From c47175685b348735b3440e16851dde2cc39b6f3f Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Tue, 12 Jun 2018 20:44:22 -0400 Subject: [PATCH] varous minor updates --- README | 9 +++ chost | 4 +- fai-redep | 5 +- fai/config/class/50-host-classes | 2 +- fai/config/scripts/DEBIAN/40-misc | 5 +- fai/config/scripts/GRUB_PC/11-iank | 34 ++++++--- faiserver-setup | 27 ++++++- mk-basefile-big | 3 + myfai-chboot | 4 +- myfai-chboot-local | 17 +++-- wrt-disabled-firewall-rules | 2 +- wrt-setup | 2 +- wrt-setup-local | 116 ++++++++++++++++++++--------- 13 files changed, 162 insertions(+), 68 deletions(-) diff --git a/README b/README index 15ed8a3..e81a467 100644 --- a/README +++ b/README @@ -126,6 +126,15 @@ exit reboot +# Expected output in fai logs + +For flidas, when installing systemd, this error happens, and it's +a superflous upstream bug based on reading the post install script: + +addgroup: The group `systemd-journal' already exists as a system group. Exiting. +Operation failed: No such file or directory + + # License diff --git a/chost b/chost index c02c8c2..a26529f 100755 --- a/chost +++ b/chost @@ -7,7 +7,9 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR host=$1 -addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q') +# ||: because if we are using 2+ resolvers, 1 may fail, causing error, but we still get +# a valid address and we just use that +addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:) h=$(host $addr) h=${h##* } echo $h diff --git a/fai-redep b/fai-redep index 1a7ed88..5306d97 100755 --- a/fai-redep +++ b/fai-redep @@ -62,7 +62,7 @@ pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro)) ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe -rsync -r --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config +rsync -rplt --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config ssh root@$faiserver_host bash <<'EOF' set -eE -o pipefail set -x @@ -78,13 +78,14 @@ chmod -R a+rX /srv/fai/config/distro-install-common changed=false f=/srv/fai/nfsroot/root/.ssh/known_hosts +install -d -m 700 /srv/fai/nfsroot/root/.ssh # the known hosts entries that fai already sets up are like # IP,HOSTNAME key_info... # we are skipping the ip, because it doesn't block ssh # with a prompt as long as you have the user supplied hostname, # and i don't want to deal with getting it, it's not adding # any important security in this case. -if ! grep -xFq "$line" $f; then +if ! grep -xFq "$line" $f &>/dev/null; then changed=true printf "%s\n" "$line" >>$f fi diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes index 32d1bcc..161a5de 100755 --- a/fai/config/class/50-host-classes +++ b/fai/config/class/50-host-classes @@ -108,7 +108,7 @@ fi echo "FAIBASE" -echo "PARTITION_PROMPT" +#echo "PARTITION_PROMPT" #echo REPARTITION diff --git a/fai/config/scripts/DEBIAN/40-misc b/fai/config/scripts/DEBIAN/40-misc index e160cbb..a699fdb 100755 --- a/fai/config/scripts/DEBIAN/40-misc +++ b/fai/config/scripts/DEBIAN/40-misc @@ -58,7 +58,10 @@ ln -fs /proc/mounts $target/etc/mtab rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then - [ -f /etc/fai/fai.conf ] && cp /etc/fai/fai.conf $target/etc/fai/fai.conf + if [ -f /etc/fai/fai.conf ]; then + mkdir -p $target/etc/fai + cp /etc/fai/fai.conf $target/etc/fai/fai.conf + fi fi ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC" diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank index ff65eb2..7270d65 100755 --- a/fai/config/scripts/GRUB_PC/11-iank +++ b/fai/config/scripts/GRUB_PC/11-iank @@ -100,7 +100,13 @@ EOF if [[ $FAI_ACTION != dirinstall ]]; then cat >$FAI_ROOT/etc/grub.d/40_custom <<'EOF' -# https://www.coreboot.org/Serial_console +#!/bin/sh +exec tail -n +3 $0 +# This file provides an easy way to add custom menu entries. Simply type the +# menu entries you want to add after this comment. Be careful not to change +# the 'exec tail' line above. + +# https://www.coreboot.org/Serial_console # tty # but removed unneeded stuff serial --speed=115200 @@ -109,17 +115,21 @@ terminal_output --append serial EOF chroot $FAI_ROOT bash <<'EOF' - # https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst - # it suggests not having plymouth-theme-ubuntu-text, but - # making it not installed then kills plymouth, then makes - # the system not boot. - sed -ri 's/(^ *GRUB_CMDLINE_LINUX.