iankelling.org / git / automated-distro-installer / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
varous minor updates
[automated-distro-installer] / faiserver-setup
1 #!/bin/bash
2 # Copyright (C) 2018 Ian Kelling
3
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
19
20 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
21
22 usage() {
23 cat <<EOF
24 usage: ${0##*/} [-h|--help]
25 install fai-server on the current machine
26
27 Initial setup of a fai server on debian. works on localhost.
28 Set's the current ip as the tftp server. I vaguely remember
29 that using a hostname does not work.
30 Separate from running this, faiserver needs to be setup in dns
31 to point to whatever host this is run on.
32
33 For running on arm, it expects Ian's fai-basefiles repository at
34 /a/bin/fai-basefiles
35
36 EOF
37 exit $1
38 }
39 case $1 in
40 -h|--help) usage ;;
41 esac
42
43
44 e() { echo "$@"; "$@"; }
45
46 # the automatic basefile getting will be for stretch
47 # instead of jessie, so if you install jessie, you need
48 # to setup the basefile and it\'s corresponding class.
49 base=stretch
50 sed="sed -ri --follow-symlinks"
51
52 if ! type -p wget &>/dev/null; then
53 apt-get install -y wget
54 fi
55
56 armhf() {
57 [[ $(dpkg --print-architecture) == armhf ]]
58 }
59
60 if armhf; then
61 if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then
62 cat >/etc/apt/sources.list.d/testing.list <<'EOF'
63 deb http://http.us.debian.org/debian testing main contrib non-free
64 deb-src http://http.us.debian.org/debian testing main contrib non-free
65
66 deb http://security.debian.org/ testing/updates main contrib non-free
67 deb-src http://security.debian.org/ testing/updates main contrib non-free
68
69 deb http://http.us.debian.org/debian testing-updates main contrib non-free
70 deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
71 EOF
72
73 cat >/etc/apt/preferences.d/fai <<'EOF'
74 Package: fai-server fai-client fai-doc
75 Pin: release a=testing
76 Pin-Priority: 500
77
78 Package: *
79 Pin: release a=testing
80 Pin-Priority: -10
81 EOF
82 fi
83 elif grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
84 gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
85 cat >/etc/apt/sources.list.d/fai.list <<'EOF'
86 deb http://fai-project.org/download jessie koeln
87 EOF
88 elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release || grep -iE 'flidas|xenail' /etc/os-release ; then
89 # fai on ubuntu only has official support using the universe repo, but newer
90 # tends to have less bugs.
91 gpg --keyserver hkp://pool.sks-keyservers.net -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
92
93 cat >/etc/apt/sources.list.d/fai.list <<'EOF'
94 deb http://fai-project.org/download stretch koeln
95 EOF
96 else
97 rm -f /etc/apt/sources.list.d/fai.list
98 fi
99
100 apt-get update
101
102 # Relevant packages from fai-quickstart depends and fai-server recommends.
103 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
104 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
105 # kernel, or the ability to install it.
106 # xorriso is for running fai-cd -a, not strictly need for fai-server
107 # perl-tk is for fai-monitor-gui
108 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
109 if modprobe nfsd &>/dev/null; then
110 pkgs+=(nfs-kernel-server)
111 else
112 pkgs+=(apache2)
113 fi
114
115
116 apt-get install -y ${pkgs[@]}
117 # confnew since we edit /etc/fai/NFSROOT in an automated way
118 # fai-client is already a fai-server dependency, but make sure it gets upgraded
119 apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client
120
121 r=http://http.us.debian.org/debian
122 # like default, but scrap httpredir, and nonfree.
123 # All my systems should be able to get along without nonfree
124 # for a base working system afaik.
125 cat >/etc/fai/apt/sources.list <<EOF
126 deb $r $base main contrib
127 deb http://security.debian.org/debian-security $base/updates main contrib
128 EOF
129
130
131 case $base in
132 jessie|stretch)
133 cat >>/etc/fai/apt/sources.list <<EOF
134 # use fai repo. it's commented in the defaults. it's got bug fixes.
135 # and may contain newer packages.
136 deb http://fai-project.org/download $base koeln
137 EOF
138 ;;
139 esac
140
141 if [[ $base == jessie ]]; then
142 cat >>/etc/fai/apt/sources.list <<'EOF'
143 # fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
144 deb http://ftp.debian.org/debian jessie-backports main
145 EOF
146 # note, fai doesn\'t look at /etc/fai/apt/preferences.d
147 cat >/etc/fai/apt/preferences <<'EOF'
148 Package: tar
149 Pin: release a=jessie-backports
150 Pin-Priority: 500
151 EOF
152 fi
153
154
155 # tried out a stretch base, doesn't work yet.
156 #
157 $sed -f - /etc/fai/nfsroot.conf <<EOF
158 $ a FAI_ROOTPW='$(</q/root/shadow/standard)'
159 /^\s*FAI_ROOTPW/d
160 $ a SSH_IDENTITY=/root/.ssh/home.pub
161 /^\s*SSH_IDENTITY/d
162 s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
163 # add --arch amd64. this is needed on arm system which is
164 # used to install amd64 clients. On amd64 servers, it's redundant.
