Differences between revisions 2 and 3
Revision 2 as of 2016-11-05 23:44:28
Size: 1368
Editor: PieterSmit
Comment:
Revision 3 as of 2016-11-06 03:43:54
Size: 3046
Editor: PieterSmit
Comment: Add crypto steps
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
 * 201611 SoftLayer does not support custom images, or disk encryption on VSI/VM infrastructure in a automated way.
   * Hack around it.
     * Small VSI/VM comes with 25Gig disk split into /boot and /(root)
   * SL requirements for master/golden disk image for deployment. IBM runs scripts on image to fix IP etc.
     * /dev/xvda1 /boot
     * /dev/xvda2 / /etc /var (not encrypted)
     * /dev/svdb1 swap
   * Hack
     1. Commission a default VM (ubuntu 25Gig)
     2. Boot the VM from from ISO(ubuntu 16.04 or later)
        1. Re-partition disk
           * /dev/xvda1 /boot (leave 500meg)
           * /dev/xvda2 / (small 2Gig fake root, to keep IBM/SL happy)
           * /dev/xvda3 crypto for real root
           * /dev/svdb crypto swap
         2. After boot-up
           * Fix hostname to match SL original name. (if not done during installation)
           * Fix/Add SL expected password for root (get from SL portal)
           * Add default luks crypto key for auto boot e.g. "pass"
             * # cryptsetup luksDump /dev/xvda3
             * # cryptsetup luksAddKey --key-slot 1 /dev/xvda3
           * Update /etc/crypttab entry to use key file
             * add ,keyscript=/etc/luks-echo-default-pass to relevant entry e.g.
               * xvda3_crypt UUID=12345678 none luks,discard,keyscript=/etc/luks-echo-default-pass
             * Create new file /etc/luks-echo-default-pass that echo's the luks password e.g. pass
               * echo "pass"
               * make it executable
           * recreate initramfs, to ensure it creates the new crypttab entries.
             * update-initramfs -u

SoftLayer(SL) IBM cloud

  • 201611 - Setting up SoftLayer VSI's(VM's)

    • Ubuntu support seem to be lacking
      • Struggling to create golden images. SL seem to have a preconfig/postconfig scripts that change the IP and hostname that does not work with Ubuntu 16.04-LTS.

  • 201611 SoftLayer does not support custom images, or disk encryption on VSI/VM infrastructure in a automated way.

    • Hack around it.
      • Small VSI/VM comes with 25Gig disk split into /boot and /(root)
    • SL requirements for master/golden disk image for deployment. IBM runs scripts on image to fix IP etc.
      • /dev/xvda1 /boot
      • /dev/xvda2 / /etc /var (not encrypted)
      • /dev/svdb1 swap
    • Hack
      1. Commission a default VM (ubuntu 25Gig)
      2. Boot the VM from from ISO(ubuntu 16.04 or later)
        1. Re-partition disk
          • /dev/xvda1 /boot (leave 500meg)
          • /dev/xvda2 / (small 2Gig fake root, to keep IBM/SL happy)
          • /dev/xvda3 crypto for real root
          • /dev/svdb crypto swap
          1. After boot-up
            • Fix hostname to match SL original name. (if not done during installation)
            • Fix/Add SL expected password for root (get from SL portal)
            • Add default luks crypto key for auto boot e.g. "pass"
              • # cryptsetup luksDump /dev/xvda3
              • # cryptsetup luksAddKey --key-slot 1 /dev/xvda3
            • Update /etc/crypttab entry to use key file
              • add ,keyscript=/etc/luks-echo-default-pass to relevant entry e.g.
                • xvda3_crypt UUID=12345678 none luks,discard,keyscript=/etc/luks-echo-default-pass
              • Create new file /etc/luks-echo-default-pass that echo's the luks password e.g. pass
                • echo "pass"
                • make it executable
            • recreate initramfs, to ensure it creates the new crypttab entries.
              • update-initramfs -u

  • 201611 SoftLayer does not support custom images, or disk encryption on VSI/VM infrastructure in a automated way.

    • Hack around it.
      • Small VSI/VM comes with 25Gig disk split into /boot and /(root)
    • SL requirements for master/golden disk image for deployment. IBM runs scripts on image to fix IP etc.
      • /dev/xvda1 /boot
      • /dev/xvda2 / /etc /var (not encrypted)
      • /dev/svdb1 swap
    • Hack
      1. Commission a default VM (ubuntu 25Gig)
      2. Boot the VM from from ISO(ubuntu 16.04 or later)
        1. Re-partition disk
          • /dev/xvda1 /boot (leave 500meg)
          • /dev/svda2 / (small 2Gig fake root, to keep IBM/SL happy)
          • /dev/svda3 crypto for real root
          • /dev/svdb crypto swap
          1. After boot-up
            • Fix hostname to match SL original name. (if not done during installation)
            • Fix/Add SL expected password for root (get from SL portal)
            • Add default luks crypto key for auto boot e.g. "pass"

...

Cloud/SoftLayer (last edited 2018-04-07 23:16:31 by PieterSmit)