From: Ian Kelling Date: Mon, 6 Feb 2017 06:44:28 +0000 (-0800) Subject: update to upstream 5.3.4 X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=056eb4e90e13b2d8f7cbb8c3b875f35bf0fa207e;p=automated-distro-installer update to upstream 5.3.4 --- diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile index 591a878..6d6cfca 100755 --- a/fai/config/basefiles/mk-basefile +++ b/fai/config/basefiles/mk-basefile @@ -2,11 +2,8 @@ # mk-basefile, create basefiles for some distributions # -# Thomas Lange, Uni Koeln, 2011-2015 +# Thomas Lange, Uni Koeln, 2011-2016 # based on the Makefile implementation of Michael Goetze -# -# Usage example: fai-mk-basefile -J SQUEEZE64 -# This will create a SQUEEZE64.tar.xz basefile. # Supported distributions (each i386/amd64): # Debian GNU/Linux @@ -21,17 +18,16 @@ # Define your local mirros here # For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf MIRROR_DEBIAN=http://httpredir.debian.org/debian/ -MIRROR_DEBIAN=http://localmirror/debian/ MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/ MIRROR_CENTOS=http://mirror.netcologne.de/ -#MIRROR_CENTOS=http://localmirror -#MIRROR_SLC=http://localmirror EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info,tasksel,tasksel-data -EXCLUDE_WHEEZY=isc-dhcp-client,isc-dhcp-common,info,tasksel,tasksel-data -EXCLUDE_JESSIE=isc-dhcp-client,isc-dhcp-common,info,tasksel,tasksel-data +EXCLUDE_WHEEZY=info,tasksel,tasksel-data +EXCLUDE_JESSIE=tasksel,tasksel-data +EXCLUDE_STRETCH=tasksel,tasksel-data + EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info -EXCLUDE_XENIAL=isc-dhcp-client,isc-dhcp-common,udhcpc,dibbler-client,dhcpcd5,info,tasksel,tasksel-data +EXCLUDE_XENIAL=tasksel,tasksel-data INCLUDE_DEBIAN=aptitude @@ -124,7 +120,7 @@ cleanup-rinse() { tarit() { - tar --xattrs --selinux --acl --one-file-system -C $xtmp -cf - . | $zip > $target.$ext + tar $attributes --one-file-system -C $xtmp -cf - . | $zip > $target.$ext } @@ -158,60 +154,30 @@ slc() { } -squeeze() { - - local arch=$1 - - check - debootstrap --arch $arch --exclude=${EXCLUDE_SQUEEZE} squeeze $xtmp ${MIRROR_DEBIAN} - cleanup-deb - tarit -} - -wheezy() { - - local arch=$1 - - check - debootstrap --arch $arch --exclude=${EXCLUDE_WHEEZY} wheezy $xtmp ${MIRROR_DEBIAN} - cleanup-deb - tarit -} +debgeneric() { -jessie() { + local DIST=$1 + shift + local mirror=$1 - local arch=$1 - - check - debootstrap --arch $arch --exclude=${EXCLUDE_JESSIE} --include=${INCLUDE_DEBIAN} jessie $xtmp ${MIRROR_DEBIAN} - cleanup-deb - tarit -} - -trusty() { + if [[ $DIST =~ 64 ]]; then + arch=amd64 + else + arch=i386 + fi - local arch=$1 + DIST=${DIST%%??} + dist=${DIST,,} + local exc="EXCLUDE_$DIST" check - debootstrap --arch $arch --exclude=${EXCLUDE_TRUSTY} --include=${INCLUDE_DEBIAN} trusty $xtmp ${MIRROR_UBUNTU} + debootstrap --arch $arch --exclude=${!exc} --include=${INCLUDE_DEBIAN} $dist $xtmp $mirror cleanup-deb tarit } -xenial() { - - local arch=$1 - - check - debootstrap --arch $arch --exclude=${EXCLUDE_XENIAL} --include=${INCLUDE_DEBIAN} xenial $xtmp ${MIRROR_UBUNTU} - cleanup-deb - tarit -} +prtdists() { - -unknown() { - - echo "Unknown distribution. Aborting." echo "Available: CENTOS5_32 CENTOS5_64 @@ -225,27 +191,56 @@ unknown() { SQUEEZE32 SQUEEZE64 WHEEZY32 WHEEZY64 JESSIE32 JESSIE64 + STRETCH32 STRETCH64 " - exit 99 } +usage() { + + cat </dev/null 2>&1 done diff --git a/fai/config/class/41-warning.sh b/fai/config/class/41-warning.sh new file mode 100755 index 0000000..b3da9fe --- /dev/null +++ b/fai/config/class/41-warning.sh @@ -0,0 +1,18 @@ +#! /bin/bash + +if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = X ]; then + : +else + return +fi +if [ X$action = Xdirinstall ]; then + return +fi + +grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 +[ "$flag_menu" ] || return 0 + +out=$(tty) + +dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \ + --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out diff --git a/fai/config/class/55-classes b/fai/config/class/55-classes new file mode 100755 index 0000000..f46bda8 --- /dev/null +++ b/fai/config/class/55-classes @@ -0,0 +1,4 @@ +#! /bin/bash + +ifclass GCE && echo