From 23bf2f3666becf9d3c219af1eaea08b4cf843492 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Thu, 1 Sep 2016 05:48:41 -0700
Subject: [PATCH] fixup initial faiserver bootstrap & small bugs

---
 README                               |  5 +--
 debian-pxe-preseed                   | 38 +++++++++++++++-----
 dsfull                               |  2 +-
 fai-revm                             | 12 ++++---
 fai/config/class/50-host-classes     | 12 +++++++
 fai/config/distro-install-common/end |  7 ----
 faiserver-revm                       | 17 ++++++---
 faiserver-setup                      | 54 +++++++++++++++++++++-------
 pxe-server                           | 14 +++++---
 wrt-setup                            |  8 ++---
 wrt-setup-remote                     |  2 +-
 11 files changed, 119 insertions(+), 52 deletions(-)

diff --git a/README b/README
index ba0a7bd..b535507 100644
--- a/README
+++ b/README
@@ -41,8 +41,9 @@ arch-init-remote # install arch (after it's been booted into it's setup env)
 chboot # Set grub to boot into a different distro (installed earlier)
 dsfull # install & setup a new fai distro (if data partition already synced)
 fai-revm  # test fai on a fresh vm
-faiserver-revm # create a vm which is a fai server
-faiserver-uninstall
+faiserver-revm # create a vm which is a fai server using pxe & preseed file
+faiserver-uninstall # uninstall fai-server
+faiserver-setup # install fai-server on the current machine
 fresize # resize swap or boot partitions in a host
 pxe-server # temporarily enable (usually) fai or arch boot server
 wrt-setup-remote  # setup my router
diff --git a/debian-pxe-preseed b/debian-pxe-preseed
index adb9a26..f973194 100755
--- a/debian-pxe-preseed
+++ b/debian-pxe-preseed
@@ -1,27 +1,47 @@
 #!/bin/bash
 # Copyright (C) 2016 Ian Kelling
 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+
+cleanup() { :; }
 set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'cleanup; echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 
 [[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
 
-cd $(dirname $(readlink -f "$BASH_SOURCE"))
+src=$(readlink -f "${BASH_SOURCE%/*}")
+
+e() { echo "$*"; "$@"; }
 
 mount_dir=$(mktemp -d)
 
-mount -o users wrt:/mnt/usb $mount_dir
+cleanup() { cd; umount -f $mount_dir; }
+e mount -o users wrt:/mnt/usb $mount_dir
+
 
 cd $mount_dir
-rm -rf debian-wheezy
+e rm -rf debian-wheezy
 mkdir debian-wheezy
 cd debian-wheezy
-debian-preseed "$@" # my script
+e $src/debian-preseed "$@" # my script
 cd ..
-rm -f tftpboot
-ln -s debian-wheezy tftpboot
+e rm -f tftpboot
+e ln -s debian-wheezy tftpboot
 
 cd /
-umount $mount_dir
-pxe-server plain # my script
+e umount $mount_dir
+e $src/pxe-server -p plain # my script
diff --git a/dsfull b/dsfull
index f1966f0..5d50eab 100755
--- a/dsfull
+++ b/dsfull
@@ -22,7 +22,7 @@ fi
 set -x
 if $reboot; then
     # untested, this caused hang using here doc.
-    ssh $host sudo bash -c "touch /tmp/keyscript-off; reboot" ||:
+    ssh $host "touch /tmp/keyscript-off; sudo reboot" ||:
 fi
 
 pxe-server fai $host
diff --git a/fai-revm b/fai-revm
index b3e2dec..2361ecf 100755
--- a/fai-revm
+++ b/fai-revm
@@ -36,10 +36,12 @@ disk_count=2
 script_dir=$(dirname $(readlink -f "$BASH_SOURCE"))
 
 if [[ $script_dir == /a/bin/* ]]; then
-    rm -rf /a/tmp/fai2
+    # Copy our script elsewhere so we can develop it
+    # and save it at the same time it's running
+    rm -rf /tmp/faifreeze
     mkdir -p /a/tmp
-    cp -ar /a/bin/fai /a/tmp/fai2
-    exec /a/tmp/fai2/${BASH_SOURCE##*/} "$@"
+    cp -ar /a/bin/fai /tmp/faifreeze
+    exec /tmp/faifreeze/${BASH_SOURCE##*/} "$@"
 fi
 
 cd $script_dir
@@ -57,7 +59,7 @@ if is_arch_revm; then
     # via osinfo-query os. guessing arch is closest to latest fedora.
     variant=fedora22
 else
-    ./pxe-server fai &
+    ./pxe-server -a fai &
     sleep 2
     if $redeploy; then
         ./fai-redep
@@ -91,7 +93,7 @@ fi
 # uniq is to stop gtk-warning spam
 s virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \
   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad \
-  --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^$' | uniq &
+  --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 
 if [[ $SSH_CLIENT ]]; then
     fg
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 624077d..b623f88 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -2,6 +2,18 @@
 
