# Scripts to setup the environment for the install
-sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso # create autodiscover cd
+
+# create tiny autodiscover cd
+fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso
+# create normal fai cd (replace TARGET_HOST)
+fai-redep -t TARGET_HOST && sudo fai-cd -M -g $PWD/grub.cfg.netinst -f $BASEFILE_DIR/netinst.iso
+note, may need to set hostname in something like LAST.var
+also, may need to unset proxy.
mymk-basefile # Create basefiles for various distros
archlike-pxe # Setup pxe boot server from an archlike base image
fai-redep # Deploy fai configuration to host "faiserver"
#!/bin/bash
-# Copyright (C) 2016 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help] [HOST] [DISTRO]
+ cat <<EOF
+usage: ${0##*/} [OPTIONS] [HOST]
Deploy fai config (the one in nfs) to HOST or default faiserver
-Specify DISTRO for setting up DESKTOP packages.
+
+
+-d DISTRO DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
+-t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
+ on hardware we don't control.
+-h|--help Print help and exit
Note: uses paths specific to authors machine.
EOF
- exit $1
+ exit $1
}
-case $1 in
- -h|--help) usage ;;
-esac
+##### begin command line parsing ########
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help hd:t: "$@") || usage 1
+eval set -- "$temp"
+while true; do
+ case $1 in
+ -d) distro=$2; shift ;;
+ -t) target=$2; shift ;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
+ esac
+ shift
+done
host=${1:-faiserver}
-distro=$2
+
+readonly host distro target
+
+##### end command line parsing ########
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config root@$faiserver_host:/srv
-
-scp -q ~/.ssh/home.pub \
- root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
+sudo rsync -a /root/.ssh/home.pub \
+ root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/STANDARD
# todo: automatically disable faiserver after a period so
-# these files are not exposed.
-sudo scp -qr /q/root/luks /q/root/shadow \
- root@$faiserver_host:/srv/fai/config/distro-install-common
+# these files are not available.
-# should tar ssh all the files, but these ones really justified it
-tar -cz /p/c/machine_specific/*/filesystem/etc/ssh | \
- ssh root@$faiserver_host tar -xz -C /srv/fai/config/distro-install-common
+if [[ $target ]]; then
+ sudo rsync -lpt --files-from=- /q/root root@$faiserver_host:/srv/fai/config/distro-install-common <<EOF
+luks/$target
+luks/host-$target
+shadow/$target
+EOF
+else
+ sudo rsync -rlpt /q/root/shadow /q/root/luks root@$faiserver_host:/srv/fai/config/distro-install-common
+fi
+dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
+if [[ -e ${dirs[0]} ]]; then
+ rsync -rlpt --delete --relative ${dirs[@]} root@$faiserver_host:/srv/fai/config/distro-install-common
+fi
. /a/bin/distro-setup/pkgs
pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
-{ echo PACKAGES install; echo "${pall[*]}"|sed 's/ /\n/g'; } | \
+
+printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
# the other directory, so it's kind of a tossup, whatever.
sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
systemctl restart tftpd-hpa
-chmod 644 /srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
-chmod -R a+rX /srv/fai/config/distro-install-common
changed=false
f=/srv/fai/nfsroot/root/.ssh/known_hosts
-x="$(readlink -f "$BASH_SOURCE")"
-script_dir="${x%/*}"
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+script_dir="${this_file%/*}"
+# shellcheck source=./bash-trace
source "${script_dir}/bash-trace"
+cd $script_dir
e() { echo "$*"; "$@"; }
-n Create new qcow2(s) for vm. Good for testing partitioning
script, to ensure a blank disk.
-p Use pxe instead of autodiscover iso with fai.
+-c Use normal fai-cd iso is instead of autodiscover iso.
