new stack trace, linode fixes, minor improvements

diff --git a/README b/README
index 312d3305573c43c74fd6ee4184631fac99fbe425..eae4b2d0417866a4a01eafc0f6e244b2b58499a8 100644 (file)
--- a/README
+++ b/README
@@ -96,11 +96,11 @@ on fai-redep arguments.
 
 # create tiny autodiscover cd
 fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso
 
 # create tiny autodiscover cd
 fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso

-# create normal fai cd (replace TARGET_HOST)
-fai-redep -t TARGET_HOST && sudo fai-cd -M -g $PWD/grub.cfg.netinst -f $BASEFILE_DIR/netinst.iso
-note, may need to set hostname, depending on config,
-and some other things for environment not on your lan
-for example see fai/config/class/LINODE.var. See linode notes below.
+# create normal fai cd (replace TARGET_HOSTNAME)
+fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot -f $BASEFILE_DIR/netinst.iso
+# note, may need to set hostname, depending on config,
+# and some other things for environment not on your lan
+# for example see fai/config/class/LINODE.var. See linode notes below.

 
 mymk-basefile # Create basefiles for various distros
 archlike-pxe # Setup pxe boot server from an archlike base image
 
 mymk-basefile # Create basefiles for various distros
 archlike-pxe # Setup pxe boot server from an archlike base image

diff --git a/arch-init-remote b/arch-init-remote
index 09525434c90e5f22a3b702f7de769dab085c76f1..d8e4e29732b994178d7c34ad76faaa523005982c 100755 (executable)
--- a/arch-init-remote
+++ b/arch-init-remote
@@ -1,19 +1,7 @@
-#!/bin/bash -l
-# Copyright (C) 2016 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi

 
 set -x
 
 
 set -x
 

diff --git a/archlike-pxe b/archlike-pxe
index ba39c456d4d4a18bb5c1fbd26f22df27be3cd7d1..085679acf09b5ffb9c607cbf5a4997809895e542 100755 (executable)
--- a/archlike-pxe
+++ b/archlike-pxe
@@ -1,4 +1,4 @@
-#!/bin/bash -l
+#!/bin/bash

 # Copyright (C) 2016 Ian Kelling
 
 # This program is free software; you can redistribute it and/or
 # Copyright (C) 2016 Ian Kelling
 
 # This program is free software; you can redistribute it and/or


@@ -17,9 +17,7 @@
 
 # Setup arch pxe boot server from the base image.
 #
 
 # Setup arch pxe boot server from the base image.
 #

-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi

 
 usage() {
     cat <<EOF
 
 usage() {
     cat <<EOF


@@ -59,15 +57,15 @@ EOF
 # based on https://blog.chendry.org/2015/02/06/automating-arch-linux-installation.html
 # and https://wiki.archlinux.org/index.php/Remastering_the_Install_ISO
 
 # based on https://blog.chendry.org/2015/02/06/automating-arch-linux-installation.html
 # and https://wiki.archlinux.org/index.php/Remastering_the_Install_ISO
 

-s rm -rf squashfs-root # remove any existing folder
-s unsquashfs $sfs
-s mkdir -p squashfs-root/root/.ssh
-s chmod 755 squashfs-root/root/.ssh
-s cp ~/.ssh/home.pub squashfs-root/root/.ssh/authorized_keys
+sudo rm -rf squashfs-root # remove any existing folder
+sudo unsquashfs $sfs
+sudo mkdir -p squashfs-root/root/.ssh
+sudo chmod 755 squashfs-root/root/.ssh
+sudo cp ~/.ssh/home.pub squashfs-root/root/.ssh/authorized_keys

 
 

-s cp $script_dir/archlike-iso-init squashfs-root/root
-s rm $sfs
-s mksquashfs squashfs-root $sfs -comp xz
+sudo cp $script_dir/archlike-iso-init squashfs-root/root
+sudo rm $sfs
+sudo mksquashfs squashfs-root $sfs -comp xz

 # file transfer to wrt is slow, so remove some useless files
 rm -f $idir/$n/i686/airootfs.sfs $idir/$n/boot/i686/${n}iso.img
 pushd $(dirname $sfs); md5sum ${sfs##*/} > airootfs.md5; popd
 # file transfer to wrt is slow, so remove some useless files
 rm -f $idir/$n/i686/airootfs.sfs $idir/$n/boot/i686/${n}iso.img
 pushd $(dirname $sfs); md5sum ${sfs##*/} > airootfs.md5; popd


@@ -90,4 +88,4 @@ ssh wrt "cd /mnt/usb && rm -f tftpboot && ln -s $idir tftpboot"
 # complicated, so fuck it, we use nfs cuz it's easy
 
 rm -rf $idir
 # complicated, so fuck it, we use nfs cuz it's easy
 
 rm -rf $idir

-s rm -rf squashfs-root
+sudo rm -rf squashfs-root

diff --git a/debian-pxe-preseed b/debian-pxe-preseed
index a3ed886b51655afc6e1c892d76a54d317d6e4090..bac251aba7349305c1b52f2c09abe4ab50298d39 100755 (executable)
--- a/debian-pxe-preseed
+++ b/debian-pxe-preseed
@@ -28,8 +28,7 @@ e() { echo "$*"; "$@"; }
 
 mount_dir=$(mktemp -d)
 
 
 mount_dir=$(mktemp -d)
 

-cleanup() { cd; umount -f $mount_dir; }
-_errcatch_cleanup=cleanup
+errcatch-cleanup() { cd; umount -f $mount_dir; }

 e mount -o users wrt:/mnt/usb $mount_dir
 
 
 e mount -o users wrt:/mnt/usb $mount_dir
 
 

diff --git a/dsfull b/dsfull
index f1371d18ab07f59e43c2192cecec69b4fbef5a5f..cdb840b9272779b9abf378213ef5a5ea773b06dc 100755 (executable)
--- a/dsfull
+++ b/dsfull
@@ -1,4 +1,4 @@
-#!/bin/bash -l
+#!/bin/bash

 # Copyright (C) 2016 Ian Kelling
 
 # Licensed under the Apache License, Version 2.0 (the "License");
 # Copyright (C) 2016 Ian Kelling
 
 # Licensed under the Apache License, Version 2.0 (the "License");


@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
 # See the License for the specific language governing permissions and
 # limitations under the License.
 

