reboot
+# Expected output in fai logs
+
+For flidas, when installing systemd, this error happens, and it's
+a superflous upstream bug based on reading the post install script:
+
+addgroup: The group `systemd-journal' already exists as a system group. Exiting.
+Operation failed: No such file or directory
+
+
# License
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
host=$1
-addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q')
+# ||: because if we are using 2+ resolvers, 1 may fail, causing error, but we still get
+# a valid address and we just use that
+addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
h=$(host $addr)
h=${h##* }
echo $h
ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
-rsync -r --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config
+rsync -rplt --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config
ssh root@$faiserver_host bash <<'EOF'
set -eE -o pipefail
set -x
changed=false
f=/srv/fai/nfsroot/root/.ssh/known_hosts
+install -d -m 700 /srv/fai/nfsroot/root/.ssh
# the known hosts entries that fai already sets up are like
# IP,HOSTNAME key_info...
# we are skipping the ip, because it doesn't block ssh
# with a prompt as long as you have the user supplied hostname,
# and i don't want to deal with getting it, it's not adding
# any important security in this case.
-if ! grep -xFq "$line" $f; then
+if ! grep -xFq "$line" $f &>/dev/null; then
changed=true
printf "%s\n" "$line" >>$f
fi
echo "FAIBASE"
-echo "PARTITION_PROMPT"
+#echo "PARTITION_PROMPT"
#echo REPARTITION
rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then
- [ -f /etc/fai/fai.conf ] && cp /etc/fai/fai.conf $target/etc/fai/fai.conf
+ if [ -f /etc/fai/fai.conf ]; then
+ mkdir -p $target/etc/fai
+ cp /etc/fai/fai.conf $target/etc/fai/fai.conf
+ fi
fi
ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC"
if [[ $FAI_ACTION != dirinstall ]]; then
cat >$FAI_ROOT/etc/grub.d/40_custom <<'EOF'
-# https://www.coreboot.org/Serial_console
+#!/bin/sh
+exec tail -n +3 $0
+# This file provides an easy way to add custom menu entries. Simply type the
+# menu entries you want to add after this comment. Be careful not to change
+# the 'exec tail' line above.
+
+# https://www.coreboot.org/Serial_console # tty
# but removed unneeded stuff
serial --speed=115200
EOF
chroot $FAI_ROOT bash <<'EOF'
- # https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
- # it suggests not having plymouth-theme-ubuntu-text, but
- # making it not installed then kills plymouth, then makes
- # the system not boot.
- sed -ri 's/(^ *GRUB_CMDLINE_LINUX.*)quiet splash/\1/' /etc/default/grub
- # on xenial, no grub is displayed at all. fix that.
- # found just by noticing this in the config file, and a
- # warning about it in error.log
- sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
-
- update-grub2
+# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
+# it suggests not having plymouth-theme-ubuntu-text, but
+# making it not installed then kills plymouth, then makes
+# the system not boot.
+sed -ri 's/(^ *GRUB_CMDLINE_LINUX.*)quiet splash/\1/' /etc/default/grub
+
+# todo: not sure, but this might screw up systems without a serial port
+# and thus need a conditional.
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT="/\0console=ttyS0,115200 console=tty0 /' /etc/default/grub
+# on xenial, no grub is displayed at all. fix that.
+# found just by noticing this in the config file, and a
+# warning about it in error.log
+sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
+
+update-grub2
EOF
fi
if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
- $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT
+ cat >>/etc/fai/NFSROOT <<'EOF'
+# inserted by faserver-setup
+PACKAGES install
+cryptsetup
+EOF
fi
if armhf; then
apt-get -y install apt-cacher-ng
fi
-{ head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
- | tr '\n' ' '; ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*"; \
- } >>/srv/fai/nfsroot/root/.ssh/known_hosts
+rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
+key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*")
+for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
+ echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
+done
+
+
+# serial console
+# mainly from
+# https://wiki.archlinux.org/index.php/working_with_the_serial_console
+# at runtime, running this from ssh worked:
+# https://unix.stackexchange.com/questions/242778/what-is-the-easiest-way-to-configure-serial-port-on-linux
+# stty -F /dev/ttyS0 115200 cs8 -cstopb -parenb
+# /sbin/agetty 115200 ttyS0 linux
+# dated info, but validation that this might work on debian:
+# https://help.ubuntu.com/community/SerialConsoleHowto
+# note in the nfsroot, systemd is not running.
+echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/inittab
# initially did the basic fai-chboot -Iv $std_arg default
# but found in console that it wanted to mount nfsroot
distro=trisquel
classes="UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS DESKTOP"
;;
+ stretch)
+ classes="DEBIAN STRETCH64 VOL_STRETCH STRETCH DESKTOP"
+;;
*)
echo "$0: error: unknown DISTRO_CODENAME"
usage 1
usage() {
cat <<EOF
-usage: ${0##*/} [-h|--help] HOSTNAME|IP|default
+usage: ${0##*/} [-h|--help] [HOSTNAME|IP|default]
Sets up tftp pxe config and nfs server on host "faiserver".
