From 4d9e4a4d80aa23ad0d016a8b1a80cc1dee29cee9 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 1 May 2022 20:37:50 +0200 Subject: [PATCH 01/64] Create playbook "fai" --- fai.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 fai.yml diff --git a/fai.yml b/fai.yml new file mode 100644 index 0000000..9b63860 --- /dev/null +++ b/fai.yml @@ -0,0 +1,25 @@ +- hosts: hw4f-fai + become: true + vars: + # interface to the clients to install + dhcp_interface: ens19 + # interface for a internet connection + wan_interface: ens18 + # customized server name + server_name: hw4f-fai + # ip of the server of the installer network + server_ip: 192.168.33.9 + + ipxe_additional_entries: + pmagic: + name: Partition Magic + files: tools/pmagic + kernel: bzImage64 + args: edd=on vga=normal + initrd: + - initrd.img + - fu.img + - m64.img + - files.cgz + roles: + - fai From 7523e61773b80dd382088123ba9f8c2fa25ab1fd Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 1 May 2022 22:31:20 +0200 Subject: [PATCH 02/64] Touch anything * Add quoting * Use fully qualified community names (FQCNs) * Use quoted octal unix-permissions * Replace module "synchronize" with "copy" * Add and fix names to tasks and handlers --- roles/fai/handlers/main.yml | 40 ++++++++++++++++----------- roles/fai/tasks/apt-cacher-ng.yml | 32 +++++++++++----------- roles/fai/tasks/fai-configure.yml | 16 +++++------ roles/fai/tasks/fai-ipxe.yml | 23 ++++++++-------- roles/fai/tasks/fai-prepare.yml | 24 ++++++++--------- roles/fai/tasks/fai-profiles.yml | 36 +++++++++++++------------ roles/fai/tasks/fai-pxe.yml | 42 ++++++++++++++++------------- roles/fai/tasks/fai-root.yml | 17 ++++++------ roles/fai/tasks/isc-dhcp-server.yml | 24 ++++++++--------- roles/fai/tasks/main.yml | 18 +++++++------ roles/fai/tasks/network.yml | 25 ++++++++--------- roles/fai/tasks/nginx.yml | 24 ++++++++--------- roles/fai/tasks/tftpd-hpa.yml | 21 ++++++++------- roles/fai/tasks/time-server.yml | 28 +++++++++---------- roles/fai/tasks/unbound.yml | 24 +++++++---------- 15 files changed, 205 insertions(+), 189 deletions(-) diff --git a/roles/fai/handlers/main.yml b/roles/fai/handlers/main.yml index 2cca955..d8217e7 100644 --- a/roles/fai/handlers/main.yml +++ b/roles/fai/handlers/main.yml @@ -1,48 +1,56 @@ --- # handlers file for fai -- name: restart tftp server - service: +- name: "Restart tftp server" + ansible.builtin.service: name: tftpd-hpa state: restarted enabled: true listen: restart tftpd -- name: restart apt-cacher-ng - service: +- name: "Restarting apt-cacher-ng" + ansible.builtin.service: name: apt-cacher-ng state: restarted enabled: true listen: restart apt-cacher-ng -- name: pack fai configuration - shell: "tar -C {{ fai_configdir }} -cf {{ fai_download_dir }}/{{ fai_profiles_archive }} ." +- name: "Pack fai configuration" + ansible.builtin.shell: | + tar -C "{{ fai_configdir }}" \ + -cf "{{ fai_download_dir + '/' + fai_profiles_archive }}" . listen: pack fai-config -- name: ensure inetd is refreshed, when config changed - service: +- name: "Restarting inetd" + ansible.builtin.service: name: inetutils-inetd state: restarted listen: restart inetd -- name: reload ntp config - service: +- name: "Restarting ntp config" + ansible.builtin.service: name: ntp state: restarted listen: restart ntp -- name: ensure http server is restart after config change - service: +- name: "Restarting nginx" + ansible.builtin.service: name: nginx state: restarted listen: restart nginx -- name: apply iptables rules - shell: iptables-restore /etc/iptables/rules.v4 +- name: "apply iptables rules" + ansible.builtin.shell: iptables-restore "/etc/iptables/rules.v4" listen: apply iptables -- name: reload dhcp - service: +- name: "restart dhcp" + ansible.builtin.service: name: isc-dhcp-server state: restarted listen: restart dhcpd + +- name: "Reloading unbound" + ansible.builtin.service: + name: unbound + state: reloaded + listen: "reload unbound" diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml index e13e5fb..489d44f 100644 --- a/roles/fai/tasks/apt-cacher-ng.yml +++ b/roles/fai/tasks/apt-cacher-ng.yml @@ -1,11 +1,11 @@ -- name: install apt cacher - package: +- name: "Install apt cacher" + ansible.builtin.package: name: - apt-cacher-ng state: present -- name: configure apt cacher - copy: +- name: "Configure apt cacher" + ansible.builtin.copy: content: | CacheDir: /var/cache/apt-cacher-ng LogDir: /var/log/apt-cacher-ng @@ -33,35 +33,35 @@ # Only serve available files Offlinemode: {% if apt_cacher_offline_mode %}1{% else %}0{% endif %} - dest: /etc/apt-cacher-ng/acng.conf + dest: "/etc/apt-cacher-ng/acng.conf" owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' notify: restart apt-cacher-ng -- name: set ubuntu server as backend - copy: +- name: "Set ubuntu server as backend" + ansible.builtin.copy: content: | http://archive.ubuntu.com/ubuntu/ - dest: /etc/apt-cacher-ng/backends_ubuntu + dest: "/etc/apt-cacher-ng/backends_ubuntu" owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' -- name: ensure service is started and enabled - service: +- name: "Ensure service is started and enabled" + ansible.builtin.service: name: apt-cacher-ng enabled: true state: started -- name: set apt cache also for installer host - copy: - dest: /etc/apt/apt.conf.d/00proxy +- name: "Set apt cache also for installer host" + ansible.builtin.copy: + dest: "/etc/apt/apt.conf.d/00proxy" content: | Acquire::http::Proxy "http://localhost:3142"; owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' when: - use_apt_cache_for_server diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index c4c2dbb..3d6f5de 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -1,6 +1,6 @@ -- name: setup repos for fai - copy: - dest: /etc/fai/apt/sources.list +- name: "Setup repos for fai" + ansible.builtin.copy: + dest: "/etc/fai/apt/sources.list" content: | {% if use_apt_cache_for_server %} deb http://localhost:3142/deb.debian.org/debian buster main contrib non-free @@ -13,15 +13,15 @@ deb http://deb.debian.org/debian/ buster-updates main deb http://fai-project.org/download buster koeln {% endif %} - mode: u=rw,g=r,o=r + mode: '0644' owner: root group: root register: fai_apt_mirrors -- name: set loguser - copy: - dest: /etc/fai/fai.conf - mode: u=rw,g=r,o=r +- name: "Set loguser" + ansible.builtin.copy: + dest: "/etc/fai/fai.conf" + mode: '0644' owner: root group: root content: | diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index 5afcef5..ec0a75f 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -1,20 +1,21 @@ -- package: +- name: "Install package ipxe" + ansible.builtin.package: name: ipxe state: present -- name: copy ipxe - copy: +- name: "Copy ipxe" + ansible.builtin.copy: src: "{{ item }}" - dest: /srv/tftp/fai + dest: "/srv/tftp/fai" remote_src: yes with_items: - - /usr/lib/ipxe/ipxe.efi - - /usr/lib/ipxe/ipxe.pxe - - /usr/lib/ipxe/ipxe.lkrn + - "/usr/lib/ipxe/ipxe.efi" + - "/usr/lib/ipxe/ipxe.pxe" + - "/usr/lib/ipxe/ipxe.lkrn" notify: restart tftpd -- name: write ipxe menu - copy: +- name: "Write ipxe menu" + ansible.builtin.copy: content: | #!ipxe set boot-root {{ http_mirror_ipxe_root_url }} @@ -95,8 +96,8 @@ goto start{% endif %} {% endfor %} - dest: /srv/tftp/fai/menu.ipxe - mode: 0644 + dest: "/srv/tftp/fai/menu.ipxe" + mode: '0644' owner: root group: root notify: restart tftpd diff --git a/roles/fai/tasks/fai-prepare.yml b/roles/fai/tasks/fai-prepare.yml index 8803169..ce23daa 100644 --- a/roles/fai/tasks/fai-prepare.yml +++ b/roles/fai/tasks/fai-prepare.yml @@ -1,36 +1,36 @@ -- name: trust fai key - apt_key: +- name: "Trust fai key" + ansible.builtin.apt_key: id: B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4 url: https://fai-project.org/download/2BF8D9FE074BCDE4.asc state: present -- name: add fai repo - apt_repository: +- name: "Add fai repo" + ansible.builtin.apt_repository: repo: deb http://fai-project.org/download {{ debian_release }} koeln state: present -- name: install all required fai programs - package: +- name: "Install all required fai programs" + ansible.builtin.package: name: - fai-server - squashfs-tools - ipxe state: present -- name: create fai profiles directory - file: +- name: "Create fai profiles directory" + ansible.builtin.file: name: "{{ fai_configdir }}" state: directory - mode: u=rwx,g=rx,o=rx + mode: '0755' owner: root group: root recurse: true -- name: create http download directories - file: +- name: "Create http download directories" + ansible.builtin.file: name: "{{ item }}" state: directory - mode: u=rwx,g=rx,o=rx + mode: '0755' owner: root group: root recurse: true diff --git a/roles/fai/tasks/fai-profiles.yml b/roles/fai/tasks/fai-profiles.yml index 3f5e252..fde91af 100644 --- a/roles/fai/tasks/fai-profiles.yml +++ b/roles/fai/tasks/fai-profiles.yml @@ -1,37 +1,39 @@ -- name: create fai dir - file: - name: /srv/fai/config +- name: "Create fai dir" + ansible.builtin.file: + name: "/srv/fai/config" state: directory owner: root group: root - mode: u=rwx,g=rx,o=rx + mode: '0755' -- name: copy fai profiles - synchronize: - src: profiles/ +- name: "Copy fai profiles" + ansible.builtin.copy: + src: "profiles/" dest: "{{ fai_configdir }}" - mode: push - delete: yes + user: root + group: root + mode: '0755' + force: yes recursive: yes notify: pack fai-config -- name: Set APT proxy - template: +- name: "Set APT proxy" + ansible.builtin.template: src: fai-profile-00-proxy.yml dest: "{{ fai_configdir }}/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP" owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' notify: pack fai-config -- name: Set fai provision vars for HW4F profile - copy: +- name: "Set fai provision vars for HW4F profile" + ansible.builtin.copy: content: | - # set time + ### CONFIGURE TIME UTC=yes TIMEZONE=Europe/Berlin - # some install parameters + ### INSTALL PARAMETERS STOP_ON_ERROR=700 MAXPACKAGES=800 @@ -43,6 +45,6 @@ dest: "{{ fai_configdir }}/class/HW4F_DESKTOP.var" owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' notify: pack fai-config diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index 48b57cc..10b74f4 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -1,44 +1,50 @@ -- find: - paths: /srv/fai/nfsroot/boot +- name: "Find linux kernel images" + ansible.builtin.find: + paths: "/srv/fai/nfsroot/boot" patterns: "vmlinuz-*" register: fai_live_vmlinuz -- find: - paths: /srv/fai/nfsroot/boot +- name: "Find linux initial ram-disks" + ansible.builtin.find: + paths: "/srv/fai/nfsroot/boot" patterns: "initrd.img-*" register: fai_live_initrd -- set_fact: +- name: "Manipulate file pathes" + ansible.builtin.set_fact: fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}" fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}" -- name: copy linux kernel and initrd to tftp root - copy: +- name: "Copy linux kernel and initrd to tftp root" + ansible.builtin.copy: src: "/srv/fai/nfsroot/boot/{{ item }}" - dest: "{{ ipxe_download_dir }}/{{ item }}" + dest: "{{ ipxe_download_dir + '/' + item }}" owner: root group: root - mode: u=rw,g=r,o=r + mode: '0544' remote_src: true with_items: - "{{ fai_live_vmlinuz }}" - "{{ fai_live_initrd }}" -- name: check for generated squashfs image - stat: +- name: "Check for generated squashfs image" + ansible.builtin.stat: path: "{{ fai_squashfs_path }}" register: squash_img -- name: generate a downloadable squashfs of root filesystem +- name: "Generate a downloadable squashfs of root filesystem" shell: "fai-cd -f -M -S {{ fai_squashfs_path }} -d {{ http_mirror_fai_profiles_url }}" when: - not squash_img.stat.exists -- name: copy additional files - synchronize: - src: "{{ item.value.files }}/" - dest: "{{ ipxe_download_dir }}/{{ item.key }}" +- name: "Copy additional files" + ansible.builtin.copy: + src: "{{ item.value.files + '/' }}" + dest: "{{ ipxe_download_dir + '/' + item.key }}" mode: push - delete: yes + force: yes recursive: yes - with_dict: "{{ ipxe_additional_entries }}" + loop: "{{ ipxe_additional_entries + |dict2items }}" + tags: + - copy_additional_files diff --git a/roles/fai/tasks/fai-root.yml b/roles/fai/tasks/fai-root.yml index 428ee8a..3f5a595 100644 --- a/roles/fai/tasks/fai-root.yml +++ b/roles/fai/tasks/fai-root.yml @@ -1,5 +1,6 @@ -- copy: - dest: /etc/fai/nfsroot.conf +- name: "Create configuration for nfsroot" + ansible.builtin.copy: + dest: "/etc/fai/nfsroot.conf" content: | # For a detailed description see nfsroot.conf(5) @@ -16,14 +17,14 @@ FAI_CONFIGDIR=/srv/fai/config owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' -- name: test nfsroot exists - stat: - path: /srv/fai/nfsroot +- name: "Test nfsroot exists" + ansible.builtin.stat: + path: "/srv/fai/nfsroot" register: nfsroot_res -- name: generate root filesystem, kernel and initrd - shell: fai-make-nfsroot +- name: "Generate root filesystem, kernel and initrd" + ansible.builtin.shell: fai-make-nfsroot when: - not nfsroot_res.stat.exists diff --git a/roles/fai/tasks/isc-dhcp-server.yml b/roles/fai/tasks/isc-dhcp-server.yml index 73402f2..2c6eaf4 100644 --- a/roles/fai/tasks/isc-dhcp-server.yml +++ b/roles/fai/tasks/isc-dhcp-server.yml @@ -1,11 +1,11 @@ -- name: install dhcpd - package: +- name: "Install dhcpd" + ansible.builtin.package: name: - isc-dhcp-server state: present -- name: configure dhcp server - copy: +- name: "Configure dhcp server" + ansible.builtin.copy: content: | option dhcp-max-message-size 2048; use-host-decl-names on; @@ -46,26 +46,26 @@ } } } - dest: /etc/dhcp/dhcpd.conf - mode: u=rw,g=r,o=o + dest: "/etc/dhcp/dhcpd.conf" + mode: '0644' owner: root group: root # validate: dhcpd -t -cf %s notify: restart dhcpd -- name: set dhcp server interface - copy: +- name: "Set dhcp server interface" + ansible.builtin.copy: content: | INTERFACESv4="{{dhcp_interface}}" INTERFACESv6="" - dest: /etc/default/isc-dhcp-server - mode: u=rw,g=r,o=o + dest: "/etc/default/isc-dhcp-server" + mode: '0644' owner: root group: root notify: restart dhcpd -- name: start dhcp server - service: +- name: "Start dhcp server" + ansible.builtin.service: name: isc-dhcp-server state: started enabled: true diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index 0427156..a8dd1ef 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -1,29 +1,31 @@ --- # tasks file for fai - fail: - msg: Please specify FAI serving NIC in variable lan_interface (e.g. eth1) + msg: | + Please specify the NIC serving FAI + in variable 'dhcp_interface' (e.g. eth1) when: - not dhcp_interface is defined -- name: setup apt proxy cache +- name: "Setup apt proxy cache" include: apt-cacher-ng.yml -- name: configure a time server +- name: "Configure a time server" include: time-server.yml -- name: configure a web server +- name: "Configure a web server" include: nginx.yml -- name: configure tftp +- name: "Configure tftp" include: tftpd-hpa.yml -- name: configure dns server +- name: "Configure dns server" include: unbound.yml -- name: configure nic +- name: "Configure nic" include: network.yml -- name: setup dhcp +- name: "Setup dhcp" include: isc-dhcp-server.yml - include: fai-prepare.yml diff --git a/roles/fai/tasks/network.yml b/roles/fai/tasks/network.yml index 9a549d0..2c156f5 100644 --- a/roles/fai/tasks/network.yml +++ b/roles/fai/tasks/network.yml @@ -1,19 +1,20 @@ -- name: install packages - package: +--- +- name: "Install networking packages" + ansible.builtin.package: name: - iptables - iptables-persistent - ifupdown state: present -- name: ensure resolved is stopped and disabled +- name: "Ensure systemd-resolved is stopped and disabled" service: name: systemd-resolved enabled: false state: stopped -- name: write config for lan interface - copy: +- name: "Write config for lan interface" + ansible.builtin.copy: content: | auto {{ dhcp_interface }} allow-hotplug {{ dhcp_interface }} @@ -26,15 +27,15 @@ mode: 0644 register: dhcp_iface_config -- name: restart lan interface - shell: | +- name: "Restart lan interface" + ansible.builtin.shell: | ifdown --force {{ dhcp_interface }} || true ifup {{ dhcp_interface }} when: - dhcp_iface_config.changed -- name: enable permantent masquerading for ipv4 - copy: +- name: "Enable permantent masquerading for ipv4" + ansible.builtin.copy: content: | *nat :PREROUTING ACCEPT [0:0] @@ -43,11 +44,11 @@ :OUTPUT ACCEPT [0:0] -A POSTROUTING -o {{wan_interface}} -j MASQUERADE COMMIT - dest: /etc/iptables/rules.v4 + dest: "/etc/iptables/rules.v4" notify: apply iptables -- name: enable ip forwarding - sysctl: +- name: "Enable ip forwarding" + ansible.builtin.sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index 5159759..ab7aaa4 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -1,11 +1,11 @@ -- name: install nginx - package: +- name: "Install nginx" + ansible.builtin.package: name: - nginx-light state: present -- name: configure http server - copy: +- name: "Configure http server" + ansible.builtin.copy: content: | server { listen 80 default_server; @@ -22,14 +22,14 @@ autoindex on; } } - dest: /etc/nginx/sites-enabled/default - mode: 0644 + dest: "/etc/nginx/sites-enabled/default" + mode: '0644' owner: root group: root notify: restart nginx -- name: place info site - copy: +- name: "Place info site" + ansible.builtin.copy: content: | @@ -41,13 +41,13 @@ - dest: /var/www/html/index.html - mode: 0644 + dest: "/var/www/html/index.html" + mode: "0644" owner: root group: root -- name: ensure http server is running - service: +- name: "Ensure http server is running" + ansible.builtin.service: name: nginx state: started enabled: true diff --git a/roles/fai/tasks/tftpd-hpa.yml b/roles/fai/tasks/tftpd-hpa.yml index 5e6c8f6..a6dc44c 100644 --- a/roles/fai/tasks/tftpd-hpa.yml +++ b/roles/fai/tasks/tftpd-hpa.yml @@ -1,21 +1,21 @@ -- name: install tftp server - package: +- name: "Install tftp server" + ansible.builtin.package: name: - tftpd-hpa state: present -- name: create tftp fai directory - file: +- name: "Create tftp fai directory" + ansible.builtin.file: name: "{{ tftp_dir }}" state: directory owner: root group: root - mode: u=rwx,g=rx,o=rx + mode: '0755' recurse: true -- name: configure tftp server - copy: - dest: /etc/default/tftpd-hpa +- name: "Configure tftp server" + ansible.builtin.copy: + dest: "/etc/default/tftpd-hpa" content: | TFTP_USERNAME="tftp" TFTP_DIRECTORY="{{ tftp_dir }}" @@ -23,10 +23,11 @@ TFTP_OPTIONS="--secure" owner: root group: root - mode: 0644 + mode: '0644' notify: restart tftpd -- service: +- name: "Start tftp daemon" + ansible.builtin.service: name: tftpd-hpa state: started enabled: true diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml index a679d48..a9674f1 100644 --- a/roles/fai/tasks/time-server.yml +++ b/roles/fai/tasks/time-server.yml @@ -1,29 +1,29 @@ -- name: install inetd and ntp - package: +- name: "Install inetd and ntp" + ansible.builtin.package: name: - inetutils-tools - inetutils-inetd - ntp state: present -- name: configure rdate for inetd - copy: +- name: "Configure rdate for inetd" + ansible.builtin.copy: content: | time stream tcp nowait root internal - dest: /etc/inetd.conf + dest: "/etc/inetd.conf" owner: root group: root - mode: u=rw,g=r,o=r + mode: '0644' notify: restart inetd -- name: start inetd - service: +- name: "Start inetd" + ansible.builtin.service: name: inetutils-inetd state: started enabled: true -- name: configure ntp server - copy: +- name: "Configure ntp server" + ansible.builtin.copy: content: | driftfile /var/lib/ntp/ntp.drift @@ -48,14 +48,14 @@ restrict ::1 restrict source notrap nomodify noquery - dest: /etc/ntp.conf - mode: 0644 + dest: "/etc/ntp.conf" + mode: '0644' owner: root group: root notify: restart ntp -- name: ntp is running and enabled - service: +- name: "Start and enable ntp daemon" + ansible.builtin.service: name: ntp state: started enabled: true diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml index d813f9a..3841989 100644 --- a/roles/fai/tasks/unbound.yml +++ b/roles/fai/tasks/unbound.yml @@ -1,10 +1,10 @@ -- name: install unbound server - package: +- name: "Install unbound server" + ansible.builtin.package: name: unbound state: present -- name: configure dns - copy: +- name: "Configure DNS" + ansible.builtin.copy: content: | server: access-control: {{ server_net }}.0/{{ server_netbits }} allow @@ -15,20 +15,14 @@ local-zone: "{{ domain_name }}." static local-data: "{{ server_name }}.{{ domain_name }}. IN A {{ server_ip }}" - dest: /etc/unbound/unbound.conf.d/fai.conf - mode: u=rw,g=r,o=r + dest: "/etc/unbound/unbound.conf.d/fai.conf" + mode: '0644' owner: root group: root - register: unbound_conf + notify: reload unbound -- name: ensure unbound is enabled and running - service: +- name: "Ensure unbound is enabled and running" + ansible.builtin.service: name: unbound state: started enabled: true - -- name: apply dns config - systemd: - name: unbound - state: restarted - when: unbound_conf.changed From f9f023f3bcf8f5bd4638e700def46bd9fab4246b Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 1 May 2022 22:31:31 +0200 Subject: [PATCH 03/64] Update README --- README.md | 97 +++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 76 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 85d8743..3bab65e 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,24 @@ # HW4F Netboot Installer -Server die automatische Installation über das Netzwerks von Ubuntu 20.04 im Rahmen des https://hardwareforfuture.de(**Hardware for Future**) Projekts des https://dezentrale.space(dezentrale e.V). +Server die automatische Installation über das Netzwerks von Ubuntu 20.04 +im Rahmen des Projekts https://hardwareforfuture.de(**Hardware for Future**) +des https://dezentrale.space(dezentrale e.V). -Für den Betrieb wird einmalig eine Internetverbindung benötigt. Der Server wird über Ansible aufgesetzt. Hierfür werden verschiedene Komponenten installiert, u.a. FAI (Fully Automatic Installtion). Mit dem Server wird ein Netz aufgespannt, welches für den Anschluß des zu installierenden Rechner verwendet wird. Wenn die Rechner mit dem Netzwerk verbunden sind, können sie über einen Netzwerkboot (F-Testen beim Start des Rechners) über PXE gebootet werden. PXE lädt die erforderliche Dateien vom Server und der FAI-Installer installiert dann Ubuntu auf den Rechner. +Für den Betrieb wird einmalig eine Internetverbindung benötigt. +Der Server wird über Ansible aufgesetzt. +Hierfür werden verschiedene Komponenten installiert, +u.a. FAI (Fully Automatic Installtion). +Mit dem Server wird ein Netz aufgespannt, +welches für den Anschluß des zu installierenden Rechner verwendet wird. +Wenn die Rechner mit dem Netzwerk verbunden sind, +können sie über einen Netzwerkboot (F-Testen beim Start des Rechners) über PXE gebootet werden. +PXE lädt die erforderliche Dateien vom Server +und der FAI-Installer installiert dann Ubuntu auf den Rechner. -Es wird ein Nutzer *demo* angelegt. Das Passwort ist *fai*. Dieser Nutzer kann Administrationsrechte erlang und es sollte nach der Anmeldung das Passwort dringenst geändert werden. +Es wird ein Nutzer *demo* angelegt. +Das Passwort ist *fai*. +Dieser Nutzer kann Administrationsrechte erlang +und es sollte nach der Anmeldung das Passwort dringenst geändert werden. ## Voraussetzungen @@ -22,14 +36,16 @@ Zu installierende Clients: ## Verwendung -Zunächst ansible für die automatische Installation und Konfiguration aller Komponeten herunterladen: +Zunächst ansible für die automatische Installation +und Konfiguration aller Komponeten herunterladen: ```console apt install python3-pip pip3 install ansible ``` -Danach ein Playbook (z.B. *fai.yml*) anlegen und die grundlegende Parameter festlegen: +Danach ein Playbook (z.B. *fai.yml*) anlegen +und die grundlegende Parameter festlegen: ```yml - hosts: localhost @@ -41,31 +57,60 @@ Danach ein Playbook (z.B. *fai.yml*) anlegen und die grundlegende Parameter fest - fai ``` +Einen Eintrag hinzufügen in +`~/.ssh/config` + +``` +host hw4f-fai hw4f-fai.intern.dezentrale.space + user username + #hostname 192.168.1.11 +``` + Danach das Playbook ausführen: ``` ansible-playbook fai.yml + +ansible-playbook -i inventory/dezentrale.yml -K --check --diff -v fai.yml ``` ### Virtuale Testinstanz -Für eine testweise Installation kann Vagrant (https://www.vagrantup.com/) verwendet werden. Es richtet anhand der *Vagrantfile* eine virtuelle Maschine ein und provisioniert sie mittels Ansible. Vagrant unterstützt verschiedene Provider für Virtualisierungslösungen bspw. VirtualBox oder libvirt/KVM. +Für eine testweise Installation kann +https://www.vagrantup.com/(Vagrant) verwendet werden. +Es richtet anhand der *Vagrantfile* eine virtuelle Maschine ein +und provisioniert sie mittels Ansible. +Vagrant unterstützt verschiedene Provider für Virtualisierungslösungen +bspw. VirtualBox oder libvirt/KVM. -Zur Installation muss zunächst Vagrant installiert werden. Hier beispielsweise zusammen mit VirtualBox +Zur Verwendung muss Vagrant zunächst installiert werden. +Hier beispielsweise zusammen mit VirtualBox: ``` apt install vagrant virtualbox ``` -Danach kann die virtuelle Umgebung erstellt und auotmatisch eingerichtet werden: +Danach kann die virtuelle Umgebung erstellt +und automatisch eingerichtet werden: ``` vagrant up ``` -Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports. Der erste Port ist für Verwaltung von Vagrant und der zweite Port (IP: 192.168.33.1) um die notwendige FAI Services über ein virtuelles Netzwerk anzubieten. Mit diesen Netzwerk können dann weitere virtuelle Maschine verbunden werden, um sie mit FAI automatisch zu installieren. +Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports. +Der erste Port ist für Verwaltung von Vagrant +und der zweite Port (IP: `192.168.33.1`) +um die notwendige FAI Services über ein virtuelles Netzwerk anzubieten. +Mit diesen Netzwerk können dann weitere virtuelle Maschine verbunden werden, +um sie mit FAI automatisch zu installieren. -*Hinweis:* Die Verwendung von VirtualBox wird empfohlen. Bei libvirt/KVM gab es Probleme mit dem Starten von Clients für Testinstallationen im virtuellen Netzwerk. Hier kann es helfen das Netzwerk über *Virt-Manager* neuzustarten oder ein weiteres isoliertes Netzwerk zu erstellen und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden. + +*Hinweis:* Die Verwendung von VirtualBox wird empfohlen. +Bei libvirt/KVM gab es Probleme +mit dem Starten von Clients für Testinstallationen im virtuellen Netzwerk. +Hier kann es helfen das Netzwerk über *Virt-Manager* neuzustarten oder +ein weiteres isoliertes Netzwerk zu erstellen +und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden. ### Konfiguration @@ -75,9 +120,9 @@ Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports. Der erste Port |--- |--- |--- | |dhcp_interface |NIC des Installtionnetzes. Muss gesetzt sein | | |wan_interface |NIC zum Internet |eth0 | -|server_name |Server-Name |faiserver | +|server_name |Server-Name |hw4f-fai | |domain_name |Domain-Name des Netzes |local | -|server_ip |IP des Servers |192.168.33.1 | +|server_ip |IP des Servers |`192.168.33.1` | |server_netbits |Bits der Netzmaske |24 | |server_netmask |Netzmaske |255.255.255.0 | |apt_cacher_offline_mode |true, um nur den vorhanden Packet-Cache als Repository zu nutzen |false | @@ -86,10 +131,12 @@ Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports. Der erste Port |pxe_menu_timeout |Timeout für iPXE-Menu in Milisekunden |5000 | |ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine | |use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |false | -|fai_hw4f_profile_username |Desktop Benutzername |user | -|fai_hw4f_profile_password |Passwort der Benutzers |fai | +|fai_hw4f_profile_username |Desktop Benutzername |`user` | +|fai_hw4f_profile_password |Passwort der Benutzers |`fai` | -Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, eine Rechner mit Ubuntu installiert werden und danach der Server wie folgt in den Offline-Installationsmodus versetzt werden: +Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, +eine Rechner mit Ubuntu installiert werden und +danach der Server wie folgt in den Offline-Installationsmodus versetzt werden: ```yml - hosts: localhost @@ -102,7 +149,8 @@ Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, eine Rechn - fai ``` -Danach das Playbook noch einmal ausführen, um die Konfigration zu aktualisieren: +Danach das Playbook noch einmal ausführen, +um die Konfigration zu aktualisieren: ``` ansible-playbook fai.yml @@ -135,17 +183,24 @@ ipxe_additional_entries: pxe_preselected_entry: memtest ``` -Dabei werden alle Dateien unter, die im ```files``` ausgewiesen sind, in das PXE-Verzeichnis kopiert. Es wird ein zusätzlichen Menüeintrag angelegt mit dem Label ```memtest``` (Name des Eintrags) und als Anzeigetext aus ```name```. Es sind folgende Felder für jeden Boot-Eintrag möglich: +Dabei werden alle Dateien unter, +die im `files` ausgewiesen sind, +in das PXE-Verzeichnis kopiert. +Es wird ein zusätzlichen Menüeintrag +mit dem Label `memtest` (Name des Eintrags) und +dem Anzeigetext aus `name` angelegt. +Es sind folgende Felder für jeden Boot-Eintrag möglich: |**Feld** |**Beschreibung** |**iPXE-Argument** | |--- |--- |--- | |files |Dateien für den Eintrag | | -|kernel |Zu ladenden Kernel |```kernel``` | +|kernel |Zu ladenden Kernel |`kernel` | |args |Argumente des Kernel |an Kernel angehängt | -|initrd |InitRD-Images |```initrd``` | -|multiboot |Images für Multiboot-Kernel |```multiboot``` | +|initrd |InitRD-Images |`initrd` | +|multiboot |Images für Multiboot-Kernel |`multiboot` | -Der vorausgewählt Eintrag kann über ```pxe_preselected_entry``` mit dem Label ausgewählt werden. Um FAI auszuwählen muss ```__fai``` gesetzt werden. +Der vorausgewählt Eintrag kann über `pxe_preselected_entry` mit dem Label ausgewählt werden. +Um FAI auszuwählen muss `__fai` gesetzt werden. ## Details From 0df15e5da1129d06e38b6e3711299642d3f5e83b Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 1 May 2022 22:41:46 +0200 Subject: [PATCH 04/64] Update README * Fix links and typos --- README.md | 74 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 3bab65e..f48f0d8 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ # HW4F Netboot Installer Server die automatische Installation über das Netzwerks von Ubuntu 20.04 -im Rahmen des Projekts https://hardwareforfuture.de(**Hardware for Future**) -des https://dezentrale.space(dezentrale e.V). +im Rahmen des Projekts [https://hardwareforfuture.de](**Hardware for Future**) +des [https://dezentrale.space/](dezentrale e.V). Für den Betrieb wird einmalig eine Internetverbindung benötigt. Der Server wird über Ansible aufgesetzt. Hierfür werden verschiedene Komponenten installiert, -u.a. FAI (Fully Automatic Installtion). +u.a. FAI (Fully Automatic Installation). Mit dem Server wird ein Netz aufgespannt, welches für den Anschluß des zu installierenden Rechner verwendet wird. Wenn die Rechner mit dem Netzwerk verbunden sind, @@ -15,10 +15,10 @@ können sie über einen Netzwerkboot (F-Testen beim Start des Rechners) über PX PXE lädt die erforderliche Dateien vom Server und der FAI-Installer installiert dann Ubuntu auf den Rechner. -Es wird ein Nutzer *demo* angelegt. -Das Passwort ist *fai*. -Dieser Nutzer kann Administrationsrechte erlang -und es sollte nach der Anmeldung das Passwort dringenst geändert