-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi

 
 reboot=true
 if [[ $1 == -r ]]; then
 
 reboot=true
 if [[ $1 == -r ]]; then


@@ -70,7 +70,7 @@ if $kexec; then
     myfai-chboot $host
     live-kexec $host ||:
 else
     myfai-chboot $host
     live-kexec $host ||:
 else

-    cleanup() { pxe-server; }; _errcatch_cleanup=cleanup
+    errcatch-cleanup() { pxe-server; }

     pxe-server $host fai
 
     if $reboot; then
     pxe-server $host fai
 
     if $reboot; then


@@ -79,7 +79,7 @@ else
     fi
 
     pxe-server -a
     fi
 
     pxe-server -a

-    unset _errcatch_cleanup
+    unset errcatch-cleanup

 fi
 
 error=true
 fi
 
 error=true

diff --git a/fai-redep b/fai-redep
index ac73c7b16e539a67cbddcbdc5f634cbab05c7770..05414973ff69f9607fb7fec8f75897540cc5c2e4 100755 (executable)
--- a/fai-redep
+++ b/fai-redep
@@ -59,7 +59,7 @@ sudo rsync -a /root/.ssh/home.pub \
 # these files are not available.
 
 if [[ $target ]]; then
 # these files are not available.
 
 if [[ $target ]]; then

-  if [[ -e /q/root/shadow/$target ]]; then
+  if sudo test -e /q/root/shadow/$target; then

     shadowfile=shadow/$target # empty otherwise
   fi
   sudo rsync -lpt --files-from=- /q/root root@$faiserver_host:/srv/fai/config/distro-install-common <<EOF
     shadowfile=shadow/$target # empty otherwise
   fi
   sudo rsync -lpt --files-from=- /q/root root@$faiserver_host:/srv/fai/config/distro-install-common <<EOF


@@ -83,7 +83,7 @@ printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
   ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
 
 
   ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
 
 

-rsync -rplt --delete $BASEFILE_DIR/*.gz root@$faiserver_host:/srv/fai/config/basefiles/
+rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ root@$faiserver_host:/srv/fai/config/basefiles/

 ssh root@$faiserver_host bash <<'EOF'
 set -eE -o pipefail
 # make it the root because pxe-kexec only looks there.
 ssh root@$faiserver_host bash <<'EOF'
 set -eE -o pipefail
 # make it the root because pxe-kexec only looks there.

diff --git a/fai-revm b/fai-revm
index 76458885f7f03cd93c02251fe34b668913fb3aeb..a44b218c994df855a90377181a18544515a58a3a 100755 (executable)
--- a/fai-revm
+++ b/fai-revm
@@ -1,4 +1,4 @@
-#!/bin/bash -l
+#!/bin/bash

 # Copyright (C) 2016 Ian Kelling
 
 # This program is free software; you can redistribute it and/or
 # Copyright (C) 2016 Ian Kelling
 
 # This program is free software; you can redistribute it and/or


@@ -22,6 +22,7 @@ script_dir="${this_file%/*}"
 # shellcheck source=./bash-trace
 source "${script_dir}/bash-trace"
 cd $script_dir
 # shellcheck source=./bash-trace
 source "${script_dir}/bash-trace"
 cd $script_dir

+PATH="$PATH:$PWD"

 
 e() { echo "$*"; "$@"; }
 
 
 e() { echo "$*"; "$@"; }
 


@@ -86,12 +87,11 @@ is_arch_revm() {
   [[ ${0##*/} == arch-revm ]]
 }
 
   [[ ${0##*/} == arch-revm ]]
 }
 

-cleanup() {
+errcatch-cleanup() {

   echo "doing cleanup"
   e ./pxe-server $dhcp_arg
   ./faiserver-disable
 }
   echo "doing cleanup"
   e ./pxe-server $dhcp_arg
   ./faiserver-disable
 }

-_errcatch_cleanup=cleanup

 
 boot_arg=--pxe
 if is_arch_revm; then
 
 boot_arg=--pxe
 if is_arch_revm; then


@@ -112,7 +112,7 @@ else
     isopath=$BASEFILE_DIR/$iso
     isosrc=$BASEFILE_DIR/STRETCH64.tar.gz
     if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
     isopath=$BASEFILE_DIR/$iso
     isosrc=$BASEFILE_DIR/STRETCH64.tar.gz
     if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then

-      e s fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
+      e sudo fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath

     fi
     boot_arg="--cdrom $isopath"
     e fai-redep
     fi
     boot_arg="--cdrom $isopath"
     e fai-redep


@@ -127,7 +127,7 @@ fi
 
 name=demohost
 
 
 name=demohost
 

-e s virshrm $name ||:
+e sudo virshrm $name ||:

 
 
 disk_arg=()
 
 
 disk_arg=()


@@ -135,8 +135,8 @@ for ((i=1; i <= disk_count; i++)); do
   f=/var/lib/libvirt/images/${name}$i
   disk_arg+=("--disk path=$f")
   if $new_disk || [[ ! -e $f ]]; then
   f=/var/lib/libvirt/images/${name}$i
   disk_arg+=("--disk path=$f")
   if $new_disk || [[ ! -e $f ]]; then

