cd $(dirname $(readlink -f "$BASH_SOURCE"))
-ROOTPW="$(cat /root/shadow/standard)"
-export ROOTPW
export hostname="$1"
mirror=$2
TPPASS="$(cat /root/shadow/traci-simple)"
-export TPPASS
-if [[ $hostname == tp ]]; then
- ROOTPW="$TPPASS"
-fi
(( $# >= 1 )) || { echo "$0: error: need 1 or 2 arguments"; exit 1; }
curl -s 'https://www.archlinux.org/mirrorlist/?country=US&protocol=https&ip_version=4&ip_version=6&use_mirror_status=on' |
sed -r 's/^[ #]*(Server *=)/\1/' >> /etc/pacman.d/mirrorlist
-# export class vars with CLASS_ in front to avoid name colissions.
-ifclass() {
- local var=${1/#/CLASS_}
- [[ $hostname == $1 || ${!var} ]]
-}
-export -f ifclass
-for x in $(bash 50-host-classes); do
- export CLASS_$x=true
-done
+. /a/bin/fai/fai-wrapper
export LUKS_DIR=/root/luks
export HOSTNAME=$hostname
export DISTRO=arch
-chmod +x partition.DEFAULT
+partition_script=/a/bin/fai/fai/config/hooks/partition.DEFAULT
+chmod +x $partition_script
export PARTITION_PROMPT=true
done
if ! $already_partitioned; then
- ./partition.DEFAULT
+ /a/bin/fai/fai/config/hooks/partition.DEFAULT
fi
. /tmp/fai/disk_var.sh
mount -o subvol=root_$DISTRO $ROOT_PARTITION /mnt
mkdir -p /mnt/{q,home,boot}
mount -o subvol=q $ROOT_PARTITION /mnt/q
- mount -o subvol=home_$DISTRO $ROOT_PARTITION /mnt/home
mount -o subvol=boot_$DISTRO $BOOT_PARTITION /mnt/boot
fi
fi
pacstrap /mnt base
cp /tmp/fai/{fstab,crypttab} /mnt/etc
-cp /root/encrypt /mnt/usr/lib/initcpio/hooks
+cp /a/bin/fai/encrypt /mnt/usr/lib/initcpio/hooks
# not needed anymore
#cp /usr/bin/devbyid /mnt/root
-cp -r .ssh /mnt/root
-cp -r /root/distro-install-common /mnt/root
+cp -r /root/.ssh /mnt/root
+
+bindmount() {
+ local mountpoint=$2
+ local source=$1
+ mkdir -p $mountpoint
+ mount -o bind $source $mountpoint
+}
+bindmount /a /mnt/a
+bindmount /root/shadow /mnt/q/root/shadow
+
mkdir -p /mnt/etc/ssh
-cp /etc/ssh/host_* /mnt/etc/ssh
+cp /etc/ssh/ssh_host_* /mnt/etc/ssh
-cp /root/arch-init-chroot /mnt/root
+cp /a/bin/fai/arch-init-chroot /mnt/root
# for manual commands, arch-chroot /mnt bash
arch-chroot /mnt /root/arch-init-chroot
pacman -Syu
-echo $hostname > /etc/hostname
[[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
l=en_US.UTF-8
echo "$l UTF-8" > /etc/locale.gen
done
grub-mkconfig -o /boot/grub/grub.cfg
# gtk2 is an optional dependency of unison.
-# debian's unison binary has it linked in,
-# so i install it so I can use the same binary for syncing
-# the two distros.
-pacman -S --noconfirm openssh unison gtk2 rsync
+# I know Im gonna want the gui, so just doing it now.
+pacman -S --noconfirm openssh rsync
-echo "root:$ROOTPW" | chpasswd -e
pacman -S --noconfirm sudo
-# 9 = user already exists. so we are idempotent.
