and which shadow file / luks file(s) to copy into the new machine depends
on fai-redep arguments.
-Also, setup dns in bind and wrt-setup-local.
+Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.
After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
fai-redep # Deploy fai configuration to host "faiserver"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
-myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
+myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
wrt-setup # setup my router in general: dhcp, dns, etc.
solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
+## Weird package dependency errors
+
+for example: in fai.log, within instsoft.DEBIAN
+```
+The following packages have unmet dependencies:
+ libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed
+```
+
+In this case, it was because the basefile was missing, and so instead
+fai decided to use the wrong basefile.
+
+for example: in fai.log, within instsoft.DEBIAN
+
+```
+ftar: No matching class found in /var/lib/fai/config/basefiles//
+ftar: extracting /var/tmp/base.tar.zst to /target/
+```
+
# What good logs look like:
logging nfs traffic from server
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv
+m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
# todo: automatically disable faiserver after a period so
# these files are not available.
+
if [[ $target ]]; then
secret_files=(luks/$target luks/host-$target shadow/$target)
exists=false
rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
fi
+rsync -rlpt --delete /a/opt/btrfs-progs-release \
+ filesystem/usr/local/bin/ethusb-nm \
+ filesystem/usr/local/bin/ethusb-static \
+ "${rpre[@]}"/srv/fai/config/distro-install-common
+
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
BASEFILE_DIR=/tmp
fi
isopath=$BASEFILE_DIR/$iso
- isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
+ isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst
if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
#! /bin/bash
# mk-basefile, create basefiles for some distributions
#
-# Thomas Lange, Uni Koeln, 2011-2021
+# Thomas Lange, Uni Koeln, 2011-2024
# based on the Makefile implementation of Michael Goetze
#
# Usage example: mk-basefile -J STRETCH64
# This will create a STRETCH64.tar.xz basefile.
-# Supported distributions (each i386/amd64):
+# Supported distributions (i386/amd64):
# Debian GNU/Linux
-# Ubuntu 14.04/16.04
+# Ubuntu 14.04/16.04/20.04/22.04
+# AlmaLinux 9
+# Rocky Linux 8/9
# CentOS 5/6/7/8
# Scientific Linux Cern 5/6
#
EXCLUDE_BULLSEYE=
EXCLUDE_BOOKWORM=
EXCLUDE_TRIXIE=
+EXCLUDE_FORKY=
EXCLUDE_SID=
EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info
EXCLUDE_ETIONA=udhcpc,dibbler-client,info
EXCLUDE_FOCAL=udhcpc,dibbler-client,info
EXCLUDE_NABIA=udhcpc,dibbler-client,info
-EXCLUDE_JAMMY=
-EXCLUDE_ARAMO=
+EXCLUDE_JAMMY=udhcpc,dibbler-client,info
+EXCLUDE_ARAMO=udhcpc,dibbler-client,info
+EXCLUDE_NOBLE=udhcpc,dibbler-client,info
# here you can add packages, that are needed very early
INCLUDE_DEBIAN=
chroot $xtmp apt-get clean
rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
$xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
- $xtmp/etc/udev/rules.d/70-persistent-net.rules
+ $xtmp/etc/udev/rules.d/70-persistent-net.rules \
+ $xtmp/var/lib/dbus/machine-id
> $xtmp/etc/machine-id
}
}
+rpmdist() {
+
+ local arch=$1
+ local vers=$2
+ local dist=$3
+ local domain=$(domainname)
+
+ check
+ setarch $arch
+ $l32 rinse --directory $xtmp --distribution $dist-$vers --arch $arch --before-post-install $xtmp/post
+ domainname $domain # workaround for #613377
+ cleanup-rinse
+ tarit
+}
+
+
+alma() {
+ rpmdist $1 $2 alma
+}
+
+rocky() {
+ rpmdist $1 $2 rocky
+}
+
centos() {
local arch=$1
echo "Available:
+ ALMA9_64
+ ROCKY8_64
+ ROCKY9_64
CENTOS5_32 CENTOS5_64
CENTOS6_32 CENTOS6_64
CENTOS7_32 CENTOS7_64
NABIA64
JAMMY64
ARAMO64
+ NOBLE64
SQUEEZE32 SQUEEZE64
WHEEZY32 WHEEZY64
JESSIE32 JESSIE64
BULLSEYE32 BULLSEYE64
BOOKWORM32 BOOKWORM64
TRIXIE32 TRIXIE64
+ FORKY32 FORKY64
SID32 SID64
"
}
cat <<EOF
mk-basefile, create minimal base files for a Linux distritubtion
- Copyright (C) 2011-2020 by Thomas Lange
+ Copyright (C) 2011-2023 by Thomas Lange
Usage: mk-basefile [OPTION] ... DISTRIBUTION
-s Show list of supported linux distributions
-f ARCH Build for foreign architecture ARCH.
-d DIR Use DIR for creating the temporary subtree structure.
- -z Use gzip for compressing the tar file.
+ -z Use zstd for compressing the tar file.
-J Use xz for compressing the tar file.
-k Keep the temporary subtree structure, do not remove it.
-x CMD Run CMD in chroot. If CMD exists as a file, copy it and run it.
a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
d) export TMPDIR=$OPTARG ;;
f) export ARCH=$OPTARG ;;
- z) zip="gzip -9"; ext=tar.gz ;;
+ z) zip="zstd -9"; ext=tar.zst ;;
J) zip="xz -8" ext=tar.xz ;;
k) cleanup=0 ;;
h) usage ;;
CENTOS7_32) centos i386 7 ;;
CENTOS7_64) centos amd64 7 ;;
CENTOS8_64) centos amd64 8 ;;
+ ROCKY8_64) rocky amd64 8 ;;
+ ROCKY9_64) rocky amd64 9 ;;
+ ALMA9_64) alma amd64 9 ;;
SLC5_32) slc i386 5 ;;
SLC5_64) slc amd64 5 ;;
SLC6_32) slc i386 6 ;;
SLC7_64) slc amd64 7 ;;
BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
debgeneric $target $MIRROR_TRISQUEL ;;
- TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*)
+ TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
debgeneric $target $MIRROR_UBUNTU ;;
- SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|SID*)
+ SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|FORKY*|SID*)
debgeneric $target $MIRROR_DEBIAN $ARCH;;
*) echo "Unknown distribution. Aborting."
prtdists
exit 0
fi
-# Echo architecture and OS name in uppercase. Do NOT remove these two lines.
