| 123456789101112131415161718192021222324252627282930313233 |
- #!/bin/bash
- # 1. Open LUKS devices and sets up a mapping under /dev/mapper/
- cryptsetup luksOpen /dev/sda guests
- cryptsetup luksOpen /dev/sdb magnetic
- echo "Device mappings:" `find /dev/mapper/ -type l`
- # 2. Mount LUKS volumes
- mount --verbose /dev/mapper/guests /srv/guests
- mount --verbose /dev/mapper/magnetic /srv/magnetic
- # 3. Create a bind-mounts so we are not on the unecryped root volume
- mount --verbose --bind /srv/guests/lib/docker /var/lib/docker
- mount --verbose --bind /srv/guests/docker /opt/docker
- mount --verbose --bind /srv/guests/lib/libvirt /var/lib/libvirt
- mount --verbose --bind /srv/guests/etc/libvirt /etc/libvirt
- # 4. Start docker and libvird
- # Those services should have been disabled
- # systemctl disable docker libvirtd libvirt-guests
- systemctl start docker &
- sleep 2 && systemctl status --no-pager docker
- systemctl start libvirtd &
- sleep 2 && systemctl status --no-pager libvirtd
- systemctl start libvirt-guests &
- sleep 2 && systemctl status --no-pager libvirt-guests
- # 4. Fix forward chain which was set to default deny by docker
- # so our KVM containers on br0 have access to the network
- iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT
- # Start docker containers
- # docker-compose --file /opt/docker/proxy/docker-compose.yml up --detach reverse-proxy
|
