projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
18325: no debian11 packages yet for libnvidia-container-tools, use
[arvados.git] / tools / compute-images / scripts / usr-local-bin-ensure-encrypted-partitions.sh
diff --git a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
index b24e437f06b893f37e5235c08417bb5011b8c524..462158e043fc58213943aac2514081fb6fbba5ee 100644 (file)
--- a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
+++ b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
@@ -114,7 +114,7 @@ head -c321 /dev/urandom >"$KEYPATH"
 echo YES | cryptsetup luksFormat "$LVPATH" "$KEYPATH"
 cryptsetup --key-file "$KEYPATH" luksOpen "$LVPATH" "$(basename "$CRYPTPATH")"
 shred -u "$KEYPATH"
-mkfs.xfs "$CRYPTPATH"
+mkfs.xfs -f "$CRYPTPATH"
 
 # First make sure docker is not using /tmp, then unmount everything under it.
 if [ -d /etc/sv/docker.io ]
@@ -130,6 +130,13 @@ MOUNTOPTIONS="async"
 mount -o ${MOUNTOPTIONS} "$CRYPTPATH" "$MOUNTPATH"
 chmod a+w,+t "$MOUNTPATH"
 
+# Make sure docker uses the big partition
+cat <<EOF > /etc/docker/daemon.json
+{
+    "data-root": "$MOUNTPATH/docker-data"
+}
+EOF
+
 # restart docker
 if [ -d /etc/sv/docker.io ]
 then