werden. +Es wird ein Nutzer `demo` angelegt. +Das Passwort ist `fai`. +Dieser Nutzer kann Administrationsrechte erlangen. +Das Passwort muss im Anschluss geändert werden. ## Voraussetzungen @@ -32,11 +32,11 @@ Zu installierende Clients: * CPU mit x86-64 Unterstützung * 512 MB RAM empfohlen * mehr als 20 GB Festsplatte oder SSD -* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder iPXE-CD zum Booten des Rechern +* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder iPXE-CD zum Booten der Rechner ## Verwendung -Zunächst ansible für die automatische Installation +Zunächst Ansible für die automatische Installation und Konfiguration aller Komponeten herunterladen: ```console @@ -44,7 +44,7 @@ apt install python3-pip pip3 install ansible ``` -Danach ein Playbook (z.B. *fai.yml*) anlegen +Danach ein Playbook (z.B. `fai.yml`) anlegen und die grundlegende Parameter festlegen: ```yml @@ -77,7 +77,7 @@ ansible-playbook -i inventory/dezentrale.yml -K --check --diff -v fai.yml ### Virtuale Testinstanz Für eine testweise Installation kann -https://www.vagrantup.com/(Vagrant) verwendet werden. +[https://www.vagrantup.com/](Vagrant) verwendet werden. Es richtet anhand der *Vagrantfile* eine virtuelle Maschine ein und provisioniert sie mittels Ansible. Vagrant unterstützt verschiedene Provider für Virtualisierungslösungen @@ -116,23 +116,24 @@ und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden. Über Ansible-Variablen kann die Installation noch weiter angepasst werden. -|**Variable** |**Bedeutung** |**Standard** | -|--- |--- |--- | -|dhcp_interface |NIC des Installtionnetzes. Muss gesetzt sein | | -|wan_interface |NIC zum Internet |eth0 | -|server_name |Server-Name |hw4f-fai | -|domain_name |Domain-Name des Netzes |local | -|server_ip |IP des Servers |`192.168.33.1` | -|server_netbits |Bits der Netzmaske |24 | -|server_netmask |Netzmaske |255.255.255.0 | -|apt_cacher_offline_mode |true, um nur den vorhanden Packet-Cache als Repository zu nutzen |false | -|debian_release |Debian Release, was für FAI genutzt werden soll. |buster | -|pxe_preselected_entry |Vorausgewählte iPXE-Eintag |`__exit` (von lokale Datenträger starten)| -|pxe_menu_timeout |Timeout für iPXE-Menu in Milisekunden |5000 | -|ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine | -|use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |false | -|fai_hw4f_profile_username |Desktop Benutzername |`user` | -|fai_hw4f_profile_password |Passwort der Benutzers |`fai` | + +|**Variable** |**Bedeutung** |**Standard** | +|--- |--- |---------------------------------------- | +|dhcp_interface |NIC des Installtionnetzes (muss gesetzt sein) | | +|wan_interface |NIC zum Internet |`eth0` | +|server_name |Server-Name |hw4f-fai | +|domain_name |Domain-Name des Netzes |local | +|server_ip |IP des Servers |`192.168.33.1` | +|server_netbits |Bits der Netzmaske |`24 ` | +|server_netmask |Netzmaske |`255.255.255.0` | +|apt_cacher_offline_mode |true, um nur den vorhanden Packet-Cache als Repository zu nutzen|false | +|debian_release |Debian Release, was für FAI genutzt werden soll. |buster | +|pxe_preselected_entry |Vorausgewählte iPXE-Eintag |`__exit` (von lokale Datenträger starten)| +|pxe_menu_timeout |Timeout für iPXE-Menu in Milisekunden |5000 | +|ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine | +|use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |`false` | +|fai_hw4f_profile_username |Desktop Benutzername |`user` | +|fai_hw4f_profile_password |Passwort der Benutzers |`fai` | Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, eine Rechner mit Ubuntu installiert werden und @@ -158,7 +159,8 @@ ansible-playbook fai.yml #### Zusätzliche Menü-Einträge im iPXE-Menü -Das vordefinierte Playbook für playbook-vagrant.yml(Vagrant) erhält bereits einen zusätzlichen Eintrag für Memtest. +Das vordefinierte Playbook für `playbook-vagrant.yml` (Vagrant) +enthält bereits einen zusätzlichen Eintrag für Memtest. ``` ipxe_additional_entries: @@ -175,7 +177,7 @@ ipxe_additional_entries: # - initrd0.img # - initrd1.img # - ... -# multiboot: +# multiboot: # - module0.img # - module1.img # - ... @@ -194,10 +196,10 @@ Es sind folgende Felder für jeden Boot-Eintrag möglich: |**Feld** |**Beschreibung** |**iPXE-Argument** | |--- |--- |--- | |files |Dateien für den Eintrag | | -|kernel |Zu ladenden Kernel |`kernel` | +|kernel |Zu ladenden Kernel |`kernel` | |args |Argumente des Kernel |an Kernel angehängt | -|initrd |InitRD-Images |`initrd` | -|multiboot |Images für Multiboot-Kernel |`multiboot` | +|initrd |InitRD-Images |`initrd` | +|multiboot |Images für Multiboot-Kernel |`multiboot` | Der vorausgewählt Eintrag kann über `pxe_preselected_entry` mit dem Label ausgewählt werden. Um FAI auszuwählen muss `__fai` gesetzt werden. @@ -219,6 +221,6 @@ Um FAI auszuwählen muss `__fai` gesetzt werden. ## Verweise -* https://fai-project.org(FAI Project) -* https://ipxe.org(iPXE) -* https://www.ansible.com(Ansible) +* [https://fai-project.org](FAI Project) +* [https://ipxe.org](iPXE) +* [https://www.ansible.com](Ansible) From 4255871d36acc68ed4f172478c75f76552996d2a Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Mon, 2 May 2022 07:50:42 +0200 Subject: [PATCH 05/64] Update default root and user password --- README.md | 2 +- roles/fai/defaults/main.yml | 2 +- roles/fai/tasks/fai-profiles.yml | 10 +++++++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f48f0d8..98caf79 100644 --- a/README.md +++ b/README.md @@ -133,7 +133,7 @@ und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden. |ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine | |use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |`false` | |fai_hw4f_profile_username |Desktop Benutzername |`user` | -|fai_hw4f_profile_password |Passwort der Benutzers |`fai` | +|fai_hw4f_profile_password |Passwort der Benutzers |`dezentrale` | Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, eine Rechner mit Ubuntu installiert werden und diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 4186df6..d866e79 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -17,7 +17,7 @@ fai_profiles_archive: "config.tar" fai_squashfs_file: "squash.img" fai_hw4f_profile_username: user -fai_hw4f_profile_password: fai +fai_hw4f_profile_password: dezentrale tftp_dir: "/srv/tftp/fai" http_mirror_ipxe_path_prefix: "ipxe" diff --git a/roles/fai/tasks/fai-profiles.yml b/roles/fai/tasks/fai-profiles.yml index fde91af..1b340e3 100644 --- a/roles/fai/tasks/fai-profiles.yml +++ b/roles/fai/tasks/fai-profiles.yml @@ -39,9 +39,13 @@ KEYMAP=de-latin1-nodeadkeys - # start user and password - username={{fai_hw4f_profile_username}} - USERPW='{{fai_hw4f_profile_password |password_hash("sha512")}}' + ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512")}}' + + # START USER AND PASSWORD + username={{ fai_hw4f_profile_username }} + USERPW='{{ fai_hw4f_profile_password |password_hash("sha512")}}' + + SUPRESS_GNOME_INITIAL_SCREEN=1 dest: "{{ fai_configdir }}/class/HW4F_DESKTOP.var" owner: root group: root From cad2ceaeba1eefd90c67e2a1a7cec125c9e85e7f Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Mon, 2 May 2022 07:51:08 +0200 Subject: [PATCH 06/64] Update fai root password --- roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER b/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER index dfa5c1f..8d2cde2 100644 --- a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER +++ b/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER @@ -2,7 +2,7 @@ # " " for debootstrap FAI_DEBOOTSTRAP="buster http://deb.debian.org/debian" -FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' +FAI_ROOTPW='$5$n4TiokMaqws2PC/i$eqDh77it8N/haBU6OeE6WqbBjI0E1IUczp2EJ7Tr4J/' NFSROOT=/srv/fai/nfsroot TFTPROOT=/srv/tftp/fai From a97f593e3088a1e1e85e3537d65e04feaa7edd6b Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Mon, 2 May 2022 07:51:48 +0200 Subject: [PATCH 07/64] Use lineinfile instead of overwriting with copy --- roles/fai/tasks/time-server.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml index a9674f1..86c9b83 100644 --- a/roles/fai/tasks/time-server.yml +++ b/roles/fai/tasks/time-server.yml @@ -7,9 +7,10 @@ state: present - name: "Configure rdate for inetd" - ansible.builtin.copy: - content: | - time stream tcp nowait root internal + ansible.builtin.lineinfile: + path: "/etc/inetd.conf" + create: yes + line: 'time stream tcp nowait root internal' dest: "/etc/inetd.conf" owner: root group: root From 4de55e734b155e5c42c75533b19eda9295246be7 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Mon, 2 May 2022 07:52:20 +0200 Subject: [PATCH 08/64] Move variables to inventory --- fai.yml | 10 +--------- inventory/dezentrale.yml | 12 ++++++++++++ 2 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 inventory/dezentrale.yml diff --git a/fai.yml b/fai.yml index 9b63860..90b366e 100644 --- a/fai.yml +++ b/fai.yml @@ -1,15 +1,7 @@ - hosts: hw4f-fai become: true vars: - # interface to the clients to install - dhcp_interface: ens19 - # interface for a internet connection - wan_interface: ens18 - # customized server name - server_name: hw4f-fai - # ip of the server of the installer network - server_ip: 192.168.33.9 - + # Additional entries in iPXE menu ipxe_additional_entries: pmagic: name: Partition Magic diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml new file mode 100644 index 0000000..31d0601 --- /dev/null +++ b/inventory/dezentrale.yml @@ -0,0 +1,12 @@ +all: + hosts: + hw4f-fai: + use_apt_cache_for_server: true + # interface for a internet connection + wan_interface: ens18 + # interface to the clients to install + dhcp_interface: ens19 + # customized server name + server_name: hw4f-fai + # ip of the server of the installer network + server_ip: 192.168.33.9 From 3337c1a540ffbcadbedd3cf0286863c9fc0c2f21 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Mon, 2 May 2022 08:56:51 +0200 Subject: [PATCH 09/64] Make dhcp-config more flexible * Add routers, nameservers and timeservers as variables with defaults --- roles/fai/tasks/isc-dhcp-server.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/roles/fai/tasks/isc-dhcp-server.yml b/roles/fai/tasks/isc-dhcp-server.yml index 2c6eaf4..10dcd21 100644 --- a/roles/fai/tasks/isc-dhcp-server.yml +++ b/roles/fai/tasks/isc-dhcp-server.yml @@ -12,18 +12,19 @@ option architecture-type code 93 = unsigned integer 16; - subnet {{server_net}}.0 netmask {{server_netmask}} { - range {{server_net}}.10 {{server_net}}.250; + subnet {{ server_net }}.0 netmask {{ server_netmask }} { + range {{ server_net }}.10 {{ server_net }}.250; default-lease-time 6000; max-lease-time 7200; - option routers {{server_ip}}; - option domain-name "{{domain_name}}"; - option domain-name-servers {{server_ip}}; - option time-servers {{server_ip}}; - option ntp-servers {{server_ip}}; - server-name {{server_name}}; - next-server {{server_ip}}; + option routers {{ routers |default([server_ip]) |join(', ') }}; + option domain-name "{{ domain_name }}"; + option domain-name-servers {{ nameservers |default([server_ip]) |join(', ') }}; + option time-servers {{ timeservers |default([server_ip]) |join(', ') }}; + option ntp-servers {{ timeservers |default([server_ip]) |join(', ') }}; + server-name {{ server_name }}; + next-server {{ server_ip }}; + interface {{ dhcp_interface }}; allow booting; allow bootp; @@ -50,8 +51,9 @@ mode: '0644' owner: root group: root - # validate: dhcpd -t -cf %s + validate: dhcpd -t -cf %s notify: restart dhcpd + tags: dhcp_configure - name: "Set dhcp server interface" ansible.builtin.copy: From 7aa6bb65a2b75c7f830510007f6b97c089652e16 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:25:51 +0200 Subject: [PATCH 10/64] Git-ignore vim swap files --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 40bcb8a..df19343 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ # vim -*.swp +*.sw[a-z] # Vagrant .vagrant From 6d5931941f88044cca822b5a0026aa6dea02e32b Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:29:01 +0200 Subject: [PATCH 11/64] Allow sudo nopasswd for ansible (during testing) --- fai.yml | 1 - inventory/dezentrale.yml | 1 + roles/fai/tasks/main.yml | 18 ++++++++++++++++++ roles/fai/tasks/sudo.yml | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 roles/fai/tasks/sudo.yml diff --git a/fai.yml b/fai.yml index 90b366e..ded8ac9 100644 --- a/fai.yml +++ b/fai.yml @@ -1,5 +1,4 @@ - hosts: hw4f-fai - become: true vars: # Additional entries in iPXE menu ipxe_additional_entries: diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml index 31d0601..9614866 100644 --- a/inventory/dezentrale.yml +++ b/inventory/dezentrale.yml @@ -1,6 +1,7 @@ all: hosts: hw4f-fai: + ansible_nopasswd: True use_apt_cache_for_server: true # interface for a internet connection wan_interface: ens18 diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index a8dd1ef..f8c5b90 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -8,29 +8,47 @@ - not dhcp_interface is defined - name: "Setup apt proxy cache" + include: sudo.yml + tags: + - ansible_nopasswd + +- name: "Setup apt proxy cache" + become: True include: apt-cacher-ng.yml - name: "Configure a time server" + become: True include: time-server.yml - name: "Configure a web server" + become: True include: nginx.yml - name: "Configure tftp" + become: True include: tftpd-hpa.yml - name: "Configure dns server" + become: True include: unbound.yml - name: "Configure nic" + become: True include: network.yml - name: "Setup dhcp" + become: True include: isc-dhcp-server.yml - include: fai-prepare.yml + become: True - include: fai-configure.yml + become: True - include: fai-profiles.yml + become: True - include: fai-root.yml + become: True - include: fai-pxe.yml + become: True - include: fai-ipxe.yml + become: True diff --git a/roles/fai/tasks/sudo.yml b/roles/fai/tasks/sudo.yml new file mode 100644 index 0000000..36ef51c --- /dev/null +++ b/roles/fai/tasks/sudo.yml @@ -0,0 +1,37 @@ +### OPERATING SYSTEM CONFIGURATION + +- name: "Debug conditions" + debug: + var: item + loop: + - "{{ ansible_nopasswd }}" + - "{{ ansible_user_id }}" + tags: + - ansible_nopasswd + +- name: "Allow ansible user to use sudo without password (only for testing)" + become: true + template: + src: sudoers.d/ansible.jn2 + dest: "/etc/sudoers.d/ansible" + owner: root + group: root + mode: '0440' + lstrip_blocks: true + backup: no + validate: /usr/sbin/visudo -cf %s + when: + - ansible_nopasswd + - ansible_user_id != "root" + tags: + - ansible_nopasswd + +- name: "Make sure to remove sudo without password (only for testing)" + become: true + file: + path: "/etc/sudoers.d/ansible" + state: absent + when: not ansible_nopasswd + tags: + - ansible_nopasswd + From c0c1c28ae386c79f8250ca699866b078a768b8e1 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:30:50 +0200 Subject: [PATCH 12/64] Add tags to tasks --- roles/fai/tasks/fai-ipxe.yml | 9 +++++++++ roles/fai/tasks/fai-pxe.yml | 6 ++++++ roles/fai/tasks/nginx.yml | 13 +++++++++++++ 3 files changed, 28 insertions(+) diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index ec0a75f..57a6caf 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -2,6 +2,9 @@ ansible.builtin.package: name: ipxe state: present + tags: + - ipxe + - ipxe_install - name: "Copy ipxe" ansible.builtin.copy: @@ -13,6 +16,9 @@ - "/usr/lib/ipxe/ipxe.pxe" - "/usr/lib/ipxe/ipxe.lkrn" notify: restart tftpd + tags: + - ipxe + - ipxe_copy - name: "Write ipxe menu" ansible.builtin.copy: @@ -102,3 +108,6 @@ group: root notify: restart tftpd + tags: + - ipxe + - ipxe_menu_write diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index 10b74f4..d15cdc9 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -3,17 +3,23 @@ paths: "/srv/fai/nfsroot/boot" patterns: "vmlinuz-*" register: fai_live_vmlinuz + tags: + - ipxe - name: "Find linux initial ram-disks" ansible.builtin.find: paths: "/srv/fai/nfsroot/boot" patterns: "initrd.img-*" register: fai_live_initrd + tags: + - ipxe - name: "Manipulate file pathes" ansible.builtin.set_fact: fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}" fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}" + tags: + - ipxe - name: "Copy linux kernel and initrd to tftp root" ansible.builtin.copy: diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index ab7aaa4..b463479 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -3,6 +3,9 @@ name: - nginx-light state: present + tags: + - nginx + - nginx_install - name: "Configure http server" ansible.builtin.copy: @@ -27,6 +30,13 @@ owner: root group: root notify: restart nginx + tags: + - nginx + - nginx_site_available + + tags: + - nginx + - nginx_site_enable - name: "Place info site" ansible.builtin.copy: @@ -51,3 +61,6 @@ name: nginx state: started enabled: true + tags: + - nginx + - nginx_start_enable From a135d95e1498052310b73b40e1903e11773fb4e9 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:33:50 +0200 Subject: [PATCH 13/64] Refactor pathes to tftp and nginx root --- roles/fai/tasks/fai-ipxe.yml | 4 ++-- roles/fai/tasks/fai-root.yml | 2 +- roles/fai/tasks/nginx.yml | 2 +- roles/fai/vars/main.yml | 5 +++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index 57a6caf..db78e20 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -9,7 +9,7 @@ - name: "Copy ipxe" ansible.builtin.copy: src: "{{ item }}" - dest: "/srv/tftp/fai" + dest: "{{ tftp_dir }}" remote_src: yes with_items: - "/usr/lib/ipxe/ipxe.efi" @@ -103,11 +103,11 @@ {% endfor %} dest: "/srv/tftp/fai/menu.ipxe" + dest: "{{ tftp_dir }}/menu.ipxe" mode: '0644' owner: root group: root notify: restart tftpd - tags: - ipxe - ipxe_menu_write diff --git a/roles/fai/tasks/fai-root.yml b/roles/fai/tasks/fai-root.yml index 3f5a595..1c16508 100644 --- a/roles/fai/tasks/fai-root.yml +++ b/roles/fai/tasks/fai-root.yml @@ -9,7 +9,7 @@ FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' NFSROOT=/srv/fai/nfsroot - TFTPROOT=/srv/tftp/fai + TFTPROOT={{ tftp_dir }} NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/ FAI_DEBOOTSTRAP_OPTS="--exclude=wget" diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index b463479..4b63632 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -13,7 +13,7 @@ server { listen 80 default_server; listen [::]:80 default_server; - root /var/www/html; + root {{ nginx_root }}; index index.html; server_name _; diff --git a/roles/fai/vars/main.yml b/roles/fai/vars/main.yml index daae4c5..3f42894 100644 --- a/roles/fai/vars/main.yml +++ b/roles/fai/vars/main.yml @@ -3,8 +3,9 @@ server_net: "{{ server_ip |regex_replace('.[0-9]+$', '') }}" -fai_download_dir: "/var/www/html/{{ http_mirror_fai_path_prefix }}" -ipxe_download_dir: "/var/www/html/{{ http_mirror_ipxe_path_prefix }}" +nginx_root: "/var/www/html" +fai_download_dir: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}" +ipxe_download_dir: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}" fai_squashfs_path: "{{ fai_download_dir }}/{{ fai_squashfs_file }}" http_mirror: "http://{{ server_name }}" From bb655cf05902f3ec4e6b4f3e5e9a3b4c847bcdb9 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:34:27 +0200 Subject: [PATCH 14/64] Add some quoting --- inventory/dezentrale.yml | 2 +- roles/fai/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml index 9614866..aebcc5c 100644 --- a/inventory/dezentrale.yml +++ b/inventory/dezentrale.yml @@ -8,6 +8,6 @@ all: # interface to the clients to install dhcp_interface: ens19 # customized server name - server_name: hw4f-fai + server_name: "hw4f-fai" # ip of the server of the installer network server_ip: 192.168.33.9 diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index d866e79..47afb54 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -12,7 +12,7 @@ apt_cacher_offline_mode: false debian_release: buster use_apt_cache_for_server: false -fai_configdir: /srv/fai/config +fai_configdir: "/srv/fai/config" fai_profiles_archive: "config.tar" fai_squashfs_file: "squash.img" From b33aafd01f4156ac8915262f9c2a39814503f7eb Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:35:53 +0200 Subject: [PATCH 15/64] Define variables in inventory * Configure routers, timeservers and nameservers * Set preselected item to fai in PXE menu --- inventory/dezentrale.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml index aebcc5c..c061667 100644 --- a/inventory/dezentrale.yml +++ b/inventory/dezentrale.yml @@ -11,3 +11,9 @@ all: server_name: "hw4f-fai" # ip of the server of the installer network server_ip: 192.168.33.9 + timeservers: + - 192.168.33.1 + routers: + - 192.168.33.1 + #nameservers: + pxe_preselected_entry: "fai" From 085bd8f1b81e72840110c0594b5573e5ecf332ab Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:37:20 +0200 Subject: [PATCH 16/64] Move iPXM menu creation to jinja2 * Use module "template" instead of copy with content * --- roles/fai/tasks/fai-ipxe.yml | 84 +------------------------ roles/fai/templates/menu.ipxe.j2 | 103 +++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 82 deletions(-) create mode 100644 roles/fai/templates/menu.ipxe.j2 diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index db78e20..1d5c405 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -21,88 +21,8 @@ - ipxe_copy - name: "Write ipxe menu" - ansible.builtin.copy: - content: | - #!ipxe - set boot-root {{ http_mirror_ipxe_root_url }} - set menu-default {{ pxe_preselected_entry }} - set menu-timeout {{ pxe_menu_timeout }} - set submenu-timeout ${menu-timeout} - isset ${menu-default} || set menu-default __exit - - # Figure out if client is 64-bit capable - cpuid --ext 29 && set arch x64 || set arch x86 - cpuid --ext 29 && set archl amd64 || set archl i386 - - :start - menu iPXE boot menu - item --key x __exit Exit iPXE and continue local boot - item --gap -- - item --key f __fai FAI Installer - {% for k, v in ipxe_additional_entries.items() %} - item {% if 'key' in v %}--key v.key {% endif %}{{ k }} {% if 'name' in v %}{{ v.name }}{% else %}{{ k }}{% endif %} - - {% endfor %} - item --gap -- - item __reload_after_fail Reload iPXE - item --gap -- - item --key c __config Configure settings - item __shell Drop to iPXE shell - item __reboot Reboot computer - choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel - set menu-timeout 0 - goto ${selected} - - :__cancel - echo You cancelled the menu, dropping you to a shell - - :__shell - echo Type 'exit' to get the back to the menu - shell - set menu-timeout 0 - set submenu-timeout 0 - goto start - - :__failed - echo Booting failed, dropping to shell - goto __shell - - :__config - config - goto start - - :__reload_after_fail - echo Reloading iPXE - sleep 3 - chain --replace --autofree menu.ipxe || goto failed - - :__reboot - reboot - - :__exit - exit - - :__fai - kernel ${boot-root}/{{ fai_live_vmlinuz }} root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS=verbose,sshd,createv,menu FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 ip=dhcp || goto __reload_after_fail - initrd ${boot-root}/{{ fai_live_initrd }} || goto __reload_after_fail - boot || goto __reload_after_fail - goto start - - {% for k, v in ipxe_additional_entries.items() %}{% if 'kernel' %} - - :{{ k }} - kernel ${boot-root}/{{ k }}/{{ v.kernel }} {% if 'args' in v %}{{ v['args'] }}{% endif %} || goto __reload_after_fail - {% if 'initrd' in v %}{% for initrd in v.initrd %} - initrd ${boot-root}/{{ k }}/{{ initrd }} || goto __reload_after_fail - {% endfor %}{% endif %} - {% if 'module' in v %}{% for module in v.multiboot %} - module ${boot-root}/{{ k }}/{{ module }} || goto __reload_after_fail - {% endfor %}{% endif %} - boot || goto __reload_after_fail - goto start{% endif %} - - {% endfor %} - dest: "/srv/tftp/fai/menu.ipxe" + ansible.builtin.template: + src: "menu.ipxe.j2" dest: "{{ tftp_dir }}/menu.ipxe" mode: '0644' owner: root diff --git a/roles/fai/templates/menu.ipxe.j2 b/roles/fai/templates/menu.ipxe.j2 new file mode 100644 index 0000000..7951646 --- /dev/null +++ b/roles/fai/templates/menu.ipxe.j2 @@ -0,0 +1,103 @@ +#!ipxe +set boot-root {{ http_mirror_ipxe_root_url }} +set menu-default {{ pxe_preselected_entry }} +set menu-timeout {{ pxe_menu_timeout }} +set submenu-timeout ${menu-timeout} +isset ${menu-default} || set menu-default exit + +# Figure out if client is 64-bit capable +cpuid --ext 29 && set arch x64 || set arch x86 +cpuid --ext 29 && set archl amd64 || set archl i386 + +:start +menu iPXE boot menu +item --key f fai FAI Installer +{% for k, v in ipxe_additional_entries.items() %} +item +{%- if 'key' in v %} + --key {{ v.key }} +{%- endif %} + {{ k }} +{%- if 'name' in v %} + {{ v.name }} +{% endif %} +{% endfor %} + +item --gap -- +item reload_after_fail Reload iPXE +item --gap -- +item --key c config Configure settings +item shell Drop to iPXE shell +item reboot Reboot computer +item +item --key x exit Exit iPXE and continue local boot + +choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel +set menu-timeout 0 +goto ${selected} + +:cancel +echo You cancelled the menu, dropping you to a shell + +:shell +echo Type 'exit' to get the back to the menu +shell +set menu-timeout 0 +set submenu-timeout 0 +goto start + +:failed +echo Booting failed, dropping to shell +goto shell + +:config +config +goto start + +:reload_after_fail +echo Reloading iPXE +sleep 3 +chain --replace --autofree menu.ipxe || goto failed + +:reboot +reboot + +:exit +exit + +:fai +kernel ${boot-root}/{{ fai_live_vmlinuz }} +initrd ${boot-root}/{{ fai_live_initrd }} || goto reload_after_fail +imgargs {{ fai_live_vmlinuz|basename }} ip=dhcp root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS=verbose,sshd,createv,menu FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 +boot || goto reload_after_fail +goto start + +{% for k, v in ipxe_additional_entries.items() %} +{% if v.kernel is defined and v.kernel|length %} + +:{{ k }} +kernel ${boot-root}/{{ k }}/{{ v.kernel }} +{% if v.initrd is defined and v.initrd|length %} +{% for initrd in v.initrd %} +initrd ${boot-root}/{{ k }}/{{ initrd }} +{% endfor %} +{% endif %} + +{%- if v.imgargs is defined and v.imgargs|length %} +imgargs {{ v.kernel|basename }} {{ v['imgargs'] }} +{% endif %} + +{%- if v.module is defined and v.module|length %} +{% for module in v.multiboot %} +module ${boot-root}/{{ k }}/{{ module }} +{% endfor %} +{% endif -%} + +boot || goto reload_after_fail +goto start +{% endif %} + +{% endfor %} + +{#- vim: filetype=htmldjango:noet:ai:ts=2:sw=2 +#} From facbe66cbc21977e089db759fc3cb769d524f7b9 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:37:53 +0200 Subject: [PATCH 17/64] Define additional menu entries in playbook --- fai.yml | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/fai.yml b/fai.yml index ded8ac9..b8fe66a 100644 --- a/fai.yml +++ b/fai.yml @@ -2,15 +2,37 @@ vars: # Additional entries in iPXE menu ipxe_additional_entries: - pmagic: - name: Partition Magic - files: tools/pmagic - kernel: bzImage64 - args: edd=on vga=normal + "pmagic": + name: "Partition Magic" + key: p + files: "tools/pmagic" + kernel: "bzImage64" initrd: - initrd.img - fu.img - m64.img - files.cgz + imgargs: edd=on vga=normal + "clonezilla2.6.6.15r": + name: "Windows Clonzilla 2.6.6.15 Restore" + key: r + kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" + initrd: + - "images/bios/clonezilla2.6.6-15/initrd.img" + imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"' + "clonezilla2.6.6.15b": + key: b + name: "Windows Clonzilla 2.6.6.15 Backup" + kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" + initrd: + - "images/bios/clonezilla2.6.6-15/initrd.img" + ##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5 + imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs' + "dban": + name: "Dariks boot and nuke (DBAN)" + key: d + kernel: "dban.bzi" + imgargs: "silent vga=785" + roles: - fai From 54e2aa8e7c1e7c1a3a0bc388a4287ab3b944f785 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:38:18 +0200 Subject: [PATCH 18/64] Add jinja2 template for ansible_nopasswd --- roles/fai/templates/sudoers.d/ansible.jn2 | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 roles/fai/templates/sudoers.d/ansible.jn2 diff --git a/roles/fai/templates/sudoers.d/ansible.jn2 b/roles/fai/templates/sudoers.d/ansible.jn2 new file mode 100644 index 0000000..7718a37 --- /dev/null +++ b/roles/fai/templates/sudoers.d/ansible.jn2 @@ -0,0 +1,4 @@ +{{ ansible_managed |comment }} +# Allow user "{{ ansible_user_id }}" to execute any command without password +{{ ansible_user_id }} ALL=(ALL:ALL) NOPASSWD: ALL + From 38ba2723315d873b958704dc065928d91200f5ce Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 16:38:47 +0200 Subject: [PATCH 19/64] Use site-available/enabled with a symlink --- roles/fai/tasks/nginx.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index 4b63632..c75ea77 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -25,7 +25,7 @@ autoindex on; } } - dest: "/etc/nginx/sites-enabled/default" + dest: "/etc/nginx/sites-available/hw4f-fai" mode: '0644' owner: root group: root @@ -34,6 +34,12 @@ - nginx - nginx_site_available +- name: "Enable nginx site 'hw4f-fai'" + ansible.builtin.file: + src: "/etc/nginx/sites-available/hw4f-fai" + dest: "/etc/nginx/sites-available/hw4f-fai" + state: link + notify: restart nginx tags: - nginx - nginx_site_enable @@ -50,7 +56,6 @@

Restart the computer and boot into PXE to install Ubuntu.

- dest: "/var/www/html/index.html" mode: "0644" owner: root From 55bade1f8efbd9e2ebe3c53a2d461cff7523bb8b Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 22:06:16 +0200 Subject: [PATCH 20/64] Refactor task nginx * Use varable for nginx_root * Check for existence of site configuration before enabling * Check conditions * Add tags --- roles/fai/tasks/nginx.yml | 39 +++++++++++++++++++++++++++++++++------ roles/fai/vars/main.yml | 2 ++ 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index c75ea77..4f30d8a 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -25,7 +25,7 @@ autoindex on; } } - dest: "/etc/nginx/sites-available/hw4f-fai" + dest: "{{ nginx_site_available }}" mode: '0644' owner: root group: root @@ -34,11 +34,32 @@ - nginx - nginx_site_available -- name: "Enable nginx site 'hw4f-fai'" +- name: "Check nginx availability of '{{ nginx_site_available }}'" + ansible.builtin.stat: + path: "{{ nginx_site_available }}" + register: nginx_site_available_stat + tags: + - nginx + - nginx_site_available_stat + +- name: "Debug variable 'nginx_site_available_stat'" + ansible.builtin.debug: + var: nginx_site_available_stat + when: + - nginx_site_available_stat.stat is defined + tags: + - nginx + - nginx_site_available_stat + +- name: "Enable nginx site '{{ nginx_site_available }}'" ansible.builtin.file: - src: "/etc/nginx/sites-available/hw4f-fai" - dest: "/etc/nginx/sites-available/hw4f-fai" + src: "{{ nginx_site_available }}" + dest: "{{ nginx_site_enabled }}" state: link + when: + - nginx_site_available_stat.stat.exists is defined + - nginx_site_available_stat.stat.exists + - nginx_site_available_stat.stat.isreg notify: restart nginx tags: - nginx @@ -52,14 +73,20 @@ Hardware for Future - PXE Environment -

This mirror is part of the Hardware for Future project

+

This mirror is part of the project + + Hardware for Future +

Restart the computer and boot into PXE to install Ubuntu.

