X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=README;h=328751471791e8238aceaface448c14fc9ff53ac;hp=a3b16b77d8eb805905991e9654cdd5b4a5d63518;hb=f26c5d66d11fc97c3c6a17a3647dad5d1922fe5a;hpb=bcdb96792264d6cda20e6d2fa176728a67c87862 diff --git a/README b/README index a3b16b7..3287514 100644 --- a/README +++ b/README @@ -1,28 +1,57 @@ -Multi-boot/distro btrfs provisioning - -Some things are specific to my home network. Uses pxe or pxe-kexec (for -systems like libreboot with no pxe rom, we boot into a live cd or distro -for bootsraping). Works for bare-metal or vms. - -Features people may find useful: installs encrypted trisquel belanos, -arch, debian stable, & debian testing all on the same btrfs filesystem. -Smartly utilizes multiple disks, with scripts to automatically decrypt -on reboots. The partititioning and filesystem script is at -fai/config/hooks/partition.DEFAULT. Other debian based distros at least -as new as ubuntu 14.04 should work fine, and I'm planning to add Fedora -support. Disks are grouped as ssd or hdd and raided in raid 1 or raid 0 -per configuration. The base partitions are divided into boot, swap, and -root, (only boot is unencrypted). There are scripts to resize those -partitions post-provision and while the system is running. - -The repo name fai is copied from the debian project of the same name, -meaning "fully automated installer." - -It also fully automates configuration of an openwrt router after manual +PXE install w multi-boot, btrfs & Libreboot support + +Some things are specific to my home network, and uses files with secrets +that are not in this repo. I use this for bare metal and vms, and two +scripts which can run post boot so I use them on vps distributed image +as well. + +Features people may find useful: installs encrypted trisquel, debian, +ubuntu, arch, and parabola (archlike install is likely broken, I've only +done pxe boots recently), in a multi-boot setup using multiple +subvolumes of a single btrfs filesystem. Utilizes multiple disks, with +scripts to automatically decrypt on intentional reboots, but not after +shutdown or power loss. + +Normal install mode for fai is using pxe, but on a libreboot system, +there is no pxe. The pxe in a normal computer is nonfree +firmware. Alternatives to normal pxe that I've tried: + +* libreboot + seabios + ipxe + +* Use a live cd to call pxe-kexec, this is described later in this file. + +* Use the fai autodiscover iso. This is more automated, so nicer. + +* Use an install method above to setup a gnu/linux disk partition that + coordinates with libreboot grub to acts like a pxe boot using + kexec. The boot process takes a bit longer than normal pxe. This is + the bootstrap partition in my scripts. + +Things I haven't tried: + +* The bios chip has enough room for an initrd. This could be setup to + work like the partition I use to kexec, but it would be faster, and + not require installing to disk. + +The partititioning and filesystem script is at +fai/config/hooks/partition.DEFAULT. Disks are grouped as ssd or hdd and +raided in raid 1 or raid 0 per configuration. The base partitions are +divided into boot, swap, and root, (only boot is unencrypted). There are +scripts to resize those partitions post-provision and while the system +is running. + +People who use fai may find these things as useful examples: it uses +dnsmasq (on a openwrt machine) for dhcp instead of the isc +dhcp. fai-wrapper is a small script to use basic fai classes outside of +fai. It does not use the fai partitioning tool, but the script is +inspired from it and works outside of fai. It supports running a fai +server on debian within android via Maru. + +It also automates configuration of an openwrt router after manual initial installation. -After provisionining is done, I sync files using unison, then automate -further setup using a different set of scripts, +After provisionining is done, I sync files using btrfs, or unison for +vps, then automate further setup using a different set of scripts, https://iankelling.org/git/?p=distro-setup;a=tree. My network is a wndr3700v2 router with openwrt on it and a few pcs/laptops. @@ -35,26 +64,95 @@ Some of the scripts have dependencies for some simple obvious utility scripts from https://iankelling.org/git, and of