-r Do not boot after install is complete
-h|--help Print help and exit.
orig_args=("$@")
new_disk=false
pxe=false
-temp=$(getopt -l help dnprh "$@") || usage 1
+iso=autodiscover.iso
+temp=$(getopt -l help dnpcrh "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
-d) dhcp_arg=-d; shift ;;
-n) new_disk=true; shift ;;
-p) pxe=true; shift ;;
+ -c) iso=netinst.iso; shift ;;
-r) reboot_arg=--noreboot; shift ;;
-h|--help) usage ;;
--) shift; break ;;
# change this to test different disk counts. 1 and > 1 should be the only
# important things to test.
-disk_count=1
+disk_count=2
if [[ $script_dir == /a/bin/* ]]; then
exec /tmp/faifreeze/${BASH_SOURCE##*/} "${orig_args[@]}"
fi
-cd $script_dir
is_arch_revm() {
[[ ${0##*/} == arch-revm ]]
if [[ ! $BASEFILE_DIR ]]; then
BASEFILE_DIR=/tmp
fi
- a=$BASEFILE_DIR/autodiscover.iso
- b=$BASEFILE_DIR/STRETCH64.tar.gz
- if [[ ! -e $a || $(stat -c %Y $a) -lt $(stat -c %Y $b) ]]; then
- e s fai-cd -g $(readlink -f grub.cfg.autodiscover) -f -A $BASEFILE_DIR/autodiscover.iso
+ isopath=$BASEFILE_DIR/$iso
+ isosrc=$BASEFILE_DIR/STRETCH64.tar.gz
+ if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
+ e s fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
- boot_arg="--cdrom $BASEFILE_DIR/autodiscover.iso"
+ boot_arg="--cdrom $isopath"
e fai-redep
e myfai-chboot default
fi
# --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
-e s virt-install --os-variant $variant -n $name $boot_arg -r 2048 --vcpus 1 \
+e s virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus 1 \
${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
--graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
#! /bin/bash
+set -x
# mk-basefile, create basefiles for some distributions
#
# Thomas Lange, Uni Koeln, 2011-2018
#
# The apt sources files we want, STRETCH_FREE, STRETCH_NONFREE,
# BUSTER_FREE, BUSTER_NONFREE, TESTING_FREE, TESTING_NONFREE,
-# XENIAL_FREE, FLIDAS, ETIONA, STRETCH_LINODE.
+# XENIAL_FREE, FLIDAS, ETIONA, STRETCH_LINODE, BUSTER_LINODE.
#
# It's all a little redundant in some cases, but it keeps things
# simpler.
--- /dev/null
+HOSTNAME=li
+APTPROXY=
\ No newline at end of file
FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
# if you want to use the faiserver as APT proxy
-# ian: uncommented
-APTPROXY=http://faiserver:3142
+# APTPROXY=http://faiserver:3142
# when downloading from https intead of nfs, this is not set,
# it is used as the default for LOGSERVER, and for calling chboot.
# My faiserver's hostname is always faiserver, so just hardcoding it.
-SERVER=faiserver
\ No newline at end of file
+SERVER=faiserver
+
+APTPROXY=http://faiserver:3142
# ssh host keys
# note, $BASH_SOURCE is not defined here under fai.
+
src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
dst=$target/etc/ssh
if [[ -e $src && -e $dst ]]; then
- # outside of fai context, we skip this
+ # outside of fai context or setting up a brand new host, we skip this
cp -rT $src $dst
fi
f=$target/etc/sysctl.d/99-sysctl.conf
key=fs.inotify.max_user_watches
if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
-echo "fs.inotify.max_user_watches = 1000000" >> $f
+echo "fs.inotify.max_user_watches = 50000" >> $f
# applies it. it would be also be applied after a reboot
$ROOTCMD sysctl --system
echo "$line" >> $f
fi
-dir=/p/c/machine_specific/$HOSTNAME/.unison
-$ROOTCMD mkdir -p $dir
-if ! $ROOTCMD test -L /root/.unison; then
- $ROOTCMD rm -rf /root/.unison
- $ROOTCMD ln -s -T $dir /root/.unison
-fi
-
-$ROOTCMD chown -R 1000:1000 $dir
-while true; do
- $ROOTCMD chown 1000:1000 $dir
- $ROOTCMD chmod 700 $dir
- dir=$(dirname $dir)
- if [[ $dir == /p ]]; then break; fi
-done
au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin
#!/bin/bash
+# These are things we can do before package_config packages get installed.
