On 2020-12-28 17:28:26, Thomas Lange wrote: > Your raid + luks example works when calling setup-storage, but I > didn't manage to boot it. Can it work without an unencrypted /boot > partition?
I'm using those configurations in production right now: https://gitweb.torproject.org/admin/tsa-misc.git/tree/installer/disk-config In particular, this is a RAID+LUKS+LVM configuration with a cleartext /boot, on top of NVMe drives, on a bare-metal machine provided by Hetzner: https://gitweb.torproject.org/admin/tsa-misc.git/tree/installer/disk-config/gnt-fsn-NVMe You should be able to reproduce this by booting a rescue system and running setup-storage, for example on a PX62-NVMe: https://www.hetzner.com/dedicated-rootserver/px62-nvme I've setup a handful of machines with this, but keep in mind we do some post-processing outside of FAI: I only use setup-storage, not the rest of FAI, for our installer. Those are the post-install scripts: https://gitweb.torproject.org/admin/tsa-misc.git/tree/installer/post-scripts and they are fired from this Python/Fabric installer: https://gitweb.torproject.org/admin/tsa-misc.git/tree/install ... which is mostly a wrapper for: https://gitweb.torproject.org/admin/tsa-misc.git/tree/fabric_tpa/host.py#n507 ... itself a wrapper for grml-debootstrap, which is the bit that's firing the post-install scripts inside the chroot. That may be the bits you're missing for the machine to boot? Sorry, this is all a bit of a mess... I hope that helps! A. -- The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do. - Ted Nelson
