iankelling.org / git / automated-distro-installer / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
formatting and dns changes
[automated-distro-installer] / faiserver-setup
1 #!/bin/bash
2 # Copyright (C) 2016 Ian Kelling
3
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
19
20 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
21
22 usage() {
23 cat <<EOF
24 usage: ${0##*/} [-h|--help]
25 install fai-server on the current machine
26
27 Initial setup of a fai server on debian. works on localhost.
28 Set's the current ip as the tftp server. I vaguely remember
29 that using a hostname does not work.
30 Separate from running this, faiserver needs to be setup in dns
31 to point to whatever host this is run on.
32
33 For running on arm, it expects Ian's fai-basefiles repository at
34 /a/bin/fai-basefiles
35
36 EOF
37 exit $1
38 }
39 case $1 in
40 -h|--help) usage ;;
41 esac
42
43
44 e() { echo "$@"; "$@"; }
45
46 # the automatic basefile getting will be for stretch
47 # instead of jessie, so if you install jessie, you need
48 # to setup the basefile and it\'s corresponding class.
49 base=stretch
50 sed="sed -ri --follow-symlinks"
51
52 if ! type -p wget &>/dev/null; then
53 apt-get install -y wget
54 fi
55
56 armhf() {
57 [[ $(dpkg --print-architecture) == armhf ]]
58 }
59
60 if armhf; then
61 if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then
62 cat >/etc/apt/sources.list.d/testing.list <<'EOF'
63 deb http://http.us.debian.org/debian testing main contrib non-free
64 deb-src http://http.us.debian.org/debian testing main contrib non-free
65
66 deb http://security.debian.org/ testing/updates main contrib non-free
67 deb-src http://security.debian.org/ testing/updates main contrib non-free
68
69 deb http://http.us.debian.org/debian testing-updates main contrib non-free
70 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
71 EOF
72
73 cat >/etc/apt/preferences.d/fai <<'EOF'
74 Package: fai-server fai-client fai-doc
75 Pin: release a=testing
76 Pin-Priority: 500
77
78 Package: *
79 Pin: release a=testing
80 Pin-Priority: -10
81 EOF
82 fi
83 elif grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
84 gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
85 cat >/etc/apt/sources.list.d/fai.list <<'EOF'
86 deb http://fai-project.org/download jessie koeln
87 EOF
88 elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release; then
89 gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
90
91 cat >/etc/apt/sources.list.d/fai.list <<'EOF'
92 deb http://fai-project.org/download stretch koeln
93 EOF
94 elif grep -iE 'flidas|xenail' /etc/os-release; then
95 add-apt-repository -y ppa:fai/ppa
96 else
97 rm -f /etc/apt/sources.list.d/fai.list
98 fi
99
100 apt-get update
101
102 # Relevant packages from fai-quickstart depends and fai-server recommends.
103 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
104 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
105 # kernel, or the ability to install it.
106 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils)
107 if modprobe nfsd &>/dev/null; then
108 pkgs+=(nfs-kernel-server)
109 else
110 pkgs+=(apache2)
111 fi
112
113
114 apt-get install -y ${pkgs[@]}
115 apt-get install --no-install-recommends -y fai-server
116
117 r=http://http.us.debian.org/debian
118 # like default, but scrap httpredir, and nonfree.
119 # All my systems should be able to get along without nonfree
120 # for a base working system afaik.
121 cat >/etc/fai/apt/sources.list <<EOF
122 deb $r $base main contrib
123 deb http://security.debian.org/debian-security $base/updates main contrib
124 EOF
125
126
127 case $base in
128 jessie|stretch)
129 cat >>/etc/fai/apt/sources.list <<EOF
130 # use fai repo. it's commented in the defaults. it's got bug fixes.
131 # and may contain newer packages.
132 deb http://fai-project.org/download $base koeln
133 EOF
134 ;;
135 esac
136
137 if [[ $base == jessie ]]; then
138 cat >>/etc/fai/apt/sources.list <<'EOF'
139 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
140 deb http://ftp.debian.org/debian jessie-backports main
141 EOF
142 # note, fai doesn\'t look at /etc/fai/apt/preferences.d
143 cat >/etc/fai/apt/preferences <<'EOF'
144 Package: tar
145 Pin: release a=jessie-backports
146 Pin-Priority: 500
147 EOF
148 fi
149
150
151 # tried out a stretch base, doesn't work yet.