+
# exit for any vm except demohost, or if we are doing a dirinstall
if ifclass VM && ! ifclass demohost || ifclass VOL_STRETCH_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then
- exit 0
+ exit 0
fi
keyfile=/var/lib/fai/config/distro-install-common/luks/host-$HOSTNAME
$(cat $keyfile)
EOF
EOFOUTER
-chmod +x $f
-
-
-f=$target/root/keyscript-manual
-cat >$f <<'EOF'
-#!/bin/sh
-if ! [ -e /tmp/key ]; then
- stty -echo
- read pass
- printf '%s' "$pass" > /tmp/key
-fi
-cat /tmp/key
-EOF
-chmod +x $f
+chmod 700 $f
# for hosts which don't have these data volumes, copy the specific
# files we need.
if ifclass demohost; then
- files=(/var/lib/fai/config/distro-install-common/luks/host-demohost)
+ files=(/var/lib/fai/config/distro-install-common/luks/host-demohost)
elif ifclass tp; then
- files=(/var/lib/fai/config/distro-install-common/luks/host-{tp,demohost})
+ files=(/var/lib/fai/config/distro-install-common/luks/host-{tp,demohost})
fi
if [[ ${files[0]} ]]; then
- d=$target/q/root/luks
- mkdir -p $d
- cp ${files[@]} $d
- chmod -R o-rwx $d
+ d=$target/q/root/luks
+ mkdir -p $d
+ chmod 700 $d
+ cp -p ${files[@]} $d
fi
+
+
+#### this bit is duplicated in rootsshsync
+f=/var/lib/fai/config/files/root/.ssh/authorized_keys/STANDARD
+d=$target/etc/initramfs-tools
+d2=$target/etc/dropbear-initramfs
+mkdir -p $d/root/.ssh $d2
+chmod 700 $d/root $d/root/.ssh
+# i think buster uses the second, flidas uses the first.
+cp -p $f $d/root/.ssh/authorized_keys
+cp -p $f $d2/authorized_keys
partition=false # change to true to force a full wipe
fi
+## ignore disks that are mounted, eg when running from fai-cd
+declare -A disk_excludes
+while read -r l; do
+ eval "$l"
+ if [[ ! $PKNAME ]]; then
+ PKNAME="$KNAME"
+ fi
+ if [[ $MOUNTPOINT ]]; then
+ disk_excludes[$PKNAME]=true
+ fi
+done < <(lsblk -nP -o KNAME,MOUNTPOINT,PKNAME)
hdds=()
ssds=()
cd /sys/block
for disk in [sv]d[a-z]; do
+ if [[ ${disk_excludes[$disk]} ]]; then
+ continue
+ fi
case $(cat $disk/queue/rotational) in
0) ssds+=(/dev/$disk) ;;
1) hdds+=(/dev/$disk) ;;
if $partition; then break; fi
y=$(readlink -f $dev)
arr=($y[0-9])
- [[ ${#arr[@]} == "${lastn}" ]] || partition=true
+ [[ ${#arr[@]} == "$lastn" ]] || partition=true
for (( i=1; i <= lastn; i++ )); do
[[ -e ${dev}$i ]] || partition=true
done
for short_dev in ${short_devs[@]}; do
devs+=($(devbyid $short_dev))
done
-if [[ ! ${devs[@]} ]]; then
+if [[ ! ${devs[0]} ]]; then
echo "$0: error: failed to detect devs" >&2
exit 1
fi
break
fi
done
- $bad_disk || boot_devs+=(`bootdev`)
+ $bad_disk || boot_devs+=($(bootdev))
else
- boot_devs+=(`bootdev`)
+ boot_devs+=($(bootdev))
fi
if [[ $boot_devs && $first ]]; then
- first_grub_extdev=`grub_extdev`
+ first_grub_extdev=$(grub_extdev)
first=false
fi
done
# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
luks_dir=${LUKS_DIR:-/var/lib/fai/config/distro-install-common/luks}
-if [[ ! -e $luks_dir/host-$HOSTNAME ]]; then
- echo "$0: error: no key for hostname at $luks_dir/host-$HOSTNAME" >&2
- exit 1
+
+luks_file=$luks_dir/host-$HOSTNAME
+if [[ ! -e $luks_file ]]; then
+ hostkeys=($luks_dir/host-*)
+ # if there is only one key, we might be deploying somewhere
+ # where dhcp doesnt give us a proper hostname, so use that.
