From: Ian Kelling Date: Tue, 18 Jun 2024 23:31:52 +0000 (-0400) Subject: improvements X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;ds=sidebyside;h=HEAD;hp=edb1a99660561c51aa5c7803d978284c7b423842;p=automated-distro-installer improvements --- diff --git a/README b/README index da28e4e..84a733e 100644 --- a/README +++ b/README @@ -104,11 +104,22 @@ fai/config/distro-install-common/end and which shadow file / luks file(s) to copy into the new machine depends on fai-redep arguments. -Also, setup dns in bind and wrt-setup-local. +Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local. After install, btrbk to setup data, and then distro-begin && distro end. See notes in distro-begin for other configuration. +# Per distro install/config + +./fai/config/package_config/CLASS.gpg + +# Prerequesites: + + +git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git +sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear + + # Scripts (meant to be used directly): @@ -125,10 +136,10 @@ fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot mymk-basefile # Create basefiles for various distros archlike-pxe # Setup pxe boot server from an archlike base image -fai-redep # Deploy fai configuration to host "faiserver" +fai-redep # Deploy fai configuration to host "faiserver.b8.nz" faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine -myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec +myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd. pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot wrt-setup # setup my router in general: dhcp, dns, etc. @@ -191,6 +202,24 @@ ERROR: Kernel modules directory /lib/modules/5.10.0-8-amd not available. Only fo solution: if running from fai-cd, recreate autodiscover cd as noted above in setup. +## Weird package dependency errors + +for example: in fai.log, within instsoft.DEBIAN +``` +The following packages have unmet dependencies: + libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed +``` + +In this case, it was because the basefile was missing, and so instead +fai decided to use the wrong basefile. + +for example: in fai.log, within instsoft.DEBIAN + +``` +ftar: No matching class found in /var/lib/fai/config/basefiles// +ftar: extracting /var/tmp/base.tar.zst to /target/ +``` + # What good logs look like: logging nfs traffic from server diff --git a/arch-init b/arch-init index 2f14ad6..6a3786f 100755 --- a/arch-init +++ b/arch-init @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # Copyright (C) 2016 Ian Kelling # This program is free software; you can redistribute it and/or @@ -15,8 +15,13 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -cd ${x%/*} +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" + +set -x export HOSTNAME="$1" mirror=$2 diff --git a/arch-init-remote b/arch-init-remote index d8e4e29..66e19e2 100755 --- a/arch-init-remote +++ b/arch-init-remote @@ -1,6 +1,21 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi set -x diff --git a/bash-trace b/bash-trace deleted file mode 120000 index 015ae24..0000000 --- a/bash-trace +++ /dev/null @@ -1 +0,0 @@ -fai/config/files/boot/bash-trace/DEFAULT \ No newline at end of file diff --git a/debian-pxe-preseed b/debian-pxe-preseed index aaef9a6..e2d401f 100755 --- a/debian-pxe-preseed +++ b/debian-pxe-preseed @@ -18,11 +18,12 @@ # WARNING: outdated! needs docs and update to debian-stretch -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" - [[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" -src=$(readlink -f "${BASH_SOURCE%/*}") +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" e() { echo "$*"; "$@"; } @@ -36,11 +37,11 @@ cd $mount_dir e rm -rf debian-wheezy mkdir debian-wheezy cd debian-wheezy -e $src/debian-preseed "$@" # my script +e $this_dir/debian-preseed "$@" # my script cd .. e rm -f tftpboot e ln -s debian-wheezy tftpboot cd / e umount $mount_dir -e $src/pxe-server default plain # my script +e $this_dir/pxe-server default plain # my script diff --git a/dnsmasq-end-lease b/dnsmasq-end-lease new file mode 100644 index 0000000..0787335 --- /dev/null +++ b/dnsmasq-end-lease @@ -0,0 +1,57 @@ +#!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to change +# to a recommended GPL license. + +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# usage: wrt-reip PATTERN +# Removes pattern from dnsmasq leases file and restart dnsmasq. +# PATTERN should generally be an ip or a mac. + +pattern=$1 + +exit_code=0 + +m() { + printf "%s\n" "$*"; + "$@" +} + +m /etc/init.d/dnsmasq stop + +tmp=/tmp/dhcp.leases.iank +sed "/$pattern/d" /tmp/dhcp.leases >$tmp + +if (( $(wc -l /tmp/dhcp.leases | awk '{print $1}') - 1 == $(wc -l $tmp | awk '{print $1}') )); then + echo "info: found one less line after removing $pattern. installing new leases file" + cp /tmp/dhcp.leases /tmp/dhcp.leases.iank-backup + cat $tmp >/tmp/dhcp.leases + m rm -f $tmp +else + exit_code=1 + cat <&2' ERR +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}" +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" -source bash-trace usage() { - cat <&2 ; usage 1 ;; esac shift done -host=${1:-faiserver} +host=${1:-faiserver.b8.nz} readonly host distro target ##### end command line parsing ######## -m() { printf "$pre %s\n" "$*"; "$@"; } +m() { printf "fai-redep: %s\n" "$*"; "$@"; } # i use faiserver as a dns alias, but ssh key is associated with # a canonical hostname and we will have ssh warning spam unless we @@ -63,8 +80,19 @@ faiserver_host=$(/a/exe/chost $host) # faiserver_host=$host faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:) + +rsrv() { + local -a opts + while [[ $2 ]]; do + opts+=("$1") + shift + done + m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1" +} +rpath=/srv if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then - rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:) + ropts=(-e "ssh -F $HOME/.ssh/confighome") + rpath="root@$faiserver_host:/srv" faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host" fi @@ -75,16 +103,15 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD - -m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv +rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config / # todo: automatically disable faiserver after a period so # these files are not available. + if [[ $target ]]; then secret_files=(luks/$target luks/host-$target shadow/$target) exists=false - secret_exists=() for f in ${secret_files[@]}; do if [[ -e /q/root/$f ]]; then exists=true @@ -96,22 +123,28 @@ if [[ $target ]]; then for f