From: Ian Kelling Date: Thu, 5 Jan 2017 15:53:37 +0000 (-0800) Subject: cleanup classes, populate ssh server keys X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=a018c3030b0ebd751d5667efd96c2fd32f2423e0;p=automated-distro-installer cleanup classes, populate ssh server keys --- diff --git a/README b/README index def4fb5..c3a88f8 100644 --- a/README +++ b/README @@ -41,7 +41,7 @@ arch-init-remote # install arch (after it's been booted into it's setup env) chboot # Set grub to boot into a different distro (installed earlier) install-chboot # reinstall chboot to /boot subvols, for when it changes dsfull # install & setup a new fai distro (if data partition already synced) -eboot # reboot and keep disks encrypted +eboot # reboot without automatic disk decryption fai-kexec # kexec to fai tftp server that pxe would normally point to fai-revm # test fai on a fresh vm faiserver-revm # create a vm which is a fai server using pxe & preseed file diff --git a/fai-redep b/fai-redep index c342d4b..b035ef5 100755 --- a/fai-redep +++ b/fai-redep @@ -41,8 +41,13 @@ scp -q ~/.ssh/id_rsa.pub \ # these files are not exposed. s scp -qr /q/root/luks /q/root/shadow \ root@$faiserver_host:/srv/fai/config/distro-install-common + +# should tar ssh all the files, but these ones really justified it +tar -cz /p/c/machine_specific/*/filesystem/etc/ssh | \ + ssh root@$faiserver_host tar -xz -C /srv/fai/config/distro-install-common scp -q /a/bin/fai/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin + # built BELANOS basefile with mk-basefile -J BELENOS64. it's stored in # it's own repo which is published alongside this one called # fai-basefiles due to being a large binary file. diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes index 12349be..278bcce 100755 --- a/fai/config/class/50-host-classes +++ b/fai/config/class/50-host-classes @@ -19,13 +19,30 @@ # For multi-boot system. -# Check that we aren't in a pxe boot environment. +# We check that we aren't in a pxe boot environment. # There is probably a better way to do this. # We check the reverse condition in 51-multi-boot, # and set what os we are installing, but don't check it -# into git since it changes regularly. Each host needs -# to have a class of either DEBIAN + (STABLE or STRETCH64 or STABLE_BOOTSTRAP), -# or UBUNTU + XENIAL64. +# into git since it changes regularly. +# It's code looks like this: +# if [[ ! -e /a/bin/fai/fai-wrapper ]]; then +# case $HOSTNAME in +# tp) DEBIAN STABLE VOL_STABLE STABLE_FREE;; +# # add more multi-boot hostnames here +# esac +# fi +# +# Each host defines the base distro: UBUNTU or DEBIAN. +# the disto version, also the basefile name if we aren't installing debian stable: +# STABLE, STRETCH64, XENIAL64, BELANOS64 +# the distro subvol name, we can add as many of these as we want: +# VOL_STABLE, VOL_STABLE_BOOTSTRAP, VOL_STRETCH, VOL_XENIAL, VOL_BELANOS +# and the class which defines the apt sources files we want, +# STABLE_FREE, STABLE_NONFREE, TESTING_FREE, TESTING_NONFREE, +# XENIAL_FREE (no XENIAL_NONFREE setup yet), BELANOS, STABLE_LINODE. +# This is a little redundant in some cases, but it keeps things +# simpler. +# # # Other notable classes: # @@ -43,13 +60,6 @@ # # RAID0: Use raid 0 even if there are >= 4 disks with boot partititions. # -# It's shell looks like this: -# if [[ ! -e /a/bin/fai/fai-wrapper ]]; then -# case $HOSTNAME in -# tp) DEBIAN STABLE ;; -# # add more multi-boot hostnames here -# esac -# fi # if [[ -e /a/bin/fai/fai-wrapper ]]; then source /a/bin/distro-functions/src/identify-distros @@ -59,16 +69,19 @@ if [[ -e /a/bin/fai/fai-wrapper ]]; then fi # use a list of classes for our demo machine -echo "FAIBASE PARTITION_PROMPT" +echo "FAIBASE" + +#echo "PARTITION_PROMPT" +#echo REPARTITION + case $HOSTNAME in frodo|treetowl) - echo "DEBIAN_NON_FREE" if [[ -e /a/bin/fai/fai-wrapper ]] && isdebian-stable; then - echo "STABLE_NON_FREE" + echo "STABLE_NONFREE" fi ;; lj|lj) - echo "LINODESTABLE" ;; + echo "STABLE STABLE_LINODE" ;; esac if grep ^52:54:00: /sys/class/net/eth0/address &>/dev/null; then diff --git a/fai/config/files/etc/apt/preferences.d/belenos/BELANOS64 b/fai/config/files/etc/apt/preferences.d/belenos/BELANOS