more aramo/jammy updates

[automated-distro-installer] / pxe-server

#!/bin/bash
# Copyright (C) 2016 Ian Kelling

# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.


[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"


usage() {
  cat <<EOF
Usage: ${0##*/} [OPTIONS] [HOST] [TYPE]
Configure dnsmasq boot options and fai-chboot if appropriate. This is
not general purpose, it has code specific to dhcp servers I run.

Without TYPE, disable  server and fai server. In that case, HOST is only
needed for fsf office network.

HOST       A hostname known to the dhcp server, or default for all.
TYPE       One of arch, parabola, plain, fai.

-a         Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
           server after a delay.  First ack is for pxe boot, 2nd ack is
           for os boot. Sometimes on debian, there is a 3rd one shortly
           after the 2nd. I can't remember exactly why this caused a
           problem, but I'm hoping the sleep will take care of it.
-d         Don't alter dhcp config. Only make sense for fai type, and on network
           other than home or fsf.
-k         Pass -k to myfai-chboot.
-r         Don't redeploy fai config. For example, if there is a different host
           that is mid-install.

-S         sets FAI_ACTION=sysinfo, see myfai-chboot for more info.
-w         Setup pxe, then wait like -a.
-h|--help  Print help and exit


Note, when switching between plain and arch or parabola, you will need to
do something like:
ssh wrt
cd /mnt/usb
rm tftpboot
ln -s <arch/parabola/debian iso dir> tftpboot


Notes on debugging pxe dhcp tftp:

For debugging dhcp, add to /etc/dnsmasq.conf: log-dhcp

Newer openwrt runs dnsmasq with a whitelist of readable files and dirs:

ps ww :
/sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.d -r /tmp/hosts -r /tmp/resolv.conf.d -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.sh -r /usr/share/dnsmasq/dhcpbogushostname.conf -r /usr/share/dnsmasq/rfc6761.conf -r /usr/share/dnsmasq/trust-anchors.conf -r /usr/share/libubox/jshn.sh -r /var/etc/dnsmasq.conf.cfg01411c -w /var/run/dnsmasq/ -- /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid

logging tftp requests:
/etc/default/tftpd-hpa:
add -vv:
TFTP_OPTIONS="--secure -vv"
jr -u tftpd-hpa -f

Note: Uses GNU getopt options parsing style
EOF
  exit $1
}

pre="${0##*/}:"
m() { printf "$pre %s\n"  "$*"; "$@"; }
e() { printf "$pre %s\n"  "$*"; }
err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }

PATH="/a/exe:$PATH"

##### begin command line parsing ########

dhcp=true
redep=true
acks=2
wait=false
fsf=false

case $HOSTNAME in
  x3|kw) fsf=true ;;
esac

chboot_args=()
temp=$(getopt -l help adkrSwh "$@") || usage 1
eval set -- "$temp"
while true; do
  case $1 in
    -a) wait=true; set=false; shift ;;
    -d) dhcp=false; shift ;;
    -k) chboot_args+=(-k); shift ;;
    -r) redep=false; shift ;;
    -S) chboot_args+=(-S); shift ;;
    -w) wait=true; set=true; shift ;;
    -h|--help) usage ;;
    --) shift; break ;;
    *) echo "$0: Internal error!" ; exit 1 ;;
  esac
done

read -r host type <<<"$@"

case $# in
  [01]);;
  2)
    case $type in
      arch|parabola) cmd=archlike ;;
      fai) cmd=fai ;;
      *)
        echo "$0: error expected type of arch|parabola|fai"
        echo
        usage 1
        ;;
    esac
    ;;
  *)
    echo "$0: error: expected 0-2 arguments"
    echo
    usage 1
    ;;
esac


if $wait && ! $dhcp; then
  echo "$0: error -w conflicts with -d, choose one or other"
  exit 1
fi


if [[ $host && $host != default ]]; then
  host_tag="tag:$host,"
fi

##### end command line parsing ########

archlike() {
  cat <<EOF
${host_tag}209,boot/syslinux/${type}iso.cfg
${host_tag}210,/${type}/
${host_tag}option:bootfile-name,/${type}/boot/syslinux/lpxelinux.0
EOF
}

plain() {
  # if arch based was used before, this additionally needs
  # the tftp link in /mnt/usb to be changed.
  cat <<EOF
${host_tag}option:bootfile-name,pxelinux.0
EOF
}

fai() {
  cat <<EOF
${host_tag}option:bootfile-name,pxelinux.0
${host_tag}option:server-ip-address,$faiserverip
${host_tag}option:tftp-server,$faiserverip
EOF
  # Note, previously used normal dnsmasq option, but it requires dnsmasq
  # restart, which causes momentary dns failures, which can bork an
  # install.
  #
  # dhcp-boot=${host_tag}pxelinux.0,faiserver.b8.nz,faiserver.b8.nz
}

ack-wait() {
  if $fsf; then
    wait_cmd="ssh tarantula.office.fsf.org tail -n0 -f /var/log/syslog"
  else
    wait_cmd="ssh cmc logread -f"
  fi
  wait_count=$1
  if [[ $host ]]; then
    if $fsf; then
      host_regex=" $(getent hosts kw | awk '{print $1}' | sed 's/\./\\./g')"
    else
      host_regex=" $host"
    fi
  fi
  regex=".*DHCPACK.*$host_regex\b"
  i=0
  while (( i != wait_count )) && read -r line; do
    if [[ $line =~ $regex ]]; then
      i=$((i+1))
      echo $line
    fi
  done < <($wait_cmd ||:) # tail returns 2 it seems
  m sleep 20
}

set-pxe() {
  $dhcp || return 0
  if $fsf; then
    if [[ ! $cmd ]]; then
      e "removing pxe for $host on tarantula"
      ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
EOF
    elif [[ $cmd == fai ]]; then
      e "adding pxe for $host on tarantula"
      ssh tarantula.office.fsf.org bash -e <<EOF
sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp/dhcpd.conf
systemctl restart isc-dhcp-server
EOF
    fi
  else
    e "updating dnsmasq.conf:"
    m $cmd
    ${cmd:-:}|ssh cmc "dd of=/var/run/dnsmasq/dhcpopts.conf; /etc/init.d/dnsmasq reload
$([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
  fi
}

type -t host &>/dev/null || sudo apt-get -y install dnsutils
faiserverip=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
if [[ ! $faiserverip || $faiserverip =~ [[:space:]] ]]; then
  echo "$0: error: failed to get \$faiserverip, got: $faiserverip"
  exit 1
fi


if $set; then
  set-pxe
  if [[ $type == fai ]]; then
    if $redep; then
      m fai-redep
    fi
    m myfai-chboot ${chboot_args[@]} $host
  else
    # This will fail if faiserver is not setup, so ignore any
    # failure and don't bother us about it.
    myfai-chboot &>/dev/null ||:
  fi
fi

if $wait; then
  # fai's debian jessie 8.5ish does 2 dhcp requests when booting,
  # roughly 4 seconds apart. Earlier
  # versions did just 1. Now testing on a vm, it does 1.
  # bleh.
  echo "waiting for $acks dhcp acks then disabling pxe"
  ack-wait $acks
  type=
  unset cmd
  set-pxe

  # previously tried waiting for one more ack then disabling faiserver,
  # since it can contain sensitive info, so turn it off when not in use,
  # but disabling that for now as it's inconvenient to clean this
  # up and run it in the background etc.

  # if [[ $type == fai ]]; then
  #     echo "waiting for 1 dhcp ack then disabling fai server"
  #     ack-wait 1
  #     faiserver-disable
  # fi
fi