in ${secrets_to_send[@]}; do echo $f done - } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common + } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common fi else - rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common + rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common fi +rsrv -rlpt --delete /a/bin/ds/bash-lib-u /a/opt/btrfs-progs-release /fai/config/distro-install-common + dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then - rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common + rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common fi . /a/bin/distro-setup/pkgs -pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro)) +tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro) +declare -a pall +for p in $tmpstr; do + pall+=($p) +done printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \ $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe -rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ +rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/ diff --git a/fai-revm b/fai-revm index 050ecda..6bada5e 100755 --- a/fai-revm +++ b/fai-revm @@ -18,12 +18,12 @@ [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" -script_dir="${this_file%/*}" -# shellcheck source=./bash-trace -source "${script_dir}/bash-trace" -cd $script_dir PATH="$PATH:$PWD" e() { echo "$*"; "$@"; } @@ -88,19 +88,24 @@ disk_count=1 rm -f /tmp/fai-revm-did-pxe -if ! ip l show br0 &>/dev/null; then - cat <<'EOF' -fai-rvm error: no bridge detected. add one to interfaces like this: -iface eth0 inet manual -iface br0 inet dhcp - bridge_ports eth0 - bridge_stp off - bridge_maxwait 0 -EOF - exit 1 +if ip l show br0 &>/dev/null; then + net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad" +else + # if this computer has ethernet, we could setup a br0 like so: + # cat <<'EOF' + # fai-rvm error: no bridge detected. add one to interfaces like this: + # iface eth0 inet manual + # iface br0 inet dhcp + # bridge_ports eth0 + # bridge_stp off + # bridge_maxwait 0 + # EOF + + # if we only have wifi, cant use eth0 + net_arg="-w network=default,mac=52:54:00:9c:ef:ad" fi -if [[ $script_dir == /a/bin/* ]]; then +if [[ $this_dir == /a/bin/* ]]; then # Copy our script elsewhere so we can develop it # and save it at the same time it's running rm -rf /tmp/faifreeze @@ -140,13 +145,13 @@ else BASEFILE_DIR=/tmp fi isopath=$BASEFILE_DIR/$iso - isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz + isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath fi boot_arg="--cdrom $isopath" e fai-redep - cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys + /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub e myfai-chboot default fi # I don't think these variants actually make a diff for us, but I @@ -165,7 +170,7 @@ e virsh destroy $name ||: e virsh undefine $name ||: sleep 1 - +## begin virtual disk creation ## disk_arg=() for ((i=1; i <= disk_count; i++)); do f=/var/lib/libvirt/images/${name}$i @@ -178,6 +183,7 @@ for ((i=1; i <= disk_count; i++)); do e qemu-img create -o preallocation=metadata -f qcow2 $f 50G fi done +## end virtual disk creation ## if [[ $SSH_CLIENT ]]; then console_arg=--noautoconsole @@ -202,7 +208,7 @@ fi e systemctl start libvirtd e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \ - ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \ + ${disk_arg[*]} $net_arg $reboot_arg \ --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq & diff --git a/fai-wrapper b/fai-wrapper index 5efa7f1..b6a75d3 100644 --- a/fai-wrapper +++ b/fai-wrapper @@ -1,6 +1,20 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # For using some fai commands outside of fai. # Usually this is sourced from another script. Note this has @@ -11,7 +25,7 @@ export FAI_WRAPPER=true ifclass() { local var=${1/#/CLASS_} - [[ $HOSTNAME == $1 || ${!var} ]] + [[ $HOSTNAME == "$1" || ${!var} ]] } fai-setclass() { for class in "$@"; do diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile index d449c60..e6b73c4 100755 --- a/fai/config/basefiles/mk-basefile +++ b/fai/config/basefiles/mk-basefile @@ -48,12 +48,14 @@ EXCLUDE_NABIA=udhcpc,dibbler-client,info EXCLUDE_JAMMY=udhcpc,dibbler-client,info EXCLUDE_ARAMO=udhcpc,dibbler-client,info EXCLUDE_NOBLE=udhcpc,dibbler-client,info +EXCLUDE_ECNE=udhcpc,dibbler-client,info # here you can add packages, that are needed very early INCLUDE_DEBIAN= INCLUDE_ETIONA=ifupdown INCLUDE_NABIA=ifupdown INCLUDE_ARAMO=ifupdown +INCLUDE_ECNE=ifupdown setarch() { @@ -269,6 +271,7 @@ prtdists() { JAMMY64 ARAMO64 NOBLE64 + ECNE64 SQUEEZE32 SQUEEZE64 WHEEZY32 WHEEZY64 JESSIE32 JESSIE64 @@ -358,7 +361,7 @@ case "$target" in SLC6_32) slc i386 6 ;; SLC6_64) slc amd64 6 ;; SLC7_64) slc amd64 7 ;; - BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*) + BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*|ECNE*) debgeneric $target $MIRROR_TRISQUEL ;; TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*) debgeneric $target $MIRROR_UBUNTU ;; diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes index 600fd1a..25567e5 100755 --- a/fai/config/class/50-host-classes +++ b/fai/config/class/50-host-classes @@ -31,14 +31,14 @@ echo FAIBASE STANDARD DEBIAN # things installed, to speed up installation. # # STRETCH64, BUSTER64, BULLSEYE64, BOOKWORM64 -# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64, ARAMO64 +# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64, ARAMO64, ECNE64 # XENIAL64, BIONIC64, FOCAL64, # # The distro subvol name, we can add as many of these as we want: # VOL_TESTING, VOL_STRETCH, VOL_BUSTER, VOL_BULLSEYE, VOL_BOOKWORM -# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA, VOL_ARAMO -# VOL_XENIAL, VOL_BIONIC VOL_FOCAL -# VOL_BUSTER_BOOTSTRAP. +# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA, VOL_ARAMO, VOL_ECNE +# VOL_XENIAL, VOL_BIONIC, VOL_FOCAL, VOL_JAMMY, VOL_NOBLE +# VOL_BULLSEYE_BOOTSTRAP, VOL_BOOKWORM_BOOTSTRAP. # Using VOL_BUSTER_BOOTSTRAP sets up the install to act like a pxe rom if # grub sets a specific var. # @@ -48,7 +48,7 @@ echo FAIBASE STANDARD DEBIAN # BULLSEYE_FREE, BULLSEYE_NONFREE # BOOKWORM_FREE, BOOKWORM_NONFREE # TESTING_FREE, TESTING_NONFREE, -# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, ARAMO. +# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, ARAMO, ECNE. # # It's all a little redundant in some cases, but it keeps things # simpler. @@ -135,6 +135,8 @@ exit 0 #echo FSF if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then case $HOSTNAME in + # bullseye