From c8bd51084bc4d90b9653d521e7cb05e17e417d97 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sun, 22 May 2016 15:12:46 -0700 Subject: [PATCH] main fai scripts can run outside of fai, fixup stuff --- arch-init | 41 ++++++------- arch-init-chroot | 23 ++------ arch-init-remote | 18 ++---- fai-redep | 23 +------- fai-revm | 29 +++++++--- fai-wrapper | 18 ++++++ fai/config/class/50-host-classes | 4 +- fai/config/distro-install-common/end | 57 ++++++++++++++++++- .../etc/apt/preferences.d/unstable/DEBIAN | 9 ++- fai/config/files/etc/apt/preferences/STABLE | 4 +- fai/config/hooks/partition.DEFAULT | 1 + fai/config/scripts/GRUB_PC/11-ian | 45 ++++++--------- pxe-server | 6 ++ wrt-setup | 1 + 14 files changed, 158 insertions(+), 121 deletions(-) create mode 100644 fai-wrapper diff --git a/arch-init b/arch-init index af649b2..0077807 100755 --- a/arch-init +++ b/arch-init @@ -7,15 +7,9 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR cd $(dirname $(readlink -f "$BASH_SOURCE")) -ROOTPW="$(cat /root/shadow/standard)" -export ROOTPW export hostname="$1" mirror=$2 TPPASS="$(cat /root/shadow/traci-simple)" -export TPPASS -if [[ $hostname == tp ]]; then - ROOTPW="$TPPASS" -fi (( $# >= 1 )) || { echo "$0: error: need 1 or 2 arguments"; exit 1; } @@ -30,19 +24,12 @@ fi curl -s 'https://www.archlinux.org/mirrorlist/?country=US&protocol=https&ip_version=4&ip_version=6&use_mirror_status=on' | sed -r 's/^[ #]*(Server *=)/\1/' >> /etc/pacman.d/mirrorlist -# export class vars with CLASS_ in front to avoid name colissions. -ifclass() { - local var=${1/#/CLASS_} - [[ $hostname == $1 || ${!var} ]] -} -export -f ifclass -for x in $(bash 50-host-classes); do - export CLASS_$x=true -done +. /a/bin/fai/fai-wrapper export LUKS_DIR=/root/luks export HOSTNAME=$hostname export DISTRO=arch -chmod +x partition.DEFAULT +partition_script=/a/bin/fai/fai/config/hooks/partition.DEFAULT +chmod +x $partition_script export PARTITION_PROMPT=true @@ -58,7 +45,7 @@ for dir in /mnt{,/home,/boot,/q}; do done if ! $already_partitioned; then - ./partition.DEFAULT + /a/bin/fai/fai/config/hooks/partition.DEFAULT fi . /tmp/fai/disk_var.sh @@ -76,7 +63,6 @@ if ! $already_partitioned; then mount -o subvol=root_$DISTRO $ROOT_PARTITION /mnt mkdir -p /mnt/{q,home,boot} mount -o subvol=q $ROOT_PARTITION /mnt/q - mount -o subvol=home_$DISTRO $ROOT_PARTITION /mnt/home mount -o subvol=boot_$DISTRO $BOOT_PARTITION /mnt/boot fi @@ -91,16 +77,25 @@ they will succeed using the secodary mirror" fi pacstrap /mnt base cp /tmp/fai/{fstab,crypttab} /mnt/etc -cp /root/encrypt /mnt/usr/lib/initcpio/hooks +cp /a/bin/fai/encrypt /mnt/usr/lib/initcpio/hooks # not needed anymore #cp /usr/bin/devbyid /mnt/root -cp -r .ssh /mnt/root -cp -r /root/distro-install-common /mnt/root +cp -r /root/.ssh /mnt/root + +bindmount() { + local mountpoint=$2 + local source=$1 + mkdir -p $mountpoint + mount -o bind $source $mountpoint +} +bindmount /a /mnt/a +bindmount /root/shadow /mnt/q/root/shadow + mkdir -p /mnt/etc/ssh -cp /etc/ssh/host_* /mnt/etc/ssh +cp /etc/ssh/ssh_host_* /mnt/etc/ssh -cp /root/arch-init-chroot /mnt/root +cp /a/bin/fai/arch-init-chroot /mnt/root # for manual commands, arch-chroot /mnt bash arch-chroot /mnt /root/arch-init-chroot diff --git