iankelling.org / git / automated-distro-installer / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
various fixes, improve flidas
[automated-distro-installer] / faiserver-setup
1 #!/bin/bash
2 # Copyright (C) 2016 Ian Kelling
3
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
19
20 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
21
22 usage() {
23 cat <<EOF
24 usage: ${0##*/} [-h|--help]
25 install fai-server on the current machine
26
27 Initial setup of a fai server on debian. works on localhost.
28 Set's the current ip as the tftp server. I vaguely remember
29 that using a hostname does not work.
30 Separate from running this, faiserver needs to be setup in dns
31 to point to whatever host this is run on.
32
33 For running on arm, it expects Ian's fai-basefiles repository at
34 /a/bin/fai-basefiles
35
36 EOF
37 exit $1
38 }
39 case $1 in
40 -h|--help) usage ;;
41 esac
42
43
44 e() { echo "$@"; "$@"; }
45
46 # When stretch becomes stable, change this to stretch.
47 # I\'ve tested this with stretch, it works, but notably,
48 # the automatic basefile getting will be for stretch
49 # instead of jessie, so if you install jessie, you need
50 # to setup the basefile and it\'s corresponding class.
51 base=stretch
52 sed="sed -ri --follow-symlinks"
53
54 if ! type -p wget &>/dev/null; then
55 apt-get install -y wget
56 fi
57
58 armhf() {
59 [[ $(dpkg --print-architecture) == armhf ]]
60 }
61
62 if armhf; then
63 if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then
64 cat >/etc/apt/sources.list.d/testing.list <<'EOF'
65 deb http://http.us.debian.org/debian testing main contrib non-free
66 deb-src http://http.us.debian.org/debian testing main contrib non-free
67
68 deb http://security.debian.org/ testing/updates main contrib non-free
69 deb-src http://security.debian.org/ testing/updates main contrib non-free
70
71 deb http://http.us.debian.org/debian testing-updates main contrib non-free
72 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
73 EOF
74
75 cat >/etc/apt/preferences.d/fai <<'EOF'
76 Package: fai-server fai-client fai-doc
77 Pin: release a=testing
78 Pin-Priority: 500
79
80 Package: *
81 Pin: release a=testing
82 Pin-Priority: -10
83 EOF
84 fi
85 elif grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
86 gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
87 cat >/etc/apt/sources.list.d/fai.list <<'EOF'
88 deb http://fai-project.org/download jessie koeln
89 EOF
90 elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release; then
91 gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
92
93 cat >/etc/apt/sources.list.d/fai.list <<'EOF'
94 deb http://fai-project.org/download stretch koeln
95 EOF
96 else
97 rm -f /etc/apt/sources.list.d/fai.list
98 fi
99
100 # for ubuntu:
101 #add-apt-repository -y ppa:fai/ppa
102
103 # for debian:
104
105
106 apt-get update
107
108 # Relevant packages from fai-quickstart depends and fai-server recommends.
109 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
110 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
111 # kernel, or the ability to install it.
112 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils)
113 if modprobe nfsd &>/dev/null; then
114 pkgs+=(nfs-kernel-server)
115 else
116 pkgs+=(apache2)
117 fi
118
119
120 apt-get install -y ${pkgs[@]}
121 apt-get install --no-install-recommends -y fai-server
122
123 r=http://http.us.debian.org/debian
124 # like default, but scrap httpredir, and nonfree.
125 # All my systems should be able to get along without nonfree
126 # for a base working system afaik.
127 cat >/etc/fai/apt/sources.list <<EOF
128 deb $r $base main contrib
129 deb http://security.debian.org/debian-security $base/updates main contrib
130 EOF
131
132
133 case $base in
134 jessie|stretch)
135 cat >>/etc/fai/apt/sources.list <<EOF
136 # use fai repo. it's commented in the defaults. it's got bug fixes.
137 # and may contain newer packages.
138 deb http://fai-project.org/download $base koeln
139 EOF
140 ;;
141 esac
142
143 if [[ $base == jessie ]]; then
144 cat >>/etc/fai/apt/sources.list <<'EOF'
145 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
146 deb http://ftp.debian.org/debian jessie-backports main
147 EOF
148 # note, fai doesn\'t look at /etc/fai/apt/preferences.d
149 cat >/etc/fai/apt/preferences <<'EOF'
150 Package: tar
151 Pin: release a=jessie-backports
152 Pin-Priority: 500
153 EOF
154 fi
155
156
157 # tried out a stretch base, doesn't work yet.
