#!/bin/bash
+# Copyright (C) 2016 Ian Kelling
-# Setup dhcp server to point to tftp server,
-# and depending on the type, setup the tftp server.
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
-# usage: $0 TYPE
-# default distro is the base debian/fedora type. others are fai & arch.
-# for no pxe server, use a no-op like : or true.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+script_dir="${this_file%/*}"
+# shellcheck source=./bash-trace
+source "${script_dir}/bash-trace"
+cd $script_dir
+PATH="$PATH:$PWD"
usage() {
- cat <<EOF
-Usage: ${0##*/} [OPTIONS] TYPE [HOST]
-One line description
+ cat <<EOF
+Usage: ${0##*/} [OPTIONS] [HOST] [TYPE]
+Configure dnsmasq boot options and fai-chboot if appropriate. This is
+not general purpose, it has code specific to dhcp servers I run.
+
+Without TYPE, disable server and fai server. In that case, HOST is only
+needed for fsf office network.
+
+HOST Only do dhcp pxe for HOST. The hostname must be known to the dhcp
+ server to target its mac. Use "default" for all hosts.
+ Required in fsf office environment.
+
+TYPE One of arch, parabola, plain, fai.
-TYPE is one of arch, plain, fai, or : for no pxe server.
-HOST makes the pxe server only for that specific host
+-a Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
+ server after a delay. First ack is for pxe boot, 2nd ack is
+ for os boot. Sometimes on debian, there is a 3rd one shortly
+ after the 2nd. I can't remember exactly why this caused a
+ problem, but I'm hoping the sleep will take care of it.
+-d Don't alter dhcp config. Only make sense for fai type, and on network
+ other than home or fsf, when using fai-cd, or pxe-kexec.
+-k Pass -k to myfai-chboot.
+--no-r Pass --no-r to myfai-chboot.
+-r Don't redeploy fai config. For example, if there is a different host
+ that is mid-install.
+-S sets FAI_ACTION=sysinfo, see myfai-chboot for more info.
+-w Setup pxe, then wait like -a.
-h|--help Print help and exit
--- Subsequent arguments are never treated as options
--p Persist. Otherwise, wait for 2 dhcp acks then remove.
+
+
+Note, when switching between plain and arch or parabola, you will need to
+do something like:
+ssh wrt
+cd /mnt/usb
+rm tftpboot
+ln -s <arch/parabola/debian iso dir> tftpboot
+
+
+Notes on debugging pxe dhcp tftp:
+
+For debugging dhcp, add to /etc/dnsmasq.conf: log-dhcp
+
+Newer openwrt runs dnsmasq with a whitelist of readable files and dirs:
+
+ps ww :
+/sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.d -r /tmp/hosts -r /tmp/resolv.conf.d -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.sh -r /usr/share/dnsmasq/dhcpbogushostname.conf -r /usr/share/dnsmasq/rfc6761.conf -r /usr/share/dnsmasq/trust-anchors.conf -r /usr/share/libubox/jshn.sh -r /var/etc/dnsmasq.conf.cfg01411c -w /var/run/dnsmasq/ -- /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
+
+logging tftp requests:
+/etc/default/tftpd-hpa:
+add -vv:
+TFTP_OPTIONS="--secure -vv"
+jr -u tftpd-hpa -f
+
+Note: Uses GNU getopt options parsing style
EOF
- exit $1
+ exit $1
}
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+PATH="/a/exe:$PATH"
+
##### begin command line parsing ########
-persist=false
-args=()
-redep=false
-while [[ $1 ]]; do
- case $1 in
- --) shift; break ;;
- -h|--help) usage ;;
- -r) redep=true; shift ;;
- -p) persist=true; shift ;;
- *) args+=("$1"); shift ;;
- esac
-done
-args+=("$@")
+dhcp=true
+redep=true
+acks=2
+wait=false
+fsf_office=false
+case $HOSTNAME in
+ x3|kw) fsf_office=true ;;
+esac
+
+chboot_args=()
+temp=$(getopt -l no-r,help adkrSwh "$@") || usage 1
+eval set -- "$temp"
+while true; do
+ case $1 in
+ -a) wait=true; set=false; shift ;;
+ -d) dhcp=false; shift ;;
+ -k) chboot_args+=(-k); shift ;;
+ --no-r) chboot_args+=(--no-r); shift ;;
+ -r) redep=false; shift ;;
+ -S) chboot_args+=(-S); shift ;;
+ -w) wait=true; set=true; shift ;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: Internal error!" ; exit 1 ;;
+ esac
+done
-read type host <<<"${args[@]}"
+read -r host type <<<"$@"
-if [[ ! $type ]]; then
- echo "$0: error: exptected 1 argument of type"
+case $# in
+ [01]);;
+ 2)
+ case $type in
+ arch|parabola) cmd=archlike ;;
+ fai) cmd=fai ;;
+ *)
+ echo "$0: error expected type of arch|parabola|fai"
+ echo
+ usage 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "$0: error: expected 0-2 arguments"
+ echo
usage 1
-fi
+ ;;
+esac
-if [[ $host ]]; then
- host_tag="tag:$host,"
+
+if $wait && ! $dhcp; then
+ echo "$0: error -w conflicts with -d, choose one or other" >&2
+ exit 1
fi
-case $type in
- :|true) persist=true ;;
-esac
+if $fsf_office && [[ ! $host ]]; then
+ echo "$0: at fsf_office, provide HOST arg" >&2
+ exit 1
+ fi
-##### end command line parsing ########
+if [[ $host && $host != default ]]; then
+ host_tag="tag:$host,"
+fi
-sv() {
- echo "$@"
- "$@"
-}
+##### end command line parsing ########
-arch() {
- cat <<EOF
-dhcp-option-force=209,boot/syslinux/archiso.cfg
-dhcp-option-force=210,/arch/
-dhcp-boot=${host_tag}/arch/boot/syslinux/lpxelinux.0
+archlike() {
+ cat <<EOF
+${host_tag}209,boot/syslinux/${type}iso.cfg
+${host_tag}210,/${type}/
+${host_tag}option:bootfile-name,/${type}/boot/syslinux/lpxelinux.0
EOF
}
plain() {
- # if arch was used before, this additionally needs
- # the tftp link in /mnt/usb to be changed.
