From: Ian Kelling Date: Thu, 25 Apr 2019 03:27:01 +0000 (-0400) Subject: minor improvements and misc changes X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=917fa30617ccafa3a7ed5218a418cf058948b729;p=automated-distro-installer minor improvements and misc changes --- diff --git a/README b/README index 97cf483..3146081 100644 --- a/README +++ b/README @@ -130,7 +130,7 @@ export SPECIAL_DISK=/dev/REPLACEMENT_DEV ssh root@HOST -for x in /target/*; do umount $x; done +for x in /target/* /target; do umount $x; done cat >p PASSWORD HERE(ctrl-d ctrl-d) cd /dev/disk/by-id/ diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 3948073..a6bc113 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -4,8 +4,8 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR if [[ $EUID != 0 ]]; then - echo "$0: error: expected to be root." - exit 1 + echo "$0: error: expected to be root." + exit 1 fi # ssh host keys @@ -13,37 +13,37 @@ fi src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh dst=$target/etc/ssh if [[ -e $src && -e $dst ]]; then - # outside of fai context, we skip this - cp -rT $src $dst + # outside of fai context, we skip this + cp -rT $src $dst fi TPW=/q/root/shadow/traci-simple if ifclass tp; then - ROOTPW=/q/root/shadow/standard -# ROOTPW="$TPW" + ROOTPW=/q/root/shadow/standard + # ROOTPW="$TPW" else - ROOTPW=/q/root/shadow/standard + ROOTPW=/q/root/shadow/standard fi chpw() { - # generating a hashed password: - # under debian, you can do - # mkpasswd -m sha-512 -s >/q/root/shadow/standard - # On arch, best seems to be copy your shadow file to a temp location, - # then passwd, get out the new pass, then copy the shadow file back. - - user=$1 - pwfile=$2 - if [[ $pwfile && -e $pwfile ]]; then - printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e - else - echo "$0: warning: no pw set for $user" >&2 - fi + # generating a hashed password: + # under debian, you can do + # mkpasswd -m sha-512 -s >/q/root/shadow/standard + # On arch, best seems to be copy your shadow file to a temp location, + # then passwd, get out the new pass, then copy the shadow file back. + + user=$1 + pwfile=$2 + if [[ $pwfile && -e $pwfile ]]; then + printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e + else + echo "$0: warning: no pw set for $user" >&2 + fi } au() { # add user. i don't use adduser for portability - if ! $ROOTCMD getent passwd ${@: -1}; then - $ROOTCMD useradd -Um -s /bin/bash $@ - fi + if ! $ROOTCMD getent passwd ${@: -1}; then + $ROOTCMD useradd -Um -s /bin/bash $@ + fi } chpw root "$ROOTPW" @@ -60,18 +60,18 @@ chpw iank "$ROOTPW" au traci if ifclass frodo; then - chpw traci "$TPW" + chpw traci "$TPW" fi # comparing iank's groups to traci, I see none she should join on arch $ROOTCMD usermod -a -G traci iank + $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker $ROOTCMD usermod -a -G docker iank # based on unison error, with 8192 from # sysctl -a | grep fs.inotify.max_user_watches #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux - f=$target/etc/sysctl.d/99-sysctl.conf key=fs.inotify.max_user_watches if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi @@ -82,22 +82,22 @@ $ROOTCMD sysctl --system f=$target/etc/sudoers line='iank ALL=(ALL) NOPASSWD: ALL' if [[ ! -e $f ]] || ! grep -xF "$line" $f; then - echo "$line" >> $f + echo "$line" >> $f fi dir=/p/c/machine_specific/$HOSTNAME/.unison $ROOTCMD mkdir -p $dir if ! $ROOTCMD test -L /root/.unison; then - $ROOTCMD rm -rf /root/.unison - $ROOTCMD ln -s -T $dir /root/.unison + $ROOTCMD rm -rf /root/.unison + $ROOTCMD ln -s -T $dir /root/.unison fi $ROOTCMD chown -R 1000:1000 $dir while true; do - $ROOTCMD chown 1000:1000 $dir - $ROOTCMD chmod 700 $dir - dir=$(dirname $dir) - if [[ $dir == /p ]]; then break; fi + $ROOTCMD chown 1000:1000 $dir + $ROOTCMD chmod 700 $dir + dir=$(dirname $dir) + if [[ $dir == /p ]]; then break; fi done au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin diff --git a/faiserver-setup b/faiserver-setup index 4742ae1..d8489ed 100755 --- a/faiserver-setup +++ b/faiserver-setup @@ -21,7 +21,7 @@ x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" usage() { cat <&2 + exit 1 +fi + +if [[ ! -d $BASEFILE_DIR ]]; then + printf "%s\n" "$0: error BASEFILE_DIR=$BASEFILE_DIR does not exist" >&2 exit 1 fi @@ -63,35 +69,12 @@ armhf() { [[ $(dpkg --print-architecture) == armhf ]] } -if armhf; then - if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then - cat >/etc/apt/sources.list.d/testing.list <<'EOF' -deb