similarity index 100% rename from fai/config/files/etc/apt/preferences.d/belenos/BELANOS64 rename to fai/config/files/etc/apt/preferences.d/belenos/BELANOS diff --git a/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE b/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE deleted file mode 120000 index 31109f8..0000000 --- a/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE +++ /dev/null @@ -1 +0,0 @@ -STABLE \ No newline at end of file diff --git a/fai/config/files/etc/apt/preferences.d/stable/STABLE b/fai/config/files/etc/apt/preferences.d/stable/STABLE index bc0047b..662b957 100644 --- a/fai/config/files/etc/apt/preferences.d/stable/STABLE +++ b/fai/config/files/etc/apt/preferences.d/stable/STABLE @@ -11,3 +11,11 @@ Explanation: Package: tar linux-image-amd64 linux-base btrfs-tools Pin: release a=jessie-backports Pin-Priority: 500 + +Package: * +Pin: release a=testing +Pin-Priority: -10 + +Package: * +Pin: release a=testing-updates +Pin-Priority: -10 diff --git a/fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE b/fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE deleted file mode 120000 index 31109f8..0000000 --- a/fai/config/files/etc/apt/preferences.d/testing/LINODESTABLE +++ /dev/null @@ -1 +0,0 @@ -STABLE \ No newline at end of file diff --git a/fai/config/files/etc/apt/preferences.d/testing/STABLE b/fai/config/files/etc/apt/preferences.d/testing/STABLE deleted file mode 100644 index 2203269..0000000 --- a/fai/config/files/etc/apt/preferences.d/testing/STABLE +++ /dev/null @@ -1,7 +0,0 @@ -Package: * -Pin: release a=testing -Pin-Priority: -10 - -Package: * -Pin: release a=testing-updates -Pin-Priority: -10 diff --git a/fai/config/files/etc/apt/sources.list.d/belanos.list/BELENOS64 b/fai/config/files/etc/apt/sources.list.d/belanos.list/BELANOS similarity index 100% rename from fai/config/files/etc/apt/sources.list.d/belanos.list/BELENOS64 rename to fai/config/files/etc/apt/sources.list.d/belanos.list/BELANOS diff --git a/fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE b/fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE deleted file mode 100644 index 689921e..0000000 --- a/fai/config/files/etc/apt/sources.list.d/stable-non-free.list/STABLE_NON_FREE +++ /dev/null @@ -1,11 +0,0 @@ -deb http://http.us.debian.org/debian jessie contrib non-free -deb-src http://http.us.debian.org/debian jessie contrib non-free - -deb http://security.debian.org/ jessie/updates contrib non-free -deb-src http://security.debian.org/ jessie/updates contrib non-free - -deb http://http.us.debian.org/debian jessie-updates contrib non-free -deb-src http://http.us.debian.org/debian jessie-updates contrib non-free - -deb http://http.debian.net/debian jessie-backports contrib non-free -deb-src http://http.debian.net/debian jessie-backports contrib non-free diff --git a/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_LINODE similarity index 53% rename from fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE rename to fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_LINODE index 3e04cd4..3e6e183 100644 --- a/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE +++ b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_LINODE @@ -10,3 +10,15 @@ deb-src http://mirrors.linode.com/debian/ jessie-updates main deb http://mirrors.linode.com/debian/ jessie-backports main deb-src http://mirrors.linode.com/debian/ jessie-backports main + +deb http://mirrors.linode.com/debian testing main +deb-src http://mirrors.linode.com/debian testing main + +deb http://security.debian.org/ testing/updates main +deb-src http://security.debian.org/ testing/updates main + +deb http://mirrors.linode.com/debian testing-updates main +deb-src http://mirrors.linode.com/debian testing-updates main + +deb http://mirrors.linode.com/debian unstable main +deb-src http://mirrors.linode.com/debian unstable main diff --git a/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE new file mode 100644 index 0000000..d5cc0db --- /dev/null +++ b/fai/config/files/etc/apt/sources.list.d/stable.list/STABLE_NONFREE @@ -0,0 +1,11 @@ +deb http://http.us.debian.org/debian jessie main contrib