and which shadow file / luks file(s) to copy into the new machine depends
on fai-redep arguments.
-Also, setup dns in bind and wrt-setup-local.
+Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.
After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
+# Prerequesites:
+
+<https://savannah.nongnu.org/git/?group=bash-bear-trap>
+git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git
+sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear
+
+
# Scripts (meant to be used directly):
mymk-basefile # Create basefiles for various distros
archlike-pxe # Setup pxe boot server from an archlike base image
-fai-redep # Deploy fai configuration to host "faiserver"
+fai-redep # Deploy fai configuration to host "faiserver.b8.nz"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
-myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
+myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
wrt-setup # setup my router in general: dhcp, dns, etc.
solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
+## Weird package dependency errors
+
+for example: in fai.log, within instsoft.DEBIAN
+```
+The following packages have unmet dependencies:
+ libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed
+```
+
+In this case, it was because the basefile was missing, and so instead
+fai decided to use the wrong basefile.
+
+for example: in fai.log, within instsoft.DEBIAN
+
+```
+ftar: No matching class found in /var/lib/fai/config/basefiles//
+ftar: extracting /var/tmp/base.tar.zst to /target/
+```
+
# What good logs look like:
logging nfs traffic from server
-#!/bin/bash -x
+#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is free software; you can redistribute it and/or
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
+
+set -x
export HOSTNAME="$1"
mirror=$2
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
set -x
+++ /dev/null
-fai/config/files/boot/bash-trace/DEFAULT
\ No newline at end of file
# WARNING: outdated! needs docs and update to debian-stretch
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-src=$(readlink -f "${BASH_SOURCE%/*}")
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
e() { echo "$*"; "$@"; }
e rm -rf debian-wheezy
mkdir debian-wheezy
cd debian-wheezy
-e $src/debian-preseed "$@" # my script
+e $this_dir/debian-preseed "$@" # my script
cd ..
e rm -f tftpboot
e ln -s debian-wheezy tftpboot
cd /
e umount $mount_dir
-e $src/pxe-server default plain # my script
+e $this_dir/pxe-server default plain # my script
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-source bash-trace
usage() {
- cat <<EOF
-usage: ${0##*/} [OPTIONS] [HOST]
+ cat <<'EOF'
+usage: fai-redep [OPTIONS] [HOST]
Deploy fai config (the one in nfs) to HOST or default faiserver
Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
case $1 in
-d) distro=$2; shift ;;
-t) target=$2; shift ;;
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
--) shift; break ;;
*) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
shift
done
-host=${1:-faiserver}
+host=${1:-faiserver.b8.nz}
readonly host distro target
##### end command line parsing ########
-m() { printf "$pre %s\n" "$*"; "$@"; }
+m() { printf "fai-redep: %s\n" "$*"; "$@"; }
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
# faiserver_host=$host
faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
+
+rsrv() {
+ local -a opts
+ while [[ $2 ]]; do
+ opts+=("$1")
+ shift
+ done
+ m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1"
+}
+rpath=/srv
if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
- rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:)
+ ropts=(-e "ssh -F $HOME/.ssh/confighome")
+ rpath="root@$faiserver_host:/srv"
faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
fi
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv
+rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /
# todo: automatically disable faiserver after a period so
# these files are not available.
+
if [[ $target ]]; then
secret_files=(luks/$target luks/host-$target shadow/$target)
exists=false
- secret_exists=()
for f in ${secret_files[@]}; do
if [[ -e /q/root/$f ]]; then
exists=true
for f in ${secrets_to_send[@]}; do
echo $f
done
- } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common
+ } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common
fi
else
- rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common
fi
+rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common
+
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
- rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common
fi
. /a/bin/distro-setup/pkgs
-pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
+tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro)
+declare -a pall
+for p in $tmpstr; do
+ pall+=($p)
+done
printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
PATH="$PATH:$PWD"
e() { echo "$*"; "$@"; }
rm -f /tmp/fai-revm-did-pxe
-if ! ip l show br0 &>/dev/null; then
- cat <<'EOF'
-fai-rvm error: no bridge detected. add one to interfaces like this:
-iface eth0 inet manual
-iface br0 inet dhcp
- bridge_ports eth0
- bridge_stp off
- bridge_maxwait 0
-EOF
- exit 1
+if ip l show br0 &>/dev/null; then
+ net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad"
+else
+ # if this computer has ethernet, we could setup a br0 like so:
+ # cat <<'EOF'
+ # fai-rvm error: no bridge detected. add one to interfaces like this:
+ # iface eth0 inet manual
+ # iface br0 inet dhcp
+ # bridge_ports eth0
+ # bridge_stp off
+ # bridge_maxwait 0
+ # EOF
+
+ # if we only have wifi, cant use eth0
+ net_arg="-w network=default,mac=52:54:00:9c:ef:ad"
fi
-if [[ $script_dir == /a/bin/* ]]; then
+if [[ $this_dir == /a/bin/* ]]; then
# Copy our script elsewhere so we can develop it
# and save it at the same time it's running
rm -rf /tmp/faifreeze
BASEFILE_DIR=/tmp
fi
isopath=$BASEFILE_DIR/$iso
- isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
+ isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst
if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
boot_arg="--cdrom $isopath"
e fai-redep
- cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys
+ /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub
e myfai-chboot default
fi
# I don't think these variants actually make a diff for us, but I
e virsh undefine $name ||:
sleep 1
-
+## begin virtual disk creation ##
disk_arg=()
for ((i=1; i <= disk_count; i++)); do
f=/var/lib/libvirt/images/${name}$i
e qemu-img create -o preallocation=metadata -f qcow2 $f 50G
fi
done
+## end virtual disk creation ##
if [[ $SSH_CLIENT ]]; then
console_arg=--noautoconsole
e systemctl start libvirtd
e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \
- ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+ ${disk_arg[*]} $net_arg $reboot_arg \
--graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# For using some fai commands outside of fai.
# Usually this is sourced from another script. Note this has
ifclass() {
local var=${1/#/CLASS_}
- [[ $HOSTNAME == $1 || ${!var} ]]
+ [[ $HOSTNAME == "$1" || ${!var} ]]
}
fai-setclass() {
for class in "$@"; do
#! /bin/bash
# mk-basefile, create basefiles for some distributions
#
-# Thomas Lange, Uni Koeln, 2011-2021
+# Thomas Lange, Uni Koeln, 2011-2024
# based on the Makefile implementation of Michael Goetze
#
# Usage example: mk-basefile -J STRETCH64
# This will create a STRETCH64.tar.xz basefile.
-# Supported distributions (each i386/amd64):
+# Supported distributions (i386/amd64):
# Debian GNU/Linux
-# Ubuntu 14.04/16.04
+# Ubuntu 14.04/16.04/20.04/22.04
+# AlmaLinux 9
+# Rocky Linux 8/9
# CentOS 5/6/7/8
# Scientific Linux Cern 5/6
#
EXCLUDE_BULLSEYE=
EXCLUDE_BOOKWORM=
EXCLUDE_TRIXIE=
+EXCLUDE_FORKY=
EXCLUDE_SID=
EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info
EXCLUDE_ETIONA=udhcpc,dibbler-client,info
EXCLUDE_FOCAL=udhcpc,dibbler-client,info
EXCLUDE_NABIA=udhcpc,dibbler-client,info
-EXCLUDE_JAMMY=
-EXCLUDE_ARAMO=
+EXCLUDE_JAMMY=udhcpc,dibbler-client,info
+EXCLUDE_ARAMO=udhcpc,dibbler-client,info
+EXCLUDE_NOBLE=udhcpc,dibbler-client,info
# here you can add packages, that are needed very early
INCLUDE_DEBIAN=
chroot $xtmp apt-get clean
rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
$xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
- $xtmp/etc/udev/rules.d/70-persistent-net.rules
+ $xtmp/etc/udev/rules.d/70-persistent-net.rules \
+ $xtmp/var/lib/dbus/machine-id
> $xtmp/etc/machine-id
}
}
+rpmdist() {
+
+ local arch=$1
+ local vers=$2
+ local dist=$3
+ local domain=$(domainname)
+
+ check
+ setarch $arch
+ $l32 rinse --directory $xtmp --distribution $dist-$vers --arch $arch --before-post-install $xtmp/post
+ domainname $domain # workaround for #613377
+ cleanup-rinse
+ tarit
+}
+
+
+alma() {
+ rpmdist $1 $2 alma
+}
+
+rocky() {
+ rpmdist $1 $2 rocky
+}
+
centos() {
local arch=$1
echo "Available:
+ ALMA9_64
+ ROCKY8_64
+ ROCKY9_64
CENTOS5_32 CENTOS5_64
CENTOS6_32 CENTOS6_64
CENTOS7_32 CENTOS7_64
NABIA64
JAMMY64
ARAMO64
+ NOBLE64
SQUEEZE32 SQUEEZE64
WHEEZY32 WHEEZY64
JESSIE32 JESSIE64
BULLSEYE32 BULLSEYE64
BOOKWORM32 BOOKWORM64
TRIXIE32 TRIXIE64
+ FORKY32 FORKY64
SID32 SID64
"
}
cat <<EOF
mk-basefile, create minimal base files for a Linux distritubtion
- Copyright (C) 2011-2020 by Thomas Lange
+ Copyright (C) 2011-2023 by Thomas Lange
Usage: mk-basefile [OPTION] ... DISTRIBUTION
-s Show list of supported linux distributions
-f ARCH Build for foreign architecture ARCH.
-d DIR Use DIR for creating the temporary subtree structure.
- -z Use gzip for compressing the tar file.
+ -z Use zstd for compressing the tar file.
-J Use xz for compressing the tar file.
-k Keep the temporary subtree structure, do not remove it.
-x CMD Run CMD in chroot. If CMD exists as a file, copy it and run it.
a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
d) export TMPDIR=$OPTARG ;;
f) export ARCH=$OPTARG ;;
- z) zip="gzip -9"; ext=tar.gz ;;
+ z) zip="zstd -9"; ext=tar.zst ;;
J) zip="xz -8" ext=tar.xz ;;
k) cleanup=0 ;;
h) usage ;;
CENTOS7_32) centos i386 7 ;;
CENTOS7_64) centos amd64 7 ;;
CENTOS8_64) centos amd64 8 ;;
+ ROCKY8_64) rocky amd64 8 ;;
+ ROCKY9_64) rocky amd64 9 ;;
+ ALMA9_64) alma amd64 9 ;;
SLC5_32) slc i386 5 ;;
SLC5_64) slc amd64 5 ;;
SLC6_32) slc i386 6 ;;
SLC7_64) slc amd64 7 ;;
BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
debgeneric $target $MIRROR_TRISQUEL ;;
- TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*)
+ TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
debgeneric $target $MIRROR_UBUNTU ;;
- SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|SID*)
+ SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|FORKY*|SID*)
debgeneric $target $MIRROR_DEBIAN $ARCH;;
*) echo "Unknown distribution. Aborting."
prtdists
exit 0
fi
-# Echo architecture and OS name in uppercase. Do NOT remove these two lines.