- dest: "/var/www/html/index.html" + dest: "{{ nginx_root }}/index.html" mode: "0644" owner: root group: root + tags: + - nginx + - nginx_html - name: "Ensure http server is running" ansible.builtin.service: diff --git a/roles/fai/vars/main.yml b/roles/fai/vars/main.yml index 3f42894..21dc142 100644 --- a/roles/fai/vars/main.yml +++ b/roles/fai/vars/main.yml @@ -4,6 +4,8 @@ server_net: "{{ server_ip |regex_replace('.[0-9]+$', '') }}" nginx_root: "/var/www/html" +nginx_site_available: "/etc/nginx/sites-available/{{ ansible_hostname }}.conf" +nginx_site_enabled: "/etc/nginx/sites-enabled/{{ ansible_hostname }}.conf" fai_download_dir: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}" ipxe_download_dir: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}" fai_squashfs_path: "{{ fai_download_dir }}/{{ fai_squashfs_file }}" From 26bc5cecf54c6250f81a3c36a22fdda5d0fffe7d Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 4 May 2022 22:06:52 +0200 Subject: [PATCH 21/64] Check if files should be copied --- roles/fai/tasks/fai-pxe.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index d15cdc9..14444b5 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -52,5 +52,8 @@ recursive: yes loop: "{{ ipxe_additional_entries |dict2items }}" + when: + - item.value.files is defined + - item.value.files|length tags: - copy_additional_files From f029e74acd8f7844f3f25cd284562a0d0f70f482 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 7 Dec 2022 14:52:06 +0100 Subject: [PATCH 22/64] Mayor refactoring --- README.md | 192 +++++++---- Vagrantfile | 41 ++- fai.yml | 40 +-- group_vars/all.yml | 121 +++++++ inventory/dezentrale.yml | 32 +- ip_calc.yml | 15 + playbook-vagrant.yml | 35 -- roles/fai/defaults/main.yml | 100 +++++- roles/fai/files/bashrc | 72 ++++ .../FAISERVER => examples/etc/dhcpd.conf} | 17 +- roles/fai/files/examples/etc/netgroup | 43 +++ roles/fai/files/examples/utils/mkdebmirror | 41 +++ .../fai/files/profiles/basefiles/mk-basefile | 309 ------------------ roles/fai/files/profiles/class/01-classes | 8 - .../fai/files/profiles/class/10-base-classes | 21 -- roles/fai/files/profiles/class/20-hwdetect.sh | 35 -- .../files/profiles/class/40-parse-profiles.sh | 165 ---------- roles/fai/files/profiles/class/41-warning.sh | 28 -- .../fai/files/profiles/class/50-host-classes | 32 -- roles/fai/files/profiles/class/60-misc | 11 - roles/fai/files/profiles/class/85-efi-classes | 21 -- roles/fai/files/profiles/class/CENTOS.var | 9 - roles/fai/files/profiles/class/CLOUD.var | 1 - roles/fai/files/profiles/class/DEBIAN.var | 19 -- roles/fai/files/profiles/class/FAIBASE.var | 22 -- roles/fai/files/profiles/class/GERMAN.var | 3 - roles/fai/files/profiles/class/INSTALL.var | 1 - roles/fai/files/profiles/class/INVENTORY.var | 1 - roles/fai/files/profiles/class/SYSINFO.var | 1 - roles/fai/files/profiles/class/UBUNTU.var | 2 - roles/fai/files/profiles/class/menu.profile | 78 ----- roles/fai/files/profiles/debconf/CLOUD | 2 - roles/fai/files/profiles/debconf/DEBIAN | 9 - roles/fai/files/profiles/debconf/GERMAN | 8 - roles/fai/files/profiles/debconf/HW4F_DESKTOP | 36 -- .../fai/files/profiles/debconf/HW4F_DESKTOP2 | 132 -------- .../fai/files/profiles/debconf/UBUNTU_DESKTOP | 261 --------------- roles/fai/files/profiles/disk_config/CENTOS | 16 - roles/fai/files/profiles/disk_config/CLOUD | 7 - roles/fai/files/profiles/disk_config/FAIBASE | 9 - .../files/profiles/disk_config/FAIBASE_EFI | 10 - .../fai/files/profiles/disk_config/FAISERVER | 11 - .../files/profiles/disk_config/FAISERVER_EFI | 12 - .../files/profiles/disk_config/HW4F_DESKTOP | 5 - .../profiles/disk_config/HW4F_DESKTOP_EFI | 6 - roles/fai/files/profiles/disk_config/LVM | 15 - roles/fai/files/profiles/disk_config/LVM_EFI | 16 - roles/fai/files/profiles/disk_config/XENIAL | 12 - .../fai/files/profiles/disk_config/XENIAL_EFI | 13 - .../etc/apt/apt.conf.d/force_confdef/DEBIAN | 5 - .../etc/apt/preferences.d/mint.pref/MINT | 11 - .../apt/sources.list.d/mint.list/MINTDESKTOP | 0 .../profiles/files/etc/apt/sources.list/GNOME | 3 - .../profiles/files/etc/apt/trusted.gpg/DEBIAN | Bin 27133 -> 0 bytes .../etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA | Bin 13833 -> 0 bytes .../files/etc/apt/trusted.gpg/MINTDESKTOP | Bin 15840 -> 0 bytes .../profiles/files/etc/apt/trusted.gpg/UBUNTU | Bin 12723 -> 0 bytes .../etc/default/console-setup/HW4F_DESKTOP | 49 --- .../10_cloud_disable_net.ifnames.cfg/CLOUD | 6 - .../files/etc/default/locale/HW4F_DESKTOP | 1 - .../profiles/files/etc/fai/fai.conf/FAISERVER | 8 - .../files/etc/fai/nfsroot.conf/FAISERVER | 15 - .../fai/files/profiles/files/etc/motd/FAIBASE | 4 - .../files/profiles/files/etc/rc.local/CLOUD | 8 - .../profiles/files/etc/rc.local/FAISERVER | 102 ------ .../profiles/files/etc/selinux/config/CENTOS | 12 - roles/fai/files/profiles/hooks/debconf.CENTOS | 3 - roles/fai/files/profiles/hooks/debconf.IMAGE | 45 --- .../fai/files/profiles/hooks/instsoft.DEBIAN | 25 -- .../files/profiles/hooks/repository.CENTOS | 31 -- .../fai/files/profiles/hooks/savelog.LAST.sh | 223 ------------- .../fai/files/profiles/hooks/setup.DEFAULT.sh | 7 - .../files/profiles/hooks/updatebase.CENTOS | 25 -- .../files/profiles/hooks/updatebase.DEBIAN | 14 - .../files/profiles/hooks/updatebase.UBUNTU | 30 -- .../fai/files/profiles/package_config/CENTOS | 30 -- .../files/profiles/package_config/CINNAMON | 10 - .../fai/files/profiles/package_config/DEBIAN | 56 ---- .../files/profiles/package_config/DEBIAN.gpg | Bin 2824 -> 0 bytes .../files/profiles/package_config/FAISERVER | 13 - .../fai/files/profiles/package_config/GERMAN | 5 - roles/fai/files/profiles/package_config/GNOME | 9 - .../profiles/package_config/HW4F_DESKTOP | 14 - roles/fai/files/profiles/package_config/MINT | 7 - .../files/profiles/package_config/STANDARD | 34 -- .../fai/files/profiles/package_config/UBUNTU | 22 -- roles/fai/files/profiles/package_config/XFCE | 6 - roles/fai/files/profiles/package_config/XORG | 12 - .../files/profiles/scripts/CENTOS/10-security | 14 - .../files/profiles/scripts/CENTOS/30-mkinitrd | 25 -- .../profiles/scripts/CENTOS/40-install-grub | 96 ------ .../profiles/scripts/CENTOS/50-sysconfig | 29 -- .../scripts/CENTOS/60-network-scripts | 40 --- .../fai/files/profiles/scripts/CENTOS/80-misc | 21 -- .../files/profiles/scripts/CENTOS/90-cleanup | 3 - .../files/profiles/scripts/CLOUD/10-network | 11 - .../files/profiles/scripts/CLOUD/99-cleanup | 27 -- .../files/profiles/scripts/DEBIAN/10-rootpw | 15 - .../profiles/scripts/DEBIAN/20-capabilities | 22 -- .../profiles/scripts/DEBIAN/30-interface | 125 ------- .../fai/files/profiles/scripts/DEBIAN/40-misc | 51 --- .../files/profiles/scripts/FAIBASE/10-misc | 37 --- .../scripts/FAIBASE/20-removable_media | 25 -- .../profiles/scripts/FAISERVER/10-conffiles | 47 --- .../files/profiles/scripts/GRUB_EFI/10-setup | 68 ---- .../files/profiles/scripts/GRUB_PC/10-setup | 52 --- .../scripts/HW4F_DESKTOP_LAST/00-remove-proxy | 3 - .../scripts/HW4F_DESKTOP_LAST/01-network | 13 - .../scripts/HW4F_DESKTOP_LAST/50-post-install | 13 - roles/fai/files/profiles/scripts/LAST/50-misc | 103 ------ .../profiles/scripts/SECURE_ERASE/01-run | 14 - .../files/profiles/scripts/UBUNTU/10-rootpw | 15 - .../fai/files/profiles/scripts/UBUNTU/11-user | 15 - .../fai/files/profiles/scripts/UBUNTU/90-apt | 11 - .../fai/files/profiles/scripts/UBUNTU/91-misc | 7 - roles/fai/files/profiles/tests/FAIBASE_TEST | 44 --- roles/fai/files/profiles/tests/Faitest.pm | 96 ------ .../00-proxy/.keep => tools/pmagic/test.file} | 0 roles/fai/files/vimrc.local | 51 +++ roles/fai/handlers/main.yml | 26 +- roles/fai/tasks/apt-cacher-ng.yml | 5 + roles/fai/tasks/clonezilla.yml | 37 +++ roles/fai/tasks/fai-configure.yml | 104 ++++-- roles/fai/tasks/fai-ipxe.yml | 6 +- roles/fai/tasks/fai-nfsroot.yml | 52 +++ roles/fai/tasks/fai-prepare.yml | 49 ++- roles/fai/tasks/fai-profiles.yml | 97 ++++-- roles/fai/tasks/fai-pxe.yml | 53 ++- roles/fai/tasks/fai-root.yml | 30 -- roles/fai/tasks/isc-dhcp-server.yml | 70 ++-- roles/fai/tasks/main.yml | 95 ++++-- roles/fai/tasks/network.yml | 33 +- roles/fai/tasks/nginx.yml | 57 ++-- roles/fai/tasks/os.yml | 72 ++++ roles/fai/tasks/package_mgmt.yml | 48 +++ roles/fai/tasks/sudo.yml | 37 --- roles/fai/tasks/tftpd-hpa.yml | 4 + roles/fai/tasks/time-server.yml | 66 ++-- roles/fai/tasks/unbound.yml | 84 ++++- .../etc/apt/preferences.d/pinning.j2 | 16 + .../fai/templates/etc/default/isc-dhcp-server | 28 ++ roles/fai/templates/etc/dhcp/dhcpd.conf | 61 ++++ roles/fai/templates/etc/fai/fai.conf.j2 | 84 +++++ roles/fai/templates/etc/fai/nfsroot.conf.j2 | 61 ++++ .../sites-available/default_server.conf.j2 | 15 + roles/fai/templates/etc/ntp.conf | 23 ++ .../etc/unbound/unbound.conf.d/fai.conf | 11 + .../etc/unbound/unbound.conf.d/remote.conf | 24 ++ .../srv/fai/config/class/BASEFILE.var.j2 | 3 + .../srv/fai/config/class/HW4F_DESKTOP.var | 21 ++ .../files/etc/apt/apt.conf.d/02proxy.j2} | 0 .../fai/templates/var/www/html/index.html.j2 | 33 ++ roles/fai/vars/main.yml | 15 - 153 files changed, 1689 insertions(+), 3765 deletions(-) create mode 100644 group_vars/all.yml create mode 100644 ip_calc.yml delete mode 100644 playbook-vagrant.yml create mode 100644 roles/fai/files/bashrc rename roles/fai/files/{profiles/files/etc/dhcp/dhcpd.conf/FAISERVER => examples/etc/dhcpd.conf} (67%) create mode 100644 roles/fai/files/examples/etc/netgroup create mode 100755 roles/fai/files/examples/utils/mkdebmirror delete mode 100755 roles/fai/files/profiles/basefiles/mk-basefile delete mode 100755 roles/fai/files/profiles/class/01-classes delete mode 100755 roles/fai/files/profiles/class/10-base-classes delete mode 100755 roles/fai/files/profiles/class/20-hwdetect.sh delete mode 100755 roles/fai/files/profiles/class/40-parse-profiles.sh delete mode 100755 roles/fai/files/profiles/class/41-warning.sh delete mode 100755 roles/fai/files/profiles/class/50-host-classes delete mode 100755 roles/fai/files/profiles/class/60-misc delete mode 100755 roles/fai/files/profiles/class/85-efi-classes delete mode 100644 roles/fai/files/profiles/class/CENTOS.var delete mode 100644 roles/fai/files/profiles/class/CLOUD.var delete mode 100644 roles/fai/files/profiles/class/DEBIAN.var delete mode 100644 roles/fai/files/profiles/class/FAIBASE.var delete mode 100644 roles/fai/files/profiles/class/GERMAN.var delete mode 100644 roles/fai/files/profiles/class/INSTALL.var delete mode 100644 roles/fai/files/profiles/class/INVENTORY.var delete mode 100644 roles/fai/files/profiles/class/SYSINFO.var delete mode 100644 roles/fai/files/profiles/class/UBUNTU.var delete mode 100644 roles/fai/files/profiles/class/menu.profile delete mode 100644 roles/fai/files/profiles/debconf/CLOUD delete mode 100644 roles/fai/files/profiles/debconf/DEBIAN delete mode 100644 roles/fai/files/profiles/debconf/GERMAN delete mode 100644 roles/fai/files/profiles/debconf/HW4F_DESKTOP delete mode 100644 roles/fai/files/profiles/debconf/HW4F_DESKTOP2 delete mode 100644 roles/fai/files/profiles/debconf/UBUNTU_DESKTOP delete mode 100644 roles/fai/files/profiles/disk_config/CENTOS delete mode 100644 roles/fai/files/profiles/disk_config/CLOUD delete mode 100644 roles/fai/files/profiles/disk_config/FAIBASE delete mode 100644 roles/fai/files/profiles/disk_config/FAIBASE_EFI delete mode 100644 roles/fai/files/profiles/disk_config/FAISERVER delete mode 100644 roles/fai/files/profiles/disk_config/FAISERVER_EFI delete mode 100644 roles/fai/files/profiles/disk_config/HW4F_DESKTOP delete mode 100644 roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI delete mode 100644 roles/fai/files/profiles/disk_config/LVM delete mode 100644 roles/fai/files/profiles/disk_config/LVM_EFI delete mode 100644 roles/fai/files/profiles/disk_config/XENIAL delete mode 100644 roles/fai/files/profiles/disk_config/XENIAL_EFI delete mode 100644 roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN delete mode 100644 roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT delete mode 100644 roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP delete mode 100644 roles/fai/files/profiles/files/etc/apt/sources.list/GNOME delete mode 100644 roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN delete mode 100644 roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA delete mode 100644 roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP delete mode 100644 roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU delete mode 100644 roles/fai/files/profiles/files/etc/default/console-setup/HW4F_DESKTOP delete mode 100644 roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD delete mode 100644 roles/fai/files/profiles/files/etc/default/locale/HW4F_DESKTOP delete mode 100644 roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER delete mode 100644 roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER delete mode 100644 roles/fai/files/profiles/files/etc/motd/FAIBASE delete mode 100755 roles/fai/files/profiles/files/etc/rc.local/CLOUD delete mode 100755 roles/fai/files/profiles/files/etc/rc.local/FAISERVER delete mode 100644 roles/fai/files/profiles/files/etc/selinux/config/CENTOS delete mode 100755 roles/fai/files/profiles/hooks/debconf.CENTOS delete mode 100755 roles/fai/files/profiles/hooks/debconf.IMAGE delete mode 100755 roles/fai/files/profiles/hooks/instsoft.DEBIAN delete mode 100755 roles/fai/files/profiles/hooks/repository.CENTOS delete mode 100755 roles/fai/files/profiles/hooks/savelog.LAST.sh delete mode 100755 roles/fai/files/profiles/hooks/setup.DEFAULT.sh delete mode 100755 roles/fai/files/profiles/hooks/updatebase.CENTOS delete mode 100755 roles/fai/files/profiles/hooks/updatebase.DEBIAN delete mode 100755 roles/fai/files/profiles/hooks/updatebase.UBUNTU delete mode 100644 roles/fai/files/profiles/package_config/CENTOS delete mode 100644 roles/fai/files/profiles/package_config/CINNAMON delete mode 100644 roles/fai/files/profiles/package_config/DEBIAN delete mode 100644 roles/fai/files/profiles/package_config/DEBIAN.gpg delete mode 100644 roles/fai/files/profiles/package_config/FAISERVER delete mode 100644 roles/fai/files/profiles/package_config/GERMAN delete mode 100644 roles/fai/files/profiles/package_config/GNOME delete mode 100644 roles/fai/files/profiles/package_config/HW4F_DESKTOP delete mode 100644 roles/fai/files/profiles/package_config/MINT delete mode 100644 roles/fai/files/profiles/package_config/STANDARD delete mode 100644 roles/fai/files/profiles/package_config/UBUNTU delete mode 100644 roles/fai/files/profiles/package_config/XFCE delete mode 100644 roles/fai/files/profiles/package_config/XORG delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/10-security delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/40-install-grub delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/50-sysconfig delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/60-network-scripts delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/80-misc delete mode 100755 roles/fai/files/profiles/scripts/CENTOS/90-cleanup delete mode 100755 roles/fai/files/profiles/scripts/CLOUD/10-network delete mode 100755 roles/fai/files/profiles/scripts/CLOUD/99-cleanup delete mode 100755 roles/fai/files/profiles/scripts/DEBIAN/10-rootpw delete mode 100755 roles/fai/files/profiles/scripts/DEBIAN/20-capabilities delete mode 100755 roles/fai/files/profiles/scripts/DEBIAN/30-interface delete mode 100755 roles/fai/files/profiles/scripts/DEBIAN/40-misc delete mode 100755 roles/fai/files/profiles/scripts/FAIBASE/10-misc delete mode 100755 roles/fai/files/profiles/scripts/FAIBASE/20-removable_media delete mode 100755 roles/fai/files/profiles/scripts/FAISERVER/10-conffiles delete mode 100755 roles/fai/files/profiles/scripts/GRUB_EFI/10-setup delete mode 100755 roles/fai/files/profiles/scripts/GRUB_PC/10-setup delete mode 100755 roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy delete mode 100755 roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network delete mode 100755 roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/50-post-install delete mode 100755 roles/fai/files/profiles/scripts/LAST/50-misc delete mode 100755 roles/fai/files/profiles/scripts/SECURE_ERASE/01-run delete mode 100755 roles/fai/files/profiles/scripts/UBUNTU/10-rootpw delete mode 100755 roles/fai/files/profiles/scripts/UBUNTU/11-user delete mode 100755 roles/fai/files/profiles/scripts/UBUNTU/90-apt delete mode 100755 roles/fai/files/profiles/scripts/UBUNTU/91-misc delete mode 100755 roles/fai/files/profiles/tests/FAIBASE_TEST delete mode 100644 roles/fai/files/profiles/tests/Faitest.pm rename roles/fai/files/{profiles/files/etc/apt/apt.conf.d/00-proxy/.keep => tools/pmagic/test.file} (100%) create mode 100644 roles/fai/files/vimrc.local create mode 100644 roles/fai/tasks/clonezilla.yml create mode 100644 roles/fai/tasks/fai-nfsroot.yml delete mode 100644 roles/fai/tasks/fai-root.yml create mode 100644 roles/fai/tasks/os.yml create mode 100644 roles/fai/tasks/package_mgmt.yml delete mode 100644 roles/fai/tasks/sudo.yml create mode 100644 roles/fai/templates/etc/apt/preferences.d/pinning.j2 create mode 100644 roles/fai/templates/etc/default/isc-dhcp-server create mode 100644 roles/fai/templates/etc/dhcp/dhcpd.conf create mode 100644 roles/fai/templates/etc/fai/fai.conf.j2 create mode 100644 roles/fai/templates/etc/fai/nfsroot.conf.j2 create mode 100644 roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 create mode 100644 roles/fai/templates/etc/ntp.conf create mode 100644 roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf create mode 100644 roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf create mode 100644 roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 create mode 100644 roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var rename roles/fai/templates/{fai-profile-00-proxy.yml => srv/fai/config/files/etc/apt/apt.conf.d/02proxy.j2} (100%) create mode 100644 roles/fai/templates/var/www/html/index.html.j2 diff --git a/README.md b/README.md index 98caf79..22b12a9 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # HW4F Netboot Installer -Server die automatische Installation über das Netzwerks von Ubuntu 20.04 -im Rahmen des Projekts [https://hardwareforfuture.de](**Hardware for Future**) -des [https://dezentrale.space/](dezentrale e.V). +Server die automatische Installation über das Netzwerks von Ubuntu 22.04 +im Rahmen des Projekts [**Hardware for Future**](https://hardwareforfuture.de) +des [dezentrale e.V](https://dezentrale.space/). Für den Betrieb wird einmalig eine Internetverbindung benötigt. Der Server wird über Ansible aufgesetzt. @@ -11,7 +11,8 @@ u.a. FAI (Fully Automatic Installation). Mit dem Server wird ein Netz aufgespannt, welches für den Anschluß des zu installierenden Rechner verwendet wird. Wenn die Rechner mit dem Netzwerk verbunden sind, -können sie über einen Netzwerkboot (F-Testen beim Start des Rechners) über PXE gebootet werden. +können sie über einen Netzwerkboot +(zumeist F12-Taste für das Bootmenü beim Start des Rechners) über PXE gebootet werden. PXE lädt die erforderliche Dateien vom Server und der FAI-Installer installiert dann Ubuntu auf den Rechner. @@ -20,25 +21,50 @@ Das Passwort ist `fai`. Dieser Nutzer kann Administrationsrechte erlangen. Das Passwort muss im Anschluss geändert werden. + +## Verweise + +* [FAI Project](https://fai-project.org) +* [FAI Project - Available distributions](https://fai-project.org/download/dists/) +* [FAI Project - FAI-Guide](https://fai-project.org/fai-guide/) +* [FAI Project - Variables](https://wiki.fai-project.org/index.php/Variables) +* [github.com faiproject/fai](https://github.com/faiproject/fai) +* [github.com faiproject/fai-config](https://github.com/faiproject/fai-config) +* [iPXE](https://ipxe.org) +* [Ansible](https://www.ansible.com) + + +## Komponenten + +* DHCP: isc-dhcp-server +* TFTP: tftpd-hpa +* DNS: unbound +* ntp: ntp +* time: inetd +* HTTP: nginx +* rtime: inetd +* Apt Cache: apt-cacher-ng + + ## Voraussetzungen Server: -* Debian Buster +* Debian Bullseye * Zwei Netzwerkports oder zwei Netzwerkkarten (1x für WAN, 1x für LAN und FAI) Zu installierende Clients: -* CPU mit x86-64 Unterstützung -* 512 MB RAM empfohlen -* mehr als 20 GB Festsplatte oder SSD -* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder iPXE-CD zum Booten der Rechner +* CPU amd64 mit Unterstützung für Hardwarevirtualisierung +* 1GiB empfohlen (min. 512MB RAM) +* mehr als 20 GB SSD oder Festplatte +* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder + iPXE-CD zum Booten der Rechner ## Verwendung Zunächst Ansible für die automatische Installation und Konfiguration aller Komponeten herunterladen: - ```console apt install python3-pip pip3 install ansible @@ -46,7 +72,6 @@ pip3 install ansible Danach ein Playbook (z.B. `fai.yml`) anlegen und die grundlegende Parameter festlegen: - ```yml - hosts: localhost become: true @@ -57,9 +82,8 @@ und die grundlegende Parameter festlegen: - fai ``` -Einen Eintrag hinzufügen in +Einen Eintrag hinzufügen in `~/.ssh/config` - ``` host hw4f-fai hw4f-fai.intern.dezentrale.space user username @@ -77,9 +101,9 @@ ansible-playbook -i inventory/dezentrale.yml -K --check --diff -v fai.yml ### Virtuale Testinstanz Für eine testweise Installation kann -[https://www.vagrantup.com/](Vagrant) verwendet werden. -Es richtet anhand der *Vagrantfile* eine virtuelle Maschine ein -und provisioniert sie mittels Ansible. +[Vagrant](https://www.vagrantup.com/) verwendet werden. +Es richtet anhand des *Vagrantfile* eine virtuelle Maschine ein +und provisioniert sie anschließend automatisch mittels Ansible. Vagrant unterstützt verschiedene Provider für Virtualisierungslösungen bspw. VirtualBox oder libvirt/KVM. @@ -87,14 +111,20 @@ Zur Verwendung muss Vagrant zunächst installiert werden. Hier beispielsweise zusammen mit VirtualBox: ``` +### VIRTUALBOX apt install vagrant virtualbox +### Libvirt/KVM +apt install vagrant qemu-system-x86 ``` Danach kann die virtuelle Umgebung erstellt und automatisch eingerichtet werden: ``` -vagrant up +### INITIAL PROVISIONING +vagrant up --color +### FULL REPROVISIONING +vagrant destroy; vagrant up --color ``` Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports. @@ -112,28 +142,96 @@ Hier kann es helfen das Netzwerk über *Virt-Manager* neuzustarten oder ein weiteres isoliertes Netzwerk zu erstellen und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden. + +#### Zugriff auf die vagrant VM + +Zugriff auf die vagrant VM wird gewährt über: +``` +vagrant ssh +``` + +Mit Benutzername und Passwort: +``` +### CREDENTIALS +Username: `vagrant` +Password: `vagrant` + +### COMMAND +ssh vagrant@machine-ip +``` + +Mit PubKey Auth +``` +ssh -i .vagrant/machines/hw4f-fai-vagrant/libvirt/private_key \ + vagrant@machine-ip +``` + +#### Zugriff auf die zu installierende Maschine nehmen (Live System) + +Dies ist recht nützlich zur Analyse des Livesystems. + + +Auf dem FAI-Server wird zunächst die IP-Adresse des Clients herausgesucht. +Diese findet sich unter `/var/lib/dhcp/dhcpd.leases`. + +Dann kann per ssh Zugriff genommen werden +``` +### CREDENTIALS +Username: `root` +Password: `fai` +ssh root@192.168.33.10 +``` + +Das Installations log findet sich unter +`tail -f /tmp/fai/fai.log` + + +#### Secrets + +In der folgenden Konfigurationsdatei +wird u.A. auch das Root-Passwort +des Live-Systems festgelegt. + +Die NFS-root configuration findet sich hier +`/etc/fai/nfsroot.conf` + +Das Secret wird definiert in +`/srv/fai/config/class/FAIBASE.var` + +#### Debian Versionen + +`/srv/fai/nfsroot/etc/debian_version` +Ganz alt: 10.6 (Buster) -> kein ZST +Neuer versuch: 11.5 (Bullseye) - kein ZST +Neuester Versuch: (Bookworm) + + + ### Konfiguration Über Ansible-Variablen kann die Installation noch weiter angepasst werden. -|**Variable** |**Bedeutung** |**Standard** | -|--- |--- |---------------------------------------- | -|dhcp_interface |NIC des Installtionnetzes (muss gesetzt sein) | | -|wan_interface |NIC zum Internet |`eth0` | -|server_name |Server-Name |hw4f-fai | -|domain_name |Domain-Name des Netzes |local | -|server_ip |IP des Servers |`192.168.33.1` | -|server_netbits |Bits der Netzmaske |`24 ` | -|server_netmask |Netzmaske |`255.255.255.0` | -|apt_cacher_offline_mode |true, um nur den vorhanden Packet-Cache als Repository zu nutzen|false | -|debian_release |Debian Release, was für FAI genutzt werden soll. |buster | -|pxe_preselected_entry |Vorausgewählte iPXE-Eintag |`__exit` (von lokale Datenträger starten)| -|pxe_menu_timeout |Timeout für iPXE-Menu in Milisekunden |5000 | -|ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine | -|use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |`false` | -|fai_hw4f_profile_username |Desktop Benutzername |`user` | -|fai_hw4f_profile_password |Passwort der Benutzers |`dezentrale` | +|**Variable** |**Beschreibung** |**Standard** | +|--- |--- |---------------------------------------- | +|`dhcp_interface` |NIC des Installationnetzes (muss gesetzt sein) |`eth1` | +|`wan_interface` |NIC zum Internet |`eth0` | +|`server_name` |Server-Name |`hw4f-fai` | +|`domain_name` |Domain-Name des Netzes |`local` | +|`server_ip` |IP des Servers in CIDR-Notation |`192.168.33.9/24` | +|`gateway_ip` |IP des Default-Gateways in CIDR-Notation |`192.168.33.1/24` | +|`apt_cacher_offline_mode` |`true`, um nur den vorhanden Packet-Cache als Repository zu nutzen |`false` | +|`debian_release` |Debian Release, was für FAI genutzt werden soll. |`bullseye` | +|`pxe_preselected_entry` |Vorausgewählte iPXE-Eintag |`exit` (von lokalem Datenträger starten) | +|`pxe_menu_timeout` |Timeout für iPXE-Menu in Millisekunden |5000 | +|`ipxe_additional_entries` |Zusätzliche Einträge für iPXE-Menu |keine | +|`use_apt_cache_for_server` |Apt Cache für den Server selbst verwenden |`false` | +|`fai_hw4f_profile_username` |Desktop Benutzername |`user` | +|`fai_hw4f_profile_username` |Desktop Benutzername |`user` | +|`fai_hw4f_profile_password` |Passwort der Benutzers |`dezentrale` | + +Alle relevanten Netzwerk-Informationen werden +aus der IP-Adresse des Servers abgeleitet. Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, eine Rechner mit Ubuntu installiert werden und @@ -154,7 +252,11 @@ Danach das Playbook noch einmal ausführen, um die Konfigration zu aktualisieren: ``` -ansible-playbook fai.yml +ansible-playbook -i inventory/dezentrale.yml \ + -l hw4f-fai --diff --ask-become-pass fai.yml +### WHEN "sudo_nopasswd: true" +ansible-playbook -i inventory/dezentrale.yml \ + -l hw4f-fai --diff fai.yml ``` #### Zusätzliche Menü-Einträge im iPXE-Menü @@ -204,23 +306,3 @@ Es sind folgende Felder für jeden Boot-Eintrag möglich: Der vorausgewählt Eintrag kann über `pxe_preselected_entry` mit dem Label ausgewählt werden. Um FAI auszuwählen muss `__fai` gesetzt werden. -## Details - -*TBD* - -### Komponenten - -* DHCP: isc-dhcp-server -* TFTP: tftpd-hpa -* DNS: unbound -* ntp: ntp -* time: inetd -* HTTP: nginx -* rtime: inetd -* Apt Cache: apt-cacher-ng - -## Verweise - -* [https://fai-project.org](FAI Project) -* [https://ipxe.org](iPXE) -* [https://www.ansible.com](Ansible) diff --git a/Vagrantfile b/Vagrantfile index 1cf3432..7bb5d99 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,33 +4,41 @@ def create(config, name) config.vm.define name do |v| v.vm.hostname = name - v.vm.box = "generic/debian10" + v.vm.box = "generic/debian11" v.vm.provider "virtualbox" do |vb| vb.linked_clone = true - vb.cpus = 2 - vb.memory = 1024 + vb.cpus = 6 + vb.memory = 2048 # special thing for virtualbox vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] end v.vm.provider "libvirt" do |lv| - lv.cpus = 2 - lv.memory = 1024 + lv.cpus = 6 + lv.memory = 2048 + lv.disk_driver :cache => "unsafe" end - # add a extra NIC for the DHCP services + # ADD EXTRA NIC FOR THE DHCP SERVICES + # https://github.com/vagrant-libvirt/vagrant-libvirt#provider-options v.vm.network "private_network", auto_config: false, - ip: '192.168.33.1', + ip: '192.168.33.9', netmask: '255.255.255.0', virtualbox__intnet: true, libvirt__dhcp_enabled: false, - libvirt__forward_mode: 'none', - libvirt__guest_ipv6: false, - mode: 'isolated', + libvirt__forward_mode: 'nat', + #libvirt__guest_ipv6: true, + #mode: 'isolated', type: 'ethernet' + $provision_net = <<-EOF + ip a add 192.168.33.9/24 dev eth1 + ip l set up dev eth1 + EOF + v.vm.provision "shell", inline: $provision_net + if ENV['USE_ANSIBLE_IN_VM'] || false # start vagrant with: # @@ -44,9 +52,9 @@ def create(config, name) $provision = <<-EOF sudo apt-get install -y python3-pip pip3 install ansible - echo faiserver ansible_connection=local python_interpreter=/usr/bin/python3 > ~/inventory + #echo "faiserver ansible_connection=local python_interpreter=/usr/bin/python3" > ~/inventory/vagrant.ini cd /home/vagrant/fai - ansible-playbook -i ~/inventory playbook-vagrant.yml + ansible-playbook -i ~/inventory/dezentrale.yml playbook-vagrant.yml EOF # and ran the provision with ansible @@ -55,13 +63,18 @@ def create(config, name) else # provision with ansible and use VM as target host v.vm.provision "ansible" do |ans| - ans.playbook = "playbook-vagrant.yml" + ans.inventory_path = "inventory/dezentrale.yml" + ans.limit = name + #ans.ask_become_pass = true + ans.verbose = "v" + ans.playbook = "fai.yml" + #ans.tags = [ "debug_hostvars", "packages" ] end end end end Vagrant.configure("2") do |config| - create(config, "faiserver") + create(config, "hw4f-fai-vagrant") end diff --git a/fai.yml b/fai.yml index b8fe66a..dc0a35c 100644 --- a/fai.yml +++ b/fai.yml @@ -1,38 +1,6 @@ -- hosts: hw4f-fai - vars: - # Additional entries in iPXE menu - ipxe_additional_entries: - "pmagic": - name: "Partition Magic" - key: p - files: "tools/pmagic" - kernel: "bzImage64" - initrd: - - initrd.img - - fu.img - - m64.img - - files.cgz - imgargs: edd=on vga=normal - "clonezilla2.6.6.15r": - name: "Windows Clonzilla 2.6.6.15 Restore" - key: r - kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" - initrd: - - "images/bios/clonezilla2.6.6-15/initrd.img" - imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"' - "clonezilla2.6.6.15b": - key: b - name: "Windows Clonzilla 2.6.6.15 Backup" - kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" - initrd: - - "images/bios/clonezilla2.6.6-15/initrd.img" - ##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5 - imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs' - "dban": - name: "Dariks boot and nuke (DBAN)" - key: d - kernel: "dban.bzi" - imgargs: "silent vga=785" - +- hosts: all + collections: + - ansible.utils + - ansible.netcommon roles: - fai diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..57a2033 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,121 @@ +--- +### FAI +debian_release_fai: "bookworm" +debian_release_nfsroot: "bookworm" + +### REPOS IN THE FAI-SERVER +repos: + - repo: "deb http://fai-project.org/download bullseye koeln" + filename: "fai" + preferences: + - package: '*' + origin: "fai-project.org" + release_name: "{{ debian_release_fai }}" + pin_priority: 500 + - repo: "deb http://deb.debian.org/debian {{ debian_release_fai }} main contrib non-free" + filename: "{{ debian_release_fai }}" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "{{ debian_release_fai }}" + pin_priority: 500 + - repo: "deb http://deb.debian.org/debian {{ debian_release_fai }}-updates main contrib non-free" + filename: "{{ debian_release_fai }}" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "{{ debian_release_fai }}-updates" + pin_priority: 500 + - repo: "deb http://security.debian.org/debian-security {{ debian_release_fai }}-security main contrib non-free" + filename: "{{ debian_release_fai }}" + - repo: "deb http://deb.debian.org/debian {{ debian_release_fai }}-backports main contrib non-free" + filename: "{{ debian_release_fai }}" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "{{ debian_release_fai }}-backports" + pin_priority: 490 + - repo: "deb http://deb.debian.org/debian testing main contrib non-free" + filename: "testing" + preferences: + - package: '*' + origin: "deb.debian.org" + suite: "testing" + pin_priority: 400 + - repo: "deb http://deb.debian.org/debian testing-updates main contrib non-free" + filename: "testing" + preferences: + - package: '*' + origin: "deb.debian.org" + suite: "testing-updates" + pin_priority: 400 + - repo: "deb http://deb.debian.org/debian sid main contrib non-free" + filename: "sid" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "sid" + pin_priority: 120 + - repo: "deb http://deb.debian.org/debian experimental main contrib non-free" + filename: "experimental" + preferences: + - package: '*' + origin: "deb.debian.org" + suite: "experimental" + pin_priority: 110 + - package: '/^fai-.*/' + origin: "deb.debian.org" + suite: "experimental" + pin_priority: 500 + +# Additional entries in iPXE menu +ipxe_additional_entries: + "clonezilla2.6.6.15r": + name: "Windows Clonzilla 2.6.6.15 Restore" + key: r + kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" + initrd: + - "images/bios/clonezilla2.6.6-15/initrd.img" + imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"' + "clonezilla2.6.6.15b": + key: b + name: "Windows Clonzilla 2.6.6.15 Backup" + kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" + initrd: + - "images/bios/clonezilla2.6.6-15/initrd.img" + ##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5 + imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs' +# "pmagic": +# name: "Partition Magic" +# key: p +# files: "tools/pmagic" +# kernel: "bzImage64" +# initrd: +# - initrd.img +# - fu.img +# - m64.img +# - files.cgz +# imgargs: edd=on vga=normal +# "dban": +# name: "Dariks boot and nuke (DBAN)" +# key: d +# kernel: "dban.bzi" +# imgargs: "silent vga=785" +# "memtest": +# name: "Memtest86+" +# key: m +# files: "tools/memtest" +# kernel: "memtest86+-5.31b.bin" +# other: +# name: Menu Entry +# files: path/to/files/to/copy +# kernel: a-kernel-image +# args: some arguments +# initrd: +# - initrd0.img +# - initrd1.img +# - ... +# multiboot: +# - module0.img +# - module1.img +# - ... diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml index c061667..4e9cd5a 100644 --- a/inventory/dezentrale.yml +++ b/inventory/dezentrale.yml @@ -1,19 +1,29 @@ all: - hosts: - hw4f-fai: - ansible_nopasswd: True + vars: + ansible_nopasswd: true use_apt_cache_for_server: true # interface for a internet connection - wan_interface: ens18 + wan_interface: "{{ ansible_default_ipv4.interface }}" + # ip of the server of the installer network + server_ip: "192.168.33.8/24" + routers: + - "192.168.33.1" + #nameservers: + fai_config_git: "https://git.dezentrale.cloud/HW4F/fai-config.git" + + hosts: + hw4f-fai: # interface to the clients to install dhcp_interface: ens19 # customized server name server_name: "hw4f-fai" # ip of the server of the installer network - server_ip: 192.168.33.9 - timeservers: - - 192.168.33.1 - routers: - - 192.168.33.1 - #nameservers: - pxe_preselected_entry: "fai" + hw4f-fai-vagrant: + ansible_host: "192.168.33.9" + #ansible_connection: "local" + #python_interpreter: "/usr/bin/python3" + # interface to the clients to install + dhcp_interface: eth1 + # customized server name + server_name: "hw4f-fai-vagrant" + #localhost: diff --git a/ip_calc.yml b/ip_calc.yml new file mode 100644 index 0000000..929ad1f --- /dev/null +++ b/ip_calc.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + tasks: + - name: "Debug ipddr() filter" + vars: + server_ip: "192.168.33.9/24" + ansible.builtin.debug: + msg: | + network/prefix: "{{ server_ip | ipaddr('network/prefix') }}" + network: "{{ server_ip | ipaddr('network') }}" + address: "{{ server_ip | ipaddr('address') }}" + prefix: "{{ server_ip | ipaddr('prefix') }}" + netmask: "{{ server_ip | ipaddr('netmask') }}" + broadcast: "{{ server_ip | ipaddr('broadcast') }}" + delegate_to: localhost diff --git a/playbook-vagrant.yml b/playbook-vagrant.yml deleted file mode 100644 index ebcdab3..0000000 --- a/playbook-vagrant.yml +++ /dev/null @@ -1,35 +0,0 @@ -- hosts: faiserver - become: true - vars: - # interface to the clients to install - dhcp_interface: eth1 - # interface for a internet connection - wan_interface: "{{ ansible_default_ipv4.interface }}" - # customized server name - server_name: faiserver - # ip of the server of the installer network - server_ip: 192.168.33.1 - - pxe_preselected_entry: __fai - - ipxe_additional_entries: - memtest: - name: Memtest86+ - files: tools/memtest - kernel: memtest86+-5.31b.bin - # other: - # name: Menu Entry - # files: path/to/files/to/copy - # kernel: a-kernel-image - # args: some arguments - # initrd: - # - initrd0.img - # - initrd1.img - # - ... - # multiboot: - # - module0.img - # - module1.img - # - ... - - roles: - - fai diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 47afb54..4d1853c 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -1,29 +1,101 @@ --- -# defaults file for fai +### FAI defaults +debian_release_fai: "bullseye" +debian_release_nfsroot: "bullseye" +ubuntu_mirror_url: "http://archive.ubuntu.com" -dhcp_interface: eth1 +dhcp_interface: "eth1" wan_interface: "{{ (ansible_default_ipv4 |d(ansible_default_ipv6)).interface }}" -server_name: faiserver -domain_name: local -server_ip: 192.168.33.1 -server_netbits: 24 -server_netmask: 255.255.255.0 +server_name: "faiserver" +domain_name: "local" +server_ip: "192.168.33.9/24" +server_network_prefix: "{{ server_ip | ipaddr('network/prefix') }}" +server_network: "{{ server_ip | ipaddr('network') }}" +server_address: "{{ server_ip | ipaddr('address') }}" +server_prefix: "{{ server_ip | ipaddr('prefix') }}" +server_netmask: "{{ server_ip | ipaddr('netmask') }}" +server_broadcast: "{{ server_ip | ipaddr('broadcast') }}" +timeservers: + - "{{ server_address }}" +ntpservers: + - "{{ server_address }}" apt_cacher_offline_mode: false -debian_release: buster use_apt_cache_for_server: false -fai_configdir: "/srv/fai/config" -fai_profiles_archive: "config.tar" +fai_etc_dir: "/etc/fai" +fai_dir: "/srv/fai" +fai_dir_config: "{{ fai_dir }}/config" +fai_dir_nfsroot: "{{ fai_dir }}/nfsroot" +fai_dir_nfsroot_boot: "{{ fai_dir_nfsroot }}/boot" +fai_config_archive: "config.tar" fai_squashfs_file: "squash.img" +fai_squashfs_path: "{{ fai_dir_download + '/' + fai_squashfs_file }}" +#fai_loguser: "fai" +fai_menu_default: 'HW4F Desktop Jammy' -fai_hw4f_profile_username: user -fai_hw4f_profile_password: dezentrale +fai_hw4f_rootpw_fai: "fai" +fai_hw4f_profile_username: "user" +fai_hw4f_profile_password: "dezentrale" +fai_hw4f_rootpw: "{{ fai_hw4f_profile_password }}" tftp_dir: "/srv/tftp/fai" + +nginx_root: "/var/www/html" +nginx_dir_config: "/etc/nginx" +nginx_site_available: "{{ nginx_dir_config + '/sites-available/' + ansible_hostname + '.conf' }}" +nginx_site_enabled: "{{ nginx_dir_config + '/sites-enabled/' + ansible_hostname + '.conf' }}" +nginx_site_default: "{{ nginx_dir_config + '/sites-enabled/' + 'default' }}" +fai_dir_download: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}" +fai_dir_basefile: "{{ fai_dir_download + '/' + http_mirror_basefile_path_prefix }}" + +http_mirror: "http://{{ server_name }}" http_mirror_ipxe_path_prefix: "ipxe" http_mirror_fai_path_prefix: "fai" +http_mirror_basefile_path_prefix: "basefile" +http_mirror_ipxe_root_url: "{{ http_mirror + '/' + http_mirror_ipxe_path_prefix }}" +http_mirror_fai_root_url: "{{ http_mirror + '/' + http_mirror_fai_path_prefix }}" +http_mirror_fai_profiles_url: "{{ http_mirror_fai_root_url + '/' + fai_config_archive }}" +http_mirror_fai_squashfs_url: "{{ http_mirror_fai_root_url + '/' + fai_squashfs_file }}" +http_mirror_fai_basefile_url: "{{ http_mirror_fai_root_url + '/' + http_mirror_basefile_path_prefix }}" -ipxe_additional_entries: +ipxe_additional_entries: [] +ipxe_dir_binaries: "/usr/lib/ipxe" +ipxe_dir_download: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}" -pxe_preselected_entry: __exit +pxe_preselected_entry: "fai" +#pxe_preselected_entry: "exit" pxe_menu_timeout: 5000 + +### CLONEZILLA +clonezilla_dir: "{{ nginx_root }}/clonezilla" +clonezilla_dir_download: "{{ clonezilla_dir + '/download' }}" +clonezilla_base_download_url_osdn: "https://osdn.net/dl" +clonezilla_base_download_url_sf: "https://downloads.sourceforge.net" +clonezilla_base_download_url: "{{ clonezilla_base_download_url_osdn }}" +clonezilla_version: "2.8.1-12" +### amd64/i686-pae/i686 +clonezilla_arch: "amd64" +### zip/iso +clonezilla_type: "zip" +clonezilla_archive: "{{ + '/clonezilla-live-' + + clonezilla_version + '-' + + clonezilla_arch + '.' + + clonezilla_type + }}" +clonezilla_download_url: "{{ + clonezilla_base_download_url + + '/clonezilla' + + clonezilla_archive + }}" + +package_set: + core: + debian: + standard: [ + apt-file, apt-transport-https, aptitude, bash-completion, ca-certificates, curl, + dmidecode, dosfstools, git, htop, haveged, iftop, info, iotop, jq, libcrack2, + locales, lsb-release, lsof, man-db, mc, mlocate, openssl, parted, pigz, psmisc, + pv, pwgen, python3-apt, rsync, screen, sqlite3, ssl-cert, strace, sudo, + sysstat, tcpdump, tmux, unattended-upgrades, vim, wget, zsh ] + extra: [ btrfs-progs ] diff --git a/roles/fai/files/bashrc b/roles/fai/files/bashrc new file mode 100644 index 0000000..275619f --- /dev/null +++ b/roles/fai/files/bashrc @@ -0,0 +1,72 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. + +# Note: PS1 and umask are already set in /etc/profile. You should not +# need this unless you want different defaults for root. +# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ ' +# umask 022 + +# You may uncomment the following lines if you want `ls' to be colorized: +export LS_OPTIONS='--color=auto' +eval "`dircolors`" +alias ls='ls $LS_OPTIONS' +alias ll='ls $LS_OPTIONS -l' +alias l='ls $LS_OPTIONS -lA' + +# Some more alias to avoid making mistakes: +# alias rm='rm -i' +# alias cp='cp -i' +# alias mv='mv -i' +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; +esac + +# comment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + alias dir='dir --color=auto' + alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +alias ..='cd ..' diff --git a/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER b/roles/fai/files/examples/etc/dhcpd.conf similarity index 67% rename from roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER rename to roles/fai/files/examples/etc/dhcpd.conf index b0343cc..b6f6f7f 100644 --- a/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER +++ b/roles/fai/files/examples/etc/dhcpd.conf @@ -1,18 +1,17 @@ # dhcpd.conf for a fai installation server # replace faiserver with the name of your install server -ignore-client-uids on; deny unknown-clients; option dhcp-max-message-size 2048; use-host-decl-names on; #always-reply-rfc1048 on; subnet 192.168.33.0 netmask 255.255.255.0 { - option routers 192.168.33.1; - option domain-name "fai.example"; + option routers 192.168.33.250; + option domain-name "fai"; option domain-name-servers 192.168.33.250; option time-servers faiserver; -# option ntp-servers faiserver; + option ntp-servers faiserver; server-name faiserver; next-server faiserver; if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" { @@ -21,12 +20,10 @@ subnet 192.168.33.0 netmask 255.255.255.0 { if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007" { filename "fai/syslinux.efi"; } - allow unknown-clients; - pool { - range 192.168.33.100 192.168.33.150; - } } # generate a lot of entries with: -# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet XXX:$_;fixed-address client%02s;}\n",$_,$_;}' -# then replace XXX with the hardware addresses of your clients +# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet 52:54:00:11:23:%02X;fixed-address client%02s;}\n",$_,$_,$_;}' +# then replace 52:54:00:11:23:XX with the hardware addresses of your clients +# 52:54:00:11:23 is a prefix used by fai-kvm +host demohost {hardware ethernet 0:2:a3:b5:c5:41;fixed-address demohost;} diff --git a/roles/fai/files/examples/etc/netgroup b/roles/fai/files/examples/etc/netgroup new file mode 100644 index 0000000..5a0d03c --- /dev/null +++ b/roles/fai/files/examples/etc/netgroup @@ -0,0 +1,43 @@ +# permission for a list of hosts + +# the beowulf cluster +nucleus (nucleus,,) +atom00 (atom00,,) +atom01 (atom01,,) +atom02 (atom02,,) +atom03 (atom03,,) +atom04 (atom04,,) +atom05 (atom05,,) +atom06 (atom06,,) +atom07 (atom07,,) +atom08 (atom08,,) +atom09 (atom09,,) +atom10 (atom10,,) +atom11 (atom11,,) +atom12 (atom12,,) +atom13 (atom13,,) +atom14 (atom14,,) +atom15 (atom15,,) +atom16 (atom16,,) +atom17 (atom17,,) +atom18 (atom18,,) +atom19 (atom19,,) +atom20 (atom20,,) +atom21 (atom21,,) +atom22 (atom22,,) +atom23 (atom23,,) +atom24 (atom24,,) +atom25 (atom25,,) + +atoms atom01 atom02 atom03 atom04 atom05 atom06 atom07 atom08 atom09 atom10 atom11 atom12 atom13 atom14 atom15 atom16 atom17 atom18 atom19 atom20 atom21 atom22 atom23 atom24 atom25 + +# used for script all_hosts +allhosts atom00 atoms + +beowulf atoms atom00 nucleus +homeclients beowulf + +faiclients workstations beowulf + +# this definition grants permission for every host +# faiclients (,,) diff --git a/roles/fai/files/examples/utils/mkdebmirror b/roles/fai/files/examples/utils/mkdebmirror new file mode 100755 index 0000000..ab15bec --- /dev/null +++ b/roles/fai/files/examples/utils/mkdebmirror @@ -0,0 +1,41 @@ +#! /bin/sh + +# Thomas Lange, lange@informatik.uni-koeln.de, (c) 2001-2018 + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - +update_from() { + + # update local mirror from a host + host=$1 + shift + defopt="--keyring /usr/share/keyrings/debian-archive-keyring.gpg --method=http --rsync-extra=none --diff=none $allopt --host=$host --dist=$dist $sect" + + echo "------------------ create mirror for debian ------------------" + debmirror $excl $destdir/debian $defopt $* +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# main program +# +# here you have to adjust the hostnames of the mirror and the names of the distributions + +# excluding dbg_ packages saves a lot of disk space. About 33G for squeeze,wheezy in amd64,i386 +excl="--exclude=-dbg_ --exclude=debian-installer-netboot-images --include=libc6-dbg" + +debug="$@" +arch=amd64 +dist=bullseye,bullseye-backports + +destdir=/files/scratch/debmirror +sect="--section main,contrib,non-free" +allopt="$debug --state-cache-days=100 --ignore-missing-release --ignore-release-gpg --passive --nosource --arch=$arch" + +# first sync from a mirror near to you +#update_from ftp.uni-koeln.de $* +# If this mirror isn't always up to date, sync again from an official mirror + +# sync from an official mirror +update_from deb.debian.org --getcontents $* + +# even one should not mirror the security site, but I will do it. +echo "------------------ create mirror for debian-security ------------------" +debmirror --keyring /usr/share/keyrings/debian-archive-keyring.gpg --method=http $excl $destdir/debian-security $allopt --host=deb.debian.org -r debian-security $sect -d bullseye-security $* diff --git a/roles/fai/files/profiles/basefiles/mk-basefile b/roles/fai/files/profiles/basefiles/mk-basefile deleted file mode 100755 index f091aff..0000000 --- a/roles/fai/files/profiles/basefiles/mk-basefile +++ /dev/null @@ -1,309 +0,0 @@ -#! /bin/bash - -# mk-basefile, create basefiles for some distributions -# -# Thomas Lange, Uni Koeln, 2011-2020 -# based on the Makefile implementation of Michael Goetze -# -# Usage example: mk-basefile -J STRETCH64 -# This will create a STRETCH64.tar.xz basefile. - -# Supported distributions (each i386/amd64): -# Debian GNU/Linux -# Ubuntu 14.04/16.04 -# CentOS 5/6/7/8 -# Scientific Linux Cern 5/6 -# -# Packages you might want to install to use this command: -# debootstrap, rinse, xz-utils - - -# Define your local mirros here -# For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf -MIRROR_DEBIAN=http://deb.debian.org/debian/ -MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/ -MIRROR_CENTOS=http://mirror.netcologne.de/ - -EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info -EXCLUDE_WHEEZY=info -EXCLUDE_JESSIE=info -EXCLUDE_STRETCH=info -EXCLUDE_BUSTER= -EXCLUDE_BULLSEYE= -EXCLUDE_SID= - -EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info -EXCLUDE_XENIAL=udhcpc,dibbler-client,info -EXCLUDE_BIONIC=udhcpc,dibbler-client,info -EXCLUDE_FOCAL=udhcpc,dibbler-client,info - -# here you can add packages, that are needed very early -INCLUDE_DEBIAN= - - -setarch() { - - l32= - if [ X$1 = Xi386 ]; then - l32=linux32 - fi -} - -check() { - - if [ `id -u` != 0 ]; then - echo "You must be root to create chroots." - exit 1 - fi - mknod $xtmp/test-dev-null c 1 3 - if [ $? -eq 1 ]; then - echo "Cannot create device files on $xtmp, aborting." - echo "Perhaps this directory is mounted with option nodev." - rm -rf $xtmp - exit 1 - fi - echo test > $xtmp/test-dev-null - if [ $? -eq 1 ]; then - echo "Cannot create device files on $xtmp, aborting." - echo "Perhaps this directory is mounted with option nodev." - rm -rf $xtmp - exit 1 - fi - rm -f $xtmp/test-dev-null -} - - -mkpost-centos() { - - # set local mirror for rinse post script - [ -z "$MIRROR_CENTOS" ] && return - cat < $xtmp/post -#! /bin/sh -mkdir -p $xtmp/etc/yum.repos.d/orig -cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig -perl -pi -e 's,mirrorlist=,#mirrorlist=,; s,#baseurl=http://mirror.centos.org,baseurl=$MIRROR_CENTOS,;' $xtmp/etc/yum.repos.d/CentOS-Base.repo -EOM - chmod 555 $xtmp/post -} - - -mkpost-slc() { - - # set local mirror for rinse post script - ver=$1 - [ -z "$MIRROR_SLC" ] && return - cat < $xtmp/post -#! /bin/sh -mkdir -p $xtmp/etc/yum.repos.d/orig -cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig -perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-os.repo -perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-updates.repo - -EOM - chmod 555 $xtmp/post -} - - -cleanup-deb() { - - chroot $xtmp apt-get clean - rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \ - $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \ - $xtmp/etc/udev/rules.d/70-persistent-net.rules - > $xtmp/etc/machine-id -} - - -cleanup-rinse() { - - # check if chroot works - echo "Installed packages in chroot:" - chroot $xtmp rpm -qa|sort - echo -n "CHROOT rpm -qa: " - chroot $xtmp rpm -qa|wc -l - - rm -f $xtmp/etc/resolv.conf $xtmp/post - if [ -d $xtmp/etc/yum.repos.d/orig ]; then - mv $xtmp/etc/yum.repos.d/orig/* $xtmp/etc/yum.repos.d/ - rm -rf $xtmp/etc/yum.repos.d/orig - fi -} - - -tarit() { - - tar $attributes --numeric-owner --one-file-system -C $xtmp -cf - . | $zip > $target.