+ if [[ ${#hostkeys[@]} == 1 && -e ${hostkeys[0]} ]]; then
+ luks_file=${hostkeys[0]}
+ else
+ echo "$0: error: no key for hostname at $luks_file" >&2
+ exit 1
+ fi
fi
-lukspw=$(cat $luks_dir/iank)
-# # ian: disabled by chaning to tpnew while I use the tp host.
# # note, corresponding changes in /b/ds/keyscript-{on,off}
if ifclass tpnew; then
lukspw=$(cat $luks_dir/traci)
-fi
-if ifclass ziva; then
+elif ifclass BUSTER_LINODE; then
+ lukspw=$(cat $luks_dir/li)
+elif ifclass ziva; then
lukspw=$(cat $luks_dir/ziva)
-fi
-if ifclass demohost; then
+elif ifclass demohost; then
lukspw=x
+else
+ lukspw=$(cat $luks_dir/iank)
fi
mkdir -p /tmp/fai
root_devs=()
for dev in ${devs[@]}; do
- root_devs+=(`rootdev`)
+ root_devs+=($(rootdev))
done
shopt -s nullglob
if $partition; then
# wait at all. So I've added a 3 second minimum wait.
sleep 3
secs=0
- while [[ ! -e `rootdev` ]] && (( secs < 10 )); do
+ while [[ ! -e $(rootdev) ]] && (( secs < 10 )); do
sleep 1
secs=$((secs +1))
done
# to grubenv after booting, but that relies on the boot always succeeding.
# This is just a bit more robust, and it could work for booting
# into ipxe which can't persist data, if we ever got that working.
- mkfs.ext2 `grub_extdev`
+ mkfs.ext2 $(grub_extdev)
# when we move to newer than trisquel 8, we can remove
# --type luks1. We can also check on cryptsetup --help | less /compil
# to see about the other settings. Default in debian 9 is luks2.
# cryptsetup luksAddKey --pbkdf pbkdf2
# then remove the new format keys with cryptsetup luksRemoveKey
# then cryptsetup convert DEV --type luks1, then readd old keys and remove temp.
- yes YES | cryptsetup luksFormat `rootdev` $luks_dir/host-$HOSTNAME \
+ yes YES | cryptsetup luksFormat $(rootdev) $luks_file \
--type luks1 -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
yes "$lukspw" | \
- cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
- `rootdev` || [[ $? == 141 ]]
+ cryptsetup luksAddKey --key-file $luks_file \
+ $(rootdev) || [[ $? == 141 ]]
# background: Keyfile and password are treated just
# like 2 ways to input a passphrase, so we don't actually need to have
# different contents of keyfile and passphrase, but it makes some
# yes 'test' | cryptsetup luksRemoveKey /dev/... \
# /key/file || [[ $? == 141 ]]
- cryptsetup luksOpen `rootdev` `root-cryptname` \
- --key-file $luks_dir/host-$HOSTNAME
+ cryptsetup luksOpen $(rootdev) $(root-cryptname) \
+ --key-file $luks_file
if [[ $SPECIAL_DISK ]]; then
exit 0
bpart ${boot_devs[@]}
else
for dev in ${devs[@]}; do
- mkfs.ext2 `grub_extdev`
- cryptsetup luksOpen `rootdev` `root-cryptname` \
- --key-file $luks_dir/host-$HOSTNAME
+ mkfs.ext2 $(grub_extdev)
+ cryptsetup luksOpen $(rootdev) $(root-cryptname) \
+ --key-file $luks_file
done
sleep 1
fi
EOF
swaps=()
for dev in ${devs[@]}; do
- swaps+=(`swap-cryptname`)
+ swaps+=($(swap-cryptname))
cat >>/tmp/fai/crypttab <<EOF
-`root-cryptname` `rootdev` none keyscript=/root/keyscript,discard,luks
-`swap-cryptname` `swapdev` /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
+$(root-cryptname) $(rootdev) none keyscript=decrypt_keyctl,discard,luks,initramfs
+$(swap-cryptname) $(swapdev) /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
cat >> /tmp/fai/fstab <<EOF
-`swap-cryptdev` none swap sw 0 0
+$(swap-cryptdev) none swap sw 0 0
EOF
done
-# duplicated in UBUNTU
-PACKAGES install-norec
-debconf-utils
-file
-less
-rsync
-openssh-client openssh-server
-time
-procinfo
-locales
-console-setup kbd
-pciutils usbutils
-unattended-upgrades
-
-PACKAGES install STRETCH BUSTER
-apt-transport-https
-
# otherwise sshd takes like 10 seconds to start
PACKAGES install BUSTER
haveged
PACKAGES install CHROOT
linux-image-686-pae-
linux-image-amd64-
+initramfs-tools-core-
+dropbear-initramfs-
PACKAGES install AMD64
linux-image-amd64
grub-efi-arm64
linux-image-arm64
-# ian: This line is duplicated in UBUNTU
-# lsof is used in my btrfs util scritps.
