diff --git a/README.md b/README.md index 9b4d03d..03bd9d5 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,4 @@ Server Setup Script ===================== #Use# -curl -sSL https://code.totosearch.org/Sean/ServerSetup/setup.sh | sh +wget -qO - https://code.totosearch.org/Sean/ServerSetup/raw/branch/master/setup.sh | sudo bash diff --git a/setup.sh b/setup.sh index e69de29..cb91ce2 100644 --- a/setup.sh +++ b/setup.sh @@ -0,0 +1,670 @@ +#! /bin/bash + +echo "" +echo "Updating local packages..." +errors=`apt-add-repository universe >/dev/null 2>/dev/null && apt update 2>&1 >/dev/null` +if [ "$?" = "0" ]; then + echo "Done." +else + echo "Failed to add universal repository, update apt repository - $errors" + exit 1 +fi + +echo "" +echo "Installing required setup configuration utilities..." +errors=$(apt install -y dialog net-tools gdisk zfs-initramfs debootstrap >/dev/null 2>/dev/null) +if [ "$?" = "0" ]; then + echo "Done." +else + echo "Failed to install net-tools, gdisk, zfs-initramfs, or debootstrap - $errors" + exit 2 +fi + +#calculate width and height of console +width=`tput cols` +height=`tput lines` +window=$((height - 5)) + +if [ -d "/sys/firmware/efi" ]; then efi="1"; echo -e "\nUEFI detected..." else efi="0"; echo -e "\nBIOS detected..."; fi + +# gather input at the start +devices=""; for device in $(ls /dev/disk/by-id | grep -v part); do devices="$devices $device off"; done +disks=`dialog --separate-output --no-cancel --no-items --title "Root devices" --checklist "Select root OS disks:" $height $width ${window}$devices 2>&1 1>/dev/tty` +boots=`dialog --separate-output --no-cancel --no-items --title "Boot devices" --checklist "Select boot devices:" $height $width ${window}$devices 2>&1 1>/dev/tty` + +alldisks=$( (for d in `echo "$disks"`; do echo "$d"; done; for d in `echo "$boots"`; do echo "$d"; done) | sort -u) +echo "alldisks: $alldisks" + +diskcount=`echo "$disks" | wc -l` +diskoptions="12 35 5 raidz off raidz2 off raidz3 off mirror off none off" +if [ "$diskcount" = "0" ] ; then echo "No disks found to use for boot device"; exit 112; fi +if [ "$diskcount" = "1" ]; then diskoptions="8 35 1 none off"; fi +if [ "$diskcount" = "2" ]; then diskoptions="9 35 2 mirror off none off"; fi +if [ "$diskcount" = "3" ]; then diskoptions="10 35 3 raidz off mirror off none off"; fi +if [ "$diskcount" = "4" ]; then diskoptions="12 35 5 raidz off raidz2 off raidz3 off mirror off none off"; fi +if [ "$diskcount" = "5" ]; then diskoptions="12 35 5 raidz off raidz2 off raidz3 off mirror off none off"; fi +if [ "$diskcount" = "6" ]; then diskoptions="12 35 5 raidz off raidz2 off raidz3 off mirror off none off"; fi +if [ "$diskcount" -gt "6" ]; then diskoptions="11 35 4 raidz2 off raidz3 off mirror off none off"; fi +if [ "$diskcount" -gt "11" ]; then diskoptions="10 35 3 raidz3 off mirror off none off"; fi +raidtype=`dialog --no-items --no-cancel --title "Root pool ZFS RAID" --radiolist "Select root pool ZFS RAID type:" $diskoptions 2>&1 1>/dev/tty` +hostname=""; while [ -z "$hostname" ]; do hostname=`dialog --no-cancel --inputbox "Hostname:" 8 40 2>&1 >/dev/tty`; done +domainname=""; while [ -z "$domainname" ]; do domainname=`dialog --no-cancel --inputbox "Domain name root (for fully qualified domain, e.g. company.com):" 8 40 2>&1 >/dev/tty`; done +fqdn="${hostname}.${domainname}" +nicdevices=""; for nic in $(ip -o link show | awk -F': ' '{print $2}' | grep -v '^lo'); do nicdevices="$nicdevices $nic off"; done +totalram=`cat /proc/meminfo | grep -e "^MemTotal" | sed 's/MemTotal: *\(.*\) kB *$/\1/g'` +swapspace=$(($totalram / 5)) +swapspace=$(($swapspace / `getconf PAGESIZE`)) +swapspace=$(($swapspace * `getconf PAGESIZE`)) +# 20% swap space with 2G minimum +if [ "$swapspace" -lt "2048000" ]; then swapspace="2048000" ; fi + +nics=`dialog --separate-output --no-cancel --no-items --title "Bridged network devices" --checklist "Select the network devices to be bridged to br0:" $height $width ${window}$nicdevices 2>&1 1>/dev/tty` +networktype=`dialog --no-items --no-cancel --title "Network type" --radiolist "Select the network type:" 9 40 2 dhcp off static off 2>&1 1>/dev/tty` +if [ "$networktype" = "static" ]; then + address=""; while [ -z "$address" ]; do address=`dialog --no-cancel --inputbox "IP Address:" 8 40 2>&1 >/dev/tty`; done + subnet=""; while [ -z "$subnet" ]; do subnet=`dialog --no-cancel --inputbox "Subnet mask:" 8 40 2>&1 >/dev/tty`; done + gateway=""; while [ -z "$gateway" ]; do gateway=`dialog --no-cancel --inputbox "Gateway:" 8 40 2>&1 >/dev/tty`; done + dns1=""; while [ -z "$dns1" ]; do dns1=`dialog --no-cancel --inputbox "Primary DNS server:" 8 40 2>&1 >/dev/tty`; done + dns2=`dialog --no-cancel --inputbox "Secondary DNS server:" 8 40 2>&1 >/dev/tty` +fi + +admin=""; while [ -z "$admin" ]; do admin=`dialog --no-cancel --inputbox "Admin user:" 8 40 2>&1 >/dev/tty`; done +rootpassword="" +while [ "$rootpassword" = "" ]; do + rootpassword=`dialog --no-cancel --title "Root password" --insecure --passwordbox "Enter root password:" 8 40 2>&1 1>/dev/tty` + confirmpassword=`dialog --no-cancel --title "Root password confirmation" --insecure --passwordbox "Re-enter root password:" 8 40 2>&1 1>/dev/tty` + if ! [ "$rootpassword" = "$confirmpassword" ]; then + echo "Password does not match confirmation - please retry the setup" + rootpassword="" + fi +done +admins=`dialog --no-items --no-cancel --title "Administrators" --inputbox "List administrator e-mail addresses separated by comma:" 10 40 2>&1 1>/dev/tty` +a=""; for x in `timedatectl list-timezones`; do a="$a $x" ; done + + +smtp=""; while [ -z "$smtp" ]; do smtp=`dialog --no-cancel --inputbox "Outoing e-mail SMTP proxy server:" 8 40 2>&1 >/dev/tty`; done +email=""; while [ -z "$email" ]; do email=`dialog --no-cancel --inputbox "Outgoing mail username:" 8 40 2>&1 >/dev/tty`; done +emailpassword="" +while [ "$emailpassword" = "" ]; do + emailpassword=`dialog --no-cancel --title "Outgoing e-mail SMTP mail password" --insecure --passwordbox "Enter outgoing e-mail SMTP password:" 8 40 2>&1 1>/dev/tty` + confirmpassword=`dialog --no-cancel --title "Outgoing e-mail SMTP mail password" --insecure --passwordbox "Re-enter outgoing e-mail SMTP password:" 8 40 2>&1 1>/dev/tty` + if ! [ "$emailpassword" = "$confirmpassword" ]; then + echo "Password does not match confirmation - please retry the setup" + emailpassword="" + fi +done + + +timezone=`dialog --no-items --no-cancel --menu "Select time zone:" $height 40 ${window}${a} 2>&1 1>/dev/tty` + +for disk in `echo "$alldisks"`; do + echo "" + echo "Erasing partition table for device $disk..." + errors=`sgdisk --zap-all /dev/disk/by-id/$disk 2>&1 1>/dev/null` + if ! [ "$?" = "0" ]; then + echo "Failed to erase partition table for device $disk - $errors" + exit 3 + fi + echo "Done." +done + +if [ "$efi" = "1" ]; then + + for disk in `echo "$boots"`; do + echo "" + echo "Creating boot partitions for device $disk..." + errors=`sgdisk -n1:1M:+512M -t1:EF00 /dev/disk/by-id/$disk 2>&1 1>/dev/null` + if ! [ "$?" = "0" ]; then + echo "Failed to create boot partition for device $disk - $errors" + exit 3 + fi + echo "Done." + done + + for disk in `echo "$boots"`; do + echo "" + echo "Creating boot partitions for device $disk..." + errors=`sgdisk -n3:0:+512M -t3:BF01 /dev/disk/by-id/$disk 2>&1 1>/dev/null` + if ! [ "$?" = "0" ]; then + echo "Failed to create boot partition for device $disk - $errors" + exit 3 + fi + echo "Done." + done + +else + + for disk in `echo "$boots"`; do + echo "" + echo "Creating boot partitions for device $disk..." + errors=`sgdisk -a1 -n1:24K:+1000K -t1:EF02 /dev/disk/by-id/$disk 2>&1 1>/dev/null` + if ! [ "$?" = "0" ]; then + echo "Failed to create boot partition for device $disk - $errors" + exit 3 + fi + echo "Done." + done + +fi + +for disk in `echo "$disks"`; do + echo "" + echo "Creating main storage for device $disk..." + errors=`sgdisk -n4:0:0 -t4:BF01 /dev/disk/by-id/$disk 2>&1 1>/dev/null` + if ! [ "$?" = "0" ]; then + echo "Failed to create main storage for device $disk - $errors" + exit 3 + fi + echo "Done." +done + +# create boot mirror list and root list + +count="0"; bootmirror=""; for disk in `echo "$boots"`; do bootmirror="$bootmirror /dev/disk/by-id/${disk}-part3"; count=$((count + 1)); done; if [ "$count" -gt "1" ]; then bootmirror="mirror $bootmirror"; fi +rootraidz=""; for disk in `echo "$disks"`; do rootraidz="$rootraidz /dev/disk/by-id/${disk}-part4"; done + +# refresh drives or there are missing partitions +partprobe 2>/dev/null 1>/dev/null + +# wait for the partitions to show up + +for disk in `echo "$boots"`; do + pending="0" + while ! [ -e "/dev/disk/by-id/${disk}-part3" ]; do + partprobe 2>/dev/null 1>/dev/null + if [ "$pending" = "0" ]; then echo "" && echo "Waiting for ${disk} boot pool partition to update on device ${disk}..."; pending="1"; fi + sleep 3 + done + if [ "$pending" = "1" ]; then echo "Done."; fi +done + +for disk in `echo "$boots"`; do + pending="0" + while ! [ -e "/dev/disk/by-id/${disk}-part1" ]; do + partprobe 2>/dev/null 1>/dev/null + if [ "$pending" = "0" ]; then echo "" && echo "Waiting for ${disk} boot partition to update on device ${disk}..."; pending="1"; fi + sleep 3 + done + if [ "$pending" = "1" ]; then echo "Done."; fi +done + +echo "" +echo "Creating boot zpool..." +errors=`zpool create -f -o ashift=12 -d -o feature@async_destroy=enabled -o feature@bookmarks=enabled -o feature@embedded_data=enabled -o feature@empty_bpobj=enabled -o feature@enabled_txg=enabled -o feature@extensible_dataset=enabled -o feature@filesystem_limits=enabled -o feature@hole_birth=enabled -o feature@large_blocks=enabled -o feature@lz4_compress=enabled -o feature@spacemap_histogram=enabled -o feature@userobj_accounting=enabled -O acltype=posixacl -O canmount=off -O compression=lz4 -O devices=off -O normalization=formD -O relatime=on -O xattr=sa -O mountpoint=/ -R /mnt bpool $bootmirror 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Failed to create boot