 # assign classes to hosts based on their hostname
 
+# NOTE:
+# 51-multi-boot should have something like this
+# for transient host configs which are not saved in
+# git (and make it executable):
+
+# if [[ ! -e /a/bin/fai/fai-wrapper ]]; then
+#     case $HOSTNAME in
+#     frodo) echo STABLE ;;
+#     esac
+# fi
+
+
 # do not use this if a menu will be presented
 [ "$flag_menu" ] && exit 0
 
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 6afcd1e..c68be2c 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -8,13 +8,6 @@ if [[ $EUID != 0 ]]; then
     exit 1
 fi
 
-### begin set hostname
-echo $HOSTNAME > /etc/hostname
-sed -i '/^127\.0\.1\.1/d' /etc/hosts
-echo "127.0.1.1 $HOSTNAME" >> /etc/hosts
-hostname -F /etc/hostname
-### end set hostname
-
 TPW=/q/root/shadow/traci-simple
 if ifclass tp; then
     ROOTPW="$TPW"
diff --git a/faiserver-revm b/faiserver-revm
index 1f84b0d..2b2864a 100755
--- a/faiserver-revm
+++ b/faiserver-revm
@@ -1,11 +1,13 @@
 #!/bin/bash -l
-# create a vm which is a fai server
+# Create a vm which is a fai server.
+# This assumes you've set the dhcp server to make
+# 52:54:00:56:09:f9 be faiserver.
 set -x
 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-cd $(dirname $(readlink -f "$BASH_SOURCE"))
+cd "${BASH_SOURCE%/*}"
 
 ./debian-pxe-preseed -i 192.168.1.1 -u ian -g vda
 
@@ -15,12 +17,17 @@ s virshrm $name ||:
 f=/var/lib/libvirt/images/${name}
 s qemu-img create -o preallocation=metadata -f qcow2 $f 30G
 
+# uniq because virt-viewer spams me with pointless gtk warnings
 s virt-install --os-variant debian8 --cpu host -n $name --pxe -r 1024 --vcpus 1 \
-  --disk $f -w bridge=br0,mac=52:54:00:56:09:f9 &
+  --disk $f -w bridge=br0,mac=52:54:00:56:09:f9 |& sed "/^ *$/d" | uniq &
 
 sleep $((60*6)) # takes like 10x as long as a fai install!
-while ! scp fai-setup root@faiserver:; do
+
+opts="-oStrictHostKeyChecking=false -oUserKnownHostsFile=/dev/null"
+while ! scp $opts faiserver-setup root@faiserver:; do
     sleep 5
 done
 
-ssh root@faiserver ./faiserver-setup
+./pxe-server :
+
+ssh $opts root@faiserver ./faiserver-setup
diff --git a/faiserver-setup b/faiserver-setup
index 617a3dc..724a09c 100755
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -26,14 +26,24 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
 
 e() { echo "$@"; "$@"; }
+
+base=${1:-jessie}
+sed="sed -ri --follow-symlinks"
+
+
+if [[ $base == jessie ]]; then
+    wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add -
+    cat >/etc/apt/sources.list.d/fai.list <<'EOF'
+deb http://fai-project.org/download jessie koeln
+EOF
+else
+    rm -f /etc/apt/sources.list.d/fai.list
+fi
+
 # for ubuntu:
 #add-apt-repository -y ppa:fai/ppa
 
 # for debian:
-wget -O - http://fai-project.org/download/074BCDE4.asc | apt-key add -
-cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb http://fai-project.org/download jessie koeln
-EOF
 
 apt-get update
 # all the dependencies except the dhcp server
@@ -43,28 +53,48 @@ to_install=()
 for pkg in $deps; do
     dpkg -s $pkg &>/dev/null && continue ||:
     to_install+=($pkg)
-    echo $pkg >>/etc/fai/fai-manually-installed-packages
+    # just so we have a record.
+    echo `date` $pkg >>/var/log/fai-manually-installed-packages.log
 done
 if [[ $to_install ]]; then
     apt-get -y install ${to_install[@]}
 fi
 
-sed="sed -ri --follow-symlinks"
-$sed 's/^#deb/deb/' /etc/fai/apt/sources.list
+r=http://http.us.debian.org/debian
+# like default, but scrap httpredir and add suggested newer pkgs in fai-project.org
+dd of=/etc/fai/apt/sources.list <<EOF
+deb $r $base main contrib non-free
+deb http://security.debian.org/debian-security $base/updates main contrib non-free
+
+EOF
+
+if [[ $base == jessie ]]; then
+    tee -a /etc/fai/apt/sources.list <<'EOF'
+deb http://fai-project.org/download jessie koeln
+EOF
+fi
+
+# tried out a stretch base, doesn't work yet.
+$sed -f - /etc/fai/nfsroot.conf <<EOF
+s,^( *FAI_DEBOOTSTRAP=).*,\1"$base $r",
+EOF
+
 $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
 # from man fai-make-nfsroot,
 # figured out after partitioning ignored my crypt partition
+
+
 if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then
     $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT
 fi
-fai-setup -vf
+e fai-setup -vf
 { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
-        | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \
+      | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \
     } >>/srv/fai/nfsroot/root/.ssh/known_hosts
 
