After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
+# Prerequesites:
+
+<https://savannah.nongnu.org/git/?group=bash-bear-trap>
+git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git
+sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear
+
+
# Scripts (meant to be used directly):
mymk-basefile # Create basefiles for various distros
archlike-pxe # Setup pxe boot server from an archlike base image
-fai-redep # Deploy fai configuration to host "faiserver"
+fai-redep # Deploy fai configuration to host "faiserver.b8.nz"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
-#!/bin/bash -x
+#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is free software; you can redistribute it and/or
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
+
+set -x
export HOSTNAME="$1"
mirror=$2
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
set -x
+++ /dev/null
-fai/config/files/boot/bash-trace/DEFAULT
\ No newline at end of file
# WARNING: outdated! needs docs and update to debian-stretch
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-src=$(readlink -f "${BASH_SOURCE%/*}")
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
e() { echo "$*"; "$@"; }
e rm -rf debian-wheezy
mkdir debian-wheezy
cd debian-wheezy
-e $src/debian-preseed "$@" # my script
+e $this_dir/debian-preseed "$@" # my script
cd ..
e rm -f tftpboot
e ln -s debian-wheezy tftpboot
cd /
e umount $mount_dir
-e $src/pxe-server default plain # my script
+e $this_dir/pxe-server default plain # my script
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-source bash-trace
usage() {
- cat <<EOF
-usage: ${0##*/} [OPTIONS] [HOST]
+ cat <<'EOF'
+usage: fai-redep [OPTIONS] [HOST]
Deploy fai config (the one in nfs) to HOST or default faiserver
Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
case $1 in
-d) distro=$2; shift ;;
-t) target=$2; shift ;;
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
--) shift; break ;;
*) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
shift
done
-host=${1:-faiserver}
+host=${1:-faiserver.b8.nz}
readonly host distro target
##### end command line parsing ########
-m() { printf "$pre %s\n" "$*"; "$@"; }
+m() { printf "fai-redep: %s\n" "$*"; "$@"; }
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
# faiserver_host=$host
faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
+
+rsrv() {
+ local -a opts
+ while [[ $2 ]]; do
+ opts+=("$1")
+ shift
+ done
+ m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1"
+}
+rpath=/srv
if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
- rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:)
+ ropts=(-e "ssh -F $HOME/.ssh/confighome")
+ rpath="root@$faiserver_host:/srv"
faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
fi
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
+rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /
# todo: automatically disable faiserver after a period so
# these files are not available.
+
if [[ $target ]]; then
secret_files=(luks/$target luks/host-$target shadow/$target)
exists=false
- secret_exists=()
for f in ${secret_files[@]}; do
if [[ -e /q/root/$f ]]; then
exists=true
for f in ${secrets_to_send[@]}; do
echo $f
done
- } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common
+ } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common
fi
else
- rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common
fi
-rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common
+rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
- rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common
fi
. /a/bin/distro-setup/pkgs
-pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
+tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro)
+declare -a pall
+for p in $tmpstr; do
+ pall+=($p)
+done
printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
PATH="$PATH:$PWD"
e() { echo "$*"; "$@"; }
rm -f /tmp/fai-revm-did-pxe
-if ! ip l show br0 &>/dev/null; then
- cat <<'EOF'
-fai-rvm error: no bridge detected. add one to interfaces like this:
-iface eth0 inet manual
-iface br0 inet dhcp
- bridge_ports eth0
- bridge_stp off
- bridge_maxwait 0
-EOF
- exit 1
+if ip l show br0 &>/dev/null; then
+ net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad"
+else
+ # if this computer has ethernet, we could setup a br0 like so:
+ # cat <<'EOF'
+ # fai-rvm error: no bridge detected. add one to interfaces like this:
+ # iface eth0 inet manual
+ # iface br0 inet dhcp
+ # bridge_ports eth0
+ # bridge_stp off
+ # bridge_maxwait 0
+ # EOF
+
+ # if we only have wifi, cant use eth0
+ net_arg="-w network=default,mac=52:54:00:9c:ef:ad"
fi
-if [[ $script_dir == /a/bin/* ]]; then
+if [[ $this_dir == /a/bin/* ]]; then
# Copy our script elsewhere so we can develop it
# and save it at the same time it's running
rm -rf /tmp/faifreeze
fi
boot_arg="--cdrom $isopath"
e fai-redep
- cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys
+ /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub
e myfai-chboot default
fi
# I don't think these variants actually make a diff for us, but I
e virsh undefine $name ||:
sleep 1
-
+## begin virtual disk creation ##
disk_arg=()
for ((i=1; i <= disk_count; i++)); do
f=/var/lib/libvirt/images/${name}$i
e qemu-img create -o preallocation=metadata -f qcow2 $f 50G
fi
done
+## end virtual disk creation ##
if [[ $SSH_CLIENT ]]; then
console_arg=--noautoconsole
e systemctl start libvirtd
e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \
- ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+ ${disk_arg[*]} $net_arg $reboot_arg \
--graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# For using some fai commands outside of fai.