pool - $errors" + exit 4 +fi +echo "Done." + +# no striped mirror support yet + +# special exception for none raid - this just operates the disks like a stripe, for 1 or more disk - *not* recommended +if [ "$raidtype" = "none" ]; then + raidtype="" +else + raidtype=" $raidtype" +fi + +# wait for the partitions to show up +for disk in `echo "$disks"`; do + pending="0" + while ! [ -e "/dev/disk/by-id/${disk}-part4" ]; do + partprobe 2>/dev/null 1>/dev/null + if [ "$pending" = "0" ]; then echo "" && echo "Waiting for ${disk} storage partition to update..."; pending="1"; fi + sleep 3 + done + if [ "$pending" = "1" ]; then echo "Done."; fi +done + +echo "" +echo "Creating main zpool..." +error=`zpool create -f -o ashift=12 -O acltype=posixacl -O canmount=off -O compression=lz4 -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa -O mountpoint=/ -R /mnt rpool${raidtype}${rootraidz} 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Failed to create main pool - $errors" + exit 5 +fi +echo "Done." + + +echo "" +echo "Setting up main zpool dataset configuration..." +errors=`zfs create -o canmount=off -o mountpoint=none rpool/ROOT 2>&1 1>/dev/null && zfs create -o canmount=off -o mountpoint=none bpool/BOOT 2>&1 1>/dev/null && zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/ubuntu 2>&1 1>/dev/null && zfs mount rpool/ROOT/ubuntu 2>&1 1>/dev/null && zfs create -o canmount=noauto -o mountpoint=/boot bpool/BOOT/ubuntu 2>&1 1>/dev/null && zfs mount bpool/BOOT/ubuntu 2>&1 1>/dev/null && zfs create rpool/home 2>&1 1>/dev/null && zfs create -o mountpoint=/root rpool/home/root 2>&1 1>/dev/null && zfs create -o canmount=off rpool/var 2>&1 1>/dev/null && zfs create -o canmount=off rpool/var/lib 2>&1 1>/dev/null && zfs create rpool/var/log 2>&1 1>/dev/null && zfs create rpool/var/spool 2>&1 1>/dev/null && zfs create -o com.sun:auto-snapshot=false rpool/var/cache 2>&1 1>/dev/null && zfs create -o com.sun:auto-snapshot=false rpool/var/tmp 2>&1 1>/dev/null && chmod 1777 /mnt/var/tmp 2>&1 1>/dev/null && zfs create rpool/opt 2>&1 1>/dev/null && zfs create rpool/srv 2>&1 1>/dev/null && zfs create -o canmount=off rpool/usr 2>&1 1>/dev/null && zfs create rpool/usr/local 2>&1 1>/dev/null && zfs create rpool/var/mail 2>&1 1>/dev/null && zfs create -o com.sun:auto-snapshot=false rpool/var/lib/docker 2>&1 1>/dev/null && zfs create -o com.sun:auto-snapshot=false rpool/var/lib/nfs 2>&1 1>/dev/null && zfs create -o com.sun:auto-snapshot=false rpool/tmp 2>&1 1>/dev/null && chmod 1777 /mnt/tmp 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Error setting up ZFS settings - $errors" + exit 5 +fi +echo "Done." + +echo "" +echo "Bootstrapping..." +errors=`debootstrap bionic /mnt 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Failed to bootstrap root - $errors" + exit 6 +fi +echo "Done." + +echo "" +echo "Disabling ZFS devices..." +errors=`zfs set devices=off rpool 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Failed to set devices=off for root pool- $errors" + exit 7 +fi +echo "Done." + +echo "" +echo "Setting hostname and e-mail admins..." +echo "$hostname" > /mnt/etc/hostname +echo "127.0.0.1 $hostname $fqdn" > /mnt/etc/hosts +echo "127.0.1.1 $hostname" >> /mnt/etc/hosts +echo "${admins}" > /mnt/admins +chmod o+r /mnt/admins +echo "Done." + +echo "" +echo "Setting default apt repositories" +echo "deb http://archive.ubuntu.com/ubuntu bionic main universe" > /mnt/etc/apt/sources.list +echo "deb-src http://archive.ubuntu.com/ubuntu bionic main universe" >> /mnt/etc/apt/sources.list +echo "deb http://security.ubuntu.com/ubuntu bionic-security main universe" >> /mnt/etc/apt/sources.list +echo "deb-src http://security.ubuntu.com/ubuntu bionic-security main universe" >> /mnt/etc/apt/sources.list +echo "deb http://archive.ubuntu.com/ubuntu bionic-updates main universe" >> /mnt/etc/apt/sources.list +echo "deb-src http://archive.ubuntu.com/ubuntu bionic-updates main universe" >> /mnt/etc/apt/sources.list +echo "Done." + +echo "" +echo "Setting up boot pool import service..." +echo "[Unit]"> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " DefaultDependencies=no" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " Before=zfs-import-scan.service" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " Before=zfs-import-cache.service" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo "" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo "[Service]" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " Type=oneshot" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " RemainAfterExit=yes" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " ExecStart=/sbin/zpool import -N -o cachefile=none bpool" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo "[Install]" >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo " WantedBy=zfs-import.target " >> /mnt/etc/systemd/system/zfs-import-bpool.service +echo "Done." + +echo "" +echo "Creating home directory..." +errors=`zfs create rpool/home/${admin} 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Unable to create home directory - $errors" + exit 9 +fi +echo "Done." + +echo "" +echo "Mounting chroot mounts..." +mount --rbind /dev /mnt/dev +mount --rbind /proc /mnt/proc +mount --rbind /sys /mnt/sys +echo "Done." + +echo "" +echo "Entering chroot..." +echo "#!