$ext -} - - -centos() { - - local arch=$1 - local vers=$2 - local domain=$(domainname) - - check - setarch $arch - mkpost-centos - $l32 rinse --directory $xtmp --distribution centos-$vers --arch $arch --before-post-install $xtmp/post - domainname $domain # workaround for #613377 - cleanup-rinse - tarit -} - - -slc() { - - local arch=$1 - local vers=$2 - - check - setarch $arch - mkpost-slc $vers - $l32 rinse --directory $xtmp --distribution slc-$vers --arch $arch --before-post-install $xtmp/post - cleanup-rinse - tarit -} - - -debgeneric() { - - local DIST=$1 - shift - local mirror=$1 - shift - local arch=$1 - - dist=${DIST%%[0-9][0-9]} - local exc="EXCLUDE_$dist" - [ -n "${!exc}" ] && exc="--exclude=${!exc}" || unset exc - dist=${dist,,} - - check - if [ -n "$INCLUDE_DEBIAN" ]; then - local inc="--include=$INCLUDE_DEBIAN" - fi - - if [ -n "$arch" ]; then - qemu-debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror - target="${target}_${arch^^}" - else - if [[ $DIST =~ 64 ]]; then - arch=amd64 - else - arch=i386 - fi - debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror - fi - cleanup-deb - tarit -} - -prtdists() { - - echo "Available: - - CENTOS5_32 CENTOS5_64 - CENTOS6_32 CENTOS6_64 - CENTOS7_32 CENTOS7_64 - CENTOS8_64 - SLC5_32 SLC5_64 - SLC6_32 SLC6_64 - SLC7_64 - TRUSTY32 TRUSTY64 - XENIAL32 XENIAL64 - BIONIC64 - FOCAL64 - SQUEEZE32 SQUEEZE64 - WHEEZY32 WHEEZY64 - JESSIE32 JESSIE64 - STRETCH32 STRETCH64 - BUSTER32 BUSTER64 - BULLSEYE32 BULLSEYE64 - SID32 SID64 -" -} - -usage() { - - cat <&/dev/null && dpkg --print-architecture | tr a-z A-Z - -# determin if we are a DHCP client or not -# count the : chars in the argument of ip= -n="${ip//[^:]}" -if [[ $ip =~ ^(on|any|dhcp)$ ]]; then - echo DHCPC -elif [ ${#n} -lt 6 ]; then - echo DHCPC -fi - -exit 0 diff --git a/roles/fai/files/profiles/class/20-hwdetect.sh b/roles/fai/files/profiles/class/20-hwdetect.sh deleted file mode 100755 index 8ba48d4..0000000 --- a/roles/fai/files/profiles/class/20-hwdetect.sh +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de - -# NOTE: Files named *.sh will be evaluated, but their output ignored. - -[ $do_init_tasks -eq 1 ] || return 0 # Do only execute when doing install - -echo 0 > /proc/sys/kernel/printk - -#kernelmodules= -# here, you can load modules depending on the kernel version -case $(uname -r) in - 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; - [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; -esac - -for mod in $kernelmodules; do - [ X$verbose = X1 ] && echo Loading kernel module $mod - modprobe -a $mod 1>/dev/null 2>&1 -done - -ip ad show up | egrep -iv 'loopback|127.0.0.1|::1/128|_lft' - -echo $printk > /proc/sys/kernel/printk - -odisklist=$disklist -set_disk_info # recalculate list of available disks -if [ "$disklist" != "$odisklist" ]; then - echo New disklist: $disklist - echo disklist=\"$disklist\" >> $LOGDIR/additional.var -fi - -save_dmesg # save new boot messages (from loading modules) - diff --git a/roles/fai/files/profiles/class/40-parse-profiles.sh b/roles/fai/files/profiles/class/40-parse-profiles.sh deleted file mode 100755 index c80cf7a..0000000 --- a/roles/fai/files/profiles/class/40-parse-profiles.sh +++ /dev/null @@ -1,165 +0,0 @@ -#! /bin/bash - -# parse *.profile and build a curses menu, so the user can select a profile -# -# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de -# Universitaet zu Koeln - -if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then - : -else - return 0 -fi - -[ "$flag_menu" ] || return 0 - -out=$(tty) -tempfile=`(tempfile) 2>/dev/null` -tempfile2=`(tempfile) 2>/dev/null` -trap "rm -f $tempfile $tempfile2" EXIT INT QUIT - -# declare the data structure, use associative arrays -declare -A arshort -declare -A ardesc -declare -A arlong -declare -A arclasses -declare -a list - - -parse_profile() { - - # read a profile and add all info to the data structure - - local short - local long - local desc - local name - local classes - local lflag=0 - - # disable word splitting when reading a line, this helps reading a keyword without a value - local OIF=$IFS - IFS= - - while read -r line || [[ -n $line ]]; do - - if [[ $line =~ "Name: " ]]; then - if [ -n "$long" ]; then - arlong[$name]="$long" - fi - short= - desc= - long= - classes= - lflag=0 - name=${line##Name: } - [ $debug ] && echo "XX NAME $name found" - list+=("$name") # add new item to list - continue - fi - - if [[ $line =~ "Description: " ]]; then - lflag=0 - desc=${line##Description: } - [ $debug ] && echo "XX $desc found" - ardesc[$name]="$desc" - continue - fi - - if [[ $line =~ "Short: " ]]; then - lflag=0 - short=${line##Short: } - [ $debug ] && echo "XX $short found" - arshort[$name]="$short" - continue - fi - - if [[ $line =~ "Classes: " ]]; then - lflag=0 - classes=${line##Classes: } - [ $debug ] && echo "XX classes found" - arclasses[$name]="$classes" - continue - fi - - if [[ $line =~ "Long: " ]]; then - lflag=1 - long=${line##Long: } - [ $debug ] && echo "XX long found" - - # else it's another long line - elif [ $lflag -eq 1 ]; then - long+="\n$line" - fi - - if [[ $line =~ "Default: " ]]; then - lflag=0 - default=${line##Default: } - continue - fi - - done < $1 - - if [ -n "$long" ]; then - arlong[$name]="$long" - fi - IFS=$OIF -} - -prtresult() { - - # set newclasses which is used by fai-class(1) - local res=$(<$tempfile) - echo "$BASH_SOURCE defined new classes: ${arclasses[$res]}" - newclasses="${arclasses[$res]}" -} - - -# read all files with name matching *.profile -_parsed=0 -shopt -s nullglob -for _f in *.profile; do - parse_profile $_f - _parsed=1 -done -unset _f - -# do nothing if no profile was read -if [ $_parsed -eq 0 ]; then - unset _parsed - return 0 -fi - -# create the argument list containing the menu entries -# and the help text file -for i in "${list[@]}"; do - par+=("$i") - par+=("${ardesc[${i}]}") - par+=("${arshort[${i}]}") - echo "Name: ${i}" >> $tempfile2 - echo -e ${arlong[${i}]} >> $tempfile2 - echo -e "Classes: " ${arclasses[${i}]} "\n" >> $tempfile2 -done -unset i - -while true; do - - dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \ - --default-item "$default" \ - --menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\ - 15 70 0 "${par[@]}" 2> $tempfile 1> $out - - _retval=$? - case $_retval in - 0) - prtresult - break ;; - 1) - echo "No profile selected." - break ;; - 2) - dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;; - esac - -done -unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line diff --git a/roles/fai/files/profiles/class/41-warning.sh b/roles/fai/files/profiles/class/41-warning.sh deleted file mode 100755 index e9f9ec5..0000000 --- a/roles/fai/files/profiles/class/41-warning.sh +++ /dev/null @@ -1,28 +0,0 @@ -#! /bin/bash - -if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = X ]; then - : -else - return 0 -fi -if [ X$action = Xdirinstall ]; then - return 0 -fi - -grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 -[ "$flag_menu" ] || return 0 - -out=$(tty) -red=$(mktemp) -echo 'screen_color = (CYAN,RED,ON)' > $red - -DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \ - --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out - -# stop on any error, or if ESC was hit -if [ $? -ne 0 ]; then - task_error 999 -fi - -rm $red -unset red diff --git a/roles/fai/files/profiles/class/50-host-classes b/roles/fai/files/profiles/class/50-host-classes deleted file mode 100755 index afa7a95..0000000 --- a/roles/fai/files/profiles/class/50-host-classes +++ /dev/null @@ -1,32 +0,0 @@ -#! /bin/bash - -# assign classes to hosts based on their hostname - -# do not use this if a menu will be presented -[ "$flag_menu" ] && exit 0 - -# use a list of classes for our demo machine -case $HOSTNAME in - faiserver) - echo "FAIBASE DEBIAN DEMO FAISERVER" ;; - demohost|client*) - echo "FAIBASE DEBIAN DEMO" ;; - xfcehost) - echo "FAIBASE DEBIAN DEMO XORG XFCE LVM";; - gnomehost) - echo "FAIBASE DEBIAN DEMO XORG GNOME";; - ubuntuhost) - echo "FAIBASE DEBIAN DEMO UBUNTU FOCAL FOCAL64 XORG";; - centos) - echo "FAIBASE CENTOS" # you may want to add class XORG here - ifclass AMD64 && echo CENTOS8_64 - ;; - slchost) - # Scientific Linux Cern, is very similar to CentOS. SLC should alsways use the class CENTOS - echo "FAIBASE CENTOS SLC" # you may want to add class XORG here - ifclass I386 && echo SLC7_32 - ifclass AMD64 && echo SLC7_64 - ;; - *) - echo "UBUNTU MINT DESKTOP" ;; -esac diff --git a/roles/fai/files/profiles/class/60-misc b/roles/fai/files/profiles/class/60-misc deleted file mode 100755 index 1c3b4fd..0000000 --- a/roles/fai/files/profiles/class/60-misc +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash - -ifclass -o CENTOS SLC && exit 0 - -ifclass -o GRUB_PC GRUB_EFI && exit 0 - -if [ -d /sys/firmware/efi ]; then - echo GRUB_EFI -elif ifclass -o I386 AMD64 ; then - echo GRUB_PC -fi diff --git a/roles/fai/files/profiles/class/85-efi-classes b/roles/fai/files/profiles/class/85-efi-classes deleted file mode 100755 index 4aa554c..0000000 --- a/roles/fai/files/profiles/class/85-efi-classes +++ /dev/null @@ -1,21 +0,0 @@ -#! /bin/bash - -# define classes for disk_config in an EFI enironment - -if [ ! -d /sys/firmware/efi ]; then - exit 0 -fi - -if ifclass FAIBASE; then - echo FAIBASE_EFI -elif ifclass FAISERVER; then - echo FAISERVER_EFI -elif ifclass LVM; then - echo LVM_EFI -elif ifclass XENIAL; then - echo XENIAL_EFI -elif ifclass UBUNTU; then - echo UBUNTU_EFI -elif ifclass HW4F_DESKTOP; then - echo HW4F_DESKTOP_EFI -fi diff --git a/roles/fai/files/profiles/class/CENTOS.var b/roles/fai/files/profiles/class/CENTOS.var deleted file mode 100644 index 1ec7250..0000000 --- a/roles/fai/files/profiles/class/CENTOS.var +++ /dev/null @@ -1,9 +0,0 @@ -CONSOLEFONT=lat9v-16 -KEYMAP=us -DEFAULTLOCALE=en_US.UTF-8 -SUPPORTEDLOCALE=en_US.UTF-8:en_US:en - -# if you install much software and have only few RAM, use the RAM disk -# not for var/cache/yum -#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum" -FAI_RAMDISKS="$target/var/lib/rpm" diff --git a/roles/fai/files/profiles/class/CLOUD.var b/roles/fai/files/profiles/class/CLOUD.var deleted file mode 100644 index f4cb485..0000000 --- a/roles/fai/files/profiles/class/CLOUD.var +++ /dev/null @@ -1 +0,0 @@ -NIC1=eth0 diff --git a/roles/fai/files/profiles/class/DEBIAN.var b/roles/fai/files/profiles/class/DEBIAN.var deleted file mode 100644 index 144d32f..0000000 --- a/roles/fai/files/profiles/class/DEBIAN.var +++ /dev/null @@ -1,19 +0,0 @@ -release=buster -apt_cdn=http://deb.debian.org -security_cdn=http://security.debian.org - -CONSOLEFONT= -KEYMAP=de-latin1 - -# MODULESLIST contains modules that will be loaded by the new system, -# not during installation these modules will be written to /etc/modules -# If you need a module during installation, add it to $kernelmodules -# in 20-hwdetect.sh. -MODULESLIST="usbhid psmouse" - -# if you have enough RAM (>2GB) you may want to enable this line. It -# also puts /var/cache into a ramdisk. -#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache" - -# if you want to use the faiserver as APT proxy -APTPROXY=http://faiserver:3142 diff --git a/roles/fai/files/profiles/class/FAIBASE.var b/roles/fai/files/profiles/class/FAIBASE.var deleted file mode 100644 index a02d8bc..0000000 --- a/roles/fai/files/profiles/class/FAIBASE.var +++ /dev/null @@ -1,22 +0,0 @@ -# default values for installation. You can override them in your *.var files - -# allow installation of packages from unsigned repositories -FAI_ALLOW_UNSIGNED=0 - -# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not. -UTC=yes -TIMEZONE=Europe/Berlin - -# the hash of the root password for the new installed linux system -# pw is "fai" -ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' - -# errors in tasks greater than this value will cause the installation to stop -STOP_ON_ERROR=700 - -# set parameter for install_packages(8) -MAXPACKAGES=800 - -# a user account will be created -username=demo -USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' diff --git a/roles/fai/files/profiles/class/GERMAN.var b/roles/fai/files/profiles/class/GERMAN.var deleted file mode 100644 index 8638a75..0000000 --- a/roles/fai/files/profiles/class/GERMAN.var +++ /dev/null @@ -1,3 +0,0 @@ -# german environment (for Debian) -KEYMAP=de-latin1-nodeadkeys - diff --git a/roles/fai/files/profiles/class/INSTALL.var b/roles/fai/files/profiles/class/INSTALL.var deleted file mode 100644 index f0c4cbd..0000000 --- a/roles/fai/files/profiles/class/INSTALL.var +++ /dev/null @@ -1 +0,0 @@ -FAI_ACTION=install diff --git a/roles/fai/files/profiles/class/INVENTORY.var b/roles/fai/files/profiles/class/INVENTORY.var deleted file mode 100644 index 6afe995..0000000 --- a/roles/fai/files/profiles/class/INVENTORY.var +++ /dev/null @@ -1 +0,0 @@ -FAI_ACTION=inventory diff --git a/roles/fai/files/profiles/class/SYSINFO.var b/roles/fai/files/profiles/class/SYSINFO.var deleted file mode 100644 index 617b88d..0000000 --- a/roles/fai/files/profiles/class/SYSINFO.var +++ /dev/null @@ -1 +0,0 @@ -FAI_ACTION=sysinfo diff --git a/roles/fai/files/profiles/class/UBUNTU.var b/roles/fai/files/profiles/class/UBUNTU.var deleted file mode 100644 index a258b6a..0000000 --- a/roles/fai/files/profiles/class/UBUNTU.var +++ /dev/null @@ -1,2 +0,0 @@ -ubuntumirror=http://archive.ubuntu.com -ubuntudist=focal diff --git a/roles/fai/files/profiles/class/menu.profile b/roles/fai/files/profiles/class/menu.profile deleted file mode 100644 index e0c6181..0000000 --- a/roles/fai/files/profiles/class/menu.profile +++ /dev/null @@ -1,78 +0,0 @@ -Default: HW4F Desktop - -Name: HW4F Desktop -Description: Desktop installtion for Hardware for future -Short: HW4F -Long: Ubuntu 20.04 LTS (Focal Fossa) Desktop installtion -Classes: INSTALL GERMAN HW4F_DESKTOP UBUNTU HW4F_DESKTOP_LAST - -Name: Secure erase SSD -Description: Run a secure erase for SSD -Short: Secure erase -Long: Run a secure erase on SSD -Classes: SECURE_ERASE - -Name: Ubuntu -Description: Ubuntu -Short: Ubuntu -Long: Ubuntu 20.04 LTS (Focal Fossa) -Classes: INSTALL UBUNTU - -Name: Minimalist debian -Description: Minimal debian installation -Short: Simple debian -Long: Simple debian without additional packages -Classes: DEBIAN - -Name: Debian Desktop with Cinnamon -Description: Xfce desktop, LVM partitioning -Short: A fancy Xfce desktop will be installed, the user account is demo -Long: This is the Xfce desktop example. Additional account called -demo with password: fai, root password: fai -All needed packages are already on the CD or USB stick. -Classes: INSTALL DEBIAN CINNAMON - -Name: Xfce -Description: Xfce desktop, LVM partitioning -Short: A fancy Xfce desktop will be installed, the user account is demo -Long: This is the Xfce desktop example. Additional account called -demo with password: fai, root password: fai -All needed packages are already on the CD or USB stick. -Classes: INSTALL FAIBASE DEBIAN DEMO XORG XFCE LVM - -Name: Gnome -Description: Gnome desktop installation -Short: A Gnome desktop, no LVM, You will get an account called demo -Long: This is the Gnome desktop example. Additional account called -demo with password: fai, root password: fai -You should have a fast network connection, because most packages are -downloaded from the internet. -Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME - -Name: CentOS 8 -Description: CentOS 8 with Xfce desktop -Short: A normal Xfce desktop, running CentOS 8 -Long: We use the Debian nfsroot for installing the CentOS 8 OS. -You should have a fast network connection, because most packages are -downloaded from the internet. -Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG - -Name: Ubuntu -Description: Ubuntu 20.04 desktop installation -Short: Unity desktop -Long: We use the Debian nfsroot for installing the Ubuntu OS. -You should have a fast network connection, because most packages are -downloaded from the internet. -Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG - -Name: Inventory -Description: Show hardware info -Short: Show some basic hardware infos -Long: Execute commands for showing hardware info -Classes: INVENTORY - -Name: Sysinfo -Description: Show defailed system information -Short: Show detailed hardware and system information -Long: Execute a lot of commands for collecting system information -Classes: SYSINFO diff --git a/roles/fai/files/profiles/debconf/CLOUD b/roles/fai/files/profiles/debconf/CLOUD deleted file mode 100644 index e3614d6..0000000 --- a/roles/fai/files/profiles/debconf/CLOUD +++ /dev/null @@ -1,2 +0,0 @@ -# Linux command line: -grub-pc grub2/linux_cmdline_default string elevator=noop quiet diff --git a/roles/fai/files/profiles/debconf/DEBIAN b/roles/fai/files/profiles/debconf/DEBIAN deleted file mode 100644 index 9b23c87..0000000 --- a/roles/fai/files/profiles/debconf/DEBIAN +++ /dev/null @@ -1,9 +0,0 @@ -exim4-config exim4/dc_eximconfig_configtype select local delivery only; not on a network -locales locales/default_environment_locale select de_DE.UTF-8 -locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 -keyboard-configuration keyboard-configuration/modelcode string pc105 -keyboard-configuration keyboard-configuration/xkb-keymap select us -keyboard-configuration keyboard-configuration/variant select Deutsch -keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC -keyboard-configuration keyboard-configuration/layoutcode string de -keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/roles/fai/files/profiles/debconf/GERMAN b/roles/fai/files/profiles/debconf/GERMAN deleted file mode 100644 index cca0416..0000000 --- a/roles/fai/files/profiles/debconf/GERMAN +++ /dev/null @@ -1,8 +0,0 @@ -locales locales/default_environment_locale select de_DE.UTF-8 -locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 -keyboard-configuration keyboard-configuration/modelcode string pc105 -keyboard-configuration keyboard-configuration/xkb-keymap select de -keyboard-configuration keyboard-configuration/variant select Germany -keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC -keyboard-configuration keyboard-configuration/layoutcode string de -keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/roles/fai/files/profiles/debconf/HW4F_DESKTOP b/roles/fai/files/profiles/debconf/HW4F_DESKTOP deleted file mode 100644 index 0fec074..0000000 --- a/roles/fai/files/profiles/debconf/HW4F_DESKTOP +++ /dev/null @@ -1,36 +0,0 @@ -locales locales/default_environment_locale select de_DE.UTF-8 -locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 - -xserver-xorg xserver-xorg/config/inputdevice/keyboard/layout string de -xserver-xorg xserver-xorg/config/inputdevice/keyboard/model string pc105 -xserver-xorg xserver-xorg/config/inputdevice/keyboard/options string lv3:ralt_switch -xserver-xorg xserver-xorg/autodetect_monitor boolean false -xserver-xorg xserver-xorg/autodetect_keyboard boolean true -xserver-xorg xserver-xorg/autodetect_mouse boolean true -xserver-xorg xserver-xorg/autodetect_video_card boolean true - -console-setup console-setup/variant select Germany -console-setup console-setup/charmap select UTF-8 -console-setup console-setup/layoutcode string de -console-setup console-setup/compose select No compose key -console-setup console-setup/fontsize-text select 16 -console-setup console-setup/optionscode string lv3:ralt_switch -console-setup console-setup/layout select Germany -console-setup console-setup/detected note -console-setup console-setup/variantcode string -console-setup console-setup/codesetcode string Lat15 -console-setup console-setup/modelcode string pc105 -console-setup console-setup/ask_detect boolean false -console-setup console-setup/altgr select Right Alt -console-setup console-setup/ttys string /dev/tty[1-6] -console-setup console-setup/model select Generic 105-key (Intl) PC -console-setup console-setup/fontsize-fb select 16 -console-setup console-setup/switch select No temporary switch -console-setup console-setup/codeset select # Latin1 and Latin5 - western Europe and Turkic languages -console-setup console-setup/toggle select No toggling -console-setup console-setup/fontface select VGA -console-setup console-setup/fontsize string 16 - -tzdata tzdata/Zones/Etc select UTC -tzdata tzdata/Zones/Europe select Berlin -tzdata tzdata/Areas select Europe diff --git a/roles/fai/files/profiles/debconf/HW4F_DESKTOP2 b/roles/fai/files/profiles/debconf/HW4F_DESKTOP2 deleted file mode 100644 index 85c0d49..0000000 --- a/roles/fai/files/profiles/debconf/HW4F_DESKTOP2 +++ /dev/null @@ -1,132 +0,0 @@ -base-passwd base-passwd/group-add boolean true -base-passwd base-passwd/group-change-gid boolean true -base-passwd base-passwd/group-move boolean true -base-passwd base-passwd/group-remove boolean true -base-passwd base-passwd/user-add boolean true -base-passwd base-passwd/user-change-gecos boolean true -base-passwd base-passwd/user-change-gid boolean true -base-passwd base-passwd/user-change-home boolean true -base-passwd base-passwd/user-change-shell boolean true -base-passwd base-passwd/user-change-uid boolean true -base-passwd base-passwd/user-move boolean true -base-passwd base-passwd/user-remove boolean true - -ca-certificates ca-certificates/enable_crts multiselect mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/E-Tugra_Certification_Authority.