-#!/bin/bash -lx
+#!/bin/bash -l
+# Copyright (C) 2016 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+set -x
# Deploy fai configuration to faiserver,
# then start a virtual machine to test the config.
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
-
-ssh root@faiserver rm -rf /srv/fai/config/\*
-scp -r /a/bin/fai/fai/config root@faiserver:/srv/fai
-# fai example pass: fai
-#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
-
-# generating a hashed password:
-# under debian, you can do
-# echo "yoursecrectpassword" | mkpasswd -m sha-512 -s
-# On arch, best seems to be copy your shadow file to a temp location,
-# then passwd, get out the new pass, then copy the shadow file back.
-ssh root@faiserver tee -a /srv/fai/config/class/DEFAULT.var <<EOF
-ROOTPW='$(cat /p/shadow/standard)'
-EOF
-ssh root@faiserver tee -a /srv/fai/config/class/tp.var <<EOF
-ROOTPW='$(cat /p/shadow/traci-simple)'
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+cd $(dirname $(readlink -f "$BASH_SOURCE"))
+
+
+# i use faiserver as a dns alias, but ssh key is associated with
+# a canonical hostname and we will have ssh warning spam unless we
+# use it, so look it up just to avoid the warning spam.
+faiserver_host=$(chost faiserver) || faiserver_host=faiserver
+
+shopt -s extglob
+ssh root@$faiserver_host rm -rf /srv/fai/config/!(basefiles)
+scp -qr fai/config root@$faiserver_host:/srv/fai
+
+
+scp -q ~/.ssh/id_rsa.pub \
+ root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
+# todo: automatically disable faiserver after a period so
+# these files are not exposed.
+s scp -qr /q/root/luks /q/root/shadow \
+ root@$faiserver_host:/srv/fai/config/distro-install-common
+scp -q /a/bin/fai/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin
+
+# built BELANOS basefile with mk-basefile -J BELENOS64. it's stored in
+# it's own repo which is published alongside this one called
+# fai-basefiles due to being a large binary file.
+scp -q /a/bin/fai-basefiles/*.tar.xz root@$faiserver_host:/srv/fai/config/basefiles
+ssh root@$faiserver_host bash <<'EOF'
+set -eE -o pipefail
+set -x
+# make it the root because pxe-kexec only looks there.
+# It wouldn't be too hard to change if we needed.
+# We could also just dump things in /srv/tftp, but fai
+# has some defaults, which I don't even use, which expect
+# the other directory, so it's kind of a tossup, whatever.
+sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
+systemctl restart tftpd-hpa
+chmod 644 /srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
+chmod -R a+rX /srv/fai/config/distro-install-common
+# this basefile has tar acls bug, so I'm using my own
+# local one for now.
+#cd /srv/fai/config/basefiles
+#u=http://fai-project.org/download/basefiles/XENIAL64.tar.xz
+#wget -nv -N $u
EOF
-scp ~/.ssh/id_rsa.pub \
- root@faiserver:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
-s scp -r /q/root/luks /p/shadow/traci{,-simple} \
- root@faiserver:/srv/fai/config/distro-install-common
-ssh root@faiserver chmod -R a+rX /srv/fai/config/distro-install-common
+faiserver-enable
iankelling.org / git / automated-distro-installer / blobdiff