docs/alpine-server-setup/installation.md: change tank to rpool and update w.rt. zlevis 2.0

This commit is contained in:
Luc Bijl 2025-02-21 23:32:06 +01:00
parent e6434602c8
commit 48ab49c9ee

View file

@ -5,16 +5,16 @@ To install the Alpine Linux distribution on the system, the datasets of the syst
First import and decrypt the system pool:
```
# zpool import -N -R /mnt tank
# zfs load-key -L file:///tmp/tank.key tank
# zpool import -N -R /mnt rpool
# zfs load-key -L file:///tmp/rpool.key rpool
```
Mount the datasets in the system pool and decrypt the home dataset:
```
# mount tank/root/alpine /mnt -t zfs -o noatime
# zfs mount tank/home
# zfs mount tank/var
# mount rpool/root/alpine /mnt -t zfs -o noatime
# zfs mount rpool/home
# zfs mount rpool/var
```
Mount the ESP:
@ -106,10 +106,12 @@ features="... zlevis"
disable_trigger="yes"
```
> The `mkinitfs` package that supports `zlevis` is as of this moment not yet in the alpine package repository, for the relevant steps see the [zlevis mkinitfs-implementation wiki](https://git.bijl.us/luc/zlevis/wiki/mkinitfs-implementation).
The most important step is the creation of a UKI using `secureboot-hook` which also automatically signs them. Configure `/etc/kernel-hooks.d/secureboot.conf` to set kernel cmdline options and secureboot:
```
cmdline="rw root=ZFS=tank/root/alpine rootflags=noatime quiet splash"
cmdline="rw root=ZFS=rpool/root/alpine rootflags=noatime quiet splash"
signing_cert="/var/lib/sbctl/keys/db/db.pem"
signing_key="/var/lib/sbctl/keys/db/db.key"
@ -130,13 +132,7 @@ Use `sbctl` to create secureboot keys and sign them:
Set the cache-file of the ZFS pool:
```
# zpool set cachefile=/etc/zfs/zpool.cache tank
```
Now to see if everything went successfully, run:
```
# apk fix kernel-hooks
# zpool set cachefile=/etc/zfs/zpool.cache rpool
```
Now to see if everything went successfully, run:
@ -177,6 +173,6 @@ Now exit the chroot and you should be able to reboot into a working Alpine syste
```
# exit
# umount -lf /mnt
# zpool export tank
# zpool export rpool
# reboot
```