-uname -s | tr '[:lower:]' '[:upper:]'
+# Echo architecture
command -v dpkg >&/dev/null && dpkg --print-architecture | tr a-z A-Z
# determin if we are a DHCP client or not
#! /bin/bash
-# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de
+# (c) Thomas Lange, 2002-2013, lange@cs.uni-koeln.de
# NOTE: Files named *.sh will be evaluated, but their output ignored.
echo 0 > /proc/sys/kernel/printk
-#kernelmodules=
-# here, you can load modules depending on the kernel version
-case $(uname -r) in
- 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
- [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
-esac
+# example how to load modules depending on the kernel version
+#case $(uname -r) in
+# 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
+# [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
+#esac
for mod in $kernelmodules; do
[ X$verbose = X1 ] && echo Loading kernel module $mod
# parse *.profile and build a curses menu, so the user can select a profile
#
-# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de
+# (c) 2015 by Thomas Lange, lange@cs.uni-koeln.de
# Universitaet zu Koeln
if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then
[ "$flag_menu" ] || return 0
out=$(tty)
+# save stdout and redirect stdout to tty
+exec 4>&1 > $out
tempfile=$(mktemp)
tempfile2=$(mktemp)
trap "rm -f $tempfile $tempfile2" EXIT INT QUIT
dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \
--default-item "$default" \
--menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\
- 15 70 0 "${par[@]}" 2> $tempfile 1> $out
-
+ 15 70 0 "${par[@]}" 2> $tempfile
_retval=$?
case $_retval in
0)
echo "No profile selected."
break ;;
2)
- dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;;
+ dialog --title "Description of all profiles" --textbox $tempfile2 0 0 ;;
esac
done
unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line
+
+exec 1>&4 # restore stdout
[ "$flag_menu" ] || return 0
out=$(tty)
+# save stdout and redirect stdout to tty
+exec 4>&1 > $out
red=$(mktemp)
echo 'screen_color = (CYAN,RED,ON)' > $red
DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \
- --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out
+ --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0
# stop on any error, or if ESC was hit
if [ $? -ne 0 ]; then
rm $red
unset red
+exec 1>&4 # restore stdout
#! /bin/bash
-ifclass -o CENTOS SLC && exit 0
-
ifclass -o GRUB_PC GRUB_EFI && exit 0
if [ -d /sys/firmware/efi ]; then
exit 0
fi
-for c in LVM FAISERVER FAIBASE; do
+for c in CLOUD LVM FAISERVER FAIBASE; do
if ifclass $c; then
echo ${c}_EFI
break
# ian, commented, sources are set with fcopy
-# release=bullseye
+# release=bookworm
# apt_cdn=http://deb.debian.org
# security_cdn=http://security.debian.org
FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
# if you want to use the faiserver as APT proxy
-# APTPROXY=http://faiserver:3142
+#APTPROXY=http://faiserver:3142
+
+
+# The linux-image package has different names for Debian and Ubuntu
+if ifclass UBUNTU; then
+ kernelname=linux-image-generic
+elif ifclass I386; then
+ kernelname=linux-image-686-pae
+elif ifclass AMD64; then
+ kernelname=linux-image-amd64
+fi
+
+if [ -z "kernelname" ]; then
+ _arch=$(dpkg --print-architecture 2>/dev/null)
+ case $_arch in
+ i386)
+ kernelname=linux-image-686-pae ;;
+ *)
+ kernelname=linux-image-$_arch
+ esac
+ unset _arch
+fi
# when downloading from https intead of nfs, this is not set,
# it is used as the default for LOGSERVER, and for calling chboot.
# My faiserver's hostname is always faiserver, so just hardcoding it.
-SERVER=faiserver
+# I used bare host in the past, thinking that I could vary this
+# between different networks I was on, but it is simpler to just
+# user an internet domain that I control.
+SERVER=faiserver.b8.nz
# busted for debian, no time to troubleshoot atm
#APTPROXY=http://faiserver:3142
# set parameter for install_packages(8)
MAXPACKAGES=800
+# Account on the FAI server for saving log files and calling fai-chboot.
+# Remove the hash character in the next line to activate this feature
+#LOGUSER=fai
+
# a user account will be created
#username=demo
#USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
--- /dev/null
+CONSOLEFONT=lat9v-16
+KEYMAP=us
+DEFAULTLOCALE=en_US.UTF-8
+SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
+
+# if you install much software and have only few RAM, use the RAM disk
+# not for var/cache/yum
+#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
+FAI_RAMDISKS="$target/var/lib/rpm"
#iank, i define these by classes. commenting
# to make sure these arent used
#ubuntumirror=http://archive.ubuntu.com
-#ubuntudist=focal
+#ubuntudist=jammy
downloaded from the internet.
Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME
-Name: CentOS 8
-Description: CentOS 8 with Xfce desktop
-Short: A normal Xfce desktop, running CentOS 8
-Long: We use the Debian nfsroot for installing the CentOS 8 OS.
+Name: Rocky Linux
+Description: Rocky Linux 9 with Xfce desktop
+Short: A normal Xfce desktop, running Rocky Linux 9
+Long: We use the Debian nfsroot for installing the Rocky Linux 9 OS.
You should have a fast network connection, because most packages are
downloaded from the internet.
-Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG
+Classes: INSTALL FAIBASE ROCKY ROCKY9_64 XORG
Name: Ubuntu
-Description: Ubuntu 20.04 LTS desktop installation
+Description: Ubuntu 22.04 LTS desktop installation
Short: Unity desktop
Long: We use the Debian nfsroot for installing the Ubuntu OS.
You should have a fast network connection, because most packages are
downloaded from the internet.
-Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG
+Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU JAMMY JAMMY64 XORG
Name: Inventory
Description: Show hardware info
--- /dev/null
+# config for a disk image for a VM
+#
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
+
+disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid align-at:1M
+
+p=efi /boot/efi 64M vfat defaults createopts="-F 32"
+p=root / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
+
disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
primary / 2G-50G ext4 rw,noatime,errors=remount-ro
# example of new config file for setup-storage
#
-# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
+
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
-primary /boot/efi 512M vfat rw
-primary / 2G-50G ext4 rw,noatime,errors=remount-ro
-primary swap 200-10G swap sw
-primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"
+p=efi /boot/efi 512M vfat rw
+p=root / 2G-50G ext4 rw,noatime,errors=remount-ro
+p= swap 200-10G swap sw
+p=home /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"
# config file for an FAI install server
#
-# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:gpt fstabkey:uuid
-primary /boot/efi 512M vfat rw
-primary / 2G-15G ext4 rw,noatime,errors=remount-ro
-primary swap 200-1000 swap sw
-primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0"
-primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0"
-primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0"
+p=efi /boot/efi 512M vfat rw
+p=system / 2G-15G ext4 rw,noatime,errors=remount-ro
+p=swap swap 200-1000 swap sw
+p= /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0"
+p=home /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0"
+p=data /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0"
disk_config disk1 fstabkey:uuid align-at:1M
-primary /boot 200 ext2 rw,noatime
-primary - 4G- - -
+primary /boot 500 ext4 rw,noatime
+primary - 4G- - -
disk_config lvm
-# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
# entire disk with LVM, separate /home
disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M
-primary /boot/efi 512M vfat rw
-primary /boot 200 ext2 rw,noatime
-primary - 4G- - -
+p=efi /boot/efi 512M vfat rw
+p=boot /boot 500 ext4 rw,noatime
+p=system - 4G- - -
disk_config lvm
--- /dev/null
+# example of new config file for setup-storage
+#
+# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
+
+disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
+
+primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT"
+
+logical swap 200-10G swap sw createopts="-L SWAP"
+logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
exit 0
fi
$ROOTCMD usermod -aG sudo iank
fi
+mkdir -p $target/etc/sudoers.d
cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
Defaults timestamp_timeout=1440
# used in bashrc
--- /dev/null
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# usage $0 [-c] [off]
+# off: Turn off static ip.
+# -c config only, don't tell networkmanager to change anything
+# -f force interface reup
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+m() { printf "%s\n" "$*"; "$@"; }
+
+## begin arg parsing ##
+
+force=false
+conf_only=false
+comment='# iank file id: ethusb-dhcp-v1'
+off=false
+while [[ $1 ]]; do
+ case $1 in
+ -c)
+ conf_only=true
+ ;;
+ -f)
+ force=true
+ ;;
+ off)
+ off=true
+ comment='# iank file id: ethusb-static-v1'
+ ;;
+ *)
+ echo "$0: error unexpected argument: $1" >&2
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+## end arg parsing ##
+
+
+shopt -s nullglob
+
+# we already configured the interface once, afterwards, comment and
+# uncomment to enable/disable. This makes it so we don't depend on /p
+# being mounted.
+
+conf=/etc/NetworkManager/system-connections/ethusb-static.nmconnection
+if ! $force && [[ -s $conf ]] && grep -qFx "$comment" $conf; then
+ # we already ran successfully in the past to set things this way, so
+ # do nothing.
+ exit 0
+fi
+
+
+if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ # we are at_home=true
+
+ while read -r ip_suf host mac; do
+ if [[ $mac != usb ]]; then
+ continue
+ fi
+ if [[ $host == ${HOSTNAME}c ]]; then
+
+ net_info="address1=10.2.0.$ip_suf/16,10.2.0.1
+dns=8.8.8.4;8.8.8.8;"
+
+ break
+ fi
+ done </p/c/host-info
+
+ if [[ ! $ip_suf ]]; then
+ echo "$0: error: failed to find ${HOSTNAME}c ip suffix in /p/c/host-info"
+ exit 1
+ fi
+else
+ if ! type -p dig &>/dev/null; then
+ apt-get install dig
+ fi
+ ip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
+ net_info="address1=$ip/24,192.168.0.1
+dns=192.168.0.10;192.168.0.25;"
+fi
+
+wiredx=
+
+# device that has an eth0, but we aren't using it because it is
+# broken. We could just hardcode a mac comparison with `cat
+# /sys/class/net/eth0/address` but this is cooler.
+if [[ -e /sys/class/net/eth0 ]]; then
+ bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
+ if [[ $bus_info != usb* ]]; then
+ wiredx=2
+ fi
+fi
+
+ethx=$(( wiredx - 1 ))
+
+
+
+uuid=$(nmcli con show "Wired connection $wiredx" 2>/dev/null | awk '$1 == "connection.uuid:" {print $2}' ||:)
+if [[ ! $uuid ]]; then
+ # just a uuid that nm generated for me at some point
+ uuid=0da4c614-6a3c-3ad2-8d4b-c6eebe0814c3
+fi
+
+
+# This template is the result of running, for example
+# nmcli con mod "Wired connection 1" \
+ # ipv4.addresses "10.2.0.23/24" \
+ # ipv4.gateway "10.2.0.1" \
+ # ipv4.dns "8.8.8.4,8.8.8.8"
+
+# which creates a fille named "Wired connection 1.nmconnection",
+# below. I see no reason to keep the same file name, or a bunch of
+# setting that seem irrelevant, and empty sections don't seem to do
+# anything according to the man page.
