From 34839ddd0fbddfe203a3aa5b3387186a273e31df Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Sat, 12 May 2018 14:44:35 -0400
Subject: [PATCH] fixes plus readme updates

---
 README                           | 38 +++++++++++++++++++++++++++-----
 fai-redep                        |  2 +-
 fai-revm                         | 22 +++++++++++++++---
 fai/config/class/50-host-classes |  7 ++++++
 faiserver-setup                  | 20 ++++++++++++++---
 wrt-setup                        |  8 ++-----
 6 files changed, 78 insertions(+), 19 deletions(-)

diff --git a/README b/README
index 32cd829..60c6e6f 100644
--- a/README
+++ b/README
@@ -1,10 +1,9 @@
 PXE install w multi-boot, btrfs & Libreboot support
 
 Some things are specific to my home network, and uses files with secrets
-that are not in this repo. Uses pxe or pxe-kexec (on libreboot, I have
-not added a pxe rom, I use a minimal debian stable subvolume which acts
-like a pxe rom). I use this for bare metal and vms, and two scripts
-which can run post boot so I use them on vps distributed image as well.
+that are not in this repo. I use this for bare metal and vms, and two
+scripts which can run post boot so I use them on vps distributed image
+as well.
 
 Features people may find useful: installs encrypted trisquel, debian,
 ubuntu, and arch (havne't done recently, probably a bit broken), in a
@@ -12,6 +11,27 @@ multi-boot setup using multiple subvolumes of a single btrfs filesystem.
 Utilizes multiple disks, with scripts to automatically decrypt on
 intentional reboots, but not after shutdown or power loss.
 
+Normal install mode for fai is using pxe, but on a libreboot system,
+there is no pxe. The pxe in a normal computer is nonfree firmware. What
+I've done instead:
+
+* Use a live cd to call pxe-kexec, this is described later in this file.
+
+* Use the fai autodiscover iso. This is more automated, so nicer.
+
+* Use an install method above to setup a gnu/linux disk partition that
+  acts like a pxe boot using kexec, but it takes a bit longer. This is
+  the bootstrap partition in my scripts.
+
+Things I haven't tried:
+
+* There is iPXE, which requires standard bios functions, which can be
+  provided by seabios, which can be a libreboot payload.
+
+* The bios chip has enough room for an initrd. This could be setup to
+  work like the partition I use to kexec, but it would be faster, and
+  not require installing to disk.
+
 The partititioning and filesystem script is at
 fai/config/hooks/partition.DEFAULT. Disks are grouped as ssd or hdd and
 raided in raid 1 or raid 0 per configuration. The base partitions are
@@ -43,6 +63,8 @@ Some of the scripts have dependencies for some simple obvious utility
 scripts from https://iankelling.org/git, and of course there are some
 hostnames that are specific to my network.
 
+
+
 All scripts meant to be used directly are listed here:
 
 
@@ -81,6 +103,7 @@ fai-wrapper # use fai classes outside of fai. sourced, not called.
 faiserver-disable # Disable the fai nfs server exports
 fresize # resize swap or boot partitions in a host
 
+
 # Replacing a raid 10 disk
 
 pxe-server -S HOST fai
@@ -107,7 +130,7 @@ reboot
 
 host=kw
 distro=trisquel
-t=/tmp/d
+t=/dev/shm/t
 myfai-chboot default
 sudo sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf
 # config umount required after a failed run, proc umount always required
@@ -129,7 +152,10 @@ sudo rm -f $t/etc/hostname $t/etc/resolv.conf \
 echo | sudo dd of=$t/etc/machine-id
 sudo tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/FLIDAS64X.tar.gz
 
-License stuff:
+
+
+# License
+
 The license for the project is GPLv2 or later, mostly because fai is and
 I periodically merge the upstream example config, which contains small
 scripts. Also, there is a modified encrypt.upstream, which is from the
diff --git a/fai-redep b/fai-redep
index eafb1dc..94a85db 100755
--- a/fai-redep
+++ b/fai-redep
@@ -23,7 +23,7 @@ usage() {
     cat <<EOF
 usage: ${0##*/} [-h|--help] [HOST] [DISTRO]
 Deploy fai config (the one in nfs) to HOST or default faiserver
-DISTRO is default this distro, or DISTRO for setting up DESKTOP packages.
+Specify DISTRO for setting up DESKTOP packages.
 EOF
     exit $1
 }
diff --git a/fai-revm b/fai-revm
index bd9a9d6..4b3d0d0 100755
--- a/fai-revm
+++ b/fai-revm
@@ -34,9 +34,10 @@ Note, sometimes shutting down the existing demohost vm
 fails. Just run again if that happens.
 
 -d         Don't do dhcp setup for when we aren't on Ian's home network.
--r         Do not boot after install is complete
 -n         Create new qcow2(s) for vm. Good for testing partitioning
            script, to ensure a blank disk.
+-p         Use pxe instead of autodiscover iso with fai.
+-r         Do not boot after install is complete
 -h|--help  Print help and exit.
 