-uname -s | tr '[:lower:]' '[:upper:]'
+# Echo architecture
command -v dpkg >&/dev/null && dpkg --print-architecture | tr a-z A-Z
# determin if we are a DHCP client or not
#! /bin/bash
-# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de
+# (c) Thomas Lange, 2002-2013, lange@cs.uni-koeln.de
# NOTE: Files named *.sh will be evaluated, but their output ignored.
echo 0 > /proc/sys/kernel/printk
-#kernelmodules=
-# here, you can load modules depending on the kernel version
-case $(uname -r) in
- 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
- [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
-esac
+# example how to load modules depending on the kernel version
+#case $(uname -r) in
+# 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
+# [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
+#esac
for mod in $kernelmodules; do
[ X$verbose = X1 ] && echo Loading kernel module $mod
# parse *.profile and build a curses menu, so the user can select a profile
#
-# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de
+# (c) 2015 by Thomas Lange, lange@cs.uni-koeln.de
# Universitaet zu Koeln
if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then
[ "$flag_menu" ] || return 0
out=$(tty)
+# save stdout and redirect stdout to tty
+exec 4>&1 > $out
tempfile=$(mktemp)
tempfile2=$(mktemp)
trap "rm -f $tempfile $tempfile2" EXIT INT QUIT
dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \
--default-item "$default" \
--menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\
- 15 70 0 "${par[@]}" 2> $tempfile 1> $out
-
+ 15 70 0 "${par[@]}" 2> $tempfile
_retval=$?
case $_retval in
0)
echo "No profile selected."
break ;;
2)
- dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;;
+ dialog --title "Description of all profiles" --textbox $tempfile2 0 0 ;;
esac
done
unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line
+
+exec 1>&4 # restore stdout
[ "$flag_menu" ] || return 0
out=$(tty)
+# save stdout and redirect stdout to tty
+exec 4>&1 > $out
red=$(mktemp)
echo 'screen_color = (CYAN,RED,ON)' > $red
DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \
- --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out
+ --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0
# stop on any error, or if ESC was hit
if [ $? -ne 0 ]; then
rm $red
unset red
+exec 1>&4 # restore stdout
#! /bin/bash
-ifclass -o CENTOS SLC && exit 0
-
ifclass -o GRUB_PC GRUB_EFI && exit 0
if [ -d /sys/firmware/efi ]; then
exit 0
fi
-for c in LVM FAISERVER FAIBASE; do
+for c in CLOUD LVM FAISERVER FAIBASE; do
if ifclass $c; then
echo ${c}_EFI
break
# ian, commented, sources are set with fcopy
-# release=bullseye
+# release=bookworm
# apt_cdn=http://deb.debian.org
# security_cdn=http://security.debian.org
FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
# if you want to use the faiserver as APT proxy
-# APTPROXY=http://faiserver:3142
+#APTPROXY=http://faiserver:3142
+
+
+# The linux-image package has different names for Debian and Ubuntu
+if ifclass UBUNTU; then
+ kernelname=linux-image-generic
+elif ifclass I386; then
+ kernelname=linux-image-686-pae
+elif ifclass AMD64; then
+ kernelname=linux-image-amd64
+fi
+
+if [ -z "kernelname" ]; then
+ _arch=$(dpkg --print-architecture 2>/dev/null)
+ case $_arch in
+ i386)
+ kernelname=linux-image-686-pae ;;
+ *)
+ kernelname=linux-image-$_arch
+ esac
+ unset _arch
+fi
# set parameter for install_packages(8)
MAXPACKAGES=800
+# Account on the FAI server for saving log files and calling fai-chboot.
+# Remove the hash character in the next line to activate this feature
+#LOGUSER=fai
+
# a user account will be created
#username=demo
#USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
--- /dev/null
+CONSOLEFONT=lat9v-16
+KEYMAP=us
+DEFAULTLOCALE=en_US.UTF-8
+SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
+
+# if you install much software and have only few RAM, use the RAM disk
+# not for var/cache/yum
+#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
+FAI_RAMDISKS="$target/var/lib/rpm"
#iank, i define these by classes. commenting
# to make sure these arent used
#ubuntumirror=http://archive.ubuntu.com
-#ubuntudist=focal
+#ubuntudist=jammy
downloaded from the internet.
Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME
-Name: CentOS 8
-Description: CentOS 8 with Xfce desktop
-Short: A normal Xfce desktop, running CentOS 8
-Long: We use the Debian nfsroot for installing the CentOS 8 OS.
+Name: Rocky Linux
+Description: Rocky Linux 9 with Xfce desktop
+Short: A normal Xfce desktop, running Rocky Linux 9
+Long: We use the Debian nfsroot for installing the Rocky Linux 9 OS.
You should have a fast network connection, because most packages are
downloaded from the internet.
-Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG
+Classes: INSTALL FAIBASE ROCKY ROCKY9_64 XORG
Name: Ubuntu
-Description: Ubuntu 20.04 LTS desktop installation
+Description: Ubuntu 22.04 LTS desktop installation
Short: Unity desktop
Long: We use the Debian nfsroot for installing the Ubuntu OS.
You should have a fast network connection, because most packages are
downloaded from the internet.
-Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG
+Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU JAMMY JAMMY64 XORG
Name: Inventory
Description: Show hardware info
--- /dev/null
+# config for a disk image for a VM
+#
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
+
+disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid align-at:1M
+
+p=efi /boot/efi 64M vfat defaults createopts="-F 32"
+p=root / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
+
disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
primary / 2G-50G ext4 rw,noatime,errors=remount-ro
# example of new config file for setup-storage
#
-# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
+
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
-primary /boot/efi 512M vfat rw
-primary / 2G-50G ext4 rw,noatime,errors=remount-ro
-primary swap 200-10G swap sw
-primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"
+p=efi /boot/efi 512M vfat rw
+p=root / 2G-50G ext4 rw,noatime,errors=remount-ro
+p= swap 200-10G swap sw
+p=home /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"
# config file for an FAI install server
#
-# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:gpt fstabkey:uuid
-primary /boot/efi 512M vfat rw
-primary / 2G-15G ext4 rw,noatime,errors=remount-ro
-primary swap 200-1000 swap sw
-primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0"
-primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0"
-primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0"
+p=efi /boot/efi 512M vfat rw
+p=system / 2G-15G ext4 rw,noatime,errors=remount-ro
+p=swap swap 200-1000 swap sw
+p= /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0"
+p=home /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0"
+p=data /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0"
disk_config disk1 fstabkey:uuid align-at:1M
-primary /boot 200 ext2 rw,noatime
-primary - 4G- - -
+primary /boot 500 ext4 rw,noatime
+primary - 4G- - -
disk_config lvm
-# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
# entire disk with LVM, separate /home
disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M
-primary /boot/efi 512M vfat rw
-primary /boot 200 ext2 rw,noatime
-primary - 4G- - -
+p=efi /boot/efi 512M vfat rw
+p=boot /boot 500 ext4 rw,noatime
+p=system - 4G- - -
disk_config lvm
--- /dev/null
+# example of new config file for setup-storage
+#
+# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
+
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
+
+disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
+
+primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT"
+
+logical swap 200-10G swap sw createopts="-L SWAP"
+logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
exit 0
fi
$ROOTCMD usermod -aG sudo iank
fi
+mkdir -p $target/etc/sudoers.d
cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
Defaults timestamp_timeout=1440
# used in bashrc
-#!/bin/bash -x
+#!/bin/bash
# This file is part of Ian Kelling's automated-distro-installer
# Copyright (C) 2024 Ian Kelling
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-tmpdir=$(mktemp -d) || exit
-trap 'cd; rm -rf "$tmpdir"' EXIT
-cd $tmpdir
+set -x
+
+prereqs=()
+for p in wget curl; do
+ if ! type -p $p &>/dev/null; then
+ prereqs+=($p)
