iankelling.org Git - automated-distro-installer/blob - faiserver-setup

   1 #!/bin/bash
   2 # Copyright (C) 2016 Ian Kelling
   3
   4 # This program is free software; you can redistribute it and/or
   5 # modify it under the terms of the GNU General Public License
   6 # as published by the Free Software Foundation; either version 2
   7 # of the License, or (at your option) any later version.
   8
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program; if not, write to the Free Software
  16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  17
  18 x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
  19
  20 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
  21
  22 usage() {
  23     cat <<EOF
  24 usage: ${0##*/} [-h|--help]
  25 install fai-server on the current machine
  26
  27 Initial setup of a fai server on debian. works on localhost.
  28 Set's the current ip as the tftp server. I vaguely remember
  29 that using a hostname does not work.
  30 Separate from running this, faiserver needs to be setup in dns
  31 to point to whatever host this is run on.
  32
  33 For running on arm, it expects Ian's fai-basefiles repository at
  34 /a/bin/fai-basefiles
  35
  36 EOF
  37     exit $1
  38 }
  39 case $1 in
  40     -h|--help) usage ;;
  41 esac
  42
  43
  44 e() { echo "$@"; "$@"; }
  45
  46 # When stretch becomes stable, change this to stretch.
  47 # I\'ve tested this with stretch, it works, but notably,
  48 # the automatic basefile getting will be for stretch
  49 # instead of jessie, so if you install jessie, you need
  50 # to setup the basefile and it\'s corresponding class.
  51 base=jessie
  52 sed="sed -ri --follow-symlinks"
  53
  54 if ! type -p wget &>/dev/null; then
  55   apt-get install -y wget
  56 fi
  57
  58 armhf() {
  59     [[ $(dpkg --print-architecture) == armhf ]]
  60 }
  61
  62 if grep -xFq 'VERSION="9 (stretch)"' /etc/os-release; then
  63   # if we use stretch, no need for fai-project repo.
  64   # this will need to be updated when there is a codename
  65   # for stretch+1
  66   rm -f /etc/apt/sources.list.d/fai.list
  67 elif armhf; then
  68   if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then
  69     cat >/etc/apt/sources.list.d/testing.list <<'EOF'
  70 deb http://http.us.debian.org/debian testing main contrib non-free
  71 deb-src http://http.us.debian.org/debian testing main contrib non-free
  72
  73 deb http://security.debian.org/ testing/updates main contrib non-free
  74 deb-src http://security.debian.org/ testing/updates main contrib non-free
  75
  76 deb http://http.us.debian.org/debian testing-updates main contrib non-free
  77 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
  78 EOF
  79
  80     cat >/etc/apt/preferences.d/fai <<'EOF'
  81 Package: fai-server fai-client fai-doc
  82 Pin: release a=testing
  83 Pin-Priority: 500
  84
  85 Package: *
  86 Pin: release a=testing
  87 Pin-Priority: -10
  88 EOF
  89   fi
  90 else
  91     wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add -
  92     cat >/etc/apt/sources.list.d/fai.list <<'EOF'
  93 deb http://fai-project.org/download jessie koeln
  94 EOF
  95 fi
  96
  97 # for ubuntu:
  98 #add-apt-repository -y ppa:fai/ppa
  99
 100 # for debian:
 101
 102
 103 apt-get update
 104
 105 # Relevant packages from fai-quickstart depends and fai-server recommends.
 106 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
 107 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
 108 # kernel, or the ability to install it.
 109 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils)
 110 if modprobe nfsd &>/dev/null; then
 111   pkgs+=(nfs-kernel-server)
 112 else
 113     pkgs+=(apache2)
 114 fi
 115
 116
 117 apt-get install -y ${pkgs[@]}
 118 apt-get install --no-install-recommends -y fai-server
 119
 120 r=http://http.us.debian.org/debian
 121 # like default, but scrap httpredir, and nonfree.
 122 # All my systems should be able to get along without nonfree
 123 # for a base working system afaik.
 124 cat >/etc/fai/apt/sources.list <<EOF
 125 deb $r $base main contrib
 126 deb http://security.debian.org/debian-security $base/updates main contrib
 127 EOF
 128
 129 if [[ $base == jessie ]]; then
 130   cat >>/etc/fai/apt/sources.list <<'EOF'
 131 # uncommenting this from the defaults. it's got bug fixes.