158 #
159 $sed -f - /etc/fai/nfsroot.conf <<EOF
160 $ a FAI_ROOTPW='$(</q/root/shadow/standard)'
161 /^\s*FAI_ROOTPW/d
162 $ a SSH_IDENTITY=/root/.ssh/home.pub
163 /^\s*SSH_IDENTITY/d
164 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
165 # add --arch amd64. this is needed on arm system which is
166 # used to install amd64 clients. On amd64 servers, it's redundant.
167 # disabled for now, since creating fai nfsroot on my arm machine
168 # is not working
169 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
170 EOF
171
172 $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
173 # from man fai-make-nfsroot,
174 # figured out after partitioning ignored my crypt partition
175
176
177 if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
178 $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT
179 fi
180
181 if armhf; then
182 cd /srv/fai
183 rm -rf nfsroot
184 tar Jxf /a/bin/fai-basefiles/base.tar.xz
185 # background: Can't build the nfsroot on my arm system now. First,
186 # fai-make-nfsroot won't work out of the box. One idea to make it work
187 # is by installing qemu-user-static, then copying qemu-x86_64-static
188 # into the nfsroot, and prepending it to chroot commands in
189 # fai-make-nfsroot, but that fails in odd ways. ls has permissions
190 # problems on reading directories, various programs segfault
191 # immediately, cat can't open a file, etc.
192
193 NFSROOT=/srv/fai/nfsroot
194 TFTPROOT=/srv/tftp/fai
195
196 # test if our copy of setup_tftp has changed in fai-make-nfsroot,
197 # and if not, run it.
198 setup_tftp(){
199
200 # tftp environment
201 local pxebin
202
203 # wheezy path
204 if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
205 pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
206 else
207 # jessie/stretch path
208 pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
209 fi
210
211 rm -f $NFSROOT/boot/*.bak
212 mkdir -p $TFTPROOT/pxelinux.cfg
213 chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
214 cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
215 cp -u $pxebin $TFTPROOT
216 if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
217 cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
218 fi
219 if [ X$verbose = X1 ]; then
220 echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
221 fi
222 }
223 diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
224 type setup_tftp
225 EOF
226 )
227 setup_tftp
228
229 # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
230 # is the only way to make it run without chrooting. the options
231 # seem contradictory, but it works.
232 fai-setup -evag
233
234 else
235 e fai-setup -e -vf
236 # make the faiserver also the apt proxy server
237 apt-get -y install apt-cacher-ng
238 fi
239
240 { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
241 | tr '\n' ' '; ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*"; \
242 } >>/srv/fai/nfsroot/root/.ssh/known_hosts
243
244 # initially did the basic fai-chboot -Iv $std_arg default
245 # but found in console that it wanted to mount nfsroot
246 # to be the same as my dhcp server.
247 # Figured out to change the root= parameter from googling,
248 # and seeing fai-chboot -L
249 # using hostname failed.
250 # for -f, combined the 2 defaults so it will reboot and print to screen.
251
252 # Add debug to -f flag for more verbose output.
253
254
255 # background on choosing apt-cacher-ng:
256 # googling around a bit finds 2 main solutions:
257 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
258 # apt-cacher-ng doesn\'t have zeroconf.
259 # It touts having minimal dependencies, but I don\'t care.
260 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
261 # you have to add all the repos you use.
262 # That is the main reason I use apt-cacher-ng.
263 # It has a web portal, at http://faiserver:3142/acng-report.html
264
265
266 # random fai note: as far as I can tell, profiles are just for putting
267 # in a selectable boot menu, which I don\'t want.
268
269 # the logsave prompted because the hostname faiserver was uknown.
270 # Here it was faiserver.lan when running from a faiserver vm.
271 # When running from a normal host with faiserver alias, it was the normal hosts name.
272 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
273 # ditch the logo banner up top which screws with less.
274 touch /srv/fai/nfsroot/.nocolorlogo
PXE install w multi-boot, btrfs & Libreboot support