non-free +deb-src http://http.us.debian.org/debian jessie main contrib non-free + +deb http://security.debian.org/ jessie/updates main contrib non-free +deb-src http://security.debian.org/ jessie/updates main contrib non-free + +deb http://http.us.debian.org/debian jessie-updates main contrib non-free +deb-src http://http.us.debian.org/debian jessie-updates main contrib non-free + +deb http://http.debian.net/debian jessie-backports main contrib non-free +deb-src http://http.debian.net/debian jessie-backports main contrib non-free diff --git a/fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE b/fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE deleted file mode 100644 index 35fc32e..0000000 --- a/fai/config/files/etc/apt/sources.list.d/testing-non-free.list/DEBIAN_NON_FREE +++ /dev/null @@ -1,8 +0,0 @@ -deb http://http.us.debian.org/debian testing contrib non-free -deb-src http://http.us.debian.org/debian testing contrib non-free - -deb http://security.debian.org/ testing/updates contrib non-free -deb-src http://security.debian.org/ testing/updates contrib non-free - -deb http://http.us.debian.org/debian testing-updates contrib non-free -deb-src http://http.us.debian.org/debian testing-updates contrib non-free diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE new file mode 120000 index 0000000..586e320 --- /dev/null +++ b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_FREE @@ -0,0 +1 @@ +TESTING_FREE \ No newline at end of file diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE new file mode 120000 index 0000000..b277a35 --- /dev/null +++ b/fai/config/files/etc/apt/sources.list.d/testing.list/STABLE_NONFREE @@ -0,0 +1 @@ +TESTING_NONFREE \ No newline at end of file diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/DEBIAN b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_FREE similarity index 75% rename from fai/config/files/etc/apt/sources.list.d/testing.list/DEBIAN rename to fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_FREE index cddde59..031bddf 100644 --- a/fai/config/files/etc/apt/sources.list.d/testing.list/DEBIAN +++ b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_FREE @@ -6,3 +6,6 @@ deb-src http://security.debian.org/ testing/updates main deb http://http.us.debian.org/debian testing-updates main deb-src http://http.us.debian.org/debian testing-updates main + +deb http://http.us.debian.org/debian unstable main +deb-src http://http.us.debian.org/debian unstable main diff --git a/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE new file mode 100644 index 0000000..3b57312 --- /dev/null +++ b/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE @@ -0,0 +1,11 @@ +deb http://http.us.debian.org/debian testing main contrib non-free +deb-src http://http.us.debian.org/debian testing main contrib non-free + +deb http://security.debian.org/ testing/updates main contrib non-free +deb-src http://security.debian.org/ testing/updates main contrib non-free + +deb http://http.us.debian.org/debian testing-updates main contrib non-free +deb-src http://http.us.debian.org/debian testing-updates main contrib non-free + +deb http://http.us.debian.org/debian unstable main contrib non-free +deb-src http://http.us.debian.org/debian unstable main contrib non-free diff --git a/fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE b/fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE deleted file mode 100644 index 4a92405..0000000 --- a/fai/config/files/etc/apt/sources.list.d/unstable-non-free.list/DEBIAN_NON_FREE +++ /dev/null @@ -1,2 +0,0 @@ -deb http://http.us.debian.org/debian unstable contrib non-free -deb-src http://http.us.debian.org/debian unstable contrib non-free diff --git a/fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN b/fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN deleted file mode 100644 index 520a1a8..0000000 --- a/fai/config/files/etc/apt/sources.list.d/unstable.list/DEBIAN +++ /dev/null @@ -1,2 +0,0 @@ -deb http://http.us.debian.org/debian unstable main -deb-src http://http.us.debian.org/debian unstable main diff --git a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP b/fai/config/files/root/fai-check/STABLE_BOOTSTRAP