-useradd -m -p "$ROOTPW" ian || [[ $? == 9 ]]
-
-if [[ $hostname == frodo ]]; then
- useradd -m -p "$TPPASS" traci || [[ $? == 9 ]]
-else
- useradd -m traci || [[ $? == 9 ]]
-fi
-# comparing ian's groups to traci, I see none she should join on arch
-usermod -a -G traci ian
-
-
-/root/distro-install-common/end
+. /a/bin/fai/fai-wrapper
+/a/bin/fai/fai/config/distro-install-common/end
systemctl enable sshd
rm -rf /home/ian/.ssh
fi
host=$1
+
scp -o StrictHostKeyChecking=false -o UserKnownHostsFile=/dev/null \
/p/c/machine_specific/$host/filesystem/etc/ssh/* root@$host:/etc/ssh
mirror=http://$HOSTNAME:8080
fi
faid=/a/bin/fai
-fai_files=(
- distro-install-common
- hooks/partition.DEFAULT
- class/50-host-classes
-
-)
-sudo scp -r /a/bin/fai/arch-init{,-chroot} \
- /a/bin/fai/encrypt \
- ${fai_files[@]/#//a/bin/fai/fai/config/} \
- /a/bin/devbyid \
- /q/root/luks /q/root/shadow root@$host:
+
+rsync -rlpthvi --relative /a/bin/fai/ root@$host:/
+rsync /a/bin/fai/ root@$host:/a/bin/fai/
+sudo scp -r /a/bin/devbyid /q/root/luks /q/root/shadow root@$host:
# creating shadow file string:
# on debian, you can use mkpasswd -m sha-512 to generate a pass.
# arch doesn't have this program. instead, you can do passwd,
# and extract it from the shadow file.
-ssh root@$host bash -x ./arch-init $host $mirror
+ssh root@$host bash -x /a/bin/fai/arch-init $host $mirror
#ssh root@$host reboot now || [[ $? == 255 ]]
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
-# use it, so look it up.
+# use it, so look it up just to avoid the warning spam.
faiserver_host=$(chost faiserver) || faiserver_host=faiserver
ssh root@$faiserver_host rm -rf /srv/fai/config
scp -r fai/config root@$faiserver_host:/srv/fai
-# fai example pass: fai
-#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
-
-# generating a hashed password:
-# under debian, you can do
-# echo "yoursecrectpassword" | mkpasswd -m sha-512 -s
-# On arch, best seems to be copy your shadow file to a temp location,
-# then passwd, get out the new pass, then copy the shadow file back.
-
-f=/q/root/shadow/standard
-if s test -e $f; then
- ssh root@$faiserver_host tee -a /srv/fai/config/class/DEFAULT.var <<EOF
-ROOTPW='$(s cat $f)'
-EOF
-fi
-tpvar="$(s cat /q/root/shadow/traci-simple)"
-ssh root@$faiserver_host tee -a /srv/fai/config/class/tp.var <<EOF
-ROOTPW='$tpvar'
-EOF
scp ~/.ssh/id_rsa.pub \
root@$faiserver_host:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
# todo: automatically disable faiserver after a period so
# these files are not exposed.
-s scp -r /q/root/luks /q/root/shadow/traci{,-simple} \
+s scp -r /q/root/luks /q/root/shadow \
root@$faiserver_host:/srv/fai/config/distro-install-common
scp /a/bin/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin
ssh root@$faiserver_host bash <<'EOF'
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-redeploy=false
+# I had this set false as default before, can't remember why. oh well.
+redeploy=true
if [[ $1 == -r ]]; then
- redeploy=true
+ redeploy=false
fi
disk_count=2
cd $script_dir
+is_arch_revm() {
+ [[ ${0##*/} == arch-revm ]]
