From 3f20eea52b8d7f665b2c3b483921f15a0e48d7ee Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Wed, 8 Apr 2020 16:32:21 -0400
Subject: [PATCH] various fixes for etiona and pxe

---
 README                                        |   1 +
 .../apt/preferences.d/etiona-bionic/ETIONA    |   3 +
 fai/config/scripts/GRUB_PC/11-iank            |  26 +--
 pxe-server                                    |  30 +++-
 wrt-setup                                     |  20 ++-
 wrt-setup-local                               | 148 ++++++++++--------
 6 files changed, 141 insertions(+), 87 deletions(-)
 create mode 100644 fai/config/files/etc/apt/preferences.d/etiona-bionic/ETIONA

diff --git a/README b/README
index eae4b2d..5aa71ee 100644
--- a/README
+++ b/README
@@ -95,6 +95,7 @@ on fai-redep arguments.
 # Setup the environment for the install
 
 # create tiny autodiscover cd
+# todo: with fai-revm at least, this complains about missing vmlinuz. need to fix this.
 fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso
 # create normal fai cd (replace TARGET_HOSTNAME)
 fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot -f $BASEFILE_DIR/netinst.iso
diff --git a/fai/config/files/etc/apt/preferences.d/etiona-bionic/ETIONA b/fai/config/files/etc/apt/preferences.d/etiona-bionic/ETIONA
new file mode 100644
index 0000000..02d579b
--- /dev/null
+++ b/fai/config/files/etc/apt/preferences.d/etiona-bionic/ETIONA
@@ -0,0 +1,3 @@
+Package: *
+Pin: release n=bionic
+Pin-Priority: -100
diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index b039227..852e03a 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -143,7 +143,7 @@ if [[ $FAI_ACTION != dirinstall ]]; then
     cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
   else
     speed=115200
-   cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
+    cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
   fi
 
   cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
@@ -226,20 +226,24 @@ iface eth0 inet dhcp
 iface eth0 inet6 auto
 EOF
 
-# previously had an else condition after
-#elif ifclass VM || ifclass LINODE; then
-# iface br0 inet dhcp
-#   bridge_ports $NIC1
-#   bridge_stp off
-#   bridge_maxwait 0
-# however, on t9, on startup, br0, became
-# rename1 and didn't come up. i dunno why,
-# but the bridge is for vms that I rarely use,
-# so not bothering to figure it out.
+  # previously had an else condition after
+  #elif ifclass VM || ifclass LINODE; then
+  # iface $NIC1 inet manual
+  # iface br0 inet dhcp
+  #   bridge_ports $NIC1
+  #   bridge_stp off
+  #   bridge_maxwait 0
+  # however, on t9, on startup, br0, became
+  # rename1 and didn't come up. i dunno why,
+  # but the bridge is for vms that I rarely use,
+  # so not bothering to figure it out.
 
 
 fi
 
+rm -f $target/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
+
 if ifclass LINODE; then
   mkdir -p $target/etc/initramfs-tools/conf.d
   cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
diff --git a/pxe-server b/pxe-server
index e668088..6ca453c 100755
--- a/pxe-server
+++ b/pxe-server
@@ -132,9 +132,9 @@ fi
 
 archlike() {
   cat <<EOF
-dhcp-option-force=209,boot/syslinux/${type}iso.cfg
-dhcp-option-force=210,/${type}/
-dhcp-boot=${host_tag}/${type}/boot/syslinux/lpxelinux.0
+${host_tag}209,boot/syslinux/${type}iso.cfg
+${host_tag}210,/${type}/
+${host_tag}bootfile-name,/${type}/boot/syslinux/lpxelinux.0
 EOF
 }
 
@@ -142,14 +142,21 @@ plain() {
   # if arch based was used before, this additionally needs
   # the tftp link in /mnt/usb to be changed.
   cat <<EOF
-dhcp-boot=${host_tag}pxelinux.0
+${host_tag}bootfile-name,pxelinux.0
 EOF
 }
 
 fai() {
   cat <<EOF
-dhcp-boot=${host_tag}pxelinux.0,faiserver.b8.nz,faiserver.b8.nz
+${host_tag}bootfile-name,pxelinux.0
+${host_tag}server-ip-address,$faiserverip
+${host_tag}tftp-server,$faiserverip
 EOF
+  # Note, previously used normal dnsmasq option, but it requires dnsmasq
+  # restart, which causes momentary dns failures, which can bork an
+  # install.
+  #
+  # dhcp-boot=${host_tag}pxelinux.0,faiserver.b8.nz,faiserver.b8.nz
 }
 
 ack-wait() {
@@ -162,8 +169,8 @@ ack-wait() {
   if [[ $host ]]; then
     if $fsf; then
       host_regex=" $(getent hosts kw | awk '{print $1}' | sed 's/\./\\./g')"
-      else
-    host_regex=" $host"
+    else
+      host_regex=" $host"
     fi
   fi
   regex=".*DHCPACK.*$host_regex\b"
@@ -196,11 +203,18 @@ EOF
   else
     e "updating dnsmasq.conf:"
     m $cmd
-    ${cmd:-:}|ssh wrt "cedit pxe /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart
+    ${cmd:-:}|ssh wrt "dd of=/etc/dnsmasq-dhcpopts.conf; /etc/init.d/dnsmasq reload
 $([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
   fi
 }
 