-    s rm -f $f
-    e s qemu-img create -o preallocation=metadata -f qcow2 $f 50G
+    sudo rm -f $f
+    e sudo qemu-img create -o preallocation=metadata -f qcow2 $f 50G

   fi
 done
 
   fi
 done
 


@@ -152,12 +152,12 @@ s iptables -P FORWARD ACCEPT
 # init_module+0x108/0x1000 [raid6_pq]
 #
 # uniq is to stop gtk-warning spam
 # init_module+0x108/0x1000 [raid6_pq]
 #
 # uniq is to stop gtk-warning spam

-# e s virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \
+# e sudo virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \

   #   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   #   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 
 
   #   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   #   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 
 

-e s virt-install --rng /dev/urandom --os-variant $variant  -n $name $boot_arg -r 2048 --vcpus 1 \
+e sudo virt-install --rng /dev/urandom --os-variant $variant  -n $name $boot_arg -r 2048 --vcpus 1 \

   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 
   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 


@@ -170,7 +170,7 @@ sleep 30
 while ! timeout -s 9 10 ssh -oBatchMode=yes root@$name /bin/true; do
   e sleep 5
 done
 while ! timeout -s 9 10 ssh -oBatchMode=yes root@$name /bin/true; do
   e sleep 5
 done

-unset _errcatch_cleanup
+unset errcatch-cleanup

 e ./pxe-server $dhcp_arg
 if is_arch_revm; then
   ./arch-init-remote $name
 e ./pxe-server $dhcp_arg
 if is_arch_revm; then
   ./arch-init-remote $name

diff --git a/fai-wrapper b/fai-wrapper
index 4203f8069f2a92ccff14d05223b9ab2a2a29feae..93e1c6dd6fdf901ca2a9eb379ee06fd288e7d0d4 100644 (file)
--- a/fai-wrapper
+++ b/fai-wrapper
@@ -28,7 +28,7 @@ eval-fai-classfile() {
     echo "$0: probably an error: eval-fai-classfile no such file: $file"
     return 0
   fi
     echo "$0: probably an error: eval-fai-classfile no such file: $file"
     return 0
   fi

-  fai-setclass $(bash -l $file)
+  fai-setclass $(bash $file)

 }
 export -f ifclass
 classes=DEFAULT  # used by fcopy
 }
 export -f ifclass
 classes=DEFAULT  # used by fcopy

diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index c7091f0b33dd46e123e1d512a677d13128ccdf36..ef0c7815477961582cc7ad29f31d870916c461c1 100755 (executable)
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -1,4 +1,4 @@
-#!/bin/bash -l
+#!/bin/bash

 
 # assign classes to hosts based on their hostname
 
 
 # assign classes to hosts based on their hostname
 

diff --git a/fai/config/class/LINODE.var b/fai/config/class/LINODE.var
index e8bfb1feca85b140f8b0072f8be1dbef647fa9f1..8f34a2c21c2427f7f31e0fa5ca35b7872b5837f6 100644 (file)
--- a/fai/config/class/LINODE.var
+++ b/fai/config/class/LINODE.var
@@ -1,6 +1,6 @@
 APTPROXY=
 APTPROXY=

-linode_ip=1.2.3.4
-linode_gw=1.2.3.1
+linode_ip=172.105.84.95
+linode_gw=172.105.84.1

 # this is the same at least in 2 regions
 linode_if=enp0s3
 LOGSERVER=b8.nz
 # this is the same at least in 2 regions
 linode_if=enp0s3
 LOGSERVER=b8.nz

diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 3d061b3445e961542562eccc59a813187c382528..1fd8ca6a778cfcba6bb13c0d3ffc9ceba67be740 100755 (executable)
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -24,6 +24,9 @@ if ifclass ziva; then
 else
   # if doesn't exist, we dont set one
   ROOTPW=/q/root/shadow/standard
 else
   # if doesn't exist, we dont set one
   ROOTPW=/q/root/shadow/standard

+  if [[ ! -e $ROOTPW ]]; then
+    ROOTPW=/q/root/shadow/$HOSTNAME
+  fi

 fi
 
 chpw() {
 fi
 
 chpw() {

diff --git a/fai/config/files/boot/bash-trace/DEFAULT b/fai/config/files/boot/bash-trace/DEFAULT
index 61f8ae52edb9958c799001e43a1f91b8f8994f74..246042d28c1241dd91ea03ddd3415f8ab20d3bbc 100644 (file)
--- a/fai/config/files/boot/bash-trace/DEFAULT
+++ b/fai/config/files/boot/bash-trace/DEFAULT
@@ -1,48 +1,203 @@
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+

