add luks and virsh notes from truenas migration

active/software_luks/luks.md

@@ -0,0 +1,91 @@
+# LUKS
+
+Disk Encryption
+
+## Encrypting a Drive
+
+You get 8 key slots total.
+
+```bash
+# Remember to install if you need it
+dnf install cryptsetup
+
+# Create an encryption key
+mkdir /etc/luks-keys
+chmod 700 /etc/luks-keys
+dd if=/dev/urandom bs=128 count=1 of=/etc/luks-keys/data0.key
+
+# Create an encrypted partition
+# -q means don't ask for confirmation
+# -v means verbose
+cryptsetup -q -v luksFormat /dev/nvme6n1p1 /etc/luks-keys/data0.key
+
+# Unlock
+cryptsetup -q -v luksOpen --key-file /etc/luks-keys/data0.key /dev/nvme6n1p1 luks-$(cryptsetup luksUUID /dev/nvme6n1p1)
+
+# List keys
+cryptsetup luksDump /dev/nvme6n1p1
+
+# Remove a key from a slot
+cryptsetup luksKillSlot /dev/nvme6n1p1 2
+
+# Add a new key to a slot
+cryptsetup luksAddKey /dev/nvme6n1p1 -S 5
+```
+
+## TPM2 Decryption
+
+Mostly taken from here:
+<https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95>
+
+PCR reference for `--tpm2-pcrs` args
+
+```text
+0: System firmware executable
+2: Kernel
+4: Bootloader
+7: Secure boot state
+8: Cmdline
+9: Initrd
+```
+
+Basic commands:
+
+```bash
+# Show tpm2 devices
+systemd-cryptenroll --tpm2-device=list
+
+# Show crypto luks block devices
+blkid -t TYPE=crypto_LUKS
+
+# Enroll the tpm2 device with systemd-cryptenroll
+systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9 /dev/nvme0n1p3
+
+# Reenroll
+systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9
+```
+
+Note, you'll need to add `rd.luks.options=tpm2-device=auto` to your kernel parameters.
+
+## Batch Operations
+
+```bash
+# Create encrypted drives in bulk
+export LUKS_DEVS="/dev/nvme4n1p1 /dev/nvme3n1p1 /dev/nvme0n1p1 /dev/nvme1n1p4 /dev/nvme2n1p1 /dev/nvme5n1p1"
+for luks_drive in $LUKS_DRIVES; do
+    cryptsetup -q -v luksFormat /dev/${luks_drive} /etc/luks-keys/data0.key
+done
+
+# Unlock encrypted drives in bulk
+export LUKS_DEVS="/dev/nvme4n1p1 /dev/nvme3n1p1 /dev/nvme0n1p1 /dev/nvme1n1p4 /dev/nvme2n1p1 /dev/nvme5n1p1"
+for luks_drive in $LUKS_DRIVES; do
+    cryptsetup -q -v luksOpen --key-file /etc/luks-keys/data0.key /dev/${luks_drive} luks-$(cryptsetup luksUUID /dev/${luks_drive})
+done
+
+# Add new keys in bulk
+export LUKS_DEVS="/dev/nvme4n1p1 /dev/nvme3n1p1 /dev/nvme0n1p1 /dev/nvme1n1p4 /dev/nvme2n1p1 /dev/nvme5n1p1"
+for luks_dev in $LUKS_DEVS; do
+    echo Adding key to $luks_dev
+    cryptsetup luksAddKey $luks_dev -S 2
+done
+```

active/software_virsh/virsh.md

@@ -19,7 +19,9 @@ Virtual Machine Management
     - [Create a Cloud Init Compatible VM](#create-a-cloud-init-compatible-vm)
     - [Create VM with Graphics using an ISO Installation Disk](#create-vm-with-graphics-using-an-iso-installation-disk)
     - [Create VM using Host Device as Disk](#create-vm-using-host-device-as-disk)
+    - [Create a Home Assistant VM](#create-a-home-assistant-vm)
   - [Snapshots](#snapshots)
+  - [Creating and Attaching Disks](#creating-and-attaching-disks)
   - [Virt Builder](#virt-builder)
 