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Taiwan_GRCA.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt -ca-certificates ca-certificates/new_crts multiselect -ca-certificates ca-certificates/trust_new_crts select yes - -console-setup console-setup/charmap47 select UTF-8 -console-setup console-setup/codeset47 select Guess optimal character set -console-setup console-setup/codesetcode string -console-setup console-setup/fontface47 select Fixed -console-setup console-setup/fontsize-fb47 select 8x16 -console-setup console-setup/fontsize string 8x16 -console-setup console-setup/fontsize-text47 select 8x16 -console-setup console-setup/store_defaults_in_debconf_db boolean true - -cups-bsd cups-bsd/setuplpd boolean false -cups cupsys/backend multiselect lpd, socket, usb, snmp, dnssd -cups cupsys/raw-print boolean true -dash dash/sh boolean true - -debconf debconf/frontend select Dialog -debconf debconf/priority select high - -dictionaries-common dictionaries-common/debconf_database_corruption error -dictionaries-common dictionaries-common/default-ispell select -dictionaries-common dictionaries-common/default-wordlist select deutsch (New German) -dictionaries-common dictionaries-common/invalid_debconf_value error -dictionaries-common dictionaries-common/ispell-autobuildhash-message note -dictionaries-common dictionaries-common/old_wordlist_link boolean true -dictionaries-common dictionaries-common/selecting_ispell_wordlist_default note - -gdm3 gdm3/daemon_name string /usr/sbin/gdm3 -gdm3 shared/default-x-display-manager select gdm3 - -grub-pc grub2/kfreebsd_cmdline_default string quiet splash -grub-pc grub2/linux_cmdline_default string quiet splash -grub-pc grub2/no_efi_extra_removable boolean false -grub-pc grub2/update_nvram boolean true -grub-pc grub-efi/install_devices_disks_changed multiselect -grub-pc grub-efi/install_devices_empty boolean false -grub-pc grub-efi/install_devices_failed boolean false -grub-pc grub-pc/chainload_from_menu.lst boolean true -grub-pc grub-pc/hidden_timeout boolean true -grub-pc grub-pc/install_devices_disks_changed multiselect -grub-pc grub-pc/install_devices_empty boolean false -grub-pc grub-pc/install_devices_failed boolean false -grub-pc grub-pc/install_devices_failed_upgrade boolean true -grub-pc grub-pc/install_devices multiselect /dev/disk/by-id/ata-VBOX_HARDDISK_VB71f9e682-3531daf0 -grub-pc grub-pc/kopt_extracted boolean false -grub-pc grub-pc/mixed_legacy_and_grub2 boolean true -grub-pc grub-pc/postrm_purge_boot_grub boolean false -grub-pc grub-pc/timeout string 0 - -keyboard-configuration console-setup/ask_detect boolean false -keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout -keyboard-configuration keyboard-configuration/compose select No compose key -keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean false -keyboard-configuration keyboard-configuration/layoutcode string de -keyboard-configuration keyboard-configuration/layout select German -keyboard-configuration keyboard-configuration/modelcode string pc105 -keyboard-configuration keyboard-configuration/model select Generic 105-key PC (intl.) -keyboard-configuration keyboard-configuration/store_defaults_in_debconf_db boolean true -keyboard-configuration keyboard-configuration/switch select No temporary switch -keyboard-configuration keyboard-configuration/toggle select No toggling -keyboard-configuration keyboard-configuration/unsupported_config_layout boolean true -keyboard-configuration keyboard-configuration/unsupported_config_options boolean true -keyboard-configuration keyboard-configuration/unsupported_layout boolean true -keyboard-configuration keyboard-configuration/unsupported_options boolean true -keyboard-configuration keyboard-configuration/variantcode string -keyboard-configuration keyboard-configuration/variant select German -keyboard-configuration keyboard-configuration/xkb-keymap select - -libc6:amd64 libraries/restart-without-asking boolean false -libc6 glibc/upgrade boolean true -libc6 libraries/restart-without-asking boolean false -libpam0g:amd64 libraries/restart-without-asking boolean false -libpam-runtime libpam-runtime/profiles multiselect unix, systemd, gnome-keyring, capability -libssl1.1:amd64 libraries/restart-without-asking boolean false -linux-base linux-base/removing-running-kernel boolean true - -linux-sound-base linux-sound-base/sound_system select ALSA - -locales locales/default_environment_locale select None - -man-db man-db/auto-update boolean true -man-db man-db/install-setuid boolean false - -memtest86+ shared/memtest86-run-lilo boolean false - -openvpn openvpn/create_tun boolean false - -popularity-contest popularity-contest/participate boolean false - -printer-driver-pnm2ppa pnm2ppa/create_magicfilter boolean false -printer-driver-pnm2ppa pnm2ppa/printer_model select 710 -printer-driver-pnm2ppa pnm2ppa/use_debconf boolean true - -sane-utils sane-utils/saned_run boolean false -sane-utils sane-utils/saned_scanner_group boolean true - -ssl-cert make-ssl-cert/hostname string localhost - -tzdata tzdata/Areas select Etc -tzdata tzdata/Zones/Etc select UTC - -ucf ucf/changeprompt select keep_current -ucf ucf/changeprompt_threeway select keep_current - -ufw ufw/enable boolean false -ufw ufw/existing_configuration error - -unattended-upgrades unattended-upgrades/enable_auto_updates boolean true - -update-inetd update-inetd/ask-disable-entries boolean false -update-inetd update-inetd/ask-entry-present boolean true -update-inetd update-inetd/ask-remove-entries boolean false -update-inetd update-inetd/ask-several-entries boolean true - -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/actual_allowed_users string console -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/allowed_users select Console Users Only - diff --git a/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP b/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP deleted file mode 100644 index aea3fdf..0000000 --- a/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP +++ /dev/null @@ -1,261 +0,0 @@ -dictionaries-common dictionaries-common/selecting_ispell_wordlist_default note -# Choices: Alle Locales, aa_DJ ISO-8859-1, aa_DJ.UTF-8 UTF-8, aa_ER UTF-8, aa_ER@saaho UTF-8, aa_ET UTF-8, af_ZA ISO-8859-1, af_ZA.UTF-8 UTF-8, agr_PE UTF-8, ak_GH UTF-8, am_ET UTF-8, an_ES ISO-8859-15, an_ES.UTF-8 UTF-8, anp_IN UTF-8, ar_AE ISO-8859-6, ar_AE.UTF-8 UTF-8, ar_BH ISO-8859-6, ar_BH.UTF-8 UTF-8, ar_DZ ISO-8859-6, ar_DZ.UTF-8 UTF-8, ar_EG ISO-8859-6, ar_EG.UTF-8 UTF-8, ar_IN UTF-8, ar_IQ ISO-8859-6, ar_IQ.UTF-8 UTF-8, ar_JO ISO-8859-6, ar_JO.UTF-8 UTF-8, ar_KW ISO-8859-6, ar_KW.UTF-8 UTF-8, ar_LB ISO-8859-6, ar_LB.UTF-8 UTF-8, ar_LY ISO-8859-6, ar_LY.UTF-8 UTF-8, ar_MA ISO-8859-6, ar_MA.UTF-8 UTF-8, ar_OM ISO-8859-6, ar_OM.UTF-8 UTF-8, ar_QA ISO-8859-6, ar_QA.UTF-8 UTF-8, ar_SA ISO-8859-6, ar_SA.UTF-8 UTF-8, ar_SD ISO-8859-6, ar_SD.UTF-8 UTF-8, ar_SS UTF-8, ar_SY ISO-8859-6, ar_SY.UTF-8 UTF-8, ar_TN ISO-8859-6, ar_TN.UTF-8 UTF-8, ar_YE ISO-8859-6, ar_YE.UTF-8 UTF-8, as_IN UTF-8, ast_ES ISO-8859-15, ast_ES.UTF-8 UTF-8, ayc_PE UTF-8, az_AZ UTF-8, az_IR UTF-8, be_BY CP1251, be_BY.UTF-8 UTF-8, be_BY@latin UTF-8, bem_ZM UTF-8, ber_DZ UTF-8, ber_MA UTF-8, bg_BG CP1251, bg_BG.UTF-8 UTF-8, bhb_IN.UTF-8 UTF-8, bho_IN UTF-8, bho_NP UTF-8, bi_VU UTF-8, bn_BD UTF-8, bn_IN UTF-8, bo_CN UTF-8, bo_IN UTF-8, br_FR ISO-8859-1, br_FR.UTF-8 UTF-8, br_FR@euro ISO-8859-15, brx_IN UTF-8, bs_BA ISO-8859-2, bs_BA.UTF-8 UTF-8, byn_ER UTF-8, ca_AD ISO-8859-15, ca_AD.UTF-8 UTF-8, ca_ES ISO-8859-1, ca_ES.UTF-8 UTF-8, ca_ES@euro ISO-8859-15, ca_ES@valencia UTF-8, ca_FR ISO-8859-15, ca_FR.UTF-8 UTF-8, ca_IT ISO-8859-15, ca_IT.UTF-8 UTF-8, ce_RU UTF-8, chr_US UTF-8, ckb_IQ UTF-8, cmn_TW UTF-8, crh_UA UTF-8, cs_CZ ISO-8859-2, cs_CZ.UTF-8 UTF-8, csb_PL UTF-8, cv_RU UTF-8, cy_GB ISO-8859-14, cy_GB.UTF-8 UTF-8, da_DK ISO-8859-1, da_DK.UTF-8 UTF-8, de_AT ISO-8859-1, de_AT.UTF-8 UTF-8, de_AT@euro ISO-8859-15, de_BE ISO-8859-1, de_BE.UTF-8 UTF-8, de_BE@euro ISO-8859-15, de_CH ISO-8859-1, de_CH.UTF-8 UTF-8, de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, de_IT ISO-8859-1, de_IT.UTF-8 UTF-8, de_LI.UTF-8 UTF-8, de_LU ISO-8859-1, de_LU.UTF-8 UTF-8, de_LU@euro ISO-8859-15, doi_IN UTF-8, dsb_DE UTF-8, dv_MV UTF-8, dz_BT UTF-8, el_CY ISO-8859-7, el_CY.UTF-8 UTF-8, el_GR ISO-8859-7, el_GR.UTF-8 UTF-8, el_GR@euro ISO-8859-7, en_AG UTF-8, en_AU ISO-8859-1, en_AU.UTF-8 UTF-8, en_BW ISO-8859-1, en_BW.UTF-8 UTF-8, en_CA ISO-8859-1, en_CA.UTF-8 UTF-8, en_DK ISO-8859-1, en_DK.ISO-8859-15 ISO-8859-15, en_DK.UTF-8 UTF-8, en_GB ISO-8859-1, en_GB.ISO-8859-15 ISO-8859-15, en_GB.UTF-8 UTF-8, en_HK ISO-8859-1, en_HK.UTF-8 UTF-8, en_IE ISO-8859-1, en_IE.UTF-8 UTF-8, en_IE@euro ISO-8859-15, en_IL UTF-8, en_IN UTF-8, en_NG UTF-8, en_NZ ISO-8859-1, en_NZ.UTF-8 UTF-8, en_PH ISO-8859-1, en_PH.UTF-8 UTF-8, en_SC.UTF-8 UTF-8, en_SG ISO-8859-1, en_SG.UTF-8 UTF-8, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8, en_ZA ISO-8859-1, en_ZA.UTF-8 UTF-8, en_ZM UTF-8, en_ZW ISO-8859-1, en_ZW.UTF-8 UTF-8, eo UTF-8, eo_US.UTF-8 UTF-8, es_AR ISO-8859-1, es_AR.UTF-8 UTF-8, es_BO ISO-8859-1, es_BO.UTF-8 UTF-8, es_CL ISO-8859-1, es_CL.UTF-8 UTF-8, es_CO ISO-8859-1, es_CO.UTF-8 UTF-8, es_CR ISO-8859-1, es_CR.UTF-8 UTF-8, es_CU UTF-8, es_DO ISO-8859-1, es_DO.UTF-8 UTF-8, es_EC ISO-8859-1, es_EC.UTF-8 UTF-8, es_ES ISO-8859-1, es_ES.UTF-8 UTF-8, es_ES@euro ISO-8859-15, es_GT ISO-8859-1, es_GT.UTF-8 UTF-8, es_HN ISO-8859-1, es_HN.UTF-8 UTF-8, es_MX ISO-8859-1, es_MX.UTF-8 UTF-8, es_NI ISO-8859-1, es_NI.UTF-8 UTF-8, es_PA ISO-8859-1, es_PA.UTF-8 UTF-8, es_PE ISO-8859-1, es_PE.UTF-8 UTF-8, es_PR ISO-8859-1, es_PR.UTF-8 UTF-8, es_PY ISO-8859-1, es_PY.UTF-8 UTF-8, es_SV ISO-8859-1, es_SV.UTF-8 UTF-8, es_US ISO-8859-1, es_US.UTF-8 UTF-8, es_UY ISO-8859-1, es_UY.UTF-8 UTF-8, es_VE ISO-8859-1, es_VE.UTF-8 UTF-8, et_EE ISO-8859-1, et_EE.ISO-8859-15 ISO-8859-15, et_EE.UTF-8 UTF-8, eu_ES ISO-8859-1, eu_ES.UTF-8 UTF-8, eu_ES@euro ISO-8859-15, eu_FR ISO-8859-1, eu_FR.UTF-8 UTF-8, eu_FR@euro ISO-8859-15, fa_IR UTF-8, ff_SN UTF-8, fi_FI ISO-8859-1, fi_FI.UTF-8 UTF-8, fi_FI@euro ISO-8859-15, fil_PH UTF-8, fo_FO ISO-8859-1, fo_FO.UTF-8 UTF-8, fr_BE ISO-8859-1, fr_BE.UTF-8 UTF-8, fr_BE@euro ISO-8859-15, fr_CA ISO-8859-1, fr_CA.UTF-8 UTF-8, fr_CH ISO-8859-1, fr_CH.UTF-8 UTF-8, fr_FR ISO-8859-1, fr_FR.UTF-8 UTF-8, fr_FR@euro ISO-8859-15, fr_LU ISO-8859-1, fr_LU.UTF-8 UTF-8, fr_LU@euro ISO-8859-15, fur_IT UTF-8, fy_DE UTF-8, fy_NL UTF-8, ga_IE ISO-8859-1, ga_IE.UTF-8 UTF-8, ga_IE@euro ISO-8859-15, gd_GB ISO-8859-15, gd_GB.UTF-8 UTF-8, gez_ER UTF-8, gez_ER@abegede UTF-8, gez_ET UTF-8, gez_ET@abegede UTF-8, gl_ES ISO-8859-1, gl_ES.UTF-8 UTF-8, gl_ES@euro ISO-8859-15, gu_IN UTF-8, gv_GB ISO-8859-1, gv_GB.UTF-8 UTF-8, ha_NG UTF-8, hak_TW UTF-8, he_IL ISO-8859-8, he_IL.UTF-8 UTF-8, hi_IN UTF-8, hif_FJ UTF-8, hne_IN UTF-8, hr_HR ISO-8859-2, hr_HR.UTF-8 UTF-8, hsb_DE ISO-8859-2, hsb_DE.UTF-8 UTF-8, ht_HT UTF-8, hu_HU ISO-8859-2, hu_HU.UTF-8 UTF-8, hy_AM UTF-8, hy_AM.ARMSCII-8 ARMSCII-8, ia_FR UTF-8, id_ID ISO-8859-1, id_ID.UTF-8 UTF-8, ig_NG UTF-8, ik_CA UTF-8, is_IS ISO-8859-1, is_IS.UTF-8 UTF-8, it_CH ISO-8859-1, it_CH.UTF-8 UTF-8, it_IT ISO-8859-1, it_IT.UTF-8 UTF-8, it_IT@euro ISO-8859-15, iu_CA UTF-8, ja_JP.EUC-JP EUC-JP, ja_JP.UTF-8 UTF-8, ka_GE GEORGIAN-PS, ka_GE.UTF-8 UTF-8, kab_DZ UTF-8, kk_KZ PT154, kk_KZ.RK1048 RK1048, kk_KZ.UTF-8 UTF-8, kl_GL ISO-8859-1, kl_GL.UTF-8 UTF-8, km_KH UTF-8, kn_IN UTF-8, ko_KR.EUC-KR EUC-KR, ko_KR.UTF-8 UTF-8, kok_IN UTF-8, ks_IN UTF-8, ks_IN@devanagari UTF-8, ku_TR ISO-8859-9, ku_TR.UTF-8 UTF-8, kw_GB ISO-8859-1, kw_GB.UTF-8 UTF-8, ky_KG UTF-8, lb_LU UTF-8, lg_UG ISO-8859-10, lg_UG.UTF-8 UTF-8, li_BE UTF-8, li_NL UTF-8, lij_IT UTF-8, ln_CD UTF-8, lo_LA UTF-8, lt_LT ISO-8859-13, lt_LT.UTF-8 UTF-8, lv_LV ISO-8859-13, lv_LV.UTF-8 UTF-8, lzh_TW UTF-8, mag_IN UTF-8, mai_IN UTF-8, mai_NP UTF-8, mfe_MU UTF-8, mg_MG ISO-8859-15, mg_MG.UTF-8 UTF-8, mhr_RU UTF-8, mi_NZ ISO-8859-13, mi_NZ.UTF-8 UTF-8, miq_NI UTF-8, mjw_IN UTF-8, mk_MK ISO-8859-5, mk_MK.UTF-8 UTF-8, ml_IN UTF-8, mn_MN UTF-8, mni_IN UTF-8, mnw_MM UTF-8, mr_IN UTF-8, ms_MY ISO-8859-1, ms_MY.UTF-8 UTF-8, mt_MT ISO-8859-3, mt_MT.UTF-8 UTF-8, my_MM UTF-8, nan_TW UTF-8, nan_TW@latin UTF-8, nb_NO ISO-8859-1, nb_NO.UTF-8 UTF-8, nds_DE UTF-8, nds_NL UTF-8, ne_NP UTF-8, nhn_MX UTF-8, niu_NU UTF-8, niu_NZ UTF-8, nl_AW UTF-8, nl_BE ISO-8859-1, nl_BE.UTF-8 UTF-8, nl_BE@euro ISO-8859-15, nl_NL ISO-8859-1, nl_NL.UTF-8 UTF-8, nl_NL@euro ISO-8859-15, nn_NO ISO-8859-1, nn_NO.UTF-8 UTF-8, nr_ZA UTF-8, nso_ZA UTF-8, oc_FR ISO-8859-1, oc_FR.UTF-8 UTF-8, om_ET UTF-8, om_KE ISO-8859-1, om_KE.UTF-8 UTF-8, or_IN UTF-8, os_RU UTF-8, pa_IN UTF-8, pa_PK UTF-8, pap_AW UTF-8, pap_CW UTF-8, pl_PL ISO-8859-2, pl_PL.UTF-8 UTF-8, ps_AF UTF-8, pt_BR ISO-8859-1, pt_BR.UTF-8 UTF-8, pt_PT ISO-8859-1, pt_PT.UTF-8 UTF-8, pt_PT@euro ISO-8859-15, quz_PE UTF-8, raj_IN UTF-8, ro_RO ISO-8859-2, ro_RO.UTF-8 UTF-8, ru_RU ISO-8859-5, ru_RU.CP1251 CP1251, ru_RU.KOI8-R KOI8-R, ru_RU.UTF-8 UTF-8, ru_UA KOI8-U, ru_UA.UTF-8 UTF-8, rw_RW UTF-8, sa_IN UTF-8, sah_RU UTF-8, sat_IN UTF-8, sc_IT UTF-8, sd_IN UTF-8, sd_IN@devanagari UTF-8, sd_PK UTF-8, se_NO UTF-8, sgs_LT UTF-8, shn_MM UTF-8, shs_CA UTF-8, si_LK UTF-8, sid_ET UTF-8, sk_SK ISO-8859-2, sk_SK.UTF-8 UTF-8, sl_SI ISO-8859-2, sl_SI.UTF-8 UTF-8, sm_WS UTF-8, so_DJ ISO-8859-1, so_DJ.UTF-8 UTF-8, so_ET UTF-8, so_KE ISO-8859-1, so_KE.UTF-8 UTF-8, so_SO ISO-8859-1, so_SO.UTF-8 UTF-8, sq_AL ISO-8859-1, sq_AL.UTF-8 UTF-8, sq_MK UTF-8, sr_ME UTF-8, sr_RS UTF-8, sr_RS@latin UTF-8, ss_ZA UTF-8, st_ZA ISO-8859-1, st_ZA.UTF-8 UTF-8, sv_FI ISO-8859-1, sv_FI.UTF-8 UTF-8, sv_FI@euro ISO-8859-15, sv_SE ISO-8859-1, sv_SE.ISO-8859-15 ISO-8859-15, sv_SE.UTF-8 UTF-8, sw_KE UTF-8, sw_TZ UTF-8, szl_PL UTF-8, ta_IN UTF-8, ta_LK UTF-8, tcy_IN.UTF-8 UTF-8, te_IN UTF-8, tg_TJ KOI8-T, tg_TJ.UTF-8 UTF-8, th_TH TIS-620, th_TH.UTF-8 UTF-8, the_NP UTF-8, ti_ER UTF-8, ti_ET UTF-8, tig_ER UTF-8, tk_TM UTF-8, tl_PH ISO-8859-1, tl_PH.UTF-8 UTF-8, tn_ZA UTF-8, to_TO UTF-8, tpi_PG UTF-8, tr_CY ISO-8859-9, tr_CY.UTF-8 UTF-8, tr_TR ISO-8859-9, tr_TR.UTF-8 UTF-8, ts_ZA UTF-8, tt_RU UTF-8, tt_RU@iqtelif UTF-8, ug_CN UTF-8, ug_CN@latin UTF-8, uk_UA KOI8-U, uk_UA.UTF-8 UTF-8, unm_US UTF-8, ur_IN UTF-8, ur_PK UTF-8, uz_UZ ISO-8859-1, uz_UZ.UTF-8 UTF-8, uz_UZ@cyrillic UTF-8, ve_ZA UTF-8, vi_VN UTF-8, wa_BE ISO-8859-1, wa_BE.UTF-8 UTF-8, wa_BE@euro ISO-8859-15, wae_CH UTF-8, wal_ET UTF-8, wo_SN UTF-8, xh_ZA ISO-8859-1, xh_ZA.UTF-8 UTF-8, yi_US CP1255, yi_US.UTF-8 UTF-8, yo_NG UTF-8, yue_HK UTF-8, yuw_PG UTF-8, zh_CN GB2312, zh_CN.GB18030 GB18030, zh_CN.GBK GBK, zh_CN.UTF-8 UTF-8, zh_HK BIG5-HKSCS, zh_HK.UTF-8 UTF-8, zh_SG GB2312, zh_SG.GBK GBK, zh_SG.UTF-8 UTF-8, zh_TW BIG5, zh_TW.EUC-TW EUC-TW, zh_TW.UTF-8 UTF-8, zu_ZA ISO-8859-1, zu_ZA.UTF-8 UTF-8 -locales locales/locales_to_be_generated multiselect -# Zeitzone: -# Choices: Abidjan, Accra, Addis Abeba, Algier, Asmara, Bamako, Bangui, Banjul, Bissau, Blantyre, Brazzaville, Bujumbura, Kairo, Casablanca, Ceuta, Conakry, Dakar, Dar es Salam, Dschibuti, Duala, El Ajun, Freetown, Gaborone, Harare, Johannesburg, Juba, Kampala, Khartum, Kigali, Kinshasa, Lagos, Libreville, Lomé, Luanda, Lubumbashi, Lusaka, Malabo, Maputo, Maseru, Mbabane, Mogadischu, Monrovia, Nairobi, Ndjamena, Niamey, Nouakchott, Ouagadougou, Porto-Novo, São Tomé, Timbuktu, Tripolis, Tunis, Windhoek -tzdata tzdata/Zones/Africa select -# Zusätzliche autorisierte Dienste: -ufw ufw/allow_custom_ports string -# Inkompatible PAM-Profile ausgewählt. -libpam-runtime libpam-runtime/conflicts error -# Dienste bei Paket-Upgrades ohne Rückfrage neu starten? -libc6 libraries/restart-without-asking boolean false -libc6:amd64 libraries/restart-without-asking boolean false -libpam0g:amd64 libraries/restart-without-asking boolean false -libssl1.1:amd64 libraries/restart-without-asking boolean false -# Standard-Befehlszeile für Linux: -grub-pc grub2/linux_cmdline_default string quiet splash -# Participate in the package usage survey? -popularity-contest popularity-contest/participate boolean false -# Methode zur Umschaltung zwischen nationalem und lateinischem Modus: -# Choices: Feststelltaste, Alt rechts (AltGr), Strg rechts, Umschalttaste rechts, Windows-Taste rechts, Menütaste, Alt+Umschalttaste, Strg+Umschalttaste, Strg+Alt, Alt+Feststelltaste, Strg links+Umschalttaste links, Alt links, Strg links, Umschalttaste links, Windows-Taste links, Rollen-Taste, Keine Umschaltung -keyboard-configuration keyboard-configuration/toggle select No toggling -# Möchten Sie man und mandb »setuid man« installieren? -man-db man-db/install-setuid boolean false -# Kernelversion wird nicht unterstützt -libc6 glibc/kernel-not-supported note -libc6:amd64 glibc/kernel-not-supported note -# Rechnername: -ssl-cert make-ssl-cert/hostname string localhost -console-setup console-setup/charmap47 select UTF-8 - -# TODO: set later -grub-pc grub-pc/install_devices multiselect /dev/disk/by-id/ata-VBOX_HARDDISK_VB71f9e682-3531daf0 - -console-setup console-setup/fontface47 select Fixed -# Zeitzone: -# Choices: Casey, Davis, DumontDUrville, Macquarieinsel, Mawson, McMurdo, Palmer, Rothera, Syowa, Troll, Vostok -tzdata tzdata/Zones/Antarctica select -console-setup console-setup/codesetcode string -# Aktuelle Optionen der Tastaturbelegung in der Konfigurationsdatei behalten? -keyboard-configuration keyboard-configuration/unsupported_config_options boolean true -# Standard-Standorteinstellung für die Systemumgebung: -# Choices: Keine, C.UTF-8, -locales locales/default_environment_locale select None -# Zeitzone: -# Choices: Adak, Anchorage, Anguilla, Antigua, Aracaju, Argentinien/Buenos Aires, Argentinien/Catamarca, Argentinien/Córdoba, Argentinien/Jujuy, Argentinien/La Rioja, Argentinien/Mendoza, Argentinien/Río Gallegos, Argentinien/Salta, Argentinien/San Juan, Argentinien/San Luis, Argentinien/Tucumán, Argentinien/Ushuaia, Aruba, Asunción, Atikokan, Atka, Bahia, Bahia Banderas, Barbados, Belém, Belize, Blanc-Sablon, Boa Vista, Bogotá, Boise, Cambridge Bay, Campo Grande, Cancún, Caracas, Cayenne, Kaiman, Chicago, Chihuahua, Coral Harbour, Costa Rica, Creston, Cuiabá, Curaçao, Danmarkshavn, Dawson, Dawson Creek, Denver, Detroit, Dominica, Edmonton, Eirunepe, El Salvador, Ensenada, Fort Nelson, Fortaleza, Glace Bay, Godthåb, Goose Bay, Grand Turk, Grenada, Guadeloupe, Guatemala, Guayaquil, Guyana, Halifax, Havana, Hermosillo, Indiana/Indianapolis, Indiana/Knox, Indiana/Marengo, Indiana/Petersburg, Indiana/Tell City, Indiana/Vevay, Indiana/Vincennes, Indiana/Winamac, Inuvik, Iqaluit, Jamaika, Juneau, Kentucky/Louisville, Kentucky/Monticello, Kralendijk, La Paz, Lima, Los Angeles, Lower Princes, Maceió, Managua, Manaus, Marigot, Martinique, Matamoros, Mazatlán, Menominee, Mérida, Metlakatla, Mexiko-Stadt, Miquelon, Moncton, Monterrey, Montevideo, Montreal, Montserrat, Nassau, New York, Nipigon, Nome, Noronha, North Dakota/Beulah, North Dakota/Zentral, North Dakota/New Salem, Nuuk, Ojinaga, Panama, Pangnirtung, Paramaribo, Phoenix, Port-au-Prince, Port of Spain, Porto Acre, Pôrto Velho, Puerto Rico, Punta Arenas, Rainy River, Rankin Inlet, Recife, Regina, Resolute, Rio Branco, Santa Isabel, Santarém, Santiago, Santo Domingo, São Paulo, Scoresbysund, Shiprock, Sitka, Saint-Barthélemy, St Johns, St Kitts, St Lucia, St Thomas, St Vincent, Swift Current, Tegucigalpa, Thule, Thunder Bay, Tijuana, Toronto, Tortola, Vancouver, Virgin, Whitehorse, Winnipeg, Yakutat, Yellowknife -tzdata tzdata/Zones/America select -grub-pc grub2/update_nvram boolean true -dictionaries-common dictionaries-common/invalid_debconf_value error -libpam0g:amd64 libpam0g/restart-services string -popularity-contest popularity-contest/submiturls string -console-setup console-setup/fontsize-text47 select 8x16 -iproute2 iproute2/setcaps boolean false -ucf ucf/conflicts_found error -keyboard-configuration keyboard-configuration/store_defaults_in_debconf_db boolean true -# Möchten Sie, dass CUPS unbekannte Druckaufträge unbearbeitet (raw) druckt? -cups cupsys/raw-print boolean true -grub-pc grub2/kfreebsd_cmdline string -grub-pc grub-pc/timeout string 0 -tzdata tzdata/Zones/Etc select UTC -tzdata tzdata/Zones/Australia select -base-passwd base-passwd/group-add boolean true -keyboard-configuration keyboard-configuration/layoutcode string de -gdm3 shared/default-x-display-manager select gdm3 -keyboard-configuration keyboard-configuration/xkb-keymap select -keyboard-configuration keyboard-configuration/modelcode string pc105 -tzdata tzdata/Zones/Arctic select -linux-base linux-base/removing-running-kernel boolean true -# Saned-Benutzer zu der Scanner-Gruppe hinzufügen? -sane-utils sane-utils/saned_scanner_group boolean true -# Möchten Sie das Upgrade von Glibc jetzt durchführen? -libc6 glibc/upgrade boolean true -libc6:amd64 glibc/upgrade boolean true -# Hide the GRUB timeout; for internal use -grub-pc grub-pc/hidden_timeout boolean true -# Choices: american (American English), british (British English), deutsch (New German), deutsch (Old German), deutsch (Swiss German), Manuelle Einrichtung von symbolischen Verweisen -dictionaries-common dictionaries-common/default-wordlist select deutsch (New German) -console-setup console-setup/codeset47 select Guess optimal character set -keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean false -grub-pc grub-pc/install_devices_disks_changed multiselect -libpam0g:amd64 libpam0g/restart-failed error -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/allowed_users select Console Users Only -libpam-modules libpam-modules/disable-screensaver error -dash dash/sh boolean true -apparmor apparmor/homedirs string -libc6 glibc/restart-failed error -libc6:amd64 glibc/restart-failed error -grub-pc grub-pc/kopt_extracted boolean false -libpam-runtime libpam-runtime/profiles multiselect unix, systemd, gnome-keyring, capability -grub-pc grub-pc/chainload_from_menu.lst boolean true -grub-pc grub-pc/install_devices_failed_upgrade boolean true -keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout -printer-driver-pnm2ppa pnm2ppa/use_debconf boolean true -# for internal use -console-setup console-setup/store_defaults_in_debconf_db boolean true -# for internal use -console-setup console-setup/fontsize string 8x16 -# Methode zum vorübergehenden Wechseln zwischen nationaler und lateinischer Eingabe: -# Choices: Kein vorübergehender Wechsel, Beide Windows-Tasten, Alt rechts (AltGr), Windows-Taste rechts, Alt links, Windows-Taste links -keyboard-configuration keyboard-configuration/switch select No temporary switch -grub-pc grub-efi/install_devices multiselect -ubuntu-drivers-common ubuntu-drivers-common/obsolete-driver error -base-passwd base-passwd/group-change-gid boolean true -man-db man-db/auto-update boolean true -console-setup console-setup/fontsize-fb47 select 8x16 -ca-certificates ca-certificates/enable_crts multiselect mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/E-Tugra_Certification_Authority.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Taiwan_GRCA.