+
+# [connection]
+# id=Wired connection 2
+# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7
+# type=ethernet
+# interface-name=eth1
+# timestamp=1715728264
+
+# [ethernet]
+
+# [ipv4]
+# address1=10.2.0.23/16,10.2.0.1
+# dns=8.8.8.4;8.8.8.8;
+# method=manual
+
+# [ipv6]
+# addr-gen-mode=stable-privacy
+# method=auto
+
+# [proxy]
+
+{
+ cat <<EOF
+[connection]
+id=Wired connection $wiredx
+uuid=$uuid
+type=ethernet
+interface-name=eth$ethx
+
+[ipv4]
+EOF
+ if $off; then
+ cat <<'EOF'
+method=auto
+EOF
+ else
+ cat <<EOF
+$net_info
+method=manual
+EOF
+ fi
+} | install -T -m0600 /dev/stdin $conf
+
+if ! $conf_only; then
+ state=$(nmcli con show $uuid 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}' ||:)
+
+ reup=false
+ if [[ $state == activated ]]; then
+ reup=true
+ fi
+
+ m nmcli con reload
+
+ if $reup; then
+ m nmcli con down $uuid
+ m nmcli con up $uuid
+ fi
+fi
+
+if ! grep -F "$comment" $conf; then
+ printf "%s\n" "$comment" >>$conf
+fi
--- /dev/null
+#!/bin/bash
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+# default
+kernel_ver='6\.6'
+case $1 in
+ stable)
+ # note: update kernel_ver when we are ready to jump to a new stable kernel.
+ # Stable kernels are listed here: https://www.kernel.org/category/releases.html
+ kernel_ver='6\.6'
+ ;;
+ unstable)
+ kernel_ver='[1-9]'
+ ;;
+esac
+
+
+prereqs=()
+for p in wget curl; do
+ if ! type -p $p &>/dev/null; then
+ prereqs+=($p)
+ fi
+done
+if (( ${#prereqs[@]} >= 1 )); then
+ apt-get -y install ${prereqs[@]}
+fi
+
+
+tmpdir=$($ROOTCMD mktemp -d) || exit
+# shellcheck disable=SC2154 # defined by fai
+outertmp=$target/$tmpdir
+trap 'cd; rm -rf "$outertmp"' EXIT
+cd $outertmp
+
+# We get 10 versions cuz maybe the latest directory (or few) get created but not populated.
+tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \
+ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
+ grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10)
+mapfile -t latest_versions <<<"$tmps"
+
+for va in "${latest_versions[@]}"; do
+ sleep .2 # be nice
+ # note the wiki page about these says to install linux-headers.*generic.*amd64, but
+ # as of 2024, they have a requirement of a very new glibc, and people report
+ # that installing it is not needed.
+ tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' )
+ if [[ $tmpstr ]]; then
+ mapfile -t pkgs <<<"$tmpstr"
+ break
+ fi
+done
+
+if (( ${#pkgs[@]} != 3 )); then
+ echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
+ exit 1
+fi
+
+urls=()
+for p in ${pkgs[@]}; do
+ if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
+ fi
+done
+if (( ${#urls[@]} >= 1 )); then
+ wget -nv "${urls[@]}"
+ $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}
+fi
+++ /dev/null
-#!/bin/bash -x
-# This file is part of Ian Kelling's automated-distro-installer
-# Copyright (C) 2024 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-tmpdir=$(mktemp -d) || exit
-trap 'cd; rm -rf "$tmpdir"' EXIT
-cd $tmpdir
-
-# update stable_ver when we are ready to jump to a new stable kernel.
-# Stable kernels are listed here: https://www.kernel.org/category/releases.html
-stable_ver='6\.6'
-va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
- sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
- grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
-
-# note the wiki page about these says to install linux-headers.*generic.*amd64, but
-# as of 2024, they have a requirement of a very new glibc, and people report
-# that installing it is not needed.
-tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' )
-mapfile -t pkgs <<<"$tmpstr"
-
-if (( ${#pkgs[@]} != 3 )); then
- echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
- exit 1
-fi
-
-urls=()
-for p in ${pkgs[@]}; do
- if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
- urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
- fi
-done
-if (( ${#urls[@]} >= 1 )); then
- wget "${urls[@]}"
- dpkg -i ./*.deb
-fi
+++ /dev/null
-#!/bin/bash
-# Bash Error Handler
-# Copyright (C) 2020 Ian Kelling <ian@iankelling.org>
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# This is a single file library, just source this file. When an error
-# happens, we print a stack trace then exit. In an interactive shell, we
-# return from functions instead of exiting. If err-cleanup is a command,
-# it runs before the stack trace. Functions are documented inline below
-# for additional use cases.
-#
-# Note: occasionally the line numbers are off a bit (at least in Bash
-# 5.0). This appears to be a bash bug. I plan to report it next time it
-# happens to me.
-#
-# Please email me if you use this or have anything to contribute. I'm
-# not aware of any users yet Ian Kelling <ian@iankelling.org>.
-#
-# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and
-# 5.0.17(1)-release (x86_64-pc-linux-gnu).
-#
-# Related: see my bash script template repo at https://iankelling.org/git.
-
-
-# TODO: investigate to see if we can format output betting in case of
-# subshell failure. Right now, we get independent trace from inside and
-# outside of the subshell. Note, errexit + inherit_errexit doesn't have
-# any smarts around this either.
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-
-#######################################
-# err-catch: Setup trap on ERR to print stack trace and exit (or return
-# if the shell is interactive). This is the most common use case so we
-# run it after defining it, you can call err-allow to undo that.
-#
-# This also sets pipefail because it's a good practice to catch more
-# errors.
-#
-# Note: In interactive shell, stack calling line number is not
-# available, so we print function definition lines.
-#
-# Note: This works like set -e, which has one unintuitive feature: If
-# you use a function as part of a conditional, eg: func && come_cmd, a
-# failed command within func won't trigger an error.
-#
-# Globals
-#
-# err_catch_ignore Array containing glob patterns to test against
-# filenames to ignore errors from in interactive
-# shell. Initialized to ignore bash-completion
-# scripts on debian based systems.
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-# _err_func_last Used internally in err-bash-trace-interactive
-#
-#######################################
-err-catch() {
- set -E;
- if [[ $- == *i* ]]; then
- if ! test ${err_catch_ignore+defined}; then
- err_catch_ignore=(
- '/etc/bash_completion.d/*'
- '*/bash-completion/*'
- )
- fi
- declare -i _err_func_last=0
- if [[ $- != *c* ]]; then
- shopt -s extdebug
- fi
- # shellcheck disable=SC2154
- trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR
- else
- # Man bash on exdebug: "If set at shell invocation, arrange to
- # execute the debugger". We want to avoid that, but I want this file
- # to be sourceable from bash startup files. noninteractive ssh and
- # sources .bashrc on invocation. login_shell sources things on
- # invocation.
- #
- # extdebug allows us to print function arguments in our stack trace.
- if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then
- shopt -s extdebug
- fi
- trap err-exit ERR
- fi
- set -o pipefail
-}
-# This is the most common use case so run it now.
-err-catch
-
-#######################################
-# Undo err-catch/err-catch-interactive
-#######################################
-err-allow() {
- shopt -u extdebug
- set +E +o pipefail
- trap ERR
-}
-
-#######################################
-# err-exit: Print stack trace and exit
-#
-# Use this instead of the exit command to be more informative.
-#
-# usage: err-exit [-EXIT_CODE] [MESSAGE]
-#
-# EXIT_CODE Default: $? if it is nonzero, otherwise 1.
-# MESSAGE Print MESSAGE to stderr. Default:
-# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $?
-#
-# Globals
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-#######################################
-err-exit() {
- # vars have _ prefix so that we can inspect existing set vars without
- # too much overwriting of them.
- local _err=$? _pipestatus="${_pipestatus[*]}"
-
- # This has to come before most things or vars get changed
- local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err"
- local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right.
-
- if [[ $_pipestatus != "$_err" ]]; then
- _msg+=", PIPESTATUS: $_pipestatus"
- fi
- set +x
- if [[ $1 == -* ]]; then
- _err=${1#-}
- shift
- elif (( ! _err )); then
- _err=1
- fi
- if [[ $1 ]]; then
- _msg="$1"
- fi
-
- ## Begin printing vars from within BASH_COMMAND ##
- local _var _chars _l
- local -A _vars
- while [[ $_cmdr ]]; do
- _chars="${#_cmdr}"
- _cmdr="${_cmdr#*$}"
- _cmdr="${_cmdr#{}"
- if (( _chars == ${#_cmdr} )); then
- break
- fi
- _var="${_cmdr%%[^a-zA-Z0-9_]*}"
- if [[ ! $_var || $_var == [0-9]* ]]; then
- continue
- fi
- _vars[${_var}]=t
- done
- #echo "iank ${_vars[*]}"
- #set |& grep ^password
- # in my small test, this took 50% longer than piping to grep.
- # That seems a small enough penalty to stay in bash here.
- if (( ${#_vars[@]} )); then
- set |& while read -r _l; do
- for _var in "${!_vars[@]}"; do
- case $_l in
- ${_var}=*) printf "%s\n" "$_l" >&2 ;;
- esac
- done
- done
- fi
- ## End printing vars from within BASH_COMMAND ##
-
- printf "%s\n" "$_msg" >&2
- err-bash-trace 2
- set -e # err trap does not work within an error trap
- if type -t err-cleanup >/dev/null; then
- err-cleanup
- fi
- printf "%s: exiting with status %s\n" "$0" "$_err" >&2
- exit $_err
-}
-
-#######################################
-# Print stack trace
-#
-# usage: err-bash-trace [FRAME_START]
-#
-# This function is called by the other functions which print stack
-# traces.
-#
-# It does not show function args unless you first run:
-# shopt -s extdebug
-# which err-catch does for you.
-#
-# FRAME_START Optional variable to set before calling. The frame to
-# start printing on. default=1. If ${#FUNCNAME[@]} <=
-# FRAME_START + 1, don't print anything because we are at
-# the top level of the script and better off printing a
-# general message, for example see what our callers print.
-#
-#######################################
-err-bash-trace() {
- local -i argc_index=0 frame i frame_start=${1:-1}
- local source_loc
- if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then
- return 0
- fi
- for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do
- argc=${BASH_ARGC[frame]}
- argc_index+=$argc
- if ((frame < frame_start)); then continue; fi
- if (( ${#BASH_SOURCE[@]} > 1 )); then
- source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:"
- fi
- printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc_index-1; i >= argc_index-argc; i--)); do
- printf " %s" "${BASH_ARGV[i]}" >&2
- done
- fi
- echo \' >&2
- done
- return 0
-}
-
-#######################################
-# Internal function for err-catch. Prints stack trace from interactive
-# shell trap.
-#
-# Usage: see err-catch-interactive
-#######################################
-_err-bash-trace-interactive() {
- if (( ${#FUNCNAME[@]} <= 1 )); then
- return 0
- fi
-
- for pattern in "${err_catch_ignore[@]}"; do
- # shellcheck disable=SC2053
- if [[ ${BASH_SOURCE[1]} == $pattern ]]; then
- return 0
- fi
- done
-
- local ret bash_command argc pattern i last
- last=$_err_func_last
- _err_func_last=${#FUNCNAME[@]}
- # We have these passed to us because they are lost inside the
- # function.
