X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=pxe-server;h=6137386a1188d9ab9c50e4bee783e7ee57dfc053;hp=2e8b2a40c267dcb6cdd8e79390b625e423a03583;hb=HEAD;hpb=a43d3eec943c5f0491b300214a3c744d31a6e542

diff --git a/pxe-server b/pxe-server
index 2e8b2a4..1e99b03 100755
--- a/pxe-server
+++ b/pxe-server
@@ -1,36 +1,286 @@
-#!/bin/bash -x
+#!/bin/bash
+# Copyright (C) 2016 Ian Kelling
 
-# usage: $0 [TYPE]
-# default distro is the base debian/fedora type. others are fai &  arch
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 
-action=${1:-default}
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-arch() {
-    default
-    cat <<'EOF'
-dhcp-option-force=209,boot/syslinux/archiso.cfg
-dhcp-option-force=210,/arch/
-dhcp-boot=/arch/boot/syslinux/lpxelinux.0
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+script_dir="${this_file%/*}"
+# shellcheck source=./bash-trace
+source "${script_dir}/bash-trace"
+cd $script_dir
+PATH="$PATH:$PWD"
+
+
+usage() {
+  cat <<EOF
+Usage: ${0##*/} [OPTIONS] [HOST] [TYPE]
+Configure dnsmasq boot options and fai-chboot if appropriate. This is
+not general purpose, it has code specific to dhcp servers I run.
+
+Without TYPE, disable  server and fai server. In that case, HOST is only
+needed for fsf office network.
+
+HOST       Only do dhcp pxe for HOST. The hostname must be known to the dhcp
+           server to target its mac. Use "default" for all hosts.
+           Required in fsf office environment.
+
+TYPE       One of arch, parabola, plain, fai.
+
+-a         Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
+           server after a delay.  First ack is for pxe boot, 2nd ack is
+           for os boot. Sometimes on debian, there is a 3rd one shortly
+           after the 2nd. I can't remember exactly why this caused a
+           problem, but I'm hoping the sleep will take care of it.
+-d         Don't alter dhcp config. Only make sense for fai type, and on network
+           other than home or fsf, when using fai-cd, or pxe-kexec.
+-k         Pass -k to myfai-chboot.
+--no-r     Pass --no-r to myfai-chboot.
+-r         Don't redeploy fai config. For example, if there is a different host
+           that is mid-install.
+
+-S         sets FAI_ACTION=sysinfo, see myfai-chboot for more info.
+-w         Setup pxe, then wait like -a.
+-h|--help  Print help and exit
+
+
+Note, when switching between plain and arch or parabola, you will need to
+do something like:
+ssh wrt
+cd /mnt/usb
+rm tftpboot
+ln -s <arch/parabola/debian iso dir> tftpboot
+
+
+Notes on debugging pxe dhcp tftp:
+
+For debugging dhcp, add to /etc/dnsmasq.conf: log-dhcp
+
+Newer openwrt runs dnsmasq with a whitelist of readable files and dirs:
+
+ps ww :
+/sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.d -r /tmp/hosts -r /tmp/resolv.conf.d -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.sh -r /usr/share/dnsmasq/dhcpbogushostname.conf -r /usr/share/dnsmasq/rfc6761.conf -r /usr/share/dnsmasq/trust-anchors.conf -r /usr/share/libubox/jshn.sh -r /var/etc/dnsmasq.conf.cfg01411c -w /var/run/dnsmasq/ -- /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
+
+logging tftp requests:
+/etc/default/tftpd-hpa:
+add -vv:
+TFTP_OPTIONS="--secure -vv"
+jr -u tftpd-hpa -f
+
+Note: Uses GNU getopt options parsing style
+EOF
+  exit $1
+}
+
+pre="${0##*/}:"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+PATH="/a/exe:$PATH"
+
+##### begin command line parsing ########
+
+dhcp=true
+redep=true
+acks=2
+wait=false
+fsf_office=false
+
+case $HOSTNAME in
+  x3|kw) fsf_office=true ;;
+esac
+
+chboot_args=()
+temp=$(getopt -l no-r,help adkrSwh "$@") || usage 1
+eval set -- "$temp"
+while true; do
+  case $1 in
+    -a) wait=true; set=false; shift ;;
+    -d) dhcp=false; shift ;;
+    -k) chboot_args+=(-k); shift ;;
+    --no-r) chboot_args+=(--no-r); shift ;;
+    -r) redep=false; shift ;;
+    -S) chboot_args+=(-S); shift ;;
+    -w) wait=true; set=true; shift ;;
+    -h|--help) usage ;;
+    --) shift; break ;;
+    *) echo "$0: Internal error!" ; exit 1 ;;
+  esac
+done
+
+read -r host type <<<"$@"
+
+case $# in
+  [01]);;
+  2)
+    case $type in
+      arch|parabola) cmd=archlike ;;
+      fai) cmd=fai ;;
+      *)
+        echo "$0: error expected type of arch|parabola|fai"
+        echo
+        usage 1
+        ;;
+    esac
+    ;;
+  *)
+    echo "$0: error: expected 0-2 arguments"
+    echo
+    usage 1
+    ;;
+esac
+
+
+if $wait && ! $dhcp; then
+  echo "$0: error -w conflicts with -d, choose one or other" >&2
+  exit 1
+fi
+
+if $fsf_office && [[ ! $host ]]; then
+  echo "$0: at fsf_office, provide HOST arg" >&2
+  exit 1
+  fi
+
+if [[ $host && $host != default ]]; then
+  host_tag="tag:$host,"
+fi
+
+##### end command line parsing ########
+
+archlike() {
+  cat <<EOF
+${host_tag}209,boot/syslinux/${type}iso.cfg
+${host_tag}210,/${type}/
+${host_tag}option:bootfile-name,/${type}/boot/syslinux/lpxelinux.0
 EOF
 }
 