 # meant to be sourced. copy/pasted from https://iankelling.org/git/?p=errhandle;a=summary
 
 # meant to be sourced. copy/pasted from https://iankelling.org/git/?p=errhandle;a=summary
 

-bash-trace() {
-    local -i argc_index=0 arg frame i start=${1:-1} max_indent=8 indent
-    local source
-    local extdebug=false
-    if [[ $(shopt -p extdebug) == *-s* ]]; then
-        extdebug=true
-    fi
-
-    for ((frame=0; frame < ${#FUNCNAME[@]}-1; frame++)); do
-        argc=${BASH_ARGC[frame]}
-        argc_index+=$argc
-        ((frame < start)) && continue
-        if (( ${#BASH_SOURCE[@]} > 1 )); then
-            source="${BASH_SOURCE[frame+1]}:${BASH_LINENO[frame]}:"
-        fi
-        indent=$((frame-start+1))
-        indent=$((indent < max_indent ? indent : max_indent))
-        printf "%${indent}s↳%sin \`%s" '' "$source" "${FUNCNAME[frame]}"
-        if $extdebug; then
-            for ((i=argc_index-1; i >= argc_index-argc; i--)); do
-                printf " %s" "${BASH_ARGV[i]}"
-            done
-        fi
-        echo \'
-    done
+# Commentary: Bash stack trace and error handling functions. This file
+# is meant to be sourced. It loads some functions which you may want to
+# call manually (see the comments at the start of each one), and then
+# runs err-catch. See the README file for a slightly longer explanation.
+
+
+#######################################
+# Print stack trace
+#
+# usage: err-bash-trace [MESSAGE]
+#
+# This function is called by the other functions which print stack
+# traces.
+#
+# It does not show function args unless you first run:
+# shopt -s extdebug
+# which err-catch & err-print do for you.
+#
+# MESSAGE       Message to print just before the stack trace.
+#
+# _frame_start  Optional variable to set before calling. The frame to
+#               start printing on. default=1. Useful when printing from
+#               an ERR trap function to avoid printing that function.
+#######################################
+err-bash-trace() {
+  local -i argc_index=0 frame i start=${_frame_start:-1}
+  local source
+  if [[ $1 ]]; then
+    printf "%s\n" "$1"
+  fi
+  for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do
+    argc=${BASH_ARGC[frame]}
+    argc_index+=$argc
+    ((frame < start)) && continue
+    if (( ${#BASH_SOURCE[@]} > 1 )); then
+      source="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:"
+    fi
+    printf "  from %sin \`%s" "$source" "${FUNCNAME[frame]}"
+    if shopt extdebug >/dev/null; then
+      for ((i=argc_index-1; i >= argc_index-argc; i--)); do
+        printf " %s" "${BASH_ARGV[i]}"
+      done
+    fi
+    echo \'
+  done
+  return 0
+}
+
+#######################################
+# On error print stack trace and exit
+#
+# Globals:
+#   errcatch-cleanup  If set, this command will run just before exiting.
+#######################################
+err-catch() {
+  set -E; shopt -s extdebug
+  _err-trap() {
+    err=$?
+    exec >&2
+    set +x
+    local msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $err"
+    if (( ${#FUNCNAME[@]} > 2 )); then
+      local _frame_start=2
+      err-bash-trace "$msg"
+    else
+      echo "$msg"
+    fi
+    set -e # err trap does not work within an error trap
+    if type -t errcatch-cleanup >/dev/null; then
+      errcatch-cleanup
+    fi
+    echo "$0: exiting with status $err"
+    exit $err
+  }
+  trap _err-trap ERR
+  set -o pipefail
+}
+
+
+#######################################
+# For interactive shells: on error, print stack trace and return
+#
+# Globals:
+#   err_catch_ignore  Array containing glob patterns to test against filenames to ignore
+#                     errors from. Initialized to ignore bash-completion scripts on debian
+#                     based systems.
+#   _err_func_last  Used internally.
+#   _err_catch_err  Used internally.
+#   _err_catch_i    Used internally.
+#   _err_catch_ignore Used internally.
+#
+# misc: All shellcheck disables for this function are false positives.
+#######################################
+# shellcheck disable=SC2120
+err-catch-interactive() {
+  err_catch_ignore=(
+    '/etc/bash_completion.d/*'
+  )
+  # shellcheck disable=SC2034
+  declare -i _err_func_last=0
+  set -E; shopt -s extdebug
+  # shellcheck disable=SC2154
+  trap '_err_catch_err=$? _trap_bc="$BASH_COMMAND"
+  _err_catch_ignore=false
+  for _err_catch_i in "${err_catch_ignore[@]}"; do
+    if [[ ${BASH_SOURCE[0]} == $_err_catch_i ]]; then
+      _err_catch_ignore=true
+      break
+    fi
+  done
+  if ! $_err_catch_ignore; then
+    if (( ${#FUNCNAME[@]} > _err_func_last )); then
+      echo ERR: \`$_trap_bc'"\'"' returned $_err_catch_err
+    fi
+    _err_func_last=${#FUNCNAME[@]}
+    if (( _err_func_last )); then
+      printf "  from %s:%s:in \`%s" "${BASH_SOURCE[0]}" "$(declare -F "${FUNCNAME[0]}"|awk "{print \$2}")" "${FUNCNAME[0]}"
+      if shopt extdebug >/dev/null; then
+        for ((_err_catch_i=${BASH_ARGC[0]}-1; _err_catch_i >= 0; _err_catch_i--)); do
+          printf " %s" "${BASH_ARGV[_err_catch_i]}"
+        done
+      fi
+      echo '"\'"'
+      return $_err_catch_err
+    fi
+  fi' ERR
+  set -o pipefail

 }
 
 
 }
 
 