- ret=$1
- pipestatus="$2"
- bash_command="$3"
- argc=$(( $4 - 1 ))
- shift 4
- argv=("$@")
- # The trap returns a nonzero, then gets called again. This condition
- # tells us if is that has happened by checking if we've gone down a
- # stack level.
- if (( _err_func_last >= last )); then
- printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2
- if [[ $pipestatus != "$ret" ]]; then
- printf ", PIPESTATUS: %s" "$pipestatus" >&2
- fi
- echo >&2
- fi
- printf " from \`%s" "${FUNCNAME[1]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc; i >= 0; i--)); do
- printf " %s" "${argv[i]}" >&2
- done
- fi
- printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2
- if [[ -t 1 ]]; then
- return $ret
- else
- # Part of an outgoing pipe, avoid getting get us stuck in a weird
- # subshell if we returned nonzero, which would happen in a situation
- # like this:
- #
- # tf() { while read -r line; do :; done < <(asdf); };
- # tf
- #
- # Note: exit $ret also avoids the stuck subshell problem, and I
- # can't notice any difference, but this seems more proper.
- return 0
- fi
-}
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"
-f="${x%/*}/bash-trace"
-if [[ -e $f ]]; then
- source $f
-else
- source ${x%/*}/../bash-trace/DEFAULT
-fi
-
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
usage() {
- cat <<EOF
-Usage: ${0##*/} [OPTIONS] DISTRO_NAME
+ cat <<'EOF'
+Usage: chboot [OPTIONS] DISTRO_NAME
Set grub to boot into a different distro, and reboot unless -r
With no argument, print available distros
case $1 in
-d) set -x; shift ;;
-r) reboot=false; shift ;;
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
--) shift; break ;;
*) echo "$0: Internal error!" ; exit 1 ;;
esac
--- /dev/null
+deb {%apt_cdn%}/debian {%release%} main contrib non-free non-free-firmware
+deb {%security_cdn%}/debian-security {%secsuite%} main contrib non-free non-free-firmware
+deb {%apt_cdn%}/debian {%release%}-updates main contrib non-free non-free-firmware
dpkg-reconfigure -fnoninteractive openssh-server
fi
sleep 8
-[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart
echo "================================="
echo "Setting up the FAI install server"
ainsl /etc/fai/fai.conf "^LOGUSER=fai"
# make index, then import the packages from the CD mirror
+/etc/init.d/apt-cacher-ng restart
apt-get update >/dev/null
+echo "Importing local packages to apt cache"
curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null
+echo "Creating FAI Server setup"
# setup the FAI server, including creating the nfsroot, use my own proxy
export APTPROXY="http://127.0.0.1:3142"
echo "=================================================="
echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!"
echo "Read /var/log/fai/fai-setup.log for more debugging"
+ echo "Setup script is now moved to /var/tmp/$0"
echo "=================================================="
echo ""
+ cp -p $0 /var/tmp
sleep 10
+ rm -f $0
exit 99
fi
fai-chboot -o default
# create a template for booting the installation
-fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bullseye.tmpl
+fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bookworm.tmpl
# Since we do not know the MAC address, our DHCP cannot provide the hostname.
# Therefore we do explicitly set the hostname
fai-monitor > /var/log/fai/fai-monitor.log &
# move me away
-mv $0 /var/tmp
+cp -p $0 /var/tmp
# create new rc.local for next reboot
echo '#! /bin/bash' > /etc/rc.local
--- /dev/null
+CLOUD
\ No newline at end of file
--- /dev/null
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=disabled
+# SELINUXTYPE= can take one of these two values:
+# targeted - Only targeted network daemons are protected.
+# strict - Full SELinux protection.
+# mls - Multi Level Security protection.
+SELINUXTYPE=targeted
+# SETLOCALDEFS= Check local definition changes
# hook for installing a file system image (tar file)
# this works for Ubuntu 14.04
#
-# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de
+# Copyright (C) 2015 Thomas Lange, lange@cs.uni-koeln.de
# I use this tar command to create the image of an already running and configured machine
fi
if [ -f $target/etc/centos-release ]; then
rm $target/etc/grub2/device.map
- $FAI/scripts/CENTOS/40-install-grub
- $FAI/scripts/CENTOS/30-mkinitrd
+ $FAI/scripts/ROCKY/40-install-grub
+ $FAI/scripts/ROCKY/30-mkinitrd
$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
fi
--- /dev/null
+#! /bin/bash
+
+skiptask debconf
$ROOTCMD apt-get -y install locales > /dev/null
fi
fi
+
+# use zstd for dracut initrd
+ainsl -av /etc/dracut.conf.d/11-debian.conf "compress=zstd"
if fsf; then
root_mib=40000
+ elif ifclass demohost; then
+ # just randomish numbers that seem ok for testing.
+ root_mib=25000
+ o_mib=1000
else
# This would maximize it, but we are going for a separate filesystem in /o,
# so use fixed sizes to allow both to grow
# 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
#root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
- o_mib=$(( 120 * 1000 ))
+ o_mib=$(( 180 * 1000 ))
# max minus o, minus a gig just for some extra space
max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
- root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb.
+ root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
if (( max_root_mib < root_mib )); then
root_mib=$max_root_mib
fi
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ $FAI_ACTION = "install" ]; then
+ ctam
+ [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
+
+ cat > $target/etc/sysconfig/network <<-EOF
+ NETWORKING=yes
+ HOSTNAME=$HOSTNAME.$DOMAIN
+ EOF
+ echo "127.0.0.1 localhost" > $target/etc/hosts
+ ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
+ cp /etc/resolv.conf $target/etc
+fi
+
+fcopy -riv /etc/yum.repos.d/
+
+# disable the fastestmirror plugin
+#fai-sed 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+
+skiptask repository
+
+exit $error
data block query control method not found
subprocess.py.\+RuntimeWarning: line buffering
Resource conflict.\+ found
+os-prober will not be executed
+/sys/bus/usb/devices/\*:\*/bInterface
update-rc.d: warning: start and stop actions are no longer supported"
# add pattern on some conditions
echo "ERRORS found in log files. See $errfile" >&2
else
echo "Congratulations! No errors found in log files."
+# export flag_reboot=1 # if you want to reboot if no errors are found
fi
--- /dev/null
+#! /bin/bash
+
+# This file is sourced during task_setup
+# you can define your own functions and use them later, for e.g.
+# in scripts/...
+
+
+cleanup_base() {
+
+ rm -f $target/etc/mailname \
+ $target/etc/machine-id \
+ $target/var/lib/dbus/machine-id \
+ $target/var/log/install_packages.list
+
+ > $target/etc/machine-id
+ shred --remove $target/etc/ssh/ssh_host_*
+}
+
+
+cleanup_dpkg_apt() {
+
+ rm -f $target/var/log/alternatives.log \
+ $target/var/log/apt/* \
+ $target/var/log/bootstrap.log \
+ $target/var/log/dpkg.log
+
+ rm -rf $target/var/cache/apt/*
+ rm -rf $target/var/lib/apt/lists/*
+ rm -f $target/var/lib/dpkg/available*
+ rm -f -- $target/var/lib/dpkg/*-old
+}
fi
echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io
-
-# you may want to add i386 arch to amd64 hosts
-# if ifclass AMD64; then
-# $ROOTCMD dpkg --add-architecture i386
-# fi
--- /dev/null
+#! /bin/bash
+
+if [ ! -f $target/etc/resolv.conf ]; then
+ cp /etc/resolv.conf $target/etc
+fi
+
+if [ X$verbose = X1 ]; then
+ echo "Updating base"
+ $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
+else
+ $ROOTCMD yum -y update >> $LOGDIR/software.log
+fi
+
+$ROOTCMD systemd-machine-id-setup
+
+cat > $target/etc/sysconfig/kernel <<EOF
+# UPDATEDEFAULT specifies if new-kernel-pkg should make
+# new kernels the default
+UPDATEDEFAULT=yes
+
+# DEFAULTKERNEL specifies the default kernel package type
+DEFAULTKERNEL=kernel-core
+EOF
+
+skiptask updatebase
#! /bin/bash
+# mk-basefile doesn't use the -updates suite, then we unpack it, then we
+# install sources.list that has -updates and we install random
+# packages. It might avoid a problem if we a dist-upgrade first.
+
+$ROOTCMD apt-get update
+$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
+
# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
# changed. There is a /var/lib/dpkg/info/locales.config file, which
# hook applies the debconf setting. It must run after FAI's debconf task
# but before dpkg gets a chance to clobber debconf with an empty setting.
+
if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
- $ROOTCMD debconf --owner=locales sh -c '
+ $ROOTCMD debconf --owner=locales sh -c '
. /usr/share/debconf/confmodule
db_version 2.0
db_get locales/locales_to_be_generated &&
firmware-bnx2 firmware-bnx2x firmware-realtek
firmware-linux-nonfree
# a list of firmware for wifi/wireless
-atmel-firmware firmware-atheros firmware-brcm80211
-firmware-iwlwifi firmware-libertas firmware-ralink firmware-zd1211
+firmware-misc-nonfree
+atmel-firmware firmware-ath9k-htc firmware-brcm80211
+firmware-iwlwifi firmware-libertas firmware-zd1211
firmware-brcm80211 firmware-ti-connectivity
firmware-netronome firmware-netxen firmware-realtek
firmware-cavium
# firmware-ipw2x00 # needs a debconf question
-PACKAGES install I386
-linux-image-686-pae
+# needed for a live ISO
+PACKAGES install-norec LIVEISO
+dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin
+
+PACKAGES install-norec I386 AMD64
memtest86+
-PACKAGES install CHROOT
+PACKAGES install-norec CHROOT
linux-image-686-pae-
linux-image-amd64-
initramfs-tools-core-
dropbear-initramfs-
-PACKAGES install AMD64
-linux-image-amd64
+PACKAGES install-norec AMD64
+${kernelname} # see class/DEBIAN.var
memtest86+
-PACKAGES install ARM64
+PACKAGES install-norec ARM64
+${kernelname} # see class/DEBIAN.var
grub-efi-arm64
-linux-image-arm64
-# this is duplicate with STANDARD.
-#PACKAGES install GRUB_PC
+# iank this is duplicate with STANDARD.
