Before doing a fai install, you will need to populate /q/root/luks and
/q/root/shadow, see their references. You might also want to copy
existing /etc/ssh/*host* to
-/p/c/machine_specific/HOST/filesystem/etc/ssh.
+/p/c/machine_specific/HOST/filesystem/etc/ssh
host-* luks keyfiles generated like:
head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
addgroup: The group `systemd-journal' already exists as a system group. Exiting.
Operation failed: No such file or directory
+On nabia/newer, python is removed, now its python3,
+and its easier to just let the package get removed than
+do host class package config.
+fai.log:WARNING: These unknown packages are removed from the installation list: python python-minimal
+
+Similar to python, linux-image-amd64 is the debian package name
+for the kernel, linux-image-generic is for ubuntu, but the
+DEBIAN class is defined on ubuntu and its easier to just let
+the package get removed with this warning:
+fai.log:WARNING: These unknown packages are removed from the installation list: linux-image-amd64
+Also, cryptsetup-initramfs is new to buster/nabia, it gets removed
+on earlier versions.
+
# linode notes
usage() {
- cat <<EOF
+ cat <<EOF
Usage: ${0##*/} [OPTION]
If grub var set, act like pxe rom and pxe-kexec to faiserver
Note: Uses GNU getopt options parsing style
EOF
- exit $1
+ exit $1
}
m() { printf "%s\n" "$*"; "$@"; }
try-kexec() {
- deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
- while ! nc -zu faiserver 69; do
- if (( `date +%s` > deadline )); then
- echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
- return 0
- fi
- sleep 1
- done
- m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
+ deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
+ while ! timeout -s 9 3 nc -zu faiserver 69; do
+ if (( `date +%s` > deadline )); then
+ echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
+ return 0
+ fi
+ sleep 1
+ done
+ m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
}
case $1 in
- -f|--force)
- try-kexec
- exit
- ;;
+ -f|--force)
+ try-kexec
+ exit
+ ;;
esac
first=true
for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
- |sort); do
- dev+=4
- mount $dev /mnt
- if $first; then
- if [[ -e /mnt/grubenv ]]; then
- set -x
- source <(grub-editenv /mnt/grubenv list)
- set +x
- fi
- first=false
- # we could just as well check if last_boot != /debianbuster_boostrap
- # the intent with this one is just a little clearer.
- if [[ $did_fai_check == true ]]; then
- grub-editenv /mnt/grubenv set did_fai_check=os_true
- # our service does not wait for network-online.target,
- # because it will wait for too long when we don't have a network
- # connection. So, we wait for 10 seconds.
- # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
- try-kexec ||:
- fi
- else
- # we make sure there is only 1 grubenv,
- # so grub can just find the first one, in whatever order
- # if looks at them, which may not be the same as us.
- # If the disk dies, we just lose the default boot option,
- # we will have to do manual steps to replace it anyways.
- rm -f /mnt/gruvenv
+ |sort); do
+ dev+=4
+ mount $dev /mnt
+ if $first; then
+ if [[ -e /mnt/grubenv ]]; then
+ set -x
+ source <(grub-editenv /mnt/grubenv list)
+ set +x
+ fi
+ first=false
+ # we could just as well check if last_boot != /debianbuster_boostrap
+ # the intent with this one is just a little clearer.
+ if [[ $did_fai_check == true ]]; then
+ grub-editenv /mnt/grubenv set did_fai_check=os_true
+ # our service does not wait for network-online.target,
+ # because it will wait for too long when we don't have a network
+ # connection. So, we wait for 10 seconds.
+ # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
+ try-kexec ||:
fi
- umount /mnt
+ else
+ # we make sure there is only 1 grubenv,
+ # so grub can just find the first one, in whatever order
+ # if looks at them, which may not be the same as us.
+ # If the disk dies, we just lose the default boot option,
+ # we will have to do manual steps to replace it anyways.
+ rm -f /mnt/gruvenv
+ fi
+ umount /mnt
done
# the check for last_boot is not needed afaik, just sanity check.
-if [[ $did_fai_check == true && $last_boot != /debianstable_boostrap ]]; then
- # no need to reboot if we actually want to boot into this os.
- reboot
+if [[ $did_fai_check == true && $last_boot != /debianbuster_boostrap ]]; then
+ # no need to reboot if we actually want to boot into this os.
+ reboot
fi
d=$1
part=$2
fi
- if [[ $d == /dev/disk/by-id/* ]]; then
- ret=$d-part$part
- else
- ret=$d$part
- fi
- echo $ret
+ echo $d-part$part
}
bootdev() { add-part $@ $bootn; }
root-cryptname() { crypt-name $(rootdev $@); }
swap-cryptname() { crypt-name $(swapdev $@); }
+dev-mib() {
+ echo $(( $(parted -m $dev unit MiB print | \
+ sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
+}
+
##### end function defs
if ifclass REPARTITION; then
for dev in ${short_devs[@]}; do
if $partition; then break; fi
y=$(readlink -f $dev)
- arr=($y[0-9])
- [[ ${#arr[@]} == "$lastn" ]] || partition=true
- for (( i=1; i <= lastn; i++ )); do
- [[ -e ${dev}$i ]] || partition=true
- done
+ arr=($y?*)