-# netcat is used for proxy.
-# resolvconf because if we don't install it now we have to reboot for it to
-# take effect. This is explained when you do dpkg-reconfigure resolvconf,
-# and may be fixed in future releases
PACKAGES install GRUB_PC
-grub-pc cryptsetup btrfs-progs mbuffer sudo bridge-utils netcat-openbsd resolvconf lsof
+grub-pc
PACKAGES install GRUB_EFI
-grub-efi cryptsetup btrfs-progs mbuffer sudo bridge-utils netcat-openbsd resolvconf lsof
+grub-efi
PACKAGES install LVM
traceroute
ucf
xz-utils
+# ian standard packages
+# lsof is used in my btrfs util scritps.
+# netcat is used for proxy.
+# resolvconf because if we don't install it now we have to reboot for it to
+# take effect. This is explained when you do dpkg-reconfigure resolvconf,
+# and may be fixed in future releases
+keyutils
+cryptsetup
+btrfs-progs
+sudo
+bridge-utils
+netcat-openbsd
+resolvconf
+lsof
+debconf-utils
+file
+less
+rsync
+openssh-client openssh-server
+time
+procinfo
+locales
+console-setup kbd
+pciutils usbutils
+unattended-upgrades
+initramfs-tools-core
+dropbear-initramfs
+apt-transport-https
+
+# iank, copied from DEBIAN so it goes into ubuntu too
+PACKAGES install GRUB_PC
+grub-pc
+
+PACKAGES install GRUB_EFI
+grub-efi
-# duplicated in DEBIAN
-PACKAGES install-norec
-debconf-utils
-file
-less
-rsync
-openssh-client openssh-server
-time
-procinfo
-locales
-console-setup kbd
-pciutils usbutils
-unattended-upgrades
-
PACKAGES install I386
linux-image-generic
memtest86+
linux-image-generic
memtest86+
-# duplicated in DEBIAN
-PACKAGES install GRUB_PC
-grub-pc cryptsetup btrfs-progs mbuffer sudo bridge-utils netcat-openbsd resolvconf lsof
-
PACKAGES install FLIDAS64 XENIAL64
linux-image-generic-hwe-8.0
break
fi
done
- # This condition is only needed because the nfsroot I use
- # is based on Jessie, which has an old udev which can't
- # figure out the persistent interface name used in stretch.
- if ifclass VM; then NIC1=ens3; return; fi
if [[ ! $name ]]; then
echo "$0: error: could not find systemd predictable network name. Using $NIC1."
fi
elif [ -d $target/etc/network/interfaces.d ]; then
# ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
- if ifclass VM; then
+ if ifclass VM || ifclass BUSTER_LINODE; then
# note, this condition would apply to the elif below too,
# but I don't specify a static ip in fai, so not bothering
cat > $target/etc/network/interfaces <<-EOF
- # generated by FAI
- auto lo $NIC1
- iface lo inet loopback
- iface $NIC1 inet dhcp
+# generated by FAI
+auto lo $NIC1
+iface lo inet loopback
+iface $NIC1 inet dhcp
+iface $NIC1 inet6 auto
EOF
else
- cat > $target/etc/network/interfaces <<-EOF
- # generated by FAI
- auto lo br0
- iface lo inet loopback
- iface $NIC1 inet manual
- # make a bridge by default so we can have bridged vms.
- # Some example I read had stp on, but i don't need stp,
- # and it causes a vm to fail pxe boot, presumably unless
- # you add some delay.