+#PACKAGES install-norec GRUB_PC
#grub-pc
-#PACKAGES install GRUB_EFI
-#grub-efi
-
+#PACKAGES install-norec GRUB_EFI
+#grub-efi dosfstools
PACKAGES install LVM
lvm2
fai-quickstart
debmirror tcpdump
-xorriso grub-pc
+xorriso
lftp curl
netselect
syslinux-common pxelinux
apt-cacher-ng
-nscd psmisc
+psmisc
bind9 dnsutils
iptables-persistent
zile
-PACKAGES install-norec
+# enable following two lines to get full GNOME desktop
+#PACKAGES install
+#task-gnome-desktop
+
+# stripped down version of GNOME without libreoffice
+# upgrade to full desktop using: # apt install task-gnome-desktop
+PACKAGES install-norec
firefox-esr
#thunderbird
menu gdm3
--- /dev/null
+ARAMO.gpg
\ No newline at end of file
--- /dev/null
+PACKAGES dnfgroup
+core
+minimal-environment
+#server-product-environment
+#headless-management
+
+PACKAGES dnfgroup XORG
+graphical-server-environment
+workstation-product-environment
+
+PACKAGES dnfi
+NetworkManager
+dbus-broker # needed by systemd
+chrony
+kernel
+dracut
+less
+openssh
+openssh-clients
+openssh-server
+vim-enhanced
+man
+curl
+unzip
+which
+ncurses ncurses-base
+coreutils-common
+libibverbs # needed for nc, but missing dependency
+
+PACKAGES dnfi GRUB_PC
+grub2-pc
+
+PACKAGES dnfi GRUB_EFI
+grub2-efi
+
+
+PACKAGES dnfi LVM
+lvm2
openssh-client
pciutils
perl
-# ian: newer distros dont have python, it gets naturally removed
-python
-python-minimal
python3
python3-minimal
reportbug
openssh-client openssh-server
time
procinfo
-locales
console-setup kbd
pciutils usbutils
unattended-upgrades
cryptsetup-initramfs
# for btrbk
zstd
+# for detecting wireless
+iw
# iank, copied from DEBIAN so it goes into ubuntu too
PACKAGES install GRUB_PC
# but theres a dependency problem with it in nabia: for some reason it depends on
# a version in security, but theres a later version in updates that the system
# really wants to install.
-grub-efi-amd64
+grub-efi-amd64 dosfstools
linux-image-generic
memtest86+
-
PACKAGES install FLIDAS64 XENIAL64
linux-image-generic-hwe-8.0
linux-image-generic-
linux-image-generic-hwe-20.04
+PACKAGES install XORG
+ubuntu-server-
+ubuntu-standard
+ubuntu-desktop
+
PACKAGES install GERMAN
language-pack-gnome-de
+
+PACKAGES install CHROOT
+# a chroot does not need a kernel.
+# See class/DEBIAN.var for the exact package name
+${kernelname}-
+# enable following two lines to get full XFCE desktop
+#PACKAGES install
+#task-xfce-desktop
+
+# stripped down version of xfce4 without libreoffice
+# upgrade to full desktop using: # apt install task-xfce-desktop
PACKAGES install-norec
xfce4 # base system
xfce4-goodies # additional tools
+xfce4-power-manager
+light-locker
lightdm
+synaptic
firefox-esr
network-manager-gnome
--- /dev/null
+ian: Ya, for each trisquel release, we need a new key symlink link, or
+new file if the key has changed.
#! /bin/bash
-fcopy /etc/init.d/expand-root
-if [ -f $target/files/etc/init.d/expand-root ]; then
- $ROOTCMD insserv --default expand-root
-fi
-
-sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config
+fai-sed "s/PermitRootLogin yes/PermitRootLogin without-password/" /etc/ssh/sshd_config
ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120'
ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr'
ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy'
+cleanup_base
+
rm -f $target/etc/resolv.conf \
$target/etc/udev/rules.d/70-persistent-net.rules \
- $target/lib/udev/write_net_rules \
- $target/etc/mailname \
- $target/var/lib/dbus/machine-id
-
-> $target/etc/machine-id
-
-shred --remove $target/etc/ssh/ssh_host_*
+ $target/lib/udev/write_net_rules
# FIXME: DHCP RFC3442 is used incorrect in Azure
if [ -f $target/etc/dhcp/dhclient.conf ]; then
- sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf
+ fai-sed 's,rfc3442-classless-static-routes,disabled-\0,' /etc/dhcp/dhclient.conf
fi
exit 1
fi
+m() { printf "%s\n" "$*"; "$@"; }
+
+
fcopy -riB /root
+# in bullseye, installing systemd-resolved says: Converting
+# /etc/resolv.conf to a symlink to
+# /run/systemd/resolve/stub-resolv.conf... which breaks
+# resolution. This happens to be the first script we install a package
+# after that. This should do nothing in a fai-wrapper situation.
+if [[ ! -s $target/etc/resolv.conf ]]; then
+ m ls -la $target/etc/resolv.conf ||:
+ # Keep the symlink in place, systemd-resolved should change the file
+ # when it runs.
+ mkdir -p $target/run/systemd/resolve
+ if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then
+ echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2
+ exit 1
+ fi
+ cat /etc/resolv.conf >$target/etc/resolv.conf
+fi
+
+
#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
-set -x
+set -xe
if getent group systemd-journal >/dev/null; then
# makes the journal be saved to disk.
mkdir -p /var/log/journal
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF
-apt-get install -y pxe-kexec
+
+# This used to be pxe-kexec. For some reason pxe-kexec is not in
+# bookworm. kexec-tools is
+# something pxe-kexec depended on and might be useful.
+# todo: figure out why and get it installed.
+apt-get install -y kexec-tools
# this is usefull. Only thing reason I see this being disabled by default is
# that a non-root user can disrupt the system, eg cause a reboot.
printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
fi
if [ "$UTC" = "yes" ]; then
- sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+ fai-sed 's:^LOCAL$:UTC:' /etc/adjtime
else
- sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+ fai-sed 's:^UTC$:LOCAL:' /etc/adjtime
fi
# enable linuxlogo
if [ -f $target/etc/inittab ]; then
- sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+ fai-sed 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' /etc/inittab
elif [ -f $target/lib/systemd/system/getty@.service ]; then
- sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+ fai-sed 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' /lib/systemd/system/getty@.service
fi
# make sure a machine-id exists
$ROOTCMD systemd-machine-id-setup
fi
-ln -fs /proc/mounts $target/etc/mtab
+fai-link /etc/mtab ../proc/self/mounts
-rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+rm -f $target/etc/dpkg/dpkg.cfg.d/unsafe-io
if [ -d /etc/fai ]; then
if ! fcopy -Mv /etc/fai/fai.conf; then
echo $TIMEZONE > $target/etc/timezone
if [ -L $target/etc/localtime ]; then
- ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+ fai-link /etc/localtime /usr/share/zoneinfo/${TIMEZONE}
else
cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
fi
--- /dev/null
+#! /bin/bash
+
+# (c) Thomas Lange, 2022, lange@debian.org
+#
+# Add public ssh key for user root to get login access
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+SSHDIR=$target/root/.ssh
+AUKEY=$SSHDIR/authorized_keys
+
+# reverse order of classes
+for c in $classes; do
+ revclasses="$c $revclasses"
+done
+
+for c in $revclasses; do
+ if [ -f $FAI/files/root-ssh-key/$c ]; then
+ if [ -f $AUKEY ]; then
+ cmp -s $FAI/files/root-ssh-key/$c $AUKEY
+ if [ $? -eq 0 ]; then
+ exit
+ fi
+ fi
+ if [ ! -d $SSHDIR ]; then
+ mkdir -m 700 $SSHDIR
+ fi
+ cp -v $FAI/files/root-ssh-key/$c $AUKEY
+ chown root:root $AUKEY
+ chmod 700 $AUKEY
+ break
+ fi
+done
+
+exit $error
# add entries for 10 hosts called client 01 .. 10
perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts
- sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf
- ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0"
+ fai-sed '/# ReuseConnections: 1/d' /etc/apt-cacher-ng/acng.conf
+ ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 1"
+ ainsl -v /etc/apt-cacher-ng/acng.conf "PipelineDepth: 80"
+ ainsl -v /etc/apt-cacher-ng/acng.conf "DlMaxRetries: 6"
# copy base file for faster building of nfsroot
if [ -f /var/tmp/base.tar.xz ]; then
if [ -d /media/mirror/pool ]; then
mkdir $target/var/cache/apt-cacher-ng/_import
cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import
- $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/_import
+ $ROOTCMD chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng/_import
fi
# copy basefiles from CD to config space
# installation into the removable media paths as well as the standard
# debian path.
+# do only execute for Debian and similar distros
+if ! ifclass DEBIAN ; then
+ exit 0
+fi
+
set -a
# do not set up grub during dirinstall
BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
fi
+opts="--no-floppy --target=x86_64-efi --modules=part_gpt"
+
# Check if RAID is used for the boot device
if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
raiddev=${BOOT_DEVICE#/dev/}
# install grub on all members of RAID
for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat); do
echo Install grub on /dev/$device
- $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device"
+ $ROOTCMD grub-install $opts --force-extra-removable "/dev/$device"
done
elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
# do not update vmram when using a loop device
- $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE
+ $ROOTCMD grub-install $opts --force-extra-removable --no-nvram $BOOT_DEVICE
if [ $? -eq 0 ]; then
echo "Grub installed on hostdisk $BOOT_DEVICE"
fi
else
- $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT"
+ $ROOTCMD grub-install $opts "$GROOT"
if [ $? -eq 0 ]; then
echo "Grub installed on $BOOT_DEVICE = $GROOT"
fi
fi
$ROOTCMD update-grub
+if [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
+ :
+else
+ efibootmgr -v
+fi
exit $error
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
set -x
+# do only execute for Debian and similar distros
+if ! ifclass DEBIAN ; then
+ exit 0
+fi
+
set -a
# do not set up grub during dirinstall
# disable os-prober because of #802717
ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
+# efivars may still be mounted from the host system during fai-diskimage
+if [ -d $target/sys/firmware/efi/efivars ]; then
+ umount $target/sys/firmware/efi/efivars
+fi
+
# skip the rest, if not an initial installation
if [ $FAI_ACTION != "install" ]; then
$ROOTCMD update-grub
else
for dev in $BOOT_DEVICE; do
mbrdev=$(get_stable_devname $dev)
- if [ -z "$mbrdevices" ]; then
+ if [ -z "$mbrdev" ]; then
# if we cannot find a persistent name (for e.g. in a VM) use old name
- mbrdevices+="$dev, "
+ mbrdev="$dev"
fi
+ mbrdevices+="$mbrdev, "
echo "Installing grub on $dev = $mbrdev"
$ROOTCMD grub-install --no-floppy "$mbrdev"
done
exit 1
fi
+# ignore this line. hack to make shellcheck ignore $target
+if [[ ! $target ]]; then target=; fi
+
if ! type -t fcopy &>/dev/null; then
sudo apt-get -y install fai-client
fi
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
- chroot() {
- shift
- "$@"
- }
-fi
-
-if [[ $FAI_ROOT == / ]]; then
- source /a/bin/bash_unpublished/source-state
- bprogs_dir=/a/opt/btrfs-progs-release
-else
- bprogs_dir=/srv/btrfs-progs-release
- chroot="chroot $FAI_ROOT"
-fi
-
# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
mount -o bind $src $dst
fi
+
+
$FAI/distro-install-common/end
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
-$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riB /etc/apt
tmpfile2=$(mktemp)
