fixes plus readme updates

diff --git a/README b/README
index 32cd82954b4c117562c599ef5ca0573ee6eb58dc..60c6e6f4c690b958c00cbfc0a3b3ce05b53e7b27 100644 (file)
--- a/README
+++ b/README
@@ -1,10 +1,9 @@
 PXE install w multi-boot, btrfs & Libreboot support
 
 Some things are specific to my home network, and uses files with secrets
 PXE install w multi-boot, btrfs & Libreboot support
 
 Some things are specific to my home network, and uses files with secrets

-that are not in this repo. Uses pxe or pxe-kexec (on libreboot, I have
-not added a pxe rom, I use a minimal debian stable subvolume which acts
-like a pxe rom). I use this for bare metal and vms, and two scripts
-which can run post boot so I use them on vps distributed image as well.
+that are not in this repo. I use this for bare metal and vms, and two
+scripts which can run post boot so I use them on vps distributed image
+as well.

 
 Features people may find useful: installs encrypted trisquel, debian,
 ubuntu, and arch (havne't done recently, probably a bit broken), in a
 
 Features people may find useful: installs encrypted trisquel, debian,
 ubuntu, and arch (havne't done recently, probably a bit broken), in a


@@ -12,6 +11,27 @@ multi-boot setup using multiple subvolumes of a single btrfs filesystem.
 Utilizes multiple disks, with scripts to automatically decrypt on
 intentional reboots, but not after shutdown or power loss.
 
 Utilizes multiple disks, with scripts to automatically decrypt on
 intentional reboots, but not after shutdown or power loss.
 

+Normal install mode for fai is using pxe, but on a libreboot system,
+there is no pxe. The pxe in a normal computer is nonfree firmware. What
+I've done instead:
+
+* Use a live cd to call pxe-kexec, this is described later in this file.
+
+* Use the fai autodiscover iso. This is more automated, so nicer.
+
+* Use an install method above to setup a gnu/linux disk partition that
+  acts like a pxe boot using kexec, but it takes a bit longer. This is
+  the bootstrap partition in my scripts.
+
+Things I haven't tried:
+
+* There is iPXE, which requires standard bios functions, which can be
+  provided by seabios, which can be a libreboot payload.
+
+* The bios chip has enough room for an initrd. This could be setup to
+  work like the partition I use to kexec, but it would be faster, and
+  not require installing to disk.
+

 The partititioning and filesystem script is at
 fai/config/hooks/partition.DEFAULT. Disks are grouped as ssd or hdd and
 raided in raid 1 or raid 0 per configuration. The base partitions are
 The partititioning and filesystem script is at
 fai/config/hooks/partition.DEFAULT. Disks are grouped as ssd or hdd and
 raided in raid 1 or raid 0 per configuration. The base partitions are


@@ -43,6 +63,8 @@ Some of the scripts have dependencies for some simple obvious utility
 scripts from https://iankelling.org/git, and of course there are some
 hostnames that are specific to my network.
 
 scripts from https://iankelling.org/git, and of course there are some
 hostnames that are specific to my network.
 

+
+

 All scripts meant to be used directly are listed here:
 
 
 All scripts meant to be used directly are listed here:
 
 


@@ -81,6 +103,7 @@ fai-wrapper # use fai classes outside of fai. sourced, not called.
 faiserver-disable # Disable the fai nfs server exports
 fresize # resize swap or boot partitions in a host
 
 faiserver-disable # Disable the fai nfs server exports
 fresize # resize swap or boot partitions in a host
 

+

 # Replacing a raid 10 disk
 
 pxe-server -S HOST fai
 # Replacing a raid 10 disk
 
 pxe-server -S HOST fai


@@ -107,7 +130,7 @@ reboot
 
 host=kw
 distro=trisquel
 
 host=kw
 distro=trisquel

-t=/tmp/d
+t=/dev/shm/t

 myfai-chboot default
 sudo sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf
 # config umount required after a failed run, proc umount always required
 myfai-chboot default
 sudo sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf
 # config umount required after a failed run, proc umount always required