165 # disabled for now, since creating fai nfsroot on my arm machine
166 # is not working
167 #/--arch amd64/!s/^(\s*FAI_DEBOOTSTRAP_OPTS=")/\1--arch amd64 /
168 EOF
169
170 $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
171 $sed -i '/^FAI_FLAGS=/d' /etc/fai/fai.conf
172 echo "FAI_FLAGS=verbose" >>/etc/fai/fai.conf
173
174 # from man fai-make-nfsroot,
175 # figured out after partitioning ignored my crypt partition
176
177
178 if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
179 cat >>/etc/fai/NFSROOT <<'EOF'
180 # inserted by faserver-setup
181 PACKAGES install
182 cryptsetup
183 EOF
184 fi
185
186 if armhf; then
187 cd /srv/fai
188 rm -rf nfsroot
189 tar Jxf /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
190 # background: Can't build the nfsroot on my arm system now. First,
191 # fai-make-nfsroot won't work out of the box. One idea to make it work
192 # is by installing qemu-user-static, then copying qemu-x86_64-static
193 # into the nfsroot, and prepending it to chroot commands in
194 # fai-make-nfsroot, but that fails in odd ways. ls has permissions
195 # problems on reading directories, various programs segfault
196 # immediately, cat can't open a file, etc.
197
198 NFSROOT=/srv/fai/nfsroot
199 TFTPROOT=/srv/tftp/fai
200
201 # test if our copy of setup_tftp has changed in fai-make-nfsroot,
202 # and if not, run it.
203 setup_tftp(){
204
205 # tftp environment
206 local pxebin
207
208 # wheezy path
209 if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
210 pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
211 else
212 # jessie/stretch path
213 pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
214 fi
215
216 rm -f $NFSROOT/boot/*.bak
217 mkdir -p $TFTPROOT/pxelinux.cfg
218 if ! chmod a+r $NFSROOT/boot/initrd.img-*; then
219 echo "$0: error: No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
220 exit 1
221 fi
222 cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
223 cp -u $pxebin $TFTPROOT
224 if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
225 cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
226 fi
227 if [ X$verbose = X1 ]; then
228 echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
229 fi
230 }
231 diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
232 type setup_tftp
233 EOF
234 )
235 setup_tftp
236
237 # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
238 # is the only way to make it run without chrooting. the options
239 # seem contradictory, but it works.
240 fai-setup -evag
241
242 else # not armhf
243 # note, this copies the -B arg to
244 # /srv/fai/nfsroot/var/tmp/base.tar.xz
245 e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.gz
246 # fai-setup expert mode avoids writing to /var/log/fai/variables
247 # at least config_src is needed for autodiscover
248 $sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables
249 tee -a /var/log/fai/variables <<'EOF'
250 LOGUSER=fai
251 FAI_CONFIGDIR=/srv/fai/config
252 FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
253 EOF
254 # make the faiserver also the apt proxy server
255 apt-get -y install apt-cacher-ng
256 fi
257
258 rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
259 key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*")
260 for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
261 echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
262 done
263
264
265 # serial console
266 # mainly from
267 # https://wiki.archlinux.org/index.php/working_with_the_serial_console
268 # at runtime, running this from ssh worked:
269 # https://unix.stackexchange.com/questions/242778/what-is-the-easiest-way-to-configure-serial-port-on-linux
270 # stty -F /dev/ttyS0 115200 cs8 -cstopb -parenb
271 # /sbin/agetty 115200 ttyS0 linux
272 # dated info, but validation that this might work on debian:
273 # https://help.ubuntu.com/community/SerialConsoleHowto
274 # note in the nfsroot, systemd is not running.
275 echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/inittab
276
277 # initially did the basic fai-chboot -Iv $std_arg default
278 # but found in console that it wanted to mount nfsroot
279 # to be the same as my dhcp server.
280 # Figured out to change the root= parameter from googling,
281 # and seeing fai-chboot -L
282 # using hostname failed.
283 # for -f, combined the 2 defaults so it will reboot and print to screen.
284
285 # Add debug to -f flag for more verbose output.
286
287
288 # background on choosing apt-cacher-ng:
289 # googling around a bit finds 2 main solutions:
290 # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan
291 # apt-cacher-ng doesn\'t have zeroconf.
292 # It touts having minimal dependencies, but I don\'t care.
293 # The downside to squid-deb-proxy is that it\'s config is for specific repos,
294 # you have to add all the repos you use.
295 # That is the main reason I use apt-cacher-ng.
296 # It has a web portal, at http://faiserver:3142/acng-report.html
297
298
299 # random fai note: as far as I can tell, profiles are just for putting
300 # in a selectable boot menu, which I don\'t want.
301
302 # the logsave prompted because the hostname faiserver was uknown.
303 # Here it was faiserver.lan when running from a faiserver vm.
304 # When running from a normal host with faiserver alias, it was the normal hosts name.
305 $sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
306 # ditch the logo banner up top which screws with less.
307 touch /srv/fai/nfsroot/.nocolorlogo
PXE install w multi-boot, btrfs & Libreboot support