-$chroot /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
- $chroot /usr/bin/apt update
+ $ROOTCMD /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
#### misc configurations
-
if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
if ifclass LINODE; then
speed=19200
WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
EOF
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable myncq.service
/usr/bin/myncq no-upgrub
EOFOUTER
fi
# use networkmanager if this host has wireless.
-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
- $chroot bash <<EOF
+if [[ $(iw dev) ]]; then
+ $ROOTCMD bash -xe <<EOF
apt-get -y install network-manager
EOF
[main]
dns=systemd-resolved
EOF
+
+
+ if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then
+ # for running from fai or remote connections, don't kill the internet
+ ethusb_arg=-c
+ fi
+ if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ # we are at_home
+ $FAI/distro-install-common/ethusb-static $ethusb_arg
+ else
+ $FAI/distro-install-common/ethusb-static off $ethusb_arg
+ fi
+
+
else
cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
fi
-case $HOSTNAME in
- sy)
- $FAI/distro-install-common/install-stable-kernel-debs
- ;;
- *)
- $chroot apt-get -y install linux-libre
- ;;
-esac
-
-pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
-tarball=$(curl -s $pre/sha256sums.asc \
- | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
-url="$pre/$tarball"
-dir=${tarball%.tar.gz}
-ver=${dir#btrfs-progs-}
-cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
-if [[ $ver != "$cur_ver" ]]; then
- if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
- rm -rf $bprogs_dir
- cd /tmp
- wget $url
- sudo -u iank tar xzf $tarball
- mv ${tarball%.tar.gz} $bprogs_dir
- cd $bprogs_dir
- apt-get -y build-dep btrfs-progs
- sudo -u iank ./configure --disable-documentation
- sudo -u iank make
- make install
- else
- $chroot bash -xe <<EOF
-cd $bprogs_dir
-make install
-EOF
- fi
-fi
-
if ifclass LINODE; then
mkdir -p $target/etc/initramfs-tools/conf.d
+ # shellcheck disable=SC2154 # comes with LINODE environment
cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
# man 5 initramfs.conf
if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
fcopy /etc/systemd/system/faicheck.service
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable faicheck.service
EOFOUTER
exit 0 # avoid unnecessary stuff in bootstrap vol
## misc settings
-$chroot bash <<'EOFOUTER'
+$ROOTCMD bash <<'EOFOUTER'
#### begin .ssh setup ###
set -x
set -eE -o pipefail
for g in plugdev audio video cdrom; do
$ROOTCMD usermod -a -G $g user2
done
+
+## begin get new kernel and btrfs-progs ##
+case $HOSTNAME in
+ sy|so)
+ # on sy t11, severe wifi degredation on 6.8
+ # on so t11, no x11 display on 6.8
+ $FAI/distro-install-common/install-mainline-kernel-debs stable
+ ;;
+ *)
+ if ! $ROOTCMD dpkg -s -- freesh-archive-keyring 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ apt-get -y install wget
+ wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb
+ $ROOTCMD dpkg -i /tmp/x.deb
+ $ROOTCMD apt-get update
+ $ROOTCMD apt-get -y install linux-libre
+ fi
+ ;;
+esac
+
+pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
+tarball=$(curl -s $pre/sha256sums.asc \
+ | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
+url="$pre/$tarball"
+dir=${tarball%.tar.gz}
+ver=${dir#btrfs-progs-}
+cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+ bp_dir=/a/opt/btrfs-progs-release
+else
+ bp_dir=$FAI/distro-install-common/btrfs-progs-release
+fi
+if [[ $ver != "$cur_ver" ]]; then
+ if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+ cd $target/tmp
+ wget $url
+ tar xzf $tarball
+ $ROOTCMD apt-get -y build-dep btrfs-progs
+ # no docs cuz I didn't want to bother fixing error of missing docs dependencies
+ $ROOTCMD bash -xe <<EOF
+cd /tmp/${tarball%.tar.gz}
+./configure --disable-documentation
+make
+make install
+EOF
+ # If our desktop is HOST2, will we btrbk this latest bprogs to other
+ # machines.
+ if [[ -s /a/bin/bash_unpublished/source-state ]]; then
+ source /a/bin/bash_unpublished/source-state
+ fi
+ if [[ $HOST2 == "$HOSTNAME" && $FAI_ROOT != / ]]; then
+ rm -rf $bp_dir
+ chown -R iank:iank $target/tmp/${tarball%.tar.gz}
+ mv $target/tmp/${tarball%.tar.gz} $bp_dir
+ fi
+ else
+ if ! $ROOTCMD dpkg -s -- build-essential 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ $ROOTCMD apt-get -y install build-essential
+ fi
+
+ if [[ $FAI_ROOT == / ]]; then
+ cd /a/opt/btrfs-progs-release
+ make install
+ else
+ mkdir -p $target/tmp/bprogs
+ mount -o bind $bp_dir $target/tmp/bprogs
+ $ROOTCMD bash -xe <<EOF
+cd /tmp/bprogs
+make install
+EOF
+ fi
+ fi
+fi
+## end get new kernel and btrfs-progs ##
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+# remove crypt password from format.log
+if [ -f $LOGDIR/format.log ]; then
+ perl -i -pane "s/Executing: yes '.+?' \| cryptsetup/Executing: yes 'XXXXXXXXXXXXX' | cryptsetup/" $LOGDIR/format.log
+fi
+
if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
:
else
fi
fi
- # i use dm for crypt, not lvm, so this gives false positive. todo, send patch to remove this
- # upstream.
- # usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
- # if [ $usedm -ne 0 ]; then
- # if [ ! -d $target/etc/lvm ]; then
- # echo ERROR: Found lvm devices, but the lvm2 package was not installed
- # error=1
- # fi
- # fi
+ if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then
+ echo ERROR: Encrypted devices used, but the crypsetup package was not installed.
+ echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file.
+ fi
+
+ # note, if we used dm for crypt, not lvm, so would givee false positive. todo, send patch to fix
+ usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+ if [ $usedm -ne 0 ]; then
+ if [ ! -d $target/etc/lvm ]; then
+ echo ERROR: Found lvm devices, but the lvm2 package was not installed
+ error=1
+ fi
+ fi
fi
# remove backup files from cfengine, but only if cfengine is installed
return
fi
- dists="jessie stretch buster bullseye bookworm trixie jammy focal bionic xenial trusty aramo nabia etiona"
+ dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"
for d in $dists; do
if grep -iq $d $target/etc/os-release; then
release=$d
# if installation was done from CD, replace useless sources.list
setrel
-if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
- grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
-deb $apt_cdn/debian $release main contrib non-free
-deb $security_cdn/debian-security ${secsuite} main contrib non-free
+if [ -f $target/etc/apt/sources.list ] && [ -n "$release" ]; then
+ if grep -q 'file generated by fai-cd' $target/etc/apt/sources.list; then
+ echo "Create new sources.list for $release"
+ cat <<EOF > $target/etc/apt/sources.list
+deb $apt_cdn/debian $release main contrib non-free non-free-firmware
+deb $security_cdn/debian-security ${secsuite} main contrib non-free non-free-firmware
#deb [trusted=yes] http://fai-project.org/download $release koeln
EOF
+ fi
# if the package fai-server was installed, enable the project's repository
if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then
- sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list
+ fai-sed '/fai-project.org/s/^#//' /etc/apt/sources.list
fi
fi
+# install default sources.list for Debian based distributions
+if [ -d $target/etc/apt ] && [ ! -f $target/etc/apt/sources.list ]; then
+ fcopy -Svc DEBIAN_DEFAULT /etc/apt/sources.list
+fi
+
+# older releases do not have the non-free-firmware section
+if [ -n "$release" ] && [[ "buster bullseye" =~ "$release" ]]; then
+ sed -i -e 's/non-free-firmware//g' $target/etc/apt/sources.list
+fi
+
# for ARM architecture, we may need the kernel and initrd to boot or flash the device
if ifclass ARM64; then
cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR
--- /dev/null
+#! /bin/bash
+
+# create an initrd for booting from ISO
+
+# get highest kernel version
+ver=$(ls -r1 $target/boot/initrd.img-*|tail -1| sed 's/.\+initrd.img-//')
+if [ -z "$ver" ]; then
+ echo "ERROR: no initrd found in $0"
+ exit 9
+fi
+
+rm $target/boot/initrd.img-$ver
+$ROOTCMD dracut -N --zstd --filesystems ext4 -a "dmsquash-live " -o"btrfs crypt dash lvm resume usrmount modsign mdraid shutdown virtfs" /boot/initrd.img-$ver $ver
+
+echo ISO initrd was created
--- /dev/null
+#! /bin/bash
+
+# this is defined in hooks/subroutines
+cleanup_dpkg_apt
+cleanup_base
+
+echo cleanup for live ISO done
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
+# Thomas Lange, 2015-2020
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+$ROOTCMD usermod -p $ROOTPW root
+
+fcopy -v /etc/selinux/config
+$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
+chmod a+rx $target
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+# (c) Thomas Lange, 2011, Uni Koeln
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+ainsl -v /etc/fstab "proc /proc proc defaults 0 0"
+ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0"
+
+version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
+
+
+if [ -f $target/etc/lvm/lvm.conf ]; then
+ fai-sed 's/use_lvmetad = 1/use_lvmetad = 0/' /etc/lvm/lvm.conf
+ ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
+fi
+
+
+# add filesystem driver into initrd
+ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+=" ext4 "'
+$ROOTCMD dracut -v --kver $version --force
+
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
+# (c) Thomas Lange 2014
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ -r $LOGDIR/disk_var.sh ] ; then
+ . $LOGDIR/disk_var.sh
+else
+ echo "disk_var.sh not found!"