# Usually this is sourced from another script. Note this has
ifclass() {
local var=${1/#/CLASS_}
- [[ $HOSTNAME == $1 || ${!var} ]]
+ [[ $HOSTNAME == "$1" || ${!var} ]]
}
fai-setclass() {
for class in "$@"; do
# when downloading from https intead of nfs, this is not set,
# it is used as the default for LOGSERVER, and for calling chboot.
# My faiserver's hostname is always faiserver, so just hardcoding it.
-SERVER=faiserver
+# I used bare host in the past, thinking that I could vary this
+# between different networks I was on, but it is simpler to just
+# user an internet domain that I control.
+SERVER=faiserver.b8.nz
# busted for debian, no time to troubleshoot atm
#APTPROXY=http://faiserver:3142
--- /dev/null
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# usage $0 [-c] [off]
+# off: Turn off static ip.
+# -c config only, don't tell networkmanager to change anything
+# -f force interface reup
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+m() { printf "%s\n" "$*"; "$@"; }
+
+## begin arg parsing ##
+
+force=false
+conf_only=false
+comment='# iank file id: ethusb-dhcp-v1'
+off=false
+while [[ $1 ]]; do
+ case $1 in
+ -c)
+ conf_only=true
+ ;;
+ -f)
+ force=true
+ ;;
+ off)
+ off=true
+ comment='# iank file id: ethusb-static-v1'
+ ;;
+ *)
+ echo "$0: error unexpected argument: $1" >&2
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+## end arg parsing ##
+
+
+shopt -s nullglob
+
+# we already configured the interface once, afterwards, comment and
+# uncomment to enable/disable. This makes it so we don't depend on /p
+# being mounted.
+
+conf=/etc/NetworkManager/system-connections/ethusb-static.nmconnection
+if ! $force && [[ -s $conf ]] && grep -qFx "$comment" $conf; then
+ # we already ran successfully in the past to set things this way, so
+ # do nothing.
+ exit 0
+fi
+
+
+if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ # we are at_home=true
+
+ while read -r ip_suf host mac; do
+ if [[ $mac != usb ]]; then
+ continue
+ fi
+ if [[ $host == ${HOSTNAME}c ]]; then
+
+ net_info="address1=10.2.0.$ip_suf/16,10.2.0.1
+dns=8.8.8.4;8.8.8.8;"
+
+ break
+ fi
+ done </p/c/host-info
+
+ if [[ ! $ip_suf ]]; then
+ echo "$0: error: failed to find ${HOSTNAME}c ip suffix in /p/c/host-info"
+ exit 1
+ fi
+else
+ if ! type -p dig &>/dev/null; then
+ apt-get install dig
+ fi
+ ip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
+ net_info="address1=$ip/24,192.168.0.1
+dns=192.168.0.10;192.168.0.25;"
+fi
+
+wiredx=
+
+# device that has an eth0, but we aren't using it because it is
+# broken. We could just hardcode a mac comparison with `cat
+# /sys/class/net/eth0/address` but this is cooler.
+if [[ -e /sys/class/net/eth0 ]]; then
+ bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
+ if [[ $bus_info != usb* ]]; then
+ wiredx=2
+ fi
+fi
+
+ethx=$(( wiredx - 1 ))
+
+
+
+uuid=$(nmcli con show "Wired connection $wiredx" 2>/dev/null | awk '$1 == "connection.uuid:" {print $2}' ||:)
+if [[ ! $uuid ]]; then
+ # just a uuid that nm generated for me at some point
+ uuid=0da4c614-6a3c-3ad2-8d4b-c6eebe0814c3
+fi
+
+
+# This template is the result of running, for example
+# nmcli con mod "Wired connection 1" \
+ # ipv4.addresses "10.2.0.23/24" \
+ # ipv4.gateway "10.2.0.1" \
+ # ipv4.dns "8.8.8.4,8.8.8.8"
+
+# which creates a fille named "Wired connection 1.nmconnection",
+# below. I see no reason to keep the same file name, or a bunch of
+# setting that seem irrelevant, and empty sections don't seem to do
+# anything according to the man page.
