2 # Copyright (C) 2016 Ian Kelling
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 x
="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
20 [[ $EUID == 0 ]] ||
exec sudo
"${BASH_SOURCE}" "$@"
24 usage: ${0##*/} [-h|--help]
25 install fai-server on the current machine
27 Initial setup of a fai server on debian. works on localhost.
28 Set's the current ip as the tftp server. I vaguely remember
29 that using a hostname does not work.
30 Separate from running this, faiserver needs to be setup in dns
31 to point to whatever host this is run on.
33 For running on arm, it expects Ian's fai-basefiles repository at
44 e
() { echo "$@"; "$@"; }
46 # When stretch becomes stable, change this to stretch.
47 # I\'ve tested this with stretch, it works, but notably,
48 # the automatic basefile getting will be for stretch
49 # instead of jessie, so if you install jessie, you need
50 # to setup the basefile and it\'s corresponding class.
52 sed="sed -ri --follow-symlinks"
54 if ! type -p wget
&>/dev
/null
; then
55 apt-get
install -y wget
59 [[ $
(dpkg
--print-architecture) == armhf
]]
63 if apt-cache policy |
grep o
=Debian
,a
=testing
,n
=stretch
&>/dev
/null
; then
64 cat >/etc
/apt
/sources.list.d
/testing.list
<<'EOF'
65 deb http://http.us.debian.org/debian testing main contrib non-free
66 deb-src http://http.us.debian.org/debian testing main contrib non-free
68 deb http://security.debian.org/ testing/updates main contrib non-free
69 deb-src http://security.debian.org/ testing/updates main contrib non-free
71 deb http://http.us.debian.org/debian testing-updates main contrib non-free
72 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
75 cat >/etc
/apt
/preferences.d
/fai
<<'EOF'
76 Package: fai-server fai-client fai-doc
77 Pin: release a=testing
81 Pin: release a=testing
85 elif grep -xFq 'VERSION="8 (jessie)"' /etc
/os-release
; then
86 gpg
-a --recv-keys 2BF8D9FE074BCDE4
; gpg
-a --export 2BF8D9FE074BCDE4 | apt-key add
-
87 cat >/etc
/apt
/sources.list.d
/fai.list
<<'EOF'
88 deb http://fai-project.org/download jessie koeln
90 elif grep -xFq 'VERSION="9 (stretch)"' /etc
/os-release
; then
91 gpg
-a --recv-keys 2BF8D9FE074BCDE4
; gpg
-a --export 2BF8D9FE074BCDE4 | apt-key add
-
93 cat >/etc
/apt
/sources.list.d
/fai.list
<<'EOF'
94 deb http://fai-project.org/download stretch koeln
97 rm -f /etc
/apt
/sources.list.d
/fai.list
101 #add-apt-repository -y ppa:fai/ppa
108 # Relevant packages from fai-quickstart depends and fai-server recommends.
109 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
110 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
111 # kernel, or the ability to install it.
112 pkgs
=(fai-doc tftpd-hpa
tar reprepro squashfs-tools binutils
)
113 if modprobe nfsd
&>/dev
/null
; then
114 pkgs
+=(nfs-kernel-server
)
120 apt-get
install -y ${pkgs[@]}
121 apt-get
install --no-install-recommends -y fai-server
123 r
=http
://http.us.debian.org
/debian
124 # like default, but scrap httpredir, and nonfree.
125 # All my systems should be able to get along without nonfree
126 # for a base working system afaik.
127 cat >/etc
/fai
/apt
/sources.list
<<EOF
128 deb $r $base main contrib
129 deb http://security.debian.org/debian-security $base/updates main contrib
135 cat >>/etc
/fai
/apt
/sources.list
<<EOF
136 # use fai repo. it's commented in the defaults. it's got bug fixes.
137 # and may contain newer packages.
138 deb http://fai-project.org/download $base koeln
143 if [[ $base == jessie
]]; then
144 cat >>/etc
/fai
/apt
/sources.list
<<'EOF'
145 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
146 deb http://ftp.debian.org/debian jessie-backports main
148 # note, fai doesn\'t look at /etc/fai/apt/preferences.d
149 cat >/etc
/fai
/apt
/preferences
<<'EOF'
151 Pin: release a=jessie-backports
157 # tried out a stretch base, doesn't work yet.
159 $sed -f - /etc
/fai
/nfsroot.conf
<<EOF
160 $ a FAI_ROOTPW='$(</q/root/shadow/standard)'
162 $ a SSH_IDENTITY=/root/.ssh/home.pub
164 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
165 # add --arch amd64. this is needed on arm system which is
166 # used to install amd64 clients. On amd64 servers, it's redundant.