based minimal recovery / bootstraping os: + _) echo BOOKWORM64 VOL_BOOKWORM_BOOTSTRAP BOOKWORM_FREE ;; # bullseye based minimal recovery / bootstraping os: _) echo BULLSEYE64 VOL_BULLSEYE_BOOTSTRAP BULLSEYE_FREE ;; # flidas @@ -142,9 +144,11 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then # etiona _) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;; # nabia - _) echo UBUNTU NABIA64 VOL_NABIA NABIA NABIA_EXTRA ;; + _) echo UBUNTU NABIA64 VOL_NABIA NABIA ;; # aramo - _) echo UBUNTU ARAMO64 VOL_ARAMO ARAMO ARAMO_EXTRA ;; + _) echo UBUNTU ARAMO64 VOL_ARAMO ARAMO ARAMO_EXTRA JAMMY_FIRMWARE ;; + # ecne + _) echo UBUNTU ECNE64 VOL_ECNE ECNE ECNE_EXTRA NOBLE_FIRMWARE ;; # stretch _) echo STRETCH64 VOL_STRETCH STRETCH_NONFREE ;; # buster @@ -163,6 +167,8 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then _) echo UBUNTU FOCAL64 VOL_FOCAL FOCAL ;; # jammy _) echo UBUNTU JAMMY64 VOL_JAMMY JAMMY ;; + # NOBLE + _) echo UBUNTU NOBLE64 VOL_NOBLE NOBLE ;; esac fi ###### end Template for 51-multi-boot ###### diff --git a/fai/config/class/DEFAULT.var b/fai/config/class/DEFAULT.var index a999512..d574d7d 100644 --- a/fai/config/class/DEFAULT.var +++ b/fai/config/class/DEFAULT.var @@ -6,7 +6,10 @@ LOGUSER=fai # when downloading from https intead of nfs, this is not set, # it is used as the default for LOGSERVER, and for calling chboot. # My faiserver's hostname is always faiserver, so just hardcoding it. -SERVER=faiserver +# I used bare host in the past, thinking that I could vary this +# between different networks I was on, but it is simpler to just +# user an internet domain that I control. +SERVER=faiserver.b8.nz # busted for debian, no time to troubleshoot atm #APTPROXY=http://faiserver:3142 diff --git a/fai/config/class/FAIBASE.var b/fai/config/class/FAIBASE.var index 2492def..e5b0d7b 100644 --- a/fai/config/class/FAIBASE.var +++ b/fai/config/class/FAIBASE.var @@ -8,7 +8,7 @@ FAI_ALLOW_UNSIGNED=1 # Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not. UTC=yes ## changed from upstream. found in /usr/share/zoneinfo/, via fai-guide -TIMEZONE=US/Eastern +TIMEZONE=America/New_York # errors in tasks greater than this value will cause the installation to stop STOP_ON_ERROR=700 diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index f9a0840..2455ece 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -32,7 +32,9 @@ au() { # add user. i don't use adduser for portability # only setup root pass for bootstrap vol -if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then +# for bootstrap vol, we only use root user +if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e exit 0 fi @@ -74,6 +76,7 @@ if getent group sudo >/dev/null; then $ROOTCMD usermod -aG sudo iank fi +mkdir -p $target/etc/sudoers.d cat >$target/etc/sudoers.d/ianksudoers <<'EOF' Defaults timestamp_timeout=1440 # used in bashrc diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static new file mode 100755 index 0000000..5ca8b93 --- /dev/null +++ b/fai/config/distro-install-common/ethusb-static @@ -0,0 +1,290 @@ +#!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to switch +# its license to GPL. + +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# usage $0 [-c] [off] +# off: Turn off static ip. +# -c config only, don't tell networkmanager to change anything +# -f force interface reup + +# shellcheck disable=SC2317 # false positive + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +m() { printf "%s\n" "$*"; "$@"; } + + +set-dynamic() { + + reup=false + if [[ $cur_state == activated ]]; then + reup=true + fi + + if [[ $cur_method != auto ]]; then + args+=(ipv4.method auto) + fi + if [[ $cur_ip != -- ]]; then + args+=(-ipv4.addresses "$ipv4_addresses") + fi + if [[ $cur_dns != -- ]]; then + args+=(-ipv4.dns "$ipv4_dns") + fi + if [[ $cur_gateway != -- ]]; then + # undocumented in t11 man nmcli. guessed randomly + args+=(ipv4.gateway 0.0.0.0) + fi + if (( ${#args[@]} >= 1 )); then + m nmcli con mod "$nm_con" "${args[@]}" + if $reup; then + m nmcli con up "$nm_con" + fi + else + echo "$0: found expected state, nothing to do." + fi + exit 0 + set-nm +} + +detect-net() { + + # this assumes we have wifi up + if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + && ip n show 10.2.0.1 | grep . &>/dev/null; then + net=home + elif ip r show default | grep 'via 10.0.3.1 dev wlan0' &>/dev/null && [[ $(timeout 1 dig +short @10.0.3.1 -x 10.0.3.1) == cmc1.lan. ]]; then + net=work + else + echo "$0: error could not detect network" + exit 1 + fi + +} + +set-nm() { + m nmcli con mod "$nm_con" ipv4.method manual ipv4.addresses $ip ipv4.gateway $gateway ipv4.dns $dns + state=$(nmcli con show "$nm_con" 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}') + if [[ $state == activated ]]; then + m nmcli con up "$nm_con" + fi + +} + +get-ip() { + + case $net in + home) + + while read -r ip_suf host mac; do + if [[ ! $ip_suf || $ip_suf == \#* ]]; then + continue + fi + if [[ $mac != usb ]]; then + continue + fi + if [[ $host == ${HOSTNAME}c ]]; then + + ip=10.2.0.$ip_suf/16 + gateway=10.2.0.1 + dns=8.8.8.4,8.8.8.8 + break + fi + done

/dev/null; then + if [[ $cur_method != manual ]]; then + echo "$0: error. Need to be on wired network to get our ip" + exit 1 + fi + set-dynamic + sleep 10 + fi + myip=$(timeout 1 dig +short @192.168.0.25 $HOSTNAME.office.fsf.org) + if [[ ! $myip ]]; then + echo "$0: error: didnt detect home network and failed to get office ip" + exit 1 + fi + dns=192.168.0.10,192.168.0.25 + gateway=192.168.0.1 + ip=$myip/24 + + ;; + esac +} + + +get-cur-val() { + local key + key=$1 + printf "%s\n" "$tmpstr" | awk '$1 == "'$key':" {print $2}' +} + +get-cur() { + tmpstr=$(nmcli con show "$nm_con" 2>/dev/null) + + cur_method=$(get-cur-val ipv4.method) + cur_ip=$(get-cur-val ipv4.addresses) + cur_gateway=$(get-cur-val ipv4.gateway) + cur_dns=$(get-cur-val ipv4.dns) + cur_state=$(get-cur-val GENERAL.STATE) +} + + +## begin arg parsing ## + +force=false +off=false +while [[ $1 ]]; do + case $1 in + -f) + force=true + ;; + off) + off=true + ;; + *) + echo "$0: error unexpected argument: $1" >&2 + exit 1 + ;; + esac + shift +done + +## end arg parsing ## + +## begin common setup / detection ## +shopt -s nullglob + +wiredx=1 +declare -a args + +# device that has an eth0, but we aren't using it because it is +# broken. We could just hardcode a mac comparison with `cat +# /sys/class/net/eth0/address` but this is cooler. +if [[ -e /sys/class/net/eth0 ]]; then + bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }') + if [[ $bus_info != usb* ]]; then + wiredx=2 + fi +fi + +eth_dev=eth$(( wiredx - 1 )) + +nm_con=$(nmcli device show $eth_dev | \ + awk '$1 == "GENERAL.CONNECTION:" {out=$2; for(i=3;i<=NF;i++){out=out" "$i}; print out}' ||:) + +if [[ ! $nm_con || $nm_con == -- ]]; then + nm_con="Wired connection $wiredx" +fi + +if ! nmcli con | grep -q "^$nm_con " &>/dev/null; then + # Note: we could support creation through a file or via + # nmcli, but right now I'm ok with just having plugged in a device once + # since this os was installed. + echo "error: no existing connection: $nm_con found in output of nmcli con" + exit 0 +fi + + +if ! type -p dig &>/dev/null; then + apt-get -y install dig +fi + +if ! type -p ethtool &>/dev/null; then + apt-get -y install ethtool +fi + + +get-cur +## end common setup / detection ## + +if $off; then + set-dynamic + exit 0 +fi + +detect-net +get-ip + +if ! $force && [[ "$cur_method $cur_gateway $cur_dns $cur_ip" == "manual $gateway $dns $ip" ]]; then + echo "$0: found expected state, nothing to do." + exit 0 +fi + +set-nm + + + +# example of down cli +#nmcli con mod 'Wired connection 1' ipv4.method auto -ipv4.addresses 10.2.0.9/16 ipv4.gateway 0.0.0.0 -ipv4.dns "8.8.8.4,8.8.8.8" + + +# FYI: the result of running, for example +# nmcli con mod "Wired connection 1" \ + # ipv4.method manual \ + # ipv4.addresses "10.2.0.23/24" \ + # ipv4.gateway "10.2.0.1" \ + # ipv4.dns "8.8.8.4,8.8.8.8" + +# creates a fille named "/etc/NetworkManager/system-connections/Wired connection 1.nmconnection", +# below. +# +# The nmcli man page says you should just edit files in that dir and +# then run nmcli con reload to reread them all to load your changes, but +# I've found that to be unreliable, the systemd journal would say +# something like "reload happened" then nothing would change in the +# connect that the file clearly modifies, so I switched over to using +# the command line and just ignoring those files. +# +# I see no reason to keep the same file name, or a bunch of +# setting that seem irrelevant, and empty sections don't seem to do +# anything according to the man page. +# + +# [connection] +# id=Wired connection 1 +# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7 +# type=ethernet +# interface-name=eth1 +# timestamp=1715728264 + +# [ethernet] + +# [ipv4] +# address1=10.2.0.23/16,10.2.0.1 +# dns=8.8.8.4;8.8.8.8; +# method=manual + +# [ipv6] +# addr-gen-mode=stable-privacy +# method=auto + +# [proxy] diff --git a/fai/config/distro-install-common/install-mainline-kernel-debs b/fai/config/distro-install-common/install-mainline-kernel-debs new file mode 100755 index 0000000..aaee5eb --- /dev/null +++ b/fai/config/distro-install-common/install-mainline-kernel-debs @@ -0,0 +1,87 @@ +#!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +# default +kernel_ver='6\.6' +case $1 in + stable) + # note: update kernel_ver when we are ready to jump to a new stable kernel. + # Stable kernels are listed here: https://www.kernel.org/category/releases.html + kernel_ver='6\.6' + ;; + unstable) + kernel_ver='[1-9]' + ;; +esac + + +prereqs=() +for p in wget curl; do + if ! type -p $p &>/dev/null; then + prereqs+=($p) + fi +done +if (( ${#prereqs[@]} >= 1 )); then + apt-get -y install ${prereqs[@]} +fi + + +tmpdir=$($ROOTCMD mktemp -d) || exit +# shellcheck disable=SC2154 # defined by fai +outertmp=$target/$tmpdir +trap 'cd; rm -rf "$outertmp"' EXIT +cd $outertmp + +# We get 10 versions cuz maybe the latest directory (or few) get created but not populated. +tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \ + sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ + grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10) +mapfile -t latest_versions <<<"$tmps" + +for va in "${latest_versions[@]}"; do + sleep .2 # be nice + # note the wiki page about these says to install linux-headers.*generic.*amd64, but + # as of 2024, they have a requirement of a very new glibc, and people report + # that installing it is not needed. + tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' ) + if [[ $tmpstr ]]; then + mapfile -t pkgs <<<"$tmpstr" + break + fi +done + +if (( ${#pkgs[@]} != 3 )); then + echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2 + exit 1 +fi + +urls=() +for p in ${pkgs[@]}; do + if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) + fi +done +if (( ${#urls[@]} >= 1 )); then + wget -nv -- "${urls[@]}" + $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/} +fi diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs deleted file mode 100755 index c024796..0000000 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -x -# This file is part of Ian Kelling's automated-distro-installer -# Copyright (C) 2024 Ian Kelling - -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" - -tmpdir=$(mktemp -d) || exit -trap 'cd; rm -rf "$tmpdir"' EXIT -cd $tmpdir - -# update stable_ver when we are ready to jump to a new stable kernel. -# Stable kernels are listed here: https://www.kernel.org/category/releases.html -stable_ver='6\.6' -va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ - sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) - -# note the wiki page about these says to install linux-headers.*generic.*amd64, but -# as of 2024, they have a requirement of a very new glibc, and people report -# that installing it is not needed. -tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) -mapfile -t pkgs <<<"$tmpstr" - -if (( ${#pkgs[@]} != 3 )); then - echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2 - exit 1 -fi - -urls=() -for p in ${pkgs[@]}; do - if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then - urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) - fi -done -if (( ${#urls[@]} >= 1 )); then - wget "${urls[@]}" - dpkg -i ./*.deb -fi diff --git a/fai/config/files/boot/bash-trace/DEFAULT b/fai/config/files/boot/bash-trace/DEFAULT deleted file mode 100644 index 2a4077f..0000000 --- a/fai/config/files/boot/bash-trace/DEFAULT +++ /dev/null @@ -1,298 +0,0 @@ -#!