+}
new_disk=false
[[ ! $1 ]] || new_disk=true
-if [[ $0 == *arch-revm ]]; then
+if is_arch_revm; then
+ ./pxe-server arch &
+ sleep 2
# via osinfo-query os. guessing arch is closest to latest fedora.
variant=fedora22
else
+ ./pxe-server fai &
+ sleep 2
if $redeploy; then
./fai-redep
fi
if [[ $SSH_CLIENT ]]; then
console_arg=--noautoconsole
-else
- console_arg='&'
fi
# --cpu host: this causes mkfs.btrfs to fail with a stack trace which began
# something like:
# init_module+0x108/0x1000 [raid6_pq]
+#
+# uniq is to stop gtk-warning spam
s virt-install --os-variant $variant -n $name --pxe -r 2048 --vcpus 1 \
${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad \
- --graphics spice,listen=0.0.0.0 $console_arg
+ --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^$' | uniq &
+
+if [[ $SSH_CLIENT ]]; then
+ fg
+fi
+
-if [[ ${0##*/} == arch-revm ]]; then
- sleep 80
+if is_arch_revm; then
+ while ! timeout 10 ssh $name /bin/true; do sleep 1; done
./arch-init-remote $name
fi
--- /dev/null
+#!/bin/bash
+
+# for using some fai commands outside of fai
+ifclass() {
+ local var=${1/#/CLASS_}
+ [[ $HOSTNAME == $1 || ${!var} ]]
+}
+export -f ifclass
+classes= # used by fcopy
+for x in $(bash /a/bin/fai/config/class/50-host-classes); do
+ # export class vars with CLASS_ in front to avoid name colissions.
+ classes+=" $x"
+ export CLASS_$x=true
+done
+classes="${classes# }"
+export classes
+export FAI_ROOT=/
+export FAI=/a/bin/fai/config
tp)
echo "FAIBASE DEBIAN DESKTOP PARTITION_PROMPT" ;;
frodo)
- echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;;
+ echo "FAIBASE DEBIAN DESKTOP PARTITION_PROMPT" ;;
treetowl)
- echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;;
+ echo "FAIBASE DEBIAN DESKTOP PARTITION_PROMPT" ;;
# faiserver)
# echo "FAIBASE DEBIAN DEMO FAISERVER" ;;
# xfcehost)
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+if [[ $EUID != 0 ]]; then
+ echo "$0: error: expected to be root."
+ exit 1
+fi
+
+### begin set hostname
+echo $hostname > /etc/hostname
+sed -i '/^127\.0\.1\.1/d' /etc/hosts
+echo "127.0.1.1 $hostname" >> /etc/hosts
+hostname -F /etc/hostname
+### end set hostname
+
+TPW=/q/root/shadow/traci-simple
+if ifclass tp; then
+ ROOTPW="$TPW"
+else
+ ROOTPW=/q/root/shadow/standard
+fi
+
+chpw() {
+ # generating a hashed password:
+ # under debian, you can do
+ # mkpasswd -m sha-512 -s >/q/root/shadow/standard
+ # On arch, best seems to be copy your shadow file to a temp location,
+ # then passwd, get out the new pass, then copy the shadow file back.
+ user=$1
+ pwfile=$2
+ if [[ $pwfile && -e $pwfile ]]; then
+ printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
+ else
+ echo "$0: warning: no pw set for $user"
+ fi
+}
+au() {
+ if ! $ROOTCMD getent passwd $1; then
+ $ROOTCMD useradd -m $1 -s /bin/bash || [[ $? == 9 ]]
+ fi
+}
+
+echo "IANNNNNNN 222222222, $ROOTPW"
+ls -la $ROOTPW
+
+chpw root "$ROOTPW"
+# 9 = user already exists. so we are idempotent.
+au ian
+chpw ian "$ROOTPW"
+
+au traci
+if ifclass frodo; then
+ chpw traci "$TPW"
+fi
+# comparing ian's groups to traci, I see none she should join on arch
+$ROOTCMD usermod -a -G traci ian
# based on unison error, with 8192 from
key=fs.inotify.max_user_watches
if [[ -e $f ]]; then sed -ri "/^\s*$key\s*=/d" $f; fi
echo "fs.inotify.max_user_watches = 1000000" >> $f
-# if we weren't rebooting, you could apply it now with:
-# sysctl --system
+# applies it. it would be also be applied after a reboot
+$ROOTCMD sysctl --system
f=$target/etc/sudoers
line='ian ALL=(ALL) NOPASSWD: ALL'
Explanation: https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt.priorities
Explanation: And man apt_preferences
Explanation: Installed packages get 100 priority, so this won't upgrade testing
-Explanation: packages unless explicitly asked to. Just went middlish between 1-100
+Explanation: packages unless explicitly asked to.
+Explanation: Less than 0 won't install package unless you specify the archive.
+Explanation: This is good, so you never just search for a package and install
+Explanation: it without knowing it's from a different archive.
