From 948ef49d2b4d7680da2355acf9da86f81ca75ecd Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Fri, 18 Oct 2019 16:29:48 -0400
Subject: [PATCH] various fixes mostly for linode

---
 README                                        | 42 ++++++++++++++++---
 fai-redep                                     |  5 ++-
 fai-wrapper                                   | 20 +++------
 fai/config/class/50-host-classes              |  4 +-
 fai/config/class/BUSTER_LINODE.var            |  2 -
 fai/config/class/LINODE.var                   |  7 ++++
 fai/config/distro-install-common/end          |  1 +
 .../sources.list.d/buster.list/BUSTER_LINODE  | 14 -------
 .../stretch.list/STRETCH_LINODE               | 11 -----
 fai/config/hooks/partition.DEFAULT            |  7 ++--
 fai/config/scripts/DEBIAN/30-interface        | 21 +++++++---
 fai/config/scripts/GRUB_PC/11-iank            | 18 ++++++--
 12 files changed, 88 insertions(+), 64 deletions(-)
 delete mode 100644 fai/config/class/BUSTER_LINODE.var
 create mode 100644 fai/config/class/LINODE.var
 delete mode 100644 fai/config/files/etc/apt/sources.list.d/buster.list/BUSTER_LINODE
 delete mode 100644 fai/config/files/etc/apt/sources.list.d/stretch.list/STRETCH_LINODE

diff --git a/README b/README
index f20bd12..312d330 100644
--- a/README
+++ b/README
@@ -64,29 +64,44 @@ Some of the scripts have dependencies for some simple obvious utility
 scripts from https://iankelling.org/git, and of course there are some
 hostnames that are specific to my network.
 
+
+# Per-host/install configuration
+
 Before doing a fai install, you will need to populate a class file.  I
-use one called 5-multi-boot, which you can see example of in
+use one called 51-multi-boot, which you can see example of in
 fai/config/class/50-host-classes.
 
+
+
 Before doing a fai install, you will need to populate /q/root/luks and
 /q/root/shadow, see their references. You might also want to copy
 existing /etc/ssh/*host* to
 /p/c/machine_specific/HOST/filesystem/etc/ssh.
 
+host-* luks keyfiles generated like:
+head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
 
+Configuration of which luks key to use is in
+fai/config/hooks/partition.DEFAULT
 
-All scripts meant to be used directly are listed here:
+Configuration of which (if any) shadow file to use is in
+fai/config/distro-install-common/end
+and which shadow file / luks file(s) to copy into the new machine depends
+on fai-redep arguments.
 
+# Scripts (meant to be used directly):
 
-# Scripts to setup the environment for the install
 
+# Setup the environment for the install
 
 # create tiny autodiscover cd
 fai-redep && sudo fai-cd -g $PWD/grub.cfg.autodiscover -f -A $BASEFILE_DIR/autodiscover.iso
 # create normal fai cd (replace TARGET_HOST)
 fai-redep -t TARGET_HOST && sudo fai-cd -M -g $PWD/grub.cfg.netinst -f $BASEFILE_DIR/netinst.iso
-note, may need to set hostname in something like LAST.var
-also, may need to unset proxy.
+note, may need to set hostname, depending on config,
+and some other things for environment not on your lan
+for example see fai/config/class/LINODE.var. See linode notes below.
+
 mymk-basefile # Create basefiles for various distros
 archlike-pxe # Setup pxe boot server from an archlike base image
 fai-redep # Deploy fai configuration to host "faiserver"
@@ -171,6 +186,23 @@ addgroup: The group `systemd-journal' already exists as a system group. Exiting.
 Operation failed: No such file or directory
 
 
+# linode notes
+
+* create 2 disks, installer (3000 mb, raw), boot (remaining, raw)
+* create 2 profiles w direct boot, no helpers:
+  * installer (sda=boot, sdb=installer, boot dev=sdb)
+  * boot (sda=boot)
+* Boot into rescue mode, ssh in with lish,
+  curl url_to_some_fai_cd_created_image | dd of=/dev/sda
+  poweroff
+* boot into installer.
+* Lish shows console, at the end of install, it gives prompt because
+  logs failed to save remotely, check the logs, then reboot into boot
+  profile if all is well. If that doesn't happen, turn off lassie in
+  settings.
+
+
+
 # TODO
 Change arch to archlike and to support arch and parabola
 
diff --git a/fai-redep b/fai-redep
index c90aea8..ac73c7b 100755
--- a/fai-redep
+++ b/fai-redep
@@ -59,10 +59,13 @@ sudo rsync -a /root/.ssh/home.pub \
 # these files are not available.
 