+
+# [connection]
+# id=Wired connection 2
+# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7
+# type=ethernet
+# interface-name=eth1
+# timestamp=1715728264
+
+# [ethernet]
+
+# [ipv4]
+# address1=10.2.0.23/16,10.2.0.1
+# dns=8.8.8.4;8.8.8.8;
+# method=manual
+
+# [ipv6]
+# addr-gen-mode=stable-privacy
+# method=auto
+
+# [proxy]
+
+{
+ cat <<EOF
+[connection]
+id=Wired connection $wiredx
+uuid=$uuid
+type=ethernet
+interface-name=eth$ethx
+
+[ipv4]
+EOF
+ if $off; then
+ cat <<'EOF'
+method=auto
+EOF
+ else
+ cat <<EOF
+$net_info
+method=manual
+EOF
+ fi
+} | install -T -m0600 /dev/stdin $conf
+
+if ! $conf_only; then
+ state=$(nmcli con show $uuid 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}' ||:)
+
+ reup=false
+ if [[ $state == activated ]]; then
+ reup=true
+ fi
+
+ m nmcli con reload
+
+ if $reup; then
+ m nmcli con down $uuid
+ m nmcli con up $uuid
+ fi
+fi
+
+if ! grep -F "$comment" $conf; then
+ printf "%s\n" "$comment" >>$conf
+fi
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-set -x
+# default
+kernel_ver='6\.6'
+case $1 in
+ stable)
+ # note: update kernel_ver when we are ready to jump to a new stable kernel.
+ # Stable kernels are listed here: https://www.kernel.org/category/releases.html
+ kernel_ver='6\.6'
+ ;;
+ unstable)
+ kernel_ver='[1-9]'
+ ;;
+esac
+
prereqs=()
for p in wget curl; do
tmpdir=$($ROOTCMD mktemp -d) || exit
+# shellcheck disable=SC2154 # defined by fai
outertmp=$target/$tmpdir
trap 'cd; rm -rf "$outertmp"' EXIT
cd $outertmp
-# update stable_ver when we are ready to jump to a new stable kernel.
-# Stable kernels are listed here: https://www.kernel.org/category/releases.html
-stable_ver='6\.6'
-# Actually, I dont want stable right now. comment this out to get stable
-# version.
-stable_ver='[1-9]'
-va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
- sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
- grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
+# We get 10 versions cuz maybe the latest directory (or few) get created but not populated.
+tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \
+ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
+ grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10)
+mapfile -t latest_versions <<<"$tmps"
-# note the wiki page about these says to install linux-headers.*generic.*amd64, but
-# as of 2024, they have a requirement of a very new glibc, and people report
-# that installing it is not needed.
-tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' )
-mapfile -t pkgs <<<"$tmpstr"
+for va in "${latest_versions[@]}"; do
+ sleep .2 # be nice
+ # note the wiki page about these says to install linux-headers.*generic.*amd64, but
+ # as of 2024, they have a requirement of a very new glibc, and people report
+ # that installing it is not needed.
+ tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' )
+ if [[ $tmpstr ]]; then
+ mapfile -t pkgs <<<"$tmpstr"
+ break
+ fi
+done
if (( ${#pkgs[@]} != 3 )); then
echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
+++ /dev/null
-#!/bin/bash
-# Bash Error Handler
-# Copyright (C) 2020 Ian Kelling <ian@iankelling.org>
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# This is a single file library, just source this file. When an error
-# happens, we print a stack trace then exit. In an interactive shell, we
-# return from functions instead of exiting. If err-cleanup is a command,
-# it runs before the stack trace. Functions are documented inline below
-# for additional use cases.
-#
-# Note: occasionally the line numbers are off a bit (at least in Bash
-# 5.0). This appears to be a bash bug. I plan to report it next time it
-# happens to me.
-#
-# Please email me if you use this or have anything to contribute. I'm
-# not aware of any users yet Ian Kelling <ian@iankelling.org>.
-#
-# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and
-# 5.0.17(1)-release (x86_64-pc-linux-gnu).
-#
-# Related: see my bash script template repo at https://iankelling.org/git.
-
-
-# TODO: investigate to see if we can format output betting in case of
-# subshell failure. Right now, we get independent trace from inside and
-# outside of the subshell. Note, errexit + inherit_errexit doesn't have
-# any smarts around this either.
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-
-#######################################
-# err-catch: Setup trap on ERR to print stack trace and exit (or return
-# if the shell is interactive). This is the most common use case so we
-# run it after defining it, you can call err-allow to undo that.
-#
-# This also sets pipefail because it's a good practice to catch more
-# errors.
-#
-# Note: In interactive shell, stack calling line number is not
-# available, so we print function definition lines.
-#
-# Note: This works like set -e, which has one unintuitive feature: If
-# you use a function as part of a conditional, eg: func && come_cmd, a
-# failed command within func won't trigger an error.
-#
-# Globals
-#
-# err_catch_ignore Array containing glob patterns to test against
-# filenames to ignore errors from in interactive
-# shell. Initialized to ignore bash-completion
-# scripts on debian based systems.
