# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+set -e; . /usr/local/lib/bash-bear; set +e
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-LC_USEBASHRC=t; . ~/.bashrc
usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]
+ cat <<'EOF'
+usage: faiserver-setup [-h|--help] [BASE_CODENAME] [ARCH]
install fai-server on the current machine
Initial setup of a fai server. works on localhost. Set's the current ip
work. Separate from running this, faiserver needs to be setup in dns to
point to whatever host this is run on.
-Default BASE_CODENAME is buster. Default ARCH is 64. The script expects corresponding
-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
+Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and it must have been
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+for copying and running this on a remote server,
+scp -tPrl fai SERVER:
+scp $(readlink -f ~/.ssh/home.pub) SERVER:.ssh
+scp /a/bin/cedit/cedit SERVER:/usr/local/bin
+# todo: make the above key be an option
+
Note: there is a bug in 5.9.4, fixed by adding
sleep 2
chroot like it used to be, but I'm not bothering to make
any persistent fix, since I'm now on t10. If it ever came
up again, using an old fai package would also work.
-
-/usr/sbin/fai-make-nfsroot:503, before apt-get update
+ /usr/sbin/fai-make-nfsroot:503, before apt-get update
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
esac
-e() { echo "+ $@"; "$@"; }
+e() { echo "+ $*"; "$@"; }
-base=${1:-buster}
+base=${1:-bookworm}
arch=${2:-64}
if [[ $base == [[:upper:]] ]]; then
exit 1
fi
-basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.gz)
+basefile=$BASEFILE_DIR/${base^^}${arch^^}.tar.zst
sed="sed -ri --follow-symlinks"
if [[ ! -e $basefile ]]; then
# fai on ubuntu only has official support using the universe repo, but newer
# tends to have less bugs.
-wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+wget -O - https://fai-project.org/download/fai-project.gpg | sudo dd of=/etc/apt/trusted.gpg.d/fai-project.gpg
update=false
case $base in
- stretch|buster|bullseye)
+ stretch|buster|bullseye|bookworm)
if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
update=true
fi
cachetime=$(stat -c %Y $f );
now=$(date +%s)
limittime=$(( now - 60*60*2 ))
- if (( cachtime > limittime )); then
+ if (( cachetime > limittime )); then
update=true
fi
fi
# kernel, or the ability to install it.
# xorriso is for running fai-cd -a, not strictly need for fai-server
# perl-tk is for fai-monitor-gui
-pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk)
+# mtools is for fai-cd
+pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk mtools)
if modprobe nfsd &>/dev/null; then
pkgs+=(nfs-kernel-server)
else
# fi
-$sed -f - /etc/fai/nfsroot.conf <<EOF
+if [[ -s /q/root/shadow/standard ]]; then
+ $sed -f - /etc/fai/nfsroot.conf <<EOF
$ a FAI_ROOTPW='$(</q/root/shadow/standard)'
/^\s*FAI_ROOTPW/d
+EOF
+fi
+
+$sed -f - /etc/fai/nfsroot.conf <<EOF
$ a SSH_IDENTITY=/root/.ssh/home.pub
/^\s*SSH_IDENTITY/d
s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
- # test if our copy of setup_tftp has changed in fai-make-nfsroot,
- # and if not, run it.
+ # setup_tftp is copied from fai-make-nfsroot,
+ # todo: need to check for an update, and we had an unused variable in ours: $v
setup_tftp(){
# tftp environment
echo "$0: error: No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
exit 1
fi
- cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
+ cp -p $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
cp -u $pxebin $TFTPROOT
if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
fi
- if [ X$verbose = X1 ]; then
- echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
- fi
}
- diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
-type setup_tftp
-EOF
- )
e setup_tftp
# -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
e fai-setup -evf -B $basefile
# fai-setup expert mode avoids writing to /var/log/fai/variables
# at least config_src is needed for autodiscover
+
+
+ # lld /var/log/fai/remote-logs:
+ # d 750 fai nogroup 100 08-07 08:51 pm /var/log/fai/remote-logs
+ # We could change the group or something, but why not just give me more permissions :)
+ e usermod -a -G nogroup iank
$sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables
tee -a /var/log/fai/variables <<'EOF'
LOGUSER=fai
FAI_CONFIGDIR=/srv/fai/config
-FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
+FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config
EOF
# make the faiserver also the apt proxy server
- apt-get -y install apt-cacher-ng
+ # apt-get -y install apt-cacher-ng
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
if [[ $HOSTNAME == kd ]]; then
keyscan_arg="-p 8989"
- fi
+fi
key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
-for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
+for ip in faiserver.b8.nz $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
+# make it the root because pxe-kexec only looks there.
+# It wouldn't be too hard to change if we needed.
+# We could also just dump things in /srv/tftp, but fai
+# has some defaults, which I don't even use, which expect
+# the other directory, so it's kind of a tossup, whatever.
+# This means fai's example isc-dhcp-server filename directory should remove the fai/ prefix.
+sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
+systemctl restart tftpd-hpa
+
# serial console
# mainly from
# the logsave prompted because the hostname faiserver was uknown.
# Here it was faiserver.lan when running from a faiserver vm.
# When running from a normal host with faiserver alias, it was the normal hosts name.
-$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts
# ditch the logo banner up top which screws with less.
touch /srv/fai/nfsroot/.nocolorlogo