- # http://wiki.libvirt.org/page/PXE_boot_%28or_dhcp%29_on_guest_failed
- iface br0 inet dhcp
- bridge_ports $NIC1
- bridge_stp off
- bridge_maxwait 0
+ cat > $target/etc/network/interfaces <<EOF
+# generated by FAI
+auto lo br0
+iface lo inet loopback
+iface $NIC1 inet manual
+# make a bridge by default so we can have bridged vms.
+# Some example I read had stp on, but i don't need stp,
+# and it causes a vm to fail pxe boot, presumably unless
+# you add some delay.
+# http://wiki.libvirt.org/page/PXE_boot_%28or_dhcp%29_on_guest_failed
+iface br0 inet dhcp
+ bridge_ports $NIC1
+ bridge_stp off
+ bridge_maxwait 0
EOF
fi
else
fi
fi
;;
+
+ if ifclass BUSTER_LINODE; then
+ f=/etc/initramfs-tools/initramfs.conf
+ ainsl $f
+ fi
+
esac
# here fcopy is mostly used, when installing a client for running in a
fi
chroot $FAI_ROOT bash <<'EOFOUTER'
+set -eE -o pipefail
if getent group systemd-journal >/dev/null; then
# makes the journal be saved to disk.
mkdir -p /var/log/journal
if [[ $FAI_ACTION != dirinstall ]]; then
- cat >$FAI_ROOT/etc/grub.d/40_custom <<'EOF'
+
+ if ifclass BUSTER_LINODE; then
+ speed=19200
+ # luks.crypttab=no see man systemd-cryptsetup-generator
+ cmdline="luks.crypttab=no console=ttyS0,${speed}n8"
+ else
+ speed=115200
+ cmdline="luks.crypttab=no console=ttyS0,${speed} console=tty0"
+ fi
+
+ cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
#!/bin/sh
-exec tail -n +3 $0
+exec tail -n +3 \$0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
# https://www.coreboot.org/Serial_console # tty
# but removed unneeded stuff
-serial --speed=115200
+serial --speed=$speed
terminal_input --append serial
terminal_output --append serial
EOF
- chroot $FAI_ROOT bash <<'EOF'
+
+
+ chroot $FAI_ROOT bash <<EOF
+set -eE -o pipefail
# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
-# it suggests not having plymouth-theme-ubuntu-text, but
-# making it not installed then kills plymouth, then makes
-# the system not boot.
-sed -ri 's/(^ *GRUB_CMDLINE_LINUX.*)quiet splash/\1/' /etc/default/grub
-
-# todo: not sure, but this might screw up systems without a serial port
-# and thus need a conditional.
-sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT="/\0console=ttyS0,115200 console=tty0 /' /etc/default/grub
+# we remove quiet and splash, and all thats left is what we want
+
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*"/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
# on xenial, no grub is displayed at all. fix that.
# found just by noticing this in the config file, and a
# warning about it in error.log
sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
update-grub2
+
+# Just include all of them for now incase we are creating
+# an install for a different machine.. in distro-begin, we
+# slim it down to whats used.
+find /lib/modules/*/kernel/drivers/net /lib/modules/*/kernel/net -type f -name '*.ko' -printf "%f\n" | sed 's/.ko$//' | sort -u >/etc/initramfs-tools/modules
+update-initramfs -u -k all
EOF
fi
# reading through the groups that iank is in but user2 isn't,
for g in plugdev audio video cdrom; do
- $ROOTCMD usermod -a -G $g user2
+ $ROOTCMD usermod -a -G $g user2
done
# ian: Added this from fai
# note, we could replace faiserver with an ip if we didn't want to mess with dns.
-# args are copied from myfai-chboot-local
+# args are copied from myfai-chboot-local.