http://http.us.debian.org/debian testing main contrib non-free -deb-src http://http.us.debian.org/debian testing main contrib non-free - -deb http://security.debian.org/ testing/updates main contrib non-free -deb-src http://security.debian.org/ testing/updates main contrib non-free - -deb http://http.us.debian.org/debian testing-updates main contrib non-free -deb-src http://http.us.debian.org/debian testing-updates main contrib non-free -EOF - - cat >/etc/apt/preferences.d/fai <<'EOF' -Package: fai-server fai-client fai-doc -Pin: release a=testing -Pin-Priority: 500 - -Package: * -Pin: release a=testing -Pin-Priority: -10 -EOF - fi -elif grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then +if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add - cat >/etc/apt/sources.list.d/fai.list <<'EOF' deb https://fai-project.org/download jessie koeln EOF -elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release || grep -iE 'flidas|xenail' /etc/os-release ; then +elif grep -iE 'VERSION=.*(stretch|flidas|xenail)' /etc/os-release; then # fai on ubuntu only has official support using the universe repo, but newer # tends to have less bugs. gpg --keyserver hkp://pool.sks-keyservers.net -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add - @@ -128,10 +111,10 @@ else fi -apt-get install -y ${pkgs[@]} +e apt-get install -y ${pkgs[@]} # confnew since we edit /etc/fai/NFSROOT in an automated way # fai-client is already a fai-server dependency, but make sure it gets upgraded -apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client +e apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client r=http://http.us.debian.org/debian # like default, but scrap httpredir, and nonfree. @@ -184,6 +167,7 @@ $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf $sed -i '/^LOGUSER=/d' /etc/fai/fai.conf $sed -i '/^FAI_FLAGS=/d' /etc/fai/fai.conf echo "FAI_FLAGS=verbose" >>/etc/fai/fai.conf +# note if this isnt set, the user isnt created echo "LOGUSER=fai" >>/etc/fai/fai.conf # from man fai-make-nfsroot, @@ -200,8 +184,8 @@ fi if armhf; then cd /srv/fai - rm -rf nfsroot - tar Jxf $basefile + e rm -rf nfsroot + e tar Jxf $basefile # background: Can't build the nfsroot on my arm system now. First, # fai-make-nfsroot won't work out of the box. One idea to make it work # is by installing qemu-user-static, then copying qemu-x86_64-static @@ -247,12 +231,12 @@ if armhf; then type setup_tftp EOF ) - setup_tftp + e setup_tftp # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag # is the only way to make it run without chrooting. the options # seem contradictory, but it works. - fai-setup -evag + e fai-setup -evag else # not armhf # note, this copies the -B arg to diff --git a/lk b/lk index dbe9d2e..7715fda 100644 --- a/lk +++ b/lk @@ -23,7 +23,12 @@ fai kexec from upstream live cds, i.e. curl|bash You can copy this to a http server, then wget -O- url|sudo bash curl is sometimes not preinstalled on a live cd. -This has been tested on trisquel belenos and ubuntu xenial & 18.10. +Alternative to http server: +1. on install machine nc -l 1234 | sudo bash +2. On another machine nc INSTALL_MACHINE 1234 /dev/null scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin # build for openwrt 18.06.2, r7676-cddd7b4c77 -scp /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk $h: +sudo scp /q/root/shadow/router \ + /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk $h: ssh $h <>/etc/shadow +# otherwise, serial console gets root login with no password +uset system.@system[0].ttylogin 1 + + cat >/usr/bin/archlike-pxe-mount <<'EOFOUTER' #!/bin/bash # symlinks are collapsed for nfs mount points, so use a bind mount. @@ -154,32 +190,6 @@ EOF -######### uci example:####### -# # https://wiki.openwrt.org/doc/uci -# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p') -# wan="firewall.@zone[$wan_index]" -# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then -# # default is wan -# v uci set firewall.@forwarding[0].dest=$forward_dest -# uci commit firewall -# firewall_restart=true -# fi - - -uset() { - local key="$1" - local val="$2" - local service="${key%%.*}" - restart_var=${service}_restart - if [[ ! ${!restart_var} ]]; then - eval $restart_var=false - fi - if [[ $(uci get "$key") != "$val" ]]; then - v uci set "$key"="$val" - uci commit $service - eval $restart_var=true - fi -} uset dropbear.@dropbear[0].PasswordAuth 0 uset dropbear.@dropbear[0].RootPasswordAuth 0 @@ -236,6 +246,8 @@ EOF firewall_restart=false v cedit /etc/config/firewall <