+type -t host &>/dev/null || sudo apt-get -y install dnsutils
+faiserverip=$(host faiserver | sed -rn 's/^\S+ has address //p;T;q' ||:)
+if [[ ! $faiserverip || $faiserverip =~ [[:space:]] ]]; then
+  echo "$0: error: failed to get \$faiserverip, got: $faiserverip"
+  exit 1
+fi
+
 
 if $set; then
   set-pxe
diff --git a/wrt-setup b/wrt-setup
index 9ac518a..e6e5f28 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -31,6 +31,15 @@ Default HOST is root@10.0.0.1
 Note, use -m "''" to send an empty mac arg. When we get a new enough
 bash, we can use ${@@Q} to properly pass an empty var.
 
+
+Note, if we dont have internet yet, then just download the bash package,
+scp it over manually and install it, eg:
+
+cat /etc/opkg/distfeeds.conf
+wget https://librecmc.org/librecmc/downloads/snapshots/v1.5.1-core/packages/mips_24kc/packages/bash_5.0-3_mips_24kc.ipk
+scp bash_5.0-3_mips_24kc.ipk wrt:
+ssh wrt
+opkg install /root/bash_5.0-3_mips_24kc.ipk
 EOF
   wrt-setup-local -h
   exit $1
@@ -51,8 +60,15 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-setup-local /a/bin/cedit/cedi
 # relay is built for openwrt 18.06.2, r7676-cddd7b4c77
 sudo scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
      /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk $h:
-ssh $h <<EOF
+scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
+
+ssh $h <<EOFOUTER
 set -x
+# librecmc 1.5.1 is missing nfs-kernel-server and screen
+cat >/etc/opkg/customfeeds.conf <<'EOF'
+src/gz openwrt_packages http://downloads.openwrt.org/releases/19.07.2/packages/mips_24kc/packages
+EOF
+
 if ! opkg list-installed|grep bash; then
     opkg update
     opkg install bash
@@ -60,4 +76,4 @@ fi
 export HOME_DOMAIN=$HOME_DOMAIN
 export WIRELESSMAC=$WIRELESSMAC
 wrt-setup-local $@
-EOF
+EOFOUTER
diff --git a/wrt-setup-local b/wrt-setup-local
index 55ac7d7..642c193 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -230,10 +230,83 @@ EOFOUTER
 chmod +x /usr/bin/archlike-pxe-mount
 
 sed -i '/^root:/s,/bin/ash$,/bin/bash,' /etc/passwd
+
+
+
+uset dropbear.@dropbear[0].PasswordAuth 0
+uset dropbear.@dropbear[0].RootPasswordAuth 0
+uset dropbear.@dropbear[0].Port 2220
+if ! cmp -s /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key; then
+  cp /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
+  dropbear_restart=true
+fi
+
+if $dropbear_restart; then
+  v /etc/init.d/dropbear restart
+fi
+
+
+uset network.lan.ipaddr $l.$lanip
+uset network.lan.netmask $mask
+if $dev2; then
+  uset network.lan.gateway $l.1
+  uset network.wan.proto none
+  uset network.wan6.proto none
+  /etc/init.d/dnsmasq stop
+  /etc/init.d/dnsmasq disable
+  /etc/init.d/odhcpd stop
+  /etc/init.d/odhcpd disable
+  rm -f /etc/resolv.conf
+  cat >/etc/resolv.conf <<'EOF'
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+EOF
+
+  # things i tried to keep dnsmasq running but not enabled except local dns,
+  # but it didnt work right and i dont need it anyways.
+  # uset dhcp.wan.ignore $dev2 # default is false
+  # uset dhcp.lan.ignore $dev2 # default is false
+  # uset dhcp.@dnsmasq[0].interface lo
+  # uset dhcp.@dnsmasq[0].localuse 0
+  # uset dhcp.@dnsmasq[0].resolvfile /etc/dnsmasq.conf
+  # uset dhcp.@dnsmasq[0].noresolv 1
+  # todo: populate /etc/resolv.conf with a static value
+
+else
+  # these are the defaults
+  uset network.lan.gateway ''
+  uset network.wan.proto dhcp
+  uset network.wan6.proto dhcpv6
+  /etc/init.d/dnsmasq start
+  # todo: figure out why this returns 1
+  /etc/init.d/dnsmasq enable ||:
+  /etc/init.d/odhcpd start
+  /etc/init.d/odhcpd enable
+fi
+
+wireless_restart=false
+for x in 0 1; do
+  uset wireless.default_radio$x.ssid "$ssid"
+  uset wireless.default_radio$x.key $key
+  uset wireless.default_radio$x.encryption psk2
+  if [[ $mac ]]; then
+    uset wireless.default_radio$x.macaddr $macpre$((macsuf + 2*x))
+  fi
+  # secondary device has wireless disabled
+  uset wireless.radio$x.disabled $dev2
+done
+
+if $wireless_restart; then
+  v wifi
+fi
+
+
+
 # usb, screen, relay are for libremanage
+# rsync is for brc
 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
   tcpdump openvpn-openssl adblock libusb-compat /root/relay_1.0-1_mips_24kc.ipk \
-  screen kmod-usb-serial-cp210x kmod-usb-serial-ftdi
+  screen kmod-usb-serial-cp210x kmod-usb-serial-ftdi rsync
 