/bin/bash" > /mnt/setup-chroot.sh +echo "HOSTNAME=\"$hostname\"" >> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Mounting /proc/self/mounts...\"" >> /mnt/setup-chroot.sh +echo "ln -s /proc/self/mounts /etc/mtab" >> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Updating apt repositories on root pool...\"" >> /mnt/setup-chroot.sh +echo 'errors=`apt update 2>&1 1>/dev/null`' >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to update apt repositories on root pool - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"">> /mnt/setup-chroot.sh +echo "echo \"\"">> /mnt/setup-chroot.sh +echo "echo \"Setting locale...\"" >> /mnt/setup-chroot.sh +echo 'errors=`locale-gen en_US.UTF-8 2>&1 1>/dev/null`' >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to set the locale to en_US.UTF-8 - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Setting time zone...\"" >> /mnt/setup-chroot.sh +echo "cp /usr/share/zoneinfo/$timezone /etc/localtime" >> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Installing linux image, ifupdown dnsutils nfs-kernel-server apparmor-profiles vim, libvirt-bin, bridge-utils, net-tools, bash, screen, tmux, zfs-initramfs, dosfstools, mailutils, ssmtp, openssh-server, ufw, docker.io, sharutils...\"" >> /mnt/setup-chroot.sh +echo "errors=\$(DEBCONF_FRONTEND='noninteractive' apt install -y --no-install-recommends linux-image-generic 2>&1 1>/dev/null && apt purge -y netplan 2>&1 1>/dev/null && apt autoremove -y 2>&1 1>/dev/null && DEBCONF_FRONTEND='noninteractive' apt install -y ifupdown efibootmgr htop iotop smartmontools dnsutils nfs-kernel-server apparmor-profiles vim libvirt-bin bridge-utils net-tools bash screen tmux zfs-initramfs dosfstools mailutils ssmtp openssh-server ufw docker.io sharutils 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh + +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to install preliminary software - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +# network configuration should have optional static configuration - not just DHCP, it's very important + +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Enabling networking service...\"" >> /mnt/setup-chroot.sh +echo "error=\$(systemctl unmask networking 2>&1 1>/dev/null && systemctl enable networking 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to enable networking service - $errors"' >> /mnt/setup-chroot.sh +echo " exit 118">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +# configure docker storage to use zfs +mkdir -p /mnt/etc/docker +echo "{\"storage-driver\":\"zfs\"}" > /mnt/etc/docker/daemon.json +echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /mnt/etc/sysctl.conf +echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /mnt/etc/sysctl.conf +echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /mnt/etc/sysctl.conf + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Creating EFI partition..."' >> /mnt/setup-chroot.sh +firstdisk=`echo "$boots" | head -n1` +echo "error=\$(mkdosfs -F 32 -s 1 -n EFI /dev/disk/by-id/${firstdisk}-part1 2>&1 1>/dev/null && mkdir /boot/efi 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to create dos file system for EFI partition - $errors"' >> /mnt/setup-chroot.sh +echo " exit 100">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo PARTUUID=$(blkid -s PARTUUID -o value /dev/disk/by-id/${firstdisk}-part1) /boot/efi vfat nofail,x-systemd.device-timeout=0 0 1 >> /etc/fstab" >> /mnt/setup-chroot.sh + +echo "errors=\$(mount /boot/efi 2>&1 1>/dev/null && apt install -y grub-efi-amd64-signed shim-signed 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to mount EFI partition or install grub-EFI - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo 'echo "Done."' >> /mnt/setup-chroot.sh + +echo "echo ''" >> /mnt/setup-chroot.sh +echo 'echo "Setting root password..."' >> /mnt/setup-chroot.sh +echo "errors=\$(echo 'root:${rootpassword}' | chpasswd 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo "if ! [ \"\$?\" = \"0\" ]; then echo \"Could not set root password - \$errors\"; exit 21; fi" >> /mnt/setup-chroot.sh +echo 'echo "Done."'>> /mnt/setup-chroot.sh + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Enabling boot pool import service..."'>> /mnt/setup-chroot.sh +echo "errors=\$(systemctl enable zfs-import-bpool.service 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to enable boot pool import service - $errors"' >> /mnt/setup-chroot.sh +echo " exit 102">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo 'echo "Done."'>> /mnt/setup-chroot.sh + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo "echo \"Checking ZFS root...\"" >> /mnt/setup-chroot.sh +echo 'zfscheck=$(grub-probe /boot 2>&1 1>/dev/null)' >> /mnt/setup-chroot.sh +echo "if ! [ \"\$?