 # this does not alter the config on a new install
 $sed 's#^([[:space:]]*TFTP_DIRECTORY[[:space:]]*=).*#\1"/srv/tftp"#' \
-    /etc/default/tftpd-hpa
+     /etc/default/tftpd-hpa
 
 service tftpd-hpa restart
 
@@ -84,9 +114,9 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
 type -t host &>/dev/null || apt-get -y install dnsutils
 # resolve host using gateway address
 my_ip=$(host faiserver $(route -n | sed -rn 's/^(0\.){3}0\s+(\S+).*/\2/p') | \
-               sed -rn 's/^\S+ has address //p')
+            sed -rn 's/^\S+ has address //p')
 k_args=$(fai-chboot -L '^default$' | \
-                sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/")
+             sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/")
 e fai-chboot -k "$k_args" -v -f verbose,sshd,createvt,reboot $std_arg $kernel default
 
 # make the faiserver also the apt proxy server
diff --git a/pxe-server b/pxe-server
index eb9622a..1f75adb 100755
--- a/pxe-server
+++ b/pxe-server
@@ -36,8 +36,10 @@ HOST makes the pxe server only for that specific host
 
 -h|--help  Print help and exit
 --         Subsequent arguments are never treated as options
--p         Persist. Otherwise, wait for 2 dhcp acks then remove.
+-p         Persist. Otherwise, wait for dhcp acks then remove.
 -r         Don't redeploy fai config.
+-a         Wait for 2 dhcp acks instead of the default 3. Some distros
+           do 2, some do 3.
 EOF
     exit $1
 }
@@ -47,12 +49,14 @@ EOF
 persist=false
 args=()
 redep=true
+acks=3
 while [[ $1 ]]; do
     case $1 in
         --) shift; break ;;
         -h|--help) usage ;;
         -r) redep=false; shift ;;
         -p) persist=true; shift ;;
+        -a) acks=2; shift ;;
         *) args+=("$1"); shift ;;
     esac
 done
@@ -72,6 +76,7 @@ fi
 
 case $type in
     :|true) persist=true ;;
+    arch) acks=2 ;;
 esac
 
 ##### end command line parsing ########
@@ -138,9 +143,10 @@ fi
 if ! $persist; then
     # fai's debian jessie 8.5ish does 2 dhcp requests when booting,
     # roughly 4 seconds apart. Earlier
-    # versions did just 1. Whatever.
-    echo "waiting for 3 dhcp acks then disabling pxe"
-    ack-wait 3
+    # versions did just 1. Now testing on a vm, it does 1.
+    # bleh.
+    echo "waiting for $acks dhcp acks then disabling pxe"
+    ack-wait $acks
     set-pxe :
     if [[ $type == fai ]]; then
         # fai server can contain sensitive info, so turn it off
diff --git a/wrt-setup b/wrt-setup
index b437219..755f2d4 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -184,9 +184,6 @@ config rule
     option src              wan
     option target           ACCEPT
     option dest_port        22
-
-
-
 EOF
 
 
@@ -195,15 +192,14 @@ EOF
 dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 192.168.1.1 wrt
-192.168.1.2 treetowl faiserver $IMPERSONAL_DOMAIN
+192.168.1.2 treetowl $IMPERSONAL_DOMAIN
 192.168.1.3 frodo
 192.168.1.4 htpc
 192.168.1.5 x2
 192.168.1.6 testvm
 192.168.1.8 tp
 72.14.176.105 li
-173.255.202.210 lj
-23.239.31.172 lk
+45.33.1.160 lj
 138.68.10.24 dopub
 # cant ssh to do when on vpn. some routing/firewall rule or something,
 # I don't know. I can get there from wrt but not my machine.
diff --git a/wrt-setup-remote b/wrt-setup-remote
index 408e0c3..8444e45 100755
--- a/wrt-setup-remote
+++ b/wrt-setup-remote
@@ -27,6 +27,6 @@ if ! opkg list-installed|grep bash; then
     opkg update
     opkg install bash
 fi
-export IMPERSONAL_DOMAIN=$IMPERSONAL_DOMAIN`
+export IMPERSONAL_DOMAIN=$IMPERSONAL_DOMAIN
 wrt-setup
 EOF
-- 
2.30.2