+ fi
+done
+if (( ${#prereqs[@]} >= 1 )); then
+ apt-get -y install ${prereqs[@]}
+fi
+
+
+tmpdir=$($ROOTCMD mktemp -d) || exit
+outertmp=$target/$tmpdir
+trap 'cd; rm -rf "$outertmp"' EXIT
+cd $outertmp
# update stable_ver when we are ready to jump to a new stable kernel.
# Stable kernels are listed here: https://www.kernel.org/category/releases.html
stable_ver='6\.6'
+# Actually, I dont want stable right now. comment this out to get stable
+# version.
+stable_ver='[1-9]'
va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
urls=()
for p in ${pkgs[@]}; do
- if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
fi
done
if (( ${#urls[@]} >= 1 )); then
- wget "${urls[@]}"
- dpkg -i ./*.deb
+ wget -nv "${urls[@]}"
+ $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}
fi
--- /dev/null
+deb {%apt_cdn%}/debian {%release%} main contrib non-free non-free-firmware
+deb {%security_cdn%}/debian-security {%secsuite%} main contrib non-free non-free-firmware
+deb {%apt_cdn%}/debian {%release%}-updates main contrib non-free non-free-firmware
dpkg-reconfigure -fnoninteractive openssh-server
fi
sleep 8
-[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart
echo "================================="
echo "Setting up the FAI install server"
ainsl /etc/fai/fai.conf "^LOGUSER=fai"
# make index, then import the packages from the CD mirror
+/etc/init.d/apt-cacher-ng restart
apt-get update >/dev/null
+echo "Importing local packages to apt cache"
curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null
+echo "Creating FAI Server setup"
# setup the FAI server, including creating the nfsroot, use my own proxy
export APTPROXY="http://127.0.0.1:3142"
echo "=================================================="
echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!"
echo "Read /var/log/fai/fai-setup.log for more debugging"
+ echo "Setup script is now moved to /var/tmp/$0"
echo "=================================================="
echo ""
+ cp -p $0 /var/tmp
sleep 10
+ rm -f $0
exit 99
fi
fai-chboot -o default
# create a template for booting the installation
-fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bullseye.tmpl
+fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bookworm.tmpl
# Since we do not know the MAC address, our DHCP cannot provide the hostname.
# Therefore we do explicitly set the hostname
fai-monitor > /var/log/fai/fai-monitor.log &
# move me away
-mv $0 /var/tmp
+cp -p $0 /var/tmp
# create new rc.local for next reboot
echo '#! /bin/bash' > /etc/rc.local
--- /dev/null
+CLOUD
\ No newline at end of file
--- /dev/null
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=disabled
+# SELINUXTYPE= can take one of these two values:
+# targeted - Only targeted network daemons are protected.
+# strict - Full SELinux protection.
+# mls - Multi Level Security protection.
+SELINUXTYPE=targeted
+# SETLOCALDEFS= Check local definition changes
# hook for installing a file system image (tar file)
# this works for Ubuntu 14.04
#
-# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de
+# Copyright (C) 2015 Thomas Lange, lange@cs.uni-koeln.de
# I use this tar command to create the image of an already running and configured machine
fi
if [ -f $target/etc/centos-release ]; then
rm $target/etc/grub2/device.map
- $FAI/scripts/CENTOS/40-install-grub
- $FAI/scripts/CENTOS/30-mkinitrd
+ $FAI/scripts/ROCKY/40-install-grub
+ $FAI/scripts/ROCKY/30-mkinitrd
$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
fi
--- /dev/null
+#! /bin/bash
+
+skiptask debconf
$ROOTCMD apt-get -y install locales > /dev/null
fi
fi
+
+# use zstd for dracut initrd
+ainsl -av /etc/dracut.conf.d/11-debian.conf "compress=zstd"
# so use fixed sizes to allow both to grow
# 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
#root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
- o_mib=$(( 120 * 1000 ))
+ o_mib=$(( 180 * 1000 ))
# max minus o, minus a gig just for some extra space
max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
- root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb.
+ root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
if (( max_root_mib < root_mib )); then
root_mib=$max_root_mib
fi
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ $FAI_ACTION = "install" ]; then
+ ctam
+ [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
+
+ cat > $target/etc/sysconfig/network <<-EOF
+ NETWORKING=yes
+ HOSTNAME=$HOSTNAME.$DOMAIN
+ EOF
+ echo "127.0.0.1 localhost" > $target/etc/hosts
+ ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
+ cp /etc/resolv.conf $target/etc
+fi
+
+fcopy -riv /etc/yum.repos.d/
+
+# disable the fastestmirror plugin
+#fai-sed 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+
+skiptask repository
+
+exit $error
data block query control method not found
subprocess.py.\+RuntimeWarning: line buffering
Resource conflict.\+ found
+os-prober will not be executed
+/sys/bus/usb/devices/\*:\*/bInterface
update-rc.d: warning: start and stop actions are no longer supported"
# add pattern on some conditions
echo "ERRORS found in log files. See $errfile" >&2
else
echo "Congratulations! No errors found in log files."
+# export flag_reboot=1 # if you want to reboot if no errors are found
fi
--- /dev/null
+#! /bin/bash
+
+# This file is sourced during task_setup
+# you can define your own functions and use them later, for e.g.
+# in scripts/...
