/ Ansible

Arch linux install with ansible provisioning

Here's how I get a quick arch linux workstation up and running with everything I need for a development environment. You can check out the source code on github to follow along. This tool is meant to be used with arch linux after a base installation has been performed. Ansible will be installed after the base install to double-check our work and handle the rest.

Table of Contents

Initial installation

dd:

First go to archlinux downloads and download the latest .iso file.

Burn it to a cd or memory stick.

dd bs=4M if=~/Downloads/archlinuxinstall.iso of=/dev/sdb && sync

dm-crypt wipe on an empty disk or partition

Dm-crypt Drive_preparation

Boot up into the live arch linux environment and wipe your drives.

First, create a temporary encrypted container on the partition (sdXY) or the full disk (sdX) to be encrypted,
e.g. using default encryption parameters and a random key via the --key-file /dev/{u}random option

cryptsetup open --type plain /dev/sdXY container --key-file /dev/random

Second, check it exists:

fdisk -l
Disk /dev/mapper/container: 1000 MB, 1000277504 bytes

Wipe the container with zeros. A use of if=/dev/urandom is not required as the encryption cipher is used for randomness.

dd if=/dev/zero of=/dev/mapper/container bs=1M status=progress

Finally, close the temporary container:

cryptsetup close container

LVM on LUKS

LVM_on_LUKS

NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda             8:0    0   477G  0 disk
|-sda1          8:1    0   487M  0 part  /boot
`-sda2          8:2    0 476.5G  0 part
  `-vg        254:0    0 476.5G  0 crypt
    |-vg-swap 254:1    0     8G  0 lvm   [SWAP]
    |-vg-root 254:2    0   100G  0 lvm   /
    |-vg-var  254:3    0   100G  0 lvm   /var
    `-vg-home 254:4    0 268.5G  0 lvm   /home
# partitions for /boot and /(encrypted drive)
parted -s /dev/sda mklabel msdos
parted -s -a optimal /dev/sda mkpart primary 0% 512MB
parted -s -a optimal /dev/sda mkpart primary 512MB 100%

# encrypt
cryptsetup luksFormat /dev/sda2
# password: # *use yubikey for 2FA*

# open encrypted drive
cryptsetup open /dev/sda2 cryptolvm
# password: # *use yubikey for 2FA*

partitioning.sh

wget https://raw.githubusercontent.com/jahrik/ansible-arch-workstation/master/partitioning.sh

LVM

# create volume group
pvcreate /dev/mapper/cryptolvm
vgcreate vg /dev/mapper/cryptolvm

# create logical volumes
lvcreate -L 8G vg -n swap
lvcreate -L 100G vg -n root
lvcreate -L 100G vg -n var
lvcreate -l 100%FREE vg -n home

Format the partitions

mkfs.ext4 /dev/sda1
mkfs.ext4 /dev/mapper/vg-root
mkfs.ext4 /dev/mapper/vg-var
mkfs.ext4 /dev/mapper/vg-home
mkswap /dev/mapper/vg-swap

Mount file systems

mount /dev/mapper/vg-root /mnt
mkdir /mnt/home
mount /dev/mapper/vg-home /mnt/home
mkdir /mnt/var
mount /dev/mapper/vg-var /mnt/var
swapon /dev/mapper/vg-swap
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

Install the base system:

pacstrap /mnt base base-devel

Generate an fstab:

genfstab -U -p /mnt >> /mnt/etc/fstab

Check to see it was written.

cat /mnt/etc/fstab

Chroot

arch-chroot /mnt /bin/bash

Install vim

pacman -S vim

Networking

pacman -S iw wpa_supplicant dialog

Root password

# first change root password
passwd

Configuring mkinitcpio

Edit /etc/mkinitcpio.conf and add the word "encrypt" and "lvm2" to HOOKS='...' just before "filesystems"

...
HOOKS="base udev autodetect modconf keyboard encrypt lvm2 block filesystems fsck"
...

Then run the command

mkinitcpio -p linux

Bootloader

Boot_loader

pacman -S grub

Edit /etc/default/grub

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:vg root=/dev/mapper/vg-root"

Configure grub

grub-install --target=i386-pc /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg

User

pacman -S zsh
groupadd <user>
useradd -m -g <user> -s /bin/zsh <user>

Sudo

pacman -S sudo

Add user to /etc/sudoers.d/config

<user> ALL=(ALL) NOPASSWD: ALL

Ansible

Stuff and things go here...

...

...

Vagrant lab

Not working yet. Need to build a new packer arch box for testing.

Testing locally for now...

Bring up an arch box

vagrant up

Check the status of vagrant

vagrant status
Current machine states:

arch-vm              running (virtualbox)

SSH into a box

vagrant ssh arch-vm.dev

Run the playbook against the vm

ansible-playbook site.yml
jahrik

jahrik

Self-taught, multilingual programmer, working in DevOps. Automating Linux server administration and deployment with the use of tools like Jenkins, Ansible, and Docker Swarm.

Read More
Arch linux install with ansible provisioning
Share this

Subscribe to Homelab