iankelling.org Git - automated-distro-installer/blob - faiserver-setup

   1 #!/bin/bash
   2 # Copyright (C) 2016 Ian Kelling
   3
   4 # This program is free software; you can redistribute it and/or
   5 # modify it under the terms of the GNU General Public License
   6 # as published by the Free Software Foundation; either version 2
   7 # of the License, or (at your option) any later version.
   8
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program; if not, write to the Free Software
  16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  17
  18 set -eE -o pipefail
  19 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
  20
  21 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
  22
  23 usage() {
  24     cat <<EOF
  25 usage: ${0##*/} [-h|--help]
  26 install fai-server on the current machine
  27
  28 Initial setup of a fai server on debian. works on localhost.
  29 Set's the current ip as the tftp server. I vaguely remember
  30 that using a hostname does not work.
  31 Separate from running this, faiserver needs to be setup in dns
  32 to point to whatever host this is run on.
  33
  34 For running on arm, it expects Ian's fai-basefiles repository at
  35 /a/bin/fai-basefiles
  36
  37 EOF
  38     exit $1
  39 }
  40 case $1 in
  41     -h|--help) usage ;;
  42 esac
  43
  44
  45 e() { echo "$@"; "$@"; }
  46
  47 # When stretch becomes stable, change this to stretch.
  48 # I\'ve tested this with stretch, it works, but notably,
  49 # the automatic basefile getting will be for stretch
  50 # instead of jessie, so if you install jessie, you need
  51 # to setup the basefile and it\'s corresponding class.
  52 base=jessie
  53 sed="sed -ri --follow-symlinks"
  54
  55 if ! type -p wget &>/dev/null; then
  56   apt-get install -y wget
  57 fi
  58
  59 armhf() {
  60     [[ $(dpkg --print-architecture) == armhf ]]
  61 }
  62
  63 if grep -xFq 'VERSION="9 (stretch)"' /etc/os-release; then
  64   # if we use stretch, no need for fai-project repo.
  65   # this will need to be updated when there is a codename
  66   # for stretch+1
  67   rm -f /etc/apt/sources.list.d/fai.list
  68 elif armhf; then
  69   if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then
  70     cat >/etc/apt/sources.list.d/testing.list <<'EOF'
  71 deb http://http.us.debian.org/debian testing main contrib non-free
  72 deb-src http://http.us.debian.org/debian testing main contrib non-free
  73
  74 deb http://security.debian.org/ testing/updates main contrib non-free
  75 deb-src http://security.debian.org/ testing/updates main contrib non-free
  76
  77 deb http://http.us.debian.org/debian testing-updates main contrib non-free
  78 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
  79 EOF
  80
  81     cat >/etc/apt/preferences.d/fai <<'EOF'
  82 Package: fai-server fai-client fai-doc
  83 Pin: release a=testing
  84 Pin-Priority: 500
  85
  86 Package: *
  87 Pin: release a=testing
  88 Pin-Priority: -10
  89 EOF
  90   fi
  91 else
  92     wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add -
  93     cat >/etc/apt/sources.list.d/fai.list <<'EOF'
  94 deb http://fai-project.org/download jessie koeln
  95 EOF
  96 fi
  97
  98 # for ubuntu:
  99 #add-apt-repository -y ppa:fai/ppa
 100
 101 # for debian:
 102
 103
 104 apt-get update
 105
 106 # Relevant packages from fai-quickstart depends and fai-server recommends.
 107 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
 108 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
 109 # kernel, or the ability to install it.
 110 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils)
 111 if modprobe nfsd &>/dev/null; then
 112   pkgs+=(nfs-kernel-server)
 113 else
 114     pkgs+=(apache2)
 115 fi
 116
 117
 118 apt-get install -y ${pkgs[@]}
 119 apt-get install --no-install-recommends -y fai-server
 120
 121 r=http://http.us.debian.org/debian
 122 # like default, but scrap httpredir, and nonfree.
 123 # All my systems should be able to get along without nonfree
 124 # for a base working system afaik.
 125 cat >/etc/fai/apt/sources.list <<EOF
 126 deb $r $base main contrib
 127 deb http://security.debian.org/debian-security $base/updates main contrib
 128 EOF
 129
 130 if [[ $base == jessie ]]; then
 131   cat >>/etc/fai/apt/sources.list <<'EOF'
 132 # uncommenting this from the defaults. it's got bug fixes.
