cat <<'EOF'
Example of calling outside of FAI:
+/a/bin/fai/fai/config/hooks/partition.DEFAULT
+HOSTNAME=kd DISTRO=ecne /a/bin/fai/fai/config/hooks/partition.DEFAULT -s /dev/sdk -m
-/a/bin/fai/fai/config/hooks/partition.DEFAULT
Example use in a bootstrap distro:
scp /b/fai/fai-wrapper /a/bin/fai/fai/config/{distro-install-common/devbyid,hooks/partition.DEFAULT} root@HOST:
-c DISK_COUNT Meant for use with -s, the count of disks for doing swap size calculation.
-d Create data partition instead of root partition. Meant for use with -s.
+ It creates a single lvm pv/vg/lv called "data".
-m Create root/data partition with maximum size instead of the 1tb limit. Meant for use with -s.
-s SPECIAL_DISK For use outside of fai. A base disk name like
/dev/sdk. If set, we just cryptsetup and partition this one disk then
-exit. It creates a single lvm pv/vg/lv called "data". If this is
-partitioning intended to go into a root filesystem, you can modify the
-script to change that, or run commands manually afterwards. This also
-sets REPARTITION.
+exit. This also sets REPARTITION.
ARGS (only 0 or 1 is valid). All args are for use outside of fai.
HOSTNAME: if demohost, we set the luks password to just
'x'. Used in various other ways too.
-DISTRO: if not set, derived from VOL_... variable in a switch.
+DISTRO: Distro release codename. if not set, derived from VOL_... variable in a switch.
Required except for mkroot2, mkroot2tab, or SPECIAL_DISK.
classes:
if ! type -t ifclass &>/dev/null; then
- echo "$0: error: install ifclass" >&2
- exit 1
+ /b/fai/faiserver-setup --pi-only
+ type -t ifclass >/dev/null
fi
}
mktab() {
- fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"
+ fstabstd="x-systemd.device-timeout=300s,x-systemd.mount-timeout=300s"
mkdir -p /tmp/fai
dev=${boot_devs[0]}
if $data_part; then
vg=${vgs[0]}
cat >/tmp/fai/crypttab <<EOF
-crypt-$vg-data /dev/$vg/data /mnt/root/q/root/luks/iank discard,luks
+crypt-$vg-data /dev/$vg/data /mnt/root/q/root/luks/iank nofail,discard,luks
EOF
cat >/tmp/fai/fstab <<EOF
/dev/mapper/crypt-$vg-data /mnt/dataTBD btrfs nofail,$fstabstd,noatime,subvolid=0$mopts 0 0
if ! fsf; then
cat >>/tmp/fai/crypttab <<EOF
crypt-$vg-root /dev/$vg/root none keyscript=/root/keyscript,discard,luks,initramfs
-crypt-$vg-swap /dev/$vg/swap /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
+crypt-$vg-swap /dev/$vg/swap /dev/urandom nofail,swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
if ! $skip_o; then
cat >>/tmp/fai/crypttab <<EOF
-crypt-$vg-o /dev/$vg/o none keyscript=/root/keyscript,discard,luks,initramfs
+crypt-$vg-o /dev/$vg/o none nofail,keyscript=/root/keyscript,discard,luks,initramfs
EOF
fi
fi
luks-setup /dev/$vg/root2 crypt-$vg-root2
fi
cat >>/mnt/root/root2-crypttab <<EOF
-crypt-$vg-root2 /dev/$vg/root2 $luks_file discard,luks,initramfs
+crypt-$vg-root2 /dev/$vg/root2 $luks_file nofail,discard,luks,initramfs
EOF
done
if $mkroot2; then
fi
mkdir -p /mnt/root2 /mnt/boot2
cat >>/mnt/root/root2-fstab <<EOF
-${root2_devs[0]} /mnt/root2 btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvolid=0$mopts 0 0
-${boot2_devs[0]} /mnt/boot2 btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvolid=0 0 0
+${root2_devs[0]} /mnt/root2 btrfs nofail,x-systemd.device-timeout=300s,x-systemd.mount-timeout=300s,noatime,subvolid=0$mopts 0 0
+${boot2_devs[0]} /mnt/boot2 btrfs nofail,x-systemd.device-timeout=300s,x-systemd.mount-timeout=300s,noatime,subvolid=0 0 0
EOF
exit 0
}
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
+base=bookworm
usage() {
cat <<'EOF'
-usage: faiserver-setup [-h|--help] [BASE_CODENAME] [ARCH]
+usage: faiserver-setup [-h|--help] [ARCH]
install fai-server on the current machine
Initial setup of a fai server. works on localhost. Set's the current ip
work. Separate from running this, faiserver needs to be setup in dns to
point to whatever host this is run on.
-Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding
-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and it must have been
-generated around the same time as the nfsroot, at least so it has the
-same kernel version.
+We install based on $base. In theory, we could use an older release, I had
+conditionals for this but decided it was a waste of time. Default ARCH
+is 64. The script expects corresponding
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and
+it must have been generated around the same time as the nfsroot, at
+least so it has the same kernel version.
for copying and running this on a remote server,
scp -tPrl fai SERVER:
EOF
exit 0
}
-case $1 in
- -h|--help) usage ;;
-esac
+pi_only=false
+while [[ $1 == -* ]]; do
+ case $1 in
+ --pi-only)
+ pi_only=true
+ shift
+ ;;
+ -h|--help) usage ;;
+ *) exit 1 ;;
+ esac
+done
e() { echo "+ $*"; "$@"; }
+armhf() {
+ [[ $(dpkg --print-architecture) == armhf ]]
+}
-base=${1:-bookworm}
-arch=${2:-64}
-if [[ $base == [[:upper:]] ]]; then
- echo $0: error: use lowercase base
- exit 1
-fi
+arch=${1:-64}
basefile=$BASEFILE_DIR/${base^^}${arch^^}.tar.zst
sed="sed -ri --follow-symlinks"
apt-get install -y wget
fi
-armhf() {
- [[ $(dpkg --print-architecture) == armhf ]]
-}
# fai on ubuntu only has official support using the universe repo, but newer
# tends to have less bugs.
wget -O - https://fai-project.org/download/fai-project.gpg | sudo dd of=/etc/apt/trusted.gpg.d/fai-project.gpg
update=false
-case $base in
- stretch|buster|bullseye|bookworm)
- if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
- update=true
- fi
- cat >/etc/apt/sources.list.d/fai.list <<EOF
+if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
+ update=true
+fi
+cat >/etc/apt/sources.list.d/fai.list <<EOF
deb https://fai-project.org/download $base koeln
EOF
- ;;
- *)
- echo "$0: error: script needs updating for new base" >&2
- exit 1
- ;;
-esac
f=/var/cache/apt/pkgcache.bin;
if [[ -r $f ]]; then
apt-get update
fi
+
# Relevant packages from fai-quickstart depends and fai-server recommends.
# I especially do not wait isc-dhcp-server or an inetd. Also excludes
# nfs-kernel-server. On an android chroot, we don\'t have nfs in the
# fai-client is already a fai-server dependency, but make sure it gets upgraded
e apt-get install --no-install-recommends -y -o Dpkg::Options::=--no-force-confdef -o Dpkg::Options::=--force-confnew fai-server fai-client
+if $pi_only; then
+ exit 0
+fi
+
+
r=http://http.us.debian.org/debian
# like default, but scrap httpredir, and nonfree.
# All my systems should be able to get along without nonfree
deb $r $base main contrib
EOF
-### begin setup security repo ###
-case $base in
- stretch|buster)
- cat >>/etc/fai/apt/sources.list <<EOF
-deb http://security.debian.org/debian-security $base/updates main contrib
-EOF
- ;;
- *)
- # new naming convention
- cat >>/etc/fai/apt/sources.list <<EOF
+cat >>/etc/fai/apt/sources.list <<EOF
deb http://security.debian.org/debian-security $base-security main contrib
EOF
-esac
-### end setup security repo ###
cat >>/etc/fai/apt/sources.list <<EOF
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
-key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
+key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*")
for ip in faiserver.b8.nz $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
iankelling.org / git / automated-distro-installer / commitdiff