2 # Copyright (C) 2016 Ian Kelling
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 x
="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
20 [[ $EUID == 0 ]] ||
exec sudo
"${BASH_SOURCE}" "$@"
24 usage: ${0##*/} [-h|--help]
25 install fai-server on the current machine
27 Initial setup of a fai server on debian. works on localhost.
28 Set's the current ip as the tftp server. I vaguely remember
29 that using a hostname does not work.
30 Separate from running this, faiserver needs to be setup in dns
31 to point to whatever host this is run on.
33 For running on arm, it expects Ian's fai-basefiles repository at
44 e
() { echo "$@"; "$@"; }
46 # the automatic basefile getting will be for stretch
47 # instead of jessie, so if you install jessie, you need
48 # to setup the basefile and it\'s corresponding class.
50 sed="sed -ri --follow-symlinks"
52 if ! type -p wget
&>/dev
/null
; then
53 apt-get
install -y wget
57 [[ $
(dpkg
--print-architecture) == armhf
]]
61 if apt-cache policy |
grep o
=Debian
,a
=testing
,n
=stretch
&>/dev
/null
; then
62 cat >/etc
/apt
/sources.list.d
/testing.list
<<'EOF'
63 deb http://http.us.debian.org/debian testing main contrib non-free
64 deb-src http://http.us.debian.org/debian testing main contrib non-free
66 deb http://security.debian.org/ testing/updates main contrib non-free
67 deb-src http://security.debian.org/ testing/updates main contrib non-free
69 deb http://http.us.debian.org/debian testing-updates main contrib non-free
70 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
73 cat >/etc
/apt
/preferences.d
/fai
<<'EOF'
74 Package: fai-server fai-client fai-doc
75 Pin: release a=testing
79 Pin: release a=testing
83 elif grep -xFq 'VERSION="8 (jessie)"' /etc
/os-release
; then
84 gpg
-a --recv-keys 2BF8D9FE074BCDE4
; gpg
-a --export 2BF8D9FE074BCDE4 | apt-key add
-
85 cat >/etc
/apt
/sources.list.d
/fai.list
<<'EOF'
86 deb http://fai-project.org/download jessie koeln
88 elif grep -xFq 'VERSION="9 (stretch)"' /etc
/os-release
; then
89 gpg
-a --recv-keys 2BF8D9FE074BCDE4
; gpg
-a --export 2BF8D9FE074BCDE4 | apt-key add
-
91 cat >/etc
/apt
/sources.list.d
/fai.list
<<'EOF'
92 deb http://fai-project.org/download stretch koeln
95 rm -f /etc
/apt
/sources.list.d
/fai.list
99 #add-apt-repository -y ppa:fai/ppa
106 # Relevant packages from fai-quickstart depends and fai-server recommends.
107 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
108 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
109 # kernel, or the ability to install it.
110 pkgs
=(fai-doc tftpd-hpa
tar reprepro squashfs-tools binutils
)
111 if modprobe nfsd
&>/dev
/null
; then
112 pkgs
+=(nfs-kernel-server
)
118 apt-get
install -y ${pkgs[@]}
119 apt-get
install --no-install-recommends -y fai-server
121 r
=http
://http.us.debian.org
/debian
122 # like default, but scrap httpredir, and nonfree.
123 # All my systems should be able to get along without nonfree
124 # for a base working system afaik.
125 cat >/etc
/fai
/apt
/sources.list
<<EOF
126 deb $r $base main contrib
127 deb http://security.debian.org/debian-security $base/updates main contrib
133 cat >>/etc
/fai
/apt
/sources.list
<<EOF
134 # use fai repo. it's commented in the defaults. it's got bug fixes.
135 # and may contain newer packages.
136 deb http://fai-project.org/download $base koeln
141 if [[ $base == jessie
]]; then
142 cat >>/etc
/fai
/apt
/sources.list
<<'EOF'
143 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
144 deb http://ftp.debian.org/debian jessie-backports main
146 # note, fai doesn\'t look at /etc/fai/apt/preferences.d
147 cat >/etc
/fai
/apt
/preferences
<<'EOF'
149 Pin: release a=jessie-backports
155 # tried out a stretch base, doesn't work yet.
157 $sed -f - /etc
/fai
/nfsroot.conf
<<EOF
158 $ a FAI_ROOTPW='$(</q/root/shadow/standard)'
160 $ a SSH_IDENTITY=/root/.ssh/home.pub
162 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
163 # add --arch amd64. this is needed on arm system which is
164 # used to install amd64 clients. On amd64 servers, it's redundant.