+ exit 1
+fi
+
+
+# CentOS 7 does not have a device.map file, so generate one
+if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
+ echo "# Generated by FAI" >> $target/boot/grub2/device.map
+ centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
+ dcount=0
+ for d in $centosdisks; do
+ echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map
+ dcount=$((dcount + 1))
+ done
+fi
+
+bootdev=$(device2grub $BOOT_DEVICE)
+bootpart=$(device2grub $BOOT_PARTITION)
+version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
+
+if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
+ bootdir=''
+else
+ bootdir='/boot'
+fi
+
+mount -o bind /dev $target/dev
+
+if [ -f $target/usr/sbin/grub2-install ]; then
+
+ # CentOS 7
+ $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
+ $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
+else
+
+$ROOTCMD grub-install --just-copy
+
+$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
+ device $bootdev $BOOT_DEVICE
+ root $bootpart
+ setup $bootdev
+ quit
+ EOF
+
+ln -s ./menu.lst $target/boot/grub/grub.conf
+
+if [ -f $target/boot/grub/splash.xpm.gz ]; then
+ pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
+else
+ pretty="color cyan/blue white/blue"
+fi
+
+title=$(head -1 $target/etc/redhat-release)
+
+cat > $target/boot/grub/grub.conf <<-EOF
+ timeout 5
+ default 0
+ $pretty
+ hiddenmenu
+
+ title $title
+ root $bootpart
+ kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
+ initrd $bootdir/initramfs-$version.img
+ EOF
+
+fi
+
+umount $target/dev
+
+echo ""
+echo "Grub installed on $BOOT_DEVICE = $bootdev"
+echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
+echo "Root partition is $ROOT_PARTITION"
+echo "Boot kernel: $version"
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
+
+error=0 ; trap "error=$((error|1))" ERR
+
+cat > $target/etc/sysconfig/clock <<-EOF
+ UTC=$UTC
+ ZONE=$TIMEZONE
+ EOF
+cat > $target/etc/sysconfig/i18n <<-EOF
+ LANG="$DEFAULTLOCALE"
+ SUPPORTED="$SUPPORTEDLOCALE"
+ SYSFONT="$CONSOLEFONT"
+ EOF
+cat > $target/etc/sysconfig/keyboard <<-EOF
+ KEYBOARDTYPE="pc"
+ KEYTABLE="$KEYMAP"
+ EOF
+
+# can not be used, because we still not use systemd in FAI
+# $ROOTCMD localectl set-locale LANG=$DEFAULTLOCALE
+
+cat > $target/etc/locale.conf <<-EOF
+ LANG="$DEFAULTLOCALE"
+ EOF
+if [ -f $target/usr/lib/locale/locale-archive.tmpl \
+ -a ! -s $target/usr/lib/locale/locale-archive ]; then
+ mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
+fi
+
+fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
+
+exit $error
+
--- /dev/null
+#! /bin/bash
+
+error=0 ; trap "error=$((error|1))" ERR
+
+ifcfg_config() {
+
+ cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
+ # generated by FAI
+ TYPE=Ethernet
+ PROXY_METHOD=none
+ BOOTPROTO=dhcp
+ DEFROUTE=yes
+ BROWSER_ONLY=no
+ IP4_FAILURE_FATAL=no
+ IPV6INIT=no
+ IPV6_AUTOCONF=no
+ NAME=$NIC1
+ DEVICE=$NIC1
+ ONBOOT=yes
+ EOF
+}
+
+nm_config() {
+
+ uuid=$(uuidgen)
+
+ cat > $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection << EOF
+
+# generated by FAI
+[connection]
+id=$NIC1
+uuid=$uuid
+type=ethernet
+autoconnect-priority=-999
+interface-name=$NIC1
+
+[ethernet]
+
+[ipv4]
+method=auto
+
+[ipv6]
+addr-gen-mode=eui64
+method=auto
+
+[proxy]
+EOF
+
+ chmod 600 $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection
+}
+
+
+
+# determine predictable network names
+fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
+for field in $fields; do
+ name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
+ if [[ $name ]]; then
+ NIC1=$name
+ break
+ fi
+done
+if [[ ! $name ]]; then
+ echo "$0: error: could not find systemd predictable network name. Using $NIC1."
+fi
+
+if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
+ . $target/etc/os-release
+ major=$(echo ${VERSION_ID} | awk -F '.' '{ print $1 }')
+
+ if [ $major -lt 9 ]; then
+ ifcfg_config
+ else
+ nm_config
+ fi
+fi
+
+fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
+fcopy -ivr /etc/sysconfig/network-scripts
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+error=0 ; trap "error=$((error|1))" ERR
+
+# add a $username user account
+if [ -n "$username" ]; then
+ if ! $ROOTCMD getent passwd $username ; then
+ $ROOTCMD adduser -c "$username user" $username
+ $ROOTCMD usermod -p "$USERPW" $username
+ fi
+fi
+
+# enable graphical login screen, make run level 5 as default
+if [ -f $target/usr/sbin/gdm ]; then
+ fai-sed 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab
+ # do not run this tool
+ echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
+fi
+
+exit $error
+
--- /dev/null
+#! /bin/bash
+
+$ROOTCMD yum clean all
# Subroutines for automatic tests
#
-# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de
+# Copyright (C) 2009 Thomas Lange, lange@cs.uni-koeln.de
# Based on the first version by Sebastian Hetze, 08/2008
package FAITEST;
#!/bin/bash
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
-source "${script_dir}/bash-trace"
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-Usage: ${0##*/}
+ cat <<'EOF'
+Usage: faiserver-disable
Disable the fai nfs server exports
EOF
exit $1
-faiserver_addr=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
+faiserver_addr=$(host faiserver.b8.nz | sed -rn 's/^\S+ has address //p;T;q' ||:)
if ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
echo "$0: disabling fai nfs exports or apache site"
./faiserver-disable-local
else
- echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site"
- ssh root@$(chost faiserver) bash <faiserver-disable-local
+ echo "$0: sshing to $(chost faiserver.b8.nz) to disable fai nfs exports or apache site"
+ ssh root@$(chost faiserver.b8.nz) bash <faiserver-disable-local
fi
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e; . /usr/local/lib/bash-bear; set +e
usage() {
cat <<EOF
-usage: ${0##*/} [-h|--help]
+usage: this-script [-h|--help]
Create a vm which is a fai server.
This assumes you've set the dhcp server to make 52:54:00:56:09:f9 be
exit $1
}
case $1 in
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
+ *) usage 1 ;;
esac
err-cleanup() { pxe-server :; }
sleep $((60*6)) # takes like 10x as long as a fai install!
opts="-oStrictHostKeyChecking=false -oUserKnownHostsFile=/dev/null"
-while ! scp $opts faiserver-setup root@faiserver:; do
+while ! scp $opts faiserver-setup root@faiserver.b8.nz:; do
sleep 5
done
err-cleanup() { :; }
./pxe-server
-ssh $opts root@faiserver ./faiserver-setup
+ssh $opts root@faiserver.b8.nz ./faiserver-setup
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+set -e; . /usr/local/lib/bash-bear; set +e
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
usage() {
cat <<'EOF'
-usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]
+usage: faiserver-setup [-h|--help] [BASE_CODENAME] [ARCH]
install fai-server on the current machine
Initial setup of a fai server. works on localhost. Set's the current ip
point to whatever host this is run on.
Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding
-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and it must have been
generated around the same time as the nfsroot, at least so it has the
same kernel version.
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
esac
-e() { echo "+ $@"; "$@"; }
+e() { echo "+ $*"; "$@"; }
base=${1:-bookworm}
exit 1
fi
-basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.gz)
+basefile=$BASEFILE_DIR/${base^^}${arch^^}.tar.zst
sed="sed -ri --follow-symlinks"
if [[ ! -e $basefile ]]; then
# fai on ubuntu only has official support using the universe repo, but newer
# tends to have less bugs.
-wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+wget -O - https://fai-project.org/download/fai-project.gpg | sudo dd of=/etc/apt/trusted.gpg.d/fai-project.gpg
update=false
case $base in
NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
- # test if our copy of setup_tftp has changed in fai-make-nfsroot,
- # and if not, run it.
+ # setup_tftp is copied from fai-make-nfsroot,
+ # todo: need to check for an update, and we had an unused variable in ours: $v
setup_tftp(){
# tftp environment
echo "$0: error: No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
exit 1
fi
- cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
+ cp -p $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
cp -u $pxebin $TFTPROOT
if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
fi
- if [ X$verbose = X1 ]; then
- echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
- fi
}
- diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
-type setup_tftp
-EOF
- )
e setup_tftp
# -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
tee -a /var/log/fai/variables <<'EOF'
LOGUSER=fai
FAI_CONFIGDIR=/srv/fai/config
-FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
+FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config
EOF
# make the faiserver also the apt proxy server
# apt-get -y install apt-cacher-ng
keyscan_arg="-p 8989"
fi
key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
-for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
+for ip in faiserver.b8.nz $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
# the logsave prompted because the hostname faiserver was uknown.
# Here it was faiserver.lan when running from a faiserver vm.
# When running from a normal host with faiserver alias, it was the normal hosts name.
-$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts
# ditch the logo banner up top which screws with less.
touch /srv/fai/nfsroot/.nocolorlogo
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help]
+ cat <<'EOF'
+usage: this-script [-h|--help]
uninstall fai-server
EOF
exit $1
}
case $1 in
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
+ *) usage 1 ;;
esac
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+set -e; . /usr/local/lib/bash-bear; set +e
usage() {
cat <<EOF
# args are copied from myfai-chboot-local.
# Note, for a real cd or usb flash, if it is the default boot device, we would need to remove the disk
# after install is done very quickly, or else remove the reboot arg here
-menuentry "FAI server via dns" {
+menuentry "FAI server via dns to faiserver.b8.nz" {
set gfxpayload=$resolution
search --set=root --file /FAI-CD
- linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt,reboot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config root=/dev/nfs nfsroot=faiserver:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
+ linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt,reboot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config root=/dev/nfs nfsroot=faiserver.b8.nz:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
initrd /boot/initrd.img
}
menuentry "FAI server via dns, no reboot" {
set gfxpayload=$resolution
search --set=root --file /FAI-CD
- linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config root=/dev/nfs nfsroot=faiserver:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
+ linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config root=/dev/nfs nfsroot=faiserver.b8.nz:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
initrd /boot/initrd.img
}
+menuentry "FAI server via 192.168.122.1, no reboot" {
+ set gfxpayload=$resolution
+ search --set=root --file /FAI-CD
+ linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://192.168.122.1/srv/fai/config root=/dev/nfs nfsroot=192.168.122.1:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
+ initrd /boot/initrd.img
+}
+
+
# ro,noatime,vers=3,rsize=1048576,wsize=same,namelen=255,hard,nolock,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.2.0.2,nountvers=3,mountport=49179,mountproto=udp,lock_lock=all,addr=10.2.0.2
menuentry "Autodiscover the FAI server" {
search --set=root --file /FAI-CD
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+set -e; . /usr/local/lib/bash-bear; set +e
usage() {
- cat <<EOF
-Usage: ${0##*/} [-h|--help]
+ cat <<'EOF'
+Usage: isntall-chboot [-h|--help]
reinstall chboot to /boot subvols, for chboot updates.
We install to /boot in case there is an issue booting and only the /boot
vol is readily available. For the bootstrap subvol, this is the normal
case.
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
e mount -o subvolid=0 $boot_dev $mount_point
shopt -s nullglob
-for dir in $mount_point/*; do
+for dir in "$mount_point"/*; do
btrfs subvol show $dir &>/dev/null || continue
if [[ -e $dir/boot ]]; then
dir=$dir/boot
fi
- e install -m 755 -o root -g root bash-trace $dir
e install -m 755 -o root -g root chboot $dir
done
e umount $mount_point
# I don't know whats going on, but just running the same
# command again once it finishes works, and this is only
# rarely used and done manually anyways, so whatever.
-pxe-kexec -n --ignore-whitelist -l fai-generated faiserver
+pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+PATH="$this_dir:$PATH" # directory of this file
usage() {
cat <<EOF
exit $1
}
-read distver <<<"$@"
+read -r distver <<<"$@"
if [[ $# != 1 ]]; then
echo "$0: error: expected one argument"
# config umount required after a failed run, proc umount always required
umount /var/lib/fai/config ||: ; umount -R $t/proc ||:
-fai-redep faiserver $distro
+fai-redep faiserver.b8.nz $distro
echo "echo $classes" > /srv/fai/config/class/51-multi-boot
rm -rf $t; mkdir -p $t
+# shellcheck disable=SC1007 # intentional
LANG= fai -N -u hostname_does_not_matter dirinstall $t
# Turn a dirinstall into a basefile. taken from mk-basefile
$t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
$t/etc/udev/rules.d/70-persistent-net.rules
echo | dd of=$t/etc/machine-id
-tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst
cleanup
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-usage: ${0##*/} [OPTIONS] [HOSTNAME|IP|default]
+ cat <<'EOF'
+usage: myfai-chboot [OPTIONS] [HOSTNAME|IP|default]
-Sets up tftp pxe config and nfs server on host "faiserver".