167 # disabled for now, since creating fai nfsroot on my arm machine
169 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
172 $sed 's/#LOGUSER/LOGUSER/' /etc
/fai
/fai.conf
173 # from man fai-make-nfsroot,
174 # figured out after partitioning ignored my crypt partition
177 if ! grep cryptsetup
/etc
/fai
/NFSROOT
&>/dev
/null
; then
178 $sed '/^PACKAGES install$/a cryptsetup' /etc
/fai
/NFSROOT
184 tar Jxf
/a
/bin
/fai-basefiles
/base.
tar.xz
185 # background: Can't build the nfsroot on my arm system now. First,
186 # fai-make-nfsroot won't work out of the box. One idea to make it work
187 # is by installing qemu-user-static, then copying qemu-x86_64-static
188 # into the nfsroot, and prepending it to chroot commands in
189 # fai-make-nfsroot, but that fails in odd ways. ls has permissions
190 # problems on reading directories, various programs segfault
191 # immediately, cat can't open a file, etc.
193 NFSROOT
=/srv
/fai
/nfsroot
194 TFTPROOT
=/srv
/tftp
/fai
196 # test if our copy of setup_tftp has changed in fai-make-nfsroot,
197 # and if not, run it.
204 if [ -f $NFSROOT/usr
/lib
/PXELINUX
/pxelinux
.0 ]; then
205 pxebin
=$NFSROOT/usr
/lib
/PXELINUX
/pxelinux
.0
207 # jessie/stretch path
208 pxebin
=$NFSROOT/usr
/lib
/syslinux
/pxelinux
.0
211 rm -f $NFSROOT/boot
/*.bak
212 mkdir
-p $TFTPROOT/pxelinux.cfg
213 chmod a
+r
$NFSROOT/boot
/initrd.img-
* || die
9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
214 cp -p $v $NFSROOT/boot
/vmlinu?
-* $NFSROOT/boot
/initrd.img-
* $TFTPROOT
215 cp -u $pxebin $TFTPROOT
216 if [ -f $NFSROOT/usr
/lib
/syslinux
/modules
/bios
/ldlinux.c32
]; then
217 cp -u $NFSROOT/usr
/lib
/syslinux
/modules
/bios
/ldlinux.c32
$TFTPROOT
219 if [ X
$verbose = X1
]; then
220 echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
223 diff -u <(type setup_tftp
) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $
(which fai-make-nfsroot
) ) - <<'EOF' |bash
229 # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
230 # is the only way to make it run without chrooting. the options
231 # seem contradictory, but it works.
236 # make the faiserver also the apt proxy server
237 apt-get
-y install apt-cacher-ng
240 { head -n 1 /srv
/fai
/nfsroot
/root
/.ssh
/known_hosts |
awk '{print $1}' \
241 |
tr '\n' ' '; ssh-keyscan localhost |
& grep -o "ecdsa-sha2-nistp256.*"; \
242 } >>/srv
/fai
/nfsroot
/root
/.ssh
/known_hosts
244 # initially did the basic fai-chboot -Iv $std_arg default
245 # but found in console that it wanted to mount nfsroot
246 # to be the same as my dhcp server.
247 # Figured out to change the root= parameter from googling,
248 # and seeing fai-chboot -L
249 # using hostname failed.
250 # for -f, combined the 2 defaults so it will reboot and print to screen.
252 # Add debug to -f flag for more verbose output.
255 # background on choosing apt-cacher-ng:
256 # googling around a bit finds 2 main solutions:
257 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
258 # apt-cacher-ng doesn\'t have zeroconf.
259 # It touts having minimal dependencies, but I don\'t care.
260 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
261 # you have to add all the repos you use.
262 # That is the main reason I use apt-cacher-ng.
263 # It has a web portal, at http://faiserver:3142/acng-report.html
266 # random fai note: as far as I can tell, profiles are just for putting
267 # in a selectable boot menu, which I don\'t want.
269 # the logsave prompted because the hostname faiserver was uknown.
270 # Here it was faiserver.lan when running from a faiserver vm.
271 # When running from a normal host with faiserver alias, it was the normal hosts name.
272 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv
/fai
/nfsroot
/root
/.ssh
/known_hosts
273 # ditch the logo banner up top which screws with less.
274 touch /srv
/fai
/nfsroot
/.nocolorlogo