iankelling.org Git - automated-distro-installer/blob - fai-redep

   1 #!/bin/bash
   2 # This file is part of Ian Kelling's automated-distro-installer
   3 # Copyright (C) 2024 Ian Kelling
   4
   5 # This program is free software; you can redistribute it and/or
   6 # modify it under the terms of the GNU General Public License
   7 # as published by the Free Software Foundation; either version 2
   8 # of the License, or (at your option) any later version.
   9
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program; if not, write to the Free Software
  17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  18
  19
  20 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
  21
  22 set -eE -o pipefail
  23 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
  24
  25 this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
  26 readonly this_file this_dir="${this_file%/*}"
  27 cd "$this_dir"
  28
  29
  30 usage() {
  31   cat <<'EOF'
  32 usage: fai-redep [OPTIONS] [HOST]
  33 Deploy fai config (the one in nfs) to HOST or default faiserver
  34
  35 Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
  36 due to setting
  37 echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
  38 note FAI_ACTION might be able to be set elsewhere, like in grub for this case
  39
  40 -d DISTRO      DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
  41 -t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
  42                on hardware we don't control.
  43 -h|--help    Print help and exit
  44
  45 Note: uses paths specific to authors machine.
  46 EOF
  47   exit $1
  48 }
  49
  50 ##### begin command line parsing ########
  51
  52 # ensure we can handle args with spaces or empty.
  53 ret=0; getopt -T || ret=$?
  54 [[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
  55
  56 temp=$(getopt -l help hd:t: "$@") || usage 1
  57 eval set -- "$temp"
  58 while true; do
  59   case $1 in
  60     -d) distro=$2; shift ;;
  61     -t) target=$2; shift ;;
  62     -h|--help) usage 0 ;;
  63     --) shift; break ;;
  64     *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
  65   esac
  66   shift
  67 done
  68 host=${1:-faiserver.b8.nz}
  69
  70 readonly host distro target
  71
  72 ##### end command line parsing ########
  73
  74 m() { printf "fai-redep: %s\n"  "$*"; "$@"; }
  75
  76 # i use faiserver as a dns alias, but ssh key is associated with
  77 # a canonical hostname and we will have ssh warning spam unless we
  78 # use it, so look it up just to avoid the warning spam.
  79 faiserver_host=$(/a/exe/chost $host)
  80 #  faiserver_host=$host
  81
  82 faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
  83
  84 rsrv() {
  85   local -a opts
  86   while [[ $2 ]]; do
  87     opts+=("$1")
  88     shift
  89   done
  90   m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1"
  91 }
  92 rpath=/srv
  93 if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
  94   ropts=(-e "ssh -F $HOME/.ssh/confighome")
  95   rpath="root@$faiserver_host:/srv"
  96   faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
  97 fi
  98
  99 # these are gitignored.
 100 rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized_keys/STANDARD
 101 # we hssh and ssh_filter_btrbk for the initial btrbk (alternatively, I could open up the
 102 # permissions in authorized_keys, but that just seems lazy)
 103 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
 104 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
 105 rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
 106 rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /
 107
 108 # todo: automatically disable faiserver after a period so
 109 # these files are not available.
 110
 111
 112 if [[ $target ]]; then
 113   secret_files=(luks/$target luks/host-$target shadow/$target)
 114   exists=false
 115   for f in ${secret_files[@]}; do
 116     if [[ -e /q/root/$f ]]; then
 117       exists=true
 118       secrets_to_send+=("$f")
 119     fi
 120   done
 121   if $exists; then
 122     {
 123       for f in ${secrets_to_send[@]}; do
 124         echo $f
 125       done
 126     } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common
 127   fi
 128 else
 129   rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common
 130 fi
 131
 132 rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common
 133
 134 dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
 135 if [[ -e ${dirs[0]} ]]; then
 136   rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common
 137 fi
 138
 139 . /a/bin/distro-setup/pkgs
 140 tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro)
 141 declare -a pall
 142 for p in $tmpstr; do
 143   pall+=($p)
 144 done
 145
 146 printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
 147   $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
 148
 149
 150 rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/