AMD64 CLOUD +exit 0 diff --git a/fai/config/class/60-misc b/fai/config/class/60-misc index 22a30c0..9733dcb 100755 --- a/fai/config/class/60-misc +++ b/fai/config/class/60-misc @@ -1,4 +1,6 @@ #! /bin/bash ifclass -o CENTOS SLC && exit 0 -ifclass -o I386 AMD64 && echo GRUB_PC +if ifclass -o I386 AMD64 ; then + ifclass -o GRUB_PC GRUB_EFI ||echo GRUB_PC +fi diff --git a/fai/config/class/GCE.var b/fai/config/class/GCE.var new file mode 100644 index 0000000..223f758 --- /dev/null +++ b/fai/config/class/GCE.var @@ -0,0 +1,4 @@ +release=jessie +TIMEZONE=UTC +NTPSRVS='metadata.google.internal' +NIC1=eth0 diff --git a/fai/config/class/example.profile b/fai/config/class/example.profile index d8467fc..75ff37f 100644 --- a/fai/config/class/example.profile +++ b/fai/config/class/example.profile @@ -52,14 +52,3 @@ Description: Show defailed system information Short: Show detailed hardware and system information Long: Execute a lot of commands for collecting system information Classes: SYSINFO - -Name: dummy -Description: A dummy profile -Short: This is the short one liner text for the dummy menu, Shown at the bottom of the menu -Long: Here you can add more lines to describe details of you -profile. A profile is only a list of FAI classes. Those classes can -then define the disk partitioning scheme, the list of packages to be -installed, the variables to defined and other things. - -In the end, a profile is just a list of FAI classes combined with some description. -Classes: A B C E diff --git a/fai/config/debconf/CLOUD b/fai/config/debconf/CLOUD new file mode 100644 index 0000000..4ecbdea --- /dev/null +++ b/fai/config/debconf/CLOUD @@ -0,0 +1,2 @@ +# Linux command line: +grub-pc grub2/linux_cmdline_default string quiet elevator=noop diff --git a/fai/config/debconf/GCE b/fai/config/debconf/GCE new file mode 100644 index 0000000..512366f --- /dev/null +++ b/fai/config/debconf/GCE @@ -0,0 +1,4 @@ +# Linux command line: +grub-pc grub2/linux_cmdline_default string quiet elevator=noop console=ttyS0,38400n8 +# GRUB timeout; for internal use +grub-pc grub-pc/timeout string 0 diff --git a/fai/config/disk_config/CLOUD b/fai/config/disk_config/CLOUD new file mode 100644 index 0000000..afac4d2 --- /dev/null +++ b/fai/config/disk_config/CLOUD @@ -0,0 +1,7 @@ +# config for a disk image for a VM +# +# + +disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid align-at:1M + +primary / 300- ext4 rw,nobarrier,noatime,errors=remount-ro tuneopts="-c 0 -i 0" diff --git a/fai/config/files/etc/apt/sources.list/GCE b/fai/config/files/etc/apt/sources.list/GCE new file mode 100644 index 0000000..98533ab --- /dev/null +++ b/fai/config/files/etc/apt/sources.list/GCE @@ -0,0 +1,7 @@ +deb http://httpredir.debian.org/debian {release} main contrib non-free +deb http://httpredir.debian.org/debian {release}-backports main +deb http://security.debian.org/debian-security {release}/updates main contrib non-free + +deb http://packages.cloud.google.com/apt cloud-sdk-{release} main +deb http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-{release} main +deb http://packages.cloud.google.com/apt google-cloud-compute-{release} main diff --git a/fai/config/files/etc/apt/sources.list/preinst b/fai/config/files/etc/apt/sources.list/preinst new file mode 100755 index 0000000..e9f0623 --- /dev/null +++ b/fai/config/files/etc/apt/sources.list/preinst @@ -0,0 +1,17 @@ +#! /bin/bash + +# replace {release} in a sources.list template with the value of $release + + +# $1 is the class name used +# $2 is the path to the file copied + +# check if a variable of the form {varname} was used at all +grep -q '{' $2 || exit 0 + +if [ -z "$release" ]; then + echo "\$release is undefined. No substitution performed in $2." + exit 0 +fi + +sed -i -e "s/{release}/$release/g" $2 diff --git a/fai/config/files/etc/fai/apt/sources.list/FAISERVER b/fai/config/files/etc/fai/apt/sources.list/FAISERVER index c7b1228..d5d463d 100644 --- a/fai/config/files/etc/fai/apt/sources.list/FAISERVER +++ b/fai/config/files/etc/fai/apt/sources.list/FAISERVER @@ -2,4 +2,4 @@ deb http://httpredir.debian.org/debian jessie main contrib non-free deb