 Note: Uses GNU getopt options parsing style
@@ -46,12 +47,14 @@ EOF
 
 orig_args=("$@")
 new_disk=false
-temp=$(getopt -l help dnrh "$@") || usage 1
+pxe=false
+temp=$(getopt -l help dnprh "$@") || usage 1
 eval set -- "$temp"
 while true; do
     case $1 in
         -d) dhcp_arg=-d; shift ;;
         -n) new_disk=true; shift ;;
+        -p) pxe=true; shift ;;
         -r) reboot_arg=--noreboot; shift ;;
         -h|--help) usage ;;
         --) shift; break ;;
@@ -86,14 +89,21 @@ cleanup() {
 }
 _errcatch_cleanup=cleanup
 
+boot_arg=--pxe
 if is_arch_revm; then
     e ./pxe-server $dhcp_arg demohost arch
     sleep 2
     # via osinfo-query os. guessing arch is closest to latest fedora.
     variant=fedora22
 else
+  if $pxe; then
     e ./pxe-server $dhcp_arg demohost fai
     sleep 2
+    else
+      boot_arg="--cdrom /a/bin/fai-basefiles/autodiscover.iso"
+     e fai-redep
+     e myfai-chboot default
+fi
     # I don't think these variants actually make a diff for us, but I
     # use the appropriate one when trying a new distro just in case.
     variant=ubuntu14.04
@@ -128,10 +138,16 @@ s iptables -P FORWARD ACCEPT
 # init_module+0x108/0x1000 [raid6_pq]
 #
 # uniq is to stop gtk-warning spam
-e s virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \
+# e s virt-install --os-variant $variant  -n $name --pxe -r 2048 --vcpus 1 \
+#   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+#   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
+
+
+e s virt-install --os-variant $variant  -n $name $boot_arg -r 2048 --vcpus 1 \
   ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
   --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
 
+
 if [[ $SSH_CLIENT ]]; then
     fg
 fi
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index adb8789..b9cc75b 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -41,6 +41,13 @@
 #
 # Other notable classes:
 #
+# INSTALL: for autodiscover iso, this is needed. We could also add it to
+# the autodiscover grub, but then we have to burn a new iso if we want a
+# non-install one. It sets the class for the corresponding INSTALL.var,
+# which sets FAI_ACTION=INSTALL. I'm not sure if this variable overrides
+# FAI_ACTION outside of autodiscover, todo: test it out, if it doesn't,
+# make install be default in 51-multi-boot, and disable it if needed.
+#
 # DESKTOP: install a bunch of extra packages. For creating X suffix
 # basefiles. See README.
 #
diff --git a/faiserver-setup b/faiserver-setup
index bbc4f50..544d3db 100755
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -88,7 +88,7 @@ EOF
 elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release || grep -iE 'flidas|xenail' /etc/os-release ; then
   # fai on ubuntu only has official support using the universe repo, but newer
   # tends to have less bugs.
-  gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
+  gpg --keyserver hkp://pool.sks-keyservers.net -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
 
   cat >/etc/apt/sources.list.d/fai.list <<'EOF'
 deb http://fai-project.org/download stretch koeln
@@ -104,6 +104,7 @@ apt-get update
 # nfs-kernel-server. On an android chroot, we don\'t have nfs in the
 # kernel, or the ability to install it.
 # xorriso is for running fai-cd -a, not strictly need for fai-server
+# perl-tk is for fai-monitor-gui
 pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
 if modprobe nfsd &>/dev/null; then
   pkgs+=(nfs-kernel-server)
@@ -113,7 +114,9 @@ fi
 
 
 apt-get install -y ${pkgs[@]}
-apt-get install --no-install-recommends -y fai-server
+# confnew since we edit /etc/fai/NFSROOT in an automated way
+# fai-client is already a fai-server dependency, but make sure it gets upgraded
+apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client
 
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.
@@ -208,7 +211,10 @@ if armhf; then
 
     rm -f $NFSROOT/boot/*.bak
     mkdir -p $TFTPROOT/pxelinux.cfg
-    chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
+    if ! chmod a+r $NFSROOT/boot/initrd.img-*; then
+      echo "$0: error: No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
+      exit 1
+    fi
     cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
     cp -u $pxebin $TFTPROOT
     if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
@@ -233,6 +239,14 @@ else # not armhf
   # note, this copies the -B arg to
   # /srv/fai/nfsroot/var/tmp/base.tar.xz
   e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
+  # fai-setup expert mode avoids writing to /var/log/fai/variables
+  # at least config_src is needed for autodiscover
+  $sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables
+  tee -a /var/log/fai/variables <<'EOF'
+LOGUSER=fai
+FAI_CONFIGDIR=/srv/fai/config
+FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config
+EOF
   # make the faiserver also the apt proxy server
   apt-get -y install apt-cacher-ng
 fi
diff --git a/wrt-setup b/wrt-setup
index ed9cc27..ab2e5c5 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -274,8 +274,7 @@ v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 #192.168.1.7 faiserver
 192.168.1.8 tp faiserver b8.nz
 192.168.1.9 n5
-192.168.1.10 kw
-192.168.1.11 kww
+192.168.1.10 so
 192.168.1.12 fz
 72.14.176.105 li
 45.33.9.11 lj
@@ -365,10 +364,8 @@ dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl
 dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
 dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
 dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
+#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,x2w
 #wireless interface
-#dhcp-host=00:22:5f:88:28:27,set:x2,192.168.1.5,x2
-#dhcp-host=00:1f:16:16:39:24,set:kw,192.168.1.10,kw
-#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,kww
 # this is so fai can have an explicit name to use for testing,
 # or else any random machine which did a pxe boot would get
 # reformatted. The mac is from doing a virt-install, cancelling it,
@@ -376,7 +373,6 @@ dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
 dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
 #dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
-dhcp-host=c4:43:8f:f2:79:1f,set:n5,192.168.1.9,n5
 # this is the ip it picks by default if dhcp fails,
 # so might as well use it.
 # hostname is the name it uses according to telnet
-- 
2.30.2