fai-redep # Deploy fai configuration to host "faiserver"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
-myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
+myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
wrt-setup # setup my router in general: dhcp, dns, etc.
solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
+## Weird package dependency errors
+
+for example: in fai.log, within instsoft.DEBIAN
+```
+The following packages have unmet dependencies:
+ libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed
+```
+
+In this case, it was because the basefile was missing, and so instead
+fai decided to use the wrong basefile.
+
+for example: in fai.log, within instsoft.DEBIAN
+
+```
+ftar: No matching class found in /var/lib/fai/config/basefiles//
+ftar: extracting /var/tmp/base.tar.zst to /target/
+```
+
# What good logs look like:
logging nfs traffic from server
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv
+m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
# todo: automatically disable faiserver after a period so
# these files are not available.
rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
fi
+rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common
+
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
BASEFILE_DIR=/tmp
fi
isopath=$BASEFILE_DIR/$iso
- isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
+ isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst
if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
exit 0
fi
$ROOTCMD usermod -aG sudo iank
fi
+mkdir -p $target/etc/sudoers.d
cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
Defaults timestamp_timeout=1440
# used in bashrc
-#!/bin/bash -x
+#!/bin/bash
# This file is part of Ian Kelling's automated-distro-installer
# Copyright (C) 2024 Ian Kelling
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-tmpdir=$(mktemp -d) || exit
-trap 'cd; rm -rf "$tmpdir"' EXIT
-cd $tmpdir
+set -x
+
+prereqs=()
+for p in wget curl; do
+ if ! type -p $p &>/dev/null; then
+ prereqs+=($p)
+ fi
+done
+if (( ${#prereqs[@]} >= 1 )); then
+ apt-get -y install ${prereqs[@]}
+fi
+
+
+tmpdir=$($ROOTCMD mktemp -d) || exit
+outertmp=$target/$tmpdir
+trap 'cd; rm -rf "$outertmp"' EXIT
+cd $outertmp
# update stable_ver when we are ready to jump to a new stable kernel.
# Stable kernels are listed here: https://www.kernel.org/category/releases.html
stable_ver='6\.6'
+# Actually, I dont want stable right now. comment this out to get stable
+# version.
+stable_ver='[1-9]'
va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
urls=()
for p in ${pkgs[@]}; do
- if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
fi
done
if (( ${#urls[@]} >= 1 )); then
- wget "${urls[@]}"
- dpkg -i ./*.deb
+ wget -nv "${urls[@]}"
+ $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}
fi
# so use fixed sizes to allow both to grow
# 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
#root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
- o_mib=$(( 120 * 1000 ))
+ o_mib=$(( 180 * 1000 ))
# max minus o, minus a gig just for some extra space
max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
- root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb.
+ root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
if (( max_root_mib < root_mib )); then
root_mib=$max_root_mib
fi
#! /bin/bash
+# mk-basefile doesn't use the -updates suite, then we unpack it, then we
+# install sources.list that has -updates and we install random
+# packages. It might avoid a problem if we a dist-upgrade first.
+
+$ROOTCMD apt-get update
+$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
+
# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
# changed. There is a /var/lib/dpkg/info/locales.config file, which
# hook applies the debconf setting. It must run after FAI's debconf task
# but before dpkg gets a chance to clobber debconf with an empty setting.
+
if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
- $ROOTCMD debconf --owner=locales sh -c '
+ $ROOTCMD debconf --owner=locales sh -c '
. /usr/share/debconf/confmodule
db_version 2.0
db_get locales/locales_to_be_generated &&
--- /dev/null
+ARAMO.gpg
\ No newline at end of file
openssh-client
pciutils
perl
-# ian: newer distros dont have python, it gets naturally removed
-python
-python-minimal
python3
python3-minimal
reportbug
openssh-client openssh-server
time
procinfo
-locales
console-setup kbd
pciutils usbutils
unattended-upgrades
cryptsetup-initramfs
# for btrbk
zstd
+# for detecting wireless
+iw
# iank, copied from DEBIAN so it goes into ubuntu too
PACKAGES install GRUB_PC
--- /dev/null
+ian: Ya, for each trisquel release, we need a new key symlink link, or
+new file if the key has changed.
exit 1
fi
+m() { printf "%s\n" "$*"; "$@"; }
+
+
fcopy -riB /root
+# in bullseye, installing systemd-resolved says: Converting
+# /etc/resolv.conf to a symlink to
+# /run/systemd/resolve/stub-resolv.conf... which breaks
+# resolution. This happens to be the first script we install a package
+# after that. This should do nothing in a fai-wrapper situation.