\" = \"0\" ]; then echo \"grub-probe check failed - \$zfscheck\"; exit 2; fi" >> /mnt/setup-chroot.sh +echo "echo \"Success.\"" >> /mnt/setup-chroot.sh + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Updating initramfs..."' >> /mnt/setup-chroot.sh +echo "echo \"vmd\" >> /etc/initramfs-tools/modules" >> /mnt/setup-chroot.sh +echo 'errors=$(update-initramfs -u -k all 2>&1 1>/dev/null)' >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to update initramfs - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +# you need sed to do this right! +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Modifying grub for ZFS root..."' >> /mnt/setup-chroot.sh +echo "errors=\$(sed -ir 's/quiet splash//g' /etc/default/grub 2>&1 1>/dev/null && sed -ir 's/GRUB_CMDLINE_LINUX=\".*\"/GRUB_CMDLINE_LINUX=\"root=ZFS=rpool\/ROOT\/ubuntu rootdelay=10 noresume\"/g' /etc/default/grub 2>&1 1>/dev/null && sed -ir 's/^#GRUB_TERMINAL=console/GRUB_TERMINAL=console/g' /etc/default/grub 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo "if ! [ \"\$?\" = \"0\" ]; then echo \"Failed to set grub ZFS root - \$errors\"; exit 104; fi" >> /mnt/setup-chroot.sh +echo 'echo "Done."' >> /mnt/setup-chroot.sh + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Updating grub..."' >> /mnt/setup-chroot.sh +echo 'errors=$(update-grub 2>&1 1>/dev/null)'>> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to update grub - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Installing grub UEFI on plex1..."' >> /mnt/setup-chroot.sh +echo "errors=\$(grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ubuntu --recheck --no-floppy 2>&1 1>/dev/null && umount /boot/efi 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo "if ! [ \"\$?\" = \"0\" ]; then echo \"Failed to install grub UEFI on plex1 - \$errors\"; exit 104; fi" >> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +if ! [ "$boots" = "" ]; then + if [ "$efi" = "1" ]; then + + echo 'echo ""' >> /mnt/setup-chroot.sh + echo 'echo "Cloning EFI boot partition to all boot devices..."' >> /mnt/setup-chroot.sh + i="2" + for disk in `echo "$boots" | tail -n+2`; do + echo "errors=\$(dd if=/dev/disk/by-id/${firstdisk}-part1 of=/dev/disk/by-id/${disk}-part1 2>&1 1>/dev/null && efibootmgr -c -g -d /dev/disk/by-id/${disk} -p 3 -L "ubuntu-$i" -l '\EFI\ubuntu\grubx64.efi' 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh + echo "if ! [ \"\$?\" = \"0\" ]; then echo \"EFI copy failed - \$errors\"; exit 20; fi" >> /mnt/setup-chroot.sh + i=$((i + 1)) + done + + echo 'echo "Done."' >> /mnt/setup-chroot.sh + fi +fi + +# error check this as one big block +echo "zfs set mountpoint=legacy bpool/BOOT/ubuntu" >> /mnt/setup-chroot.sh +echo "echo \"bpool/BOOT/ubuntu /boot zfs nodev,relatime,x-systemd.requires=zfs-import-bpool.service 0 0\" >> /etc/fstab" >> /mnt/setup-chroot.sh +echo "zfs set mountpoint=legacy rpool/var/log">> /mnt/setup-chroot.sh +echo "echo \"rpool/var/log /var/log zfs nodev,relatime 0 0\" >> /etc/fstab" >> /mnt/setup-chroot.sh +echo "zfs set mountpoint=legacy rpool/var/spool">> /mnt/setup-chroot.sh +echo "echo \"rpool/var/spool /var/spool zfs nodev,relatime 0 0\" >> /etc/fstab" >> /mnt/setup-chroot.sh +echo "zfs set mountpoint=legacy rpool/var/tmp" >> /mnt/setup-chroot.sh +echo "echo \"rpool/var/tmp /var/tmp zfs nodev,relatime 0 0\" >> /etc/fstab" >> /mnt/setup-chroot.sh +echo "zfs set mountpoint=legacy rpool/tmp" >> /mnt/setup-chroot.sh +echo "echo \"rpool/tmp /tmp zfs nodev,relatime 0 0\" >> /etc/fstab" >> /mnt/setup-chroot.sh + +echo 'echo ""' >> /mnt/setup-chroot.sh +echo 'echo "Enabling SSH..."'>> /mnt/setup-chroot.sh +echo "sed -ir 's/^ *#? *ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh +echo "sed -ir 's/^#PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh +echo "sed -ir 's/^UsePAM.*/UsePAM no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh +echo "sed -ir 's/^#PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh +echo "errors=\$(systemctl enable ssh 2>&1 1>/dev/null)">> /mnt/setup-chroot.sh +#&& ufw allow in on any from any to any port 22 proto tcp 2>&1 1>/dev/null +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to enable SSH - $errors"' >> /mnt/setup-chroot.sh +echo " exit 101">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo 'echo "Done."'>> /mnt/setup-chroot.sh + +echo 'echo ""'>> /mnt/setup-chroot.sh +echo 'echo "Creating admin user..."'>> /mnt/setup-chroot.sh +# error check this +echo "useradd $admin" >> /mnt/setup-chroot.sh +echo "cp -a /etc/skel/.[!.]* \"/home/$admin\"" >> /mnt/setup-chroot.sh +echo "chown -R ${admin}:${admin} \"/home/$admin\"" >> /mnt/setup-chroot.sh +echo "usermod -a -G adm,cdrom,dip,plugdev,sudo -s /bin/bash \"$admin\"" >> /mnt/setup-chroot.sh +echo "echo '${admin}:${rootpassword}' | chpasswd" >> /mnt/setup-chroot.sh +echo 'echo "Done."'