 if [[ $target ]]; then
+  if [[ -e /q/root/shadow/$target ]]; then
+    shadowfile=shadow/$target # empty otherwise
+  fi
   sudo rsync -lpt --files-from=- /q/root root@$faiserver_host:/srv/fai/config/distro-install-common <<EOF
 luks/$target
 luks/host-$target
-shadow/$target
+$shadowfile
 EOF
 else
   sudo rsync -rlpt /q/root/shadow /q/root/luks root@$faiserver_host:/srv/fai/config/distro-install-common
diff --git a/fai-wrapper b/fai-wrapper
index e54e2d5..4203f80 100644
--- a/fai-wrapper
+++ b/fai-wrapper
@@ -1,24 +1,14 @@
 #!/bin/bash
-# Copyright (C) 2016 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
 
 # For using some fai commands outside of fai.
 # Usually this is sourced from another script. Note this has
 # paths specific to Ian's machine.
 # to set fai classes, export CLASS_CLASSNAME=true
+# This wrapper can be detected by using this var:
+export FAI_WRAPPER=true
+
 ifclass() {
   local var=${1/#/CLASS_}
   [[ $HOSTNAME == $1 || ${!var} ]]
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 74eb50a..c7091f0 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -32,7 +32,7 @@
 #
 # The apt sources files we want, STRETCH_FREE, STRETCH_NONFREE,
 # BUSTER_FREE, BUSTER_NONFREE, TESTING_FREE, TESTING_NONFREE,
-# XENIAL_FREE, FLIDAS, ETIONA, STRETCH_LINODE, BUSTER_LINODE.
+# XENIAL_FREE, FLIDAS, ETIONA, STRETCH_LINODE.
 #
 # It's all a little redundant in some cases, but it keeps things
 # simpler.
@@ -64,7 +64,7 @@
 #
 # RAID0: Use raid 0 even if there are >= 4 disks with boot partititions.
 #
-#
+# LINODE: For running a vm on linode, especially one created with fai-cd.
 
 ###### begin Template for 51-multi-boot ######
 #
diff --git a/fai/config/class/BUSTER_LINODE.var b/fai/config/class/BUSTER_LINODE.var
deleted file mode 100644
index 9030f9e..0000000
--- a/fai/config/class/BUSTER_LINODE.var
+++ /dev/null
@@ -1,2 +0,0 @@
-HOSTNAME=li
-APTPROXY=
\ No newline at end of file
diff --git a/fai/config/class/LINODE.var b/fai/config/class/LINODE.var
new file mode 100644
index 0000000..e8bfb1f
--- /dev/null
+++ b/fai/config/class/LINODE.var
@@ -0,0 +1,7 @@
+APTPROXY=
+linode_ip=1.2.3.4
+linode_gw=1.2.3.1
+# this is the same at least in 2 regions
+linode_if=enp0s3
+LOGSERVER=b8.nz
+HOSTNAME=l2
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 2871106..3d061b3 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -22,6 +22,7 @@ USER2PW=/q/root/shadow/user2
 if ifclass ziva; then
   ROOTPW=/q/root/shadow/ziva
 else
+  # if doesn't exist, we dont set one
   ROOTPW=/q/root/shadow/standard
 fi
 
diff --git a/fai/config/files/etc/apt/sources.list.d/buster.list/BUSTER_LINODE b/fai/config/files/etc/apt/sources.list.d/buster.list/BUSTER_LINODE
deleted file mode 100644
index 38f7cbf..0000000
--- a/fai/config/files/etc/apt/sources.list.d/buster.list/BUSTER_LINODE
+++ /dev/null
@@ -1,14 +0,0 @@
-deb http://mirrors.linode.com/debian/ buster main
-deb-src http://mirrors.linode.com/debian/ buster main
-
-deb http://security.debian.org/ buster/updates main
-deb-src http://security.debian.org/ buster/updates main
-
-deb http://mirrors.linode.com/debian/ buster-updates main
-deb-src http://mirrors.linode.com/debian/ buster-updates main
-
-deb http://mirrors.linode.com/debian/ buster-backports main
-deb-src http://mirrors.linode.com/debian/ buster-backports main
-
-deb http://http.us.debian.org/debian unstable main contrib non-free
-deb-src http://http.us.debian.org/debian unstable main contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list.d/stretch.list/STRETCH_LINODE b/fai/config/files/etc/apt/sources.list.d/stretch.list/STRETCH_LINODE
deleted file mode 100644
index adf01da..0000000
--- a/fai/config/files/etc/apt/sources.list.d/stretch.list/STRETCH_LINODE
+++ /dev/null
@@ -1,11 +0,0 @@
-deb http://mirrors.linode.com/debian/ stretch main
-deb-src http://mirrors.linode.com/debian/ stretch main
-
-deb http://security.debian.org/ stretch/updates main
-deb-src http://security.debian.org/ stretch/updates main
-
-deb http://mirrors.linode.com/debian/ stretch-updates main
-deb-src http://mirrors.linode.com/debian/ stretch-updates main
-
-deb http://mirrors.linode.com/debian/ stretch-backports main
-deb-src http://mirrors.linode.com/debian/ stretch-backports main
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 2905435..ab436bd 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -297,8 +297,7 @@ bpart() { # btrfs a partition
 }
 
