#!/bin/bash # initial setup of a fai server on debian set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" # for ubuntu: #add-apt-repository -y ppa:fai/ppa # for debian: wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add - cat >/etc/apt/sources.list.d/fai.list <<'EOF' deb http://fai-project.org/download jessie koeln EOF apt-get update # all the dependencies except the dhcp server apt-get -y install $(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\ sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g') sed -i 's/^#deb/deb/' /etc/fai/apt/sources.list sed -i 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf fai-setup -v { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \ | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \ } >>/srv/fai/nfsroot/root/.ssh/known_hosts # from config machine. todo: clean this up. sed -ri 's#^([[:space:]]*TFTP_DIRECTORY[[:space:]]*=).*#\1"/srv/tftp"#' \ /etc/default/tftpd-hpa service tftpd-hpa restart # initially did the basic fai-chboot -Iv $std_arg default # but found in console that it wanted to mount nfsroot # to be the same as my dhcp server. # Figured out to change the root= parameter from googling, # and seeing fai-chboot -L # using hostname failed. # for -f, combined the 2 defaults so it will reboot and print to screen. # Add debug to -f flag for more verbose output. std_arg="-u nfs://faiserver/srv/fai/config" fai-chboot -Iv $std_arg default kernel=$(fai-chboot -L '^default$' | awk '{print $3}') my_ip=$(getent hosts faiserver | awk '{ print $1 }') k_args=$(fai-chboot -L '^default$' | \ sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/") fai-chboot -k "$k_args" -v -f verbose,sshd,createvt,reboot $std_arg $kernel default # make the faiserver also the apt proxy server apt-get install apt-cacher-ng # background on choosing apt-cacher-ng: # googling around a bit finds 2 main solutions: # http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan # apt-cacher-ng doesn't have zeroconf. # so I'm not sure how smart it will be if the server goes down. # It touts having minimal dependencies, but I don't care. # The downside to squid-deb-proxy is that it's config is for specific repos, # you have to add all the repos you use. # That is the main reason I use apt-cacher-ng. # It has a web portal, at http://faiserver:3142/acng-report.html # random fai note: as far as I can tell, profiles are just for putting # in a selectable boot menu, which I don't want. if [[ ! -e ~/.ssh/id_rsa.pub ]]; then ssh-keygen -t rsa -N '' fi x=$(mktemp); ssh -F /dev/null -oUserKnownHostsFile=$x localhost : cat x | tee -a /srv/fai/nfsroot/root/.ssh/known_hosts