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-# _err_func_last Used internally in err-bash-trace-interactive
-#
-#######################################
-err-catch() {
- set -E;
- if [[ $- == *i* ]]; then
- if ! test ${err_catch_ignore+defined}; then
- err_catch_ignore=(
- '/etc/bash_completion.d/*'
- '*/bash-completion/*'
- )
- fi
- declare -i _err_func_last=0
- if [[ $- != *c* ]]; then
- shopt -s extdebug
- fi
- # shellcheck disable=SC2154
- trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR
- else
- # Man bash on exdebug: "If set at shell invocation, arrange to
- # execute the debugger". We want to avoid that, but I want this file
- # to be sourceable from bash startup files. noninteractive ssh and
- # sources .bashrc on invocation. login_shell sources things on
- # invocation.
- #
- # extdebug allows us to print function arguments in our stack trace.
- if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then
- shopt -s extdebug
- fi
- trap err-exit ERR
- fi
- set -o pipefail
-}
-# This is the most common use case so run it now.
-err-catch
-
-#######################################
-# Undo err-catch/err-catch-interactive
-#######################################
-err-allow() {
- shopt -u extdebug
- set +E +o pipefail
- trap ERR
-}
-
-#######################################
-# err-exit: Print stack trace and exit
-#
-# Use this instead of the exit command to be more informative.
-#
-# usage: err-exit [-EXIT_CODE] [MESSAGE]
-#
-# EXIT_CODE Default: $? if it is nonzero, otherwise 1.
-# MESSAGE Print MESSAGE to stderr. Default:
-# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $?
-#
-# Globals
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-#######################################
-err-exit() {
- # vars have _ prefix so that we can inspect existing set vars without
- # too much overwriting of them.
- local _err=$? _pipestatus="${_pipestatus[*]}"
-
- # This has to come before most things or vars get changed
- local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err"
- local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right.
-
- if [[ $_pipestatus != "$_err" ]]; then
- _msg+=", PIPESTATUS: $_pipestatus"
- fi
- set +x
- if [[ $1 == -* ]]; then
- _err=${1#-}
- shift
- elif (( ! _err )); then
- _err=1
- fi
- if [[ $1 ]]; then
- _msg="$1"
- fi
-
- ## Begin printing vars from within BASH_COMMAND ##
- local _var _chars _l
- local -A _vars
- while [[ $_cmdr ]]; do
- _chars="${#_cmdr}"
- _cmdr="${_cmdr#*$}"
- _cmdr="${_cmdr#{}"
- if (( _chars == ${#_cmdr} )); then
- break
- fi
- _var="${_cmdr%%[^a-zA-Z0-9_]*}"
- if [[ ! $_var || $_var == [0-9]* ]]; then
- continue
- fi
- _vars[${_var}]=t
- done
- #echo "iank ${_vars[*]}"
- #set |& grep ^password
- # in my small test, this took 50% longer than piping to grep.
- # That seems a small enough penalty to stay in bash here.
- if (( ${#_vars[@]} )); then
- set |& while read -r _l; do
- for _var in "${!_vars[@]}"; do
- case $_l in
- ${_var}=*) printf "%s\n" "$_l" >&2 ;;
- esac
- done
- done
- fi
- ## End printing vars from within BASH_COMMAND ##
-
- printf "%s\n" "$_msg" >&2
- err-bash-trace 2
- set -e # err trap does not work within an error trap
- if type -t err-cleanup >/dev/null; then
- err-cleanup
- fi
- printf "%s: exiting with status %s\n" "$0" "$_err" >&2
- exit $_err
-}
-
-#######################################
-# Print stack trace
-#
-# usage: err-bash-trace [FRAME_START]
-#
-# This function is called by the other functions which print stack
-# traces.
-#
-# It does not show function args unless you first run:
-# shopt -s extdebug
-# which err-catch does for you.
-#
-# FRAME_START Optional variable to set before calling. The frame to
-# start printing on. default=1. If ${#FUNCNAME[@]} <=
-# FRAME_START + 1, don't print anything because we are at
-# the top level of the script and better off printing a
-# general message, for example see what our callers print.
-#
-#######################################
-err-bash-trace() {
- local -i argc_index=0 frame i frame_start=${1:-1}
- local source_loc
- if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then
- return 0
- fi
- for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do
- argc=${BASH_ARGC[frame]}
- argc_index+=$argc
- if ((frame < frame_start)); then continue; fi
- if (( ${#BASH_SOURCE[@]} > 1 )); then
- source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:"
- fi
- printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc_index-1; i >= argc_index-argc; i--)); do
- printf " %s" "${BASH_ARGV[i]}" >&2
- done
- fi
- echo \' >&2
- done
- return 0
-}
-
-#######################################
-# Internal function for err-catch. Prints stack trace from interactive
-# shell trap.
-#
-# Usage: see err-catch-interactive
-#######################################
-_err-bash-trace-interactive() {
- if (( ${#FUNCNAME[@]} <= 1 )); then
- return 0
- fi
-
- for pattern in "${err_catch_ignore[@]}"; do
- # shellcheck disable=SC2053
- if [[ ${BASH_SOURCE[1]} == $pattern ]]; then
- return 0
- fi
- done
-
- local ret bash_command argc pattern i last
- last=$_err_func_last
- _err_func_last=${#FUNCNAME[@]}
- # We have these passed to us because they are lost inside the
- # function.
