From d3d495af167adba91b190e8dcb95649c34fa04c7 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sun, 17 Apr 2016 18:19:18 -0700 Subject: [PATCH] arch use by-id and various fixes --- arch-init | 77 +++++++------- arch-init-chroot | 144 +++++++++++++++++---------- arch-init-remote | 11 +- chboot | 3 +- fai-redep | 14 ++- fai/config/class/50-host-classes | 4 +- fai/config/distro-install-common/end | 18 +++- fai/config/hooks/instsoft.DEFAULT | 2 +- fai/config/hooks/partition.DEFAULT | 18 ++-- fai/config/scripts/GRUB_PC/11-ian | 29 +++++- faiserver-setup | 2 +- pxe-server | 11 +- wrt-setup | 67 +++++++++---- 13 files changed, 266 insertions(+), 134 deletions(-) diff --git a/arch-init b/arch-init index c4f573f..b34c428 100755 --- a/arch-init +++ b/arch-init @@ -7,35 +7,19 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR cd $(dirname $(readlink -f "$BASH_SOURCE")) -export ROOTPW="$1" -export hostname="$2" -mirror=$3 +ROOTPW="$(cat /root/shadow/standard)" +export ROOTPW +export hostname="$1" +mirror=$2 +TPPASS="$(cat /root/shadow/traci-simple)" +export TPPASS +if [[ $hostname == tp ]]; then + ROOTPW="$TPPASS" +fi (( $# >= 2 )) || { echo "error: need 2 arguments"; exit 1; } -case $hostname in - x2) - export grubdisk=/dev/sda - ;; - demohost) - export grubdisk=/dev/vda - ;; - treetowl) - bootid=64d495ee-c9fe-4174-b20a-6c5e47abcfa1 - export grubdisk=$(blkid|sed -nr "/$bootid/s/^([^0-9]+).*/\1/p") - ;; - frodo) - rootid=e9ce7b46-9a21-4e79-b7f7-0b18acb57587 - export grubdisk=$(blkid|sed -nr "/$rootid/s/(^[^0-9]*).*/\1/p") - ;; - *) - echo "unrecognized hostname: $hostname" - exit 1 -esac - -if [[ -e /root/devbyid ]]; then - mv /root/devbyid /usr/bin -fi +mv /root/devbyid /usr/bin rm -f /etc/pacman.d/mirrorlist # https://wiki.archlinux.org/index.php/Mirrors#Sorting_mirrors @@ -60,18 +44,40 @@ export LUKS_DIR=/root/luks export HOSTNAME=$hostname export DISTRO=arch chmod +x partition.DEFAULT -./partition.DEFAULT + +export PARTITION_PROMPT=true + +already_partitioned=true +mount_out=$(mount) +for dir in /mnt{,/home,/boot,/q}; do + regex=" on $dir " + if [[ ! $mount_out =~ $regex ]]; then + already_partitioned=false + break + fi +done + +if ! $already_partitioned; then + ./partition.DEFAULT +fi + +. /tmp/fai/disk_var.sh + + # arch doesn't need crypttab entries for initramfs crypt partititions export rootn=1 export bootn=3 export swapn=2 -sed -ri '/^crypt_dev/d' /tmp/fai/crypttab -mount -o subvol=root_$DISTRO /dev/mapper/crypt_dev_?da$rootn /mnt -mkdir -p /mnt/{q,home} -mount -o subvol=q /dev/mapper/crypt_dev_?da$rootn /mnt/q -mount -o subvol=home_$DISTRO /dev/mapper/crypt_dev_?da$rootn /mnt/home -mkdir -p /mnt/boot -mount -o subvol=boot_$DISTRO /dev/?da$bootn /mnt/boot +export BOOT_DEVICE +sed -ri "/^crypt_dev_\S+$rootn /d" /tmp/fai/crypttab + +if ! $already_partitioned; then + mount -o subvol=root_$DISTRO $ROOT_PARTITION /mnt + mkdir -p /mnt/{q,home,boot} + mount -o subvol=q $ROOT_PARTITION /mnt/q + mount -o subvol=home_$DISTRO $ROOT_PARTITION /mnt/home + mount -o subvol=boot_$DISTRO $BOOT_PARTITION /mnt/boot +fi # https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Keyfiles cp /root/luks/host-$hostname /mnt/crypto_keyfile.bin @@ -80,7 +86,7 @@ chmod 600 /mnt/crypto_keyfile.bin shopt -s extglob case $hostname in - # these hosts are broken, not updated to new fai hyrbrid scripts. + # todo: these hosts are broken, not updated to new fai hyrbrid scripts. frodo) # for this system, no separate /boot, to keep partitions simple, @@ -104,6 +110,7 @@ they will succeed using the secodary mirror" fi pacstrap /mnt base