X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai-redep;h=ac73c7b16e539a67cbddcbdc5f634cbab05c7770;hb=ed6e4bd94df7d149cf041e95aaad01b6e2da3f85;hp=4ca3ea52b628df6fed6b6f86ae3151bc1fbd4995;hpb=4261ad7e021ec77e7198cf42c3576dad07f12a64;p=automated-distro-installer

diff --git a/fai-redep b/fai-redep
index 4ca3ea5..ac73c7b 100755
--- a/fai-redep
+++ b/fai-redep
@@ -1,40 +1,142 @@
-#!/bin/bash -l
-set -x
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-# Deploy fai configuration to faiserver,
-# then start a virtual machine to test the config.
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+usage() {
+  cat <<EOF
+usage: ${0##*/} [OPTIONS] [HOST]
+Deploy fai config (the one in nfs) to HOST or default faiserver
+
+
+-d DISTRO      DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
+-t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
+               on hardware we don't control.
+-h|--help    Print help and exit
+
+Note: uses paths specific to authors machine.
+EOF
+  exit $1
+}
+
+##### begin command line parsing ########
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help hd:t: "$@") || usage 1
+eval set -- "$temp"
+while true; do
+  case $1 in
+    -d) distro=$2; shift ;;
+    -t) target=$2; shift ;;
+    -h|--help) usage ;;
+    --) shift; break ;;
+    *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
+  esac
+  shift
+done
+host=${1:-faiserver}
+
+readonly host distro target
+
+##### end command line parsing ########
 
-cd $(dirname $(readlink -f "$BASH_SOURCE"))
+# i use faiserver as a dns alias, but ssh key is associated with
+# a canonical hostname and we will have ssh warning spam unless we
+# use it, so look it up just to avoid the warning spam.
+faiserver_host=$(chost $host) || faiserver_host=$host
 
-ssh root@faiserver rm -rf /srv/fai/config
-scp -r fai/config root@faiserver:/srv/fai
-# fai example pass: fai
-#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config root@$faiserver_host:/srv
 
-# generating a hashed password:
-# under debian, you can do
-# echo "yoursecrectpassword" | mkpasswd -m sha-512 -s
-# On arch, best seems to be copy your shadow file to a temp location,
-# then passwd, get out the new pass, then copy the shadow file back.
+sudo rsync -a /root/.ssh/home.pub \
+    root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/STANDARD
+# todo: automatically disable faiserver after a period so
+# these files are not available.
 
-if [[ -e /q/root/shadow/standard ]]; then
-    # note, it would be best to have some kind of security on this file
-    ssh root@faiserver tee -a /srv/fai/config/class/DEFAULT.var <<EOF
-ROOTPW='$(cat /q/root/shadow/standard)'
+if [[ $target ]]; then
+  if [[ -e /q/root/shadow/$target ]]; then
+    shadowfile=shadow/$target # empty otherwise
+  fi
+  sudo rsync -lpt --files-from=- /q/root root@$faiserver_host:/srv/fai/config/distro-install-common <<EOF
+luks/$target
+luks/host-$target
+$shadowfile
 EOF
+else
+  sudo rsync -rlpt /q/root/shadow /q/root/luks root@$faiserver_host:/srv/fai/config/distro-install-common
 fi
 
-tpvar="$(s cat /q/root/shadow/traci-simple)"
-ssh root@faiserver tee -a /srv/fai/config/class/tp.var <<EOF
-ROOTPW='$tpvar'
-EOF
+dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
+if [[ -e ${dirs[0]} ]]; then
+  rsync -rlpt --delete --relative ${dirs[@]} root@$faiserver_host:/srv/fai/config/distro-install-common
+fi
+
+. /a/bin/distro-setup/pkgs
+pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
 
-scp ~/.ssh/id_rsa.pub \
-    root@faiserver:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
-s scp -r /q/root/luks /q/root/shadow/traci{,-simple} \
-  root@faiserver:/srv/fai/config/distro-install-common
-scp /a/bin/devbyid root@faiserver:/srv/fai/nfsroot/usr/local/bin
-ssh root@faiserver chmod -R a+rX /srv/fai/config/distro-install-common
+printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
+  ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
+
+
+rsync -rplt --delete $BASEFILE_DIR/*.gz root@$faiserver_host:/srv/fai/config/basefiles/
+ssh root@$faiserver_host bash <<'EOF'
+set -eE -o pipefail
+# make it the root because pxe-kexec only looks there.
+# It wouldn't be too hard to change if we needed.
+# We could also just dump things in /srv/tftp, but fai
+# has some defaults, which I don't even use, which expect
+# the other directory, so it's kind of a tossup, whatever.
+sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
+systemctl restart tftpd-hpa
+
+changed=false
+f=/srv/fai/nfsroot/root/.ssh/known_hosts
+install -d -m 700 /srv/fai/nfsroot/root/.ssh
+# the known hosts entries that fai already sets up are like
+# IP,HOSTNAME key_info...
+# we are skipping the ip, because it doesn't block ssh
+# with a prompt as long as you have the user supplied hostname,
+# and i don't want to deal with getting it, it's not adding
+# any important security in this case.
+if ! grep -xFq "$line" $f &>/dev/null; then
+    changed=true
+    printf "%s\n" "$line" >>$f
+fi
+
+if ! modprobe nfsd &>/dev/null; then
+    # no apt-cache on maru debian, because we are low on space already
+    sed -i '/^ *APTPROXY=/d' /srv/fai/config/class/DEBIAN.var
+    # maru debian doesn't have loopback devs created
+    if ! losetup -f; then
+      shopt -s nullglob
+      x=(/dev/loop*)
+      minor=0
+      if (( ${#x[@]} )); then
+        minor=$(( ${x[-1]#/dev/loop} + 1 ))
+      fi
+      mknod -m660 /dev/loop$minor b 7 $minor
+      losetup -f
+    fi
+    # -B boo only iso, no nfsroot, no paritial miorr, no config space.
+    # -f = force, for overwriting
+    # -S = make squash image for http booting
+    # -d config space url, instead of putting it in the squash.img,
+    #  this just makes it so that we don't have to regenerate the img
+    #  when the config changes.
+    cd /srv/fai/config
+    tar czf /var/www/faiserver/html/config.tar.gz .
+    if $changed || [[ ! -e /var/www/faiserver/html/squash.img ]]; then
+      # note, on maru, selinux needs to be disabled in android before
+      # this will work.
+      mount
+      export debug=true
+      fai-cd -d http://faiserver:8080/config.tar.gz  -f -M -S /var/www/faiserver/html/squash.img
+      mount
+    fi
+fi
+EOF