esac
-host=$(chost faiserver)
+host=$(./chost faiserver)
ssh root@$host bash -s -- "$@" <myfai-chboot-local
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
fai_action=install
-fai_action_arg=I
fai_reboot_arg=,reboot
case $1 in
-h|--help)
;;
-S)
fai_action=sysinfo
- fai_action_arg=S
+ fai_reboot_arg=
+ shift
+ ;;
+ -i) #inventory
+ fai_action=inventory
fai_reboot_arg=
shift
;;
ip=$host/32
else
type -t host &>/dev/null || apt-get -y install dnsutils
- ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q')/32
+ ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
if [[ ! $ip || $ip =~ [[:space:]] ]]; then
- echo "$0: error: failed to get \$my_ip, got: $my_ip"
+ echo "$0: error: failed to get \$ip, got: $ip"
exit 1
fi
-
+ ip=$ip/32
fi
if modprobe nfsd &>/dev/null; then
# man page doesn't explain this, but this deletes & thus disables
# all chboot systems.
-e fai-chboot -${fai_action_arg}v $std_arg default # set it to default to get a val out of it next
+e fai-chboot -iv $std_arg default # set it to default to get a val out of it next
kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
default_k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot aufs FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
-k_args=()
+k_args=(console=tty0 console=ttyS0,115200 FAI_ACTION=$fai_action)
for arg in $default_k_args; do
case $arg in
# default root arg is /srv/fai/nfsroot
config redirect
- option name treetowlsyncthing
+ option name kdsyncthing
option src vpn
option src_dport 22000
option dest_ip 192.168.1.2
esac
fi
-
+cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
ssh $h <<EOF
if ! opkg list-installed|grep bash; then
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
pmirror() {
- # background: upgrading all packages is not recommended because it
- # doesn't go into the firmware. build new firmware if you want
- # lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
- f=(/tmp/opkg-lists/* /var/opkg-lists/*)
- if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
- opkg update
- fi
+ # background: upgrading all packages is not recommended because it
+ # doesn't go into the firmware. build new firmware if you want
+ # lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
+ f=(/var/opkg-lists/*)
+ if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
+ opkg update
+ fi
}
pi() {
- for x in "$@"; do
- if [[ ! $(opkg list-installed "$x") ]]; then
- pmirror
- opkg install "$@"
- fi
- done
+ for x in "$@"; do
+ if [[ ! $(opkg list-installed "$x") ]]; then
+ pmirror
+ opkg install "$@"
+ fi
+ done
}
v() {
- printf "+ %s\n" "$*"
- "$@"
+ printf "+ %s\n" "$*"
+ "$@"
}
### network config
###
-l=10.0.0
-lan=10.0.0.0
+ssid=cmc2
+lan=10.1.0.0
mask=255.255.0.0
+l=${lan%.0}
+
+passwd -l root ||: #already locked fails
cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
#!/bin/bash
-sed -ri "s/option[[:space:]]+encryption[[:space:]].*/option encryption psk2/;s/option[[:space:]]+key.*/option key pictionary49/" /etc/config/wireless
-sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
-v wifi
v /etc/init.d/fstab enable ||:
# fi
+wireless_restart=true
+key=pictionary49
+for x in 0 1; do
+ if [[ $(uci get wireless.default_radio$x.ssid) != $ssid ]]; then
+ uci set wireless.default_radio$x.ssid=$ssid
+ wireless_restart=true
+ fi
+ if [[ $(uci get wireless.default_radio$x.key) != $key ]]; then
+ uci set wireless.default_radio$x.key=$key
+ wireless_restart=true
+ fi
+ if [[ $(uci get wireless.default_radio$x.encryption) != $key ]]; then
+ uci set wireless.default_radio$x.encryption=$key
+ wireless_restart=true
+ fi
+ if [[ $(uci get wireless.default_radio$x.disabled 2>/dev/null) ]]; then
+ uci delete wireless.default_radio$x.disabled
+ wireless_restart=true
+ fi
+done
+
+if $wireless_restart; then
+ uci commit wireless
+ v wifi
+fi
+
########## openvpn exampl
########## missing firewall settings for routing lan
# EOF
+
v cedit /etc/config/network <<EOF || v /etc/init.d/network reload
config 'route' 'transmission'
option 'interface' 'lan'
# avoid using the dns servers that my isp tells me about.
if [[ $(uci get dhcp.@dnsmasq[0].resolvfile 2>/dev/null) ]]; then
- # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
- # /etc/resolv.conf. not sure why I did this.
- v uci delete dhcp.@dnsmasq[0].resolvfile
- uci commit dhcp
- dnsmasq_restart=true
+ # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
+ # /etc/resolv.conf. not sure why I did this.
+ v uci delete dhcp.@dnsmasq[0].resolvfile
+ uci commit dhcp
+ dnsmasq_restart=true
fi
if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then
- v uci set dhcp.@dnsmasq[0].domain=b8.nz
- uci commit dhcp
- dnsmasq_restart=true
+ v uci set dhcp.@dnsmasq[0].domain=b8.nz
+ uci commit dhcp
+ dnsmasq_restart=true
fi
if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then
- v uci set dhcp.@dnsmasq[0].local=/b8.nz/
- uci commit dhcp
- dnsmasq_restart=true
+ v uci set dhcp.@dnsmasq[0].local=/b8.nz/
+ uci commit dhcp
+ dnsmasq_restart=true
fi
if [[ $(uci get system.@system[0].hostname) != wrt ]]; then
- v uci set system.@system[0].hostname=wrt
- uci commit system
+ v uci set system.@system[0].hostname=wrt
+ uci commit system
fi
EOF
if $dnsmasq_restart; then
- v /etc/init.d/dnsmasq restart
+ v /etc/init.d/dnsmasq restart
fi
if $firewall_restart; then
- v /etc/init.d/firewall restart
+ v /etc/init.d/firewall restart
+fi
+
+
+reboot=false
+if [[ $(uci get network.lan.ipaddr) != $l.1 ]]; then
+ v uci set network.lan.ipaddr=$l.1
+ uci commit network
+ reboot=true
+fi
+if [[ $(uci get network.lan.netmask) != $mask ]]; then
+ v uci set network.lan.netmask=$mask
+ uci commit network
+ reboot=true
+fi
+
+if $reboot; then
+ reboot
fi
+exit 0
iankelling.org / git / automated-distro-installer / commitdiff