+ if (( ${#arr[@]} != lastn )); then
+ partition=true
+ fi
# On one system, blkid is missing some partitions.
# maybe we need a flag, like FUZZY_BLKID or something, so we
# can check that at least some exist.
fi
boot_space=0
-first=false
+first=true
boot_devs=()
for dev in ${devs[@]}; do
if ifclass frodo; then
sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
boot_devs+=($(bootdev))
fi
- if [[ $boot_devs && $first ]]; then
+ if $first && [[ $boot_devs ]]; then
first_efi=$(efidev)
first_grub_extdev=$(grub_extdev)
first=false
fi
done
+first_boot_dev=${boot_devs[0]}
even_raid=false
if ifclass RAID0 || (( ${#boot_devs[@]} == 1 )); then
exit 1
fi
fi
-first_boot_dev=${boot_devs[0]}
bpart() { # btrfs a partition
# if we repartition to the same as an old partition,
# we don't want any old fses hanging around.
for (( i=1; i <= lastn; i++ )); do
- x=$(add-part $dev $i)
+ x=$(add-part $i)
[[ -e $x ]] || continue
count_down=10
# wipefs has failed, manual run works, google suggests timing issue
if $even_raid; then
for dev in ${devs[@]}; do
- disk_mib=$(( $(parted -m $dev unit MiB print | \
- sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
- if [[ ! min_disk_mib ]] || (( disk_mib < min_disk_mib )); then
- min_disk_mib=$disk_mib
+ cur_mib=$(dev-mib)
+ if [[ ! $disk_mib ]] || (( cur_mib < disk_mib )); then
+ disk_mib=$cur_mib
fi
done
fi
#
# Note: parted print error output is expected. example:
# Error: /dev/vda: unrecognised disk label
- if $even_raid; then
- disk_mib=$min_disk_mib
- else
- disk_mib=$(( $(parted -m $dev unit MiB print | \
- sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
+ if ! $even_raid; then
+ disk_mib=$(dev-mib)
fi
root_end=$(( disk_mib - swap_mib - boot_mib / ${#boot_devs[@]} ))
swap_end=$(( root_end + swap_mib))
if [[ $DISTRO == debianbuster_bootstrap ]]; then
cat > /tmp/fai/fstab <<EOF
$first_boot_dev / btrfs noatime,subvol=$boot_vol 0 0
+$first_efi /boot/efi vfat nofail 0 0
EOF
cat >/tmp/fai/disk_var.sh <<EOF
BOOT_DEVICE="${short_devs[@]}"
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+
+Note: there is a bug in 5.9.4, fixed by adding
+ sleep 2
+
+/usr/sbin/fai-make-nfsroot:503, before apt-get update
+
+
EOF
exit $1
}
[[ $(dpkg --print-architecture) == armhf ]]
}
-if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
- gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
- cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb https://fai-project.org/download jessie koeln
-EOF
-elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|bullseye|etiona|nabia)' /etc/os-release; then
- # fai on ubuntu only has official support using the universe repo, but newer
- # tends to have less bugs.
- wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
-
- case $base in
- stretch|buster|bullseye)
- cat >/etc/apt/sources.list.d/fai.list <<EOF
+# fai on ubuntu only has official support using the universe repo, but newer
+# tends to have less bugs.
+wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+
+update=false
+case $base in
+ stretch|buster|bullseye)
+ if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
+ update=true
+ fi
+ cat >/etc/apt/sources.list.d/fai.list <<EOF
deb https://fai-project.org/download $base koeln
EOF
- ;;
- *)
- echo "$0: error: script needs updating for new base" >&2
- exit 1
- ;;
- esac
-else
- rm -f /etc/apt/sources.list.d/fai.list
+ ;;
+ *)
+ echo "$0: error: script needs updating for new base" >&2
+ exit 1
+ ;;
+esac
+
+f=/var/cache/apt/pkgcache.bin;
+if [[ -r $f ]]; then
+ cachetime=$(stat -c %Y $f );
+ now=$(date +%s)
+ limittime=$(( now - 60*60*2 ))
+ if (( cachtime > limittime )); then
+ update=true
+ fi
fi
-apt-get update
+if $update; then
+ apt-get update
+fi
# Relevant packages from fai-quickstart depends and fai-server recommends.
# I especially do not wait isc-dhcp-server or an inetd. Also excludes
cat >/etc/fai/apt/sources.list <<EOF
deb $r $base main contrib
EOF
+
+### begin setup security repo ###
case $base in
- jessie|stretch|buster)
+ stretch|buster)
cat >>/etc/fai/apt/sources.list <<EOF
deb http://security.debian.org/debian-security $base/updates main contrib
EOF
deb http://security.debian.org/debian-security $base-security main contrib
EOF
esac
+### end setup security repo ###
cat >>/etc/fai/apt/sources.list <<EOF
deb http://fai-project.org/download $base koeln
EOF
-if [[ $base == jessie ]]; then
- cat >>/etc/fai/apt/sources.list <<'EOF'
-# fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
-deb http://ftp.debian.org/debian jessie-backports main
-EOF
- # note, fai doesn\'t look at /etc/fai/apt/preferences.d
- cat >/etc/fai/apt/preferences <<'EOF'
-Package: tar
-Pin: release a=jessie-backports
-Pin-Priority: 500
-EOF
-fi
+## Get latest kernel and btrfs for dealing with btrfs issues.
+# if [[ $base == buster ]]; then
+# cat >>/etc/fai/apt/sources.list <<'EOF'
+# deb http://ftp.debian.org/debian buster-backports main
+# EOF
+# # note, fai doesn\'t look at /etc/fai/apt/preferences.d
+# cat >/etc/fai/apt/preferences <<'EOF'
+# Package: linux-* firmware-linux-free btrfs-progs
+# Pin: release a=buster-backports
+# Pin-Priority: 500
+# EOF
+# fi
$sed -f - /etc/fai/nfsroot.conf <<EOF
# tftp environment
local pxebin
- # wheezy path
- if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
- pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
- else
- # jessie+ path
- pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
- fi
+ # jessie+ path
+ pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
rm -f $NFSROOT/boot/*.bak
mkdir -p $TFTPROOT/pxelinux.cfg
iankelling.org / git / automated-distro-installer / commitdiff