*)quiet splash/\1/' /etc/default/grub - # on xenial, no grub is displayed at all. fix that. - # found just by noticing this in the config file, and a - # warning about it in error.log - sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub - - update-grub2 +# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst +# it suggests not having plymouth-theme-ubuntu-text, but +# making it not installed then kills plymouth, then makes +# the system not boot. +sed -ri 's/(^ *GRUB_CMDLINE_LINUX.*)quiet splash/\1/' /etc/default/grub + +# todo: not sure, but this might screw up systems without a serial port +# and thus need a conditional. +sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT="/\0console=ttyS0,115200 console=tty0 /' /etc/default/grub +# on xenial, no grub is displayed at all. fix that. +# found just by noticing this in the config file, and a +# warning about it in error.log +sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub + +update-grub2 EOF fi diff --git a/faiserver-setup b/faiserver-setup index 416c264..28e71e3 100755 --- a/faiserver-setup +++ b/faiserver-setup @@ -176,7 +176,11 @@ echo "FAI_FLAGS=verbose" >>/etc/fai/fai.conf if ! grep cryptsetup /etc/fai/NFSROOT &>/dev/null; then - $sed '/^PACKAGES install$/a cryptsetup' /etc/fai/NFSROOT + cat >>/etc/fai/NFSROOT <<'EOF' +# inserted by faserver-setup +PACKAGES install +cryptsetup +EOF fi if armhf; then @@ -251,9 +255,24 @@ EOF apt-get -y install apt-cacher-ng fi -{ head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \ - | tr '\n' ' '; ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*"; \ - } >>/srv/fai/nfsroot/root/.ssh/known_hosts +rm -f /srv/fai/nfsroot/root/.ssh/known_hosts +key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*") +for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do + echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts +done + + +# serial console +# mainly from +# https://wiki.archlinux.org/index.php/working_with_the_serial_console +# at runtime, running this from ssh worked: +# https://unix.stackexchange.com/questions/242778/what-is-the-easiest-way-to-configure-serial-port-on-linux +# stty -F /dev/ttyS0 115200 cs8 -cstopb -parenb +# /sbin/agetty 115200 ttyS0 linux +# dated info, but validation that this might work on debian: +# https://help.ubuntu.com/community/SerialConsoleHowto +# note in the nfsroot, systemd is not running. +echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/inittab # initially did the basic fai-chboot -Iv $std_arg default # but found in console that it wanted to mount nfsroot diff --git a/mk-basefile-big b/mk-basefile-big index eee1a4c..370fd8b 100755 --- a/mk-basefile-big +++ b/mk-basefile-big @@ -58,6 +58,9 @@ case $distver in distro=trisquel classes="UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS DESKTOP" ;; + stretch) + classes="DEBIAN STRETCH64 VOL_STRETCH STRETCH DESKTOP" +;; *) echo "$0: error: unknown DISTRO_CODENAME" usage 1 diff --git a/myfai-chboot b/myfai-chboot index de798e4..0d036b9 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -7,7 +7,7 @@ x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*} usage() { cat <&2' ERR fai_action=install -fai_action_arg=I fai_reboot_arg=,reboot case $1 in -h|--help) @@ -14,7 +13,11 @@ case $1 in ;; -S) fai_action=sysinfo - fai_action_arg=S + fai_reboot_arg= + shift + ;; + -i) #inventory + fai_action=inventory fai_reboot_arg= shift ;; @@ -46,12 +49,12 @@ elif [[ $host == [0-9]*.[0-9]*.[0-9]*.[0-9]* ]]; then ip=$host/32 else type -t host &>/dev/null || apt-get -y install dnsutils - ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q')/32 + ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:) if [[ ! $ip || $ip =~ [[:space:]] ]]; then - echo "$0: error: failed to get \$my_ip, got: $my_ip" + echo "$0: error: failed to get \$ip, got: $ip" exit 1 fi - + ip=$ip/32 fi if modprobe nfsd &>/dev/null; then @@ -93,14 +96,14 @@ fi # man page doesn't explain this, but this deletes & thus disables # all chboot systems. -e fai-chboot -${fai_action_arg}v $std_arg default # set it to default to get a val out of it next +e fai-chboot -iv $std_arg default # set it to default to get a val out of it next kernel=$(fai-chboot -L '^default$' | awk '{print $3}') default_k_args=$(fai-chboot -L '^default$' | \ sed -r "s/^(\S+\s+){3}(.