-errcatch() {
-    set -E; shopt -s extdebug
-    _err-trap() {
-        err=$?
-        exec >&2
-        set +x
-        echo "${BASH_SOURCE[1]}:${BASH_LINENO[0]}:in \`$BASH_COMMAND' returned $err"
-        bash-trace 2
-        set -e
-        "${_errcatch_cleanup[@]}"
-        echo "$0: exiting with code $err"
-        exit $err
-    }
-    trap _err-trap ERR
-    set -o pipefail
+#######################################
+# Undoes err-catch/err-catch-interactive
+#######################################
+err-allow() {
+  shopt -u extdebug
+  set +E +o pipefail
+  trap ERR
+}
+
+#######################################
+# On error, print stack trace
+#######################################
+err-print() {
+  # help: on errors: print stack trace
+  #
+  # This function depends on err-bash-trace.
+
+  set -E; shopt -s extdebug
+  _err-trap() {
+    err=$?
+    exec >&2
+    set +x
+    echo "${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $err"
+    err-bash-trace 2
+  }
+  trap _err-trap ERR
+  set -o pipefail
+}
+
+
+#######################################
+# Print stack trace and exit
+#
+# Use this instead of the exit command to be more informative.
+#
+# usage: err-exit [EXIT_CODE] [MESSAGE]
+#
+# EXIT_CODE  Default is 1.
+# MESSAGE    Print MESSAGE to stderr. If only one of EXIT_CODE
+#            and MESSAGE is given, we consider it to be an
+#            exit code if it is a number.
+#######################################
+err-exit() {
+  exec >&2
+  code=1
+  if [[ "$*" ]]; then
+    if [[ ${1/[^0-9]/} == "$1" ]]; then
+      code=$1
+      if [[ $2 ]]; then
+        printf '%s\n' "$2" >&2
+      fi
+    else
+      printf '%s\n' "$0: $1" >&2
+    fi
+  fi
+  echo "${BASH_SOURCE[1]}:${BASH_LINENO[0]}"
+  err-bash-trace 2
+  echo "$0: exiting with code $code"
+  exit $err

 }
 
 }
 

-errcatch
+# We want this more often than not, so run it now.
+if [[ $- == *i* ]]; then
+  err-catch-interactive
+else
+  err-catch
+fi

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index ab436bdad797d35b60e0339237b731a164fbd09e..ccaca6efe02ad34a5eb94a79ce68e1602969aedc 100755 (executable)
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -93,10 +93,7 @@ grub_extn=4
 # https://wiki.archlinux.org/index.php/GRUB
 bios_grubn=5
 lastn=$bios_grubn
 # https://wiki.archlinux.org/index.php/GRUB
 bios_grubn=5
 lastn=$bios_grubn

-# this is larger than needed for several /boot subvols,
-# becuase I keep a minimal debian install on it, for
-# recovery needs, and for doing pxe-kexec.
-boot_mib=10000
+

 
 
 ##### end configuration
 
 
 ##### end configuration


@@ -212,7 +209,7 @@ if [[ ! ${devs[0]} ]]; then
   exit 1
 fi
 
   exit 1
 fi
 

-
+boot_space=0

 first=false
 boot_devs=()
 for dev in ${devs[@]}; do
 first=false
 boot_devs=()
 for dev in ${devs[@]}; do


@@ -242,6 +239,8 @@ for dev in ${devs[@]}; do
     done
     $bad_disk || boot_devs+=($(bootdev))
   else
     done
     $bad_disk || boot_devs+=($(bootdev))
   else

+    boot_space=$(( boot_space + $(parted -m $dev unit MiB print | \
+                                    sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))

     boot_devs+=($(bootdev))
   fi
   if [[ $boot_devs && $first ]]; then
     boot_devs+=($(bootdev))
   fi
   if [[ $boot_devs && $first ]]; then


@@ -256,11 +255,32 @@ elif ifclass RAID1 || (( ${#boot_devs[@]} <= 3 )); then
   raid_level=1
 else
   raid_level=10
   raid_level=1
 else
   raid_level=10

-  # need double the space if we are raid 10, and then
-  # might as well give some extra.
-  boot_mib=$((boot_mib * 3))

 fi
 
 fi
 

+### Begin calculate boot partition space
+# due to raid duplication
+case $raid_level in
+  1*) boot_space=$(( boot_space / 2 )) ;;
+esac
+if (( boot_space > 60000 )); then
+  # this is larger than needed for several /boot subvols,
+  # becuase I keep a minimal debian install on it for
+  # recovery needs and for doing pxe-kexec.
+  boot_mib=10000
+elif (( boot_space > 30000 )); then
+  boot_mib=$(( 5000 + (boot_space - 30000) / 2 ))
+else
+  # Small vms don't have room for /boot recovery.  With 3 kernels
+  # installed, i'm using 132M on t8, so this seems like plenty of
+  # room. note: rhel 8 recomments 1g for /boot.
+  boot_mib=500
+  #
+fi
+case $raid_level in
+  1*) boot_mib=$(( boot_mib * 2 )) ;;
+esac
+### end calculate boot partition space
+

 
 
 if [[ ! $DISTRO ]]; then
 
 
 if [[ ! $DISTRO ]]; then


@@ -541,8 +561,8 @@ else
   # note, fai creates the mountpoints listed here
   cat > /tmp/fai/fstab <<EOF
 $first_root_crypt  /  btrfs  noatime,subvol=root_$DISTRO  0 0
   # note, fai creates the mountpoints listed here
   cat > /tmp/fai/fstab <<EOF
 $first_root_crypt  /  btrfs  noatime,subvol=root_$DISTRO  0 0

-$first_root_crypt  /mnt/root  btrfs  noatime,subvolid=0  0 0
-$first_boot_dev  /boot  btrfs  noatime,subvol=$boot_vol  0 0
+$first_root_crypt  /mnt/root  btrfs  nofail,noatime,subvolid=0  0 0
+$first_boot_dev  /boot  btrfs  nofail,noatime,subvol=$boot_vol  0 0

 EOF
   swaps=()
   for dev in ${devs[@]}; do
 EOF
   swaps=()
   for dev in ${devs[@]}; do


@@ -552,7 +572,7 @@ $(root-cryptname)  $(rootdev)  none  keyscript=decrypt_keyctl,discard,luks,initr
 $(swap-cryptname) $(swapdev)  /dev/urandom  swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
 EOF
     cat >> /tmp/fai/fstab <<EOF
 $(swap-cryptname) $(swapdev)  /dev/urandom  swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
 EOF
     cat >> /tmp/fai/fstab <<EOF

-$(swap-cryptdev)  none  swap  sw  0 0
+$(swap-cryptdev)  none  swap  nofail,sw  0 0

