for traci different pass and a home subvolume

diff --git a/fai-redep b/fai-redep
index 1626272bfc16def6c077c88bf9ef5f6b14580e88..3e1306783b8fb535427d02b48890698a18b1809c 100755 (executable)
--- a/fai-redep
+++ b/fai-redep
@@ -19,8 +19,12 @@ scp -r /a/bin/fai/fai/config root@faiserver:/srv/fai
 ssh root@faiserver tee -a /srv/fai/config/class/DEFAULT.var <<EOF
 ROOTPW='$(cat /p/shadow/standard)'
 EOF
+ssh root@faiserver tee -a /srv/fai/config/class/tp.var <<EOF
+ROOTPW='$(cat /p/shadow/traci-simple)'
+EOF
+
 scp ~/.ssh/id_rsa.pub \
     root@faiserver:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
-s scp -r /q/root/luks root@faiserver:/srv/fai/config/distro-install-common
+s scp -r /q/root/luks /p/shadow/traci{,-simple} \
+  root@faiserver:/srv/fai/config/distro-install-common
 ssh root@faiserver chmod -R a+rX /srv/fai/config/distro-install-common
-

diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT
index d2a8f760244d1399caf0c662c858a71f26fa7e86..1879648b73a71afd0d705ce2efe78c55c2be67cb 100755 (executable)
--- a/fai/config/hooks/instsoft.DEFAULT
+++ b/fai/config/hooks/instsoft.DEFAULT
@@ -14,3 +14,10 @@ EOF
 EOFOUTER
 
 chmod +x $f
+
+if ifclass tp; then
+    d=$target/root/shadow
+    mkdir -p $d
+    ls -la /var/lib/fai/config/distro-install-common
+    cp /var/lib/fai/config/distro-install-common/traci{-simple} $d
+fi

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 2632da4a990c4e6685a72a5afbe656ecc49bfc9c..e3cd178e173f0970e73d50de27b656d80e07e29c 100755 (executable)
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -8,9 +8,6 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
 
 partition=false
 
-# keyfiles generated like:
-# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
-luks_dir=/var/lib/fai/config/distro-install-common/luks
 
 letters=(a)
 
@@ -38,6 +35,14 @@ for dev in ${devs[@]}; do
     done
 done
 
+# keyfiles generated like:
+# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
+luks_dir=/var/lib/fai/config/distro-install-common/luks
+if ifclass tp; then
+    lukspw=$(cat $luks_dir/traci)
+else
+    lukspw=$(cat $luks_dir/ian)
+fi
 
 boot_end=504
 
@@ -58,6 +63,17 @@ fi
 # 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
 swap_end=$(( $(grep ^MemTotal: /proc/meminfo| awk '{print $2}') * 3/(${#letters[@]} * 2 ) / 1000 + boot_end ))MiB
 
+create_subvols() {
+    cd /mnt
+    for x in a home root; do
+        btrfs subvolume list . | grep "$x$" >/dev/null || btrfs subvolume create $x
+    done
+    btrfs subvolume set-default \
+          $(btrfs subvolume list . | grep 'root$' | awk '{print $2}') .
+    cd /
+    umount /mnt
+}
+
 shopt -s nullglob
 if $partition; then
     mkdir -p /tmp/fai
@@ -85,8 +101,7 @@ if $partition; then
 
     yes YES | cryptsetup luksFormat /dev/$crypt $luks_dir/host-$HOSTNAME \
                          -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
-    yes $(cat $luks_dir/traci) | \
-        cryptsetup luksAddKey --key-file \
+    yes "$lukspw" cryptsetup luksAddKey --key-file \
                    $luks_dir/host-$HOSTNAME /dev/$crypt || [[ $? == 141 ]]
     # this would remove the keyfile. we will do that manually later.
     #    yes 'test' | cryptsetup luksRemoveKey /dev/... \
@@ -96,17 +111,12 @@ if $partition; then
     parted ${devs[0]} set 1 boot on
     mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt
     mount /dev/mapper/crypt_dev_$crypt /mnt
-    cd /mnt
-    btrfs subvolume create a
-    btrfs subvolume create root
-    btrfs subvolume set-default $(btrfs subvolume list . | grep 'root$' | awk '{print $2}') .
-    cd /
-    umount /mnt
+    create_subvols
 else
     for dev in ${devs[@]}; do
         mkfs.ext4 -F ${dev}1
     done
-    yes $(cat $luks_dir/traci) | \
+    yes "$lukspw" | \
         cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt || [[ $? == 141 ]]
     sleep 1
     mount -o subvolid=0 /dev/mapper/crypt_dev_$crypt /mnt
@@ -116,9 +126,7 @@ else
     for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done
     btrfs subvolume set-default 0 /mnt
     btrfs subvolume delete /mnt/root
-    btrfs subvolume create /mnt/root
-    btrfs subvolume set-default $(btrfs subvolume list /mnt | grep 'root$' | awk '{print $2}') /mnt
-    umount /mnt
+    create_subvols
 fi
 
 cat > /tmp/fai/crypttab <<EOF
@@ -135,6 +143,7 @@ done
 cat > /tmp/fai/fstab <<EOF
 /dev/mapper/crypt_dev_$crypt  /  btrfs  noatime,subvol=/root  0 0
 /dev/mapper/crypt_dev_$crypt  /a  btrfs  noatime,subvol=/a  0 0
+/dev/mapper/crypt_dev_$crypt  /home  btrfs  noatime,subvol=/home  0 0
 ${devs[0]}1  /boot  ext4  noatime  0 2
 EOF
 

diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian
index 16e86de01610b6f43d77c458c115210d84dcd996..0ef4afdc48fb3e1e00f8dd77d95f29276db0af61 100755 (executable)
--- a/fai/config/scripts/GRUB_PC/11-ian
+++ b/fai/config/scripts/GRUB_PC/11-ian
@@ -6,6 +6,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
 $ROOTCMD adduser --disabled-password --gecos ian ian
 $ROOTCMD usermod -p "$ROOTPW" ian
 
+
 /var/lib/fai/config/distro-install-common/end
 
 fcopy -rM -i /home/ian/.ssh
@@ -14,5 +15,10 @@ chmod -R u=Xrw,og= $target/home/ian/.ssh
 cp -ar $target/home/ian/.ssh $target/root
 chown -R root:root $target/root/.ssh
 
-# the defaults in wheezy
+for dir in $target/{a,p}/c/machine_specific/$HOSTNAME/.unison; do
+    [[ -e $dir ]] || continue
+    $ROOTCMD rm -rf $target/root/.unison
+    $ROOTCMD ln -s $dir $target/root
+done
+
 $ROOTCMD usermod -aG cdrom,floppy,sudo,audio,dip,video,plugdev,netdev ian