 ## Before you Begin
@@ -55,6 +57,12 @@ Virtual Machine Management
 export LIBVIRT_DEFAULT_URI='qemu+ssh://user@server/system'
 ```
 
+Or for Truenas
+
+```bash
+export LIBVIRT_DEFAULT_URI='qemu+ssh://root@truenas/system?socket=/run/truenas_libvirt/libvirt-sock'
+```
+
 ## Useful Virsh Commands
 
 ```bash
@@ -234,7 +242,7 @@ virt-install \
 --import --disk "path=${VM_DISK_PATH},bus=virtio"
 ```
 
-#### Create a Cloud Init Compatible VM
+### Create a Cloud Init Compatible VM
 
 <https://cloudinit.readthedocs.io/en/latest/reference/examples.html>
 
@@ -318,10 +326,93 @@ virt-install \
 --disk none
 ```
 
+### Create a Home Assistant VM
+
+```bash
+virt-install \
+--name haos \
+--description "Home Assistant OS" \
+--os-variant=generic \
+--ram=4096 \
+--vcpus=2 \
+--disk /var/lib/libvirt/images/haos_ova-16.3.qcow2,bus=scsi \
+--controller type=scsi,model=virtio-scsi \
+--import \
+--graphics none \
+--boot uefi
+```
+
 ## Snapshots
 
 See [qemu qcow2 snapshots](/active/software_qemu/qemu.md#qcow2-snapshots)
 
+## Creating and Attaching Disks
+
+To create and attach one disk:
+
+```bash
+export VM_NAME="cloud-init-test-fedora"
+export VM_DISK_NAME="test1"
+qemu-img create -f qcow2 /var/lib/libvirt/images/${VM_DISK_NAME}.qcow2 1G
+
+virsh attach-disk ${VM_NAME} \
+--source /var/lib/libvirt/images/${VM_DISK_NAME} \
+--target vdb \
+--persistent
+--live
+```
+
+To create and attach multiple disks (for raid testing)
+
+```bash
+export VM_NAME="cloud-init-test-fedora"
+# Max supported for this script is 25
+export VM_NUM_DISKS=8
+export VM_DISK_SIZE=4G
+
+##### Attach #####
+# Create the disks and target mounts from our array
+letters=($(echo {a..z}))
+for disk_num in $(seq 1 $VM_NUM_DISKS); do
+    VM_DISK_NAME="test-${disk_num}"
+    VM_DISK_TARGET=vd${letters[$disk_num]}
+
+    echo "Creating /var/lib/libvirt/images/${VM_DISK_NAME}.qcow2"
+    sudo qemu-img create -f qcow2 /var/lib/libvirt/images/${VM_DISK_NAME}.qcow2 ${VM_DISK_SIZE}
+
+    echo "Attaching vd${letters[$disk_num]} to ${VM_NAME}"
+    virsh attach-disk ${VM_NAME} \
+    --source /var/lib/libvirt/images/${VM_DISK_NAME}.qcow2 \
+    --target vd${letters[$disk_num]} \
+    --persistent \
+    --subdriver qcow2 \
+    --live
+done;
+
+##### Cleanup #####
+# Detach the disks from our VMs
+letters=($(echo {a..z}))
+for disk_num in $(seq 1 $VM_NUM_DISKS); do
+    VM_DISK_NAME="test-${disk_num}"
+    VM_DISK_TARGET=vd${letters[$disk_num]}
+
+    echo "Detaching vd${letters[$disk_num]} from ${VM_NAME}"
+    virsh detach-disk ${VM_NAME} \
+    --target vd${letters[$disk_num]} \
+    --persistent
+done;
+
+# Optionally delete images
+letters=($(echo {a..z}))
+for disk_num in $(seq 1 $VM_NUM_DISKS); do
+    VM_DISK_NAME="test-${disk_num}"
+    VM_DISK_TARGET=vd${letters[$disk_num]}
+
+    echo "Removing /var/lib/libvirt/images/${VM_DISK_NAME}.qcow2"
+    sudo rm /var/lib/libvirt/images/${VM_DISK_NAME}.qcow2
+done;
+```
+
 ## Virt Builder
 
 <https://docs.fedoraproject.org/en-US/fedora-server/virtualization/vm-install-diskimg-virtbuilder/#_minimal_effort_customization>