index e448c7f..c067029 100755 --- a/fai/config/files/root/fai-check/STABLE_BOOTSTRAP +++ b/fai/config/files/root/fai-check/STABLE_BOOTSTRAP @@ -3,21 +3,32 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -# keep it short so we don't delay too much wnen we don't have networking. -NETWORK_TIMOUT_SECS=10 +# Keep it short so we don't delay too much wnen we don't have networking. +# In practice, on my home network, on an x200, it took 15 seconds, so +# give it an extra 10 seconds, which seems fairly short as I write this. +NETWORK_TIMOUT_SECS=25 did_fai_check=false + +m() { printf "%s\n" "$*"; "$@"; } + check-fai() { # we could just as well check if last_boot != /debianstable_boostrap # the intent with this one is just a little clearer. if [[ $did_fai_check == true ]]; then grub-editenv /mnt/grubenv set did_fai_check=os_true + # our service does not wait for network-online.target, + # because it will wait for too long when we don't have a network + # connection. So, we wait for 10 seconds. # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS )) - while ! systemctl status network-online.target && \ - (( `date +%s` < deadline )); do + while ! nc -zu faiserver 69; do + if (( `date +%s` > deadline )); then + echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout" + return 0 + fi sleep 1 done - pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||: + m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||: else return 0 fi @@ -30,7 +41,9 @@ for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \ mount $dev /mnt if $first; then if [[ -e /mnt/grubenv ]]; then + set -x source <(grub-editenv /mnt/grubenv list) + set +x fi first=false check-fai diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index c4f26ea..8dffd82 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -190,15 +190,15 @@ fi if [[ ! $DISTRO ]]; then - if ifclass STABLE_BOOTSTRAP; then + if ifclass VOL_STABLE_BOOTSTRAP; then DISTRO=debianstable_bootstrap - elif ifclass STRETCH64; then + elif ifclass VOL_STRETCH; then DISTRO=debiantesting - elif ifclass STABLE; then + elif ifclass VOL_STABLE; then DISTRO=debianstable - elif ifclass XENIAL64; then + elif ifclass VOL_XENIAL; then DISTRO=ubuntuxenial - elif ifclass BELENOS64; then + elif ifclass VOL_BELENOS; then DISTRO=trisquelbelenos else echo "PARTITIONER ERROR: no distro class/var set" >&2 diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian index 7650340..866cc6f 100755 --- a/fai/config/scripts/GRUB_PC/11-ian +++ b/fai/config/scripts/GRUB_PC/11-ian @@ -24,10 +24,12 @@ EOF apt-get install -y pxe-kexec EOFOUTER -fcopy -r /boot # -r = recursive -# note: # fcopy -i = ignore nonmatching class error, always return 0. +# -r = recursive +# -i = ignore non-matching class warnings, always exit 0 +# -B = no backup files +fcopy -riB /boot # this is also done by FABASE/10-misc by default. -fcopy -ir /root +fcopy -riB /root if ifclass STABLE_BOOTSTRAP; then fcopy -ri /etc/systemd/system chroot $FAI_ROOT bash <<'EOFOUTER' @@ -36,24 +38,28 @@ EOFOUTER exit 0 fi -dir=/q/root/shadow -fai_shadow=$FAI/distro-install-common/shadow -if [[ ! -e $dir && -e $fai_shadow ]]; then - mkdir -p $dir - mount -o bind $fai_shadow $dir -fi -$FAI/distro-install-common/end +bind-common() { + src=$1 + dst=$2 + if [[ ! -e $dst && -e $src ]]; then + mkdir -p $dst + mount -o bind $src $dst + fi +} +bind-common $FAI/distro-install-common/shadow /q/root/shadow + +# todo, port this over to the arch install script. +cp -rT $FAI/distro-install-common/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh /target/etc/ssh + +$FAI/distro-install-common/end # these get copied in an earlier stage by fai, but leaving it here since # I run this as a single post-fai script to update things that have changed. -fcopy -ri /etc/apt/preferences.d -fcopy -ri /etc/apt/sources.list.d +fcopy -riB /etc/apt $ROOTCMD apt-get update - - -rm -f $FAI_ROOT/etc/apt/sources.list +fcopy -riB /etc/ssh chroot $FAI_ROOT bash <<'EOF' set -eE -o pipefail diff --git a/wrt-setup b/wrt-setup index 82f7193..c04708d 100755 --- a/wrt-setup +++ b/wrt-setup @@ -235,10 +235,10 @@ EOF dnsmasq_restart=false v cedit /etc/hosts <