[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-LC_USEBASHRC=t; . ~/.bashrc
usage() {
- cat <<EOF
+ cat <<'EOF'
usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]
install fai-server on the current machine
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+for copying and running this on a remote server,
+scp -tPrl fai SERVER:
+scp $(readlink -f ~/.ssh/home.pub) SERVER:.ssh
+scp /a/bin/cedit/cedit SERVER:/usr/local/bin
+# todo: make the above key be an option
+
Note: there is a bug in 5.9.4, fixed by adding
sleep 2
chroot like it used to be, but I'm not bothering to make
any persistent fix, since I'm now on t10. If it ever came
up again, using an old fai package would also work.
-
-/usr/sbin/fai-make-nfsroot:503, before apt-get update
+ /usr/sbin/fai-make-nfsroot:503, before apt-get update
EOF
update=false
case $base in
- stretch|bullseye|bullseye)
+ stretch|buster|bullseye)
if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
update=true
fi
cachetime=$(stat -c %Y $f );
now=$(date +%s)
limittime=$(( now - 60*60*2 ))
- if (( cachtime > limittime )); then
+ if (( cachetime > limittime )); then
update=true
fi
fi
# kernel, or the ability to install it.
# xorriso is for running fai-cd -a, not strictly need for fai-server
# perl-tk is for fai-monitor-gui
-pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk)
+# mtools is for fai-cd
+pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk mtools)
if modprobe nfsd &>/dev/null; then
pkgs+=(nfs-kernel-server)
else
### begin setup security repo ###
case $base in
- stretch|buster|bullseye)
+ stretch|buster)
cat >>/etc/fai/apt/sources.list <<EOF
deb http://security.debian.org/debian-security $base/updates main contrib
EOF
# fi
-$sed -f - /etc/fai/nfsroot.conf <<EOF
+if [[ -s /q/root/shadow/standard ]]; then
+ $sed -f - /etc/fai/nfsroot.conf <<EOF
$ a FAI_ROOTPW='$(</q/root/shadow/standard)'
/^\s*FAI_ROOTPW/d
+EOF
+fi
+
+$sed -f - /etc/fai/nfsroot.conf <<EOF
$ a SSH_IDENTITY=/root/.ssh/home.pub
/^\s*SSH_IDENTITY/d
s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
EOF
# make the faiserver also the apt proxy server
- apt-get -y install apt-cacher-ng
+ # apt-get -y install apt-cacher-ng
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
if [[ $HOSTNAME == kd ]]; then
keyscan_arg="-p 8989"
- fi
+fi
key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
+# make it the root because pxe-kexec only looks there.
+# It wouldn't be too hard to change if we needed.
+# We could also just dump things in /srv/tftp, but fai
+# has some defaults, which I don't even use, which expect
+# the other directory, so it's kind of a tossup, whatever.
+# This means fai's example isc-dhcp-server filename directory should remove the fai/ prefix.
+sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
+systemctl restart tftpd-hpa
+
# serial console
# mainly from