cp /tmp/fai/{fstab,crypttab} /mnt/etc +cp /usr/bin/devbyid /mnt/root case $hostname in frodo) # the root .ssh needs to be like this, diff --git a/arch-init-chroot b/arch-init-chroot index 9c3fc48..5e2f8aa 100755 --- a/arch-init-chroot +++ b/arch-init-chroot @@ -10,7 +10,7 @@ for x in /etc/*.pacorig; do done echo $hostname > /etc/hostname -ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime +[[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime l=en_US.UTF-8 echo "$l UTF-8" > /etc/locale.gen locale-gen @@ -31,12 +31,6 @@ echo "LANG=$l" > /etc/locale.conf # # remove extra space # sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf -# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2 -# used to have lvm2 after encrypt for lvm. -for x in encrypt encrypt1 btrfs; do sed -ri -f - /etc/mkinitcpio.conf < 0" + ls -la /dev/mapper + exit 1 +fi +keyfile_vars=() +dup_keys=() +extra_encrypt_hooks=() + + +# If we have more than 1 to decrypt, arch wiki lead me onto +# a sort of hacky way run the encrypt hook multiple times. +for ((i=1; i < $crypt_count; i++)); do + extra_encrypt_hooks+=(encrypt$i) + if (( i = 1 )); then dup_keys=(" "); fi # prefix with an empty space + cp /crypto_keyfile.bin /crypto_keyfile$i.bin + dup_keys+=(/crypto_keyfile$i.bin) + base=/usr/lib/initcpio + cp $base/hooks/encrypt{,$i} + cp $base/install/encrypt{,$i} + sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i + sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i + crypt_name=${crypt_mapper_devs[i]#/dev/mapper/} + crypt_dev=/dev/${crypt_name#crypt_dev_} + k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards + cryptkey$i=rootfs:/crypto_keyfile$i.bin) +done + +# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2 +# used to have lvm2 after encrypt for lvm, but not using lvm anymore +for x in encrypt ${extra_encrypt_hooks[@]} btrfs; do sed -ri -f - /etc/mkinitcpio.conf < /etc/systemd/network/wired.network < /etc/systemd/network/br0.netdev <> $target/etc/sysctl.d/99-sysctl.conf + +f=$target/etc/sysctl.d/99-sysctl.conf +key=fs.inotify.max_user_watches +if [[ -e $f ]]; then sed -ri "/^\s*$key\s*=/d" $f; fi +echo "fs.inotify.max_user_watches = 1000000" >> $f # if we weren't rebooting, you could apply it now with: # sysctl --system -echo 'ian ALL=(ALL) NOPASSWD: ALL' >> $target/etc/sudoers +f=$target/etc/sudoers +line='ian ALL=(ALL) NOPASSWD: ALL' +if [[ ! -e $f ]] || ! grep -xF "$line" $f; then + echo "$line" >> $f +fi dir=/q/p/c/machine_specific/$HOSTNAME/.unison $ROOTCMD mkdir -p $dir $ROOTCMD rm -rf /root/.unison -$ROOTCMD ln -s $dir /root -$ROOTCMD ln -s /q/p / +$ROOTCMD ln -sf $dir /root +$ROOTCMD ln -sf /q/p / while true; do $ROOTCMD chown 1000:1000 $dir @@ -32,4 +40,4 @@ done # kvm is normally created by some package, # but unison doesn't like unknown groups, so make it now so initial sync works. -$ROOTCMD groupadd kvm +$ROOTCMD groupadd -r kvm || [[ $? == 9 ]] diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT index 11620eb..3eda00e 100755 --- a/fai/config/hooks/instsoft.DEFAULT +++ b/fai/config/hooks/instsoft.DEFAULT @@ -37,6 +37,6 @@ if ifclass tp; then chmod -R o-rwx $d d=$target/q/root/luks mkdir -p $d - cp /var/lib/fai/config/distro-install-common/host-{tp,demohost} $d + cp /var/lib/fai/config/distro-install-common/luks/host-{tp,demohost} $d chmod -R o-rwx $d fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index b0d1c9c..317eb6d 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -10,9 +10,9 @@ skiptask partition || ! type skiptask # for running not in fai #### begin configuration -bootn=3 