iankelling.org Git - automated-distro-installer/blob - README

   1 PXE install w multi-boot, btrfs & Libreboot support
   2
   3 Some things are specific to my home network, and uses files with secrets
   4 that are not in this repo. I use this for bare metal and vms, and two
   5 scripts which can run post boot so I use them on vps distributed image
   6 as well.
   7
   8 Features people may find useful: installs encrypted trisquel, debian,
   9 ubuntu, arch, and parabola (archlike install is likely broken, I've only
  10 done pxe boots recently), in a multi-boot setup using multiple
  11 subvolumes of a single btrfs filesystem.  Utilizes multiple disks, with
  12 scripts to automatically decrypt on intentional reboots, but not after
  13 shutdown or power loss.
  14
  15 Normal install mode for fai is using pxe, but on a libreboot system,
  16 there is no pxe. The pxe in a normal computer is nonfree
  17 firmware. Alternatives to normal pxe that I've tried:
  18
  19 * libreboot + seabios + ipxe
  20
  21 * Use a live cd to call pxe-kexec, this is described later in this file.
  22
  23 * Use the fai autodiscover iso. This is more automated, so nicer.
  24
  25 * Use an install method above to setup a gnu/linux disk partition that
  26   coordinates with libreboot grub to acts like a pxe boot using
  27   kexec. The boot process takes a bit longer than normal pxe. This is
  28   the bootstrap partition in my scripts.
  29
  30 Things I haven't tried:
  31
  32 * The bios chip has enough room for an initrd. This could be setup to
  33   work like the partition I use to kexec, but it would be faster, and
  34   not require installing to disk.
  35
  36 The partititioning and filesystem script is at
  37 fai/config/hooks/partition.DEFAULT. Disks are grouped as ssd or hdd and
  38 raided in raid 1 or raid 0 per configuration. The base partitions are
  39 divided into boot, swap, and root, (only boot is unencrypted). There are
  40 scripts to resize those partitions post-provision and while the system
  41 is running.
  42
  43 People who use fai may find these things as useful examples: it uses
  44 dnsmasq (on a openwrt machine) for dhcp instead of the isc
  45 dhcp. fai-wrapper is a small script to use basic fai classes outside of
  46 fai. It does not use the fai partitioning tool, but the script is
  47 inspired from it and works outside of fai. It supports running a fai
  48 server on debian within android via Maru.
  49
  50 It also automates configuration of an openwrt router after manual
  51 initial installation.
  52
  53 After provisionining is done, I sync files using btrfs, or unison for
  54 vps, then automate further setup using a different set of scripts,
  55 https://iankelling.org/git/?p=distro-setup;a=tree.
  56
  57 My network is a wndr3700v2 router with openwrt on it and a few pcs/laptops.
  58
  59 Since fai requires a debian server as the fai server, there are also
  60 scripts to automate a debian install using pxe and preseeding, which can
  61 be done from any distro.
  62
  63 Some of the scripts have dependencies for some simple obvious utility
  64 scripts from https://iankelling.org/git, and of course there are some
  65 hostnames that are specific to my network.
  66
  67 Before doing a fai install, you will need to populate a class file.  I
  68 use one called 5-multi-boot, which you can see example of in
  69 fai/config/class/50-host-classes.
  70
  71 Before doing a fai install, you will need to populate /q/root/luks and
  72 /q/root/shadow, see their references. You might also want to copy
  73 existing /etc/ssh/*host* to
  74 /p/c/machine_specific/HOST/filesystem/etc/ssh.
  75
  76
  77
  78 All scripts meant to be used directly are listed here:
  79
  80
  81 # Scripts to setup the environment for the install
  82
  83
  84 # create tiny autodiscover cd
  85 fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso
  86 # create normal fai cd (replace TARGET_HOST)
  87 fai-redep -t TARGET_HOST && sudo fai-cd -M -g $PWD/grub.cfg.netinst -f $BASEFILE_DIR/netinst.iso
  88 note, may need to set hostname in something like LAST.var
  89 also, may need to unset proxy.