 cat >/etc/libremanage.conf <<EOF
 ${libremanage_host}_type=switch
@@ -312,31 +385,6 @@ EOF
 
 
 
-uset dropbear.@dropbear[0].PasswordAuth 0
-uset dropbear.@dropbear[0].RootPasswordAuth 0
-uset dropbear.@dropbear[0].Port 2220
-if ! cmp -s /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key; then
-  cp /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
-  dropbear_restart=true
-fi
-
-wireless_restart=false
-
-for x in 0 1; do
-  uset wireless.default_radio$x.ssid "$ssid"
-  uset wireless.default_radio$x.key $key
-  uset wireless.default_radio$x.encryption psk2
-  if [[ $mac ]]; then
-    uset wireless.default_radio$x.macaddr $macpre$((macsuf + 2*x))
-  fi
-  # secondary device has wireless disabled
-  uset wireless.radio$x.disabled $dev2
-done
-
-if $wireless_restart; then
-  v wifi
-fi
-
 
 ########## openvpn exampl
 ########## missing firewall settings for routing lan
@@ -377,7 +425,7 @@ config redirect
  option name ssh
  option src              wan
  option src_dport        22
- option dest_ip          $l.8
+ option dest_ip          $l.2
  option dest             lan
 config rule
  option src              wan
@@ -385,11 +433,11 @@ config rule
  option dest_port        22
 
 config redirect
- option name sshkd
+ option name sshtp
  option src              wan
  option src_dport        2202
  option dest_port        22
- option dest_ip          $l.2
+ option dest_ip          $l.8
  option dest             lan
 config rule
  option src              wan
@@ -557,13 +605,13 @@ dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 127.0.1.1 $hostname
 $l.1 $hostname
-$l.2 kd
+$l.2 kd faiserver
 $l.3 frodo
 $l.4 wrt2
 $l.5 x2
 $l.6 demohost
 #$l.7 x3
-$l.8 tp b8.nz faiserver
+$l.8 tp b8.nz
 $l.9 bb8
 $l.14 wrt3
 2600:3c00::f03c:91ff:fe6d:baf8 li
@@ -680,42 +728,13 @@ dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,$l.251,switch9429ca
 # It has no sensitive info.
 enable-tftp=br-lan
 tftp-root=/mnt/usb/tftpboot
+dhcp-optsfile=/etc/dnsmasq-dhcpopts.conf
 EOF
 
-uset network.lan.ipaddr $l.$lanip
-uset network.lan.netmask $mask
-if $dev2; then
-  uset network.lan.gateway $l.1
-  uset network.wan.proto none
-  uset network.wan6.proto none
-  /etc/init.d/dnsmasq stop
-  /etc/init.d/dnsmasq disable
-  /etc/init.d/odhcpd stop
-  /etc/init.d/odhcpd disable
-  # things i tried to keep dnsmasq running but not enabled except local dns,
-  # but it didnt work right and i dont need it anyways.
-  # uset dhcp.wan.ignore $dev2 # default is false
-  # uset dhcp.lan.ignore $dev2 # default is false
-  # uset dhcp.@dnsmasq[0].interface lo
-  # uset dhcp.@dnsmasq[0].localuse 0
-  # uset dhcp.@dnsmasq[0].resolvfile /etc/dnsmasq.conf
-  # uset dhcp.@dnsmasq[0].noresolv 1
-  # todo: populate /etc/resolv.conf with a static value
 
-else
-  # these are the defaults
-  uset network.lan.gateway ''
-  uset network.wan.proto dhcp
-  uset network.wan6.proto dhcpv6
-  /etc/init.d/dnsmasq start
-  # todo: figure out why this returns 1
-  /etc/init.d/dnsmasq enable ||:
-  /etc/init.d/odhcpd start
-  /etc/init.d/odhcpd enable
-fi
 
 
-if $dnsmasq_restart; then
+if $dnsmasq_restart && ! $dev2; then
   v /etc/init.d/dnsmasq restart
 fi
 
@@ -724,12 +743,9 @@ if $firewall_restart; then
 fi
 
 
-
+# todo: we should catch errors and still run this if needed
 if $network_restart; then
   reboot
 fi
-if $dropbear_restart; then
-  v /etc/init.d/dropbear restart
-fi
 
 exit 0
-- 
2.30.2