 EOF
   done
 
 EOF
   done
 

diff --git a/fai/config/scripts/DEBIAN/30-interface b/fai/config/scripts/DEBIAN/30-interface
index 74c3058bbdcbdd134f25d669d9385dbea564e419..db84395f9d404afb022c378d54d4e4d6d84515b2 100755 (executable)
--- a/fai/config/scripts/DEBIAN/30-interface
+++ b/fai/config/scripts/DEBIAN/30-interface
@@ -104,6 +104,18 @@ iface $NIC1 inet dhcp
 iface $NIC1 inet6 auto
 EOF
 
 iface $NIC1 inet6 auto
 EOF
 

+      elif ifclass LINODE
+           # NIC1 is wrong, probably because the installer distro
+           # is stretch and the installed one is buster.
+           # todo: after upgrading installer to buster,
+           # try removing this condition
+        cat > $target/etc/network/interfaces <<EOF
+# generated by FAI
+auto lo $linode_if
+iface lo inet loopback
+iface $linode_if inet dhcp
+iface $linode_if inet6 auto
+EOF

 
       else
         cat > $target/etc/network/interfaces <<EOF
 
       else
         cat > $target/etc/network/interfaces <<EOF


@@ -124,8 +136,8 @@ EOF
       fi
 
       if ifclass LINODE; then
       fi
 
       if ifclass LINODE; then

-        mkdir -p /etc/initramfs-tools/conf.d
-        cat >/etc/initramfs-tools/conf.d/mine <<EOF
+        mkdir -p $target/etc/initramfs-tools/conf.d
+        cat >$target/etc/initramfs-tools/conf.d/mine <<EOF

 # dhcp in initramfs doesn't work on linode. i dunno why, whatever.
 # man 5 initramfs.conf
 # /usr/share/doc/klibc-utils/README.ipconfig.gz
 # dhcp in initramfs doesn't work on linode. i dunno why, whatever.
 # man 5 initramfs.conf
 # /usr/share/doc/klibc-utils/README.ipconfig.gz

diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index 9f0c56e19acff9db9037a048abdd01c125564950..1234474396cab62da1f83b97e1c97b031b852636 100755 (executable)
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -60,7 +60,16 @@ fcopy -riBM /etc/apt
 sleep 1
 f=$FAI_ROOT/var/cache/apt/pkgcache.bin
 if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
 sleep 1
 f=$FAI_ROOT/var/cache/apt/pkgcache.bin
 if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then

-  $ROOTCMD apt-get update
+  i=0
+  while fuser $FAI_ROOT/var/lib/dpkg/lock &>/dev/null; do
+    sleep 1
+    i=$(( i+1 ))
+    if (( i > 300 )); then
+      echo "error: timed out waiting for /var/lib/dpkg/lock" >&2
+      exit 1
+    fi
+    $ROOTCMD apt-get update
+  done

 fi
 
 
 fi
 
 


@@ -108,13 +117,17 @@ EOF
 if [[ $FAI_ACTION != dirinstall ]]; then
 
 
 if [[ $FAI_ACTION != dirinstall ]]; then
 
 

+  # luks options, see man systemd-cryptsetup-generator
+  # all i know is that with luks.crypttab=no, swap still timed out on boot.
+  # and with rd.luks.crypttab=no, it works.
+  cmdline="rd.luks.crypttab=no console=ttyS0"

   if ifclass LINODE; then
     speed=19200
   if ifclass LINODE; then
     speed=19200

-    # luks.crypttab=no see man systemd-cryptsetup-generator
-    cmdline="luks.crypttab=no console=ttyS0,${speed}n8"
+    cmdline+=",${speed}n8"
+    cmdline="rd.luks.crypttab=no console=ttyS0,${speed}n8"

   else
     speed=115200
   else
     speed=115200

-    cmdline="luks.crypttab=no console=ttyS0,${speed} console=tty0"
+    cmdline+=",${speed}n8 console=tty0"

   fi
 
   cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
   fi
 
   cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF


@@ -151,7 +164,7 @@ sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
 update-grub2
 EOF
 
 update-grub2
 EOF
 

-  if [[ ! FAI_WRAPPER ]]; then
+  if [[ ! $FAI_WRAPPER ]]; then

     chroot $FAI_ROOT bash <<EOF
 # Just include all of them for now incase we are creating
 # an install for a different machine.. in distro-begin, we
     chroot $FAI_ROOT bash <<EOF
 # Just include all of them for now incase we are creating
 # an install for a different machine.. in distro-begin, we

diff --git a/faiserver-revm b/faiserver-revm
index ddd27a20b69e957937f3d1975b6d50383e173716..6e4613f80f7e1a9e153db549489e5e955b98c3db 100755 (executable)
--- a/faiserver-revm
+++ b/faiserver-revm
@@ -1,9 +1,8 @@
-#!/bin/bash -l
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later

 set -x
 
 set -x
 

-set -eE -o pipefail
-cleanup() { :; }; _errcatch_cleanup=cleanup
-

 x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 cd ${x%/*}
 
 x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 cd ${x%/*}
 


@@ -23,7 +22,7 @@ case $1 in
     -h|--help) usage ;;
 esac
 
     -h|--help) usage ;;
 esac
 

-cleanup() { pxe-server :; }
+errcatch-cleanup() { pxe-server :; }

 ./debian-pxe-preseed -i 10.0.0.1 -u iank -g vda
 
 name=faiserver
 ./debian-pxe-preseed -i 10.0.0.1 -u iank -g vda
 
 name=faiserver


@@ -44,7 +43,7 @@ while ! scp $opts faiserver-setup root@faiserver:; do
 done
 
 # note: with a vm, pxe boot is turned off in the bios after it's first reboot.
 done
 
 # note: with a vm, pxe boot is turned off in the bios after it's first reboot.

-cleanup() { :; }
+errcatch-cleanup() { :; }

 ./pxe-server
 
 ssh $opts root@faiserver ./faiserver-setup
 ./pxe-server
 
 ssh $opts root@faiserver ./faiserver-setup

diff --git a/fresize b/fresize
index 4f2ef49854b087f53d1ae0d961747cc2f752df6a..a7df41412b87f776ca92980f730de0fbd9cc3fd8 100755 (executable)
--- a/fresize
+++ b/fresize
@@ -6,7 +6,7 @@ x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 
 usage() {
     cat <<EOF
 