>> /mnt/setup-chroot.sh + +echo "mkdir \"/home/${admin}/.ssh\"" >> /mnt/setup-chroot.sh +echo "ssh-keygen -b 4096 -t rsa -q -f \"/home/${admin}/.ssh/id_rsa\" -N '$rootpassword'" >> /mnt/setup-chroot.sh +echo "cat /home/${admin}/.ssh/id_rsa.pub > \"/home/${admin}/.ssh/authorized_keys\"" >> /mnt/setup-chroot.sh +#echo "chmod 600 \"/home/${admin}/.ssh/id_rsa\"" >> /mnt/setup-chroot.sh +echo "chown -R ${admin}:${admin} \"/home/${admin}\"/.ssh" >> /mnt/setup-chroot.sh + +echo "HOME=\"/root\"" >> /mnt/setup-chroot.sh +echo "HOSTNAME=\"$hostname\"" >> /mnt/setup-chroot.sh + +echo "echo \"FromLineOverride=YES\" > /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"root=admin\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"hostname=${fqdn}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"AuthUser=${email}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"AuthPass=${emailpassword}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"mailhub=${smtp}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"UseSTARTTLS=YES\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"root:${admins}\" >> /etc/ssmtp/revaliases" >> /mnt/setup-chroot.sh +echo "chfn -f '${email}' root" >> /mnt/setup-chroot.sh +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Sending SSH key via e-mail...\"" >> /mnt/setup-chroot.sh +if [ "$networktype" = "dhcp" ]; then + connection="`hostname -I` (`wget -qO - ifconfig.me`)" +else + connection="$address" +fi + +echo "serverinfo=\`cat \"/home/${admin}/.ssh/id_rsa\"\`" >> /mnt/setup-chroot.sh +echo "serverinfo=\"Server available at $connection\\n\\n\$serverinfo\"; echo -e \"\$serverinfo\" | mail -s \"$hostname SSH key\" -r \"${email}\" \"\`cat /admins\`\"" >> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +errors=`chmod +x /mnt/setup-chroot.sh 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Failed to set execution permission on chroot script - $errors" + exit 45 +fi + +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Enabling UFW and apparmor on boot...\"" >> /mnt/setup-chroot.sh +echo "errors=\$(systemctl enable ufw 2>&1 1>/dev/null && systemctl enable apparmor 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to enable UFW - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Enabling cron, smartd, and adding ZFS health script...\"" >> /mnt/setup-chroot.sh +echo "errors=\$(echo \"0 0 * * 1 /zfshealth.sh\" | crontab 1>&2 2>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to add zfshealth.sh to crontab - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "errors=\$(systemctl enable cron 2>&1 1>/dev/null && systemctl enable smartd 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to enable cron service - $errors"' >> /mnt/setup-chroot.sh +echo " exit 1">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Upgrading OS and installing standard command line system...\"" >> /mnt/setup-chroot.sh +echo "errors=\$(apt dist-upgrade --yes 2>&1 1>/dev/null && apt install --yes ubuntu-standard 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh +echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh +echo ' echo "Failed to upgrade OS or install command line basics - $errors"' >> /mnt/setup-chroot.sh +echo " exit 122">> /mnt/setup-chroot.sh +echo "fi">> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + +echo "exit 0" >> /mnt/setup-chroot.sh + + +chroot /mnt /setup-chroot.sh +if ! [ "$?" = "0" ]; then + exit $? +fi + +echo "" +echo "Creating swap space..." +errors=$(zfs create -V ${swapspace}K -b $(getconf PAGESIZE) -o compression=zle -o logbias=throughput -o sync=always -o primarycache=metadata -o secondarycache=none -o com.sun:auto-snapshot=false rpool/swap 2>&1 1>/dev/null && (while ! [ -e "/dev/zvol/rpool/swap" ]; do sleep 1; done) && mkswap -f /dev/zvol/rpool/swap 2>&1 1>/dev/null) +if ! [ "$?" = "0" ]; then + echo "Failed to create swap space - $errors" + exit 132 +fi +echo "/dev/zvol/rpool/swap none swap discard 0 0" >> /mnt/etc/fstab +echo "Done." + +echo "" +echo "Writing network interfaces file..." +macaddr=$(echo $hostname|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/') +mkdir -p /mnt/etc/network && mkdir -p /mnt/etc/network/interfaces.d +echo "auto lo br0" > /mnt/etc/network/interfaces.d/br0 +echo "iface lo inet loopback" >> /mnt/etc/network/interfaces.d/br0 +niclist="" +for nic in `echo "$nics"`; do + echo "iface ${nic} inet manual" >> /mnt/etc/network/interfaces.d/br0 + niclist="$niclist $nic" +done +if [ "$networktype" = "dhcp" ]; then + echo "iface br0 inet dhcp" >> /mnt/etc/network/interfaces.d/br0 +else + echo "iface br0 inet static" >> /mnt/etc/network/interfaces.d/br0 + echo " address $address" >> /mnt/etc/network/interfaces.d/br0 + echo " netmask $subnet" >> /mnt/etc/network/interfaces.d/br0 + echo " gateway $gateway" >> /mnt/etc/network/interfaces.d/br0 + sed -ir "s/^#DNS=.*/DNS=${dns1}/g" /mnt/etc/systemd/resolved.conf + if ! [ -z "$dns2" ]; then sed -ir "s/^#FallbackDNS=.