*)/\2/") # example of default_k_args # initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot aufs FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install -k_args=() +k_args=(console=tty0 console=ttyS0,115200 FAI_ACTION=$fai_action) for arg in $default_k_args; do case $arg in # default root arg is /srv/fai/nfsroot diff --git a/wrt-disabled-firewall-rules b/wrt-disabled-firewall-rules index 3d1e902..29c80da 100644 --- a/wrt-disabled-firewall-rules +++ b/wrt-disabled-firewall-rules @@ -33,7 +33,7 @@ config rule config redirect - option name treetowlsyncthing + option name kdsyncthing option src vpn option src_dport 22000 option dest_ip 192.168.1.2 diff --git a/wrt-setup b/wrt-setup index 1a03ad3..746b16f 100755 --- a/wrt-setup +++ b/wrt-setup @@ -38,7 +38,7 @@ if [[ $1 ]]; then esac fi - +cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin ssh $h <&2' ERR - pmirror() { - # background: upgrading all packages is not recommended because it - # doesn't go into the firmware. build new firmware if you want - # lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location. - f=(/tmp/opkg-lists/* /var/opkg-lists/*) - if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then - opkg update - fi + # background: upgrading all packages is not recommended because it + # doesn't go into the firmware. build new firmware if you want + # lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location. + f=(/var/opkg-lists/*) + if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then + opkg update + fi } pi() { - for x in "$@"; do - if [[ ! $(opkg list-installed "$x") ]]; then - pmirror - opkg install "$@" - fi - done + for x in "$@"; do + if [[ ! $(opkg list-installed "$x") ]]; then + pmirror + opkg install "$@" + fi + done } v() { - printf "+ %s\n" "$*" - "$@" + printf "+ %s\n" "$*" + "$@" } ### network config ### -l=10.0.0 -lan=10.0.0.0 +ssid=cmc2 +lan=10.1.0.0 mask=255.255.0.0 +l=${lan%.0} + +passwd -l root ||: #already locked fails cat >/usr/bin/arch-pxe-mount <<'EOFOUTER' #!/bin/bash @@ -75,9 +77,6 @@ v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \ -sed -ri "s/option[[:space:]]+encryption[[:space:]].*/option encryption psk2/;s/option[[:space:]]+key.*/option key pictionary49/" /etc/config/wireless -sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless -v wifi v /etc/init.d/fstab enable ||: @@ -153,6 +152,32 @@ v /etc/init.d/nfsd enable # fi +wireless_restart=true +key=pictionary49 +for x in 0 1; do + if [[ $(uci get wireless.default_radio$x.ssid) != $ssid ]]; then + uci set wireless.default_radio$x.ssid=$ssid + wireless_restart=true + fi + if [[ $(uci get wireless.default_radio$x.key) != $key ]]; then + uci set wireless.default_radio$x.key=$key + wireless_restart=true + fi + if [[ $(uci get wireless.default_radio$x.encryption) != $key ]]; then + uci set wireless.default_radio$x.encryption=$key + wireless_restart=true + fi + if [[ $(uci get wireless.default_radio$x.disabled 2>/dev/null) ]]; then + uci delete wireless.default_radio$x.disabled + wireless_restart=true + fi +done + +if $wireless_restart; then + uci commit wireless + v wifi +fi + ########## openvpn exampl ########## missing firewall settings for routing lan @@ -177,6 +202,7 @@ v /etc/init.d/nfsd enable # EOF + v cedit /etc/config/network </dev/null) ]]; then - # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of - # /etc/resolv.conf. not sure why I did this. - v uci delete dhcp.@dnsmasq[0].resolvfile - uci commit dhcp - dnsmasq_restart=true + # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of + # /etc/resolv.conf. not sure why I did this. + v uci delete dhcp.@dnsmasq[0].resolvfile + uci commit dhcp + dnsmasq_restart=true fi if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then - v uci set dhcp.@dnsmasq[0].domain=b8.nz - uci commit dhcp - dnsmasq_restart=true + v uci set dhcp.@dnsmasq[0].domain=b8.nz + uci commit dhcp + dnsmasq_restart=true fi if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then - v uci set dhcp.@dnsmasq[0].local=/b8.nz/ - uci commit dhcp - dnsmasq_restart=true + v uci set dhcp.@dnsmasq[0].local=/b8.nz/ + uci commit dhcp + dnsmasq_restart=true fi if [[ $(uci get system.@system[0].hostname) != wrt ]]; then - v uci set system.@system[0].hostname=wrt - uci commit system + v uci set system.@system[0].hostname=wrt + uci commit system fi @@ -405,9 +431,27 @@ tftp-root=/mnt/usb/tftpboot EOF if $dnsmasq_restart; then - v /etc/init.d/dnsmasq restart + v /etc/init.d/dnsmasq restart fi if $firewall_restart; then - v /etc/init.d/firewall restart + v /etc/init.d/firewall restart +fi + + +reboot=false +if [[ $(uci get network.lan.ipaddr) != $l.1 ]]; then + v uci set network.lan.ipaddr=$l.1 + uci commit network + reboot=true +fi +if [[ $(uci get network.lan.netmask) != $mask ]]; then + v uci set network.lan.netmask=$mask + uci commit network + reboot=true +fi + +if $reboot; then + reboot fi +exit 0 -- 2.30.2