@@ -129,7 +152,10 @@ sudo rm -f $t/etc/hostname $t/etc/resolv.conf \
 echo | sudo dd of=$t/etc/machine-id
 sudo tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/FLIDAS64X.tar.gz
 
 echo | sudo dd of=$t/etc/machine-id
 sudo tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/FLIDAS64X.tar.gz
 

-License stuff:
+
+
+# License
+

 The license for the project is GPLv2 or later, mostly because fai is and
 I periodically merge the upstream example config, which contains small
 scripts. Also, there is a modified encrypt.upstream, which is from the
 The license for the project is GPLv2 or later, mostly because fai is and
 I periodically merge the upstream example config, which contains small
 scripts. Also, there is a modified encrypt.upstream, which is from the

diff --git a/fai-redep b/fai-redep
index eafb1dc6426caa9c9dadf1f64350de27ceb66215..94a85db5b387c87d13f87467ad53843f5162ad50 100755 (executable)
--- a/fai-redep
+++ b/fai-redep
@@ -23,7 +23,7 @@ usage() {
     cat <<EOF
 usage: ${0##*/} [-h|--help] [HOST] [DISTRO]
 Deploy fai config (the one in nfs) to HOST or default faiserver
     cat <<EOF
 usage: ${0##*/} [-h|--help] [HOST] [DISTRO]
 Deploy fai config (the one in nfs) to HOST or default faiserver

-DISTRO is default this distro, or DISTRO for setting up DESKTOP packages.
+Specify DISTRO for setting up DESKTOP packages.

 EOF
     exit $1
 }
 EOF
     exit $1
 }

diff --git a/fai-revm b/fai-revm
index bd9a9d633b70ff1ed650a4e00a986b7705e1282c..4b3d0d01501f3741c0e17e96cdf84b30e5a6792d 100755 (executable)
--- a/fai-revm
+++ b/fai-revm
@@ -34,9 +34,10 @@ Note, sometimes shutting down the existing demohost vm
 fails. Just run again if that happens.
 
 -d         Don't do dhcp setup for when we aren't on Ian's home network.
 fails. Just run again if that happens.
 
 -d         Don't do dhcp setup for when we aren't on Ian's home network.

--r         Do not boot after install is complete

 -n         Create new qcow2(s) for vm. Good for testing partitioning
            script, to ensure a blank disk.
 -n         Create new qcow2(s) for vm. Good for testing partitioning
            script, to ensure a blank disk.

+-p         Use pxe instead of autodiscover iso with fai.
+-r         Do not boot after install is complete

 -h|--help  Print help and exit.
 
 Note: Uses GNU getopt options parsing style
 -h|--help  Print help and exit.
 
 Note: Uses GNU getopt options parsing style


@@ -46,12 +47,14 @@ EOF
 
 orig_args=("$@")
 new_disk=false
 
 orig_args=("$@")
 new_disk=false

-temp=$(getopt -l help dnrh "$@") || usage 1
+pxe=false
+temp=$(getopt -l help dnprh "$@") || usage 1

 eval set -- "$temp"
 while true; do
     case $1 in
         -d) dhcp_arg=-d; shift ;;
         -n) new_disk=true; shift ;;
 eval set -- "$temp"
 while true; do
     case $1 in
         -d) dhcp_arg=-d; shift ;;
         -n) new_disk=true; shift ;;

+        -p) pxe=true; shift ;;

         -r) reboot_arg=--noreboot; shift ;;
         -h|--help) usage ;;
         --) shift; break ;;
         -r) reboot_arg=--noreboot; shift ;;
         -h|--help) usage ;;
         --) shift; break ;;