 usage() {
     cat <<EOF

-Usage: ${0##*/} [OPTIONS] +/-SIZE[g] swap|boot
+Usage: ${0##*/} [OPTIONS] -- +/-SIZE[g] swap|boot

 
 Assuming Ian Kelling's partition scheme and we are currently into one of
 it's encrypted oses (we it's btrfs filesystem to be mounted), resize
 
 Assuming Ian Kelling's partition scheme and we are currently into one of
 it's encrypted oses (we it's btrfs filesystem to be mounted), resize

diff --git a/grub.cfg.netinst-linode b/grub.cfg.netinst-noreboot
similarity index 100%
rename from grub.cfg.netinst-linode
rename to grub.cfg.netinst-noreboot

diff --git a/mk-basefile-big b/mk-basefile-big
index 370fd8b33e6aecac689641bfdc1b6340bc19e3c1..337d80ad09b601a2f6716bb0e3d8b5a5c252f628 100755 (executable)
--- a/mk-basefile-big
+++ b/mk-basefile-big
@@ -73,14 +73,13 @@ distro=trisquel
 t=/tmp/dirinstall
 
 
 t=/tmp/dirinstall
 
 

-cleanup() {
+errcatch-cleanup() {

   sed -i 's/^#LOGUSER=/LOGUSER=/' /etc/fai/fai.conf
   for d in proc var/lib/dpkg var/cache; do
   umount -R $t/$d ||:
   done
   rm -rf $t
 }
   sed -i 's/^#LOGUSER=/LOGUSER=/' /etc/fai/fai.conf
   for d in proc var/lib/dpkg var/cache; do
   umount -R $t/$d ||:
   done
   rm -rf $t
 }

-_errcatch_cleanup=cleanup

 
 
 myfai-chboot default
 
 
 myfai-chboot default

diff --git a/myfai-chboot-local b/myfai-chboot-local
index 3ecc7d13f83d5b3beb8af69327faca4c875f56ad..1845cd02d58c6c98114f3eaf4987e01cb1e699e3 100755 (executable)
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -32,13 +32,10 @@ while [[ $1 == -* ]]; do
   esac
 done
 
   esac
 done
 

-e() {
-  echo "$*"
-  if ! "$@"; then
-    echo "$0: error: exit code $? from: $*"
-    exit 1
-  fi
-}
+pre="${0##*/}:"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }

 
 host=$1
 
 
 host=$1
 


@@ -68,6 +65,7 @@ else
     exit 1
   fi
   ip=$ip/32
     exit 1
   fi
   ip=$ip/32

+  echo "$0: found ip of $host: $ip"

 fi
 
 if modprobe nfsd &>/dev/null; then
 fi
 
 if modprobe nfsd &>/dev/null; then


@@ -105,7 +103,7 @@ fi
 
 # man page doesn't explain this, but this deletes & thus disables
 # all chboot systems.
 
 # man page doesn't explain this, but this deletes & thus disables
 # all chboot systems.

-e fai-chboot -iv $std_arg default # set it to default to get a val out of it next
+m fai-chboot -iv $std_arg default # set it to default to get a val out of it next

 kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
 default_k_args=$(fai-chboot -L '^default$' | \
                    sed -r "s/^(\S+\s+){3}(.*)/\2/")
 kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
 default_k_args=$(fai-chboot -L '^default$' | \
                    sed -r "s/^(\S+\s+){3}(.*)/\2/")


@@ -125,7 +123,7 @@ for arg in $default_k_args; do
   esac
 done
 rm -f /srv/tftp/fai/pxelinux.cfg/*
   esac
 done
 rm -f /srv/tftp/fai/pxelinux.cfg/*

-e fai-chboot -k "${k_args[*]}" -v -f verbose,sshd,createvt$fai_reboot_arg $std_arg $kernel "$host"
+m fai-chboot -k "${k_args[*]}" -v -f verbose,sshd,createvt$fai_reboot_arg $std_arg $kernel "$host"

 
 # this is needed for autodiscover iso. i'm not sure, it might override
 # the fai-chboot method of setting this, i'm not sure.
 
 # this is needed for autodiscover iso. i'm not sure, it might override
 # the fai-chboot method of setting this, i'm not sure.

diff --git a/pxe-server b/pxe-server
index 6137386a1188d9ab9c50e4bee783e7ee57dfc053..07262fca9a70a2cf3036def43eb76fb470794b64 100755 (executable)
--- a/pxe-server
+++ b/pxe-server
@@ -61,6 +61,11 @@ EOF
   exit $1
 }
 
   exit $1
 }
 

+pre="${0##*/}:"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+

 ##### begin command line parsing ########
 
 dhcp=true
 ##### begin command line parsing ########
 
 dhcp=true


@@ -70,7 +75,7 @@ wait=false
 fsf=false
 
 case $HOSTNAME in
 fsf=false
 
 case $HOSTNAME in

-  x2|x3|kw) fsf=true ;;
+  x2|kw) fsf=true ;;

 esac
 
 chboot_args=()
 esac
 
 chboot_args=()