152 #
153 $sed -f - /etc/fai/nfsroot.conf <<EOF
154 $ a FAI_ROOTPW='$(</q/root/shadow/standard)'
155 /^\s*FAI_ROOTPW/d
156 $ a SSH_IDENTITY=/root/.ssh/home.pub
157 /^\s*SSH_IDENTITY/d
158 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
159 # add --arch amd64. this is needed on arm system which is
160 # used to install amd64 clients. On amd64 servers, it's redundant.
161 # disabled for now, since creating fai nfsroot on my arm machine
162 # is not working
163 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
164 EOF
165
166 $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
167 # from man fai-make-nfsroot,
168 # figured out after partitioning ignored my crypt partition
169
170
171 if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
172 $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT
173 fi
174
175 if armhf; then
176 cd /srv/fai
177 rm -rf nfsroot
178 tar Jxf /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
179 # background: Can't build the nfsroot on my arm system now. First,
180 # fai-make-nfsroot won't work out of the box. One idea to make it work
181 # is by installing qemu-user-static, then copying qemu-x86_64-static
182 # into the nfsroot, and prepending it to chroot commands in
183 # fai-make-nfsroot, but that fails in odd ways. ls has permissions
184 # problems on reading directories, various programs segfault
185 # immediately, cat can't open a file, etc.
186
187 NFSROOT=/srv/fai/nfsroot
188 TFTPROOT=/srv/tftp/fai
189
190 # test if our copy of setup_tftp has changed in fai-make-nfsroot,
191 # and if not, run it.
192 setup_tftp(){
193
194 # tftp environment
195 local pxebin
196
197 # wheezy path
198 if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
199 pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
200 else
201 # jessie/stretch path
202 pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
203 fi
204
205 rm -f $NFSROOT/boot/*.bak
206 mkdir -p $TFTPROOT/pxelinux.cfg
207 chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
208 cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
209 cp -u $pxebin $TFTPROOT
210 if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
211 cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
212 fi
213 if [ X$verbose = X1 ]; then
214 echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
215 fi
216 }
217 diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
218 type setup_tftp
219 EOF
220 )
221 setup_tftp
222
223 # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
224 # is the only way to make it run without chrooting. the options
225 # seem contradictory, but it works.
226 fai-setup -evag
227
228 else # not armhf
229 # note, this copies the -B arg to
230 # /srv/fai/nfsroot/var/tmp/base.tar.xz
231 e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
232 # make the faiserver also the apt proxy server
233 apt-get -y install apt-cacher-ng
234 fi
235
236 { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
237 | tr '\n' ' '; ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*"; \
238 } >>/srv/fai/nfsroot/root/.ssh/known_hosts
239
240 # initially did the basic fai-chboot -Iv $std_arg default
241 # but found in console that it wanted to mount nfsroot
242 # to be the same as my dhcp server.
243 # Figured out to change the root= parameter from googling,
244 # and seeing fai-chboot -L
245 # using hostname failed.
246 # for -f, combined the 2 defaults so it will reboot and print to screen.
247
248 # Add debug to -f flag for more verbose output.
249
250
251 # background on choosing apt-cacher-ng:
252 # googling around a bit finds 2 main solutions:
253 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
254 # apt-cacher-ng doesn\'t have zeroconf.
255 # It touts having minimal dependencies, but I don\'t care.
256 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
257 # you have to add all the repos you use.
258 # That is the main reason I use apt-cacher-ng.
259 # It has a web portal, at http://faiserver:3142/acng-report.html
260
261
262 # random fai note: as far as I can tell, profiles are just for putting
263 # in a selectable boot menu, which I don\'t want.
264
265 # the logsave prompted because the hostname faiserver was uknown.
266 # Here it was faiserver.lan when running from a faiserver vm.
267 # When running from a normal host with faiserver alias, it was the normal hosts name.
268 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
269 # ditch the logo banner up top which screws with less.
270 touch /srv/fai/nfsroot/.nocolorlogo
PXE install w multi-boot, btrfs & Libreboot support