@@ -86,14 +89,21 @@ cleanup() {
 }
 _errcatch_cleanup=cleanup
 
 }
 _errcatch_cleanup=cleanup
 

+boot_arg=--pxe

 if is_arch_revm; then
     e ./pxe-server $dhcp_arg demohost arch
     sleep 2
     # via osinfo-query os. guessing arch is closest to latest fedora.
     variant=fedora22
 else
 if is_arch_revm; then
     e ./pxe-server $dhcp_arg demohost arch
     sleep 2
     # via osinfo-query os. guessing arch is closest to latest fedora.
     variant=fedora22
 else

+  if $pxe; then

     e ./pxe-server $dhcp_arg demohost fai
     sleep 2
     e ./pxe-server $dhcp_arg demohost fai
     sleep 2

+    else
+      boot_arg="--cdrom /a/bin/fai-basefiles/autodiscover.iso"
+     e fai-redep
+     e myfai-chboot default
+fi

     # I don't think these variants actually make a diff for us, but I
     # use the appropriate one when trying a new distro just in case.
     variant=ubuntu14.04
     # I don't think these variants actually make a diff for us, but I
     # use the appropriate one when trying a new distro just in case.
     variant=ubuntu14.04


@@ -128,10 +138,16 @@ s iptables -P FORWARD ACCEPT
 # init_module+0x108/0x1000 [raid6_pq]
 #
 # uniq is to stop gtk-warning spam
 # init_module+0x108/0x1000 [raid6_pq]
 #
 # uniq is to stop gtk-warning spam

-e s virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \
+# e s virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \
+#   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+#   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
+
+
+e s virt-install --os-variant $variant  -n $name $boot_arg -r 2048 --vcpus 1 \

   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 
   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 

+

 if [[ $SSH_CLIENT ]]; then
     fg
 fi
 if [[ $SSH_CLIENT ]]; then
     fg
 fi

diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index adb878913476b9fe09bfdda7fd0e82c22418d817..b9cc75bfb20eff5b4ce1ca2cb82ed6a57018901b 100755 (executable)
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -41,6 +41,13 @@
 #
 # Other notable classes:
 #
 #
 # Other notable classes:
 #

+# INSTALL: for autodiscover iso, this is needed. We could also add it to
+# the autodiscover grub, but then we have to burn a new iso if we want a
+# non-install one. It sets the class for the corresponding INSTALL.var,
+# which sets FAI_ACTION=INSTALL. I'm not sure if this variable overrides
+# FAI_ACTION outside of autodiscover, todo: test it out, if it doesn't,
+# make install be default in 51-multi-boot, and disable it if needed.
+#

 # DESKTOP: install a bunch of extra packages. For creating X suffix
 # basefiles. See README.
 #
 # DESKTOP: install a bunch of extra packages. For creating X suffix
 # basefiles. See README.
 #

diff --git a/faiserver-setup b/faiserver-setup
index bbc4f50c27fd2e83d2778f3a67579d53ec274f90..544d3db08521b9ae0489fe9fef45d9703e3ef7f2 100755 (executable)
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -88,7 +88,7 @@ EOF
 elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release || grep -iE 'flidas|xenail' /etc/os-release ; then
   # fai on ubuntu only has official support using the universe repo, but newer
   # tends to have less bugs.
 elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release || grep -iE 'flidas|xenail' /etc/os-release ; then
   # fai on ubuntu only has official support using the universe repo, but newer
   # tends to have less bugs.

-  gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
+  gpg --keyserver hkp://pool.sks-keyservers.net -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -

 
   cat >/etc/apt/sources.list.d/fai.list <<'EOF'
 deb http://fai-project.org/download stretch koeln
 
   cat >/etc/apt/sources.list.d/fai.list <<'EOF'
 deb http://fai-project.org/download stretch koeln


@@ -104,6 +104,7 @@ apt-get update
 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
 # kernel, or the ability to install it.
 # xorriso is for running fai-cd -a, not strictly need for fai-server
 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
 # kernel, or the ability to install it.
 # xorriso is for running fai-cd -a, not strictly need for fai-server

+# perl-tk is for fai-monitor-gui

 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
 if modprobe nfsd &>/dev/null; then
   pkgs+=(nfs-kernel-server)
 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
 if modprobe nfsd &>/dev/null; then
   pkgs+=(nfs-kernel-server)


@@ -113,7 +114,9 @@ fi
 
 
 apt-get install -y ${pkgs[@]}
 
 
 apt-get install -y ${pkgs[@]}

-apt-get install --no-install-recommends -y fai-server
+# confnew since we edit /etc/fai/NFSROOT in an automated way
+# fai-client is already a fai-server dependency, but make sure it gets upgraded
+apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client

 
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.
 