http://security.debian.org/debian-security jessie/updates main contrib non-free # repository that may contain newer fai packages for jessie -deb http://fai-project.org/download jessie koeln +deb [trusted=yes] http://fai-project.org/download jessie koeln diff --git a/fai/config/files/etc/init.d/expand-root/GCE b/fai/config/files/etc/init.d/expand-root/GCE new file mode 100755 index 0000000..82480e7 --- /dev/null +++ b/fai/config/files/etc/init.d/expand-root/GCE @@ -0,0 +1,40 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: expand-root +# Required-Start: +# Required-Stop: +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: +# Description: Expand the filesystem of the mounted root volume/partition to its maximum possible size +### END INIT INFO + +prog=$(basename $0) +logger="logger -t $prog" + +growpart="growpart" + +hash $growpart 2> /dev/null || { + $logger "$growpart was not found on PATH. Unable to expand size." + exit 1 +} + +root_device_path="/dev/sda" +root_index="1" + +# Growpart can fail if the partition is already resized. +$growpart $root_device_path $root_index || { + $logger "growpart failed. Unable to expand size." +} + +device_path="${root_device_path}${root_index}" +filesystem=$(blkid -s TYPE -o value ${device_path}) + +case $filesystem in + xfs) xfs_growfs / ;; + ext2) resize2fs $device_path ;; + ext3) resize2fs $device_path ;; + ext4) resize2fs $device_path ;; + *) $logger "The filesystem $filesystem was not recognized. Unable to expand size." ;; +esac diff --git a/fai/config/files/etc/rc.local/CLOUD b/fai/config/files/etc/rc.local/CLOUD new file mode 100755 index 0000000..a80ac39 --- /dev/null +++ b/fai/config/files/etc/rc.local/CLOUD @@ -0,0 +1,8 @@ +#! /bin/bash + +# regenerate ssh_host keys +ls /etc/ssh/ssh_host_* > /dev/null +if [ $? -ne 0 ]; then + dpkg-reconfigure -fnoninteractive openssh-server +fi +rm $0 diff --git a/fai/config/files/etc/rc.local/FAISERVER b/fai/config/files/etc/rc.local/FAISERVER index 6640ab1..dffa360 100755 --- a/fai/config/files/etc/rc.local/FAISERVER +++ b/fai/config/files/etc/rc.local/FAISERVER @@ -11,6 +11,11 @@ set -o pipefail # setup network ifup eth0 +# regenerate ssh_host keys +ls /etc/ssh/ssh_host_* > /dev/null +if [ $? -ne 0 ]; then + dpkg-reconfigure -fnoninteractive openssh-server +fi sleep 8 [ -x /etc/init.d/nscd ] && /etc/init.d/nscd restart @@ -29,10 +34,6 @@ if [ ! -d "$FAI_CONFIGDIR/class" ]; then ainsl /srv/fai/config/class/FAIBASE.var "^LOGUSER=fai" myip=$(ip addr show up| grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1 | grep -v 127.0.0.1) echo "APTPROXY=http://$myip:3142" >> /srv/fai/config/class/DEBIAN.var - # determine a fast mirror for Ubuntu - list=$(curl -s http://mirrors.ubuntu.com/mirrors.txt) - mirror=$(netselect $list | awk '{print $2}') - sed -i -e "s#MIRRORURL#$mirror#" /srv/fai/config/files/etc/apt/sources.list/UBUNTU fi # set the LOGUSER, wo we get all the logs from our install clients ainsl /etc/fai/fai.conf "^LOGUSER=fai" @@ -43,7 +44,11 @@ curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize= # setup the FAI server, including creating the nfsroot, use my own proxy export APTPROXY="http://127.0.0.1:3142" -fai-setup -fvB /var/tmp/base.tar.xz 2>&1 +if [ -f /var/tmp/base.tar.xz ]; then + fai-setup -fvB /var/tmp/base.tar.xz 2>&1 +else + fai-setup -fv 2>&1 +fi if [ $? -eq 0 ]; then rm /var/tmp/base.tar.xz echo "" @@ -87,4 +92,10 @@ fai-monitor > /var/log/fai/fai-monitor.log & # move me away mv $0 /var/tmp + +# create new rc.local for next reboot +echo '#! /bin/bash' > /etc/rc.local +echo 'fai-monitor > /var/log/fai/fai-monitor.log &' >> /etc/rc.local +chmod a+rx /etc/rc.local + exit 0 diff --git a/fai/config/files/etc/selinux/config/CENTOS b/fai/config/files/etc/selinux/config/CENTOS index b415aa8..9878acb 100644 --- a/fai/config/files/etc/selinux/config/CENTOS +++ b/fai/config/files/etc/selinux/config/CENTOS @@ -3,7 +3,7 @@ # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. -SELINUX=enforcing +SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. diff --git a/fai/config/hooks/instsoft.DEBIAN b/fai/config/hooks/instsoft.DEBIAN index c503a04..ebf7d8a 100755 --- a/fai/config/hooks/instsoft.DEBIAN +++ b/fai/config/hooks/instsoft.DEBIAN @@ -2,15 +2,25 @@ # if package locales will be installed, then install it early, before # other packages - -if [ $FAI_ACTION != "install" ]; then +if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then exit 0 fi fcopy -Bi /etc/apt/apt.conf.d/force_confdef -ainsl -av /etc/ucf.conf "^conf_force_conffold=YES" +ainsl -a /etc/ucf.conf "^conf_force_conffold=YES" + +# in case the locales are already included inside the base file (Ubuntu) +if [ -f $target/usr/sbin/locale-gen ]; then + $ROOTCMD dpkg-reconfigure -fnoninteractive locales + exit +fi +# if we want to install locales, install them now install_packages -l 2>/dev/null | egrep -q ' locales|locales ' if [ $? -eq 0 ]; then - $ROOTCMD apt-get -y install locales + if [ X$verbose = X1 ]; then + $ROOTCMD apt-get -y install locales + else + $ROOTCMD apt-get -y install locales > /dev/null + fi fi diff --git a/fai/config/hooks/savelog.LAST.sh b/fai/config/hooks/savelog.LAST.sh index 74aa116..20d41b4 100755 --- a/fai/config/hooks/savelog.LAST.sh +++ b/fai/config/hooks/savelog.LAST.sh @@ -24,6 +24,7 @@ not found couldn't can't E: Sorry, broken packages +^E: operator expected ambiguous redirect No previous regular expression @@ -53,6 +54,7 @@ kolab-webadmin kolabadmin gstreamer0.10-plugins-really-bad liberrors.so +liberrors-samba gsambad libad libtest-nowarnings-perl @@ -63,8 +65,7 @@ libroxen-errormessage liberror-perl libgpg-error-dev libgpg-error0 -^fstab.\+errors=remount -Opts: errors=remount-ro +Opts:.\+errors=remount [RT]X packets: WARNING: unexpected IO-APIC warned about = ( ) @@ -148,7 +149,11 @@ fail to add MMCONFIG information can't initialize iptables table can't initialize ip6tables table Authentication warning overridden +41-warning.sh update-alternatives: warning: skip creation of +loop: module verification failed: signature +Warning: apt-key output should not be parsed +WARNING: Failed to connect to lvmetad. Falling back to device scanning update-rc.d: warning: start and stop actions are no longer supported" # add pattern on some conditions @@ -176,7 +181,7 @@ if [ -s $errfile ]; then fi grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile -if [ "$verbose" ]; then +if [ X$verbose = X1 ]; then egrep -v '^software.log:' $errfile > $LOGDIR/tempfile mv $LOGDIR/tempfile $errfile fi diff --git a/fai/config/hooks/setup.DEFAULT.sh b/fai/config/hooks/setup.DEFAULT.sh index bd9c3be..00a1df2 100755 --- a/fai/config/hooks/setup.DEFAULT.sh +++ b/fai/config/hooks/setup.DEFAULT.sh @@ -2,10 +2,6 @@ # use short hostname instead of FQDN export HOSTNAME=${HOSTNAME%%.*} -# n.b. use $action instead of $FAI_ACTION -# as the latter is apparently unset at this point in dirinstall -if [ "$action" = "dirinstall" ] ; then - : -else +if [ $do_init_tasks -eq 1 ]; then echo $HOSTNAME > /proc/sys/kernel/hostname fi diff --git a/fai/config/hooks/updatebase.CENTOS b/fai/config/hooks/updatebase.CENTOS index 6f5813a..a315b96 100755 --- a/fai/config/hooks/updatebase.CENTOS +++ b/fai/config/hooks/updatebase.CENTOS @@ -4,9 +4,9 @@ if [ ! -f $target/etc/resolv.conf ]; then cp /etc/resolv.conf $target/etc fi -if [ "$verbose" ]; then +if [ X$verbose = X1 ]; then echo "Updating base" - $ROOTCMD yum -y update 2>&1 | tee -a $LOGDIR/software.log + $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log else $ROOTCMD yum -y update >> $LOGDIR/software.log fi diff --git a/fai/config/package_config/DEBIAN b/fai/config/package_config/DEBIAN index 253e89c..bdec0d6 100644 --- a/fai/config/package_config/DEBIAN +++ b/fai/config/package_config/DEBIAN @@ -14,7 +14,13 @@ PACKAGES install DHCPC isc-dhcp-client PACKAGES install GRUB_PC -grub-pc grub-legacy- lilo- +grub-pc + +PACKAGES install GRUB_EFI +grub-efi PACKAGES install LVM lvm2 + +PACKAGES install CLOUD +locales-all diff --git a/fai/config/package_config/DEMO b/fai/config/package_config/DEMO index ace8bad..255e0d4 100644 --- a/fai/config/package_config/DEMO +++ b/fai/config/package_config/DEMO @@ -1,10 +1,10 @@ # some packages we need on a demo machine -PACKAGES aptitude +PACKAGES install-norec fortune-mod fortunes rstat-client #rstatd # only when also