+
+
+cleanup_base() {
+
+ rm -f $target/etc/mailname \
+ $target/etc/machine-id \
+ $target/var/lib/dbus/machine-id \
+ $target/var/log/install_packages.list
+
+ > $target/etc/machine-id
+ shred --remove $target/etc/ssh/ssh_host_*
+}
+
+
+cleanup_dpkg_apt() {
+
+ rm -f $target/var/log/alternatives.log \
+ $target/var/log/apt/* \
+ $target/var/log/bootstrap.log \
+ $target/var/log/dpkg.log
+
+ rm -rf $target/var/cache/apt/*
+ rm -rf $target/var/lib/apt/lists/*
+ rm -f $target/var/lib/dpkg/available*
+ rm -f -- $target/var/lib/dpkg/*-old
+}
fi
echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io
-
-# you may want to add i386 arch to amd64 hosts
-# if ifclass AMD64; then
-# $ROOTCMD dpkg --add-architecture i386
-# fi
--- /dev/null
+#! /bin/bash
+
+if [ ! -f $target/etc/resolv.conf ]; then
+ cp /etc/resolv.conf $target/etc
+fi
+
+if [ X$verbose = X1 ]; then
+ echo "Updating base"
+ $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
+else
+ $ROOTCMD yum -y update >> $LOGDIR/software.log
+fi
+
+$ROOTCMD systemd-machine-id-setup
+
+cat > $target/etc/sysconfig/kernel <<EOF
+# UPDATEDEFAULT specifies if new-kernel-pkg should make
+# new kernels the default
+UPDATEDEFAULT=yes
+
+# DEFAULTKERNEL specifies the default kernel package type
+DEFAULTKERNEL=kernel-core
+EOF
+
+skiptask updatebase
#! /bin/bash
+# mk-basefile doesn't use the -updates suite, then we unpack it, then we
+# install sources.list that has -updates and we install random
+# packages. It might avoid a problem if we a dist-upgrade first.
+
+$ROOTCMD apt-get update
+$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
+
# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
# changed. There is a /var/lib/dpkg/info/locales.config file, which
# hook applies the debconf setting. It must run after FAI's debconf task
# but before dpkg gets a chance to clobber debconf with an empty setting.
+
if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
- $ROOTCMD debconf --owner=locales sh -c '
+ $ROOTCMD debconf --owner=locales sh -c '
. /usr/share/debconf/confmodule
db_version 2.0
db_get locales/locales_to_be_generated &&
firmware-bnx2 firmware-bnx2x firmware-realtek
firmware-linux-nonfree
# a list of firmware for wifi/wireless
-atmel-firmware firmware-atheros firmware-brcm80211
-firmware-iwlwifi firmware-libertas firmware-ralink firmware-zd1211
+firmware-misc-nonfree
+atmel-firmware firmware-ath9k-htc firmware-brcm80211
+firmware-iwlwifi firmware-libertas firmware-zd1211
firmware-brcm80211 firmware-ti-connectivity
firmware-netronome firmware-netxen firmware-realtek
firmware-cavium
# firmware-ipw2x00 # needs a debconf question
-PACKAGES install I386
-linux-image-686-pae
+# needed for a live ISO
+PACKAGES install-norec LIVEISO
+dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin
+
+PACKAGES install-norec I386 AMD64
memtest86+
-PACKAGES install CHROOT
+PACKAGES install-norec CHROOT
linux-image-686-pae-
linux-image-amd64-
initramfs-tools-core-
dropbear-initramfs-
-PACKAGES install AMD64
-linux-image-amd64
+PACKAGES install-norec AMD64
+${kernelname} # see class/DEBIAN.var
memtest86+
-PACKAGES install ARM64
+PACKAGES install-norec ARM64
+${kernelname} # see class/DEBIAN.var
grub-efi-arm64
-linux-image-arm64
-# this is duplicate with STANDARD.
-#PACKAGES install GRUB_PC
+# iank this is duplicate with STANDARD.
+#PACKAGES install-norec GRUB_PC
#grub-pc
-#PACKAGES install GRUB_EFI
-#grub-efi
-
+#PACKAGES install-norec GRUB_EFI
+#grub-efi dosfstools
PACKAGES install LVM
lvm2
fai-quickstart
debmirror tcpdump
-xorriso grub-pc
+xorriso
lftp curl
netselect
syslinux-common pxelinux
apt-cacher-ng
-nscd psmisc
+psmisc
bind9 dnsutils
iptables-persistent
zile
-PACKAGES install-norec
+# enable following two lines to get full GNOME desktop
+#PACKAGES install
+#task-gnome-desktop
+
+# stripped down version of GNOME without libreoffice
+# upgrade to full desktop using: # apt install task-gnome-desktop
+PACKAGES install-norec
firefox-esr
#thunderbird
menu gdm3
--- /dev/null
+ARAMO.gpg
\ No newline at end of file
--- /dev/null
+PACKAGES dnfgroup
+core
+minimal-environment
+#server-product-environment
+#headless-management
+
+PACKAGES dnfgroup XORG
+graphical-server-environment
+workstation-product-environment
+
+PACKAGES dnfi
+NetworkManager
+dbus-broker # needed by systemd
+chrony
+kernel
+dracut
+less
+openssh
+openssh-clients
+openssh-server
+vim-enhanced
+man
+curl
+unzip
+which
+ncurses ncurses-base
+coreutils-common
+libibverbs # needed for nc, but missing dependency
+
+PACKAGES dnfi GRUB_PC
+grub2-pc
+
+PACKAGES dnfi GRUB_EFI
+grub2-efi
+
+
+PACKAGES dnfi LVM
+lvm2
openssh-client
pciutils
perl
-# ian: newer distros dont have python, it gets naturally removed
-python
-python-minimal
python3
python3-minimal
reportbug
openssh-client openssh-server
time
procinfo
-locales
console-setup kbd
pciutils usbutils
unattended-upgrades
cryptsetup-initramfs
# for btrbk
zstd
+# for detecting wireless
+iw
# iank, copied from DEBIAN so it goes into ubuntu too
PACKAGES install GRUB_PC
# but theres a dependency problem with it in nabia: for some reason it depends on
# a version in security, but theres a later version in updates that the system
# really wants to install.
-grub-efi-amd64
+grub-efi-amd64 dosfstools
linux-image-generic
memtest86+
-
PACKAGES install FLIDAS64 XENIAL64
linux-image-generic-hwe-8.0
linux-image-generic-
linux-image-generic-hwe-20.04
+PACKAGES install XORG
+ubuntu-server-
+ubuntu-standard
+ubuntu-desktop
+
PACKAGES install GERMAN
language-pack-gnome-de
+
+PACKAGES install CHROOT
+# a chroot does not need a kernel.
+# See class/DEBIAN.var for the exact package name
+${kernelname}-
+# enable following two lines to get full XFCE desktop
+#PACKAGES install
+#task-xfce-desktop
+
+# stripped down version of xfce4 without libreoffice
+# upgrade to full desktop using: # apt install task-xfce-desktop
PACKAGES install-norec
xfce4 # base system
xfce4-goodies # additional tools
+xfce4-power-manager
+light-locker
lightdm
+synaptic
firefox-esr
network-manager-gnome
--- /dev/null
+ian: Ya, for each trisquel release, we need a new key symlink link, or
+new file if the key has changed.