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.


@@ -208,7 +211,10 @@ if armhf; then
 
     rm -f $NFSROOT/boot/*.bak
     mkdir -p $TFTPROOT/pxelinux.cfg
 
     rm -f $NFSROOT/boot/*.bak
     mkdir -p $TFTPROOT/pxelinux.cfg

-    chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
+    if ! chmod a+r $NFSROOT/boot/initrd.img-*; then
+      echo "$0: error: No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
+      exit 1
+    fi

     cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
     cp -u $pxebin $TFTPROOT
     if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
     cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
     cp -u $pxebin $TFTPROOT
     if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then


@@ -233,6 +239,14 @@ else # not armhf
   # note, this copies the -B arg to
   # /srv/fai/nfsroot/var/tmp/base.tar.xz
   e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
   # note, this copies the -B arg to
   # /srv/fai/nfsroot/var/tmp/base.tar.xz
   e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz

+  # fai-setup expert mode avoids writing to /var/log/fai/variables
+  # at least config_src is needed for autodiscover
+  $sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables
+  tee -a /var/log/fai/variables <<'EOF'
+LOGUSER=fai
+FAI_CONFIGDIR=/srv/fai/config
+FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
+EOF

   # make the faiserver also the apt proxy server
   apt-get -y install apt-cacher-ng
 fi
   # make the faiserver also the apt proxy server
   apt-get -y install apt-cacher-ng
 fi

diff --git a/wrt-setup b/wrt-setup
index ed9cc27fdea44b68196fdf855db84819a9265bdb..ab2e5c53739b1f43e8aaa99520ff64410e1ee081 100755 (executable)
--- a/wrt-setup
+++ b/wrt-setup
@@ -274,8 +274,7 @@ v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 #192.168.1.7 faiserver
 192.168.1.8 tp faiserver b8.nz
 192.168.1.9 n5
 #192.168.1.7 faiserver
 192.168.1.8 tp faiserver b8.nz
 192.168.1.9 n5

-192.168.1.10 kw
-192.168.1.11 kww
+192.168.1.10 so

 192.168.1.12 fz
 72.14.176.105 li
 45.33.9.11 lj
 192.168.1.12 fz
 72.14.176.105 li
 45.33.9.11 lj


@@ -365,10 +364,8 @@ dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl
 dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
 dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
 dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
 dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
 dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
 dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2

+#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,x2w

 #wireless interface
 #wireless interface

-#dhcp-host=00:22:5f:88:28:27,set:x2,192.168.1.5,x2
-#dhcp-host=00:1f:16:16:39:24,set:kw,192.168.1.10,kw
-#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,kww

 # this is so fai can have an explicit name to use for testing,
 # or else any random machine which did a pxe boot would get
 # reformatted. The mac is from doing a virt-install, cancelling it,
 # this is so fai can have an explicit name to use for testing,
 # or else any random machine which did a pxe boot would get
 # reformatted. The mac is from doing a virt-install, cancelling it,


@@ -376,7 +373,6 @@ dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
 dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
 #dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
 dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
 #dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp

-dhcp-host=c4:43:8f:f2:79:1f,set:n5,192.168.1.9,n5

 # this is the ip it picks by default if dhcp fails,
 # so might as well use it.
 # hostname is the name it uses according to telnet
 # this is the ip it picks by default if dhcp fails,
 # so might as well use it.
 # hostname is the name it uses according to telnet