faiserver-disable # Disable the fai nfs server exports
fresize # resize swap or boot partitions in a host
+# Replacing a raid 10 disk
+
+pxe-server -S HOST fai
+ssh root@HOST
+cat >p
+PASSWORD HERE(ctrl-d ctrl-d)
+for d in /dev/disk/by-id/ata*part1; do cryptsetup luksOpen --key-file p $d crypt_dev_${d##*/}; done
+# btrfs replace disk # i forget the actual command
+x=(/dev/mapper/*part1); mount -o subvol=root_trisquelflidas $x /mnt
+mount -o subvol=boot_trisquelflidas /dev/sda3 /mnt/boot
+for x in dev proc sys; do mount -o bind /$x /mnt/$x; done
+chroot /mnt /bin/bash
+# replace disk in fstab
+# replace disk in /etc/crypttab
+update-grub
+update-initramfs -u
+mount /a
+/a/exe/keyscript-on
+exit
+reboot
+
+
License stuff:
The license for the project is GPLv2 or later, mostly because fai is and
##### end command line parsing ########
-e ser stop btrbk.timer
+ser stop btrbk.timer
if [[ ! $host ]]; then
echo "$0: error: expected 1 arg of hostname"
exit 1
fi
-e() { echo "$@"; "$@"; }
if $kexec; then
- e fai-redep
- e myfai-chboot $host
- e fai-kexec $host ||:
+ fai-redep
+ myfai-chboot $host
+ fai-kexec $host ||:
else
cleanup() { pxe-server; }; _errcatch_cleanup=cleanup
- e pxe-server $host fai
+ pxe-server $host fai
if $reboot; then
# untested, this caused hang using here doc.
- ssh $host "touch /tmp/keyscript-off; sudo reboot" ||: &
+ ssh root@$host "touch /tmp/keyscript-off; reboot" ||: &
fi
- e pxe-server -a
+ pxe-server -a
unset _errcatch_cleanup
fi
fi
sleep 5
done
-e faiserver-disable
+faiserver-disable
if $error; then
echo "$0: error: timeout"
exit 1
while [[ $(ser is-active btrbk.service) == active ]]; do
sleep 5
done
-e btrbk-run -t $host
-ssh $host /a/bin/distro-setup/distro-begin
+btrbk-run -t $host
+#ssh $host /a/bin/distro-setup/distro-begin
# this should be done instead of distro-begin, but
# keeping it to 2 steps for now
-#e dsremote $host
+dsremote $host
# We check the reverse condition in 51-multi-boot,
# and set what os we are installing, but don't check it
# into git since it changes regularly.
-# It's code looks like this:
-# if [[ ! -e /a/bin/fai/fai-wrapper ]]; then
-# case $HOSTNAME in
-# tp) DEBIAN STRETCH VOL_STRETCH STRETCH_FREE;;
-# # add more multi-boot hostnames here
-# esac
-# fi
+
#
#
# Each host defines following:
#
# It's all a little redundant in some cases, but it keeps things
# simpler. Belenos is broken right now, planning to remove it once
-# flidas is released.
+# flidas is released and rms has upgraded.
#
#
# Other notable classes:
# RAID0: Use raid 0 even if there are >= 4 disks with boot partititions.
#
#
+# Code in 51-multi-boot, with reasonable combinations of above
+# uncommented for easier editing, and runs as a noop until
+# we replace _ with host names.
+if [[ ! -e /a/bin/fai/fai-wrapper ]]; then
+ case $HOSTNAME in
+ # stretch based minimal recovery / bootstraping os:
+ _) echo DEBIAN STRETCH64 VOL_STRETCH_BOOTSTRAP STRETCH_NONFREE ;;
+ # flidas
+ _) echo UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS ;;
+ # stretch
+ _) echo DEBIAN STRETCH64 VOL_STRETCH STRETCH_NONFREE ;;
+ # testing
+ _) echo DEBIAN STRETCH64 VOL_TESTING TESTING_NONFREE ;;
+ # belenos
+ _) echo UBUNTU BELENOS64 VOL_BELENOS BELENOS ;;
+ # xenial
+ _) echo UBUNTU XENIAL64 VOL_XENIAL XENIAL_FREE ;;
+ esac
+fi
+
if [[ -e /a/bin/fai/fai-wrapper ]]; then
source /a/bin/distro-functions/src/identify-distros
if isdebian; then
TPW=/q/root/shadow/traci-simple
if ifclass tp; then
- ROOTPW="$TPW"
+ ROOTPW=/q/root/shadow/standard
+# ROOTPW="$TPW"
else
ROOTPW=/q/root/shadow/standard
fi
deb http://security.debian.org/ stretch/updates main
deb-src http://security.debian.org/ stretch/updates main
-# stretch-updates, previously known as 'volatile'
deb http://mirrors.linode.com/debian/ stretch-updates main
deb-src http://mirrors.linode.com/debian/ stretch-updates main
deb http://mirrors.linode.com/debian/ stretch-backports main
deb-src http://mirrors.linode.com/debian/ stretch-backports main
-
-deb http://mirrors.linode.com/debian stretch main
-deb-src http://mirrors.linode.com/debian stretch main
-
-deb http://security.debian.org/ stretch/updates main
-deb-src http://security.debian.org/ stretch/updates main
-
-deb http://mirrors.linode.com/debian stretch-updates main
-deb-src http://mirrors.linode.com/debian stretch-updates main
-
-deb http://mirrors.linode.com/debian unstable main
-deb-src http://mirrors.linode.com/debian unstable main
fi
lukspw=$(cat $luks_dir/iank)
-# # ian: disabled while I use the tp host.
-# if ifclass tp; then
-# lukspw=$(cat $luks_dir/traci)
-# fi
+# # ian: disabled by chaning to tpnew while I use the tp host.
+# # note, corresponding changes in /b/ds/keyscript-{on,off}
+if ifclass tpnew; then
+ lukspw=$(cat $luks_dir/traci)
+fi
if ifclass demohost; then
lukspw=x
fi
chown -R 1000:1000 /home/iank/.ssh
chmod -R u=Xrw,og= /home/iank/.ssh
rm -rf /root/.ssh
+# remove broken symlinks or the following cp will fail
+find /home/iank/.ssh -xtype l -exec rm '{}' \;
cp -rL /home/iank/.ssh /root
chown -R root:root /root/.ssh
chmod 700 /root/.ssh
root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
# fai-setup without -e sets the ip to the local_ip/local_network, eg 192.168.1.3/24
# I restrict it to one ip as simple but imperfect access control.
- sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports
- cat >>/etc/exports <<EOF
+
+ # we may chattr +i /etc/exports if we dun want it modified
+ # for example, if we made these exports more widely available
+ # while doing multiple installs or a recovery.
+ if [[ -w /etc/exports ]]; then
+ sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports
+ cat >>/etc/exports <<EOF
/srv/fai/config $ip(async,ro,no_subtree_check)
/srv/fai/nfsroot $ip(async,ro,no_subtree_check,no_root_squash)
EOF
- exportfs -ra
+ exportfs -ra
+ fi
systemctl start nfs-server # assumes recent os
else
std_arg="-u http://faiserver:8080/config.tar.gz"
iankelling.org / git / automated-distro-installer / commitdiff