+# Note, for a real cd or usb flash, we probably do not want reboot, so we can remove the disk
+# after install is done
menuentry "FAI server via dns" {
set gfxpayload=$resolution
- linux /boot/vmlinuz FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config root=/dev/nfs rw nfsroot=faiserver:/srv/fai/nfsroot,vers=3,nolock aufs rootovl ip=dhcp FAI_FLAGS=verbose,sshd,createvt
+ linux /boot/vmlinuz FAI_FLAGS=verbose,sshd,createvt,reboot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config root=/dev/nfs rw nfsroot=faiserver:/srv/fai/nfsroot,vers=3,nolock aufs rootovl ip=dhcp FAI_FLAGS=verbose,sshd,createvt
initrd /boot/initrd.img
}
-
menuentry "Autodiscover the FAI server" {
set gfxpayload=$resolution
- linux /boot/vmlinuz FAI_FLAGS="menu,verbose,createvt" fai.discover aufs rootovl root=/dev/nfs ip=dhcp quiet
+ linux /boot/vmlinuz FAI_FLAGS="menu,verbose,createvt,reboot" fai.discover aufs rootovl root=/dev/nfs ip=dhcp quiet
initrd /boot/initrd.img
}
--- /dev/null
+## grub2 configuration
+set default="Netinstall"
+set timeout=2
+set resolution=1024x768
+
+if loadfont /boot/grub/unicode.pf2 ; then
+ insmod png
+ set gfxmode=640x480
+ insmod gfxterm
+ insmod vbe
+ terminal_output gfxterm
+fi
+
+if background_image /boot/grub/fai.png ; then
+ set color_normal=black/black
+ set color_highlight=red/black
+ set menu_color_normal=black/black
+ set menu_color_highlight=black/yellow
+else
+ set menu_color_normal=white/black
+ set menu_color_highlight=black/yellow
+fi
+
+# make sure we can access partitions
+insmod part_msdos
+insmod part_gpt
+
+if [ ${iso_path} ] ; then
+ set loopback="findiso=${iso_path}"
+fi
+
+menuentry "" --unrestricted {
+ set gfxpayload=$resolution
+}
+menuentry " +------------------------------------------------------+" --unrestricted {
+ set gfxpayload=$resolution
+}
+
+menuentry " | Fully Automatic Installation |" --unrestricted {
+ set gfxpayload=$resolution
+
+}
+menuentry " | _VERSIONSTRING_ |" --unrestricted {
+ set gfxpayload=$resolution
+
+}
+menuentry " | (c) Thomas Lange lange@debian.org |" --unrestricted {
+ set gfxpayload=$resolution
+}
+menuentry " +------------------------------------------------------+" --unrestricted {
+ set gfxpayload=$resolution
+}
+}
+menuentry "" --unrestricted {
+ set gfxpayload=$resolution
+}
+
+menuentry "Netinstall" {
+ set gfxpayload=$resolution
+ linux /boot/vmlinuz console=ttyS0,19200n8 FAI_FLAGS="verbose,sshd,createvt,reboot" FAI_ACTION=install FAI_CONFIG_SRC=file:///var/lib/fai/config rd.live.image root=live:CDLABEL=FAI_CD rd.neednet ip=dhcp quiet
+ initrd /boot/initrd.img
+}
+
+
+menuentry "Boot OS of first partition on first disk" --unrestricted {
+ if [ -d (cd) ]; then
+ chainloader (hd0)+1
+ fi
+
+ if [ "$root" = "hd1" ]; then
+ chainloader (hd0)+1
+ fi
+
+ if [ "$root" = "hd0" ]; then
+ set root=(hd1)
+ chainloader (hd1)+1
+ fi
+}
--- /dev/null
+## grub2 configuration
+set default="Netinstall"
+set timeout=2
+set resolution=1024x768
+
+if loadfont /boot/grub/unicode.pf2 ; then
+ insmod png
+ set gfxmode=640x480
+ insmod gfxterm
+ insmod vbe
+ terminal_output gfxterm
+fi
+
+if background_image /boot/grub/fai.png ; then
+ set color_normal=black/black
+ set color_highlight=red/black
+ set menu_color_normal=black/black
+ set menu_color_highlight=black/yellow
+else
+ set menu_color_normal=white/black
+ set menu_color_highlight=black/yellow
+fi
+
+# make sure we can access partitions
+insmod part_msdos
+insmod part_gpt
+
+if [ ${iso_path} ] ; then
+ set loopback="findiso=${iso_path}"
+fi
+
+menuentry "" --unrestricted {
+ set gfxpayload=$resolution
+}