#! /bin/bash
-fcopy /etc/init.d/expand-root
-if [ -f $target/files/etc/init.d/expand-root ]; then
- $ROOTCMD insserv --default expand-root
-fi
-
-sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config
+fai-sed "s/PermitRootLogin yes/PermitRootLogin without-password/" /etc/ssh/sshd_config
ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120'
ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr'
ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy'
+cleanup_base
+
rm -f $target/etc/resolv.conf \
$target/etc/udev/rules.d/70-persistent-net.rules \
- $target/lib/udev/write_net_rules \
- $target/etc/mailname \
- $target/var/lib/dbus/machine-id
-
-> $target/etc/machine-id
-
-shred --remove $target/etc/ssh/ssh_host_*
+ $target/lib/udev/write_net_rules
# FIXME: DHCP RFC3442 is used incorrect in Azure
if [ -f $target/etc/dhcp/dhclient.conf ]; then
- sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf
+ fai-sed 's,rfc3442-classless-static-routes,disabled-\0,' /etc/dhcp/dhclient.conf
fi
exit 1
fi
+m() { printf "%s\n" "$*"; "$@"; }
+
+
fcopy -riB /root
+# in bullseye, installing systemd-resolved says: Converting
+# /etc/resolv.conf to a symlink to
+# /run/systemd/resolve/stub-resolv.conf... which breaks
+# resolution. This happens to be the first script we install a package
+# after that. This should do nothing in a fai-wrapper situation.
+if [[ ! -s $target/etc/resolv.conf ]]; then
+ m ls -la $target/etc/resolv.conf ||:
+ # Keep the symlink in place, systemd-resolved should change the file
+ # when it runs.
+ mkdir -p $target/run/systemd/resolve
+ if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then
+ echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2
+ exit 1
+ fi
+ cat /etc/resolv.conf >$target/etc/resolv.conf
+fi
+
+
#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
-set -x
+set -xe
if getent group systemd-journal >/dev/null; then
# makes the journal be saved to disk.
mkdir -p /var/log/journal
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF
-apt-get install -y pxe-kexec
+
+# This used to be pxe-kexec. For some reason pxe-kexec is not in
+# bookworm. kexec-tools is
+# something pxe-kexec depended on and might be useful.
+# todo: figure out why and get it installed.
+apt-get install -y kexec-tools
# this is usefull. Only thing reason I see this being disabled by default is
# that a non-root user can disrupt the system, eg cause a reboot.
printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
fi
if [ "$UTC" = "yes" ]; then
- sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+ fai-sed 's:^LOCAL$:UTC:' /etc/adjtime
else
- sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+ fai-sed 's:^UTC$:LOCAL:' /etc/adjtime
fi
# enable linuxlogo
if [ -f $target/etc/inittab ]; then
- sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+ fai-sed 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' /etc/inittab
elif [ -f $target/lib/systemd/system/getty@.service ]; then
- sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+ fai-sed 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' /lib/systemd/system/getty@.service
fi
# make sure a machine-id exists
$ROOTCMD systemd-machine-id-setup
fi
-ln -fs /proc/mounts $target/etc/mtab
+fai-link /etc/mtab ../proc/self/mounts
-rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+rm -f $target/etc/dpkg/dpkg.cfg.d/unsafe-io
if [ -d /etc/fai ]; then
if ! fcopy -Mv /etc/fai/fai.conf; then
echo $TIMEZONE > $target/etc/timezone
if [ -L $target/etc/localtime ]; then
- ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+ fai-link /etc/localtime /usr/share/zoneinfo/${TIMEZONE}
else
cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
fi
--- /dev/null
+#! /bin/bash
+
+# (c) Thomas Lange, 2022, lange@debian.org
+#
+# Add public ssh key for user root to get login access
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+SSHDIR=$target/root/.ssh
+AUKEY=$SSHDIR/authorized_keys
+
+# reverse order of classes
+for c in $classes; do
+ revclasses="$c $revclasses"
+done
+
+for c in $revclasses; do
+ if [ -f $FAI/files/root-ssh-key/$c ]; then
+ if [ -f $AUKEY ]; then
+ cmp -s $FAI/files/root-ssh-key/$c $AUKEY
+ if [ $? -eq 0 ]; then
+ exit
+ fi
+ fi
+ if [ ! -d $SSHDIR ]; then
+ mkdir -m 700 $SSHDIR
+ fi
+ cp -v $FAI/files/root-ssh-key/$c $AUKEY
+ chown root:root $AUKEY
+ chmod 700 $AUKEY
+ break
+ fi
+done
+
+exit $error
# add entries for 10 hosts called client 01 .. 10
perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts
- sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf
- ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0"
+ fai-sed '/# ReuseConnections: 1/d' /etc/apt-cacher-ng/acng.conf
+ ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 1"
+ ainsl -v /etc/apt-cacher-ng/acng.conf "PipelineDepth: 80"
+ ainsl -v /etc/apt-cacher-ng/acng.conf "DlMaxRetries: 6"
# copy base file for faster building of nfsroot
if [ -f /var/tmp/base.tar.xz ]; then
if [ -d /media/mirror/pool ]; then
mkdir $target/var/cache/apt-cacher-ng/_import
cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import
- $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/_import
+ $ROOTCMD chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng/_import
fi
# copy basefiles from CD to config space
# installation into the removable media paths as well as the standard
# debian path.
+# do only execute for Debian and similar distros
+if ! ifclass DEBIAN ; then
+ exit 0
+fi
+
set -a
# do not set up grub during dirinstall
BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
fi
+opts="--no-floppy --target=x86_64-efi --modules=part_gpt"
+
# Check if RAID is used for the boot device
if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
raiddev=${BOOT_DEVICE#/dev/}
# install grub on all members of RAID
for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat); do
echo Install grub on /dev/$device
- $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device"
+ $ROOTCMD grub-install $opts --force-extra-removable "/dev/$device"
done
elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
# do not update vmram when using a loop device
- $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE
+ $ROOTCMD grub-install $opts --force-extra-removable --no-nvram $BOOT_DEVICE
if [ $? -eq 0 ]; then
echo "Grub installed on hostdisk $BOOT_DEVICE"
fi
else
- $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT"
+ $ROOTCMD grub-install $opts "$GROOT"
if [ $? -eq 0 ]; then
echo "Grub installed on $BOOT_DEVICE = $GROOT"
fi
fi
$ROOTCMD update-grub
+if [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
+ :
+else
+ efibootmgr -v
+fi
exit $error
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
set -x
+# do only execute for Debian and similar distros
+if ! ifclass DEBIAN ; then
+ exit 0
+fi
+
set -a
# do not set up grub during dirinstall
# disable os-prober because of #802717
ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
+# efivars may still be mounted from the host system during fai-diskimage
+if [ -d $target/sys/firmware/efi/efivars ]; then
+ umount $target/sys/firmware/efi/efivars
+fi
+
# skip the rest, if not an initial installation
if [ $FAI_ACTION != "install" ]; then
$ROOTCMD update-grub
sudo apt-get -y install fai-client
fi
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
- chroot() {
- shift
- "$@"
- }
-fi
-
-if [[ $FAI_ROOT == / ]]; then
- source /a/bin/bash_unpublished/source-state
- bprogs_dir=/a/opt/btrfs-progs-release
-else
- bprogs_dir=/srv/btrfs-progs-release
- chroot="chroot $FAI_ROOT"
-fi
-
# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
mount -o bind $src $dst
fi
+
+
$FAI/distro-install-common/end
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
-$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riB /etc/apt
tmpfile2=$(mktemp)