+if [[ ! -s $target/etc/resolv.conf ]]; then
+ m ls -la $target/etc/resolv.conf ||:
+ # Keep the symlink in place, systemd-resolved should change the file
+ # when it runs.
+ mkdir -p $target/run/systemd/resolve
+ if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then
+ echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2
+ exit 1
+ fi
+ cat /etc/resolv.conf >$target/etc/resolv.conf
+fi
+
+
#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
-set -x
+set -xe
if getent group systemd-journal >/dev/null; then
# makes the journal be saved to disk.
mkdir -p /var/log/journal
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF
-apt-get install -y pxe-kexec
+
+# This used to be pxe-kexec. For some reason pxe-kexec is not in
+# bookworm. kexec-tools is
+# something pxe-kexec depended on and might be useful.
+# todo: figure out why and get it installed.
+apt-get install -y kexec-tools
# this is usefull. Only thing reason I see this being disabled by default is
# that a non-root user can disrupt the system, eg cause a reboot.
sudo apt-get -y install fai-client
fi
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
- chroot() {
- shift
- "$@"
- }
-fi
-
-if [[ $FAI_ROOT == / ]]; then
- source /a/bin/bash_unpublished/source-state
- bprogs_dir=/a/opt/btrfs-progs-release
-else
- bprogs_dir=/srv/btrfs-progs-release
- chroot="chroot $FAI_ROOT"
-fi
-
# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
mount -o bind $src $dst
fi
+
+
$FAI/distro-install-common/end
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
-$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riB /etc/apt
tmpfile2=$(mktemp)
-$chroot /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
- $chroot /usr/bin/apt update
+ $ROOTCMD /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
#### misc configurations
-
if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
if ifclass LINODE; then
speed=19200
WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
EOF
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable myncq.service
/usr/bin/myncq no-upgrub
EOFOUTER
fi
# use networkmanager if this host has wireless.
-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
- $chroot bash <<EOF
+if [[ $(iw dev) ]]; then
+ $ROOTCMD bash -xe <<EOF
apt-get -y install network-manager
EOF
fi
-case $HOSTNAME in
- sy)
- $FAI/distro-install-common/install-stable-kernel-debs
- ;;
- *)
- $chroot apt-get -y install linux-libre
- ;;
-esac
-
-pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
-tarball=$(curl -s $pre/sha256sums.asc \
- | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
-url="$pre/$tarball"
-dir=${tarball%.tar.gz}
-ver=${dir#btrfs-progs-}
-cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
-if [[ $ver != "$cur_ver" ]]; then
- if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
- rm -rf $bprogs_dir
- cd /tmp
- wget $url
- sudo -u iank tar xzf $tarball
- mv ${tarball%.tar.gz} $bprogs_dir
- cd $bprogs_dir
- apt-get -y build-dep btrfs-progs
- sudo -u iank ./configure --disable-documentation
- sudo -u iank make
- make install
- else
- $chroot bash -xe <<EOF
-cd $bprogs_dir
-make install
-EOF
- fi
-fi
-
if ifclass LINODE; then
mkdir -p $target/etc/initramfs-tools/conf.d
cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
fcopy /etc/systemd/system/faicheck.service
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable faicheck.service
EOFOUTER
exit 0 # avoid unnecessary stuff in bootstrap vol
## misc settings
-$chroot bash <<'EOFOUTER'
+$ROOTCMD bash <<'EOFOUTER'
#### begin .ssh setup ###
set -x
set -eE -o pipefail
for g in plugdev audio video cdrom; do
$ROOTCMD usermod -a -G $g user2
done
+
+
+## begin get new kernel and btrfs-progs ##
+case $HOSTNAME in
+ sy|so)
+ $FAI/distro-install-common/install-stable-kernel-debs
+ ;;
+ *)
+ $ROOTCMD apt-get -y install linux-libre
+ ;;
+esac
+
+pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
+tarball=$(curl -s $pre/sha256sums.asc \
+ | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
+url="$pre/$tarball"
+dir=${tarball%.tar.gz}
+ver=${dir#btrfs-progs-}
+cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+ bp_dir=/a/opt/btrfs-progs-release
+else
+ bp_dir=$FAI/distro-install-common/btrfs-progs-release
+fi
+if [[ $ver != "$cur_ver" ]]; then
+ if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+ cd $target/tmp
+ wget $url
+ tar xzf $tarball
+ $ROOTCMD apt-get -y build-dep btrfs-progs
+ # no docs cuz I didn't want to bother fixing error of missing docs dependencies
+ $ROOTCMD bash -xe <<EOF
+cd /tmp/${tarball%.tar.gz}
+./configure --disable-documentation
+make
+make install
+EOF
+ # If our desktop is HOST2, will we btrbk this latest bprogs to other
+ # machines.