 132 # repository that may contain newer fai packages for jessie
 133 deb http://fai-project.org/download jessie koeln
 134 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
 135 deb http://ftp.debian.org/debian jessie-backports main
 136 EOF
 137
 138   # note, fai doesn\'t look at /etc/fai/apt/preferences.d
 139   cat >/etc/fai/apt/preferences <<'EOF'
 140 Package: tar
 141 Pin: release a=jessie-backports
 142 Pin-Priority: 500
 143 EOF
 144 fi
 145
 146
 147 # tried out a stretch base, doesn't work yet.
 148 #
 149 $sed -f - /etc/fai/nfsroot.conf <<EOF
 150 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
 151 # add --arch amd64. this is needed on arm system which is
 152 # used to install amd64 clients. On amd64 servers, it's redundant.
 153 # disabled for now, since creating fai nfsroot on my arm machine
 154 # is not working
 155 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
 156 /^\s*FAI_ROOTPW/d
 157 $ a FAI_ROOTPW="$(</q/root/shadow/standard)"
 158 EOF
 159
 160 $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
 161 # from man fai-make-nfsroot,
 162 # figured out after partitioning ignored my crypt partition
 163
 164
 165 if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
 166   $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT
 167 fi
 168
 169 if armhf; then
 170   cd /srv/fai
 171   rm -rf nfsroot
 172   tar Jxf /a/bin/fai-basefiles/base.tar.xz
 173   # background: Can't build the nfsroot on my arm system now.  First,
 174   # fai-make-nfsroot won't work out of the box. One idea to make it work
 175   # is by installing qemu-user-static, then copying qemu-x86_64-static
 176   # into the nfsroot, and prepending it to chroot commands in
 177   # fai-make-nfsroot, but that fails in odd ways. ls has permissions
 178   # problems on reading directories, various programs segfault
 179   # immediately, cat can't open a file, etc.
 180
 181   NFSROOT=/srv/fai/nfsroot
 182   TFTPROOT=/srv/tftp/fai
 183
 184   # test if our copy of setup_tftp has changed in fai-make-nfsroot,
 185   # and if not, run it.
 186   setup_tftp(){
 187
 188       # tftp environment
 189       local pxebin
 190
 191       # wheezy path
 192       if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
 193         pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
 194       else
 195           # jessie/stretch path
 196           pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
 197       fi
 198
 199       rm -f $NFSROOT/boot/*.bak
 200       mkdir -p $TFTPROOT/pxelinux.cfg
 201       chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
 202       cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
 203       cp -u $pxebin $TFTPROOT
 204       if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
 205         cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
 206       fi
 207       if [ X$verbose = X1 ]; then
 208         echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
 209       fi
 210   }
 211   diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
 212 type setup_tftp
 213 EOF
 214 )
 215   setup_tftp
 216
 217   # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
 218   # is the only way to make it run without chrooting. the options
 219   # seem contradictory, but it works.
 220   fai-setup -evag
 221
 222 else
 223     e fai-setup -e -vf
 224     # make the faiserver also the apt proxy server
 225     apt-get -y install apt-cacher-ng
 226 fi
 227
 228 { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
 229     | tr '\n' ' '; ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*"; \
 230   } >>/srv/fai/nfsroot/root/.ssh/known_hosts
 231
 232 # initially did the basic fai-chboot -Iv $std_arg default
 233 # but found in console that it wanted to mount nfsroot
 234 # to be the same as my dhcp server.
 235 # Figured out to change the root= parameter from googling,
 236 # and seeing fai-chboot -L
 237 # using hostname failed.
 238 # for -f, combined the 2 defaults so it will reboot and print to screen.
 239
 240 # Add debug to -f flag for more verbose output.
 241
 242
 243 # background on choosing apt-cacher-ng:
 244 # googling around a bit finds 2 main solutions:
 245 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
 246 # apt-cacher-ng doesn\'t have zeroconf.
 247 # It touts having minimal dependencies, but I don\'t care.
 248 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
 249 # you have to add all the repos you use.
 250 # That is the main reason I use apt-cacher-ng.
 251 # It has a web portal, at http://faiserver:3142/acng-report.html
 252
 253
 254 # random fai note: as far as I can tell, profiles are just for putting
 255 # in a selectable boot menu, which I don\'t want.
 256
 257 # the logsave prompted because the hostname faiserver was uknown.
 258 # Here it was faiserver.lan when running from a faiserver vm.
 259 # When running from a normal host with faiserver alias, it was the normal hosts name.
 260 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
 261 # ditch the logo banner up top which screws with less.
 262 touch /srv/fai/nfsroot/.nocolorlogo