class XORG is defined -PACKAGES aptitude XORG +PACKAGES install-norec XORG bb xpenguins #frozen-bubble diff --git a/fai/config/package_config/FAIBASE b/fai/config/package_config/FAIBASE index 591327b..e4851b1 100644 --- a/fai/config/package_config/FAIBASE +++ b/fai/config/package_config/FAIBASE @@ -1,6 +1,5 @@ -PACKAGES aptitude DEBIAN +PACKAGES install-norec DEBIAN fai-client -cron debconf-utils file less @@ -8,7 +7,6 @@ linuxlogo rdate rsync openssh-client openssh-server -strace time procinfo nullmailer diff --git a/fai/config/package_config/FAISERVER b/fai/config/package_config/FAISERVER index ddcf458..7343898 100644 --- a/fai/config/package_config/FAISERVER +++ b/fai/config/package_config/FAISERVER @@ -1,4 +1,4 @@ -PACKAGES aptitude +PACKAGES install-norec fai-quickstart isc-dhcp-client diff --git a/fai/config/package_config/GCE b/fai/config/package_config/GCE new file mode 100644 index 0000000..3620ab1 --- /dev/null +++ b/fai/config/package_config/GCE @@ -0,0 +1,28 @@ +PACKAGES install +google-cloud-packages-archive-keyring +cloud-initramfs-growroot +cloud-utils/$release-backports +google-cloud-sdk +google-compute-engine-$release +google-compute-engine-init-$release +google-config-$release +python-crcmod/$release-backports +screen +vim + +acpi-support-base +busybox +ca-certificates +curl +ethtool +gdisk +kpartx +isc-dhcp-client +lsb-release +ntp +parted +python +openssh-client +openssh-server +sudo +uuid-runtime diff --git a/fai/config/package_config/GCE.asc b/fai/config/package_config/GCE.asc new file mode 100644 index 0000000..7663ce5 --- /dev/null +++ b/fai/config/package_config/GCE.asc @@ -0,0 +1,21 @@ +# pub 2048R/A7317B0F 2015-04-03 Google Cloud Packages Automatic Signing Key + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFUd6rIBCAD6mhKRHDn3UrCeLDp7U5IE7AhhrOCPpqGF7mfTemZYHf/5Jdjx +cOxoSFlK7zwmFr3lVqJ+tJ9L1wd1K6P7RrtaNwCiZyeNPf/Y86AJ5NJwBe0VD0xH +TXzPNTqRSByVYtdN94NoltXUYFAAPZYQls0x0nUD1hLMlOlC2HdTPrD1PMCnYq/N +uL/Vk8sWrcUt4DIS+0RDQ8tKKe5PSV0+PnmaJvdF5CKawhh0qGTklS2MXTyKFoqj +XgYDfY2EodI9ogT/LGr9Lm/+u4OFPvmN9VN6UG+s0DgJjWvpbmuHL/ZIRwMEn/tp +uneaLTO7h1dCrXC849PiJ8wSkGzBnuJQUbXnABEBAAG0QEdvb2dsZSBDbG91ZCBQ +YWNrYWdlcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGdjLXRlYW1AZ29vZ2xlLmNv +bT6JAT4EEwECACgFAlUd6rICGy8FCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B +AheAAAoJEDdGwginMXsPcLcIAKi2yNhJMbu4zWQ2tM/rJFovazcY28MF2rDWGOnc +9giHXOH0/BoMBcd8rw0lgjmOosBdM2JT0HWZIxC/Gdt7NSRA0WOlJe04u82/o3OH +WDgTdm9MS42noSP0mvNzNALBbQnlZHU0kvt3sV1YsnrxljoIuvxKWLLwren/GVsh +FLPwONjw3f9Fan6GWxJyn/dkX3OSUGaduzcygw51vksBQiUZLCD2Tlxyr9NvkZYT +qiaWW78L6regvATsLc9L/dQUiSMQZIK6NglmHE+cuSaoK0H4ruNKeTiQUw/EGFaL +ecay6Qy/s3Hk7K0QLd+gl0hZ1w1VzIeXLo2BRlqnjOYFX4A= +=HVTm +-----END PGP PUBLIC KEY BLOCK----- diff --git a/fai/config/package_config/GERMAN b/fai/config/package_config/GERMAN index 6ef01fa..3f8ba4e 100644 --- a/fai/config/package_config/GERMAN +++ b/fai/config/package_config/GERMAN @@ -1,5 +1,5 @@ -PACKAGES aptitude +PACKAGES install task-german -PACKAGES aptitude GNOME +PACKAGES install GNOME iceweasel-l10n-de icedove-l10n-de diff --git a/fai/config/package_config/GNOME b/fai/config/package_config/GNOME index 429586e..375aac8 100644 --- a/fai/config/package_config/GNOME +++ b/fai/config/package_config/GNOME @@ -1,4 +1,4 @@ -PACKAGES aptitude +PACKAGES install-norec iceweasel #icedove @@ -6,5 +6,5 @@ menu gdm3 gnome-core gconf-editor gnome-screensaver gnome-system-monitor gnome-system-tools -gnome-network-admin libgnomevfs2-bin +network-manager-gnome diff --git a/fai/config/package_config/UBUNTU b/fai/config/package_config/UBUNTU index 6028909..afd01e7 100644 --- a/fai/config/package_config/UBUNTU +++ b/fai/config/package_config/UBUNTU @@ -15,7 +15,7 @@ isc-dhcp-client PACKAGES install GRUB_PC grub-pc -PACKAGES aptitude-r XORG +PACKAGES install XORG ubuntu-desktop ubuntu-standard ubuntu-minimal diff --git a/fai/config/package_config/XFCE b/fai/config/package_config/XFCE index 965f5a0..4c32cd6 100644 --- a/fai/config/package_config/XFCE +++ b/fai/config/package_config/XFCE @@ -1,4 +1,4 @@ -PACKAGES aptitude +PACKAGES install-norec xfce4 # base system xfce4-goodies # additional tools lightdm diff --git a/fai/config/package_config/XORG b/fai/config/package_config/XORG index 084ef84..e9d68df 100644 --- a/fai/config/package_config/XORG +++ b/fai/config/package_config/XORG @@ -1,7 +1,10 @@ -PACKAGES aptitude DEBIAN +PACKAGES install-norec DEBIAN xorg xserver-xorg-video-all xserver-xorg-input-all ttf-freefont xscreensaver xscreensaver-gl xterm desktop-base + +# add free and non-free firmware +#firmware-linux diff --git a/fai/config/scripts/CLOUD/99-cleanup b/fai/config/scripts/CLOUD/99-cleanup new file mode 100755 index 0000000..35a104c --- /dev/null +++ b/fai/config/scripts/CLOUD/99-cleanup @@ -0,0 +1,20 @@ +#! /bin/bash + +fcopy /etc/init.d/expand-root +if [ -f $target/files/etc/init.d/expand-root ]; then + $ROOTCMD insserv --default expand-root +fi + +sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config +ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120' + +ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr' +ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy' + +rm -f $target/etc/resolv.conf $target/etc/udev/rules.d/70-persistent-net.rules $target/lib/udev/write_net_rules +shred --remove $target/etc/ssh/ssh_host_* + +# FIXME: DHCP RFC3442 is used incorrect in Azure +if [ -f $target/etc/dhcp/dhclient.conf ]; then + sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf +fi diff --git a/fai/config/scripts/DEBIAN/10-rootpw b/fai/config/scripts/DEBIAN/10-rootpw index fe08f9d..c1ee0b1 100755 --- a/fai/config/scripts/DEBIAN/10-rootpw +++ b/fai/config/scripts/DEBIAN/10-rootpw @@ -3,6 +3,6 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code # set root password -$ROOTCMD usermod -p $ROOTPW root +$ROOTCMD usermod -p "$ROOTPW" root exit $error diff --git a/fai/config/scripts/DEBIAN/20-capabilities b/fai/config/scripts/DEBIAN/20-capabilities index 6e63c92..ea650fa 100755 --- a/fai/config/scripts/DEBIAN/20-capabilities +++ b/fai/config/scripts/DEBIAN/20-capabilities @@ -11,7 +11,7 @@ if [ ! -x $target/sbin/setcap ] ; then fi for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do - if [ -x $target/$FILE ] ; then + if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then echo "Setcap worked! $FILE is not suid!" fi diff --git a/fai/config/scripts/DEBIAN/30-interface b/fai/config/scripts/DEBIAN/30-interface index 9883731..924b236 100755 --- a/fai/config/scripts/DEBIAN/30-interface +++ b/fai/config/scripts/DEBIAN/30-interface @@ -2,24 +2,50 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code -if ifclass DHCPC && [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] -then + +newnicnames() { + + # determine predictable network names only for stretch and above + + [ $do_init_tasks -eq 0 ] && return + + ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev) + if dpkg --compare-versions $ver lt 220-7; then + return + fi + + [ -z $NIC1 ] && return + + fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" + for field in $fields; do + name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") + if [[ $name ]]; then + NIC1=$name + break + fi + done + if [[ ! $name ]]; then + echo "$0: error: could not find systemd predictable network name. Using $NIC1." + fi +} + +newnicnames +CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}') +if ifclass DHCPC && [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ]; then + cat > $target/etc/network/interfaces <<-EOF # generated by FAI auto lo $NIC1 iface lo inet loopback iface $NIC1 inet dhcp EOF -elif [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] -then - [ -n "$IPADDR" ] && cat > $target/etc/network/interfaces <<-EOF +elif [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ]; then + [ -n "$CIDR" ] && cat > $target/etc/network/interfaces <<-EOF # generated by FAI auto lo $NIC1 iface lo inet loopback iface $NIC1 inet static - address $IPADDR - netmask $NETMASK - broadcast $BROADCAST + address $CIDR gateway $GATEWAYS EOF [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks diff --git a/fai/config/scripts/DEBIAN/40-misc b/fai/config/scripts/DEBIAN/40-misc index f2a6578..8308bbe 100755 --- a/fai/config/scripts/DEBIAN/40-misc +++ b/fai/config/scripts/DEBIAN/40-misc @@ -1,6 +1,6 @@ #! /bin/bash -# (c) Thomas Lange, 2001-2015, lange@debian.org +# (c) Thomas Lange, 2001-2016, lange@debian.org # (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code @@ -11,9 +11,9 @@ for module in $MODULESLIST; do done fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname -ainsl -av /etc/mailname ${HOSTNAME} +ainsl -a /etc/mailname ${HOSTNAME} if [ ! -e $target/etc/adjtime ]; then - printf "0.0 0 0.0\n0\nUTC" > $target/etc/adjtime + printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime fi if [ "$UTC" = "yes" ]; then sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime @@ -34,11 +34,15 @@ fi ln -fs /proc/mounts $target/etc/mtab -rm -f $target/etc/dpkg/dpkg.cfg.d/fai +rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io -[ $FAI_ACTION = "install" -a -f /etc/fai/fai.conf ] && cp /etc/fai/fai.conf $target/etc/fai/fai.conf -ainsl -av /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC" +if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then + [ -f /etc/fai/fai.conf ] && cp /etc/fai/fai.conf $target/etc/fai/fai.conf +fi + +ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC" fcopy -Miv /etc/fai/fai.conf +fcopy -iv /etc/rc.local exit $error diff --git a/fai/config/scripts/FAIBASE/10-misc b/fai/config/scripts/FAIBASE/10-misc index 6394ad2..2df5944 100755 --- a/fai/config/scripts/FAIBASE/10-misc +++ b/fai/config/scripts/FAIBASE/10-misc @@ -5,7 +5,11 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code echo $TIMEZONE > $target/etc/timezone -cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +if [ -L $target/etc/localtime ]; then + ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +else + cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +fi if [ -n "$IPADDR" ]; then ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" @@ -13,6 +17,9 @@ else ifclass DHCPC && ainsl -s /etc/hosts "127.0.0.1 $HOSTNAME" fi +if [ -f $target/etc/hosts.orig ]; then + mv $target/etc/hosts.orig $target/etc/hosts +fi fcopy -iM /etc/hosts /etc/motd # make /root accessible only by root diff --git a/fai/config/scripts/FAISERVER/10-conffiles b/fai/config/scripts/FAISERVER/10-conffiles index 4bf2ed2..de17f53 100755 --- a/fai/config/scripts/FAISERVER/10-conffiles +++ b/fai/config/scripts/FAISERVER/10-conffiles @@ -2,9 +2,8 @@ fcopy -Bvr /etc/fai fcopy -Bv /etc/fai/apt/sources.list /etc/dhcp/dhcpd.conf -fcopy -v /etc/rc.local -if [ $FAI_ACTION = "install" ]; then +if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then # use the same sources.list for the server itself and the clients cp -a $target/etc/fai/apt $target/etc/ @@ -30,7 +29,9 @@ if [ $FAI_ACTION = "install" ]; then ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0" # copy base file for faster building of nfsroot - cp -p /var/tmp/base.tar.xz $target/var/tmp + if [ -f /var/tmp/base.tar.xz ]; then + cp -p /var/tmp/base.tar.xz $target/var/tmp + fi if [ -d /media/mirror/pool ]; then mkdir $target/var/cache/apt-cacher-ng/_import @@ -41,6 +42,6 @@ if [ $FAI_ACTION = "install" ]; then # copy basefiles from CD to config space if [ -d $FAI/basefiles ]; then mkdir -p $target/srv/fai/config/basefiles - cp -vp $FAI/basefiles/*.tar.* $target/srv/fai/config/basefiles 2>/dev/null + cp -vp $FAI/basefiles/*.tar.* $target/srv/fai/config/basefiles 2>/dev/null || true fi fi diff --git a/fai/config/scripts/GCE/10-misc b/fai/config/scripts/GCE/10-misc new file mode 100755 index 0000000..4088d14 --- /dev/null +++ b/fai/config/scripts/GCE/10-misc @@ -0,0 +1,16 @@ +#! /bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# currently missing from bootstrap-vz: +# init.d/generate-ssh-hostkeys (currently done in rc.local/CLOUD) + +ainsl -av /etc/sysctl.d/70-disable-ipv6.conf 'net.ipv6.conf.all.disable_ipv6 = 1' +ainsl -av /etc/sysctl.d/70-disable-ipv6.conf 'net.ipv6.conf.lo.disable_ipv6 = 0' +$ROOTCMD shadowconfig on +sed -i -e 's/^#PasswordAuthentication yes/PasswordAuthentication no/' $target/etc/ssh/sshd_config +sed -i -e 's/^PermitRootLogin .