b90b30a285ca5d6654d8191428ec79d97c6f8392
2 # Copyright (C) 2019 Ian Kelling
3 # SPDX-License-Identifier: AGPL-3.0-or-later
5 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
7 [[ $EUID == 0 ]] ||
exec sudo
-E "${BASH_SOURCE[0]}" "$@"
9 readonly this_file
="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
15 usage: ${0##*/} [OPTIONS] [HOST]
16 Deploy fai config (the one in nfs) to HOST or default faiserver
18 Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
20 echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
21 note FAI_ACTION might be able to be set elsewhere, like in grub for this case
23 -d DISTRO DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
24 -t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
25 on hardware we don't control.
26 -h|--help Print help and exit
28 Note: uses paths specific to authors machine.
33 ##### begin command line parsing ########
35 # ensure we can handle args with spaces or empty.
36 ret
=0; getopt
-T || ret
=$?
37 [[ $ret == 4 ]] ||
{ echo "Install util-linux for enhanced getopt" >&2; exit 1; }
39 temp
=$
(getopt
-l help hd
:t
: "$@") || usage
1
43 -d) distro
=$2; shift ;;
44 -t) target
=$2; shift ;;
47 *) echo "$0: unexpected args: $*" >&2 ; usage
1 ;;
53 readonly host distro target
55 ##### end command line parsing ########
57 m
() { printf "$pre %s\n" "$*"; "$@"; }
59 # i use faiserver as a dns alias, but ssh key is associated with
60 # a canonical hostname and we will have ssh warning spam unless we
61 # use it, so look it up just to avoid the warning spam.
62 faiserver_host
=$
(/a
/exe
/chost
$host)
63 # faiserver_host=$host
65 faiserver_addr
=$
(host $host |
sed -rn 's/^\S+ has address //p;T;q' ||
:)
66 if ! ip a |
grep "^ *inet.\? $faiserver_addr" &>/dev
/null
; then
67 rpre
=(-e "ssh -F $HOME/.ssh/confighome" root@
$faiserver_host:)
68 faiserver_shell
="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
71 # these are gitignored.
72 rsync
-atL /home
/iank
/.ssh
/authorized_keys fai
/config
/files
/root
/.ssh
/authorized_keys
/STANDARD
73 # we hssh and ssh_filter_btrbk for the initial btrbk (alternatively, I could open up the
74 # permissions in authorized_keys, but that just seems lazy)
75 install --owner=iank
--group=iank
-d fai
/config
/files
/usr
/local
/bin
/hssh
76 install --owner=iank
--group=iank
-d fai
/config
/files
/usr
/local
/bin
/ssh_filter_btrbk.sh
77 rsync
-atL /a
/opt
/btrbk
/ssh_filter_btrbk.sh fai
/config
/files
/usr
/local
/bin
/ssh_filter_btrbk.sh
/STANDARD
78 m rsync
-rlpt --delete --relative --exclude /fai
/config
/basefiles
/ fai
/config
"${rpre[@]}"/srv
80 # todo: automatically disable faiserver after a period so
81 # these files are not available.
84 if [[ $target ]]; then
85 secret_files
=(luks
/$target luks
/host-
$target shadow
/$target)
88 for f
in ${secret_files[@]}; do
89 if [[ -e /q
/root
/$f ]]; then
91 secrets_to_send
+=("$f")
96 for f
in ${secrets_to_send[@]}; do
99 } | rsync
-lpt --files-from=- /q
/root
"${rpre[@]}"/srv
/fai
/config
/distro-install-common
102 rsync
-rlpt /q
/root
/shadow
/q
/root
/luks
"${rpre[@]}"/srv
/fai
/config
/distro-install-common
105 rsync
-rlpt --delete /a
/opt
/btrfs-progs-release \
106 filesystem
/usr
/local
/bin
/ethusb-nm \
107 filesystem
/usr
/local
/bin
/ethusb-static \
108 "${rpre[@]}"/srv
/fai
/config
/distro-install-common
110 dirs=(/p
/c
/machine_specific
/${target:-*}/filesystem
/etc
/ssh)
111 if [[ -e ${dirs[0]} ]]; then
112 rsync
-rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv
/fai
/config
/distro-install-common
115 .
/a
/bin
/distro-setup
/pkgs
116 pall
+=($
(/a
/bin
/buildscripts
/emacs
-p; /a
/bin
/distro-setup
/distro-pkgs
$distro))
118 printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
119 $faiserver_shell dd of
=/srv
/fai
/config
/package_config
/DESKTOP status
=none ||
: # broken pipe
122 m rsync
-rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv
/fai
/config
/basefiles
/