-default() {
-    cat <<'EOF'
-enable-tftp
-tftp-root=/mnt/usb/tftpboot
-dhcp-boot=pxelinux.0
+plain() {
+  # if arch based was used before, this additionally needs
+  # the tftp link in /mnt/usb to be changed.
+  cat <<EOF
+${host_tag}option:bootfile-name,pxelinux.0
 EOF
 }
 
 fai() {
-    cat <<'EOF'
-dhcp-boot=fai/pxelinux.0,faiserver.lan,faiserver.lan
+  cat <<EOF
+${host_tag}option:bootfile-name,pxelinux.0
+${host_tag}option:server-ip-address,$faiserverip
+${host_tag}option:tftp-server,$faiserverip
 EOF
+  # Note, previously used normal dnsmasq option, but it requires dnsmasq
+  # restart, which causes momentary dns failures, which can bork an
+  # install.
+  #
+  # dhcp-boot=${host_tag}pxelinux.0,faiserver.b8.nz,faiserver.b8.nz
+}
+
+ack-wait() {
+  if $fsf_office; then
+    wait_cmd="ssh tarantula.office.fsf.org tail -n0 -f /var/log/syslog"
+  else
+    wait_cmd="ssh cmc logread -f"
+  fi
+  wait_count=$1
+  if [[ $host ]]; then
+    if $fsf_office; then
+      host_regex=" $(getent hosts kw | awk '{print $1}' | sed 's/\./\\./g')"
+    else
+      host_regex=" $host"
+    fi
+  fi
+  regex=".*DHCPACK.*$host_regex\b"
+  i=0
+  while (( i != wait_count )) && read -r line; do
+    if [[ $line =~ $regex ]]; then
+      i=$((i+1))
+      echo $line
+    fi
+  done < <($wait_cmd ||:) # tail returns 2 it seems
+  m sleep 20
 }
 
+set-pxe() {
+  $dhcp || return 0
+  if $fsf_office; then
+    if [[ ! $cmd ]]; then
+      e "removing pxe for $host on tarantula"
+      ssh tarantula.office.fsf.org bash -e <<EOF
+sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp/dhcpd.conf
+systemctl restart isc-dhcp-server
+EOF
+    elif [[ $cmd == fai ]]; then
+      e "adding pxe for $host on tarantula"
+      ssh tarantula.office.fsf.org bash -e <<EOF
+sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp/dhcpd.conf
+systemctl restart isc-dhcp-server
+EOF
+    fi
+  else
+    e "updating dnsmasq.conf:"
+    m $cmd
+    ${cmd:-:}|ssh cmc "dd of=/var/run/dnsmasq/dhcpopts.conf; /etc/init.d/dnsmasq reload
+$([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
+  fi
+}
+
+type -t host &>/dev/null || sudo apt-get -y install dnsutils
+faiserverip=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
+if [[ ! $faiserverip || $faiserverip =~ [[:space:]] ]]; then
+  echo "$0: error: failed to get \$faiserverip, got: $faiserverip"
+  exit 1
+fi
+
+
+if $set; then
+  set-pxe
+  if [[ $type == fai ]]; then
+    if $redep; then
+      m fai-redep
+    fi
+    m myfai-chboot ${chboot_args[@]} $host
+  else
+    # This will fail if faiserver is not setup, so ignore any
+    # failure and don't bother us about it.
+    m myfai-chboot &>/dev/null ||:
+  fi
+fi
+
+if $wait; then
+  # fai's debian jessie 8.5ish does 2 dhcp requests when booting,
+  # roughly 4 seconds apart. Earlier
+  # versions did just 1. Now testing on a vm, it does 1.
+  # bleh.
+  echo "waiting for $acks dhcp acks then disabling pxe"
+  ack-wait $acks
+  type=
+  unset cmd
+  set-pxe
+
+  # previously tried waiting for one more ack then disabling faiserver,
+  # since it can contain sensitive info, so turn it off when not in use,
+  # but disabling that for now as it's inconvenient to clean this
+  # up and run it in the background etc.
 
-$action | ssh wrt "cedit pxe-server /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart
-if [[ $action == arch ]]; then arch-pxe-mount; fi"
+  # if [[ $type == fai ]]; then
+  #     echo "waiting for 1 dhcp ack then disabling fai server"
+  #     ack-wait 1
+  #     faiserver-disable
+  # fi
+fi