+menuentry " +------------------------------------------------------+" --unrestricted {
+ set gfxpayload=$resolution
+}
+
+menuentry " | Fully Automatic Installation |" --unrestricted {
+ set gfxpayload=$resolution
+
+}
+menuentry " | _VERSIONSTRING_ |" --unrestricted {
+ set gfxpayload=$resolution
+
+}
+menuentry " | (c) Thomas Lange lange@debian.org |" --unrestricted {
+ set gfxpayload=$resolution
+}
+menuentry " +------------------------------------------------------+" --unrestricted {
+ set gfxpayload=$resolution
+}
+}
+menuentry "" --unrestricted {
+ set gfxpayload=$resolution
+}
+
+menuentry "Netinstall" {
+ set gfxpayload=$resolution
+ linux /boot/vmlinuz console=ttyS0,19200n8 FAI_FLAGS="verbose,sshd,createvt" FAI_ACTION=install FAI_CONFIG_SRC=file:///var/lib/fai/config rd.live.image root=live:CDLABEL=FAI_CD rd.neednet ip=dhcp quiet
+ initrd /boot/initrd.img
+}
+
+
+menuentry "Boot OS of first partition on first disk" --unrestricted {
+ if [ -d (cd) ]; then
+ chainloader (hd0)+1
+ fi
+
+ if [ "$root" = "hd1" ]; then
+ chainloader (hd0)+1
+ fi
+
+ if [ "$root" = "hd0" ]; then
+ set root=(hd1)
+ chainloader (hd1)+1
+ fi
+}
--- /dev/null
+## grub2 configuration
+set default="Netinstall"
+set timeout=2
+set resolution=1024x768
+
+if loadfont /boot/grub/unicode.pf2 ; then
+ insmod png
+ set gfxmode=640x480
+ insmod gfxterm
+ insmod vbe
+ terminal_output gfxterm
+fi
+
+if background_image /boot/grub/fai.png ; then
+ set color_normal=black/black
+ set color_highlight=red/black
+ set menu_color_normal=black/black
+ set menu_color_highlight=black/yellow
+else
+ set menu_color_normal=white/black
+ set menu_color_highlight=black/yellow
+fi
+
+# make sure we can access partitions
+insmod part_msdos
+insmod part_gpt
+
+if [ ${iso_path} ] ; then
+ set loopback="findiso=${iso_path}"
+fi
+
+menuentry "" --unrestricted {
+ set gfxpayload=$resolution
+}
+menuentry " +------------------------------------------------------+" --unrestricted {
+ set gfxpayload=$resolution
+}
+
+menuentry " | Fully Automatic Installation |" --unrestricted {
+ set gfxpayload=$resolution
+
+}
+menuentry " | _VERSIONSTRING_ |" --unrestricted {
+ set gfxpayload=$resolution
+
+}
+menuentry " | (c) Thomas Lange lange@debian.org |" --unrestricted {
+ set gfxpayload=$resolution
+}
+menuentry " +------------------------------------------------------+" --unrestricted {
+ set gfxpayload=$resolution
+}
+}
+menuentry "" --unrestricted {
+ set gfxpayload=$resolution
+}
+
+menuentry "Netinstall" {
+ set gfxpayload=$resolution
+ linux /boot/vmlinuz console=ttyS0,19200n8 FAI_FLAGS="verbose,sshd,createvt" FAI_ACTION=sysinfo FAI_CONFIG_SRC=file:///var/lib/fai/config rd.live.image root=live:CDLABEL=FAI_CD rd.neednet ip=dhcp quiet
+ initrd /boot/initrd.img
+}
+
+
+menuentry "Boot OS of first partition on first disk" --unrestricted {
+ if [ -d (cd) ]; then
+ chainloader (hd0)+1
+ fi
+
+ if [ "$root" = "hd1" ]; then
+ chainloader (hd0)+1
+ fi
+
+ if [ "$root" = "hd0" ]; then
+ set root=(hd1)
+ chainloader (hd1)+1
+ fi
+}
if [[ -w /etc/exports ]]; then
sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports
cat >>/etc/exports <<EOF
-/srv/fai/config $ip(async,ro,no_subtree_check)
+/srv/fai/config $ip(async,ro,no_subtree_check,no_root_squash)
/srv/fai/nfsroot $ip(async,ro,no_subtree_check,no_root_squash)
EOF
exportfs -ra
option family ipv6
config rule
- option name http-ipv6
+ option name https-ipv6
option src wan
option dest lan
- option dest_port 80
+ option dest_port 443
option target ACCEPT
option family ipv6
iankelling.org / git / automated-distro-installer / commitdiff