From 1b26da151c100d0c58910228d24ee52297da3974 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Thu, 27 Oct 2016 23:12:27 -0700 Subject: [PATCH] fix demohost, fix tar acl bug --- fai-redep | 17 +++--- .../etc/apt/preferences.d/stable/LINODESTABLE | 1 + .../files/etc/apt/preferences.d/stable/STABLE | 4 ++ .../linodestable.list/LINODESTABLE | 3 ++ fai/config/package_config/DEBIAN | 2 +- fai/config/package_config/UBUNTU | 2 +- fai/config/scripts/GRUB_PC/11-ian | 1 - faiserver-setup | 52 ++++++++++++------- pxe-server | 6 +-- wrt-setup | 2 +- 10 files changed, 56 insertions(+), 34 deletions(-) create mode 120000 fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE create mode 100644 fai/config/files/etc/apt/preferences.d/stable/STABLE diff --git a/fai-redep b/fai-redep index 2f59ef7..df86708 100755 --- a/fai-redep +++ b/fai-redep @@ -32,20 +32,21 @@ faiserver_host=$(chost faiserver) || faiserver_host=faiserver shopt -s extglob ssh root@$faiserver_host rm -rf /srv/fai/config/!(basefiles) -scp -r fai/config root@$faiserver_host:/srv/fai +scp -qr fai/config root@$faiserver_host:/srv/fai -scp ~/.ssh/id_rsa.pub \ +scp -q ~/.ssh/id_rsa.pub \ root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC # todo: automatically disable faiserver after a period so # these files are not exposed. -s scp -r /q/root/luks /q/root/shadow \ +s scp -qr /q/root/luks /q/root/shadow \ root@$faiserver_host:/srv/fai/config/distro-install-common -scp /a/bin/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin -# built this with mk-basefile -J BELENOS64. it's stored in it's own repo which -# is published alongside this one called fai-basefiles due -# to being a large binary file. -scp /a/bin/fai-basefiles/BELENOS64.tar.xz root@$faiserver_host:/srv/fai/config/basefiles +scp -q /a/bin/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin + +# built BELANOS basefile with mk-basefile -J BELENOS64. it's stored in +# it's own repo which is published alongside this one called +# fai-basefiles due to being a large binary file. +scp -q /a/bin/fai-basefiles/*.tar.xz root@$faiserver_host:/srv/fai/config/basefiles ssh root@$faiserver_host bash <<'EOF' set -eE -o pipefail set -x diff --git a/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE b/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE new file mode 120000 index 0000000..31109f8 --- /dev/null +++ b/fai/config/files/etc/apt/preferences.d/stable/LINODESTABLE @@ -0,0 +1 @@ +STABLE \ No newline at end of file diff --git a/fai/config/files/etc/apt/preferences.d/stable/STABLE b/fai/config/files/etc/apt/preferences.d/stable/STABLE new file mode 100644 index 0000000..7f2e29f --- /dev/null +++ b/fai/config/files/etc/apt/preferences.d/stable/STABLE @@ -0,0 +1,4 @@ +Explanation: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978 +Package: tar +Pin: release a=jessie-backports +Pin-Priority: 500 diff --git a/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE b/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE index 056de00..3e04cd4 100644 --- a/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE +++ b/fai/config/files/etc/apt/sources.list.d/linodestable.list/LINODESTABLE @@ -7,3 +7,6 @@ deb-src http://security.debian.org/ jessie/updates main # jessie-updates, previously known as 'volatile' deb http://mirrors.linode.com/debian/ jessie-updates main deb-src http://mirrors.linode.com/debian/ jessie-updates main + +deb http://mirrors.linode.com/debian/ jessie-backports main +deb-src http://mirrors.linode.com/debian/ jessie-backports main diff --git a/fai/config/package_config/DEBIAN b/fai/config/package_config/DEBIAN