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt -ucf ucf/changeprompt_threeway select keep_current -libpam-runtime libpam-runtime/override boolean false -dictionaries-common dictionaries-common/debconf_database_corruption error -tzdata tzdata/Areas select Etc -grub-pc grub-pc/install_devices_empty boolean false -tzdata tzdata/Zones/Indian select -# Zeitzone: -# Choices: AST4, AST4ADT, CST6, CST6CDT, EST5, EST5EDT, HST10, MST7, MST7MDT, PST8, PST8PDT, YST9, YST9YDT -tzdata tzdata/Zones/SystemV select -# Tastaturbelegung: -# Choices: German, German - German (dead acute), German - German (dead grave acute), German - German (dead tilde), German - German (Dvorak), German - German (Macintosh), German - German (Macintosh\, no dead keys), German - German (Neo 2), German - German (no dead keys), German - German (QWERTY), German - German (T3), German - German (with Sun dead keys), German - Lower Sorbian, German - Lower Sorbian (QWERTZ), German - Romanian (Germany), German - Romanian (Germany\, no dead keys), German - Russian (Germany\, phonetic), German - Turkish (Germany) -keyboard-configuration keyboard-configuration/variant select German -# for internal use -keyboard-configuration keyboard-configuration/variantcode string -# Compose-Taste: -# Choices: Keine Compose-Taste, Alt rechts (AltGr), Strg rechts, Windows-Taste rechts, Menütaste, Windows-Taste links, Feststelltaste -keyboard-configuration keyboard-configuration/compose select No compose key -# Xscreensaver und Xlockmore müssen vor dem Upgrade neu gestartet werden -libc6 glibc/disable-screensaver error -libc6:amd64 glibc/disable-screensaver error -# Zeitzone: -# Choices: Apia, Auckland, Bougainville, Chatham, Chuuk, Easter, Éfaté, Enderbury, Fakaofo, Fidschi, Funafuti, Galapagos, Gambier, Guadalcanal, Guam, Honolulu, Johnston, Kiritimati, Kosrae, Kwajalein, Majuro, Marquesas, Midway, Nauru, Niue, Norfolk, Nouméa, Pago Pago, Palau, Pitcairn, Pohnpei, Ponape, Port Moresby, Rarotonga, Saipan, Samoa, Tahiti, Tarawa, Tongatapu, Truk, Wake, Wallis, Yap -tzdata tzdata/Zones/Pacific select -# Jetzt die Umstellung auf GRUB 2 abschließen? -grub-pc grub-pc/mixed_legacy_and_grub2 boolean true -# Möchten Sie die Gruppe verschieben? -base-passwd base-passwd/group-move boolean true -# Soll der veraltete Verweis /etc/dictionary gelöscht werden? -dictionaries-common dictionaries-common/old_wordlist_link boolean true -# Ufw automatisch starten? -ufw ufw/enable boolean false -# Wollen Sie das GECOS des Benutzers ändern? -base-passwd base-passwd/user-change-gecos boolean true -# Standard-Papierformat für Ihr System: -# Choices: letter, A4, note, legal, executive, halfletter, halfexecutive, 11x17, statement, folio, quarto, 10x14, ledger, tabloid, A0, A1, A2, A3, A5, A6, A7, A8, A9, A10, B0, B1, B2, B3, B4, B5, C5, DL, Comm10, Monarch, archE, archD, archC, archB, archA, flsa, flse, csheet, dsheet, esheet -libpaper1 libpaper/defaultpaper select a4 -libpaper1:amd64 libpaper/defaultpaper select a4 -# Herkunftsland für die Tastatur: -# Choices: Afghani, Albanian, Amharic, Arabic, Arabic (Morocco), Arabic (Syria), Armenian, Azerbaijani, Bambara, Bangla, Belarusian, Belgian, Berber (Algeria\, Latin), Bosnian, Braille, Bulgarian, Burmese, Chinese, Croatian, Czech, Danish, Dhivehi, Dutch, Dzongkha, English (Australian), English (Cameroon), English (Ghana), English (Nigeria), English (South Africa), English (UK), English (US), Esperanto, Estonian, Faroese, Filipino, Finnish, French, French (Canada), French (Democratic Republic of the Congo), French (Guinea), French (Togo), Georgian, German, German (Austria), Greek, Hebrew, Hungarian, Icelandic, Indian, Indonesian (Arab Melayu\, phonetic), Indonesian (Javanese), Iraqi, Irish, Italian, Japanese, Japanese (PC-98), Kazakh, Khmer (Cambodia), Korean, Kyrgyz, Lao, Latvian, Lithuanian, Macedonian, Malay (Jawi\, Arabic Keyboard), Maltese, Maori, Moldavian, Mongolian, Montenegrin, Nepali, Norwegian, Persian, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Sinhala (phonetic), Slovak, Slovenian, Spanish, Spanish (Latin American), Swahili (Kenya), Swahili (Tanzania), Swedish, Switzerland, Taiwanese, Tajik, Thai, Tswana, Turkish, Turkmen, Ukrainian, Urdu (Pakistan), Uzbek, Vietnamese, Wolof -keyboard-configuration keyboard-configuration/layout select German -# Wünschen Sie systemweit lesbare Home-Verzeichnisse? -adduser adduser/homedir-permission boolean true -# Möchten Sie die GID des Benutzers ändern? -base-passwd base-passwd/user-change-gid boolean true -# Zu nutzende Schnittstellenoberfläche: -# Choices: Dialog, Readline, Gnome, Kde, Editor, Nicht-interaktiv -debconf debconf/frontend select Dialog -# for internal use -keyboard-configuration keyboard-configuration/optionscode string -# Inetd-Einträge deaktivieren? -update-inetd update-inetd/ask-disable-entries boolean false -# Wie wollen Sie mit der geänderten Konfigurationsdatei verfahren? -# Choices: Version des Paketbetreuers installieren, aktuell lokal installierte Version beibehalten, Unterschiede zwischen den Versionen anzeigen, Unterschiede zwischen den Versionen nebeneinander anzeigen, die Angelegenheit in einer neu gestarteten Shell untersuchen -ucf ucf/changeprompt select keep_current -# Detect keyboard layout? -keyboard-configuration console-setup/ask_detect boolean false -# Neuen Zertifikaten von Zertifizierungsstellen vertrauen? -# Choices: Ja, Nein, Fragen -ca-certificates ca-certificates/trust_new_crts select yes -# for internal use only -gdm3 gdm3/daemon_name string /usr/sbin/gdm3 -# Alternativ-Name(n): -ssl-cert make-ssl-cert/altname string -# Möchten Sie den Kompatibilitäts-Server für BSD lpd einrichten? -cups-bsd cups-bsd/setuplpd boolean false -# GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren? -grub-pc grub-pc/install_devices_failed boolean false -# Zu aktivierende neue Zertifikate: -# Choices: -ca-certificates ca-certificates/new_crts multiselect -# Neustarten einiger Dienste beim OpenSSL-Upgrade fehlgeschlagen -libssl1.1:amd64 libssl1.1/restart-failed error -# GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren? -grub-pc grub-efi/install_devices_failed boolean false -# Unterschiede zwischen den Versionen zeilenweise anzeigen -ucf ucf/show_diff note -# Inetd-Einträge entfernen? -update-inetd update-inetd/ask-remove-entries boolean false -# Soll lilo nach dem Upgrade automatisch ausgeführt werden (falls vorhanden)? -memtest86+ shared/memtest86-run-lilo boolean false -# TUN/TAP-Gerät anlegen? -openvpn openvpn/create_tun boolean false -# Bestehende Konfiguration gefunden -ufw ufw/existing_configuration error -# Probleme bei der Neuerstellung einer -Hash-Datei () -dictionaries-common dictionaries-common/ispell-autobuildhash-message note -# Zeitzone: -# Choices: Azoren, Bermuda, Kanaren, Kap Verde, Farör, Jan Mayen, Madeira, Reykjavík, South Georgia, St Helena, Stanley -tzdata tzdata/Zones/Atlantic select -# Möchten Sie das Home-Verzeichnis des Benutzers ändern? -base-passwd base-passwd/user-change-home boolean true -# Zeitzone: -# Choices: Amsterdam, Andorra, Astrachan, Athen, Belfast, Belgrad, Berlin, Bratislava, Brüssel, Bukarest, Budapest, Büsingen, Chisinau, Kopenhagen, Dublin, Gibraltar, Guernsey, Helsinki, Isle of Man, Istanbul, Jersey, Kaliningrad, Kiew, Kirow, Lissabon, Ljubljana, London, Luxemburg, Madrid, Malta, Mariehamn, Minsk, Monaco, Moskau, Nicosia, Oslo, Paris, Podgorica, Prag, Riga, Rom, Samara, San Marino, Sarajevo, Saratov, Simferopol, Skopje, Sofia, Stockholm, Tallinn, Tirana, Tiraspol, Uljanowsk, Uschhorod, Vaduz, Vatikan, Wien, Vilnius, Wolgograd, Warschau, Zagreb, Saporischschja, Zürich -tzdata tzdata/Zones/Europe select -# Möchten Sie den Benutzer entfernen? -base-passwd base-passwd/user-remove boolean true -# Aktiviere Saned als Einzel-Server? -sane-utils sane-utils/saned_run boolean false -# Mehrfache Einträge ignorieren und ohne Änderungen fortfahren? -update-inetd update-inetd/ask-several-entries boolean true -# Zeitzone: -# Choices: Aden, Almaty, Amman, Anadyr, Aqtau, Aqtöbe, Asgabat, Atyrau, Bagdad, Bahrain, Baku, Bangkok, Barnaul, Beirut, Bischkek, Brunei, Chita, Tschoibalsan, Chongqing, Colombo, Damaskus, Dhaka, Dili, Dubai, Duschanbe, Famagusta, Gasa, Harbin, Hebron, Ho-Chi-Minh-Stadt, Hong Kong, Chovd, Irkutsk, Istanbul, Jakarta, Jayapura, Jerusalem, Kabul, Kamtschatka, Karatschi, Kaschgar, Katmandu, Khandyga, Kolkata, Krasnojarsk, Kuala Lumpur, Kuching, Kuwait, Macao, Magadan, Ujung Pandang (Makassar), Manila, Maskat, Nicosia, Nowokusnezk, Novosibirsk, Omsk, Oral, Phnom Penh, Pontianak, Pjöngjang, Katar, Qostanay, Ksyl-Orda, Rangun, Riad, Sachalin, Samarkand, Seoul, Shanghai, Singapur, Srednekolymsk, Taipeh, Taschkent, Tiflis, Teheran, Tel Aviv, Thimphu, Tokio, Tomsk, Makassar, Ulan-Bator (Ulaanbaatar), Ürümqi, Ust-Nera, Vientiane, Wladiwostok, Jakutsk, Rangun, Jekaterinburg, Eriwan -tzdata tzdata/Zones/Asia select -# Aktualisierungen für Stable automatisch herunterladen und installieren? -unattended-upgrades unattended-upgrades/enable_auto_updates boolean true -# Voreingestellte Tastaturbelegung () beibehalten? -keyboard-configuration keyboard-configuration/unsupported_layout boolean true -# Möchten Sie die Gruppe entfernen? -base-passwd base-passwd/group-remove boolean true -# Backends für die Kommunikation mit dem Drucker: -# Choices: lpd, Socket, USB, SNMP, dnssd -cups cupsys/backend multiselect lpd, socket, usb, snmp, dnssd -# Möchten Sie den Benutzer hinzufügen? -base-passwd base-passwd/user-add boolean true -# Keyboard layout detection complete -keyboard-configuration console-setup/detected note -# Existierenden Eintrag belassen und ohne Änderungen fortfahren? -update-inetd update-inetd/ask-entry-present boolean true -# Wollen Sie die Shell des Benutzers ändern? -# Standard-Befehlszeile für kFreeBSD: - -printer-driver-pnm2ppa pnm2ppa/printer_model select 710 - -linux-sound-base linux-sound-base/sound_system select ALSA - -debconf debconf/priority select high - -base-passwd base-passwd/user-move boolean true -base-passwd base-passwd/user-change-shell boolean true - -libssl1.1:amd64 libssl1.1/restart-services string - -base-passwd base-passwd/user-change-uid boolean true - -grub-pc grub2/kfreebsd_cmdline_default string quiet splash -grub-pc grub2/no_efi_extra_removable boolean false -grub-pc grub-efi/install_devices_disks_changed multiselect - -keyboard-configuration keyboard-configuration/unsupported_config_layout boolean true -keyboard-configuration keyboard-configuration/unsupported_options boolean true -keyboard-configuration keyboard-configuration/model select Generic 105-key PC (intl.) - -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/actual_allowed_users string console - -printer-driver-pnm2ppa pnm2ppa/create_magicfilter boolean false -grub-pc grub2/linux_cmdline string -libc6 glibc/restart-services string -libc6:amd64 glibc/restart-services string -tzdata tzdata/Zones/US select -dictionaries-common dictionaries-common/default-ispell select -keyboard-configuration console-setup/detect detect-keyboard -libpam-runtime libpam-runtime/no_profiles_chosen error -grub-pc grub-pc/postrm_purge_boot_grub boolean false -ssl-cert make-ssl-cert/vulnerable_prng note -grub-pc grub-efi/install_devices_empty boolean false diff --git a/roles/fai/files/profiles/disk_config/CENTOS b/roles/fai/files/profiles/disk_config/CENTOS deleted file mode 100644 index 9c3c933..0000000 --- a/roles/fai/files/profiles/disk_config/CENTOS +++ /dev/null @@ -1,16 +0,0 @@ -# example of new config file for setup-storage -# -# - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:label - -# Note that the CentOS 5 version of GRUB cannot read from ext3 filesystems with inode_size > 128 -# CentOS 5.6 needs /boot as ext3, so we use ext3 for / - -#primary / 350 ext3 rw,noatime,errors=remount-ro createopts="-L ROOT -I 128" - -# use following line for CentOS 7 -primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT" - -logical swap 200-10G swap sw createopts="-L SWAP" -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/CLOUD b/roles/fai/files/profiles/disk_config/CLOUD deleted file mode 100644 index 0b76001..0000000 --- a/roles/fai/files/profiles/disk_config/CLOUD +++ /dev/null @@ -1,7 +0,0 @@ -# config for a disk image for a VM -# -# - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid align-at:1M - -primary / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAIBASE b/roles/fai/files/profiles/disk_config/FAIBASE deleted file mode 100644 index 0c66cbc..0000000 --- a/roles/fai/files/profiles/disk_config/FAIBASE +++ /dev/null @@ -1,9 +0,0 @@ -# example of new config file for setup-storage -# -# - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid - -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -logical swap 200-10G swap sw -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAIBASE_EFI b/roles/fai/files/profiles/disk_config/FAIBASE_EFI deleted file mode 100644 index 8ff0e4b..0000000 --- a/roles/fai/files/profiles/disk_config/FAIBASE_EFI +++ /dev/null @@ -1,10 +0,0 @@ -# example of new config file for setup-storage -# -# - -disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -primary swap 200-10G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAISERVER b/roles/fai/files/profiles/disk_config/FAISERVER deleted file mode 100644 index 29bf219..0000000 --- a/roles/fai/files/profiles/disk_config/FAISERVER +++ /dev/null @@ -1,11 +0,0 @@ -# config file for an FAI install server -# -# - -disk_config disk1 disklabel:msdos fstabkey:uuid - -primary / 2G-15G ext4 rw,noatime,errors=remount-ro -logical swap 200-1000 swap sw -logical /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" -logical /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" -logical /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAISERVER_EFI b/roles/fai/files/profiles/disk_config/FAISERVER_EFI deleted file mode 100644 index 30adbe3..0000000 --- a/roles/fai/files/profiles/disk_config/FAISERVER_EFI +++ /dev/null @@ -1,12 +0,0 @@ -# config file for an FAI install server -# -# - -disk_config disk1 disklabel:gpt fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-15G ext4 rw,noatime,errors=remount-ro -primary swap 200-1000 swap sw -primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" -primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" -primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP b/roles/fai/files/profiles/disk_config/HW4F_DESKTOP deleted file mode 100644 index 1e136e0..0000000 --- a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP +++ /dev/null @@ -1,5 +0,0 @@ -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid - -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -logical swap 200-10G swap sw -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI b/roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI deleted file mode 100644 index c95a40c..0000000 --- a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI +++ /dev/null @@ -1,6 +0,0 @@ -disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -primary swap 200-10G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/LVM b/roles/fai/files/profiles/disk_config/LVM deleted file mode 100644 index 868970a..0000000 --- a/roles/fai/files/profiles/disk_config/LVM +++ /dev/null @@ -1,15 +0,0 @@ -# - -# entire disk with LVM, separate /home - -disk_config disk1 fstabkey:uuid align-at:1M - -primary /boot 200 ext2 rw,noatime -primary - 4G- - - - -disk_config lvm - -vg vg1 disk1.2 -vg1-root / 3G-50G ext4 noatime,rw -vg1-swap swap 200-4G swap sw -vg1-home /home 600- ext4 noatime,nosuid,nodev,rw diff --git a/roles/fai/files/profiles/disk_config/LVM_EFI b/roles/fai/files/profiles/disk_config/LVM_EFI deleted file mode 100644 index b2609a5..0000000 --- a/roles/fai/files/profiles/disk_config/LVM_EFI +++ /dev/null @@ -1,16 +0,0 @@ -# - -# entire disk with LVM, separate /home - -disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M - -primary /boot/efi 512M vfat rw -primary /boot 200 ext2 rw,noatime -primary - 4G- - - - -disk_config lvm - -vg vg1 disk1.3 -vg1-root / 3G-50G ext4 noatime,rw -vg1-swap swap 200-4G swap sw -vg1-home /home 600- ext4 noatime,nosuid,nodev,rw diff --git a/roles/fai/files/profiles/disk_config/XENIAL b/roles/fai/files/profiles/disk_config/XENIAL deleted file mode 100644 index 22ab65c..0000000 --- a/roles/fai/files/profiles/disk_config/XENIAL +++ /dev/null @@ -1,12 +0,0 @@ -# example of new config file for setup-storage -# -# - -# this is a copy of FAIBASE, but with metadata_csum disabled. -# Ubuntu XENIAL does not yet suport this option - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid - -primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum" -logical swap 200-1G swap sw -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/XENIAL_EFI b/roles/fai/files/profiles/disk_config/XENIAL_EFI deleted file mode 100644 index d72f130..0000000 --- a/roles/fai/files/profiles/disk_config/XENIAL_EFI +++ /dev/null @@ -1,13 +0,0 @@ -# example of new config file for setup-storage -# -# - -# this is a copy of FAIBASE, but with metadata_csum disabled. -# Ubuntu XENIAL does not yet suport this option - -disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum" -primary swap 200-1G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN b/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN deleted file mode 100644 index deb7948..0000000 --- a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN +++ /dev/null @@ -1,5 +0,0 @@ -DPkg { - Options { - "--force-confdef"; - } -}; diff --git a/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT b/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT deleted file mode 100644 index e953293..0000000 --- a/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT +++ /dev/null @@ -1,11 +0,0 @@ -Package: * -Pin: origin live.linuxmint.com -Pin-Priority: 750 - -Package: * -Pin: release o=linuxmint,c=upstream -Pin-Priority: 700 - -Package: * -Pin: release o=Ubuntu -Pin-Priority: 500 diff --git a/roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP b/roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP deleted file mode 100644 index e69de29..0000000 diff --git a/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME b/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME deleted file mode 100644 index f016a99..0000000 --- a/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME +++ /dev/null @@ -1,3 +0,0 @@ -deb {%apt_cdn%}/debian {%release%} main -deb {%security_cdn%}/debian-security {%release%}/updates main -deb {%apt_cdn%}/debian {%release%}-updates main diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN deleted file mode 100644 index d720a78311b7cdc694dc35cc1720ad52d7483b31..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27133 zcmb5Wb9iKLw)b7JI<{@AW81cEbZk56SRJ!t+eXJ$$F|Kk{hK+@%sJ09XXgEH*RFl7 zs@m7*`(5i^weI}`C=XPqFN7Wu6!44E+Fe;Nz~_x6zWUmWWQC$_t^kB$DNrj zd~qV6xtF*d4)GnyvKxITAaBU#74}3nk?i>6ljs>F5Gfr|Q!9Lqn_M$UwL@@#r&@zR zg~%xU+YIH$A~g~T7t8*eydwc{(qq4fU0We=^SZOlNfliuEh@I7mXsXsnDLS>c()x& zZznCS8`7DA=iCo*DDg=%mb0lE)mFBHZ@}RETwsuOIb~z#u=kPxMHx^)8#O}eW@%ci z`Q>`6A~d<>1t%xJe(-uzPj-(&M4}Q3aKv$HLpAwwrB2(jtT>M|q$jQAOMC)U3_LH` zRL;^Vh8HO36cL_>wyG?d)8i>@jVX*JH1dy}9X(R@f zvuwhfSLL9)02MqGHgp5XX`Ok&1e&7djY1%GL%h8xHoxRy_$!vtU$Kb)_3s7)R`zGs z0mcOS=Nr%r49M}jjH+BVtoD`XFxjLpVPVDGX2S+YYj+GM{Zbx zh_ZdXts6ntK1((ERhyFP{voh!TBx0SFE}NSy*0F8fhJSZn_31>FGuj8H|K{PnYiIi zdz`{UY#4~hp0AHDopW_NlnD{BW(wYQe-w3e=!(4f#$}bL zH1!wmVi~lr$9mBx$NcHu5ag!!dHy)4%Y&I53>o4H5CAg_E3KChsAoTera5wHpoU-*W_ccQPdTxI`2`>$2|NC8NPkRpmN zh`SxkYi2!P7N zc9?}?jt2j(?2uO3yJ|Q~_=sCaFz#TeXCV0KEbwDfZ=H(C)46jEsVl?HI#y;H>*pF* z^WdfBY_vkMfk_s;)_Zc()JK)v!NKC|-t`UgG=01)n|)tyYg4R+=vFJaGiiJ1R@zL6 zJ>>Q`hdEcp&doarYs5T=1HCYS(=8x-K$mb8kC>GTEER$ZC!~i&39XmECK1a71V^*S zU7&YkrvoLNT9Npdy~*Isg8K)Kyv*38{Z$9XR>${`uo4I6=s=|NrbgAmKs!8z-*SXI zoyk(ugNSN24}D9z5r@(lm%r_hk|%3BK3Czh5WKwk#ApyNvgU3&6 z^kAyT-GVuaFH;v;9h=FbSqFm*;b4K=Y^N+Hva1w%uEjDiWgL>QbwTimQ8M92^ep6& zK!?S+^)WTF6?3??(wZ)bg0+w>NZ8ve8TR;Eo5nL&lMFJURwz~5rZw(bG4#K z;kOx;FsqUpLKb%~;n?aGmUA7of|5%d$vFAR^0&sk#p@?*dXrrRZHsBCS@1QS7GwN* z=(!;o5vJGt@2=)$|4OQ;Ku5q06DQ%zhiBis8~cl z3LJU-3HS>93K9NyIgxw-vUN%u9&Jl1je|#DRH{czttF>!(f~P|W8=(EijM&{#akDw zv#e|hSs7seMotr52!QT7;4~P5qD$Do!S`?U3t?HV4JxvU6VB;}`%i0Z`6zsMi`?34 zKczSjJLllp7m6<^=AP}BpRmW8j(*SNUA3xaYfgM!FUiE;1d`UMLuW<~wY}1vU=K_` z0aN#uYh&{5GaJZqsv5=`)`}xbu{j(nMV;wK+a91)t7#o-JJwyT$wYmxYr925BgxCQ zuh(vFrELTBYjkuzeG_fQ4P`AC1DA;!7;v^hD}rc=qlEP|Z8|CL#jS(f);u*+Fm)0- z4K6wZ)=b6^UTq7jYe$n&6cMiHDYG-7ErQ{zzKYE=+$?N>-=v79ja$^-*U+3(TL z=%Ug1KwO>TLw6L?quL%ciaf$IoGL(16iQn-{hXY5g!>h4ZYWVAw!pJTb)#+)@8HzlN#K(JH>5WxV=s~@4nxYccZ=f#9 zitHzm}*|39L!8?jZ6rX?5v%gEbMF@ zKPyiQTT?s!|E{`!E()psxcGk+g_Q=M+F~^pC{?FP&#N3dX_HOVg;7&L0%XAOh@)T# zgoZ_omji=l4F|u$p(6e7dKg>;WJ?I1AS)xo+ZNQa-8HU$$;KFRqUZowEWkwX>s7^5-92J%K|5I>uY{K#fNbGg zHAWYYasm9Bn^1wI6|=w`G3n1w`5zVGe@kNWTL^#>&SDbFJ0$PshM8H=Rao?G$U+ru zSe~EVgQcZIFj=k)gq|Ye(`vePk`i;}wF~Mub_bWLK=^*~1JcG!4EHYMW!!o7HRaPwd@U30-7NCA3;lbYRU?R(y;RG18%JGXcnzv@`H@Z0%?q;Ht;eJ9n$rSr}vy!7p9B#AB$!q_Qyg?c!-QZ2cdQAQqqo!EmCF!_#` z-uO}_l&4nm7-Uw_rC=U9!irn4n4f%n>jgKq;jV;V>k-LgO_WeU2xI)=6i>U%>yItF zjlWIf`ejvHjaPjb_zE#m!s}=j)&q>bOa>HoJC<#JKr@Rnmr3bE#rbjjCb4Aq!58x^#uMI-DsJd*Rf7E}}0A!Jylssg1x|B@f?|am6$A#g&oD2UOxDS^Q z013F94RO$^>&oaMJS4M{XBQ3M^0F@N16=f~v(0B_Rp=?b7aNU%O4#VrC!Eypo7+G{ z+I0gryFm$#M!cviY897|1ekCd&g=S3$D@MN^Im6-)*89+Y>Y{*CB)+WSth?WdWnMh z{7jKJI5iPysSJ!N0D%ZvbSXXR7B5=r^eNpwqJeaLN^qaVq$xL#71g@dnb*Cx{=Hb> z!Pn^M_ydM9xRRbW{V~wj5-96OIEfR6Z8JS zW1JNoUQDRn_%Ug4>@mr&J=$zgwDTi;$c)|2d^>IEZhkz@=z=^o&DY1_I@n_PbwL`p zQHk8jiROXkgW8uVb=VApyqW$e$dbXJG?d&`$?+hqz^_(f5{#uDk~97|u*O^~tOQK4 z@P5|CftP;SLGZgg_^eTWfgIM&?5t%3{_S89&C01QP{EOBVKFfS{IGmGB7Rwq{w;DR zpJck_Y^k1ydts?$MHp0=yV;BHrVgY4&<;z`60^1&kvI75tO5OY<~Y5c0j$Y;`mU%} zO4`RmF8EdVswoNgAXAVBSNUcJyV^%KVb0ZoAE&5%n2Uqnuy-g-J|2`(eh$`lO~4-;ICFKcy{XRa7(2k_ZSm-<+5@C%aa zaWN#txfMzkvEFRdV(G{x4nIw;Qi7keGDBx;kNR=7sSE)?=e|fW`P5_Qg5`Z1t#iM} z2ev31n7|cGu~sDx5;7B{b_N316iOsm?3zWIE5R8M)M<|~av=xhW%TK}AYd}Jh%uKk z$sQ06YMjI|71SK$C5F{W(f6m)4KCLpn_@@gN`q*MLt!D6AG@JhOtcMN=&r%u0A$M6 z2PdIdmMMZ8fk@q5^5M_pP)jmf7Zzh1i1Q`dU1Rk^0hON-P-%r3)` zO+`ddZeoh_V^_pXd9EBPu5_7Dk)3b-c=7}O9^0+o9Ys)pC@EsX;b?<)cjI&wg`Xj% z!i}^1N8N9%dXuSld|0rTz>8l1;HGvFzzeD+)}GycLLo3C&b5}lD1w&U$|W0ZnkyxD zP-eV|Wxp?$SGS=A;yPu)8g%m#&?EKah~WgrOlKz^NVs87TC$gph1=)nfRWQ{X~Te4VpWejuupDoLJ=$5T!VO{ zpJyIa3RbYU)aMUQ3Uv}W2I?Fd7RR@&466MMA-~E}ZBX&IK{(k};WOabF$}@mBo#D; z3mvhNSK^y}LV~qLmtn*~v2E^f{Hk>_MZ$G6t5UPu_7ZgdB)u9@h=vMp<5b|s*=U{S zsTRuW2GJ-yYDwVBTJ}XKYIOwIsJFcRm(CXxoy*rbF14rCp?3TNa>E-jc9DLWWp;zt zYrArUczf+<(}|9@Qm?tOv?aOzSy+2s7u^t}`-=@t{@o7;Npk$JqDG0mDgt~{{bDSr zG7Y^mKt713VEvl>d#C5M2;PpNT)1Sez zyFPLn#TcY4>M$zonWqp7FbM!xJpY>oY(j)e`)+JM`$(#c1o2TwzIDKM#6`zeTm{gg zY5>lRWMNZkkpwDUU=-ZTIpy`D+(LuJ!(T8{{|lJ^O_dQ43G$zEO92bWcJiIOFh8I{ zYa?%KgT0Y31M8=^1muL&a5m4cBIV!-KBGI1ebg(E=3D<8ZU?In0K-X9EVz8B*!)gd z2H1MNa6h+o8^WZ*TW5-A+wsww@GpvV;ic8h+`!M>g=ID%3Z?j-qvdKXDSrFF4tFyk zurb<|&lX8R@|c{T9e5;x^@6XsSnmA%o)-Qk+k>Jw&#voDiiF&|!jMQkNJzxhJbp{& zOhGKf=fcgXWZ-G9%7yY&j9=(lzD()OaiXwdZ{mGeP4C8+qVPb(jO{yDU>zpW9iUB3ZZ!ms zvm_`MT4<3)nT*Z2u2;)6@hpVs)OUG0koI9OuPquD%uOJsmwurQSuxFMyYc%~&54pg zAvAbvH1@+0de7lzdRS*tM%|KN`xEqD!ydkKp4DGu?~5Uz#WngXcff9aK}U7($KjhO zClxfJ63BjJAs3WgzazhkM{tVN96-4-vOzuT*uuH34LHLBC)X>!Y%<_8p4_|XOlL;D zU&PI+PNJ|=2vaqWge2`DI={Lt6V?z!y2;H$@t+#H&SD*3_GNvw!hrJ?s5^4w<&WQI zq2$m(9e~clCI8mhp*3ldGVZz}+bSn5>5c6%ehUoc*t?@5MU;@+Ca$cp%@u+kq@E_O zK>c*t(3ja@#38Fk$`#IFwm&~cT%_%Tpw=DlbmGSq*>Ho8e2#C1& zPXVT70c7hT7M+*Msxl^_aoiL5-QHrj?F-jyJNt`ELiG%e--c;tzU`8NP3 zXdnQp^X%{dGrRY{8Ds2ZkrjB9&66!C8A|ZSv^~TKO>QuD;(ruTNsaj8x6reK^2M1O zD_`d7#cP+R81?zt-!)~HJjpSlsdaXVdd*t#JRtuzf(bu?6~Rsuxz7+q48uUdm=J{> zLv(k6=)IZ$9w*IoG_4I+1`x`0>nk>5iPLXiP}=o%ZZ+T#z4>Mw7-ye~jB5(+2tzo^_suD8JLqIbqllJ2ej12N3=)hnm*O8)*jQh_A~NGi|LHLtnSO>k%@M@gvS2Lps> zyXVhuvAB(6WlU{#hHE;0r9n3MnfJUq%e_0D+Cz!#rS$VNg+lgJFKfJQyX#Ttd{^3| zd{P(_U9AHodW$@T9Y`rqpj;?xBj|xFJztH56yrVw6Hg{wykr>B-(Vk>o&48;5&r_1 z_5U}(wkDr{>;0n+4v3igPYI^h{OmZg&G_+pgDP1M0`j$9vq3;OY?}c&eX0ib+iBKS|9P}NjYA79jQYh|_sF3lqY4Cao0Gx{ZV^WMUXGXH%NHP zanIahFXaf6(bn1W?c$8Mlk?lWTfP%AE(GqkREGt3r7w1y8mka841H{2bLZhhimCh) zx$0JFhN{AZ10LzAMsy@|gYCcHg_(JMASh6NpCp7K?WX+{KaQjkJ;h`VfJn14F zjjqHPDo_5_=V2N8?rN`>2qJJJJOIX&lP;&}UTRQFLk8_kP#ZpmCNm?BK5h)%Qb&C1|6C@;?4tIu2o^7UYI2i2icXfXFc4)avJuSYHSf7K+irN5B?x-zeCV-tr4^Fd8t)u;rnF>^0Um^T4Sw@V@k^J2kdw_-KJs zoLVbmDF60TaJ-wU@66Oys{&m`P8c0}A8n^E*x~~cV1BLh z0cWZ0#+@98G}IlVVLzVPEAG#Tu~iPTq-cr&#!