course there are some hostnames that are specific to my network. -Main scripts meant to be called interactively: +Before doing a fai install, you will need to populate a class file. I +use one called 5-multi-boot, which you can see example of in +fai/config/class/50-host-classes. -arch-init-remote # install arch (after it's been booted into it's setup env) -chboot # Set grub to boot into a different distro (installed earlier) -dsfull # install & setup a new fai distro (if data partition already synced) -eboot # reboot and keep disks encrypted -fai-kexec # kexec to fai tftp server that pxe would normally point to -fai-revm # test fai on a fresh vm -faiserver-revm # create a vm which is a fai server using pxe & preseed file +Before doing a fai install, you will need to populate /q/root/luks and +/q/root/shadow, see their references. + + + +All scripts meant to be used directly are listed here: + + +# Scripts to setup the environment for the install + +sudo fai-cd -g grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso # create autodiscover cd +mymk-basefile # Create basefiles for various distros +archlike-pxe # Setup pxe boot server from an archlike base image +fai-redep # Deploy fai configuration to host "faiserver" faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine +myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec +pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot +wrt-setup # setup my router in general: dhcp, dns, etc. + + +# Script to do a distro install + +faiserver-revm # using pxe & preseed, create a vm which is a fai server +dsfull # install & post-install a new fai distro +arch-init-remote # install arch after it's been booted into it's setup env +fai-kexec # Kexec this or a remote machine using host faiserver +live-kexec # fai kexec from upstream live cds, e.g. curl live-kexec|bash + + +# Test scripts + +arch-revm # test arch install on a fresh vm +fai-revm # test fai install on a fresh vm + + +# Scripts to call after a distro install for various reasons + +chboot # Set grub to boot into a different distro (installed earlier) +install-chboot # reinstall chboot to /boot subvols, for chboot updates. +eboot # reboot without automatic disk decryption +fai-wrapper # use fai classes outside of fai. sourced, not called. +faiserver-disable # Disable the fai nfs server exports fresize # resize swap or boot partitions in a host -myfai-chboot # Sets up tftp pxe config on fai server -pxe-server # temporarily enable (usually) fai or arch boot server -wrt-setup-remote # setup my router -ubuntu-xenial-live-fai-kexec # do fai install from xenial live cd using kexec -myfai-chboot # use instead of pxe-server for fai kexec based install - -License stuff: -The license for the project is GPLv2 or later, mostly because fai is -and I periodically rebase off their example setup for debian. Also, -there is a modified encrypt.upstream, which is from the cryptsetup -package in arch, which is under the same license. + + +# Replacing a raid 10 disk + +pxe-server -S HOST fai +ssh root@HOST +cat >p +for x in /target/*; do umount $x; done +PASSWORD HERE(ctrl-d ctrl-d) +for d in /dev/disk/by-id/ata*part1; do cryptsetup luksOpen --key-file p $d crypt_dev_${d##*/}; done +# btrfs replace disk # i forget the actual command +x=(/dev/mapper/*part1); mount -o subvol=root_trisquelflidas $x /mnt +mount -o subvol=boot_trisquelflidas /dev/sda3 /mnt/boot +for x in dev proc sys; do mount -o bind /$x /mnt/$x; done +chroot /mnt /bin/bash +# replace disk in fstab +# replace disk in /etc/crypttab +update-grub +update-initramfs -u +mount /a +/a/exe/keyscript-on +exit +reboot + + +# Expected output in fai logs + +For flidas, when installing systemd, this error happens, and it's +a superflous upstream bug based on reading the post install script: + +addgroup: The group `systemd-journal' already exists as a system group. Exiting. +Operation failed: No such file or directory + + +# TODO +Change arch to archlike and to support arch and parabola + + +# License + +The license for the project is GPLv2 or later, mostly because fai is and +I periodically merge the upstream example config, which contains small +scripts. Also, there is a modified encrypt.upstream, which is from the +cryptsetup package in arch, which is under the same license.