*/PermitRootLogin no/' $target/etc/ssh/sshd_config +ainsl $target/etc/ssh/sshd_config 'ClientAliveInterval 420' + +rm -f $target/var/lib/apt/lists/* +rm -f $target/etc/resolv.conf diff --git a/fai/config/scripts/GRUB_EFI/10-setup b/fai/config/scripts/GRUB_EFI/10-setup new file mode 100755 index 0000000..2e39e2f --- /dev/null +++ b/fai/config/scripts/GRUB_EFI/10-setup @@ -0,0 +1,67 @@ +#! /bin/bash +# support for GRUB version 2 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# This script assumes that the disk has a GPT partition table and +# that the extended system partition (ESP) is mounted on /boot/efi. +# When building a disk image, we don't change the NVRAM to point at +# the boot image we made available, because the disk image is likely +# not installed on the current system. As a result, we force +# installation into the removable media paths as well as the standard +# debian path. + +set -a + +# do not set up grub during dirinstall +if [ "$FAI_ACTION" = "dirinstall" ] ; then + exit 0 +fi +# during softupdate use this file +[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh + +if [ -z "$BOOT_DEVICE" ]; then + exit 189 +fi + +# disable os-prober because of #788062 +ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' + +# skip the rest, if not an initial installation +if [ $FAI_ACTION != "install" ]; then + $ROOTCMD update-grub + exit $error +fi + +$ROOTCMD grub-mkdevicemap --no-floppy +GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) + + +# Check if RAID is used for the boot device +if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then + raiddev=${BOOT_DEVICE#/dev/} + # install grub on all members of RAID + for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do + echo Install grub on /dev/$device + $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" + done + +elif [[ $GROOT =~ 'hostdisk' ]]; then + cat > $target/boot/grub/device.map <$error?$?:$error))' ERR # save maximum error code set -a + +# do not set up grub during dirinstall +if [ "$FAI_ACTION" = "dirinstall" ] ; then + exit 0 +fi # during softupdate use this file [ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh @@ -23,6 +28,7 @@ fi $ROOTCMD grub-mkdevicemap --no-floppy GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) + # Check if RAID is used for the boot device if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then raiddev=${BOOT_DEVICE#/dev/} @@ -31,6 +37,17 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then echo Install grub on /dev/$device $ROOTCMD grub-install --no-floppy "/dev/$device" done + +elif [[ $GROOT =~ 'hostdisk' ]]; then + cat > $target/boot/grub/device.map <$error?$?:$error))' ERR # save maximum error code -if [ "$FAI_ACTION" = "dirinstall" ] ; then +if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then : else # check if mdadm has been forgotten @@ -58,4 +58,36 @@ fi # copy sources.list fcopy -iM /etc/apt/sources.list + +setrel() { + + # if release is not set, try to determine it + + if [ -n "$release" ]; then + return + fi + if [ ! -f $target/etc/os-release ]; then + return + fi + + dists="jessie stretch xenial trusty" + for d in $dists; do + if grep -iq $d $target/etc/os-release; then + release=$d + break + fi + done + echo "\$release set to $release" +} + +# if installation was done from CD, replace useless sources.list +setrel +if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then + grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat < $target/etc/apt/sources.list +deb http://httpredir.debian.org/debian $release main contrib non-free +deb http://httpredir.debian.org/debian-security $release/updates main contrib non-free +deb [trusted=yes] http://fai-project.org/download $release koeln +EOF +fi + exit $error diff --git a/fai/config/scripts/UBUNTU/90-apt b/fai/config/scripts/UBUNTU/90-apt index b75555b..f08a23d 100755 --- a/fai/config/scripts/UBUNTU/90-apt +++ b/fai/config/scripts/UBUNTU/90-apt @@ -1,5 +1,14 @@ #! /bin/bash +if ifclass GERMAN; then + $ROOTCMD locale-gen LANG=de_DE.UTF-8 + $ROOTCMD update-locale LANG=de_DE.UTF-8 +else + ainsl -v /etc/locale.gen '^en_US.UTF-8 UTF-8' + $ROOTCMD locale-gen + $ROOTCMD update-locale LANG=en_US.UTF-8 +fi + # check if we already use an external mirror grep -q "external mirror" $target/etc/apt/sources.list && exit 0