From f57ad4edaeb132a77cecc6a1ee627dfd54c4b677 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sat, 16 Jan 2016 15:36:44 -0800 Subject: [PATCH] basic working fai setup --- fai-redep | 26 +++++++ fai-setup | 76 +++++++++++++++++++ fai/config/disk_config/demohost | 2 + .../home/ian/.ssh/authorized_keys/.gitignore | 3 + 4 files changed, 107 insertions(+) create mode 100755 fai-redep create mode 100755 fai-setup create mode 100644 fai/config/disk_config/demohost create mode 100644 fai/config/files/home/ian/.ssh/authorized_keys/.gitignore diff --git a/fai-redep b/fai-redep new file mode 100755 index 0000000..8ff1df2 --- /dev/null +++ b/fai-redep @@ -0,0 +1,26 @@ +#!/bin/bash -lx + +# Deploy fai configuration to faiserver, +# then start a virtual machine to test the config. + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR + +ssh root@faiserver rm -rf /srv/fai/config/\* +scp -r /a/bin/fai/fai/config root@faiserver:/srv/fai +ssh root@faiserver tee -a /srv/fai/config/class/DESKTOP.var </etc/apt/sources.list.d/fai.list <<'EOF' +deb http://fai-project.org/download jessie koeln +EOF + +apt-get update +# all the dependencies except the dhcp server +apt-get -y install $(apt-cache show fai-quickstart | grep ^Depends: |head -n 1|\ + sed -r 's/^Depends:|,|\|[^,]+|isc-dhcp-server//g') +sed -i 's/^#deb/deb/' /etc/fai/apt/sources.list +sed -i 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf +fai-setup -v +{ head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \ + | tr '\n' ' '; ssh-keyscan localhost | grep -o "ecdsa-sha2-nistp256.*"; \ + } >>/srv/fai/nfsroot/root/.ssh/known_hosts + +# from config machine. todo: clean this up. +sed -ri 's#^([[:space:]]*TFTP_DIRECTORY[[:space:]]*=).*#\1"/srv/tftp"#' \ + /etc/default/tftpd-hpa + +service tftpd-hpa restart + +# initially did the basic fai-chboot -Iv $std_arg default +# but found in console that it wanted to mount nfsroot +# to be the same as my dhcp server. +# Figured out to change the root= parameter from googling, +# and seeing fai-chboot -L +# using hostname failed. +# for -f, combined the 2 defaults so it will reboot and print to screen. + +# Add debug to -f flag for more verbose output. + +std_arg="-u nfs://faiserver/srv/fai/config" +fai-chboot -Iv $std_arg default +kernel=$(fai-chboot -L '^default$' | awk '{print $3}') +my_ip=$(getent hosts faiserver | awk '{ print $1 }') +k_args=$(fai-chboot -L '^default$' | \ + sed -r "s/^(\S+\s+){3}(.*root=)(.*)/\2$my_ip:\3/") +fai-chboot -k "$k_args" -v -f verbose,sshd,createvt,reboot $std_arg $kernel default + +# make the faiserver also the apt proxy server +apt-get install apt-cacher-ng + +# background on choosing apt-cacher-ng: +# googling around a bit finds 2 main solutions: +# http://askubuntu.com/questions/3503/best-way-to-cache-apt-downloads-on-a-lan +# apt-cacher-ng doesn't have zeroconf. +# so I'm not sure how smart it will be if the server goes down. +# It touts having minimal dependencies, but I don't care. +# The downside to squid-deb-proxy is that it's config is for specific repos, +# you have to add all the repos you use. +# That is the main reason I use apt-cacher-ng. +# It has a web portal, at http://faiserver:3142/acng-report.html + + +# random fai note: as far as I can tell, profiles are just for putting +# in a selectable boot menu, which I don't want. + +if [[ ! -e ~/.ssh/id_rsa.pub ]]; then + ssh-keygen -t rsa -N '' +fi +x=$(mktemp); ssh -F /dev/null -oUserKnownHostsFile=$x localhost : +cat x | tee -a /srv/fai/nfsroot/root/.ssh/known_hosts diff --git a/fai/config/disk_config/demohost b/fai/config/disk_config/demohost new file mode 100644 index 0000000..53c6527 --- /dev/null +++ b/fai/config/disk_config/demohost @@ -0,0 +1,2 @@ +disk_config disk1 disklabel:gpt-bios bootable:1 fstabkey:uuid +primary / 100% ext4 noatime,errors=remount-ro diff --git a/fai/config/files/home/ian/.ssh/authorized_keys/.gitignore b/fai/config/files/home/ian/.ssh/authorized_keys/.gitignore new file mode 100644 index 0000000..c078f52 --- /dev/null +++ b/fai/config/files/home/ian/.ssh/authorized_keys/.gitignore @@ -0,0 +1,3 @@ +# empty directory +* +!.gitignore -- 2.30.2