+ if [[ -s /a/bin/bash_unpublished/source-state ]]; then
+ source /a/bin/bash_unpublished/source-state
+ fi
+ if [[ $HOST2 == "$HOSTNAME" && $FAI_ROOT != / ]]; then
+ rm -rf $bp_dir
+ chown -R iank:iank $target/tmp/${tarball%.tar.gz}
+ mv $target/tmp/${tarball%.tar.gz} $bp_dir
+ fi
+ else
+ if ! $ROOTCMD dpkg -s -- build-essential 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ $ROOTCMD apt-get -y install build-essential
+ fi
+
+ if [[ $FAI_ROOT == / ]]; then
+ cd /a/opt/btrfs-progs-release
+ make install
+ else
+ mkdir -p $target/tmp/bprogs
+ mount -o bind $bp_dir $target/tmp/bprogs
+ $ROOTCMD bash -xe <<EOF
+cd /tmp/bprogs
+make install
+EOF
+ fi
+ fi
+fi
+## end get new kernel and btrfs-progs ##
point to whatever host this is run on.
Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding
-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and it must have been
generated around the same time as the nfsroot, at least so it has the
same kernel version.
exit 1
fi
-basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.gz)
+basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.zst)
sed="sed -ri --follow-symlinks"
if [[ ! -e $basefile ]]; then
# fai on ubuntu only has official support using the universe repo, but newer
# tends to have less bugs.
-wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+wget -O - https://fai-project.org/download/fai-project.gpg | sudo dd of=/etc/apt/trusted.gpg.d/fai-project.gpg
update=false
case $base in
$t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
$t/etc/udev/rules.d/70-persistent-net.rules
echo | dd of=$t/etc/machine-id
-tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst
cleanup
on another repo of Ian Kelling, basic-https-conf, where the file is at
/a/exe/web-conf.
-Usng this, you can boot into fai with pxe-kexec without changing
-the dhcp server.
+Using this, you can boot into fai with pxe-kexec without changing the
+dhcp server. Note, if you are booting using fai-cd, the pxe config does
+nothing, and only flags affecting FAI_ACTION will have any affect. You
+can change the fai flags in the grub config, for example in
+./grub.cfg.autodiscover, or at runtime by editing a grub menu option.
+We could probably also set FAI_FLAGS the same way we set FAI_ACTION,
+but I haven't tried it.
-Argument sets the host to enable it for. No argument disables pxe
-config for all hosts, but leaves nfs server alone. Use faiserver-disable
-to disable the nfs server.
+HOSTNAME|IP|default Sets the host to enable it for. No argument
+ disables pxe config for all hosts, but leaves nfs
+ server alone. Use faiserver-disable to disable the
+ nfs server.
-S sets FAI_ACTION=sysinfo, and remove fai flag reboot.
Usefull for doing a system recovery. It reboots automatically anyways :(
-k Add serial port output for kgped16
-i sets FAI_ACTION=inventory and remove fai flag reboot.
I'm not sure what this is usefull for.
+-b Setup bonded ethernet.
+--no-r Tell fai-chboot not to reboot when its done. This is implied by -i and -S.
-h|--help Print help and exit.
EOF
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# note, this script gets piped to bash, so cant cd to current dir
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+set -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+ cat <<EOF
+Usage: call from myfai-chboot, see its help
+
+# note, this script gets piped to bash, so cant cd to current dir
+
+-h|--help Print help and exit.
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+ exit $1
+}
+
+
kgped16=false
bond=false
fai_action=install
fai_reboot_arg=,reboot
-while [[ $1 == -* ]]; do
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help,no-r hSi "$@") || usage 1
+eval set -- "$temp"
+while true; do
case $1 in
- -h|--help)
- echo "see help from myfai-chboot"
- exit 0
- ;;
-S)
fai_action=sysinfo
fai_reboot_arg=
- shift
;;
-i) #inventory
fai_action=inventory
fai_reboot_arg=
- shift
;;
-k)
kgped16=true
- shift
;;
-b)
bond=true
- shift
;;
--no-r)
fai_reboot_arg=
- shift
;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
+ shift
done
-
-pre="${0##*/}:"
-m() { printf "$pre %s\n" "$*"; "$@"; }
-e() { printf "$pre %s\n" "$*"; }
-err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
-
-host=$1
+read -r host <<<"$@"
+readonly host
rm -f /srv/tftp/fai/pxelinux.cfg/*
iankelling.org / git / automated-distro-installer / commitdiff