165 # disabled for now, since creating fai nfsroot on my arm machine
167 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
170 $sed 's/#LOGUSER/LOGUSER/' /etc
/fai
/fai.conf
171 # from man fai-make-nfsroot,
172 # figured out after partitioning ignored my crypt partition
175 if ! grep cryptsetup
/etc
/fai
/NFSROOT
&>/dev
/null
; then
176 $sed '/^PACKAGES install$/a cryptsetup' /etc
/fai
/NFSROOT
182 tar Jxf
/a
/bin
/fai-basefiles
/basefiles
/STRETCH64.
tar.xz
183 # background: Can't build the nfsroot on my arm system now. First,
184 # fai-make-nfsroot won't work out of the box. One idea to make it work
185 # is by installing qemu-user-static, then copying qemu-x86_64-static
186 # into the nfsroot, and prepending it to chroot commands in
187 # fai-make-nfsroot, but that fails in odd ways. ls has permissions
188 # problems on reading directories, various programs segfault
189 # immediately, cat can't open a file, etc.
191 NFSROOT
=/srv
/fai
/nfsroot
192 TFTPROOT
=/srv
/tftp
/fai
194 # test if our copy of setup_tftp has changed in fai-make-nfsroot,
195 # and if not, run it.
202 if [ -f $NFSROOT/usr
/lib
/PXELINUX
/pxelinux
.0 ]; then
203 pxebin
=$NFSROOT/usr
/lib
/PXELINUX
/pxelinux
.0
205 # jessie/stretch path
206 pxebin
=$NFSROOT/usr
/lib
/syslinux
/pxelinux
.0
209 rm -f $NFSROOT/boot
/*.bak
210 mkdir
-p $TFTPROOT/pxelinux.cfg
211 chmod a
+r
$NFSROOT/boot
/initrd.img-
* || die
9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
212 cp -p $v $NFSROOT/boot
/vmlinu?
-* $NFSROOT/boot
/initrd.img-
* $TFTPROOT
213 cp -u $pxebin $TFTPROOT
214 if [ -f $NFSROOT/usr
/lib
/syslinux
/modules
/bios
/ldlinux.c32
]; then
215 cp -u $NFSROOT/usr
/lib
/syslinux
/modules
/bios
/ldlinux.c32
$TFTPROOT
217 if [ X
$verbose = X1
]; then
218 echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
221 diff -u <(type setup_tftp
) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $
(which fai-make-nfsroot
) ) - <<'EOF' |bash
227 # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
228 # is the only way to make it run without chrooting. the options
229 # seem contradictory, but it works.
233 # note, this copies the -B arg to
234 # /srv/fai/nfsroot/var/tmp/base.tar.xz
235 e fai-setup
-evf -B /a
/bin
/fai-basefiles
/basefiles
/STRETCH64.
tar.xz
236 # make the faiserver also the apt proxy server
237 apt-get
-y install apt-cacher-ng
240 { head -n 1 /srv
/fai
/nfsroot
/root
/.ssh
/known_hosts |
awk '{print $1}' \
241 |
tr '\n' ' '; ssh-keyscan localhost |
& grep -o "ecdsa-sha2-nistp256.*"; \
242 } >>/srv
/fai
/nfsroot
/root
/.ssh
/known_hosts
244 # initially did the basic fai-chboot -Iv $std_arg default
245 # but found in console that it wanted to mount nfsroot
246 # to be the same as my dhcp server.
247 # Figured out to change the root= parameter from googling,
248 # and seeing fai-chboot -L
249 # using hostname failed.
250 # for -f, combined the 2 defaults so it will reboot and print to screen.
252 # Add debug to -f flag for more verbose output.
255 # background on choosing apt-cacher-ng:
256 # googling around a bit finds 2 main solutions:
257 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
258 # apt-cacher-ng doesn\'t have zeroconf.
259 # It touts having minimal dependencies, but I don\'t care.
260 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
261 # you have to add all the repos you use.
262 # That is the main reason I use apt-cacher-ng.
263 # It has a web portal, at http://faiserver:3142/acng-report.html
266 # random fai note: as far as I can tell, profiles are just for putting
267 # in a selectable boot menu, which I don\'t want.
269 # the logsave prompted because the hostname faiserver was uknown.
270 # Here it was faiserver.lan when running from a faiserver vm.
271 # When running from a normal host with faiserver alias, it was the normal hosts name.
272 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv
/fai
/nfsroot
/root
/.ssh
/known_hosts
273 # ditch the logo banner up top which screws with less.
274 touch /srv
/fai
/nfsroot
/.nocolorlogo