- ret=$1
- pipestatus="$2"
- bash_command="$3"
- argc=$(( $4 - 1 ))
- shift 4
- argv=("$@")
- # The trap returns a nonzero, then gets called again. This condition
- # tells us if is that has happened by checking if we've gone down a
- # stack level.
- if (( _err_func_last >= last )); then
- printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2
- if [[ $pipestatus != "$ret" ]]; then
- printf ", PIPESTATUS: %s" "$pipestatus" >&2
- fi
- echo >&2
- fi
- printf " from \`%s" "${FUNCNAME[1]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc; i >= 0; i--)); do
- printf " %s" "${argv[i]}" >&2
- done
- fi
- printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2
- if [[ -t 1 ]]; then
- return $ret
- else
- # Part of an outgoing pipe, avoid getting get us stuck in a weird
- # subshell if we returned nonzero, which would happen in a situation
- # like this:
- #
- # tf() { while read -r line; do :; done < <(asdf); };
- # tf
- #
- # Note: exit $ret also avoids the stuck subshell problem, and I
- # can't notice any difference, but this seems more proper.
- return 0
- fi
-}
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"
-f="${x%/*}/bash-trace"
-if [[ -e $f ]]; then
- source $f
-else
- source ${x%/*}/../bash-trace/DEFAULT
-fi
-
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
usage() {
- cat <<EOF
-Usage: ${0##*/} [OPTIONS] DISTRO_NAME
+ cat <<'EOF'
+Usage: chboot [OPTIONS] DISTRO_NAME
Set grub to boot into a different distro, and reboot unless -r
With no argument, print available distros
case $1 in
-d) set -x; shift ;;
-r) reboot=false; shift ;;
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
--) shift; break ;;
*) echo "$0: Internal error!" ; exit 1 ;;
esac
if fsf; then
root_mib=40000
+ elif ifclass demohost; then
+ # just randomish numbers that seem ok for testing.
+ root_mib=25000
+ o_mib=1000
else
# This would maximize it, but we are going for a separate filesystem in /o,
# so use fixed sizes to allow both to grow
else
for dev in $BOOT_DEVICE; do
mbrdev=$(get_stable_devname $dev)
- if [ -z "$mbrdevices" ]; then
+ if [ -z "$mbrdev" ]; then
# if we cannot find a persistent name (for e.g. in a VM) use old name
- mbrdevices+="$dev, "
+ mbrdev="$dev"
fi
+ mbrdevices+="$mbrdev, "
echo "Installing grub on $dev = $mbrdev"
$ROOTCMD grub-install --no-floppy "$mbrdev"
done
exit 1
fi
+# ignore this line. hack to make shellcheck ignore $target
+if [[ ! $target ]]; then target=; fi
+
if ! type -t fcopy &>/dev/null; then
sudo apt-get -y install fai-client
fi
[main]
dns=systemd-resolved
EOF
+
+
+ if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then
+ # for running from fai or remote connections, don't kill the internet
+ ethusb_arg=-c
+ fi
+ if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ # we are at_home
+ $FAI/distro-install-common/ethusb-static $ethusb_arg
+ else
+ $FAI/distro-install-common/ethusb-static off $ethusb_arg
+ fi
+
+
else
cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
if ifclass LINODE; then
mkdir -p $target/etc/initramfs-tools/conf.d
+ # shellcheck disable=SC2154 # comes with LINODE environment
cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
# man 5 initramfs.conf
$ROOTCMD usermod -a -G $g user2
done
-
## begin get new kernel and btrfs-progs ##
case $HOSTNAME in
sy|so)
- $FAI/distro-install-common/install-stable-kernel-debs
+ # on sy t11, severe wifi degredation on 6.8
+ # on so t11, no x11 display on 6.8
+ $FAI/distro-install-common/install-mainline-kernel-debs stable
;;
*)
- $ROOTCMD apt-get -y install linux-libre
+ if ! $ROOTCMD dpkg -s -- freesh-archive-keyring 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ apt-get -y install wget
+ wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb
+ $ROOTCMD dpkg -i /tmp/x.deb
+ $ROOTCMD apt-get update
+ $ROOTCMD apt-get -y install linux-libre
+ fi
;;
esac
#!/bin/bash
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
-source "${script_dir}/bash-trace"
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-Usage: ${0##*/}
+ cat <<'EOF'
+Usage: faiserver-disable
Disable the fai nfs server exports
EOF
exit $1
-faiserver_addr=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
+faiserver_addr=$(host faiserver.b8.nz | sed -rn 's/^\S+ has address //p;T;q' ||:)
if ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
echo "$0: disabling fai nfs exports or apache site"
./faiserver-disable-local
else
- echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site"
- ssh root@$(chost faiserver) bash <faiserver-disable-local
+ echo "$0: sshing to $(chost faiserver.b8.nz) to disable fai nfs exports or apache site"
+ ssh root@$(chost faiserver.b8.nz) bash <faiserver-disable-local
fi
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e; . /usr/local/lib/bash-bear; set +e
usage() {
cat <<EOF
-usage: ${0##*/} [-h|--help]
+usage: this-script [-h|--help]
Create a vm which is a fai server.
