fixes plus readme updates

[automated-distro-installer] / README

PXE install w multi-boot, btrfs & Libreboot support

Some things are specific to my home network, and uses files with secrets
that are not in this repo. I use this for bare metal and vms, and two
scripts which can run post boot so I use them on vps distributed image
as well.

Features people may find useful: installs encrypted trisquel, debian,
ubuntu, and arch (havne't done recently, probably a bit broken), in a
multi-boot setup using multiple subvolumes of a single btrfs filesystem.
Utilizes multiple disks, with scripts to automatically decrypt on
intentional reboots, but not after shutdown or power loss.

Normal install mode for fai is using pxe, but on a libreboot system,
there is no pxe. The pxe in a normal computer is nonfree firmware. What
I've done instead:

* Use a live cd to call pxe-kexec, this is described later in this file.

* Use the fai autodiscover iso. This is more automated, so nicer.

* Use an install method above to setup a gnu/linux disk partition that
  acts like a pxe boot using kexec, but it takes a bit longer. This is
  the bootstrap partition in my scripts.

Things I haven't tried:

* There is iPXE, which requires standard bios functions, which can be
  provided by seabios, which can be a libreboot payload.

* The bios chip has enough room for an initrd. This could be setup to
  work like the partition I use to kexec, but it would be faster, and
  not require installing to disk.

The partititioning and filesystem script is at
fai/config/hooks/partition.DEFAULT. Disks are grouped as ssd or hdd and
raided in raid 1 or raid 0 per configuration. The base partitions are
divided into boot, swap, and root, (only boot is unencrypted). There are
scripts to resize those partitions post-provision and while the system
is running.

People who use fai may find these things as useful examples: it uses
dnsmasq (on a openwrt machine) for dhcp instead of the isc
dhcp. fai-wrapper is a small script to use basic fai classes outside of
fai. It does not use the fai partitioning tool, but the script is
inspired from it and works outside of fai. It supports running a fai
server on debian within android via Maru.

It also automates configuration of an openwrt router after manual
initial installation.

After provisionining is done, I sync files using btrfs, or unison for
vps, then automate further setup using a different set of scripts,
https://iankelling.org/git/?p=distro-setup;a=tree.

My network is a wndr3700v2 router with openwrt on it and a few pcs/laptops.

Since fai requires a debian server as the fai server, there are also
scripts to automate a debian install using pxe and preseeding, which can
be done from any distro.

Some of the scripts have dependencies for some simple obvious utility
scripts from https://iankelling.org/git, and of course there are some
hostnames that are specific to my network.



All scripts meant to be used directly are listed here:


# Scripts to setup the environment for the install

arch-pxe # Setup arch pxe boot server from an arch base image
fai-redep # Deploy fai configuration to host "faiserver"
faiserver-revm # using pxe & preseed, create a vm which is a fai server
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
wrt-setup-remote  # setup my router in general: dhcp, dns, etc.


# Script to do a distro install

dsfull # install & post-install a new fai distro
arch-init-remote # install arch after it's been booted into it's setup env
fai-kexec # Kexec this or a remote machine using host faiserver
live-kexec # fai kexec from upstream live cds, e.g. curl live-kexec|bash


# Test scripts

arch-revm # test arch install on a fresh vm
fai-revm  # test fai install on a fresh vm


# Scripts to call after a distro install for various reasons

chboot # Set grub to boot into a different distro (installed earlier)
install-chboot # reinstall chboot to /boot subvols, for chboot updates.
eboot # reboot without automatic disk decryption
fai-wrapper # use fai classes outside of fai. sourced, not called.
faiserver-disable # Disable the fai nfs server exports
fresize # resize swap or boot partitions in a host


# Replacing a raid 10 disk

pxe-server -S HOST fai
ssh root@HOST
cat >p
PASSWORD HERE(ctrl-d ctrl-d)
for d in /dev/disk/by-id/ata*part1; do cryptsetup luksOpen --key-file p $d crypt_dev_${d##*/}; done
# btrfs replace disk # i forget the actual command
x=(/dev/mapper/*part1); mount -o subvol=root_trisquelflidas $x /mnt
mount -o subvol=boot_trisquelflidas /dev/sda3 /mnt/boot
for x in dev proc sys; do mount -o bind /$x /mnt/$x; done
chroot /mnt /bin/bash
# replace disk in fstab
# replace disk in /etc/crypttab
update-grub
update-initramfs -u
mount /a
/a/exe/keyscript-on
exit
reboot


# dirinstall

host=kw
distro=trisquel
t=/dev/shm/t
myfai-chboot default
sudo sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf
# config umount required after a failed run, proc umount always required
sudo umount /var/lib/fai/config ||: ; sudo umount -R $t/proc ||:
fai-redep faiserver $distro
sudo rm -rf $t ; mkdir $t; time sudo LANG= fai -N -u $host dirinstall $t

# cleanup:
sudo sed -i 's/^#LOGUSER=/LOGUSER=/' /etc/fai/fai.conf
sudo umount -R $t/proc


# Turning a dirinstall into a basefile. taken from mk-basefile

sudo chroot $t apt-get clean
sudo rm -f $t/etc/hostname $t/etc/resolv.conf \
      $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
      $t/etc/udev/rules.d/70-persistent-net.rules
echo | sudo dd of=$t/etc/machine-id
sudo tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/FLIDAS64X.tar.gz



# License

The license for the project is GPLv2 or later, mostly because fai is and
I periodically merge the upstream example config, which contains small
scripts. Also, there is a modified encrypt.upstream, which is from the
cryptsetup package in arch, which is under the same license.