 
-# keyfiles generated like:
-# head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
+# see README for docs about how to create these
 luks_dir=${LUKS_DIR:-/var/lib/fai/config/distro-install-common/luks}
 
 
@@ -318,12 +317,12 @@ fi
 # # note, corresponding changes in /b/ds/keyscript-{on,off}
 if ifclass tpnew; then
   lukspw=$(cat $luks_dir/traci)
-elif ifclass BUSTER_LINODE; then
-  lukspw=$(cat $luks_dir/li)
 elif ifclass ziva; then
   lukspw=$(cat $luks_dir/ziva)
 elif ifclass demohost; then
   lukspw=x
+elif [[ -e $luks_dir/$HOSTNAME ]]; then
+  lukspw=$(cat $luks_dir/$HOSTNAME)
 else
   lukspw=$(cat $luks_dir/iank)
 fi
diff --git a/fai/config/scripts/DEBIAN/30-interface b/fai/config/scripts/DEBIAN/30-interface
index 808aa25..74c3058 100755
--- a/fai/config/scripts/DEBIAN/30-interface
+++ b/fai/config/scripts/DEBIAN/30-interface
@@ -93,7 +93,7 @@ case "$FAI_ACTION" in
     elif [ -d $target/etc/network/interfaces.d ]; then
         # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
 
-      if ifclass VM || ifclass BUSTER_LINODE; then
+      if ifclass VM || ifclass LINODE; then
         # note, this condition would apply to the elif below too,
         # but I don't specify a static ip in fai, so not bothering
         cat > $target/etc/network/interfaces <<-EOF
@@ -103,6 +103,8 @@ iface lo inet loopback
 iface $NIC1 inet dhcp
 iface $NIC1 inet6 auto
 EOF
+
+
       else
         cat > $target/etc/network/interfaces <<EOF
 # generated by FAI
@@ -120,6 +122,18 @@ iface br0 inet dhcp
   bridge_maxwait 0
 EOF
       fi
+
+      if ifclass LINODE; then
+        mkdir -p /etc/initramfs-tools/conf.d
+        cat >/etc/initramfs-tools/conf.d/mine <<EOF
+# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
+# man 5 initramfs.conf
+# /usr/share/doc/klibc-utils/README.ipconfig.gz
+# /usr/share/initramfs-tools/scripts/functions
+IP=$linode_ip::$linode_gw:255.255.255.0::$linode_if:off
+EOF
+      fi
+
     else
       (
         iface_stanza lo loopback
@@ -135,11 +149,6 @@ EOF
     fi
     ;;
 
-  if ifclass BUSTER_LINODE; then
-    f=/etc/initramfs-tools/initramfs.conf
-    ainsl $f
-    fi
-
 esac
 
 # here fcopy is mostly used, when installing a client for running in a
diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index 45c869d..8f2c760 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -58,7 +58,10 @@ fcopy -riBM /etc/apt
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
 # so add a sleep. 1 sec is probably way more than needed.
 sleep 1
-$ROOTCMD apt-get update
+f=$FAI_ROOT/var/cache/apt/pkgcache.bin
+if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
+  $ROOTCMD apt-get update
+fi
 
 
 chroot $FAI_ROOT bash <<'EOF'
@@ -101,7 +104,7 @@ EOF
 if [[ $FAI_ACTION != dirinstall ]]; then
 
 
-  if ifclass BUSTER_LINODE; then
+  if ifclass LINODE; then
     speed=19200
     # luks.crypttab=no see man systemd-cryptsetup-generator
     cmdline="luks.crypttab=no console=ttyS0,${speed}n8"
@@ -126,26 +129,33 @@ terminal_output --append serial
 EOF
 
 
-
   chroot $FAI_ROOT bash <<EOF
 set -eE -o pipefail
 # https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
 # we remove quiet and splash, and all thats left is what we want
 
-sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*"/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
+if grep -qF "$cmdline" /etc/default/grub; then
+  # already set things, exit
+  exit 0
+fi
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
 # on xenial, no grub is displayed at all. fix that.
 # found just by noticing this in the config file, and a
 # warning about it in error.log
 sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
 
 update-grub2
+EOF
 
+  if [[ ! FAI_WRAPPER ]]; then
+    chroot $FAI_ROOT bash <<EOF
 # Just include all of them for now incase we are creating
 # an install for a different machine.. in distro-begin, we
 # slim it down to whats used.
 find /lib/modules/*/kernel/drivers/net /lib/modules/*/kernel/net -type f -name '*.ko' -printf "%f\n" | sed 's/.ko$//' | sort -u >/etc/initramfs-tools/modules
 update-initramfs -u -k all
 EOF
+  fi
 fi
 
 
-- 
2.30.2