/bin/bash -# Bash Error Handler -# Copyright (C) 2020 Ian Kelling -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# This is a single file library, just source this file. When an error -# happens, we print a stack trace then exit. In an interactive shell, we -# return from functions instead of exiting. If err-cleanup is a command, -# it runs before the stack trace. Functions are documented inline below -# for additional use cases. -# -# Note: occasionally the line numbers are off a bit (at least in Bash -# 5.0). This appears to be a bash bug. I plan to report it next time it -# happens to me. -# -# Please email me if you use this or have anything to contribute. I'm -# not aware of any users yet Ian Kelling . -# -# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and -# 5.0.17(1)-release (x86_64-pc-linux-gnu). -# -# Related: see my bash script template repo at https://iankelling.org/git. - - -# TODO: investigate to see if we can format output betting in case of -# subshell failure. Right now, we get independent trace from inside and -# outside of the subshell. Note, errexit + inherit_errexit doesn't have -# any smarts around this either. - -if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi - -####################################### -# err-catch: Setup trap on ERR to print stack trace and exit (or return -# if the shell is interactive). This is the most common use case so we -# run it after defining it, you can call err-allow to undo that. -# -# This also sets pipefail because it's a good practice to catch more -# errors. -# -# Note: In interactive shell, stack calling line number is not -# available, so we print function definition lines. -# -# Note: This works like set -e, which has one unintuitive feature: If -# you use a function as part of a conditional, eg: func && come_cmd, a -# failed command within func won't trigger an error. -# -# Globals -# -# err_catch_ignore Array containing glob patterns to test against -# filenames to ignore errors from in interactive -# shell. Initialized to ignore bash-completion -# scripts on debian based systems. -# -# err-cleanup If set, this command will run just before exiting. -# -# _err_func_last Used internally in err-bash-trace-interactive -# -####################################### -err-catch() { - set -E; - if [[ $- == *i* ]]; then - if ! test ${err_catch_ignore+defined}; then - err_catch_ignore=( - '/etc/bash_completion.d/*' - '*/bash-completion/*' - ) - fi - declare -i _err_func_last=0 - if [[ $- != *c* ]]; then - shopt -s extdebug - fi - # shellcheck disable=SC2154 - trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR - else - # Man bash on exdebug: "If set at shell invocation, arrange to - # execute the debugger". We want to avoid that, but I want this file - # to be sourceable from bash startup files. noninteractive ssh and - # sources .bashrc on invocation. login_shell sources things on - # invocation. - # - # extdebug allows us to print function arguments in our stack trace. - if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then - shopt -s extdebug - fi - trap err-exit ERR - fi - set -o pipefail -} -# This is the most common use case so run it now. -err-catch - -####################################### -# Undo err-catch/err-catch-interactive -####################################### -err-allow() { - shopt -u extdebug - set +E +o pipefail - trap ERR -} - -####################################### -# err-exit: Print stack trace and exit -# -# Use this instead of the exit command to be more informative. -# -# usage: err-exit [-EXIT_CODE] [MESSAGE] -# -# EXIT_CODE Default: $? if it is nonzero, otherwise 1. -# MESSAGE Print MESSAGE to stderr. Default: -# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $? -# -# Globals -# -# err-cleanup If set, this command will run just before exiting. -# -####################################### -err-exit() { - # vars have _ prefix so that we can inspect existing set vars without - # too much overwriting of them. - local _err=$? _pipestatus="${_pipestatus[*]}" - - # This has to come before most things or vars get changed - local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err" - local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right. - - if [[ $_pipestatus != "$_err" ]]; then - _msg+=", PIPESTATUS: $_pipestatus" - fi - set +x - if [[ $1 == -* ]]; then - _err=${1#-} - shift - elif (( ! _err )); then - _err=1 - fi - if [[ $1 ]]; then - _msg="$1" - fi - - ## Begin printing vars from within BASH_COMMAND ## - local _var _chars _l - local -A _vars - while [[ $_cmdr ]]; do - _chars="${#_cmdr}" - _cmdr="${_cmdr#*$}" - _cmdr="${_cmdr#{}" - if (( _chars == ${#_cmdr} )); then - break - fi - _var="${_cmdr%%[^a-zA-Z0-9_]*}" - if [[ ! $_var || $_var == [0-9]* ]]; then - continue - fi - _vars[${_var}]=t - done - #echo "iank ${_vars[*]}" - #set |& grep ^password - # in my small test, this took 50% longer than piping to grep. - # That seems a small enough penalty to stay in bash here. - if (( ${#_vars[@]} )); then - set |& while read -r _l; do - for _var in "${!_vars[@]}"; do - case $_l in - ${_var}=*) printf "%s\n" "$_l" >&2 ;; - esac - done - done - fi - ## End printing vars from within BASH_COMMAND ## - - printf "%s\n" "$_msg" >&2 - err-bash-trace 2 - set -e # err trap does not work within an error trap - if type -t err-cleanup >/dev/null; then - err-cleanup - fi - printf "%s: exiting with status %s\n" "$0" "$_err" >&2 - exit $_err -} - -####################################### -# Print stack trace -# -# usage: err-bash-trace [FRAME_START] -# -# This function is called by the other functions which print stack -# traces. -# -# It does not show function args unless you first run: -# shopt -s extdebug -# which err-catch does for you. -# -# FRAME_START Optional variable to set before calling. The frame to -# start printing on. default=1. If ${#FUNCNAME[@]} <= -# FRAME_START + 1, don't print anything because we are at -# the top level of the script and better off printing a -# general message, for example see what our callers print. -# -####################################### -err-bash-trace() { - local -i argc_index=0 frame i frame_start=${1:-1} - local source_loc - if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then - return 0 - fi - for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do - argc=${BASH_ARGC[frame]} - argc_index+=$argc - if ((frame < frame_start)); then continue; fi - if (( ${#BASH_SOURCE[@]} > 1 )); then - source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:" - fi - printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2 - if shopt extdebug >/dev/null; then - for ((i=argc_index-1; i >= argc_index-argc; i--)); do - printf " %s" "${BASH_ARGV[i]}" >&2 - done - fi - echo \' >&2 - done - return 0 -} - -####################################### -# Internal function for err-catch. Prints stack trace from interactive -# shell trap. -# -# Usage: see err-catch-interactive -####################################### -_err-bash-trace-interactive() { - if (( ${#FUNCNAME[@]} <= 1 )); then - return 0 - fi - - for pattern in "${err_catch_ignore[@]}"; do - # shellcheck disable=SC2053 - if [[ ${BASH_SOURCE[1]} == $pattern ]]; then - return 0 - fi - done - - local ret bash_command argc pattern i last - last=$_err_func_last - _err_func_last=${#FUNCNAME[@]} - # We have these passed to us because they are lost inside the - # function. - ret=$1 - pipestatus="$2" - bash_command="$3" - argc=$(( $4 - 1 )) - shift 4 - argv=("$@") - # The trap returns a nonzero, then gets called again. This condition - # tells us if is that has happened by checking if we've gone down a - # stack level. - if (( _err_func_last >= last )); then - printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2 - if [[ $pipestatus != "$ret" ]]; then - printf ", PIPESTATUS: %s" "$pipestatus" >&2 - fi - echo >&2 - fi - printf " from \`%s" "${FUNCNAME[1]}" >&2 - if shopt extdebug >/dev/null; then - for ((i=argc; i >= 0; i--)); do - printf " %s" "${argv[i]}" >&2 - done - fi - printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2 - if [[ -t 1 ]]; then - return $ret - else - # Part of an outgoing pipe, avoid getting get us stuck in a weird - # subshell if we returned nonzero, which would happen in a situation - # like this: - # - # tf() { while read -r line; do :; done < <(asdf); }; - # tf - # - # Note: exit $ret also avoids the stuck subshell problem, and I - # can't notice any difference, but this seems more proper. - return 0 - fi -} diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT index adfbe1c..6b0e964 100755 --- a/fai/config/files/boot/chboot/DEFAULT +++ b/fai/config/files/boot/chboot/DEFAULT @@ -16,21 +16,17 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -x="$(readlink -f "$BASH_SOURCE")" -f="${x%/*}/bash-trace" -if [[ -e $f ]]; then - source $f -else - source ${x%/*}/../bash-trace/DEFAULT -fi - +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR usage() { - cat < /var/lib/locales/supported.d/local' && + echo "$RET" > /var/lib/locales/supported.d/local'; then $ROOTCMD dpkg-reconfigure locales + fi fi + + +# mk-basefile doesn't use the -updates suite, then we unpack it, then we +# install sources.list that has -updates and we install random +# packages. It might avoid a problem if we a dist-upgrade first. + +$ROOTCMD apt-get update +$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg new file mode 120000 index 0000000..4c6b790 --- /dev/null +++ b/fai/config/package_config/ARAMO.gpg @@ -0,0 +1 @@ +ECNE.gpg \ No newline at end of file diff --git a/fai/config/package_config/ECNE.gpg b/fai/config/package_config/ECNE.gpg new file mode 100644 index 0000000..58057f6 Binary files /dev/null and b/fai/config/package_config/ECNE.gpg differ diff --git a/fai/config/package_config/ECNE_EXTRA.gpg b/fai/config/package_config/ECNE_EXTRA.gpg new file mode 120000 index 0000000..ce7b110 --- /dev/null +++ b/fai/config/package_config/ECNE_EXTRA.gpg @@ -0,0 +1 @@ +UBUNTU_UP.gpg \ No newline at end of file diff --git a/fai/config/package_config/NABIA.gpg b/fai/config/package_config/NABIA.gpg new file mode 120000 index 0000000..84bd61d --- /dev/null +++ b/fai/config/package_config/NABIA.gpg @@ -0,0 +1 @@ +ARAMO.gpg \ No newline at end of file diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD index c0726e6..091984c 100644 --- a/fai/config/package_config/STANDARD +++ b/fai/config/package_config/STANDARD @@ -16,14 +16,13 @@ locales lsof man-db manpages -mime-support +# this split into mailcap and media-types in t12, +# dunno that i need either of them at this stage +#mime-support ncurses-term openssh-client pciutils perl -# ian: newer distros dont have python, it gets naturally removed -python -python-minimal python3 python3-minimal reportbug @@ -49,7 +48,6 @@ rsync openssh-client openssh-server time procinfo -locales console-setup kbd pciutils usbutils unattended-upgrades @@ -67,6 +65,8 @@ iso-codes cryptsetup-initramfs # for btrbk zstd +# for detecting wireless +iw # iank, copied from DEBIAN so it goes into ubuntu too PACKAGES install GRUB_PC diff --git a/fai/config/package_config/STANDARD.gpg b/fai/config/package_config/STANDARD.gpg deleted file mode 100644 index 465f673..0000000 Binary files a/fai/config/package_config/STANDARD.gpg and /dev/null differ diff --git a/fai/config/package_config/UBUNTU.gpg b/fai/config/package_config/UBUNTU.gpg new file mode 100644 index 0000000..544b4af Binary files /dev/null and b/fai/config/package_config/UBUNTU.gpg differ diff --git a/fai/config/package_config/UBUNTU_UP.gpg b/fai/config/package_config/UBUNTU_UP.gpg index 86214bd..ff1576e 100644 Binary files a/fai/config/package_config/UBUNTU_UP.gpg and b/fai/config/package_config/UBUNTU_UP.gpg differ diff --git a/fai/config/package_config/readme b/fai/config/package_config/readme new file mode 100644 index 0000000..abb42b7 --- /dev/null +++ b/fai/config/package_config/readme @@ -0,0 +1,2 @@ +ian: Ya, for each trisquel release, we need a new key symlink link, or +new file if the key has changed. diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank index 69b9afe..b2c5567 100755 --- a/fai/config/scripts/DEBIAN/11-iank +++ b/fai/config/scripts/DEBIAN/11-iank @@ -24,12 +24,34 @@ if [[ $EUID != 0 ]]; then exit 1 fi +m() { printf "%s\n" "$*"; "$@"; } + +source $FAI/distro-install-common/bash-misc-functions + fcopy -riB /root +# in bullseye, installing systemd-resolved says: Converting +# /etc/resolv.conf to a symlink to +# /run/systemd/resolve/stub-resolv.conf... which breaks +# resolution. This happens to be the first script we install a package +# after that. This should do nothing in a fai-wrapper situation. +if [[ ! -s $target/etc/resolv.conf ]]; then + m ls -la $target/etc/resolv.conf ||: + # Keep the symlink in place, systemd-resolved should change the file + # when it runs. + mkdir -p $target/run/systemd/resolve + if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then + echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2 + exit 1 + fi + cat /etc/resolv.conf >$target/etc/resolv.conf +fi + + #### misc configurations chroot $FAI_ROOT bash <<'EOFOUTER' -set -x +set -xe if getent group systemd-journal >/dev/null; then # makes the journal be saved to disk. mkdir -p /var/log/journal @@ -38,13 +60,17 @@ fi debconf-set-selections <>/etc/default/grub - - -sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub -sed -ri 's/^ *GRUB_TIMEOUT_STYLE=.*/GRUB_TIMEOUT_STYLE=menu/' /etc/default/grub -sed -ri 's/^ *GRUB_TIMEOUT=.