[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-LC_USEBASHRC=t; . ~/.bashrc
usage() {
- cat <<EOF
+ cat <<'EOF'
usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]
install fai-server on the current machine
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+for copying and running this on a remote server,
+scp -tPrl fai SERVER:
+scp $(readlink -f ~/.ssh/home.pub) SERVER:.ssh
+scp /a/bin/cedit/cedit SERVER:/usr/local/bin
+# todo: make the above key be an option
+
Note: there is a bug in 5.9.4, fixed by adding
sleep 2
chroot like it used to be, but I'm not bothering to make
any persistent fix, since I'm now on t10. If it ever came
up again, using an old fai package would also work.
-
-/usr/sbin/fai-make-nfsroot:503, before apt-get update
+ /usr/sbin/fai-make-nfsroot:503, before apt-get update
EOF
update=false
case $base in
- stretch|bullseye|bullseye)
+ stretch|buster|bullseye)
if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
update=true
fi
cachetime=$(stat -c %Y $f );
now=$(date +%s)
limittime=$(( now - 60*60*2 ))
- if (( cachtime > limittime )); then
+ if (( cachetime > limittime )); then
update=true
fi
fi
# fi
-$sed -f - /etc/fai/nfsroot.conf <<EOF
+if [[ -s /q/root/shadow/standard ]]; then
+ $sed -f - /etc/fai/nfsroot.conf <<EOF
$ a FAI_ROOTPW='$(</q/root/shadow/standard)'
/^\s*FAI_ROOTPW/d
+EOF
+fi
+
+$sed -f - /etc/fai/nfsroot.conf <<EOF
$ a SSH_IDENTITY=/root/.ssh/home.pub
/^\s*SSH_IDENTITY/d
s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
EOF
# make the faiserver also the apt proxy server
- apt-get -y install apt-cacher-ng
+ # apt-get -y install apt-cacher-ng
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
if [[ $HOSTNAME == kd ]]; then
keyscan_arg="-p 8989"
- fi
+fi
key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
# We could also just dump things in /srv/tftp, but fai
# has some defaults, which I don't even use, which expect
# the other directory, so it's kind of a tossup, whatever.
+# This means fai's example isc-dhcp-server filename directory should remove the fai/ prefix.
sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
systemctl restart tftpd-hpa