rootn=1 swapn=2 +bootn=3 bios_grubn=4 boot_mib=1500 @@ -61,13 +61,13 @@ fi lastn=$bios_grubn -hds=() +hdds=() ssds=() cd /sys/block for disk in [sv]d[a-z]; do case $(cat $disk/queue/rotational) in 0) ssds+=(/dev/$disk) ;; - 1) hds+=(/dev/$disk) ;; + 1) hdds+=(/dev/$disk) ;; *) echo "$0: error: unknown /sys/block/$disk/queue/rotational: \ $(cat $disk/queue/rotational)"; exit 1 ;; esac @@ -77,7 +77,7 @@ done if (( ${#ssds[@]} > 0 )); then short_devs=( ${ssds[@]} ) else - short_devs=( ${hds[@]} ) + short_devs=( ${hdds[@]} ) fi # check if the partitions exist have the right filesystems @@ -188,7 +188,7 @@ first_root_crypt=$(root-cryptdev ${devs[0]}) bios_grubn=4 # 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86 swap_mib=$(( $(grep ^MemTotal: /proc/meminfo | \ - awk '{print $2}') * 3/(${#devs[@]} * 2 ) / 1024 )) + awk '{print $2}') * 3/(${#devs[@]} * 2 ) / 1024 )) mkdir -p /tmp/fai shopt -s nullglob @@ -212,7 +212,7 @@ if $partition; then # parted print error output is expected. example: # Error: /dev/vda: unrecognised disk label disk_mib=$(( $(parted -m $dev unit MiB print | \ - sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1)) + sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1)) root_end=$(( disk_mib - swap_mib - boot_mib / ${#boot_devs[@]} )) swap_end=$(( root_end + swap_mib)) @@ -272,7 +272,7 @@ fi mount -o subvolid=0 $first_root_crypt /mnt # systemd creates subvolumes we want to delete. s=($(btrfs subvolume list --sort=-path /mnt | - sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p")) + sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p")) for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done btrfs subvolume set-default 0 /mnt [[ ! -e /mnt/root_$DISTRO ]] || btrfs subvolume delete /mnt/root_$DISTRO @@ -282,8 +282,10 @@ btrfs subvolume set-default 0 /mnt cd /mnt for x in q home_$DISTRO root_$DISTRO; do btrfs subvolume list . | grep "$x$" >/dev/null || btrfs subvolume create $x - chown root:1000 q done +chown root:1000 q + + mkdir -p /mnt/root_$DISTRO/boot for x in root/a q/a; do mkdir -p $x diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian index d22d8fc..9764d8e 100755 --- a/fai/config/scripts/GRUB_PC/11-ian +++ b/fai/config/scripts/GRUB_PC/11-ian @@ -4,6 +4,12 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR $ROOTCMD adduser --disabled-password --gecos ian ian + +if [[ ! $ROOTPW ]]; then + echo "$0: error: empty \$ROOTPW" + exit 1 +fi + $ROOTCMD usermod -p "$ROOTPW" ian if ifclass STABLE; then @@ -16,13 +22,19 @@ if ifclass DEBIAN; then fi -# -i, ignore nonmatching class error, always return 0. -fcopy -r -M -i /home/ian/.ssh +# note: +# fcopy -i = ignore nonmatching class error, always return 0. + +f=/target/home/ian/.ssh/authorized_keys +if [[ ! -L $f || -e $f ]]; then + fcopy -r -M /home/ian/.ssh +fi /var/lib/fai/config/distro-install-common/end rm -f /target/etc/apt/sources.list chroot /target bash <<'EOF' +set -eE -o pipefail chown -R 1000:1000 /home/ian/.ssh chmod -R u=Xrw,og= /home/ian/.ssh cp -ar /home/ian/.ssh /root @@ -41,3 +53,16 @@ if ifclass STABLE; then # a single package which is primarily a single binary $ROOTCMD apt-get -y install unison-gtk/testing fi + + + +$ROOTCMD adduser --disabled-password --gecos traci traci +$ROOTCMD usermod -a -G traci ian +# reading through the groups that ian is in but traci isn't, +for g in plugdev audio video cdrom; do + $ROOTCMD usermod -a -G $g traci +done + +if ifclass frodo; then + $ROOTCMD usermod -p "$(cat /var/lib/fai/config/distro-install-common/shadow/traci-simple)" traci +fi diff --git