 133 # repository that may contain newer fai packages for jessie
 134 deb http://fai-project.org/download jessie koeln
 135 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
 136 deb http://ftp.debian.org/debian jessie-backports main
 137 EOF
 138
 139   # note, fai doesn\'t look at /etc/fai/apt/preferences.d
 140   cat >/etc/fai/apt/preferences <<'EOF'
 141 Package: tar
 142 Pin: release a=jessie-backports
 143 Pin-Priority: 500
 144 EOF
 145 fi
 146
 147
 148 # tried out a stretch base, doesn't work yet.
 149 #
 150 $sed -f - /etc/fai/nfsroot.conf <<EOF
 151 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
 152 # add --arch amd64. this is needed on arm system which is
 153 # used to install amd64 clients. On amd64 servers, it's redundant.
 154 # disabled for now, since creating fai nfsroot on my arm machine
 155 # is not working
 156 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
 157 /^\s*FAI_ROOTPW/d
 158 $ a FAI_ROOTPW="$(</q/root/shadow/standard)"
 159 EOF
 160
 161 $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
 162 # from man fai-make-nfsroot,
 163 # figured out after partitioning ignored my crypt partition
 164
 165
 166 if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
 167   $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT
 168 fi
 169
 170 if armhf; then
 171   cd /srv/fai
 172   rm -rf nfsroot
 173   tar Jxf /a/bin/fai-basefiles/base.tar.xz
 174   # background: Can't build the nfsroot on my arm system now.  First,
 175   # fai-make-nfsroot won't work out of the box. One idea to make it work
 176   # is by installing qemu-user-static, then copying qemu-x86_64-static
 177   # into the nfsroot, and prepending it to chroot commands in
 178   # fai-make-nfsroot, but that fails in odd ways. ls has permissions
 179   # problems on reading directories, various programs segfault
 180   # immediately, cat can't open a file, etc.
 181
 182   NFSROOT=/srv/fai/nfsroot
 183   TFTPROOT=/srv/tftp/fai
 184
 185   # test if our copy of setup_tftp has changed in fai-make-nfsroot,
 186   # and if not, run it.
 187   setup_tftp(){
 188
 189       # tftp environment
 190       local pxebin
 191
 192       # wheezy path
 193       if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
 194         pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
 195       else
 196           # jessie/stretch path
 197           pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
 198       fi
 199
 200       rm -f $NFSROOT/boot/*.bak
 201       mkdir -p $TFTPROOT/pxelinux.cfg
 202       chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
 203       cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
 204       cp -u $pxebin $TFTPROOT
 205       if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
 206         cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
 207       fi
 208       if [ X$verbose = X1 ]; then
 209         echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
 210       fi
 211   }
 212   diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
 213 type setup_tftp
 214 EOF
 215 )
 216   setup_tftp
 217
 218   # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
 219   # is the only way to make it run without chrooting. the options
 220   # seem contradictory, but it works.
 221   fai-setup -evag
 222
 223 else
 224     e fai-setup -e -vf
 225     # make the faiserver also the apt proxy server
 226     apt-get -y install apt-cacher-ng
 227 fi
 228
 229 { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
 230     | tr '\n' ' '; ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*"; \
 231   } >>/srv/fai/nfsroot/root/.ssh/known_hosts
 232
 233 # initially did the basic fai-chboot -Iv $std_arg default
 234 # but found in console that it wanted to mount nfsroot
 235 # to be the same as my dhcp server.
 236 # Figured out to change the root= parameter from googling,
 237 # and seeing fai-chboot -L
 238 # using hostname failed.
 239 # for -f, combined the 2 defaults so it will reboot and print to screen.
 240
 241 # Add debug to -f flag for more verbose output.
 242
 243
 244 # background on choosing apt-cacher-ng:
 245 # googling around a bit finds 2 main solutions:
 246 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
 247 # apt-cacher-ng doesn\'t have zeroconf.
 248 # It touts having minimal dependencies, but I don\'t care.
 249 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
 250 # you have to add all the repos you use.
 251 # That is the main reason I use apt-cacher-ng.
 252 # It has a web portal, at http://faiserver:3142/acng-report.html
 253
 254
 255 # random fai note: as far as I can tell, profiles are just for putting
 256 # in a selectable boot menu, which I don\'t want.
 257
 258 # the logsave prompted because the hostname faiserver was uknown.
 259 # Here it was faiserver.lan when running from a faiserver vm.
 260 # When running from a normal host with faiserver alias, it was the normal hosts name.
 261 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
 262 # ditch the logo banner up top which screws with less.
 263 touch /srv/fai/nfsroot/.nocolorlogo