X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/70c33e51905a84c3dcb61c88e5ec5c6479599c28..bfe0ea9b824dc057f07355a928ccb64ab68b6c57:/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh

diff --git a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
index b24e437f06..a76dc12109 100644
--- a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
+++ b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
@@ -114,14 +114,14 @@ head -c321 /dev/urandom >"$KEYPATH"
 echo YES | cryptsetup luksFormat "$LVPATH" "$KEYPATH"
 cryptsetup --key-file "$KEYPATH" luksOpen "$LVPATH" "$(basename "$CRYPTPATH")"
 shred -u "$KEYPATH"
-mkfs.xfs "$CRYPTPATH"
+mkfs.xfs -f "$CRYPTPATH"
 
 # First make sure docker is not using /tmp, then unmount everything under it.
 if [ -d /etc/sv/docker.io ]
 then
   sv stop docker.io || service stop docker.io || true
 else
-  service docker stop || true
+  systemctl disable --now docker.service docker.socket || true
 fi
 
 ensure_umount "$MOUNTPATH/docker/aufs"
@@ -130,13 +130,20 @@ MOUNTOPTIONS="async"
 mount -o ${MOUNTOPTIONS} "$CRYPTPATH" "$MOUNTPATH"
 chmod a+w,+t "$MOUNTPATH"
 
+# Make sure docker uses the big partition
+cat <<EOF > /etc/docker/daemon.json
+{
+    "data-root": "$MOUNTPATH/docker-data"
+}
+EOF
+
 # restart docker
 if [ -d /etc/sv/docker.io ]
 then
   ## runit
   sv up docker.io
 else
-  service docker start
+  systemctl enable --now docker.service docker.socket || true
 fi
 
 end=$((SECONDS+60))