file /opt/docker/proxy/docker-compose.yml up --detach reverse-proxy
|
|
|
+iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT
|