-$chroot /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
- $chroot /usr/bin/apt update
+ $ROOTCMD /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
#### misc configurations
-
if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
if ifclass LINODE; then
speed=19200
WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
EOF
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable myncq.service
/usr/bin/myncq no-upgrub
EOFOUTER
fi
# use networkmanager if this host has wireless.
-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
- $chroot bash <<EOF
+if [[ $(iw dev) ]]; then
+ $ROOTCMD bash -xe <<EOF
apt-get -y install network-manager
EOF
[main]
dns=systemd-resolved
EOF
+
+ $FAI/distro-install-common/ethusb-static
+ if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ : # we are at home. note: logic duplicated in btrbk-run
+ else
+ $FAI/distro-install-common/ethusb-nm
+ fi
+
+
else
cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
fi
-case $HOSTNAME in
- sy)
- $FAI/distro-install-common/install-stable-kernel-debs
- ;;
- *)
- $chroot apt-get -y install linux-libre
- ;;
-esac
-
-pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
-tarball=$(curl -s $pre/sha256sums.asc \
- | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
-url="$pre/$tarball"
-dir=${tarball%.tar.gz}
-ver=${dir#btrfs-progs-}
-cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
-if [[ $ver != "$cur_ver" ]]; then
- if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
- rm -rf $bprogs_dir
- cd /tmp
- wget $url
- sudo -u iank tar xzf $tarball
- mv ${tarball%.tar.gz} $bprogs_dir
- cd $bprogs_dir
- apt-get -y build-dep btrfs-progs
- sudo -u iank ./configure --disable-documentation
- sudo -u iank make
- make install
- else
- $chroot bash -xe <<EOF
-cd $bprogs_dir
-make install
-EOF
- fi
-fi
-
if ifclass LINODE; then
mkdir -p $target/etc/initramfs-tools/conf.d
cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
fcopy /etc/systemd/system/faicheck.service
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable faicheck.service
EOFOUTER
exit 0 # avoid unnecessary stuff in bootstrap vol
## misc settings
-$chroot bash <<'EOFOUTER'
+$ROOTCMD bash <<'EOFOUTER'
#### begin .ssh setup ###
set -x
set -eE -o pipefail
for g in plugdev audio video cdrom; do
$ROOTCMD usermod -a -G $g user2
done
+
+
+## begin get new kernel and btrfs-progs ##
+case $HOSTNAME in
+ sy|so)
+ $FAI/distro-install-common/install-stable-kernel-debs
+ ;;
+ *)
+ $ROOTCMD apt-get -y install linux-libre
+ ;;
+esac
+
+pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
+tarball=$(curl -s $pre/sha256sums.asc \
+ | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
+url="$pre/$tarball"
+dir=${tarball%.tar.gz}
+ver=${dir#btrfs-progs-}
+cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+ bp_dir=/a/opt/btrfs-progs-release
+else
+ bp_dir=$FAI/distro-install-common/btrfs-progs-release
+fi
+if [[ $ver != "$cur_ver" ]]; then
+ if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+ cd $target/tmp
+ wget $url
+ tar xzf $tarball
+ $ROOTCMD apt-get -y build-dep btrfs-progs
+ # no docs cuz I didn't want to bother fixing error of missing docs dependencies
+ $ROOTCMD bash -xe <<EOF
+cd /tmp/${tarball%.tar.gz}
+./configure --disable-documentation
+make
+make install
+EOF
+ # If our desktop is HOST2, will we btrbk this latest bprogs to other
+ # machines.
+ if [[ -s /a/bin/bash_unpublished/source-state ]]; then
+ source /a/bin/bash_unpublished/source-state
+ fi
+ if [[ $HOST2 == "$HOSTNAME" && $FAI_ROOT != / ]]; then
+ rm -rf $bp_dir
+ chown -R iank:iank $target/tmp/${tarball%.tar.gz}
+ mv $target/tmp/${tarball%.tar.gz} $bp_dir
+ fi
+ else
+ if ! $ROOTCMD dpkg -s -- build-essential 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ $ROOTCMD apt-get -y install build-essential
+ fi
+
+ if [[ $FAI_ROOT == / ]]; then
+ cd /a/opt/btrfs-progs-release
+ make install
+ else
+ mkdir -p $target/tmp/bprogs
+ mount -o bind $bp_dir $target/tmp/bprogs
+ $ROOTCMD bash -xe <<EOF
+cd /tmp/bprogs
+make install
+EOF
+ fi
+ fi
+fi
+## end get new kernel and btrfs-progs ##
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+# remove crypt password from format.log
+if [ -f $LOGDIR/format.log ]; then
+ perl -i -pane "s/Executing: yes '.+?' \| cryptsetup/Executing: yes 'XXXXXXXXXXXXX' | cryptsetup/" $LOGDIR/format.log
+fi
+
if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
:
else
fi
fi
- # i use dm for crypt, not lvm, so this gives false positive. todo, send patch to remove this
- # upstream.
- # usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
- # if [ $usedm -ne 0 ]; then
- # if [ ! -d $target/etc/lvm ]; then
- # echo ERROR: Found lvm devices, but the lvm2 package was not installed
- # error=1
- # fi
- # fi
+ if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then
+ echo ERROR: Encrypted devices used, but the crypsetup package was not installed.
+ echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file.