- cat <<EOF
-dhcp-boot=${host_tag}pxelinux.0
+ # if arch based was used before, this additionally needs
+ # the tftp link in /mnt/usb to be changed.
+ cat <<EOF
+${host_tag}option:bootfile-name,pxelinux.0
EOF
}
fai() {
- cat <<EOF
-$set_host_tag
-dhcp-boot=${host_tag}fai/pxelinux.0,faiserver.lan,faiserver.lan
+ cat <<EOF
+${host_tag}option:bootfile-name,pxelinux.0
+${host_tag}option:server-ip-address,$faiserverip
+${host_tag}option:tftp-server,$faiserverip
EOF
+ # Note, previously used normal dnsmasq option, but it requires dnsmasq
+ # restart, which causes momentary dns failures, which can bork an
+ # install.
+ #
+ # dhcp-boot=${host_tag}pxelinux.0,faiserver.b8.nz,faiserver.b8.nz
}
-echo "setting config type: $type"
-$type | ssh wrt "cedit pxe-server /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart #
-if [[ $type == arch ]]; then arch-pxe-mount; fi"
+ack-wait() {
+ if $fsf_office; then
+ wait_cmd="ssh tarantula.office.fsf.org tail -n0 -f /var/log/syslog"
+ else
+ wait_cmd="ssh cmc logread -f"
+ fi
+ wait_count=$1
+ if [[ $host ]]; then
+ if $fsf_office; then
+ host_regex=" $(getent hosts kw | awk '{print $1}' | sed 's/\./\\./g')"
+ else
+ host_regex=" $host"
+ fi
+ fi
+ regex=".*DHCPACK.*$host_regex\b"
+ i=0
+ while (( i != wait_count )) && read -r line; do
+ if [[ $line =~ $regex ]]; then
+ i=$((i+1))
+ echo $line
+ fi
+ done < <($wait_cmd ||:) # tail returns 2 it seems
+ m sleep 20
+}
+set-pxe() {
+ $dhcp || return 0
+ if $fsf_office; then
+ if [[ ! $cmd ]]; then
+ e "removing pxe for $host on tarantula"
+ ssh tarantula.office.fsf.org bash -e <<EOF
+sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp/dhcpd.conf
+systemctl restart isc-dhcp-server
+EOF
+ elif [[ $cmd == fai ]]; then
+ e "adding pxe for $host on tarantula"
+ ssh tarantula.office.fsf.org bash -e <<EOF
+sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp/dhcpd.conf
+systemctl restart isc-dhcp-server
+EOF
+ fi
+ else
+ e "updating dnsmasq.conf:"
+ m $cmd
+ ${cmd:-:}|ssh cmc "dd of=/var/run/dnsmasq/dhcpopts.conf; /etc/init.d/dnsmasq reload
+$([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
+ fi
+}
-if $redep && [[ $type == fai ]]; then
- fai-redep
+type -t host &>/dev/null || sudo apt-get -y install dnsutils
+faiserverip=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
+if [[ ! $faiserverip || $faiserverip =~ [[:space:]] ]]; then
+ echo "$0: error: failed to get \$faiserverip, got: $faiserverip"
+ exit 1
fi
-if ! $persist; then
- echo "waiting for 2 dhcp acks then disabling pxe"
- if [[ $host ]]; then
- host_regex=" $host"
+
+
+if $set; then
+ set-pxe
+ if [[ $type == fai ]]; then
+ if $redep; then
+ m fai-redep
fi
- regex=".*DHCPACK.*$host_regex$"
- i=0
- tmp=$(mktemp)
- while (( i != 2 )) && read line; do
- if [[ $line =~ $regex ]]; then
- i=$((i+1))
- echo $line
- fi
- done < <(ssh wrt logread -f)
- sv sleep 5
- sv "$BASH_SOURCE" :
+ m myfai-chboot ${chboot_args[@]} $host
+ else
+ # This will fail if faiserver is not setup, so ignore any
+ # failure and don't bother us about it.
+ m myfai-chboot &>/dev/null ||:
+ fi
+fi
+
+if $wait; then
+ # fai's debian jessie 8.5ish does 2 dhcp requests when booting,
+ # roughly 4 seconds apart. Earlier
+ # versions did just 1. Now testing on a vm, it does 1.
+ # bleh.
+ echo "waiting for $acks dhcp acks then disabling pxe"
+ ack-wait $acks
+ type=
+ unset cmd
+ set-pxe
+
+ # previously tried waiting for one more ack then disabling faiserver,
+ # since it can contain sensitive info, so turn it off when not in use,
+ # but disabling that for now as it's inconvenient to clean this
+ # up and run it in the background etc.
+
+ # if [[ $type == fai ]]; then
+ # echo "waiting for 1 dhcp ack then disabling fai server"
+ # ack-wait 1
+ # faiserver-disable
+ # fi
fi