[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-LC_USEBASHRC=t; . ~/.bashrc
usage() {
- cat <<EOF
+ cat <<'EOF'
usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]
install fai-server on the current machine
work. Separate from running this, faiserver needs to be setup in dns to
point to whatever host this is run on.
-Default BASE_CODENAME is buster. Default ARCH is 64. The script expects corresponding
+Default BASE_CODENAME is bullseye. Default ARCH is 64. The script expects corresponding
$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+for copying and running this on a remote server,
+scp -tPrl fai SERVER:
+scp $(readlink -f ~/.ssh/home.pub) SERVER:.ssh
+scp /a/bin/cedit/cedit SERVER:/usr/local/bin
+# todo: make the above key be an option
+
Note: there is a bug in 5.9.4, fixed by adding
sleep 2
chroot like it used to be, but I'm not bothering to make
any persistent fix, since I'm now on t10. If it ever came
up again, using an old fai package would also work.
-
-/usr/sbin/fai-make-nfsroot:503, before apt-get update
+ /usr/sbin/fai-make-nfsroot:503, before apt-get update
EOF
e() { echo "+ $@"; "$@"; }
-base=${1:-buster}
+base=${1:-bullseye}
arch=${2:-64}
if [[ $base == [[:upper:]] ]]; then
cachetime=$(stat -c %Y $f );
now=$(date +%s)
limittime=$(( now - 60*60*2 ))
- if (( cachtime > limittime )); then
+ if (( cachetime > limittime )); then
update=true
fi
fi
# kernel, or the ability to install it.
# xorriso is for running fai-cd -a, not strictly need for fai-server
# perl-tk is for fai-monitor-gui
-pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
+# mtools is for fai-cd
+pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk mtools)
if modprobe nfsd &>/dev/null; then
pkgs+=(nfs-kernel-server)
else
# fi
-$sed -f - /etc/fai/nfsroot.conf <<EOF
+if [[ -s /q/root/shadow/standard ]]; then
+ $sed -f - /etc/fai/nfsroot.conf <<EOF
$ a FAI_ROOTPW='$(</q/root/shadow/standard)'
/^\s*FAI_ROOTPW/d
+EOF
+fi
+
+$sed -f - /etc/fai/nfsroot.conf <<EOF
$ a SSH_IDENTITY=/root/.ssh/home.pub
/^\s*SSH_IDENTITY/d
s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
e fai-setup -evf -B $basefile
# fai-setup expert mode avoids writing to /var/log/fai/variables
# at least config_src is needed for autodiscover
+
+
+ # lld /var/log/fai/remote-logs:
+ # d 750 fai nogroup 100 08-07 08:51 pm /var/log/fai/remote-logs
+ # We could change the group or something, but why not just give me more permissions :)
+ e usermod -a -G nogroup iank
$sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables
tee -a /var/log/fai/variables <<'EOF'
LOGUSER=fai
FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
EOF
# make the faiserver also the apt proxy server
- apt-get -y install apt-cacher-ng
+ # apt-get -y install apt-cacher-ng
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
-key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*")
+if [[ $HOSTNAME == kd ]]; then
+ keyscan_arg="-p 8989"
+fi
+key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done
+# make it the root because pxe-kexec only looks there.
+# It wouldn't be too hard to change if we needed.
+# We could also just dump things in /srv/tftp, but fai
+# has some defaults, which I don't even use, which expect
+# the other directory, so it's kind of a tossup, whatever.
+# This means fai's example isc-dhcp-server filename directory should remove the fai/ prefix.
+sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa
+systemctl restart tftpd-hpa
+
# serial console
# mainly from
iankelling.org / git / automated-distro-installer / blobdiff