  90 mymk-basefile # Create basefiles for various distros
  91 archlike-pxe # Setup pxe boot server from an archlike base image
  92 fai-redep # Deploy fai configuration to host "faiserver"
  93 faiserver-uninstall # uninstall fai-server
  94 faiserver-setup # install fai-server on the current machine
  95 myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
  96 pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
  97 wrt-setup  # setup my router in general: dhcp, dns, etc.
  98
  99
 100 # Script to do a distro install
 101
 102 faiserver-revm # using pxe & preseed, create a vm which is a fai server
 103 dsfull # install & post-install a new fai distro
 104 arch-init-remote # install arch after it's been booted into it's setup env
 105 live-kexec # Kexec this or a remote machine using host faiserver. also
 106              useful to run as curl live-kexec|bash
 107
 108
 109 # Test scripts
 110
 111 arch-revm # test arch install on a fresh vm
 112 fai-revm  # test fai install on a fresh vm
 113
 114
 115 # Scripts to call after a distro install for various reasons
 116
 117 chboot # Set grub to boot into a different distro (installed earlier)
 118 install-chboot # reinstall chboot to /boot subvols, for chboot updates.
 119 eboot # reboot without automatic disk decryption
 120 fai-wrapper # use fai classes outside of fai. sourced, not called.
 121 faiserver-disable # Disable the fai nfs server exports
 122 fresize # resize swap or boot partitions in a host
 123
 124
 125 # Replacing a raid 10 disk
 126
 127 # i expect better results with newer kernel and btrfs progs than the default stretch
 128 fai-server buster
 129
 130 pxe-server -S HOST fai
 131
 132 # btrfs replace or delete. prefer replace. to setup partitions on replacement drive:
 133 scp fai-wrapper HOST:
 134 ssh root@HOST
 135 . fai-wrapper
 136 export SPECIAL_DISK=/dev/REPLACEMENT_DEV
 137 /var/lib/fai/config/hooks/partition.DEFAULT
 138
 139
 140 ssh root@HOST
 141 for x in /target/* /target; do umount $x; done
 142 cat >p
 143 PASSWORD HERE(ctrl-d ctrl-d)
 144 cd /dev/disk/by-id/
 145 for d in ata*part1; do cryptsetup luksOpen -d /root/p $d crypt_dev_$d; done
 146 x=(/dev/mapper/*part1); mount -o subvol=root_trisquelflidas $x /mnt
 147 # btrfs fi show /mnt
 148 # btrfs replace start -f /dev/mapper/OLD_DEV /dev/mapper/NEW_DEV /mnt
 149 # btrfs replace status /mnt
 150 # nohup btrfs dev delete /dev/sde1 /mnt
 151 mount -o subvol=boot_trisquelflidas /dev/sda3 /mnt/boot
 152 # also replace or delete disk for boot
 153 for x in dev proc sys; do mount -o bind /$x /mnt/$x; done
 154 chroot /mnt /bin/bash
 155 # replace disk in fstab
 156 # replace disk in /etc/crypttab
 157 update-grub
 158 update-initramfs -u
 159 mount /a
 160 /a/exe/keyscript-on
 161 exit
 162 reboot
 163
 164
 165 # Expected output in fai logs
 166
 167 For flidas, when installing systemd, this error happens, and it's
 168 a superflous upstream bug based on reading the post install script:
 169
 170 addgroup: The group `systemd-journal' already exists as a system group. Exiting.
 171 Operation failed: No such file or directory
 172
 173
 174 # TODO
 175 Change arch to archlike and to support arch and parabola
 176
 177
 178 # License
 179
 180 The license for the project is GPLv2 or later, mostly because fai is and
 181 I periodically merge the upstream example config, which contains small
 182 scripts. Also, there is a modified encrypt.upstream, which is from the
 183 cryptsetup package in arch, which is under the same license.