This assumes you've set the dhcp server to make 52:54:00:56:09:f9 be
exit $1
}
case $1 in
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
+ *) usage 1 ;;
esac
err-cleanup() { pxe-server :; }
sleep $((60*6)) # takes like 10x as long as a fai install!
opts="-oStrictHostKeyChecking=false -oUserKnownHostsFile=/dev/null"
-while ! scp $opts faiserver-setup root@faiserver:; do
+while ! scp $opts faiserver-setup root@faiserver.b8.nz:; do
sleep 5
done
err-cleanup() { :; }
./pxe-server
-ssh $opts root@faiserver ./faiserver-setup
+ssh $opts root@faiserver.b8.nz ./faiserver-setup
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+set -e; . /usr/local/lib/bash-bear; set +e
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
usage() {
cat <<'EOF'
-usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]
+usage: faiserver-setup [-h|--help] [BASE_CODENAME] [ARCH]
install fai-server on the current machine
Initial setup of a fai server. works on localhost. Set's the current ip
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
esac
-e() { echo "+ $@"; "$@"; }
+e() { echo "+ $*"; "$@"; }
base=${1:-bookworm}
exit 1
fi
-basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.zst)
+basefile=$BASEFILE_DIR/${base^^}${arch^^}.tar.zst
sed="sed -ri --follow-symlinks"
if [[ ! -e $basefile ]]; then
NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
- # test if our copy of setup_tftp has changed in fai-make-nfsroot,
- # and if not, run it.
+ # setup_tftp is copied from fai-make-nfsroot,
+ # todo: need to check for an update, and we had an unused variable in ours: $v
setup_tftp(){
# tftp environment
echo "$0: error: No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
exit 1
fi
- cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
+ cp -p $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
cp -u $pxebin $TFTPROOT
if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
fi
- if [ X$verbose = X1 ]; then
- echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
- fi
}
- diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
-type setup_tftp
-EOF
- )
e setup_tftp
# -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
tee -a /var/log/fai/variables <<'EOF'
LOGUSER=fai
FAI_CONFIGDIR=/srv/fai/config
-FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
+FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config
EOF
# make the faiserver also the apt proxy server
# apt-get -y install apt-cacher-ng
keyscan_arg="-p 8989"
fi
key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
-for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
+for ip in faiserver.b8.nz $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
# the logsave prompted because the hostname faiserver was uknown.
# Here it was faiserver.lan when running from a faiserver vm.
# When running from a normal host with faiserver alias, it was the normal hosts name.
-$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts
# ditch the logo banner up top which screws with less.
touch /srv/fai/nfsroot/.nocolorlogo
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help]
+ cat <<'EOF'
+usage: this-script [-h|--help]
uninstall fai-server
EOF
exit $1
}
case $1 in
- -h|--help) usage ;;
+ -h|--help) usage 0 ;;
+ *) usage 1 ;;
esac
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+set -e; . /usr/local/lib/bash-bear; set +e
usage() {
cat <<EOF
# args are copied from myfai-chboot-local.
# Note, for a real cd or usb flash, if it is the default boot device, we would need to remove the disk
# after install is done very quickly, or else remove the reboot arg here
-menuentry "FAI server via dns" {
+menuentry "FAI server via dns to faiserver.b8.nz" {
set gfxpayload=$resolution
search --set=root --file /FAI-CD
- linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt,reboot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config root=/dev/nfs nfsroot=faiserver:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
+ linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt,reboot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config root=/dev/nfs nfsroot=faiserver.b8.nz:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
initrd /boot/initrd.img
}
menuentry "FAI server via dns, no reboot" {
set gfxpayload=$resolution
search --set=root --file /FAI-CD
- linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config root=/dev/nfs nfsroot=faiserver:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
+ linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config root=/dev/nfs nfsroot=faiserver.b8.nz:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
initrd /boot/initrd.img
}
+menuentry "FAI server via 192.168.122.1, no reboot" {
+ set gfxpayload=$resolution
+ search --set=root --file /FAI-CD
+ linux /boot/vmlinuz libata.force=noncq FAI_FLAGS=verbose,sshd,createvt FAI_CONFIG_SRC=nfs://192.168.122.1/srv/fai/config root=/dev/nfs nfsroot=192.168.122.1:/srv/fai/nfsroot,vers=3,nolock rootovl ip=dhcp
+ initrd /boot/initrd.img
+}
+
+
# ro,noatime,vers=3,rsize=1048576,wsize=same,namelen=255,hard,nolock,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.2.0.2,nountvers=3,mountport=49179,mountproto=udp,lock_lock=all,addr=10.2.0.2
menuentry "Autodiscover the FAI server" {
search --set=root --file /FAI-CD
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+set -e; . /usr/local/lib/bash-bear; set +e
usage() {
- cat <<EOF
-Usage: ${0##*/} [-h|--help]
+ cat <<'EOF'
+Usage: isntall-chboot [-h|--help]
reinstall chboot to /boot subvols, for chboot updates.
