iankelling.org Git - automated-distro-installer/blob - fai-redep

   1 #!/bin/bash
   2 # Copyright (C) 2019 Ian Kelling
   3 # SPDX-License-Identifier: AGPL-3.0-or-later
   4 set -eE -o pipefail
   5 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   6
   7 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
   8
   9 readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
  10
  11 source bash-trace
  12
  13 usage() {
  14   cat <<EOF
  15 usage: ${0##*/} [OPTIONS] [HOST]
  16 Deploy fai config (the one in nfs) to HOST or default faiserver
  17
  18 Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
  19 due to setting
  20 echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
  21 note FAI_ACTION might be able to be set elsewhere, like in grub for this case
  22
  23 -d DISTRO      DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
  24 -t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
  25                on hardware we don't control.
  26 -h|--help    Print help and exit
  27
  28 Note: uses paths specific to authors machine.
  29 EOF
  30   exit $1
  31 }
  32
  33 ##### begin command line parsing ########
  34
  35 # ensure we can handle args with spaces or empty.
  36 ret=0; getopt -T || ret=$?
  37 [[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
  38
  39 temp=$(getopt -l help hd:t: "$@") || usage 1
  40 eval set -- "$temp"
  41 while true; do
  42   case $1 in
  43     -d) distro=$2; shift ;;
  44     -t) target=$2; shift ;;
  45     -h|--help) usage ;;
  46     --) shift; break ;;
  47     *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
  48   esac
  49   shift
  50 done
  51 host=${1:-faiserver}
  52
  53 readonly host distro target
  54
  55 ##### end command line parsing ########
  56
  57 m() { printf "$pre %s\n"  "$*"; "$@"; }
  58
  59 # i use faiserver as a dns alias, but ssh key is associated with
  60 # a canonical hostname and we will have ssh warning spam unless we
  61 # use it, so look it up just to avoid the warning spam.
  62 faiserver_host=$(/a/exe/chost $host)
  63 #  faiserver_host=$host
  64
  65 faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
  66 if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
  67   rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:)
  68   faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
  69 fi
  70
  71 # these are gitignored.
  72 rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized_keys/STANDARD
  73 # we hssh and ssh_filter_btrbk for the initial btrbk (alternatively, I could open up the
  74 # permissions in authorized_keys, but that just seems lazy)
  75 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
  76 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
  77 rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
  78 m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
  79
  80 # todo: automatically disable faiserver after a period so
  81 # these files are not available.
  82
  83
  84 if [[ $target ]]; then
  85   secret_files=(luks/$target luks/host-$target shadow/$target)
  86   exists=false
  87   secret_exists=()
  88   for f in ${secret_files[@]}; do
  89     if [[ -e /q/root/$f ]]; then
  90       exists=true
  91       secrets_to_send+=("$f")
  92     fi
  93   done
  94   if $exists; then
  95     {
  96       for f in ${secrets_to_send[@]}; do
  97         echo $f
  98       done
  99     } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common
 100   fi
 101 else
 102   rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
 103 fi
 104
 105 rsync -rlpt --delete /a/opt/btrfs-progs-release \
 106       filesystem/usr/local/bin/ethusb-nm \
 107       filesystem/usr/local/bin/ethusb-static \
 108       "${rpre[@]}"/srv/fai/config/distro-install-common
 109
 110 dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
 111 if [[ -e ${dirs[0]} ]]; then
 112   rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
 113 fi
 114
 115 . /a/bin/distro-setup/pkgs
 116 pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
 117
 118 printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
 119   $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
 120
 121
 122 m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/