2 # Copyright (C) 2019 Ian Kelling
3 # SPDX-License-Identifier: AGPL-3.0-or-later
5 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
7 readonly this_file
="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
11 usage: ${0##*/} [OPTIONS] [HOST]
12 Deploy fai config (the one in nfs) to HOST or default faiserver
14 Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
16 echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
17 note FAI_ACTION might be able to be set elsewhere, like in grub for this case
19 -d DISTRO DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
20 -t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
21 on hardware we don't control.
22 -h|--help Print help and exit
24 Note: uses paths specific to authors machine.
29 ##### begin command line parsing ########
31 # ensure we can handle args with spaces or empty.
32 ret
=0; getopt
-T || ret
=$?
33 [[ $ret == 4 ]] ||
{ echo "Install util-linux for enhanced getopt" >&2; exit 1; }
35 temp
=$
(getopt
-l help hd
:t
: "$@") || usage
1
39 -d) distro
=$2; shift ;;
40 -t) target
=$2; shift ;;
43 *) echo "$0: unexpected args: $*" >&2 ; usage
1 ;;
49 readonly host distro target
51 ##### end command line parsing ########
53 # i use faiserver as a dns alias, but ssh key is associated with
54 # a canonical hostname and we will have ssh warning spam unless we
55 # use it, so look it up just to avoid the warning spam.
56 faiserver_host
=$
(chost
$host) || faiserver_host
=$host
58 rsync
-rlpt --delete --relative --exclude /fai
/config
/basefiles
/ fai
/config root@
$faiserver_host:/srv
60 sudo rsync
-a /root
/.ssh
/home.pub \
61 root@
$faiserver_host:/srv
/fai
/config
/files
/root
/.ssh
/authorized_keys
/STANDARD
62 # todo: automatically disable faiserver after a period so
63 # these files are not available.
65 if [[ $target ]]; then
66 if sudo
test -e /q
/root
/shadow
/$target; then
67 shadowfile
=shadow
/$target # empty otherwise
69 sudo rsync
-lpt --files-from=- /q
/root root@
$faiserver_host:/srv
/fai
/config
/distro-install-common
<<EOF
75 sudo rsync
-rlpt /q
/root
/shadow
/q
/root
/luks root@
$faiserver_host:/srv
/fai
/config
/distro-install-common
78 dirs=(/p
/c
/machine_specific
/${target:-*}/filesystem
/etc
/ssh)
79 if [[ -e ${dirs[0]} ]]; then
80 rsync
-rlpt --delete --relative ${dirs[@]} root@
$faiserver_host:/srv
/fai
/config
/distro-install-common
83 .
/a
/bin
/distro-setup
/pkgs
84 pall
+=($
(/a
/bin
/buildscripts
/emacs
-p; /a
/bin
/distro-setup
/distro-pkgs
$distro))
86 printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
87 ssh root@
$faiserver_host dd of
=/srv
/fai
/config
/package_config
/DESKTOP
2>/dev
/null ||
: # broken pipe
90 rsync
-rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ root@
$faiserver_host:/srv
/fai
/config
/basefiles
/
91 ssh root@
$faiserver_host bash
<<'EOF'
93 # make it the root because pxe-kexec only looks there.
94 # It wouldn't be too hard to change if we needed.
95 # We could also just dump things in /srv/tftp, but fai
96 # has some defaults, which I don't even use, which expect
97 # the other directory, so it's kind of a tossup, whatever.
98 sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
99 systemctl restart tftpd-hpa
102 f=/srv/fai/nfsroot/root/.ssh/known_hosts
103 install -d -m 700 /srv/fai/nfsroot/root/.ssh
104 # the known hosts entries that fai already sets up are like
105 # IP,HOSTNAME key_info...
106 # we are skipping the ip, because it doesn't block ssh
107 # with a prompt as long as you have the user supplied hostname,
108 # and i don't want to deal with getting it, it's not adding
109 # any important security in this case.
110 if ! grep -xFq "$line" $f &>/dev/null; then
112 printf "%s\n" "$line" >>$f
115 if ! modprobe nfsd &>/dev/null; then
116 # no apt-cache on maru debian, because we are low on space already
117 sed -i '/^ *APTPROXY=/d' /srv/fai/config/class/DEBIAN.var
118 # maru debian doesn't have loopback devs created
119 if ! losetup -f; then
123 if (( ${#x[@]} )); then
124 minor=$(( ${x[-1]#/dev/loop} + 1 ))
126 mknod -m660 /dev/loop$minor b 7 $minor
129 # -B boo only iso, no nfsroot, no paritial miorr, no config space.
130 # -f = force, for overwriting
131 # -S = make squash image for http booting
132 # -d config space url, instead of putting it in the squash.img,
133 # this just makes it so that we don't have to regenerate the img
134 # when the config changes.
136 tar czf /var/www/faiserver/html/config.tar.gz .
137 if $changed || [[ ! -e /var/www/faiserver/html/squash.img ]]; then
138 # note, on maru, selinux needs to be disabled in android before
142 fai-cd -d http://faiserver:8080/config.tar.gz -f -M -S /var/www/faiserver/html/squash.img