-#!/bin/bash -l
-# Copyright (C) 2016 Ian Kelling
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-set -x
+source bash-trace
-# Deploy fai configuration to faiserver,
-# then start a virtual machine to test the config.
+usage() {
+ cat <<EOF
+usage: ${0##*/} [OPTIONS] [HOST]
+Deploy fai config (the one in nfs) to HOST or default faiserver
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+Note, for booting from fai-cd, this needs to be called from myfai-chboot or that via pxe-server,
+due to setting
+echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
+note FAI_ACTION might be able to be set elsewhere, like in grub for this case
+
+-d DISTRO DISTRO for setting up fai class DESKTOP packages, for preinstalling stuff.
+-t TARGET_HOST Copy only secrets for TARGET_HOST into the config space. Useful for virtual server
+ on hardware we don't control.
+-h|--help Print help and exit
+
+Note: uses paths specific to authors machine.
+EOF
+ exit $1
+}
+
+##### begin command line parsing ########
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help hd:t: "$@") || usage 1
+eval set -- "$temp"
+while true; do
+ case $1 in
+ -d) distro=$2; shift ;;
+ -t) target=$2; shift ;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
+ esac
+ shift
+done
+host=${1:-faiserver}
-cd $(dirname $(readlink -f "$BASH_SOURCE"))
+readonly host distro target
+##### end command line parsing ########
+
+m() { printf "$pre %s\n" "$*"; "$@"; }
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
# use it, so look it up just to avoid the warning spam.
-faiserver_host=$(chost faiserver) || faiserver_host=faiserver
+faiserver_host=$(/a/exe/chost $host)
+# faiserver_host=$host
-shopt -s extglob
-ssh root@$faiserver_host rm -rf /srv/fai/config/!(basefiles)
-scp -qr fai/config root@$faiserver_host:/srv/fai
+faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
+if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
+ rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:)
+ faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
+fi
+# these are gitignored.
+rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized_keys/STANDARD
+# we hssh and ssh_filter_btrbk for the initial btrbk (alternatively, I could open up the
+# permissions in authorized_keys, but that just seems lazy)
+install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
+install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
+rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
+m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
-scp -q ~/.ssh/id_rsa.pub \
- root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
# todo: automatically disable faiserver after a period so
-# these files are not exposed.
-s scp -qr /q/root/luks /q/root/shadow \
- root@$faiserver_host:/srv/fai/config/distro-install-common
-scp -q /a/bin/fai/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin
-
-# built BELANOS basefile with mk-basefile -J BELENOS64. it's stored in
-# it's own repo which is published alongside this one called
-# fai-basefiles due to being a large binary file.
-scp -q /a/bin/fai-basefiles/*.tar.xz root@$faiserver_host:/srv/fai/config/basefiles
-ssh root@$faiserver_host bash <<'EOF'
-set -eE -o pipefail
-set -x
-# make it the root because pxe-kexec only looks there.
-# It wouldn't be too hard to change if we needed.
-# We could also just dump things in /srv/tftp, but fai
-# has some defaults, which I don't even use, which expect
-# the other directory, so it's kind of a tossup, whatever.
-sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
-systemctl restart tftpd-hpa
-chmod 644 /srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
-chmod -R a+rX /srv/fai/config/distro-install-common
-# this basefile has tar acls bug, so I'm using my own
-# local one for now.
-#cd /srv/fai/config/basefiles
-#u=http://fai-project.org/download/basefiles/XENIAL64.tar.xz
-#wget -nv -N $u
-EOF
+# these files are not available.
+
+
+if [[ $target ]]; then
+ secret_files=(luks/$target luks/host-$target shadow/$target)
+ exists=false
+ secret_exists=()
+ for f in ${secret_files[@]}; do
+ if [[ -e /q/root/$f ]]; then
+ exists=true
+ secrets_to_send+=("$f")
+ fi
+ done
+ if $exists; then
+ {
+ for f in ${secrets_to_send[@]}; do
+ echo $f
+ done
+ } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common
+ fi
+else
+ rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
+fi
+
+rsync -rlpt --delete /a/opt/btrfs-progs-release \
+ filesystem/usr/local/bin/ethusb-nm \
+ filesystem/usr/local/bin/ethusb-static \
+ "${rpre[@]}"/srv/fai/config/distro-install-common
+
+dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
+if [[ -e ${dirs[0]} ]]; then
+ rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
+fi
+
+. /a/bin/distro-setup/pkgs
+pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
+
+printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
+ $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
+
-faiserver-enable
+m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
iankelling.org / git / automated-distro-installer / blobdiff