X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=README;h=12d3b0643c80c9ba344b41e40e3eba2a2dca191d;hp=f20bd12273f8d996919829a96eaa6106fe6fa3e4;hb=845c2b9e9e7e25b3dfa3d7f750d0acae0e50caf4;hpb=ee37d990c89bb3bab1b54e3b3fb43e9f79ed039b

diff --git a/README b/README
index f20bd12..12d3b06 100644
--- a/README
+++ b/README
@@ -64,29 +64,45 @@ Some of the scripts have dependencies for some simple obvious utility
 scripts from https://iankelling.org/git, and of course there are some
 hostnames that are specific to my network.
 
+
+# Per-host/install configuration
+
 Before doing a fai install, you will need to populate a class file.  I
-use one called 5-multi-boot, which you can see example of in
+use one called 51-multi-boot, which you can see example of in
 fai/config/class/50-host-classes.
 
+
+
 Before doing a fai install, you will need to populate /q/root/luks and
 /q/root/shadow, see their references. You might also want to copy
 existing /etc/ssh/*host* to
 /p/c/machine_specific/HOST/filesystem/etc/ssh.
 
+host-* luks keyfiles generated like:
+head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
 
+Configuration of which luks key to use is in
+fai/config/hooks/partition.DEFAULT
 
-All scripts meant to be used directly are listed here:
+Configuration of which (if any) shadow file to use is in
+fai/config/distro-install-common/end
+and which shadow file / luks file(s) to copy into the new machine depends
+on fai-redep arguments.
 
+# Scripts (meant to be used directly):
 
-# Scripts to setup the environment for the install
 
+# Setup the environment for the install
 
 # create tiny autodiscover cd
+# todo: with fai-revm at least, this complains about missing vmlinuz. need to fix this.
 fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso
-# create normal fai cd (replace TARGET_HOST)
-fai-redep -t TARGET_HOST && sudo fai-cd -M -g $PWD/grub.cfg.netinst -f $BASEFILE_DIR/netinst.iso
-note, may need to set hostname in something like LAST.var
-also, may need to unset proxy.
+# create normal fai cd (replace TARGET_HOSTNAME)
+fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot -f $BASEFILE_DIR/netinst.iso
+# note, may need to set hostname, depending on config,
+# and some other things for environment not on your lan
+# for example see fai/config/class/LINODE.var. See linode notes below.
+
 mymk-basefile # Create basefiles for various distros
 archlike-pxe # Setup pxe boot server from an archlike base image
 fai-redep # Deploy fai configuration to host "faiserver"
@@ -171,6 +187,88 @@ addgroup: The group `systemd-journal' already exists as a system group. Exiting.
 Operation failed: No such file or directory
 
 
+# linode notes
+
+* create 2 disks, installer (3000 mb, raw), boot (remaining, raw)
+* create 2 profiles w direct boot, no helpers:
+  * installer (sda=boot, sdb=installer, boot dev=sdb)
+  * boot (sda=boot)
+* Boot into rescue mode, ssh in with lish,
+  curl url_to_some_fai_cd_created_image | dd of=/dev/sda
+  poweroff
+* boot into installer.
+* Lish shows console, at the end of install, it gives prompt because
+  logs failed to save remotely, check the logs, then reboot into boot
+  profile if all is well. If that doesn't happen, turn off lassie in
+  settings.
+
+
+# ubuntu notes
+
+For someone who really needed ubuntu on host tp, otherwise they would
+end up on a non-gnu os, and I didn't want to figure out how to get all
+the default software installed, I did the following:
+
+# On remote host:
+# install etiona
+cd /b/fai
+# set 51-multi-boot to set classes outside of fai-wrapper conditional, including NOWIPE
+. fai-wrapper
+./fai/config/hooks/partition.DEFAULT
+
+# on remote host
+# install ubuntu 20.04 using virt-install
+sudo -i
+virt-install --os-variant=ubuntu16.04 --cdrom ubuntu-20.04-desktop-amd64.iso --disk path=u2004.qcow2 -r 2048 --vcpus 1 -n u2004
+qemu-img create -o preallocation=metadata -f qcow2 u2004.qcow2 15G
+# alternatively, also tried a physical install, because I know the virtual install ends up
+# with some differen things, like some spice service. then pulled the data out with
+rsync -ahSAX --numeric-ids --exclude=proc --exclude=sys --exclude=dev --exclude=tmp --exclude=run root@tp:/ .; mkdir proc sys dev tmp
+
+modprobe nbd
+qemu-nbd --connect=/dev/nbd0 u1804.qcow2 -f qcow2
+qemu-nbd --connect=/dev/nbd0 u2004.qcow2 -f qcow2
+mount /dev/nbd0p1 /mnt/1 # bionic
+mount /dev/nbd0p5 /mnt/1 # focal
+mount -o bind /mnt/root/root_ubuntubionic /mnt/2
+mount -o bind /mnt/root/root_ubuntufocal /mnt/2
+mkdir -p /mnt/2/boot
+mount -o bind /mnt/boot/boot_ubuntubionic /mnt/2/boot
+mount -o bind /mnt/boot/boot_ubuntufocal /mnt/2/boot
+# S = sparse, A = acls, X = xattrs
+rsync -ahSAX --numeric-ids /mnt/1/ /mnt/2
+
+cd /mnt/2
+cp /tmp/fai/crypttab etc
+sed -i "s#/root/keyscript,#decrypt_keyctl,#" etc/crypttab
+cp /tmp/fai/fstab etc
+echo "tmpfs     /tmp tmpfs     nodev,nosuid,size=50%,mode=1777   0    0" >> etc/fstab
+chrbind
+chroot .
+mv /etc/resolv.conf /etc/resolv.conf.old
+echo nameserver 1.1.1.1 >/etc/resolv.conf
+# install programs from /a/bin/fai/fai/config/package_config/STANDARD:
+apt install -y openssh-client openssh-server cryptsetup keyutils btrfs-progs console-setup kbd pciutils usbutils unattended-upgrades initramfs-tools-core dropbear-initramfs
+mv /etc/resolv.conf.old /etc/resolv.conf
+exit
+d=etc/initramfs-tools
+mkdir -p $d/root/.ssh etc/dropbear-initramfs root/.ssh
+chmod 700 $d/root $d/root/.ssh root/.ssh
+cp -p /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys
+cp -p /root/.ssh/authorized_keys etc/dropbear-initramfs
+cp -p /root/.ssh/authorized_keys root/.ssh/authorized_keys
+chroot .
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="rd.luks.crypttab=no"/' /etc/default/grub
+grub-install --no-floppy $(grub-probe -tdrive -d /dev/sda)
+update-grub
+grub-bios-setup -d /boot/grub/i386-pc -s /dev/sda
+exit
+umount proc
+umount dev
+umount sys
+reboot
+
+
 # TODO
 Change arch to archlike and to support arch and parabola