*/GRUB_TIMEOUT=6/' /etc/default/grub +GRUB_CMDLINE_LINUX_DEFAULT="$cmdline" +GRUB_TERMINAL=console # on xenial, no grub is displayed at all. fix that. -# found just by noticing this in the config file, and a -# warning about it in error.log -sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub - -if type -P update-grub2 &>/dev/null; then - update-grub2 -else - update-grub -fi - +# found just by noticing a warning about it in error.log +GRUB_HIDDEN_TIMEOUT= +GRUB_TIMEOUT_STYLE=menu +GRUB_TIMEOUT=4 +# grub tries to detect error in booting and then wait longer with this entry. +# but that detection doesn't work for us because we have btrfs /boot, and so it flags +# failure always. +GRUB_RECORDFAIL_TIMEOUT=4 EOF +if $ur; then + $ROOTCMD update-grub +fi # I prefer to stick with ifup/down or networkmanager: networkd is not in its # own package, so cant use in other init systems. b. it works fine. diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup index ed8d878..7ea23fd 100755 --- a/fai/config/scripts/GRUB_PC/10-setup +++ b/fai/config/scripts/GRUB_PC/10-setup @@ -84,10 +84,11 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then else for dev in $BOOT_DEVICE; do mbrdev=$(get_stable_devname $dev) - if [ -z "$mbrdevices" ]; then + if [ -z "$mbrdev" ]; then # if we cannot find a persistent name (for e.g. in a VM) use old name - mbrdevices+="$dev, " + mbrdev="$dev" fi + mbrdevices+="$mbrdev, " echo "Installing grub on $dev = $mbrdev" $ROOTCMD grub-install --no-floppy "$mbrdev" done diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 63c85f9..25c0503 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -24,25 +24,13 @@ if [[ $EUID != 0 ]]; then exit 1 fi +# ignore this line. hack to make shellcheck ignore $target +if [[ ! $target ]]; then target=; fi + if ! type -t fcopy &>/dev/null; then sudo apt-get -y install fai-client fi -if [[ -e /a/bin/fai/fai-wrapper ]]; then - chroot() { - shift - "$@" - } -fi - -if [[ $FAI_ROOT == / ]]; then - source /a/bin/bash_unpublished/source-state - bprogs_dir=/a/opt/btrfs-progs-release -else - bprogs_dir=/srv/btrfs-progs-release - chroot="chroot $FAI_ROOT" -fi - # -r = recursive # -i = ignore non-matching class warnings, always exit 0 # -B = no backup files @@ -66,6 +54,8 @@ if [[ ! -e $dst && -e $src ]]; then mount -o bind $src $dst fi + + $FAI/distro-install-common/end @@ -75,13 +65,13 @@ $FAI/distro-install-common/end # I run this as a single post-fai script to update things that have changed. tmpfile1=$(mktemp) # this can fail if we need an apt update -$chroot /usr/bin/apt-cache policy >$tmpfile1 ||: +$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||: fcopy -riB /etc/apt tmpfile2=$(mktemp) -$chroot /usr/bin/apt-cache policy >$tmpfile2 +$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2 if ! diff -q $tmpfile1 $tmpfile2; then - $chroot /usr/bin/apt update + $ROOTCMD /usr/bin/apt update fi # outside of fai, this seems to regularly lead to # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable) @@ -105,7 +95,6 @@ fi #### misc configurations - if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then if ifclass LINODE; then speed=19200 @@ -131,7 +120,7 @@ TimeoutStartSec=20 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device EOF - $chroot bash <<'EOFOUTER' + $ROOTCMD bash <<'EOFOUTER' systemctl enable myncq.service /usr/bin/myncq no-upgrub EOFOUTER @@ -180,14 +169,32 @@ EOF fi # use networkmanager if this host has wireless. -if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then - $chroot bash <$target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf <<'EOF' +[device*] +managed=1 +EOF # in a default desktop install, it looks like netplan creates this file under # run/NetworkManager/conf.d in early boot. @@ -198,6 +205,21 @@ EOF [main] dns=systemd-resolved EOF + + + if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then + # for running from fai or remote connections, don't kill the internet + ethusb_arg=-c + fi + if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + && ip n show 10.2.0.1 | grep . &>/dev/null; then + # we are at_home + $FAI/distro-install-common/ethusb-static $ethusb_arg + else + $FAI/distro-install-common/ethusb-static off $ethusb_arg + fi + + else cat > $target/etc/network/interfaces <<-EOF # generated by FAI @@ -224,44 +246,9 @@ EOF fi -case $HOSTNAME in - sy) - $FAI/distro-install-common/install-stable-kernel-debs - ;; - *) - $chroot apt-get -y install linux-libre - ;; -esac - -pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs -tarball=$(curl -s $pre/sha256sums.asc \ - | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1) -url="$pre/$tarball" -dir=${tarball%.tar.gz} -ver=${dir#btrfs-progs-} -cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||: -if [[ $ver != "$cur_ver" ]]; then - if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then - rm -rf $bprogs_dir - cd /tmp - wget $url - sudo -u iank tar xzf $tarball - mv ${tarball%.tar.gz} $bprogs_dir - cd $bprogs_dir - apt-get -y build-dep btrfs-progs - sudo -u iank ./configure --disable-documentation - sudo -u iank make - make install - else - $chroot bash -xe <$target/etc/initramfs-tools/conf.d/mine <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + apt-get -y install wget + wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb + $ROOTCMD dpkg -i /tmp/x.deb + $ROOTCMD apt-get update + $ROOTCMD apt-get -y install linux-libre + fi + ;; +esac + +pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs +tarball=$(curl -s $pre/sha256sums.asc \ + | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1) +url="$pre/$tarball" +dir=${tarball%.tar.gz} +ver=${dir#btrfs-progs-} +cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | awk '{print $2}') ||: + +if [[ $FAI_ROOT == / ]]; then + bp_dir=/a/opt/btrfs-progs-release +else + bp_dir=$FAI/distro-install-common/btrfs-progs-release +fi +if [[ $ver != "$cur_ver" ]]; then + if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then + cd $target/tmp + wget $url + tar xzf $tarball + $ROOTCMD apt-get -y build-dep btrfs-progs + # no docs cuz I didn't want to bother fixing error of missing docs dependencies + $ROOTCMD bash -xe <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + $ROOTCMD apt-get -y install build-essential + fi + + if [[ $FAI_ROOT == / ]]; then + cd /a/opt/btrfs-progs-release + make install + else + mkdir -p $target/tmp/bprogs + mount -o bind $bp_dir $target/tmp/bprogs + $ROOTCMD bash -xe <&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat </dev/null; then echo "$0: disabling fai nfs exports or apache site" ./faiserver-disable-local else - echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site" - ssh root@$(chost faiserver) bash >/srv/fai/nfsroot/root/.ssh/known_hosts done @@ -369,6 +362,6 @@ echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/in # the logsave prompted because the hostname faiserver was uknown. # Here it was faiserver.lan when running from a faiserver vm. # When running from a normal host with faiserver alias, it was the normal hosts name. -$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts +$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts # ditch the logo banner up top which screws with less. touch /srv/fai/nfsroot/.nocolorlogo diff --git a/faiserver-uninstall b/faiserver-uninstall index 71a4ea0..8392b35 100755 --- a/faiserver-uninstall +++ b/faiserver-uninstall @@ -15,20 +15,25 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR -[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" usage() { - cat </dev/null || continue if [[ -e $dir/boot ]]; then dir=$dir/boot fi - e install -m 755 -o root -g root bash-trace $dir e install -m 755 -o root -g root chboot $dir done e umount $mount_point diff --git a/lk b/lk index b757fcc..3364717 100755 --- a/lk +++ b/lk @@ -74,4 +74,4 @@ fi # I don't know whats going on, but just running the same # command again once it finishes works, and this is only # rarely used and done manually anyways, so whatever. -pxe-kexec -n --ignore-whitelist -l fai-generated faiserver +pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz diff --git a/mk-basefile-big b/mk-basefile-big index 873b7ff..1a6b6a9 100755 --- a/mk-basefile-big +++ b/mk-basefile-big @@ -16,11 +16,13 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +set -e; . /usr/local/lib/bash-bear; set +e -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +PATH="$this_dir:$PATH" # directory of this file usage() { cat < /srv/fai/config/class/51-multi-boot rm -rf $t; mkdir -p $t +# shellcheck disable=SC1007 # intentional LANG= fai -N -u hostname_does_not_matter dirinstall $t # Turn a dirinstall into a basefile. taken from mk-basefile @@ -100,7 +103,7 @@ rm -f $t/etc/hostname $t/etc/resolv.conf \ $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \ $t/etc/udev/rules.d/70-persistent-net.rules echo | dd of=$t/etc/machine-id -tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz +tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst cleanup diff --git a/myfai-chboot b/myfai-chboot index 743859a..aa3c088 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -19,42 +19,52 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*} +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat </dev/null; then ./myfai-chboot-local "$@" else diff --git a/myfai-chboot-local b/myfai-chboot-local index 4cef9a5..0f83ea0 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -16,54 +16,72 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# note, this script gets piped to bash, so cant cd to current dir -[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +set -x set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +pre="${0##*/}:" +m() { printf "$pre %s\n" "$*"; "$@"; } +e() { printf "$pre %s\n" "$*"; } +err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } + +usage() { + cat <&2; exit 1; } + +temp=$(getopt -l help,no-r hSi "$@") || usage 1 +eval set -- "$temp" +while true; do case $1 in - -h|--help) - echo "see help from myfai-chboot" - exit 0 - ;; -S) fai_action=sysinfo fai_reboot_arg= - shift ;; -i) #inventory fai_action=inventory fai_reboot_arg= - shift ;; -k) kgped16=true - shift ;; -b) bond=true - shift ;; --no-r) fai_reboot_arg= - shift ;; + -h|--help) usage ;; + --) shift; break ;; + *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;; esac + shift done - -pre="${0##*/}:" -m() { printf "$pre %s\n" "$*"; "$@"; } -e() { printf "$pre %s\n" "$*"; } -err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } - -host=$1 +read -r host <<<"$@" +readonly host rm -f /srv/tftp/fai/pxelinux.cfg/* @@ -93,7 +111,7 @@ if [[ $hostip ]]; then exit 1 fi else - my_ip=$(ip r show default | sed -r 's/.*via ([^ ]*).*/\1/' | head -n1) + my_ip=$(ip r show default | sed -r 's/.*src ([^ ]*).*/\1/' | head -n1) fi if [[ $host == default ]]; then @@ -112,7 +130,7 @@ else fi if modprobe nfsd &>/dev/null; then - std_arg="-u nfs://faiserver/srv/fai/config" + std_arg="-u nfs://faiserver.b8.nz/srv/fai/config" # nfsv4 wont do rw with overlayfs yet # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html root_arg="$my_ip:/srv/fai/nfsroot:vers=3" @@ -132,9 +150,9 @@ EOF fi systemctl start nfs-server # assumes recent os else - std_arg="-u http://faiserver:8080/config.tar.gz" - root_arg="live:http://faiserver:8080/squash.img" - /a/exe/web-conf -i -p 8080 - apache2 faiserver < Deny from all Allow from $ip @@ -151,7 +169,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}') default_k_args=$(fai-chboot -L '^default$' | \ sed -r "s/^(\S+\s+){3}(.*)/\2/") # example of default_k_args -# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install +# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install # https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors # currently on needed on d16 samsung 870 qvo, but better to have this diff --git a/mymk-basefile b/mymk-basefile index 9dc7b14..03ef01e 100755 --- a/mymk-basefile +++ b/mymk-basefile @@ -16,12 +16,15 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -script_dir="${x%/*}" +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat <&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*} +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat <&2;exit 1;}; . $f usage() { cat < $(date +%s) )); then + if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then if ! opkg update; then echo "$0: warning: opkg update failed" >&2 fi @@ -157,7 +160,7 @@ pi() { pmirror fi done - if [[ $to_install ]]; then + if (( ${#to_install[@]} >= 1 )); then opkg install ${to_install[@]} fi } @@ -232,13 +235,13 @@ elif $secrets; then ssid=${rssid[$h]} fi -: ${ssid:=librecmc} +: "${ssid:=librecmc}" if $secrets; then key=${rkey[$h]} fi -: ${key:=pictionary49} +: "${key:=pictionary49}" mask=255.255.0.0 cidr=16 @@ -536,8 +539,7 @@ EOF # option config /etc/openvpn/client.conf # EOF -wgip4=10.3.0.1/24 -wgip6=fdfd::1/64 + wgport=26000 network_restart=false @@ -577,10 +579,10 @@ if $network_restart; then v /etc/init.d/network reload fi -firewall-cedit() { - if $client; then - cedit wific /etc/config/firewall <