@@ -125,11 +130,6 @@ fi
 
 ##### end command line parsing ########
 
 
 ##### end command line parsing ########
 

-e() {
-  echo "$@"
-  "$@"
-}
-

 archlike() {
   cat <<EOF
 dhcp-option-force=209,boot/syslinux/${type}iso.cfg
 archlike() {
   cat <<EOF
 dhcp-option-force=209,boot/syslinux/${type}iso.cfg


@@ -174,28 +174,28 @@ ack-wait() {
       echo $line
     fi
   done < <($wait_cmd ||:) # tail returns 2 it seems
       echo $line
     fi
   done < <($wait_cmd ||:) # tail returns 2 it seems

-  e sleep 20
+  m sleep 20

 }
 
 set-pxe() {
   $dhcp || return 0
   if $fsf; then
     if [[ ! $cmd ]]; then
 }
 
 set-pxe() {
   $dhcp || return 0
   if $fsf; then
     if [[ ! $cmd ]]; then

-      echo "$0: removing pxe for $host on tarantula"
+      e "removing pxe for $host on tarantula"

       ssh tarantula bash -e <<EOF
 sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp3/dhcpd.conf
 /etc/init.d/dhcp3-server restart
 EOF
     elif [[ $cmd == fai ]]; then
       ssh tarantula bash -e <<EOF
 sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp3/dhcpd.conf
 /etc/init.d/dhcp3-server restart
 EOF
     elif [[ $cmd == fai ]]; then

-      echo "$0: adding pxe for $host on tarantula"
+      e "adding pxe for $host on tarantula"

       ssh tarantula bash -e <<EOF
 sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp3/dhcpd.conf
 /etc/init.d/dhcp3-server restart
 EOF
     fi
   else
       ssh tarantula bash -e <<EOF
 sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp3/dhcpd.conf
 /etc/init.d/dhcp3-server restart
 EOF
     fi
   else

-    echo "$0: updating dnsmasq.conf:"
-    $cmd
+    e "updating dnsmasq.conf:"
+    m $cmd

     ${cmd:-:}|ssh wrt "cedit pxe /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart
 $([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
   fi
     ${cmd:-:}|ssh wrt "cedit pxe /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart
 $([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
   fi


@@ -205,9 +205,9 @@ $([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
 if $set; then
   set-pxe
   if [[ $type == fai ]]; then
 if $set; then
   set-pxe
   if [[ $type == fai ]]; then

-    e myfai-chboot ${chboot_args[@]} $host
+    m myfai-chboot ${chboot_args[@]} $host

     if $redep; then
     if $redep; then

-      e fai-redep
+      m fai-redep

     fi
   else
     # This will fail if faiserver is not setup, so ignore any
     fi
   else
     # This will fail if faiserver is not setup, so ignore any

diff --git a/wrt-setup-local b/wrt-setup-local
index 1c5338f16b54baf1114fe4f93f5935e0b73e305b..e7ebd38d7137914515fa36b7130e9de30f51e989 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -349,36 +349,75 @@ config rule
  option dest_port        22
 
 config redirect
  option dest_port        22
 
 config redirect

- option name sshalt
+ option name sshkd

  option src              wan
  option src              wan

- option src_dport        2222
+ option src_dport        2202

  option dest_port        22
  option dest_port        22

- option dest_ip          $l.3
+ option dest_ip          $l.2

  option dest             lan
 config rule
  option src              wan
  option target           ACCEPT
  option dest             lan
 config rule
  option src              wan
  option target           ACCEPT

- option dest_port        2222
+ option dest_port        2202

 
 

+config redirect
+ option name sshfrodo
+ option src              wan
+ option src_dport        2203
+ option dest_port        22
+ option dest_ip          $l.3
+ option dest             lan

 config rule
  option src              wan
  option target           ACCEPT
 config rule
  option src              wan
  option target           ACCEPT

- option dest_port        2220
+ option dest_port        2203

 
 

+config redirect
+ option name sshx2
+ option src              wan
+ option src_dport        2205
+ option dest_port        22
+ option dest_ip          $l.5
+ option dest             lan
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        2205

 
 config redirect
 
 config redirect

+ option name sshx3

  option src              wan
  option src              wan

- option src_dport        443
+ option src_dport        2207
+ option dest_port        22
+ option dest_ip          $l.7

  option dest             lan
  option dest             lan

+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        2207
+
+config redirect
+ option name sshtp
+ option src              wan
+ option src_dport        2208
+ option dest_port        22

  option dest_ip          $l.8
  option dest_ip          $l.8

- option proto            tcp
+ option dest             lan

 config rule
  option src              wan
  option target           ACCEPT
 config rule
  option src              wan
  option target           ACCEPT

- option dest_port        443
- option proto            tcp
+ option dest_port        2208
+
+
+config rule
+ option name sshwrt
+ option src              wan
+ option target           ACCEPT
+ option dest_port        2220
+

 
 config redirect
 
 config redirect

+ option name vpntp

  option src              wan
  option src_dport        1196
  option dest             lan
  option src              wan
  option src_dport        1196
  option dest             lan


@@ -392,6 +431,7 @@ config rule
 
 
 config redirect
 
 
 config redirect

+ option name httptp

  option src              wan
  option src_dport        80
  option dest             lan
  option src              wan
  option src_dport        80
  option dest             lan


@@ -403,6 +443,19 @@ config rule
  option dest_port        80
  option proto            tcp
 
  option dest_port        80
  option proto            tcp
 

+config redirect
+ option name httpstp
+ option src              wan
+ option src_dport        443
+ option dest             lan
+ option dest_ip          $l.8
+ option proto            tcp
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        443
+ option proto            tcp
+

 config redirect
  option name syncthing
  option src              wan
 config redirect
  option name syncthing
  option src              wan