*/FallbackDNS=${dns2}/g" /mnt/etc/systemd/resolved.conf ; fi +fi +#echo " bridge_hw $macaddr" >> /mnt/etc/network/interfaces.d/br0 +echo " dns-nameservers 127.0.0.53" >> /mnt/etc/network/interfaces.d/br0 +echo " bridge_waitport 0" >> /mnt/etc/network/interfaces.d/br0 +echo " bridge_fd 0" >> /mnt/etc/network/interfaces.d/br0 +echo " bridge_ports${niclist}" >> /mnt/etc/network/interfaces.d/br0 +echo " bridge_stp on" >> /mnt/etc/network/interfaces.d/br0 +echo "source-directory /etc/network/interfaces.d" > /mnt/etc/network/interfaces +echo "Done." + +# add the firewall rule for SSH, but there may already be an exception for this, test the network in the live environment + +echo "" +echo "Opening SSH port on firewall..." +sed -ir 's/### RULES ###/### RULES ###\n-A ufw-user-input -i br0 -p tcp --dport 22 -j ACCEPT/g' /mnt/etc/ufw/user.rules 2>&1 1>/dev/null +echo "Done." +# commented out for debugging +echo "" +echo "Clearing chroot configuration script..." +rm /mnt/setup-chroot.sh +echo "Done." + +echo "#! /bin/bash" > /mnt/zfshealth.sh +echo "problems=0; emailSubject=\"\`hostname\` - ZFS pool - HEALTH check\"; emailMessage=\"\"" >> /mnt/zfshealth.sh +echo "condition=\$(/sbin/zpool status | grep -e \"^ *state:\" | egrep -i '(DEGRADED|FAULTED|OFFLINE|UNAVAIL|REMOVED|FAIL|DESTROYED|corrupt|cannot|unrecover)')" >> /mnt/zfshealth.sh +echo "if [ \"\${condition}\" ]; then emailSubject=\"\$emailSubject - fault\"; problems=1; fi" >> /mnt/zfshealth.sh +echo "maxCapacity=80" >> /mnt/zfshealth.sh +echo "if [ \${problems} -eq 0 ]; then" >> /mnt/zfshealth.sh +echo " capacity=\$(/sbin/zpool list -H -o capacity)" >> /mnt/zfshealth.sh +echo " for line in \${capacity//%/}" >> /mnt/zfshealth.sh +echo " do" >> /mnt/zfshealth.sh +echo " if [ \$line -ge \$maxCapacity ]; then emailSubject=\"\$emailSubject - Capacity Exceeded\"; problems=1; fi" >> /mnt/zfshealth.sh +echo " done" >> /mnt/zfshealth.sh +echo "fi" >> /mnt/zfshealth.sh +echo "if [ \${problems} -eq 0 ]; then" >> /mnt/zfshealth.sh +echo " errors=\$(/sbin/zpool status | grep ONLINE | grep -v state | awk '{print \$3 \$4 \$5}' | grep -v 000)" >> /mnt/zfshealth.sh +echo " if [ \"\${errors}\" ]; then emailSubject=\"\$emailSubject - Drive Errors\"; problems=1; fi" >> /mnt/zfshealth.sh +echo "fi" >> /mnt/zfshealth.sh +echo "scrubExpire=691200" >> /mnt/zfshealth.sh +echo "if [ \${problems} -eq 0 ]; then" >> /mnt/zfshealth.sh +echo " currentDate=\$(date +%s)" >> /mnt/zfshealth.sh +echo " zfsVolumes=\$(/sbin/zpool list -H -o name)" >> /mnt/zfshealth.sh +echo " for volume in \${zfsVolumes}" >> /mnt/zfshealth.sh +echo " do" >> /mnt/zfshealth.sh +echo " if [ \$(/sbin/zpool status \$volume | egrep -c \"none requested\") -ge 1 ]; then echo \"ERROR: You need to run \\\"zpool scrub \$volume\\\" before this script can monitor the scrub expiration time.\"; break; fi" >> /mnt/zfshealth.sh +echo " if [ \$(/sbin/zpool status \$volume | egrep -c \"scrub in progress|resilver\") -ge 1 ]; then break; fi" >> /mnt/zfshealth.sh +echo " scrubRawDate=\$(/sbin/zpool status \$volume | grep scrub | awk '{print \$15 \$12 \$13}' | sed 's/\([0-9]\+\)\([A-Za-z]*\)\([0-9]\+\)/\\2 \\3, \\1/g')" >> /mnt/zfshealth.sh +echo " scrubDate=\$(date -d \"\$scrubRawDate\" +%s)" >> /mnt/zfshealth.sh +echo " if [ \$((\$currentDate - \$scrubDate)) -ge \$scrubExpire ]; then" >> /mnt/zfshealth.sh +echo " if [ \${problems} -eq 0 ]; then emailSubject=\"\$emailSubject - Scrub Time Expired. Scrub Needed on Volume(s)\"; fi" >> /mnt/zfshealth.sh +echo " problems=1" >> /mnt/zfshealth.sh +echo " emailMessage=\"\${emailMessage}Pool: \$volume needs scrub \n\"" >> /mnt/zfshealth.sh +echo " fi" >> /mnt/zfshealth.sh +echo " done" >> /mnt/zfshealth.sh +echo "fi" >> /mnt/zfshealth.sh +echo "echo -e \"\$emailMessage \n\n\n \`/sbin/zpool list\` \n\n\n \`/sbin/zpool status\`\" | mail -r \"${email}\" -s \"\$emailSubject\" \"\`cat /admins\`\"" >> /mnt/zfshealth.sh +echo "if [ \"\$problems\" -ne 0 ]; then logger \$emailSubject; fi" >> /mnt/zfshealth.sh + +chmod +x /mnt/zfshealth.sh + +echo "" +echo "Unmounting chroot mounts..." +mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | xargs -i{} umount -lf {} +echo "Done." + +echo "" +echo "Exporting zpools..." +errors=`zpool export -a 2>&1 1>/dev/null` +if ! [ "$?" = "0" ]; then + echo "Couldn't export mounted zpools - $errors" + exit 8 +fi +echo "Done." + +echo "" +echo "Congratulations! The install was successful. Please reboot and set your boot device using UEFI in the BIOS. You should receive an e-mail with the server's SSH private key shortly." +echo "" +exit 0 \ No newline at end of file diff --git a/zfshealth.sh b/zfshealth.sh deleted file mode 100644 index 2e744ec..0000000 --- a/zfshealth.sh +++ /dev/null @@ -1,139 +0,0 @@ -#! /bin/bash -# -# Calomel.org -# https://calomel.org/zfs_health_check_script.html -# FreeBSD 9.1 ZFS Health Check script -# zfs_health.sh @ Version 0.15 - -# Check health of ZFS volumes and drives. On any faults send email. In FreeBSD -# 10 there is supposed to be a ZFSd daemon to monitor the health of the ZFS -# pools. For now, in FreeBSD 9, we will make our own checks and run this script -# through cron a few times a day. - -# Changelog -# Peter van der Does - Always send an email, even if there is no problem. -# I prefer to know a script has run even when there is no problem. -# June 24, 2015 -# Peter van der Does - When a scrub is needed the email subject line only has to inform us once. - -# 99 problems but ZFS ain't one -problems=0 -emailSubject="`hostname` - ZFS pool - HEALTH check" -emailMessage="" - -# Health - Check if all zfs volumes are in good condition. We are looking for -# any keyword signifying a degraded or broken array. - -condition=$(/sbin/zpool status | egrep -i '(DEGRADED|FAULTED|OFFLINE|UNAVAIL|REMOVED|FAIL|DESTROYED|corrupt|cannot|unrecover)') -if [ "${condition}" ]; then - emailSubject="$emailSubject - fault" - problems=1 -fi - - -# Capacity - Make sure pool capacities are below 80% for best performance. The -# percentage really depends on how large your volume is. If you have a 128GB -# SSD then 80% is reasonable. If you have a 60TB raid-z2 array then you can -# probably set the warning closer to 95%. -# -# ZFS uses a copy-on-write scheme. The file system writes new data to -# sequential free blocks first and when the uberblock has been updated the new -# inode pointers become valid. This method is true only when the pool has -# enough free sequential blocks. If the pool is at capacity and space limited, -# ZFS will be have to randomly write blocks. This means ZFS can not create an -# optimal set of sequential writes and write performance is severely impacted. - -maxCapacity=80 - -if [ ${problems} -eq 0 ]; then - capacity=$(/sbin/zpool list -H -o capacity) - for line in ${capacity//%/} - do - if [ $line -ge $maxCapacity ]; then - emailSubject="$emailSubject - Capacity Exceeded" - problems=1 - fi - done -fi - - -# Errors - Check the columns for READ, WRITE and CKSUM (checksum) drive errors -# on all volumes and all drives using "zpool status". If any non-zero errors -# are reported an email will be sent out. You should then look to replace the -# faulty drive and run "zpool scrub" on the affected volume after resilvering. - -if [ ${problems} -eq 0 ]; then - errors=$(/sbin/zpool status | grep ONLINE | grep -v state | awk '{print $3 $4 $5}' | grep -v 000) - if [ "${errors}" ]; then - emailSubject="$emailSubject - Drive Errors" - problems=1 - fi -fi - - -# Scrub Expired - Check if all volumes have been scrubbed in at least the last -# 8 days. The general guide is to scrub volumes on desktop quality drives once -# a week and volumes on enterprise class drives once a month. You can always -# use cron to schedule "zpool scrub" in off hours. We scrub our volumes every -# Sunday morning for example. -# -# Scrubbing traverses all the data in the pool once and verifies all blocks can -# be read. Scrubbing proceeds as fast as the devices allows, though the -# priority of any I/O remains below that of normal calls. This operation might -# negatively impact performance, but the file system will remain usable and -# responsive while scrubbing occurs. To initiate an explicit scrub, use the -# "zpool scrub" command. -# -# The scrubExpire variable is in seconds. So for 8 days we calculate 8 days -# times 24 hours times 3600 seconds to equal 691200 seconds. - -scrubExpire=691200 - -if [ ${problems} -eq 0 ]; then - currentDate=$(date +%s) - zfsVolumes=$(/sbin/zpool list -H -o name) - - for volume in ${zfsVolumes} - do - if [ $(/sbin/zpool status $volume | egrep -c "none requested") -ge 1 ]; then - echo "ERROR: You need to run \"zpool scrub $volume\" before this script can monitor the scrub expiration time." - break - fi - if [ $(/sbin/zpool status $volume | egrep -c "scrub in progress|resilver") -ge 1 ]; then - break - fi - - ### FreeBSD with *nix supported date format - scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $15 $12 $13}') - scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) - - ### Ubuntu with GNU supported date format - #scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $11" "$12" " $13" " $14" "$15}') - #scrubDate=$(date -d "$scrubRawDate" +%s) - - if [ $(($currentDate - $scrubDate)) -ge $scrubExpire ]; then - if [ ${problems} -eq 0 ]; then - emailSubject="$emailSubject - Scrub Time Expired. Scrub Needed on Volume(s)" - fi - problems=1 - emailMessage="${emailMessage}Pool: $volume needs scrub \n" - fi - done -fi - - -# Notifications - On any problems send email with drive status information and -# capacities including a helpful subject line to root. Also use logger to write -# the email subject to the local logs. This is the place you may want to put -# any other notifications like: -# -# + Update an anonymous twitter account with your ZFS status (https://twitter.com/zfsmonitor) -# + Playing a sound file or beep the internal speaker -# + Update Nagios, Cacti, Zabbix, Munin or even BigBrother - -echo -e "$emailMessage \n\n\n `/sbin/zpool list` \n\n\n `/sbin/zpool status`" | mail -s "$emailSubject" root -if [ "$problems" -ne 0 ]; then - logger $emailSubject -fi - -### EOF ### \ No newline at end of file