+Sets up tftp pxe config and nfs server on host "faiserver.b8.nz".
If our kernel has no nfs support, uses apache intead of nfs, and depends
on another repo of Ian Kelling, basic-https-conf, where the file is at
/a/exe/web-conf.
-Usng this, you can boot into fai with pxe-kexec without changing
-the dhcp server.
+Using this, you can boot into fai with pxe-kexec without changing the
+dhcp server. Note, if you are booting using fai-cd, the pxe config does
+nothing, and only flags affecting FAI_ACTION will have any affect. You
+can change the fai flags in the grub config, for example in
+./grub.cfg.autodiscover, or at runtime by editing a grub menu option.
+We could probably also set FAI_FLAGS the same way we set FAI_ACTION,
+but I haven't tried it.
-Argument sets the host to enable it for. No argument disables pxe
-config for all hosts, but leaves nfs server alone. Use faiserver-disable
-to disable the nfs server.
+HOSTNAME|IP|default Sets the host to enable it for. No argument
+ disables pxe config for all hosts, but leaves nfs
+ server alone. Use faiserver-disable to disable the
+ nfs server.
-S sets FAI_ACTION=sysinfo, and remove fai flag reboot.
Usefull for doing a system recovery. It reboots automatically anyways :(
-k Add serial port output for kgped16
-i sets FAI_ACTION=inventory and remove fai flag reboot.
I'm not sure what this is usefull for.
+-b Setup bonded ethernet.
+--no-r Tell fai-chboot not to reboot when its done. This is implied by -i and -S.
-h|--help Print help and exit.
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
esac
-faiserver_addr=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
-host=$(./chost faiserver)
+faiserver_addr=$(host faiserver.b8.nz | sed -rn 's/^\S+ has address //p;T;q' ||:)
+host=$(./chost faiserver.b8.nz)
if ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
./myfai-chboot-local "$@"
else
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# note, this script gets piped to bash, so cant cd to current dir
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+set -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+ cat <<EOF
+Usage: call from myfai-chboot, see its help
+
+# note, this script gets piped to bash, so cant cd to current dir
+
+-h|--help Print help and exit.
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+ exit $1
+}
+
+
kgped16=false
bond=false
fai_action=install
fai_reboot_arg=,reboot
-while [[ $1 == -* ]]; do
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help,no-r hSi "$@") || usage 1
+eval set -- "$temp"
+while true; do
case $1 in
- -h|--help)
- echo "see help from myfai-chboot"
- exit 0
- ;;
-S)
fai_action=sysinfo
fai_reboot_arg=
- shift
;;
-i) #inventory
fai_action=inventory
fai_reboot_arg=
- shift
;;
-k)
kgped16=true
- shift
;;
-b)
bond=true
- shift
;;
--no-r)
fai_reboot_arg=
- shift
;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
+ shift
done
-
-pre="${0##*/}:"
-m() { printf "$pre %s\n" "$*"; "$@"; }
-e() { printf "$pre %s\n" "$*"; }
-err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
-
-host=$1
+read -r host <<<"$@"
+readonly host
rm -f /srv/tftp/fai/pxelinux.cfg/*
fi
if modprobe nfsd &>/dev/null; then
- std_arg="-u nfs://faiserver/srv/fai/config"
+ std_arg="-u nfs://faiserver.b8.nz/srv/fai/config"
# nfsv4 wont do rw with overlayfs yet
# https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
fi
systemctl start nfs-server # assumes recent os
else
- std_arg="-u http://faiserver:8080/config.tar.gz"
- root_arg="live:http://faiserver:8080/squash.img"
- /a/exe/web-conf -i -p 8080 - apache2 faiserver <<EOF
+ std_arg="-u http://faiserver.b8.nz:8080/config.tar.gz"
+ root_arg="live:http://faiserver.b8.nz:8080/squash.img"
+ /a/exe/web-conf -i -p 8080 - apache2 faiserver.b8.nz <<EOF
<Location />
Deny from all
Allow from $ip
default_k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
-# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
+# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install
# https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
# currently on needed on d16 samsung 870 qvo, but better to have this
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-script_dir="${x%/*}"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-Usage: ${0##*/} [-h|--help] [mk-basefile_args]
+ cat <<'EOF'
+Usage: mymk-basefile [-h|--help] [mk-basefile_args]
Wrap fai's mk-basefile so output dir is $BASEFILE_DIR if it exists.
And fix things for trisquel. mk-basefile has a trisquel mirror added.
Usage of mk-basefile:
EOF
- $script_dir/fai/config/basefiles/mk-basefile -h
- exit $1
+ $this_dir/fai/config/basefiles/mk-basefile -h
+ exit 0
}
case $1 in
if awk '$2 == "/tmp" && $4 ~ /nodev/' /proc/mounts | grep -q . || [[ $? == 141 ]]; then
$s mount -o remount,dev /tmp
fi
-$s $script_dir/fai/config/basefiles/mk-basefile "$@"
+$s $this_dir/fai/config/basefiles/mk-basefile "$@"
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
PATH="$PATH:$PWD"
if $fsf_office; then
if [[ ! $cmd ]]; then
e "removing pxe for $host on tarantula"
+ # shellcheck disable=SC2087 # shellcheck being dumb
ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
EOF
elif [[ $cmd == fai ]]; then
e "adding pxe for $host on tarantula"
+ # shellcheck disable=SC2087 # shellcheck being dumb
ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help] [HOST/IP] [wrt-setup-local_ARGS]
+ cat <<'EOF'
+usage: wrt-setup [-h|--help] [HOST/IP] [wrt-setup-local_ARGS]
setup my router in general: dhcp, dns, etc.
Default HOST is 10.0.0.1 or 10.2.0.1 if they are the gateway, otherwise
opkg install /root/bash_5.0-3_mips_24kc.ipk
EOF
wrt-setup-local -h
- exit $1
+ exit 0
}
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-f=/usr/local/lib/bash-bear;test -r $f || { echo "error: $0 no $f" >&2;exit 1;}; . $f
+set -e; . /usr/local/lib/bash-bear; set +e
+
usage() {
cat <<EOF
lanip=1
while getopts hm:t:yz opt; do
case $opt in
- h) usage ;;
+ h) usage 0 ;;
t)
case $2 in
2|3)
secrets=false
if [[ -e /root/router-secrets ]]; then
secrets=true
+ # shellcheck source=/p/router-secrets
source /root/router-secrets
fi
# doesn't go into the firmware. build new firmware if you want
# lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
f=(/var/opkg-lists/*)
- if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
+ if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
pmirror
fi
done
- if [[ $to_install ]]; then
+ if (( ${#to_install[@]} >= 1 )); then
opkg install ${to_install[@]}
fi
}
if $secrets; then
key=${rkey[$h]}
fi
-: ${key:=pictionary49}
+: "${key:=pictionary49}"
mask=255.255.0.0
cidr=16
# option config /etc/openvpn/client.conf
# EOF
-wgip4=10.3.0.1/24
-wgip6=fdfd::1/64
+
wgport=26000
network_restart=false
v /etc/init.d/network reload
fi
-firewall-cedit() {
- if $client; then
- cedit wific /etc/config/firewall <<EOF
+### begin firewall edits ###
+if $client; then
+ cedit wific /etc/config/firewall <<EOF || firewall_restart=true
config zone
option name wwan
option input REJECT
option mtu_fix 1
option network wwan
EOF
- fi
+fi
- case $hostname in
- wrt)
- cedit host /etc/config/firewall <<EOF
+case $hostname in
+ wrt)
+ cedit host /etc/config/firewall <<EOF || firewall_restart=true
config redirect
option name ssh
option src wan
option dest_ip $l.3
option dest lan
EOF
- ;;
- cmc)
- cedit host /etc/config/firewall <<EOF
+ ;;
+ cmc)
+ cedit host /etc/config/firewall <<EOF || firewall_restart=true
config redirect
option name ssh
option src wan
option dest_ip $l.2
option dest lan
EOF
- ;;
- esac
+ ;;
+esac
-
- cedit /etc/config/firewall <<EOF
+{
+ /root/cmc-firewall-data
+ cat <<EOF
## begin no external dns for ziva
config rule
option src lan
option target ACCEPT
option dest_port 9091
-config redirect
- option name sshkd
- option src wan
- option src_dport 2202
- option dest_port 22
- option dest_ip $l.2
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2202
-
# was working on an openvpn server, didn't finish
# config redirect
# option name vpnkd
option dest_port 8989
-config redirect
- option name sshx2
- option src wan
- option src_dport 2205
- option dest_port 22
- option dest_ip $l.5
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2205
-
-config redirect
- option name sshx3
- option src wan
- option src_dport 2207
- option dest_port 22
- option dest_ip $l.7
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2207
-
-config redirect
- option name sshbb8
- option src wan
- option src_dport 2209
- option dest_port 22
- option dest_ip $l.32
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2209
-
-
-config redirect
- option name sshfrodo
- option src wan
- option src_dport 2234
- option dest_port 34
- option dest_ip $l.34
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2234
-
config redirect
option name icecast
option target ACCEPT
option dest_port 4533
-# So a client can just have i.b8.nz dns even when they
+# So a client can just have b8.nz dns even when they
# are on the lan.
#config redirect
# option name navidromelan
option family ipv6
EOF
-}
-firewall-cedit || firewall_restart=true
+} | cedit /etc/config/firewall || firewall_restart=true
+### end firewall edits ###
+
# firewall comment:
# not using and in newer wrt, fails, probably due to nonexistent file, error output
# order to be comprehensive
- cedit /etc/unbound/unbound_ext.conf <<EOF || unbound_restart=true
-$(. /root/ptr-data)
+ {
+ /root/ptr-data
+ cat <<EOF
local-data-ptr: "10.2.0.1 cmc.b8.nz"
# try global if no match in view
view-first: yes
EOF
+ } | cedit /etc/unbound/unbound_ext.conf || unbound_restart=true
if $unbound_restart; then
# so make sure we have this dir or else dnsmasq will fail
# to start.
mkdir -p /mnt/usb/tftpboot
-cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+{
+ # generated with host-info-update
+ /root/dnsmasq-data
+ cat <<EOF
# no dns
port=0
server=/b8.nz/#
ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
-# generated with host-info-update
-$(. /root/dnsmasq-data)
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
# for debugging dhcp
#log-queries=extra
EOF
+} | cedit /etc/dnsmasq.conf || dnsmasq_restart=true
+
if $dnsmasq_restart && ! $dev2 && ! $ap; then