+ fi
+
+ # note, if we used dm for crypt, not lvm, so would givee false positive. todo, send patch to fix
+ usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+ if [ $usedm -ne 0 ]; then
+ if [ ! -d $target/etc/lvm ]; then
+ echo ERROR: Found lvm devices, but the lvm2 package was not installed
+ error=1
+ fi
+ fi
fi
# remove backup files from cfengine, but only if cfengine is installed
return
fi
- dists="jessie stretch buster bullseye bookworm trixie jammy focal bionic xenial trusty aramo nabia etiona"
+ dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"
for d in $dists; do
if grep -iq $d $target/etc/os-release; then
release=$d
# if installation was done from CD, replace useless sources.list
setrel
-if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
- grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
-deb $apt_cdn/debian $release main contrib non-free
-deb $security_cdn/debian-security ${secsuite} main contrib non-free
+if [ -f $target/etc/apt/sources.list ] && [ -n "$release" ]; then
+ if grep -q 'file generated by fai-cd' $target/etc/apt/sources.list; then
+ echo "Create new sources.list for $release"
+ cat <<EOF > $target/etc/apt/sources.list
+deb $apt_cdn/debian $release main contrib non-free non-free-firmware
+deb $security_cdn/debian-security ${secsuite} main contrib non-free non-free-firmware
#deb [trusted=yes] http://fai-project.org/download $release koeln
EOF
+ fi
# if the package fai-server was installed, enable the project's repository
if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then
- sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list
+ fai-sed '/fai-project.org/s/^#//' /etc/apt/sources.list
fi
fi
+# install default sources.list for Debian based distributions
+if [ -d $target/etc/apt ] && [ ! -f $target/etc/apt/sources.list ]; then
+ fcopy -Svc DEBIAN_DEFAULT /etc/apt/sources.list
+fi
+
+# older releases do not have the non-free-firmware section
+if [ -n "$release" ] && [[ "buster bullseye" =~ "$release" ]]; then
+ sed -i -e 's/non-free-firmware//g' $target/etc/apt/sources.list
+fi
+
# for ARM architecture, we may need the kernel and initrd to boot or flash the device
if ifclass ARM64; then
cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR
--- /dev/null
+#! /bin/bash
+
+# create an initrd for booting from ISO
+
+# get highest kernel version
+ver=$(ls -r1 $target/boot/initrd.img-*|tail -1| sed 's/.\+initrd.img-//')
+if [ -z "$ver" ]; then
+ echo "ERROR: no initrd found in $0"
+ exit 9
+fi
+
+rm $target/boot/initrd.img-$ver
+$ROOTCMD dracut -N --zstd --filesystems ext4 -a "dmsquash-live " -o"btrfs crypt dash lvm resume usrmount modsign mdraid shutdown virtfs" /boot/initrd.img-$ver $ver
+
+echo ISO initrd was created
--- /dev/null
+#! /bin/bash
+
+# this is defined in hooks/subroutines
+cleanup_dpkg_apt
+cleanup_base
+
+echo cleanup for live ISO done
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
+# Thomas Lange, 2015-2020
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+$ROOTCMD usermod -p $ROOTPW root
+
+fcopy -v /etc/selinux/config
+$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
+chmod a+rx $target
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+# (c) Thomas Lange, 2011, Uni Koeln
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+ainsl -v /etc/fstab "proc /proc proc defaults 0 0"
+ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0"
+
+version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
+
+
+if [ -f $target/etc/lvm/lvm.conf ]; then
+ fai-sed 's/use_lvmetad = 1/use_lvmetad = 0/' /etc/lvm/lvm.conf
+ ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
+fi
+
+
+# add filesystem driver into initrd
+ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+=" ext4 "'
+$ROOTCMD dracut -v --kver $version --force
+
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
+# (c) Thomas Lange 2014
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ -r $LOGDIR/disk_var.sh ] ; then
+ . $LOGDIR/disk_var.sh
+else
+ echo "disk_var.sh not found!"
+ exit 1
+fi
+
+
+# CentOS 7 does not have a device.map file, so generate one
+if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
+ echo "# Generated by FAI" >> $target/boot/grub2/device.map
+ centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
+ dcount=0
+ for d in $centosdisks; do
+ echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map
+ dcount=$((dcount + 1))
+ done
+fi
+
+bootdev=$(device2grub $BOOT_DEVICE)
+bootpart=$(device2grub $BOOT_PARTITION)
+version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
+
+if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
+ bootdir=''
+else
+ bootdir='/boot'
+fi
+
+mount -o bind /dev $target/dev
+
+if [ -f $target/usr/sbin/grub2-install ]; then
+
+ # CentOS 7
+ $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
+ $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
+else
+
+$ROOTCMD grub-install --just-copy
+
+$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
+ device $bootdev $BOOT_DEVICE
+ root $bootpart
+ setup $bootdev
+ quit
+ EOF
+
+ln -s ./menu.lst $target/boot/grub/grub.conf
+
+if [ -f $target/boot/grub/splash.xpm.gz ]; then
+ pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
+else
+ pretty="color cyan/blue white/blue"
+fi
+
+title=$(head -1 $target/etc/redhat-release)
+
+cat > $target/boot/grub/grub.conf <<-EOF
+ timeout 5
+ default 0
+ $pretty
+ hiddenmenu
+
+ title $title
+ root $bootpart
+ kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
+ initrd $bootdir/initramfs-$version.img
+ EOF
+
+fi
+
+umount $target/dev
+
+echo ""
+echo "Grub installed on $BOOT_DEVICE = $bootdev"
+echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
+echo "Root partition is $ROOT_PARTITION"
+echo "Boot kernel: $version"
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
+
+error=0 ; trap "error=$((error|1))" ERR
+
+cat > $target/etc/sysconfig/clock <<-EOF
+ UTC=$UTC
+ ZONE=$TIMEZONE
+ EOF
+cat > $target/etc/sysconfig/i18n <<-EOF
+ LANG="$DEFAULTLOCALE"
+ SUPPORTED="$SUPPORTEDLOCALE"
+ SYSFONT="$CONSOLEFONT"
+ EOF
+cat > $target/etc/sysconfig/keyboard <<-EOF
+ KEYBOARDTYPE="pc"
+ KEYTABLE="$KEYMAP"
+ EOF
+
+# can not be used, because we still not use systemd in FAI
+# $ROOTCMD localectl set-locale LANG=$DEFAULTLOCALE
+
+cat > $target/etc/locale.conf <<-EOF
+ LANG="$DEFAULTLOCALE"
+ EOF
+if [ -f $target/usr/lib/locale/locale-archive.tmpl \
+ -a ! -s $target/usr/lib/locale/locale-archive ]; then
+ mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
+fi
+
+fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
+
+exit $error
+
--- /dev/null
+#! /bin/bash
+
+error=0 ; trap "error=$((error|1))" ERR
+
+ifcfg_config() {
+
+ cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
+ # generated by FAI
+ TYPE=Ethernet
+ PROXY_METHOD=none
+ BOOTPROTO=dhcp
+ DEFROUTE=yes
+ BROWSER_ONLY=no
+ IP4_FAILURE_FATAL=no
+ IPV6INIT=no
+ IPV6_AUTOCONF=no
+ NAME=$NIC1
+ DEVICE=$NIC1
+ ONBOOT=yes
+ EOF
+}
+
+nm_config() {
+
+ uuid=$(uuidgen)
+
+ cat > $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection << EOF
+
+# generated by FAI
+[connection]
+id=$NIC1
+uuid=$uuid
+type=ethernet
+autoconnect-priority=-999
+interface-name=$NIC1
+
+[ethernet]
+
+[ipv4]
+method=auto
+
+[ipv6]
+addr-gen-mode=eui64
+method=auto
+
+[proxy]
+EOF
+
+ chmod 600 $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection
+}
+
+
+
+# determine predictable network names
+fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
+for field in $fields; do
+ name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
+ if [[ $name ]]; then
+ NIC1=$name
+ break
+ fi
+done
+if [[ ! $name ]]; then
+ echo "$0: error: could not find systemd predictable network name. Using $NIC1."