Explanation: Install with apt-get install package/testing. But if dependencies are
Explanation: needed, or need upgrading,
Explanation: apt-get -t testing package, setting testing to priority
Explanation: Use apt-cache policy to verify these settings.
Package: *
Pin: release a=unstable
-Pin-Priority: 30
+Pin-Priority: -20
Package: *
Pin: release a=unstable-updates
-Pin-Priority: 30
+Pin-Priority: -20
Package: *
Pin: release a=testing
-Pin-Priority: 50
+Pin-Priority: -10
Package: *
Pin: release a=testing-updates
-Pin-Priority: 50
+Pin-Priority: -10
## create subvols ##
cd /mnt
btrfs subvolume create root_$DISTRO
+[[ -e q ]] || btrfs subvolume create q
chown root:1000 q
mkdir -p /mnt/root_$DISTRO/boot
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-$ROOTCMD adduser --disabled-password --gecos ian ian
-
-if [[ ! $ROOTPW ]]; then
- echo "$0: error: empty \$ROOTPW"
+if [[ $EUID != 0 ]]; then
+ echo "$0: error: expected to be root."
exit 1
fi
-$ROOTCMD usermod -p "$ROOTPW" ian
+
+dir=/q/root/shadow
+if [[ ! -e $dir ]]; then
+ mkdir -p $dir
+ echo "IANNNNNN 111"
+ ls -la $FAI/distro-install-common/shadow
+ mount -o bind $FAI/distro-install-common/shadow $dir
+fi
+$FAI/distro-install-common/end
if ifclass STABLE; then
fcopy -M /etc/apt/preferences
# note:
# fcopy -i = ignore nonmatching class error, always return 0.
-f=/target/home/ian/.ssh/authorized_keys
+f=$FAI_ROOT/home/ian/.ssh/authorized_keys
if [[ ! -L $f || -e $f ]]; then
fcopy -r -M /home/ian/.ssh
else
echo "$0: info: $f exists"
fi
-/var/lib/fai/config/distro-install-common/end
-rm -f /target/etc/apt/sources.list
+rm -f $FAI_ROOT/etc/apt/sources.list
-chroot /target bash <<'EOF'
+chroot $FAI_ROOT bash <<'EOF'
set -eE -o pipefail
chown -R 1000:1000 /home/ian/.ssh
chmod -R u=Xrw,og= /home/ian/.ssh
EOF
-$ROOTCMD apt-get -y install unison-gtk
-if ifclass STABLE; then
- # don't think this is needed since I figured out how to
- # deal with mismatching unison compilers, but I don't
- # see any reason to revert it, since it only installs
- # a single package which is primarily a single binary
- $ROOTCMD apt-get -y install unison-gtk/testing
-fi
-
-
-
-$ROOTCMD adduser --disabled-password --gecos traci traci
-$ROOTCMD usermod -a -G traci ian
# reading through the groups that ian is in but traci isn't,
for g in plugdev audio video cdrom; do
$ROOTCMD usermod -a -G $g traci
done
-if ifclass frodo; then
- $ROOTCMD usermod -p "$(cat /var/lib/fai/config/distro-install-common/traci-simple)" traci
-fi
-
-
# makes the journal be saved to disk.
-$ROOTCMD mkdir -p /target/var/log/journal
-$ROOTCMD chmod 755 /target/var/log/journal
+$ROOTCMD mkdir -p $FAI_ROOT/var/log/journal
+$ROOTCMD chmod 755 $FAI_ROOT/var/log/journal
persist=false
args=()
+redep=false
while [[ $1 ]]; do
case $1 in
--) shift; break ;;
-h|--help) usage ;;
+ -r) redep=true; shift ;;
-p) persist=true; shift ;;
*) args+=("$1"); shift ;;
esac
if [[ $type == arch ]]; then arch-pxe-mount; fi"
+if $redep && [[ $type == fai ]]; then
+ fai-redep
+fi
if ! $persist; then
+ echo "waiting for 2 dhcp acks then disabling pxe"
if [[ $host ]]; then
host_regex=" $host"
fi
192.168.1.6 testvm
192.168.1.8 tp
72.14.176.105 li
+173.255.198.166 lj
EOF
iankelling.org / git / automated-distro-installer / commitdiff