a/faiserver-setup b/faiserver-setup index 54b69f6..d507f0b 100755 --- a/faiserver-setup +++ b/faiserver-setup @@ -25,7 +25,7 @@ to_install=() for pkg in $deps; do dpkg -s $pkg &>/dev/null && continue ||: to_install+=($pkg) - echo $pkg >> /etc/fai/fai-manually-installed-packages + echo $pkg >>/etc/fai/fai-manually-installed-packages done if [[ $to_install ]]; then apt-get -y install ${to_install[@]} diff --git a/pxe-server b/pxe-server index 4d18ccb..6d2411e 100755 --- a/pxe-server +++ b/pxe-server @@ -3,13 +3,16 @@ # Setup dhcp server to point to tftp server, # and depending on the type, setup the tftp server. -# usage: $0 [TYPE] +# usage: $0 TYPE # default distro is the base debian/fedora type. others are fai & arch set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR -action=${1:-default} +if [[ ! $1 ]]; then + echo "$0: error: exptected 1 argument of type" +fi +action=$1 arch() { default @@ -20,7 +23,9 @@ dhcp-boot=/arch/boot/syslinux/lpxelinux.0 EOF } -default() { +plain-tftp() { + # if arch was used before, this additionally needs + # the tftp link in /mnt/usb to be changed. cat <<'EOF' enable-tftp tftp-root=/mnt/usb/tftpboot diff --git a/wrt-setup b/wrt-setup index 8023523..0c9fb29 100755 --- a/wrt-setup +++ b/wrt-setup @@ -55,7 +55,7 @@ cat >.profile <<'EOF' exit } EOF -v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server +v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server tcpdump @@ -117,7 +117,9 @@ v /etc/init.d/nfsd start v /etc/init.d/portmap enable v /etc/init.d/nfsd enable - +# default is 250, but my switch wants a high static address by default, +# and I don't need that many, so lets just reduce it. +sed -ri 's/^(.*option limit ).*/\1100/' /etc/config/dhcp cedit /etc/config/firewall <<'EOF' || /etc/init.d/firewall restart # port forwarding @@ -133,6 +135,32 @@ option src wan option target ACCEPT option dest_port 63324 +config redirect +option name frodobittorrent +option src wan +option src_dport 63326 +option dest_ip 192.168.1.3 +option dest lan + +config rule +option src wan +option target ACCEPT +option dest_port 63326 + + +config redirect +option name treetowlsyncthing +option src wan +option src_dport 22000 +option dest_ip 192.168.1.2 +option dest lan +option proto tcp + +config rule +option src wan +option target ACCEPT +option dest_port 22000 + config redirect option name bithtpc @@ -178,19 +206,19 @@ config rule option dest_port 443 option proto tcp - -config redirect - option src wan - option src_dport 80 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp - -config rule - option src wan - option target ACCEPT - option dest_port 80 - option proto tcp +# not using http server atm, so disable it. +# config redirect +# option src wan +# option src_dport 80 +# option dest lan +# option dest_ip 192.168.1.2 +# option proto tcp + +# config rule +# option src wan +# option target ACCEPT +# option dest_port 80 +# option proto tcp EOF @@ -198,9 +226,9 @@ dnsmasq_restart=false cedit /etc/hosts < +# default dhcp range is 100-150 dhcp-host=f4:6d:04:02:ee:eb,192.168.1.2,treetowl dhcp-host=00:26:18:97:bb:16,192.168.1.3,frodo dhcp-host=10:78:d2:da:29:22,192.168.1.4,htpc @@ -263,6 +292,10 @@ dhcp-host=00:1f:16:16:39:24,192.168.1.5,x2 dhcp-host=52:54:00:9c:ef:ad,192.168.1.6,demohost dhcp-host=52:54:00:56:09:f9,192.168.1.7,faiserver dhcp-host=80:fa:5b:1c:6e:cf,192.168.1.8,tp +# this is the ip it picks by default if dhcp fails, +# so might as well use it. +# hostname is the name it uses according to telnet +dhcp-host=b4:75:0e:94:29:ca,192.168.1.251,switch9429ca # template -- 2.30.2