We install to /boot in case there is an issue booting and only the /boot
vol is readily available. For the bootstrap subvol, this is the normal
case.
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
e mount -o subvolid=0 $boot_dev $mount_point
shopt -s nullglob
-for dir in $mount_point/*; do
+for dir in "$mount_point"/*; do
btrfs subvol show $dir &>/dev/null || continue
if [[ -e $dir/boot ]]; then
dir=$dir/boot
fi
- e install -m 755 -o root -g root bash-trace $dir
e install -m 755 -o root -g root chboot $dir
done
e umount $mount_point
# I don't know whats going on, but just running the same
# command again once it finishes works, and this is only
# rarely used and done manually anyways, so whatever.
-pxe-kexec -n --ignore-whitelist -l fai-generated faiserver
+pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+PATH="$this_dir:$PATH" # directory of this file
usage() {
cat <<EOF
exit $1
}
-read distver <<<"$@"
+read -r distver <<<"$@"
if [[ $# != 1 ]]; then
echo "$0: error: expected one argument"
# config umount required after a failed run, proc umount always required
umount /var/lib/fai/config ||: ; umount -R $t/proc ||:
-fai-redep faiserver $distro
+fai-redep faiserver.b8.nz $distro
echo "echo $classes" > /srv/fai/config/class/51-multi-boot
rm -rf $t; mkdir -p $t
+# shellcheck disable=SC1007 # intentional
LANG= fai -N -u hostname_does_not_matter dirinstall $t
# Turn a dirinstall into a basefile. taken from mk-basefile
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-usage: ${0##*/} [OPTIONS] [HOSTNAME|IP|default]
+ cat <<'EOF'
+usage: myfai-chboot [OPTIONS] [HOSTNAME|IP|default]
-Sets up tftp pxe config and nfs server on host "faiserver".
+Sets up tftp pxe config and nfs server on host "faiserver.b8.nz".
If our kernel has no nfs support, uses apache intead of nfs, and depends
on another repo of Ian Kelling, basic-https-conf, where the file is at
-h|--help Print help and exit.
EOF
- exit $1
+ exit 0
}
case $1 in
-h|--help) usage ;;
esac
-faiserver_addr=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
-host=$(./chost faiserver)
+faiserver_addr=$(host faiserver.b8.nz | sed -rn 's/^\S+ has address //p;T;q' ||:)
+host=$(./chost faiserver.b8.nz)
if ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
./myfai-chboot-local "$@"
else
fi
if modprobe nfsd &>/dev/null; then
- std_arg="-u nfs://faiserver/srv/fai/config"
+ std_arg="-u nfs://faiserver.b8.nz/srv/fai/config"
# nfsv4 wont do rw with overlayfs yet
# https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
fi
systemctl start nfs-server # assumes recent os
else
- std_arg="-u http://faiserver:8080/config.tar.gz"
- root_arg="live:http://faiserver:8080/squash.img"
- /a/exe/web-conf -i -p 8080 - apache2 faiserver <<EOF
+ std_arg="-u http://faiserver.b8.nz:8080/config.tar.gz"
+ root_arg="live:http://faiserver.b8.nz:8080/squash.img"
+ /a/exe/web-conf -i -p 8080 - apache2 faiserver.b8.nz <<EOF
<Location />
Deny from all
Allow from $ip
default_k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
-# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
+# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install
# https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
# currently on needed on d16 samsung 870 qvo, but better to have this
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-script_dir="${x%/*}"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-Usage: ${0##*/} [-h|--help] [mk-basefile_args]
+ cat <<'EOF'
+Usage: mymk-basefile [-h|--help] [mk-basefile_args]
Wrap fai's mk-basefile so output dir is $BASEFILE_DIR if it exists.
And fix things for trisquel. mk-basefile has a trisquel mirror added.
