Reinstalling my backup server

2022-03-28 - How to install Alpine Linux with a custom raid1 partitioning
Tag: Alpine

Introduction

Last week I reinstalled my backup server. It was successfully running OpenBSD for a few years but I decided I wanted to run containers on it again for some experiments, so back to Linux.

I hesitated with Gentoo but decided to give a fair shot to Alpine Linux instead. I have used it extensively on virtual machines but not so much on bare metal so here I go. In particular the documentation on how to perform a custom partitioning was a bit lacking so hopefully this blog post will fill in some gaps.

Booting the installer

Booting the installer is straightforward : download the latest image from https://alpinelinux.org/downloads/ and copy it to a usb drive (/dev/sdb in the example bellow). I chose the extended version of the installer because I will need to install additional tools to setup the disks just right :

wget https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-extended-3.15.3-x86_64.iso
dd if=alpine-extended-3.15.3-x86_64.iso of=/dev/sdb bs=1M
sync

Making the installer reachable through ssh

This step is optional but I like being able to simply paste commands from this website during the installation process. The following will start ssh and setup static networking (the ips are to be customized to your network of course) :

apk add openssh
echo 'PermitRootLogin yes' > /etc/ssh/sshd_config
/etc/init.d/sshd start
ip a a 192.168.1.3/24 dev eth0
ip l set up dev eth0
ip r a default via 192.168.1.1
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
passwd

RAID1 partitioning

First we install a few tools:

echo 'http://dl-cdn.alpinelinux.org/alpine/latest-stable/main' > /etc/apk/repositories
apk add sgdisk mdadm xfsprogs grub efibootmgr dosfstools partx

For RAID1 I need two identical disks. Since in my case its two SSD drives, I use blkdiscard to clean them.

I planed for 3 partitions:

• a 512M /boot that will be your UEFI partition
• a 16G /
• the remainder of the disks for an encrypted /data

for DEVICE in `echo sda sdb`; do
	DISK=/dev/$DEVICE
	blkdiscard $DISK
	sgdisk -n1:0:+512M -t1:FD00 $DISK
	sgdisk -n2:0:+16G -t2:FD00 $DISK
	sgdisk -n3:0:0 -t3:FD00 $DISK
	partx -a $DISK
done

If partx fails with a error and cannot reread the new partitions you will have to reboot. Sadly, it can happen with some consumer grade motherboards.

The UEFI partition needs a raid metadata version 1.0 in order to have the metadata at the end of the partition. This will ensure the UEFI (which is not raid aware) can boot from a single disk:

mdadm --create --run --level=1 --raid-devices=2 --metadata=1.0 /dev/md1 /dev/sda1 /dev/sdb1
mdadm --create --run --level=1 --raid-devices=2 /dev/md2 /dev/sda2 /dev/sdb2
mdadm --create --run --level=1 --raid-devices=2 /dev/md3 /dev/sda3 /dev/sdb3
blkdiscard /dev/md1
blkdiscard /dev/md2
blkdiscard /dev/md3

I like xfs so that is what I will use for / (/data will come later):

mkfs.fat -F 32 -n efi-boot /dev/md1
mkfs.xfs /dev/md2
mount -t xfs /dev/md2 /mnt
mkdir -p /mnt/boot
mount -t vfat /dev/md1 /mnt/boot

Running the installer

You can run the installer normally, just beware at the end when choosing disks : you will not be able to install to /dev/md2 so the installer will stop but still record all your answers.

setup-alpine

You just need to trigger the next step manually with:

setup-disk /mnt

Post installation steps

We need to customise some things before your system can boot. In order to do that we will need to chroot into your new system:

mount -t proc none /mnt/proc
mount -t sysfs  none /mnt/sys
mount -o bind /dev /mnt/dev
chroot /mnt

First we want to preserve the mdadm numbering we need with the following:

mdadm --detail --scan >> /etc/mdadm.conf
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b /
echo "/dev/md2        /       xfs     rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 1
/dev/md1        /boot   vfat    rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=utf8,shortname=mixed,errors=remount-ro 0 2
" > /etc/fstab

Next the installer botched the UEFI part, here is how to fix it:

rm -rf /boot/efi/EFI
grub-install /dev/md2 --efi-directory=/boot
efibootmgr -c -g -d /dev/sda -p 1 -w -L grub_sda -l EFI/grub/grubx64.efi
efibootmgr -c -g -d /dev/sdb -p 1 -w -L grub_sdb -l EFI/grub/grubx64.efi

You can now exit your chroot then reboot:

exit
reboot

Don’t forget to unplug the installation media!

Post install

Here is how I setup my encrypted /data:

apk add cryptsetup
cryptsetup luksFormat --cipher aes-xts-plain64 /dev/md3
cryptsetup luksOpen --allow-discards /dev/md3 data
mkdir /data
echo "/dev/mapper/data /data xfs noauto,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 0" >> /etc/fstab
mount /data