index 58c8d09..1402c4f 100644 --- a/fai/config/package_config/DEBIAN +++ b/fai/config/package_config/DEBIAN @@ -14,7 +14,7 @@ PACKAGES install DHCPC isc-dhcp-client PACKAGES install GRUB_PC -grub-pc cryptsetup btrfs-tools sudo bridge-utils grub-legacy- lilo- +grub-pc cryptsetup btrfs-tools sudo bridge-utils netcat-openbsd grub-legacy- lilo- PACKAGES install LVM lvm2 diff --git a/fai/config/package_config/UBUNTU b/fai/config/package_config/UBUNTU index 4a5a976..697224d 100644 --- a/fai/config/package_config/UBUNTU +++ b/fai/config/package_config/UBUNTU @@ -13,7 +13,7 @@ PACKAGES install DHCPC isc-dhcp-client PACKAGES install GRUB_PC -grub-pc cryptsetup btrfs-tools bridge-utils +grub-pc cryptsetup btrfs-tools bridge-utils netcat-openbsd PACKAGES aptitude-r XORG ubuntu-desktop diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian index 199e4f8..f4f1b7c 100755 --- a/fai/config/scripts/GRUB_PC/11-ian +++ b/fai/config/scripts/GRUB_PC/11-ian @@ -8,7 +8,6 @@ if [[ $EUID != 0 ]]; then exit 1 fi - if ! type -t fcopy &>/dev/null; then sudo apt-get -y install fai-client fi diff --git a/faiserver-setup b/faiserver-setup index e43d019..96485a5 100755 --- a/faiserver-setup +++ b/faiserver-setup @@ -38,8 +38,8 @@ sed="sed -ri --follow-symlinks" if [[ $base == jessie ]]; then - wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add - - cat >/etc/apt/sources.list.d/fai.list <<'EOF' + wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add - + cat >/etc/apt/sources.list.d/fai.list <<'EOF' deb http://fai-project.org/download jessie koeln EOF else @@ -52,11 +52,37 @@ fi # for debian: +r=http://http.us.debian.org/debian +# like default, but scrap httpredir, and nonfree. +# All my systems should be able to get along without nonfree +# for a base working system afaik. +dd of=/etc/fai/apt/sources.list </etc/fai/apt/preferences <<'EOF' +Package: tar +Pin: release a=jessie-backports +Pin-Priority: 500 +EOF +fi + apt-get update # all the dependencies except the dhcp server deps="$(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\ sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g')" -to_install=() +to_install=(tar) for pkg in $deps; do dpkg -s $pkg &>/dev/null && continue ||: to_install+=($pkg) @@ -64,21 +90,9 @@ for pkg in $deps; do echo `date` $pkg >>/var/log/fai-manually-installed-packages.log done if [[ $to_install ]]; then - apt-get -y install ${to_install[@]} + apt-get -y install ${to_install[@]} fi -r=http://http.us.debian.org/debian -# like default, but scrap httpredir and add suggested newer pkgs in fai-project.org -dd of=/etc/fai/apt/sources.list </dev/null; then - $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT + $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT fi e fai-setup -vf { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \ - | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \ - } >>/srv/fai/nfsroot/root/.ssh/known_hosts + | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \ + } >>/srv/fai/nfsroot/root/.ssh/known_hosts # initially did the basic fai-chboot -Iv $std_arg default # but found in console that it wanted to mount nfsroot diff --git a/pxe-server b/pxe-server index 66bc4ff..bac22c1 100755 --- a/pxe-server +++ b/pxe-server @@ -139,12 +139,12 @@ $([[ $type == arch ]] && echo arch-pxe-mount)" if $set; then set-pxe if [[ $type == fai ]]; then - myfai-chboot $host + e myfai-chboot $host if $redep; then - fai-redep + e fai-redep fi else - myfai-chboot + e myfai-chboot fi fi diff --git a/wrt-setup b/wrt-setup index 410c7a0..8293e9d 100755 --- a/wrt-setup +++ b/wrt-setup @@ -232,7 +232,7 @@ v cedit /etc/hosts <