+fi
+
+if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
+ . $target/etc/os-release
+ major=$(echo ${VERSION_ID} | awk -F '.' '{ print $1 }')
+
+ if [ $major -lt 9 ]; then
+ ifcfg_config
+ else
+ nm_config
+ fi
+fi
+
+fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
+fcopy -ivr /etc/sysconfig/network-scripts
+
+exit $error
--- /dev/null
+#! /bin/bash
+
+error=0 ; trap "error=$((error|1))" ERR
+
+# add a $username user account
+if [ -n "$username" ]; then
+ if ! $ROOTCMD getent passwd $username ; then
+ $ROOTCMD adduser -c "$username user" $username
+ $ROOTCMD usermod -p "$USERPW" $username
+ fi
+fi
+
+# enable graphical login screen, make run level 5 as default
+if [ -f $target/usr/sbin/gdm ]; then
+ fai-sed 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab
+ # do not run this tool
+ echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
+fi
+
+exit $error
+
--- /dev/null
+#! /bin/bash
+
+$ROOTCMD yum clean all
# Subroutines for automatic tests
#
-# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de
+# Copyright (C) 2009 Thomas Lange, lange@cs.uni-koeln.de
# Based on the first version by Sebastian Hetze, 08/2008
package FAITEST;
point to whatever host this is run on.
Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding
-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and it must have been
generated around the same time as the nfsroot, at least so it has the
same kernel version.
exit 1
fi
-basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.gz)
+basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.zst)
sed="sed -ri --follow-symlinks"
if [[ ! -e $basefile ]]; then
# fai on ubuntu only has official support using the universe repo, but newer
# tends to have less bugs.
-wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+wget -O - https://fai-project.org/download/fai-project.gpg | sudo dd of=/etc/apt/trusted.gpg.d/fai-project.gpg
update=false
case $base in
$t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
$t/etc/udev/rules.d/70-persistent-net.rules
echo | dd of=$t/etc/machine-id
-tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst
cleanup
on another repo of Ian Kelling, basic-https-conf, where the file is at
/a/exe/web-conf.
-Usng this, you can boot into fai with pxe-kexec without changing
-the dhcp server.
+Using this, you can boot into fai with pxe-kexec without changing the
+dhcp server. Note, if you are booting using fai-cd, the pxe config does
+nothing, and only flags affecting FAI_ACTION will have any affect. You
+can change the fai flags in the grub config, for example in
+./grub.cfg.autodiscover, or at runtime by editing a grub menu option.
+We could probably also set FAI_FLAGS the same way we set FAI_ACTION,
+but I haven't tried it.
-Argument sets the host to enable it for. No argument disables pxe
-config for all hosts, but leaves nfs server alone. Use faiserver-disable
-to disable the nfs server.
+HOSTNAME|IP|default Sets the host to enable it for. No argument
+ disables pxe config for all hosts, but leaves nfs
+ server alone. Use faiserver-disable to disable the
+ nfs server.
-S sets FAI_ACTION=sysinfo, and remove fai flag reboot.
Usefull for doing a system recovery. It reboots automatically anyways :(
-k Add serial port output for kgped16
-i sets FAI_ACTION=inventory and remove fai flag reboot.
I'm not sure what this is usefull for.
+-b Setup bonded ethernet.
+--no-r Tell fai-chboot not to reboot when its done. This is implied by -i and -S.
-h|--help Print help and exit.
EOF
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# note, this script gets piped to bash, so cant cd to current dir
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+set -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+ cat <<EOF
+Usage: call from myfai-chboot, see its help
+
+# note, this script gets piped to bash, so cant cd to current dir
+
+-h|--help Print help and exit.
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+ exit $1
+}
+
+
kgped16=false
bond=false
fai_action=install
fai_reboot_arg=,reboot
-while [[ $1 == -* ]]; do
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help,no-r hSi "$@") || usage 1
+eval set -- "$temp"
+while true; do
case $1 in
- -h|--help)
- echo "see help from myfai-chboot"
- exit 0
- ;;
-S)
fai_action=sysinfo
fai_reboot_arg=
- shift
;;
-i) #inventory
fai_action=inventory
fai_reboot_arg=
- shift
;;
-k)
kgped16=true
- shift
;;
-b)
bond=true
- shift
;;
--no-r)
fai_reboot_arg=
- shift
;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
+ shift
done
-
-pre="${0##*/}:"
-m() { printf "$pre %s\n" "$*"; "$@"; }
-e() { printf "$pre %s\n" "$*"; }
-err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
-
-host=$1
+read -r host <<<"$@"
+readonly host
rm -f /srv/tftp/fai/pxelinux.cfg/*
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
option target REJECT
## end no external dns for ziva
+$(. /root/cmc-firewall-data)
config rule
option src wan
option target ACCEPT
option dest_port 9091
-config redirect
- option name sshkd
- option src wan
- option src_dport 2202
- option dest_port 22
- option dest_ip $l.2
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2202
-
# was working on an openvpn server, didn't finish
# config redirect
# option name vpnkd
option dest_port 8989
-config redirect
- option name sshx2
- option src wan
- option src_dport 2205
- option dest_port 22
- option dest_ip $l.5
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2205
-
-config redirect
- option name sshx3
- option src wan
- option src_dport 2207
- option dest_port 22
- option dest_ip $l.7
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2207
-
-config redirect
- option name sshbb8
- option src wan
- option src_dport 2209
- option dest_port 22
- option dest_ip $l.32
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2209
-
-
-config redirect
- option name sshfrodo
- option src wan
- option src_dport 2234
- option dest_port 34
- option dest_ip $l.34
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2234
-
config redirect
option name icecast
option target ACCEPT
option dest_port 4533
-# So a client can just have i.b8.nz dns even when they
+# So a client can just have b8.nz dns even when they
# are on the lan.
#config redirect
# option name navidromelan