Usage of mk-basefile:
EOF
- $script_dir/fai/config/basefiles/mk-basefile -h
- exit $1
+ $this_dir/fai/config/basefiles/mk-basefile -h
+ exit 0
}
case $1 in
if awk '$2 == "/tmp" && $4 ~ /nodev/' /proc/mounts | grep -q . || [[ $? == 141 ]]; then
$s mount -o remount,dev /tmp
fi
-$s $script_dir/fai/config/basefiles/mk-basefile "$@"
+$s $this_dir/fai/config/basefiles/mk-basefile "$@"
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
PATH="$PATH:$PWD"
if $fsf_office; then
if [[ ! $cmd ]]; then
e "removing pxe for $host on tarantula"
+ # shellcheck disable=SC2087 # shellcheck being dumb
ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
EOF
elif [[ $cmd == fai ]]; then
e "adding pxe for $host on tarantula"
+ # shellcheck disable=SC2087 # shellcheck being dumb
ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help] [HOST/IP] [wrt-setup-local_ARGS]
+ cat <<'EOF'
+usage: wrt-setup [-h|--help] [HOST/IP] [wrt-setup-local_ARGS]
setup my router in general: dhcp, dns, etc.
Default HOST is 10.0.0.1 or 10.2.0.1 if they are the gateway, otherwise
opkg install /root/bash_5.0-3_mips_24kc.ipk
EOF
wrt-setup-local -h
- exit $1
+ exit 0
}
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-f=/usr/local/lib/bash-bear;test -r $f || { echo "error: $0 no $f" >&2;exit 1;}; . $f
+set -e; . /usr/local/lib/bash-bear; set +e
+
usage() {
cat <<EOF
lanip=1
while getopts hm:t:yz opt; do
case $opt in
- h) usage ;;
+ h) usage 0 ;;
t)
case $2 in
2|3)
secrets=false
if [[ -e /root/router-secrets ]]; then
secrets=true
+ # shellcheck source=/p/router-secrets
source /root/router-secrets
fi
# doesn't go into the firmware. build new firmware if you want
# lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
f=(/var/opkg-lists/*)
- if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
+ if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
pmirror
fi
done
- if [[ $to_install ]]; then
+ if (( ${#to_install[@]} >= 1 )); then
opkg install ${to_install[@]}
fi
}
if $secrets; then
key=${rkey[$h]}
fi
-: ${key:=pictionary49}
+: "${key:=pictionary49}"
mask=255.255.0.0
cidr=16
# option config /etc/openvpn/client.conf
# EOF
-wgip4=10.3.0.1/24
-wgip6=fdfd::1/64
+
wgport=26000
network_restart=false
v /etc/init.d/network reload
fi
-firewall-cedit() {
- if $client; then
- cedit wific /etc/config/firewall <<EOF
+### begin firewall edits ###
+if $client; then
+ cedit wific /etc/config/firewall <<EOF || firewall_restart=true
config zone
option name wwan
option input REJECT
option mtu_fix 1
option network wwan
EOF
- fi
+fi
- case $hostname in
- wrt)
- cedit host /etc/config/firewall <<EOF
+case $hostname in
+ wrt)
+ cedit host /etc/config/firewall <<EOF || firewall_restart=true
config redirect
option name ssh
option src wan
option dest_ip $l.3
option dest lan
EOF
- ;;
- cmc)
- cedit host /etc/config/firewall <<EOF
+ ;;
+ cmc)
+ cedit host /etc/config/firewall <<EOF || firewall_restart=true
config redirect
option name ssh
option src wan
option dest_ip $l.2
option dest lan
EOF
- ;;
- esac
+ ;;
+esac
-
- cedit /etc/config/firewall <<EOF
+{
+ /root/cmc-firewall-data
+ cat <<EOF
## begin no external dns for ziva
config rule
option src lan
option target REJECT
## end no external dns for ziva
-$(. /root/cmc-firewall-data)
config rule
option src wan
option family ipv6
EOF
-}
-firewall-cedit || firewall_restart=true
+} | cedit /etc/config/firewall || firewall_restart=true
+### end firewall edits ###
+
# firewall comment:
# not using and in newer wrt, fails, probably due to nonexistent file, error output
# order to be comprehensive
- cedit /etc/unbound/unbound_ext.conf <<EOF || unbound_restart=true
-$(. /root/ptr-data)
+ {
+ /root/ptr-data
+ cat <<EOF
local-data-ptr: "10.2.0.1 cmc.b8.nz"
# try global if no match in view
view-first: yes
EOF
+ } | cedit /etc/unbound/unbound_ext.conf || unbound_restart=true
if $unbound_restart; then
# so make sure we have this dir or else dnsmasq will fail
# to start.
mkdir -p /mnt/usb/tftpboot
-cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+{
+ # generated with host-info-update
+ /root/dnsmasq-data
+ cat <<EOF
# no dns
port=0
server=/b8.nz/#
ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
-# generated with host-info-update
-$(. /root/dnsmasq-data)
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
# for debugging dhcp
#log-queries=extra
EOF
+} | cedit /etc/dnsmasq.conf || dnsmasq_restart=true
+
if $dnsmasq_restart && ! $dev2 && ! $ap; then
iankelling.org / git / automated-distro-installer / commitdiff