a/arch-init-chroot b/arch-init-chroot index 634991c..c6e4993 100755 --- a/arch-init-chroot +++ b/arch-init-chroot @@ -7,7 +7,6 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR pacman -Syu -echo $hostname > /etc/hostname [[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime l=en_US.UTF-8 echo "$l UTF-8" > /etc/locale.gen @@ -105,28 +104,14 @@ for dev in $BOOT_DEVICE; do done grub-mkconfig -o /boot/grub/grub.cfg # gtk2 is an optional dependency of unison. -# debian's unison binary has it linked in, -# so i install it so I can use the same binary for syncing -# the two distros. -pacman -S --noconfirm openssh unison gtk2 rsync +# I know Im gonna want the gui, so just doing it now. +pacman -S --noconfirm openssh rsync -echo "root:$ROOTPW" | chpasswd -e pacman -S --noconfirm sudo -# 9 = user already exists. so we are idempotent. -useradd -m -p "$ROOTPW" ian || [[ $? == 9 ]] - -if [[ $hostname == frodo ]]; then - useradd -m -p "$TPPASS" traci || [[ $? == 9 ]] -else - useradd -m traci || [[ $? == 9 ]] -fi -# comparing ian's groups to traci, I see none she should join on arch -usermod -a -G traci ian - - -/root/distro-install-common/end +. /a/bin/fai/fai-wrapper +/a/bin/fai/fai/config/distro-install-common/end systemctl enable sshd rm -rf /home/ian/.ssh diff --git a/arch-init-remote b/arch-init-remote index 4210b5f..13f0bcd 100755 --- a/arch-init-remote +++ b/arch-init-remote @@ -11,6 +11,7 @@ if [[ ! $1 ]]; then fi host=$1 + scp -o StrictHostKeyChecking=false -o UserKnownHostsFile=/dev/null \ /p/c/machine_specific/$host/filesystem/etc/ssh/* root@$host:/etc/ssh @@ -19,22 +20,15 @@ if [[ -e /var/cache/pacman/pkg ]]; then mirror=http://$HOSTNAME:8080 fi faid=/a/bin/fai -fai_files=( - distro-install-common - hooks/partition.DEFAULT - class/50-host-classes - -) -sudo scp -r /a/bin/fai/arch-init{,-chroot} \ - /a/bin/fai/encrypt \ - ${fai_files[@]/#//a/bin/fai/fai/config/} \ - /a/bin/devbyid \ - /q/root/luks /q/root/shadow root@$host: + +rsync -rlpthvi --relative /a/bin/fai/ root@$host:/ +rsync /a/bin/fai/ root@$host:/a/bin/fai/ +sudo scp -r /a/bin/devbyid /q/root/luks /q/root/shadow root@$host: # creating shadow file string: # on debian, you can use mkpasswd -m sha-512 to generate a pass. # arch doesn't have this program. instead, you can do passwd, # and extract it from the shadow file. -ssh root@$host bash -x ./arch-init $host $mirror +ssh root@$host bash -x /a/bin/fai/arch-init $host $mirror #ssh root@$host reboot now || [[ $? == 255 ]] diff --git a/fai-redep b/fai-redep index 9730260..ad913a2 100755 --- a/fai-redep +++ b/fai-redep @@ -12,38 +12,19 @@ cd $(dirname $(readlink -f "$BASH_SOURCE")) # i use faiserver as a dns alias, but ssh key is associated with # a canonical hostname and we will have ssh warning spam unless we -# use it, so look it up. +# use it, so look it up just to avoid the warning spam. faiserver_host=$(chost faiserver) || faiserver_host=faiserver ssh root@$faiserver_host rm -rf /srv/fai/config scp -r fai/config root@$faiserver_host:/srv/fai -# fai example pass: fai -#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' - -# generating a hashed password: -# under debian, you can do -# echo "yoursecrectpassword" | mkpasswd -m sha-512 -s -# On arch, best seems to