more aramo/jammy updates

[automated-distro-installer] / fai-redep

#!/bin/bash
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"

usage() {
  cat <<EOF
usage: ${0##*/} [OPTIONS] [HOST]
Deploy fai config (the one in nfs) to HOST or default faiserver

Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
due to setting
echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
note FAI_ACTION might be able to be set elsewhere, like in grub for this case

-d DISTRO      DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
-t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
               on hardware we don't control.
-h|--help    Print help and exit

Note: uses paths specific to authors machine.
EOF
  exit $1
}

##### begin command line parsing ########

# ensure we can handle args with spaces or empty.
ret=0; getopt -T || ret=$?
[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }

temp=$(getopt -l help hd:t: "$@") || usage 1
eval set -- "$temp"
while true; do
  case $1 in
    -d) distro=$2; shift ;;
    -t) target=$2; shift ;;
    -h|--help) usage ;;
    --) shift; break ;;
    *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
  esac
  shift
done
host=${1:-faiserver}

readonly host distro target

##### end command line parsing ########

# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
# use it, so look it up just to avoid the warning spam.
faiserver_host=$(/a/exe/chost $host) || faiserver_host=$host

faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
  rpre="-e 'ssh -F $HOME/.ssh/confighome' root@$faiserver_host:"
  faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
fi

# these are gitignored.
rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized_keys/STANDARD
# we hssh and ssh_filter_btrbk for the initial btrbk (alternatively, I could open up the
# permissions in authorized_keys, but that just seems lazy)
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
rsync -atL /a/bin/ds/hssh fai/config/files/usr/local/bin/hssh/STANDARD
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD

rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config $rpre/srv

# todo: automatically disable faiserver after a period so
# these files are not available.

if [[ $target ]]; then
  if test -e /q/root/shadow/$target; then
    shadowfile=shadow/$target # empty otherwise
  fi
  rsync -lpt --files-from=- /q/root $rpre/srv/fai/config/distro-install-common <<EOF
luks/$target
luks/host-$target
$shadowfile
EOF
else
  rsync -rlpt /q/root/shadow /q/root/luks $rpre/srv/fai/config/distro-install-common
fi

dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
  rsync -rlpt --delete --relative ${dirs[@]} $rpre/srv/fai/config/distro-install-common
fi

. /a/bin/distro-setup/pkgs
pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))

printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
  $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe


rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ $rpre/srv/fai/config/basefiles/