work. Separate from running this, faiserver needs to be setup in dns to
point to whatever host this is run on.
-Default BASE_CODENAME is buster. Default ARCH is 64. The script expects corresponding
+Default BASE_CODENAME is bullseye. Default ARCH is 64. The script expects corresponding
$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+
+Note: there is a bug in 5.9.4, fixed by adding
+ sleep 2
+
+Note: in t9, there is a bug in recent fai packages (eg 2021+), where
+ unshare uses a too new argument. I was able to fix it by
+ just going to the site of the error and changing unshare to
+ chroot like it used to be, but I'm not bothering to make
+ any persistent fix, since I'm now on t10. If it ever came
+ up again, using an old fai package would also work.
+
+/usr/sbin/fai-make-nfsroot:503, before apt-get update
+
+
EOF
exit $1
}
e() { echo "+ $@"; "$@"; }
-base=${1:-buster}
+base=${1:-bullseye}
arch=${2:-64}
if [[ $base == [[:upper:]] ]]; then
[[ $(dpkg --print-architecture) == armhf ]]
}
-if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
- gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
- cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb https://fai-project.org/download jessie koeln
-EOF
-elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|bullseye|etiona|nabia)' /etc/os-release; then
- # fai on ubuntu only has official support using the universe repo, but newer
- # tends to have less bugs.
- wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
-
- case $base in
- stretch|buster|bullseye)
- cat >/etc/apt/sources.list.d/fai.list <<EOF
+# fai on ubuntu only has official support using the universe repo, but newer
+# tends to have less bugs.
+wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+
+update=false
+case $base in
+ stretch|bullseye|bullseye)
+ if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
+ update=true
+ fi
+ cat >/etc/apt/sources.list.d/fai.list <<EOF
deb https://fai-project.org/download $base koeln
EOF
- ;;
- *)
- echo "$0: error: script needs updating for new base" >&2
- exit 1
- ;;
- esac
-else
- rm -f /etc/apt/sources.list.d/fai.list
+ ;;
+ *)
+ echo "$0: error: script needs updating for new base" >&2
+ exit 1
+ ;;
+esac
+
+f=/var/cache/apt/pkgcache.bin;
+if [[ -r $f ]]; then
+ cachetime=$(stat -c %Y $f );
+ now=$(date +%s)
+ limittime=$(( now - 60*60*2 ))
+ if (( cachtime > limittime )); then
+ update=true
+ fi
fi
-apt-get update
+if $update; then
+ apt-get update
+fi
# Relevant packages from fai-quickstart depends and fai-server recommends.
# I especially do not wait isc-dhcp-server or an inetd. Also excludes
# kernel, or the ability to install it.
# xorriso is for running fai-cd -a, not strictly need for fai-server
# perl-tk is for fai-monitor-gui
-pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
+pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk)
if modprobe nfsd &>/dev/null; then
pkgs+=(nfs-kernel-server)
else
cat >/etc/fai/apt/sources.list <<EOF
deb $r $base main contrib
EOF
+
+### begin setup security repo ###
case $base in
- jessie|stretch|buster)
+ stretch|buster)
cat >>/etc/fai/apt/sources.list <<EOF
deb http://security.debian.org/debian-security $base/updates main contrib
EOF
deb http://security.debian.org/debian-security $base-security main contrib
EOF
esac
+### end setup security repo ###
cat >>/etc/fai/apt/sources.list <<EOF
deb http://fai-project.org/download $base koeln
EOF
-if [[ $base == jessie ]]; then
- cat >>/etc/fai/apt/sources.list <<'EOF'
-# fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
-deb http://ftp.debian.org/debian jessie-backports main
-EOF
- # note, fai doesn\'t look at /etc/fai/apt/preferences.d
- cat >/etc/fai/apt/preferences <<'EOF'
-Package: tar
-Pin: release a=jessie-backports
-Pin-Priority: 500
-EOF
-fi
+## Get latest kernel and btrfs for dealing with btrfs issues.
+# if [[ $base == buster ]]; then
+# cat >>/etc/fai/apt/sources.list <<'EOF'
+# deb http://ftp.debian.org/debian buster-backports main
+# EOF
+# # note, fai doesn\'t look at /etc/fai/apt/preferences.d
+# cat >/etc/fai/apt/preferences <<'EOF'
+# Package: linux-* firmware-linux-free btrfs-progs
+# Pin: release a=buster-backports
+# Pin-Priority: 500
+# EOF
+# fi
$sed -f - /etc/fai/nfsroot.conf <<EOF
# tftp environment
local pxebin
- # wheezy path
- if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
- pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
- else
- # jessie+ path
- pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
- fi
+ # jessie+ path
+ pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
rm -f $NFSROOT/boot/*.bak
mkdir -p $TFTPROOT/pxelinux.cfg
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
-key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*")
+if [[ $HOSTNAME == kd ]]; then
+ keyscan_arg="-p 8989"
+ fi
+key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
+# make it the root because pxe-kexec only looks there.
+# It wouldn't be too hard to change if we needed.
+# We could also just dump things in /srv/tftp, but fai
+# has some defaults, which I don't even use, which expect
+# the other directory, so it's kind of a tossup, whatever.
+sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
+systemctl restart tftpd-hpa
+
# serial console
# mainly from