be copy your shadow file to a temp location, -# then passwd, get out the new pass, then copy the shadow file back. - -f=/q/root/shadow/standard -if s test -e $f; then - ssh root@$faiserver_host tee -a /srv/fai/config/class/DEFAULT.var <&2' ERR -redeploy=false +# I had this set false as default before, can't remember why. oh well. +redeploy=true if [[ $1 == -r ]]; then - redeploy=true + redeploy=false fi disk_count=2 @@ -26,14 +27,21 @@ fi cd $script_dir +is_arch_revm() { + [[ ${0##*/} == arch-revm ]] +} new_disk=false [[ ! $1 ]] || new_disk=true -if [[ $0 == *arch-revm ]]; then +if is_arch_revm; then + ./pxe-server arch & + sleep 2 # via osinfo-query os. guessing arch is closest to latest fedora. variant=fedora22 else + ./pxe-server fai & + sleep 2 if $redeploy; then ./fai-redep fi @@ -57,18 +65,23 @@ done if [[ $SSH_CLIENT ]]; then console_arg=--noautoconsole -else - console_arg='&' fi # --cpu host: this causes mkfs.btrfs to fail with a stack trace which began # something like: # init_module+0x108/0x1000 [raid6_pq] +# +# uniq is to stop gtk-warning spam s virt-install --os-variant $variant -n $name --pxe -r 2048 --vcpus 1 \ ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad \ - --graphics spice,listen=0.0.0.0 $console_arg + --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^$' | uniq & + +if [[ $SSH_CLIENT ]]; then + fg +fi + -if [[ ${0##*/} == arch-revm ]]; then - sleep 80 +if is_arch_revm; then + while ! timeout 10 ssh $name /bin/true; do sleep 1; done ./arch-init-remote $name fi diff --git a/fai-wrapper b/fai-wrapper new file mode 100644 index 0000000..8b44a6f --- /dev/null +++ b/fai-wrapper @@ -0,0 +1,18 @@ +#!/bin/bash + +# for using some fai commands outside of fai +ifclass() { + local var=${1/#/CLASS_} + [[ $HOSTNAME == $1 || ${!var} ]] +} +export -f ifclass +classes= # used by fcopy +for x in $(bash /a/bin/fai/config/class/50-host-classes); do + # export class vars with CLASS_ in front to avoid name colissions. + classes+=" $x" + export CLASS_$x=true +done +classes="${classes# }" +export classes +export FAI_ROOT=/ +export FAI=/a/bin/fai/config diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes index 4309ab4..894261a 100755 --- a/fai/config/class/50-host-classes +++ b/fai/config/class/50-host-classes @@ -14,9 +14,9 @@ case $HOSTNAME in tp) echo "FAIBASE DEBIAN DESKTOP PARTITION_PROMPT" ;; frodo) - echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;; + echo "FAIBASE DEBIAN DESKTOP PARTITION_PROMPT" ;; treetowl) - echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;; + echo "FAIBASE DEBIAN DESKTOP PARTITION_PROMPT" ;; # faiserver) # echo "FAIBASE DEBIAN DEMO FAISERVER" ;; # xfcehost) diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index cbe724d..b552952 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -3,7 +3,60 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +if [[ $EUID != 0 ]]; then + echo "$0: error: expected to be root." + exit 1 +fi + +### begin set hostname +echo $hostname > /etc/hostname +sed -i '/^127\.0\.1\.1/d' /etc/hosts +echo "127.0.1.1 $hostname" >> /etc/hosts +hostname -F /etc/hostname +### end set hostname + +TPW=/q/root/shadow/traci-simple +if ifclass tp; then + ROOTPW="$TPW" +else + ROOTPW=/q/root/shadow/standard +fi + +chpw() { + # generating a hashed password: + # under debian, you can do + # mkpasswd -m sha-512 -s >/q/root/shadow/standard + # On arch, best seems to be copy your shadow file to a temp location, + # then passwd, get out the new pass, then copy the shadow file back. + user=$1 + pwfile=$2 + if [[ $pwfile && -e $pwfile ]]; then + printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e + else + echo "$0: warning: no pw set for $user" + fi +} +au() { + if ! $ROOTCMD getent passwd $1; then + $ROOTCMD useradd -m $1 -s /bin/bash || [[ $? == 9 ]] + fi +} + +echo "IANNNNNNN 222222222, $ROOTPW" +ls -la $ROOTPW + +chpw root "$ROOTPW" +# 9 = user already exists. so we are idempotent. +au ian +chpw ian "$ROOTPW" + +au traci +if ifclass frodo; then + chpw traci "$TPW" +fi +# comparing ian's groups to traci, I see none she should join on arch +$ROOTCMD usermod -a -G traci ian # based on unison error, with 8192 from @@ -14,8 +67,8 @@ f=$target/etc/sysctl.d/99-sysctl.conf key=fs.inotify.max_user_watches if [[ -e $f ]]; then sed -ri "/^\s*$key\s*=/d" $f; fi echo "fs.inotify.max_user_watches = 1000000" >> $f -# if we weren't rebooting, you could apply it now with: -# sysctl --system +# applies it. it would be also be applied after a reboot +$ROOTCMD sysctl --system f=$target/etc/sudoers line='ian ALL=(ALL) NOPASSWD: ALL' diff --git a/fai/config/files/etc/apt/preferences.d/unstable/DEBIAN b/fai/config/files/etc/apt/preferences.d/unstable/DEBIAN index 4ae9f6c..87d6c00 100644 --- a/fai/config/files/etc/apt/preferences.d/unstable/DEBIAN +++ b/fai/config/files/etc/apt/preferences.d/unstable/DEBIAN @@ -1,7 +1,10 @@ Explanation: https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt.priorities Explanation: And man apt_preferences Explanation: Installed packages get 100 priority, so this won't upgrade testing -Explanation: packages unless explicitly asked to. Just went middlish between 1-100 +Explanation: packages unless explicitly asked to. +Explanation: Less than 0 won't install package unless you specify the archive. +Explanation: This is good, so you never just search for a package and install +Explanation: it without knowing it's from a different archive. Explanation: Install with apt-get install package/testing. But if dependencies are Explanation: needed, or need upgrading, Explanation: apt-get -t testing package, setting testing to priority @@ -9,8 +12,8 @@ Explanation: 990 just for that command. Explanation: Use apt-cache policy to verify these settings. Package: * Pin: release a=unstable -Pin-Priority: 30 +Pin-Priority: -20 Package: * Pin: release a=unstable-updates -Pin-Priority: 30 +Pin-Priority: -20 diff --git a/fai/config/files/etc/apt/preferences/STABLE b/fai/config/files/etc/apt/preferences/STABLE index cb23019..2203269 100644 --- a/fai/config/files/etc/apt/preferences/STABLE +++ b/fai/config/files/etc/apt/preferences/STABLE @@ -1,7 +1,7 @@ Package: * Pin: release a=testing -Pin-Priority: 50 +Pin-Priority: -10 Package: * Pin: release a=testing-updates -Pin-Priority: 50 +Pin-Priority: -10 diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 2dc6fd5..dc328c0 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -290,6 +290,7 @@ btrfs subvolume set-default 0 /mnt ## create subvols ## cd /mnt btrfs subvolume create root_$DISTRO +[[ -e q ]] || btrfs subvolume create q chown root:1000 q mkdir -p /mnt/root_$DISTRO/boot diff --git a/fai/config/scripts/GRUB_PC/11-ian b/fai/config/scripts/GRUB_PC/11-ian index 5dc250a..629d1bc 100755 --- a/fai/config/scripts/GRUB_PC/11-ian +++ b/fai/config/scripts/GRUB_PC/11-ian @@ -3,14 +3,20 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -$ROOTCMD adduser --disabled-password --gecos ian ian - -if [[ ! $ROOTPW ]]; then - echo "$0: error: empty \$ROOTPW" +if [[ $EUID != 0 ]]; then + echo "$0: error: expected to be root." exit 1 fi -$ROOTCMD usermod -p "$ROOTPW" ian + +dir=/q/root/shadow +if [[ ! -e $dir ]]; then + mkdir -p $dir + echo "IANNNNNN 111" + ls -la $FAI/distro-install-common/shadow + mount -o bind $FAI/distro-install-common/shadow $dir +fi +$FAI/distro-install-common/end if ifclass STABLE; then fcopy -M /etc/apt/preferences @@ -25,17 +31,16 @@ fi # note: # fcopy -i = ignore nonmatching class error, always return 0. -f=/target/home/ian/.ssh/authorized_keys +f=$FAI_ROOT/home/ian/.ssh/authorized_keys if [[ ! -L $f || -e $f ]]; then fcopy -r -M /home/ian/.ssh else echo "$0: info: $f exists" fi -/var/lib/fai/config/distro-install-common/end -rm -f /target/etc/apt/sources.list +rm -f $FAI_ROOT/etc/apt/sources.list -chroot /target bash <<'EOF' +chroot $FAI_ROOT bash <<'EOF' set -eE -o pipefail chown -R 1000:1000 /home/ian/.ssh chmod -R u=Xrw,og= /home/ian/.ssh @@ -49,29 +54,11 @@ usermod -aG cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,systemd-journal ian EOF -$ROOTCMD apt-get -y install unison-gtk -if ifclass STABLE; then - # don't think this is needed since I figured out how to - # deal with mismatching unison compilers, but I don't - # see any reason to revert it, since it only installs - # a single package which is primarily a single binary - $ROOTCMD apt-get -y install unison-gtk/testing -fi - - - -$ROOTCMD adduser --disabled-password --gecos traci traci -$ROOTCMD usermod -a -G traci ian # reading through the groups that ian is in but traci isn't, for g in plugdev audio video cdrom; do $ROOTCMD usermod -a -G $g traci done -if ifclass frodo; then - $ROOTCMD usermod -p "$(cat /var/lib/fai/config/distro-install-common/traci-simple)" traci -fi - - # makes the journal be saved to disk. -$ROOTCMD mkdir -p /target/var/log/journal -$ROOTCMD chmod 755 /target/var/log/journal +$ROOTCMD mkdir -p $FAI_ROOT/var/log/journal +$ROOTCMD chmod 755 $FAI_ROOT/var/log/journal diff --git a/pxe-server b/pxe-server index d3625d6..574a896 100755 --- a/pxe-server +++ b/pxe-server @@ -30,10 +30,12 @@ EOF persist=false args=() +redep=false while [[ $1 ]]; do case $1 in --) shift; break ;; -h|--help) usage ;; + -r) redep=true; shift ;; -p) persist=true; shift ;; *) args+=("$1"); shift ;; esac @@ -91,7 +93,11 @@ $type | ssh wrt "cedit pxe-server /etc/dnsmasq.conf || /etc/init.d/dnsmasq resta if [[ $type == arch ]]; then arch-pxe-mount; fi" +if $redep && [[ $type == fai ]]; then + fai-redep +fi if ! $persist; then + echo "waiting for 2 dhcp acks then disabling pxe" if [[ $host ]]; then host_regex=" $host" fi diff --git a/wrt-setup b/wrt-setup index 0ee3009..7a68c49 100755 --- a/wrt-setup +++ b/wrt-setup @@ -232,6 +232,7 @@ cedit /etc/hosts <