_%uxt2ayXTifZOjmf3&$$4D_=)vczO9Ga_~#~tTJ>M;zT1d zef^gq<;Cpwn}sEbucAo5o|jey+^PrqZ>=hqL{6&*5e2itNKK)O&L5fyU}~&3~(i1lhhIo$k)<22|@|u zDK!E!%`u4U`P{Ey;HhR(6E*4N9~J!kM(0O7tC*nfR^TIV2?xcz=n7BeZya(C)hYEI z`o3FnHr(wsuw#y*5F}I!4J)b`-6Oa~QSWvYW%T6E!K+Rdqub)%E z{jgLsFmr-fjEFK#2VHEXwI=@@MY%M^8WpXaveTl2tp;923hGj#& zelII-nyCFYJA4+Lnhlz0j`CNRzN~jS{ASpW1?{)%Gb}Wvgzx#ns`mIWfGG|oWqbRp z2Au_;@foZ*>gNri&(vcYp6u?a%AyGyO_{_MxdU&btd9v0#>HB!wqZ|fGsVjr?wfL19oRoMC?nJqZP#7ZucWOx;w<&)OMvI(%w)Nn(}(t zcj&A|&?5mXSV0~kKbVGz6DyP=fCB$X61qkymcrWOrA~`YCn6RY`F@k(m(7~y z{JCGD$i-5I=F|NN>yt@TM^!VwIU8tESLVn$+trl|`;>q{`1~qOIZz<YNSipJTuBR8H3|B29x;`YZ_ zc*34MTgcGyG}(owBE(T%F|uwCI@TDfnbk&8_E9uE|C2tA1Pl3j_n493yMn_UgL3W+ zXNg$fp(TmmH3=rzOf9k$FjOO<-{1WQ5K6nP9UgPD*<2M?(P$X3cEAbuG42745YCzg z-@Y`7x8Bi=Lrf5N#rkEbP)5|MX)qk#fjbE;=dl81jpV)El+kIzrU;DVk3ck&*H7{5 z^K5iA+VsjhnPWu5h;Nsk<8zfIxV9s^+RBA7S%;UEKRS;_%4W$)85qpI#hEQkO*Qea z5xMP1r01CmoNG#E;30Sw$wL)TE5a?j% z8wPPaZxT%Xs6So5E2|XOOjz?HSH@;EDoRwAcx$@&dae8a zYW2~PcG}03{cw6xXX}qvV}atPm2frvHtBh-ZVIFY^F=J@enGEnF}FAwpkiN+!T_eN zCVL~Gj9LNIr^&)W_FJtH3VEGrJuZ<~AnSVTE8Vk}Tm@mOWH=z(GcO5r+3K~bk#lQq zhNuAx&U8)}kTdnu7E2l!jBalRkEWl!kWH&5C*Y3>g(-kie0mzY#X*)-! zKaIVA_BPX2Ku(G6Ho+ZFQ+8Vh^F?)Co>1`{Rs$fXu&ihMFqs^VnsuCQ=DL#t>@-s7 zAKqp~@#$?{(;{-2VFv22eY%j^VlY4i>bpO_brvKYa3LFvpPrm^mYqRg)qpLZj0SnC z0%}54Y77FsWz=K*l8ssNfj}IDrFSRrgWZTN8{eSWMMpRdR}dD0l{n$gx+$RymoPaeG%3a^VF@}BzNxTahk$&eWIiE5fYf2?o@+p7rNb(6(I3D`Rqr~C ze6a5eM9Wp7XdgbrEiw7(-(+}BLlP6IqQ-KI(XjW-Nm<+z#V26U5ZehPj|)96$z;ZF zGJEG1%c3g)2if^B5 zQdFs6Rn5NndlQ53OmfOqz(RUuBn1B|8z;AMq2COBn8^x7+NlAFyyi|vKo7$>$k?%a1Oq1;kB65vZpjv%C_Ujw50 zwa!jXGounz3fjQ{*lP$p@%IL=nj9jtn?{lNiu#_M0u@r}HV@}Dbs36Wq(@>BfBb03 zFDu*pFs@>vUYQoYW*BzgWA#pngbLjgst2zHZ4Hr7CFo1n6<-Po5Q6bnM|#ymMHr!* zzq~C>?jP1>Me&(B|7LCf44JkzAlnejIRPW~koFfGJa?dWIL_=VXzwSxnVz(UUv)~5 zF7tn?-9lrR{#q&fkJ&xJ1>}sr2&xU~6@`G~2$0UYh$l_@BryQ8HT_m+4c&@86Z>(X8o`0h6va zWT4&TOqNz%rl=1m8G?-NW6;%BG|ux6=&DX;$7IXT@Tq*8Y^Qo-6V1_}FPN>3B1bP} z_0NS$A1puW*miDFB6-6YM3_D~99lJVqKOw!mo2-D^>hIBluG{vG$ATy`OS9|REsK3 z$u-Ri>SWJ4s*gahCdSNbU{p(Ky0NwyZvS4HCBW+yieS)aES;mw1BYV>DXmon1ald0 z5f0zG;|B3k8hBRgraj!$!BKofj3AvXn*ZuO>II*#8gAF8oRBU)vI-ePOb++OA*vqGEyecV{fB>4tOc z@L}PqEv}+JW1uowXrxd>nX+4r=jS)ubPIb3Pazm33iny|6vBpfz4&Lj?W<@^2;_w5 zMO|(gusKGud!imK>xfUb{Q*5kwgYO;kJ6YB*eKEA8vU-~2!2TS!aOp5PXnB(Rzi2B zAKbp{SfP^dH&2gSb1TVN>Q-bQx9G6^GvHw|a#_Wgo#U7}cf&V0R0#XuIZ!r{3{%!- zEwo#Xi5DQ4ETB-)wz+GVh8Msy(ENjGr<%UFm)orkleL~4i`MfUo9{Ng?=dBo@A(tB z%Z#k_YrZ(1+x=g8`4fwOo0mVY`NOpx!STIB!E1Mu5B!I{wy?Sr8u42V!uZMRwHS}M zUO;#PfK<9lE}myl^eAq+9+AF3poyp1JQ(5wbh_dte^>P)iNT8{gdgI7qU&gbtZbWg z=~NadU)fxwgm-lrMIU|q1nCsjtfW|&;)e>{f+sNSVcvZfzq3SlI@u&?#HmioW=1-2 z;w|AG{?^1Z<$U$z@wzjG#Tul?VJ=O|v_4D)D5Gc{7}>l-N0OQMmFUGSMDMV8QgxDp zlLsga?8;Q37TfB6`PS(rFaYf|u;z{Gu052o$Xr1ak8{2y+9NUqJq^!9iyct9!FB)h zlu21tWR&guqj4xNG-D;%K)iPP5mE3_-!{@is4`>26QMr)IRcjkI zXFL6RV9zL0%2a-_Crkdj5eIqM3Ro4zlG@HIT_7VbE)xogBcYY8%_Sy&(LJEaBt`v# z{k2yLaP9ds__(6(Cn)6f$VxScRGi=9yzbQ*rPgNqm_)lPZQg>0N0-wvV8e^-Z<`NA zPSZ7i6P8kVKx>Q-Gztxr7}{`^5z?&HoS$?AjsbFx@^fv%n`aGeqeZKXIGuUp;wNtLo?+fidu#UVNzbKNQb+}YC8vm8D*=XSG@lTnlJ;RCNd z8wRu}*0Bu!0i(Y~yP33NvkCMp3BDGH0-r!}QNj(?al-h0XL-@(Z#c^c1rlmldRkv& zowx(o*fQGKl-biE7^Pg7T1eoi3Iuz|TbJDqIgc`XhjrSt<$J3fs)GSY72Itb*}C@! z?48-?3et%_QEv?_335@v0vE+xcR9s`x+u4@42ThL#{Y|q;@)F zI`Cm+4^bUu22t&H{)rGP2Fn~<-4kckey{y%OP-89!X?wS!C*d;>jvJ!@IP` zVUzii^kAKz6rh1@Q}J`gubw6;);@ZD5AB_c+r7G+h^s6Shv3q{y-9o)*v_4v)-3_* zi0C4AxkCfFN06beFhbT;W5iQ>$HPR5+7;;dsh2WwfuE$w3s}S^WJ>wo#r-t|G-y9? zw5fWU9cc^mRU+qXef5jO4C@OG`TtCyuRHGl&jcFxIT_ZQpm$-=TQFl)U?7Z{#pmXJ z*JlXGc0f-e=6tQ0SqY-O>1$)B$#J8f{{z{N&jyzw6@UeZ05Cr9R{7;Sf6p`J^4?aE zdhu4VCPB=|52(vJcs_{J#B$0i$fC6{-Hz87Du!WV++SW?2w5h(K-d%}7^yrl-XGY) zzDY~!QMiN#pGMt1Nfw{-r&pk4lJLw;~l zp;1p`Ds2euMXzs^m4v+O^YIwA{Tm-Y3^u@7!Hdq4Aksn$tKcmA)D&32LXz-9cLEh= z43+#V58C^~bO2(T{cu@7Sm%FZlo-D75#Cg*E(X#KU@6(k9oC2CK37y6(KlSM7eL#RGx00(BM() zIk5S=;W43gn+fH)LlC^YeLbAbno0gD2>s`SCgsd?W^##rG;J)z&sbDyOrhJ`2136+ zE*6J0-{o;sQTBzyu3((6xrsqSjuRG_ZM6&gruphu#if2M#(3CtF?Q4=!IlcWS--8! z;?UUSZ7doaH|Tr0w2+{2;-7V;`3aDmnl81|g83Pq~i>4cJl7 zxmOGD@WWQ<-&KrM9T;*1cvcOWiu0! zI5UcfjG7uuP~NF}9cD-c;A{VAMiMidO7_-mPrKrs94i^F_!y_LmtBAezuR$Kd@ibx z;z=8?&Kpin*5Or>z`i!aAEq5fFO{dCKm1hzwlQUN2Fcp5U0-Kbryi)pbgfr&ZMljJ zDoW@;sNc!%8|j6jJH+dtLQx5=8rgi{&rE3k*J)mvW(Lvj8R~3CjQplX4l6TyP4yB# zoch6w-sP^^&ZMl<-8TPf;YWK$h6}1_AoGvVFYI0=hQ$G2G(882jCJn>kxEzB%4zry%MH@BNq#p7Vcq{iwYfS&_)5?;}VAgVM$;_Zvp&x#R%1r(-2OfgYu& z9?F<|O>j{Jj((vaOP}Rj-97J})KoKPNma z|8~T0>~3rF*EC)@5DqBP-!=s)@%C>2DR;c1Kz_FGZ(E=)Kz!Ig!yABi60n=9yzM9q zwaw*-4u3ED;+l8VTP?uz@&gkAoiZCP#N#S4kjlAey}08Mbq{rAhD?>OGDCX|YD#(X z<(SW)@7r8on8D90BeuqDXq-0(PrCAaAL^X_B8^MKQVfeF-}M*;lNi!x*LSA&=xiCiC&s-MRfZHog4xDYbbccQYu zPAfy#ZSP#;LA)_`m*b!;cQ319-29aU|6ie1r%+)0V3`e;XD1^QHWvvHBS$T1BPS$;|)%voX3swPqnh=8<7dm|ciSYqI(gSeiyotzf9bP55>KJPUm zYjIXSF|%w*%4t15i{E`>Os^I1JQm$#-eUi$KbV9)3nDnm&D-c#B={2p+g$BCrqig- z#F`W5{Y?6WTR^v;%q5X_b5L%#Z%(Bl2U;t?T4E2XFsX?BK7f2n)csVI9F!eYhEgh9 z%_r`-y)kpE{Kq<&QvTqp@odyfQ3j$$`!5hL8}TnuvT6IW4G{|{>AHq{nAvP^8L1qD z!`p>K!taCTK{{z}9A7fnX<}BZ=#fls+j+H1E(#7fPYQy5n}amsXgqp_8sWUh+!EyR zkJ!)FER1Xus6ld*QGXrbYHIxI%{8K#-dOpxbvP$?youy2aSYX2jyEB=b(D{Ak;ke? zwGeaHV)qY3p#L=U6mNTW{~*#jfjU#@l=@NafB*=_@awunBuw?c-E{Ka%*{;}XA(h1}$wW0vgIPFS?ovK^$$W#ZU&KEk8(BT`n^YxgMb?TTdOkf;B zHQ3NA@8F=oeW+D+cmeJGg+2cXP}3X}mitb#RE((2V{to&Q=BqoSDe$KtSzl+aU%NXoH zTnFb7Jb;GVhm(33I46=yw*L)z!qIWR3X#UqFQ?Y~dV(_BS>i_rs(L=SgC>rY(a&nr zX&4;cO-LDoCHmbCm(Z!NhY+cQ;!48fu`&6T_?3l_th(-$JF`)Gx=0{6a9m-vrYa`3`(ORDx5uL8vR<|kxgHR`x&Xrn9P2Zx0xorvFCKM(B3;a-CWt4aUB0%Q`FH` z&4E3(Xc7KpBxo2{NOvt0$n-6#V=`Y=1bZfdAgc;O*|uZ6Ey?ayDKh@J-TX?wtEPcU z)uz7%a{Vqd8({RM-advLc|;T>8{6dkeTAF_i0`~ne4 zg&%!hN^_z)6CBsurMM@ov7YivVOZvHox96Vv-CSbvr)g!sP$Q+m86_@4Y>0#ERzu!5BFL4iert<19D#qebiDt7z--LbLDafps6_Ooq zsQGAQOc{;nBi*i57IGL=hm|C_Yj1QV#SwL$p~XQ z*2hRH*d;I1RfAo9HcSGQ5VbhOcS z9oK88{)7|+(#4(Q{S&{XD!>K@%NWWONxLs^P zx)hn8wq3vxMrL7&X^s&VjAS&HnN86R+l;N%3*WWTJv7jmie2Zu_Wc`UVCC4>3f;HhK0MC79c5I}Y%sDLMBxNXPAGvmeFVEB9VT*DqrW|ZRCH(EjL$7%&o|X-*q8YD~a!>&$Y`B$8CPLpX?etHwHG5t} zPYay_lkVx8p$VA@%^utO)7pvKN>jl($@-SW(&)D-XGME4A%Hn8D&(J3+nC_1w07f? zM9IKAl#6~6>dV7 zW4_ZNgKLy;7GlVaKPMO9B1CoLpjLFZ;cVQnb@CJ;dwq0ok|H4D9~*?XL-1N%WarP> zd!OUBo?hPNf5 z{)9cl7MD=Yn3DX&u<9uA6E@?DToc=W$8aKUqbEYyTNKPdxE z)NhoMx=Or6W$6O9+nYRdh57P5LL*DFbVT`hPU6>rxj2splBhtj83_sWL*yC> zeL$7G*3iLA5SwHR6B$aUZJszk$8aFOt!tfuX?_lH8(Vlz5PVJ*FG#VHebh%eSbeW0 z@_r+oNMze>XoRo>6(~wypbjprXx8(OQW5)@HZeXo_9^ z^cy-fbrOlyf^a1yU5Pn~7t3O5LIe{xX~JT4XhA#RJH?qC^_nlAYhIEA@~ay zA0;a?vOO47Gm*MOSa*Bdv7g$wqI;&f7G{nQParyrP? zLABv@Ajn)b+fhjU7F$A-KO)ILoDRbO;&$NB9zdT95ppBiOS+A zfddfYdO6){Gr2ygZaq=A`9tctRJ7`9A)nA^+}VKpRpeTPK<@U62*MV=NvmG*6%cCf zC!iQTAgMEG7lyH6LY9OP0{TP$&JoW-|kz8#79+VCO{4&pUb892Dutq<%wZ-Lm+UH_OBM&T=kJ z`0$HtG_c-_3lFf3To01bL>m^9*>9{{sRSuWFtoIN+=qPa(71A9e5MBS=MsGM352Fe zy`#*>Su^ry?MVJ9XIn(QG|ZmEZ$igGg|jQ#hg5HK-%cyc;&Q80^Wsc}=VR33?Rb59 zC{6Mw15Z^Oi(W~Y&Bm6}QE)sp`?}gmL>pDg0_sz*7iP-9I(T_~UVT^-FXh?=>T&C-dq_n{Up>5tKc700gk;Ss-{~^b>2?M&HZ-bJ!4+XS4&&>i zrH>M68(k1Be#->`7xREZV8_q8oEJ{c5iVCLV-D{s-KwctQ*!JoS7%dfb(B-BMBOzS z$^+?`fxR{`n30{%5N+A5ai4R%wX4H?M2#Y6M{BjL^0`HNcji=Zjac>PVhO>zA!O!i zGcd-k1wZb_!G-B?M%Z4h<5YqOtAV?6jA`QH%kTP{c@gFxA<}#DtONPPo3Nf(mLS0M zAG!}k_wG}ztFxB!p{aYP;0Y7sDfw3=!N~Iz}OHD{nlf%uNc&MRY zABqXAl}vo$I(xE16_tbEW5WP>*95-%r)AR0u-dFYsS*bf7)eLJ_YjCMz26{| zzjqb&{2$wYR7NCK@cI@5%{q7*;ElvOb!cwe!7NnnJBba%@|2^w;7K?b+24H%0Sa6Vw#XGK z5GI89FTZ69a4*}}xLXQU2n$FZX~WDHJ5QrSj=w`7>;YoYR2s%Pl68MMBYKarR%LZc zv5>ErT&-pk_N!DavWigsPEBG98SUa0Q~4r7LJwC0?uATZp>D5d|LT1o}eqw6`mDXDIRo2yz4<`b9wNyrEu$v10y)y z*Jyl>>NAR;L3@X$nf$pqNnxq?d0AL=_~=Z5WMyAc`a8#7AS86lYf%ARcl4MVsiPdfx%yek1HOnMWBlR@2elWMo6rbRnmY!y8a zRweD<`xwUVs;UkEpGVkJLw|e@elq#Kg!s1K5BjMHevx@TJl@n$vRJ!948>{V16z3& zBymd39nO=z?kZ527lh-h{YvSZ<=nVcbZim-1SN<`FpQ(b=>MeYger1ZEheZf+}Roo zS}DF&-bstXXmi~YK-LkAd%x%$7k9l9C&Y2{u$~FWy_d(}kX(`Mc+pW9NX{aYhZo$4 z>WV9vMSYD`0~MJ*kld|RFYtVtz2vdK$)zIMyt(`QpAz|-6jH9Gv-ndYnXHQZHX+8z z0=vj>G_Gsjke|XYh3(2NiphMC8T%c&9z79BQ6+? zdLTIUbfD&clU=xt`+N|AD8Z(07`LLNjCaVldp3ShFTR=^4uux$J}1rIEker`(@^ab z6HQJKG^d^uZ|x zOReaG6n9R<@~@3+?%}#G-xUl9SEH@4u;mXp=}#_7x`0te8PMddX-GF5Ae917R?6Lu z_u{*tTm-`O>%(Ln+v`dgI#%7~zFe%(J}n;#7h9ZD-aCIR)TIt#>IknoTvkl{ZbwA;*_w zgt5Sd=1k2ED>&U6wWtn)kD(Zo$t~{dlqtE2t~NWVhrl0i`ZCz;gGhczG9@Ik9Z;A9 zHP&+R&9b&Nm0HsG@IH%vY@zQDQ}Sk$V%M*`TVKaNB~qknN3^1^o7#@tT%7pq(Dpwi zqDGVZ*MCZ5B(INu+Pl^+MF9l%CCYt55SENix4MgW?$tw9;ZjL6OILAHE2>IL$8kYh zjx8QocY7c=-cl(VwZExqjnXCQiyj^&g5|IMdMv!ou;vl|O~S6qVfOuQ3-&}2QxbFz z3vDbMZX~y)?^YffM*c3Y021Gq>&WXF&(_+^Mf+L#sA%tQ`h=LaX5XW9nX?@;4*BA0a z-S>#sN&oxvbzf@_`l%SRW1d9ePr`xU@?EAn_fpK_pQDs;61%a(g~p`IS(C}EjvAX% z!%~VUZYy!5&?)Oq+VmrM#%fD0|&L_ z)|eets(Tmf{b$kuCNN5-ES_)b+|3ogQZl|bdE57r;ife!sY>4tyxdt}TZR_AXb@En7o&%p+3r_V!O?ik%MWShaufGhSI$hNF4^LTMk*)- zBExeY3%dds78Ni?Yfi!R)|P50w++o}beZWvuOuRJ>i1xfJg08q^aio^G_+0(68^Dj z4<7Amq1d(X#Os)%^whZWv%8{;6EGCS(JjeBEuWkSk_RKa1w@|vXZ74Un@heeVs$Q8 zB&#bP_)m3}(Ta3$UlFiomvV;o{3LX0A&01VbDuNg!^6WA@~g|az`^5Li#oR<4QNX$ z-4!uH>-y<{rMkI^S>g!s@F1g|jI9Bf5kkM%hyQ7EADO_s2Lx?B!coP4lK6)5-Dc)v z3Ym(3tNJRAn4L@5_|^%?T1`P$p^o;L;@>6mPcKL%RgCG+K?6p3a_5G!{4SmKJCd45 zOP+k8&@*DMALM(F3##gfHhQ3(ZwjriKfT83It?l`Qd;%9Yqvr(SV3r6R7>YWae+gJPM} zl0|&aoh9TJ3KMz9%)Bsj*zBc62V|^uzXCmiKN`E$%Ga+AN#}IRW!&1)K|x#Pfqlk{6&WgX z2G;z(yd^jN?B0WJHZX3uzH5lPXkY*GOGjM$6D(gN!5M#{>h+1R#5qy3>9m@i#lQs3 zVCCW5@GLQ-pCoRaOEjV*IwQ1f(P&D#zKo;7r_ks7_*vZ+FIJ00|LSKP_$?}VIC8Mc zBr(@)1mt43N{6jK2Avi1XGk9{gERctpeOs zi56qS3=0Y9?N1+TqiV}t7WkmdnUo4!!{ZJ>Cv-o+qc62M%k$3aU6XiTL9_85Q#NqM~BLx1CRtovE8N znCy+1X64f5GmIi3&{4J~n9GYf%LQnZn?E@}T%+(grR`$=&Uw96Yuso0L^G}Rl%ywf;pZJ~qim;_-@){C8_2%haiAA4f3AMOBkB35+(iA|g_iCp+ zh^Om`>-@>xxo(A<9}SREJo*sBpxp8%e+IAdWjt6Y+9C`oZQa^lsT_iU?NB~_3!YHJ zeI$QWwN*^T_wv*whAO_8G}aNv*`7oMe&xEWuP_^x z6!)=Qi#++~tKdg54CY~!hN?KWrQF^?-NTL=Do94Cuqe+<#APvNJqN3Lmq7*glC!T> zJ$Swbfr))AT{;-^onOj8?o(MTgmrNomW78~>vp|H$eRPd@97`mKxdHi0`eSFUX;U2 z7>Jy-5UmhO#8E@G3MAfW<%_ZdP@SDK9@6H$ScmMl1J6d`-y`+SXvQy;7$NRZZxc3X z7WXI&J}&#%(H}0&LXIf_Q;-1KLotiBg?#l9D@6gFTtaQ7F6k8mVrCY}qqEhjx~&9; zEbgOhg1Y{3YAN83s66_78(5On??98u@rjchC#R*Yc~8-=K9gV=>rZY9bg;qRMAZ#5 zr)u$7mMDejkz0;Ln=-eao)#t2D!|JgxtXQd5@q}(^qm3NDOBg9KJAmzZ?r(bD!*TQ zNmE6WHC3+!1=^wJaqRl4RM+H!=U7!L2hmZjX(cB$GRs+>*#TuL0^<|OT~4E$Qd_=u zZfCt*)4O14C*%%egrl}DfQIXY%7#OMw#QDH+waE@`xbWDmp2bJ^({*H{nML4L>vg*x}dlTMP zn=R~(c8<9UPQ#i+FoX{>6nf%{Yg%2It(#1G!XpcNG(b&Roj6|23X}8$54%ajD4iyg zT0Gl%BJ~P|MtYQWFCqh`v|SdWnhSd^%VrPZv6PGlX)Wn&r>4?#`YtAP48L>q52G~D z&jjsQw8_DKAy2bBz4rW`1sL>Yr#DFBLDHS_@uR-LJ`oY}eO=tPVF{QMo*21PB42jA4pjQDL`` zzyLF@L${GUT(&0{+%IdgO!fz}W|+Z5QIPdZsb1UkopXT40Lr13;0H6_#i~W-uU~uA zpNGW;F)P=sG6Gpjs)~9r4(p`$YDa%5bg&{r!hMst_EAS=D>bvb?A(<6M4~I4w9*+x1!Z z)!sTZDGCupnLSZe6Ti#Fd2wn{wZo=7{Z|N9ZR>W^CAv0)Ml>4vVMz&apJ_#5iP((O z+|VvsMc!1`ffVB#aIYjg~$zC{|QYCIfQb< z6{{BJ8HskLSGT!bjZ5S^+z`-G!RFaP19hBZ{}(Q)fl~UDj0aiGgdlo{maOu6ib-+| zG=A-d_iZ4%ZP!!zObaFYb3kr<8_#7dL_Rjg86vf0)AgDa?)f}^{W#ptkt%(em#3T0w&mP63ZJ)992A0*$ny9C94TqT z=Zw5T>F+oM-q~j@*+owl=ioyihN#dSNi_H;FL@vHdfSuYqq zp96-*FMw!`0AJi6rD+Ab0z#Dv_};LaVu5d)yq6$c9f|VM!rfn~l+VNUhyp>sJEsH$ zS6u{0(M+4j5!xDZW4@O&cZ`{eWi`OIW1Bnbx|$}Odz@3*oGhaEH2WPe6_n;17ZyT` zj!9#$F>&-@ogbNC{nRDq&4HiBF2G7U!AYJc2YP9NiLqz0G@Z;6{Z)K znu})rR!?>>Rd8%xf(&H%2o5~SEe^T))2kMX#mpW8!{*xd+TQSX#Ryiew^Iubk|q+u z<9GgiDB>G<3gM*M4(v`k6PLgkeIH~ZnMCrD%ny!36Nf@$O;7TKdnysIvzs~9yW-<@ z>2>#NImM5mMGd?vI4OH02=9;yFAc_?eRe(1p`$jkG1-IMHW8mhXW>#1x;Zq?Q72iJyoLP3=52cf{M4}s*Vi@Si>3$GPmA~=5?pd5R#>oFpaT<%+|@h zI^q7Cp-NydYB^N>HnJBG#)(Mr=Srnww)$%g~&`BXfYjG^7NrsHguXe$8wUAN5)blce^p;m1^S z$=})mBJKB-oMsi}(C;8@Ux(50b9J}@?*TV4g(@g5WaOm?f@3JFioP(&-z)Ko4pmyzEkXWbAN>_?}Nzj9sk`$xX z;ccy>{hF9Ma>F+oik0k4dO2Ox58*D7$+9TZnm_c$(WIKO7%G7mVANcqKSdYu3%)6~fTIicPUI*TXjNfOGQ@JA zOGu+7mCpR+=Fa28cwx5kkF+=}(A+~co@X?bWq~w7RL~+#!j!fivcRy<4qg5R>GoiG z*odK}m`#4z92$SR=J$}yanWEekH*~}VTn+4|P8q=m++V?rZ`gSe0xjQmJ z^7$?r4ks>PQwNE6@K635DP^qNR`R3i6Z~d z4X5$*Yq$*AdpGfi$Wr`-!Kj1!Cxt|8Zcn_sb3#+!oTEBx?Ym!tX^N8H98cOs*?~Fy zK9L@HK$wyj@ovAXVD3b7k96SZa1rQDiXmKzzkg_RB3r z;C>Nk@_5+l*b2msVFHlA2Hr(Of2cno@tzD zxpNbg%0se~$?L z7fLQ1T;;FJEPzD{xy@#P@0|zVf1>>C-%j3xVEE#~00sW1-u|yi2K5Ik4*t7G_8T(? z{y&_#f4_pZjRI(+Mpix;4Z?n9YBl$SK>TF;QhYB8NW3xTIE=_HHcxxN5q()8i_S2m z^nJzsj6EJAnK=zpKb7R|0S7U!GISVwAz=SamH#W^rHDSmQ_Eyp?rlr9k@qM^>!rF3 zg%in}2q|S(tz(L~z0b&g{tI(43DGf+kj127?<49DP118VIT;l&K-b9DphF7Hi4o!` z7Y%?gQ=&>|#akAfCduLny^RK{?ClNVYI)X*`b=17G0~$UMpj|l>-%~4YHQNG&!U=l zu%>_+1_z5MATV(bj205wD?tV=WbXte^vS7S#+mD&<_G0S%u}NO9NbCQnXNoiZPIg*^2rI z?m8p)uvdg?CilhX#)dkCM!+)yUQ(TSA_cBz{IF^P|c`YFnC{HD{W38uD&??dj^-K(%updGt%fyx}6rnsi9SFSnte@q7M{zhRJ?vDC2Gl66t4v>!Xm?* zI9^Br_40fqUGd}lUYnVgY2!`*)A2XA0{5MIc_Pk-oXkl}YaPxA8#RC~I>wI}*5*^s z5?_`lpCUKLy@~nA?_5)iJ4lO9il3uiW)}EXa|qLD$C?d3#;DTN=r|}l*YQG;a$?N2 z!-pf>WQ}9@`tn%xX0#IaI};8+E)8jnc}p#(gGq)3qXHauH-H0;^&5BWC7PmK14hJE zBkuF<7^gMs2vm8$T$mO@;4X_!aznNm6KmgX1~>32U3t%_s~~cGoE~WbC7Z9#7*}4p zqw(Qc2~$SjH(fXru#EG_2EmGc5@b-Sf>_}1a|s}>*OSM>kQIOUo0Sa2B#VZqSdQeA zkB?R=ODJ`uB-o_jj2%L;237KYnUt5QttYQ|ve&_N1L7F7Xh)+4*t5?K@|{JNTJB)= zhf@bjRKS|H9N>^2a%ZoD%nb`Z64mSBzkFDV+ z_M`A4<>G9>@NV&8jzFZ~h$UW)Zr_WC%53(SbVV=jtGZ1wVaGH&@V@W|2ap~BjrNV? z_|m$i-$0ho!|T<|Z|A@$OZ5ODTB3_F6603ux9RKfoK8I~hC!mHZ@@JvCx*+r*pj5Y z(@R#is1(ciF0UobQFv8sT~&+z9`P#? z(caW0b7OT2?vQmgAa>8&T@ng&&OkB9r-t5Pp3qw0LQU#cy(VOSeG@bXGx_1d=r+(v z5&A>AI08Q?e3t5BCc(L>qOj5$uE)T1*awuJeLzPF-QiWNIqdmjhvrn|Jezz7r_JcV9!DSZbb+tQdsvG^WlS zm7^^Y1dV0~I&7>XoBOaJy3&;`Jkf3~GLDN&_6gKr4p$#!m9LJb&MTL?I?8gT6))o8 zr46-|i8tNSi%?3&j25WpXfGW^l$TNJ)L01_m;AMh{v-K*>_D+z`HECGaGP2G3iTA> z=$#DL7PVG#PJx;hsYCf{C-jZo5d6LtI4Tca_fS6aBw98<~~HwI<_~@2JD->Hg(9_sXSuRp&OH-15R?9}7Vmt^U|o6hm1T8N8|e7w1O!@_c^T zd8lllciRXboxc9#Llm*m7AjiX6jQe4BFkfer*Szbw3mnhxJhCFwm$HoU5dw|o$HOH z8A9$3pUFsz$Glj!%N!hsiJ9ZZ5BB6P_^lXk<`iJt0E6q4UGL+s8eRQR! z6U_$W6o-vH86hj{X~%(^DhTH;cJ@^KcCLRL*h=^3*yKVGNei~nmF zBNzJpR>dduW-K84>Mp(SEd>Q?IKP}|i#zt43U9vknzG^0fLdd@loIa_MnX3+8=z~g zEL;TE$N{mE%_C}X{#wOyjG@|Rv7nnrzUc^ZrU^3sAq>~aT zmz$2dfQQ=)*qI3xpWFp%iIFqTWvc3Koz?;Y#U4ph1Wl6{AnXXmz`L&uB>#xQ#)Z=+ z?ja827uHY41Sok?BL#Ss5>OPK4tgK+6%G zvCsuL&6OKDp6Ral)WnG*H155l(cN97lFG_i=3=}XX7x^@19wxaHtF-Py`c%*)y7wH zm|1+0nusJ)KF)KWuwO6;S5*m%`(i=s=*+QK4EA;BU?J2&EQUHPJWuoNcrp?I*)mdb zsdJ@j;v%M6eBT_CVTXn0k9RB;KgORJ0;VB++ZSV0*`ArL@xt(L zSb-mPkW%w;o)Ta4iAIM$JR`zsba=ZP7sf|!EeJ&+lMJTCJ;mb}g_`h&UnKlY0?W40 zBUyr#oQiXo`UvJ;0aSj+7M|7eGix&$i+5}pOIr#Y6)asU!AqOCKIyJ;#R7;mDP>6V zsri~C1vV~GGXCtA<`}|YWu)?_eP{vtbsr$T>85@SdxG%-)^=7X4*Ns?5oZ4n6UOBH diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA deleted file mode 100644 index 1327be668e5f29912f2517cc19b8a91bfec48c31..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13833 zcmb8WV{~QR)~>zctT?IIwr$(0sDg@Jv2CMbvnsZ2+qP}|1%(G!L7%DuK?2-+5DEr2C2l4!+1e?QSEg7PeU*u(71R%hIww(C zbip?*__5hU1T6@$bA3MojdP=<2Zf!nXO$`F-AoeQa2cQDJ+}p!S}}Qn<0ql94v7h4 zT)8p@hO`Kj*%`b`P53##WbPmf^1Omm!`g+ajnlUEEg>A|pzP(Y%Dm=AvH0MFs814U znS5l#b@7)fQtTYc2LNnnD)~BHi{E0SaF9 zsWI%Svmcl;xNH$XKr2SkmyyJ5t(3W`?i28Kw7rC3KzBCawnMW+8yt6E)yYRTNY9Xm z3k?W#H@u&WVBt~FwWe9al(3e%b2iP^SnC})sm9}fJMw{XGzeT#BtFbTV7p^2=;`AK zPPBeQ#y>v8EDw%{d^!Kk{!y8b8I^E;qC)6VC(PNO6oC;y^dMvYRn7W6HML1|!fi)@%cBo_-GGSd)o6ePc2@i^W zS*EIJL_$(XRl#u_I_w&HyH@rB*uDLdVdEn%S8rhk0Z&_H!R3I+xz-Rx@UBXXAI8*Vvhx=5)RXmCM_J>E|C%v3^pG2zxPuf7xa-Cp@>0@BW_j zYB0E#SKkJO-On#IL|#w)J*fFo^5CWiJlYPN_Z0Ol4MqXCWpy9fxfM-HwRvwbW1`jC ztwL_JNw_a2!Jw4lr`M0{#`QGbzA102I{UfBGD``}QQ>G319Nzb$R^cR0Ny~Bzj#5UT=dYR#MFFqHm zp(LK=U_j57tpQ@`CP98HPQ%{lRrcqUl%(98o1`z?)Q#92o6iJ@UZ>N8_oe`!Lk1cX z85CR1)YKsBdUOjfygS($-!i8}LEkzV{Ke|1vOwg5I`S+M_P~jL4&lUCn^(J$A{*|x z#X+a+iFJz?n$MzP+aAgBLbBav>;<^MD#(8z2nZDiM?!`MK>h`ahsf;Tlt8Vi@ev3$ zLlK<UN6vCB#a0=Wor`4IKf?*ZB3QUpQ={sqs^TJPw58D!)k>3U6n^1?uI z!I3~f|0^&f^Y6g2u05o$Bbv^x@JIl^MxT{*WqzSr`_`K)I|+&^qQ9hMIa}J_n>tv18EBlO^dNspWSz$(*OijakMF zTcU;=+p^BKjfnkAg>r2R_3_PM;Me3JD1B zV3X%C*EY39Wi`6KvF^tEzaQ8X)MQt9_@oG-zBS9#z(o_sPlXccIf@d60*rfy!` zi`1YiM8n!NeynDJIi?Xtq?H7j<018rfJRkS%`N_U{@97)aXwk=q zvB{$chAW@8jKpO(gg^-_PxL;ADKtuoLb2%9U^o{tmqGprl=F4TwZyKu^;sE62Hp_0 z)0K)&(iK%C8$=b3sBxG5zr(~E(e-aka)nRJI2jHJoPHpF8n^Y{wmzBl`sJ1BizThD zaN!}V34RXmIL91|Wv;41%f%~*;Ql1Z4_HM#&2kA`KO0v0YSojZOo-+C^J0T?v>4BL zu4u?HPS)7_xL`x`O89ayqt?M?cNA_dKG*lYcZdYc*LBy3x~!?&29msQR%X9PVzhTdFT;ESU9a@r>Lp`UF;=m`pIAlv~)-v8F|FV z>;>o>D3Az_0B@$yv4dz-2T5V}XZ*v+kFU8OS$%t2oeURyh(q!@8ku>aelh;I`&!*WzEZlQo| zkFSsJpQ6uPOCrTRzNl|LM9?nyfGkoj`kjEeLJwb?SkB{;*?zbcwV*$F|J9xTtK9{Z zjsG2JnL>Bkd5lYyM~eg~K_i>v#F@83IS9!_muO-?((o2*N#7_tTC9cEx{?|8oOi^+ zpDb-J>zACUxLv0&z@AObVvzYR*ql~LVjRdM#i%Is`1mHO38Q`LC~0q%IY?nAXXutK z3>T4t#jp1K;TqFgp=u&bv+93LaKJ~W5*GHO3Y7fZz0Nt2Z^yF;uv`D5DxtR}MFg{< zZFd7+UjsBXy2pMnw?4YVf>`_b3X)!JdgcXmHtoms&fZOO9wP5e4$U~|iP~xAybnJE z|DDpSs5M;ZqTM4sQ;LUz9V83*Rc7Pb%H~9-){!`2ns_&_nQC=4^o*hfdmr_*r!B28 z@g~=EgIS;mc2Xg+ za=&3B@+lC|oJ#~u5dL7Dm1YHXR&o+g2P-M;zPiH+xbwU@colENU3v`~8-RkCd(Qf9 z6b>W>Hw_BtNvNBq(e64Dup_yB>w|siXS3T#^G^53zKGvpBPM@>dO`#%iSn6^5{G!n z`u!+)(M3@8TQL>?KB!Q~Lq6^mQzpYGV4W4wF3QMfkB1q$r+#I#t>h=a{;DLC6cAci zu`)Ly*dGZ{>6w?1MwoZ|*a1=7FcEDFOkrI!-k)x}t(u%1~Vx)BM#60#uW>9P{t$|NIiL ziul1=-%6VST`D%FI9RQqA6GnY9gJI|1pg~ID)UBc*&JnqJt?!P|AN4t|ot>f>qe?)am0F%v|$5p<;&e&CBr}4bFQ;9 zyuRei@wTlRtX)dz`VA$JxBs1g*v_QE2P}$RMi&P;`d)ZDW+l)Dr%=@z^yLACR&4Pj z?H!HjAYH>wXEdj?H@1R@y)NrH1Y-q;!d)c1ACFpdBVj_lidX!wflD zw1q(bFk)}@j$&%|fR8Msg$zr=+_9lHcKDMBQ({WkF~c}A$CNSpVZGl|e|)&p@6`ay z9$lu1spCKf9a~i!*19sCMl) z8SzTk{udW}X^a@v$;!0(!Mbf?OE+t3h&Xdd>Zbga(MYwynsTXNK`X9{iF*wF<|zY~ zuocJSkNO@vZ&yQRO_m4(r@i#DAe?Ql^${ObuR<;C$uzCVD&HNu^Urr?PbH$VKlId* z{YUFCu{SoRH?jZ!DF??tl!NFWUcvVt#N%)5{`kgrHsUKJL4RLKRp!bk!h(#&(is-j zFnFK1$xSe;SUP+ZIIBayJg`ato0l4TbY5*c!p1Hf$k4s1>T()x5PRfeAwbA(rBN_6 z!PIWK;YfigrQE~GoTR+mC(?YVz<A;>E~+W(B3l1HpvC9{`- zRPs%dK)DRk6?)>oI>A2F+a=kg(I)h0YuUI)??HWtii<)%bkpjE-&IN&}eIs^8Jz) zxz`net+S8E*|(z1McQsdl+wtVlhVE)zhuQI@NlE@k4jsMvwGsWl#@FkJe}Ns=JL99 zSdEL3Z`Eeq#Yt-GbQj%2j4YO<&o}h4XKYp~9K;2Qwdpr_%|Jcb}p=!et%D zY=a?SB9O6a|NIJjrPdAt+@&xG0_+|d>8g+-PB4!o6N%D$wbRI4N}8X6Fn6vV);?eT z4xRFO;7X5Nj3Db-flWD+s0kWuYTvayjWi|O%7f#_ZWUP~;=PUl?{RiKm3q|~(I=D*)^u;cRjrq}5qd`hBbS8J?nxg8;U>op?-by!!iMhNt`RJ*E`Q#MJaJUP? z!GJ7qA7B_R#>h~f0T?|5yQ<%9;f!XMCl7r5TxF)dKVP5j9uhxr%&w_CYDlrh=kI;( zWtuvB^a~0yj1G6MxDHfMU8zX*U5?%A*YL%)w5R9ChI8f<^4Bp=wYxqO{8*hf?QuZi zc7cy(O%lRiPuqEBHJKXBJ(1#+9(5LA9tst!MJ8@Bj#?~Uu+3Luw{ZFhMfEL}eTph= zs<^^8cyl!(0qewax*^0rbjk%gl@CTe15b^Wot<|_%4f)iqj4M^I*vyO!y0rv`_v{@ zK`)nQ`{`)v?cU$if(1FP*(qA}b+?`Nq2(}kvvY{*aWbBWAmi*w@0(wbRZ5PI2V-9Q zJXI;GW#`EZZ(!k!c{y5;pwuI5Xq#9UmHIbHrh6)ZJ{=y%7euA4RynGlD6Z8ANs2CC zXBIo>6*Yh!cW=tGphI!|R}zXUy9oRq=#9W$7cfz0%(j zm#6fmr&+-qqf{I+G7)VB^XU97Uty9qrz}BtmqxnqyYM0ek#!-up>7rCsvJYI^1$Tn z#{7jTDlX6St<;i2s3dN}8A)GepChNNWrq-EsmBxDYeTP@!2_>AaCip*^;0hI?fO9S zkFwrrgR|rIt1S;0tkYIKvIpOgNL87d67~tT!BxlXYUwGjmRe&SaHikDs~Xj(nhk`zP-|_{RQU{VpLb_D;1T z1|?UFlY|Rl-0de_zb!MnUV!eMHyGpO&jG$VY|dr7p}5%K(&G7HuD7^k6y3zpk8krv z>aKTfeAQ$hc@x1NIdxsc9C)e}XUm*h&JzJ*%Tlg>K~Y|K*7P6AGVJArO>2k^N(8Z8 zIE;#H&<;Nm@yD0uJf1(V6r@~Iy0 z4s>@Ep_3^qhfj(%XU6Tow&5*!+i`kZ6}C5Id}ChNrB;+q>(#jlY7bKBA@EElls0bS z?Tp$X?yg|^+IqP0$g7ZMc^5Pc+$tF$GxZ5k7pcyS(yi#D$?E98E6P7D>6 z1yD{7(Mfb;b54Vj1eB;&RBC*eND!*5CGF~Td(jCIs@ZE++g3>cj#b*=5!ZXLqm}6z z$AZXSL#zgB&{U)2f8z!1e1;Rzh660ute1(#VzfytU~$PmdV0Tv6%S>|VNF;|!B2Gg zGfJ&HotV4X(awm<=GkJt`xDE&(j|KM{>BZ7lzeT?Yzy`jbn1UFy~Ekb*q-al@@w(Y zqF)NRp@|e2OekgOfh|EPf$cR&TV|7pMGMkB_^{q})S=!A0T=ssm_&oJ{=IhkGc-%_ zNBrQ<72s+Rbnh?MUsF?KOCP&dPr|5i*7l=$wbw#Lr!71KBQS5@SQ)VCoQ&wg81EdN z>tl{x{X4@kN%BYoIs%h5t<8xKAD15frmtg?UU{PWz={yNXjtSK&z=_>U5W zem5n)sn(`$b_P+)C3Iw$td?XnPe@hYw3_O*-EIfEEB)yzLt_1HP-AOLO!hoH&9g5) zC%)g8E=E@NeB|g{DxE?7icy66!v#o6xXV|l^2od!s_|wOQZBwR%R$gXJznpA3F=^2 z=|j?R%=E1I^vWw-7;#CMgORjKqHbwg22RX)L@);I7oDwxv_Xwky$uDQ%pR z%TJFei#}s`e8cOUQ&^G+mteEuBrxaJR=qo6W6W{c*(@@3%I8reSkjr16n;YC4<`TA zouW}9{-$Kr2z7)|ZWAZ@8IZ-agwBMYlB%4+;i>)`cT&IkeJih3lP+;j!wf$y`(Bk&BjHgd{sp`PgXhh!X=Xw?u1J0ZiLdZ!SHCc-0fV-n?g-%?rjaK3&f7 z_c016vcNnJ6H`=dvo3^^%zCdT<8I-8R2FK z%DUp>^rH1T6ctB2y`znvDT$nx^~ou2J9n5(s#lj>{O~7A2(CKY9wn25jCvSJ4D4_i zmu+arX?V|a9K4L0U12TXt?7p;%Qo5Zu0Z2F0)Ln2KKpuxX`CB1OpkFtI)s%E%@Qrf z63qu2TxvWYOzW&v(=8j49M7KomToKrl!J-=q&gKy+=eSxT{Mg6Jye<30gLH-5BjSC z;p-eLdgUoLie1y>as_a%4apo2u+;%R?*UzaYY|2jg7Kgg**%i(sP4p4xExYCxh%1^iw9Od?#^@OM<** zu(1Ca_9vs+E^n!m^s@d6{BWR%*!!aKO=~Q8VSEcdh&wpc+|hT$to^`5G4+T!Pe*2TYbh^P0*boql078raKH zQL73TDFm6y`0$l+5+)5Vv4^s3=ehM*mEL+7s?;!$bXyJJ$Rw8%B`q{)WW$*e2h(D% zQ{TEXNb{@lY>J{{cLzBeQ8x&ez?&DxcN@UkB)T}fziic0j$&+SnCY9SUrS}hdW|zMdh95m zu15Z_I!?LB>7R4lU|F~!)(`EKi|)r++JI@bxo&2!+uTXza^gFm>cqM9183u51^&D! z%`ETv;pG8JkCaV12?;LD!G#~lo&MZSGlBA+ysGj{fEH+`!MmX2kg^IFqJffxS(=#4MIG( z6)n?SI!ae3^8E)%`gW`pLY%%c3YU^g%1}C~UlJ9S!#z&Rf!fXwh~3`wOHe0%hR#)v z#th8F_Tt|{HJQvfH0$|OP>rA^dWvw&oh-JA1JbFn*)Q4>*Jl`QM+ZYFf#-lpzW{HW zJ@oj|iJISi2f2BFs{DWNvN^~|fGmt&GRpU)sHvRoQbp93OMt101W<-`ay5NxOTbn$ z0&Y}aNO`Z+HA$g;oIUjwON;wUx5_HGu6#G%=RzWU>DFu?WP}A8y(w<(k)Y8o5C~2p zjP_e{4kGwdBA6is-cNq4Sq6%u(*Nf*29aE--=cB9{^pC((c90>dqNrygHLt0RTe+j zcy?gZwK3k-55gQnA8#=7>jaGS7n}5*IP0iMIT|Cm*(!K_TQN~;%HtHJ+ZS1>=n zN?jIj)wJATNun1ItP@C6FAFatUvm#l9RC>l8*91#DRC`^q@Z;lb4ny2>swAttT zzOFpm?t?Bwe5M@n@Cz2NT5d|jeISy$UOwUI$zG!8mIM{1hB><;Rn3~z540F)*XX2i za)qXf)ZvQMB+@L37^Wop@RuFw*KMt=qBTGhQ~B3dvy~E>9rF6C2}s@&(P|46ENfEM zwsC9BtzsK%WGl6i#I@hT{Q zJeA|i=<+ShbY^&wWDOeiMyi2?T)2a9RW9LviL9J&T9HRq<%MBRqZlXU&W4>(>dFZg z4@OjhFl~x==Alfw}i!fJN-hJnd=-Hv_l za3QHg1jrUroirSE{!zeu)W<&zQukVXpR)WX?>|heC`XV09VeH`5tWI9Ob#>CZcZ#r z4IX+eX-IL+m<(bk)rJSr5+5@U+KeR4RbQETGn)z+Y}=b!H(^vnf4M3932Dn7)R&P5 zhJ{rBM4v5qeT)IWkTlr*tWKsdYhOr5NkrL-1_>UAn|>Q275pX8Jz=t|Wsbn~fxXy7 zFw4VXBU@3|KE0nWR%<|K24(88K{KEJ^(3kHl8`x(0o5xK&GYBofn;A2C~EfT<5DTf z+)sD!U+q??0gtWs-%I7s-tD^-xbW_am|9s^WTu=-*D(4~_9Ok_-+EF-t;*(_{?wft>X0mQp*yLEyte z9V?w;p@mOZCpF`t{xYh2!jMQU=?e7JXFIJbJI%kt{-UP&@`{3P(fgPK)iv;r=?Gxe>=ST|)%Nd7b{zJ4D-P4Kgx zgi9tFPtH2oHBk|p5uj=;o*&$t8!Uy=1a&*%J0j&N-JG)kFo(mBcak9_Gf5r9=F~E} za2;Oo97I_i_d&O?cuHq!JUh3Pm9gbZn-+5CFp=EDN7s@k@&`=4c)y1}HSyXwB8O>e0gt$$aAXs zkTViTLhd&F)MW&2;)YOEeEiY5gZ6k6iqZ<3hr^mgBD&b*3w9HM+AAE`@C319Q_Ds4 zI4ihBWgUpDWwrjO2<;z>>D`Yip!}oLnbDmPV%{2pEW^<5m~+1H$F8s_aK3!}nH1R=zqFz4+nV_nz<_4f)Fy7yX= zdF38^b@1GC9ubTrj^@ zqLUKC+}_XiD~%M=LWCRRKNqk_F*Jg#2_o>+eQ&0_?YV8MIbQ@nYT98K6=zIgMt|1X zygkpx62f`?fVP9DBBIA&qy1}8ww83DWOSeh)yHjB5#&~5=O9@*??dGZ>~U?gj+})( z#g9qybn4LR>Mw7t#Z_u3Z1HxJ?4ENzPHN|g+KU6-n4kJ~R|5r>S5rD-xE?V=I%by- zFrZG+&9QA-#?^7G3~XhU`MlY*kGG+*kA!nrzIQLV{IYW2?KlU(we5`zrB1{IT|^1> zLAKjBCJ{2Ir$}S9vrxL6K3Byuu}>)YV9l$}7!%tK$*H7pAU;#XvTWu_JR?u^I3K!} z38%G9zaN;?`iiTSpH0)!2tM)LmWAX&6qO1C^6eo%7izhDWZZJprxRa1cE)RnuVFHK ziCTn6#M(Hv-18iHLE{K}H zKYj%6dCnP=)7XX9Noov&-8oOSwssOtxMBn$HLF7%YxPIRd@qaVM>>+{ z%)2?}^+r2Q-W*2`JKteV!-mW&)XiRn5uT zgAUUs2BP|euI<|#nW&&`ynb`r$|sJ8nKT9Kw16l6rN;AJSB70#J(C7#dc_0Tgj5`G z_fBxXZ;V;!5r*IcHw6(pzuj8i8-P(mE(T^O%ioR|v%(Ne(^T?<4n;yc7sz-IJSR5_ z5-UqDRBw7}rwiukH)A#ro(F&ztbT9$E-RBLVaqP`xTt`5-c;utKS=TOyfI~k@FwBI zY;(Z(+y|>*b1UY^N^H2;X2{`m;#NQu8tkXVhDvc;=^}%>dE#aaF(n~S1@n3RBDk%b z_;A5!p9AJmO&c+YINd70o_iEHhvHmdBnjRi`i78a>v2^SqoL0Z!l3hlc0x-%_>CkIAFF5ngaoCPVa8wM$SDqfW8nS*R$yoO71u4h7BtN6D=NQ~%$UO3t0kP{H$ zv}Hi`)LVyKyv<5U`{vbQD{n+|NS&(?%3%mAu;C9#q@N(1nES5Y@J=Jl>%0oUT2+r(TpCX{w_aT4y|ARjmdx8F8YkY|Il_- z{Ez@OfkSMao_Gfw)G7|ojLR5iL~C9&JZ|z7_TsK_uEvU^Et#ctyP=qzzhxoDaj$_m zjLk3p)SFt?PYreW8@yDo~~z4%c=JkScbF3#fbQ&f2-PJpEE)fNZ!tdm)8U-d{h@ z*|#S0)BQ+t+?VQNsju>f&(^Ns$4E>nmXYgwW`BXich^EmH0fd!xM^u#?tVEFbVHyH zU*H_@C47n1h%LI^)J9w8(2>*U7*<|>N%1!;|^LrmJ<-f0`oF`qRPGR-MMx@Lh-*4HDR0gh-bq-MXC%(|s zTIx#?va3`<`S|!$5ci(!E7AEm=@dGeX6#$u8x)w=GhmCTbn?Q$uHFIt;5^=MG)9u zTbcp?ciZ)20tZaUMJ~W?Rq}%z^cFE0dn=`) zbMlqFAd7La0c>_yAowSD>cosa-cwJO<}4f)W|pV8l)4C4$(CQ--g6ZIVEE+t1syo( z=U{ztJS(3y8!QihJv-0X{0dagKGrwD(SK>CedLMa$?ExU&i@BnXa0|wBCR&!r}>Mo z7}QLAv}^u5!K#}YbKr^>;mr~D9uKe03`2GQ*aO=kx|m{NjUpMePM|a}O}l^u0`AoM ztjNG2YPIH3JeZ;&WuTd$>Zoj9TtVME!yO_YoPU5#5a4fRw2yppTI}hp+YR{^{_TJv zK#~}$r=W>BD;+CQCBt8ZL>fkmp5QT}N?sZkl=NdrR_^WR!SDE{U>pL*9p4hOh#2ds z^76XYPjSX7^Pp=5gQ-A{vg}-FI@TSDw$wHKm`R=j;SXLl#)WLefkW@}hPvz3wMitH zGi`f?i_ADAsmXx zLOBBbLuHDA`Nx=a%4onrHTWk2J0_hHNfHoNpiek#8%m9LdRnQahAw$&pxV5X4Hk9* z&Hj<6apnp{7dfd&pHD&l^SBD>Otd&^<}`jlXpIjM34*1J|3H|lEM;9B)DvkuZQiVP`UCu?O~N0S!<$QHeIhYhb^ovun7wIR&9V^us5TX<^w z+j8bf$v?#1(rF}kFF;%kH8oaP-nV6|z=oy+c{GFa#&$cwFv*}~Xe!786auPk#jVyU z_UAlB`UT@-)=0BC4VAiseKp6gNgu%57QroQOH%duq_@by0%x(Lu!rbCK7)O0mA4VV zXy`_4h(s(at@(CN`vy7qFr#qssde_4BD3imZ;^Mq)labGe^*szM5e)Q-CLoue-2A$ zZ^s@7ozqB!MN{ZICaL5-L8id#3k<^?X^Gbc5;^?lAkUrPr-VTpd!RTgy>Mb`+0*$V zKv^!oL6)g9H&Nj@F?k1%tT>{$1Gc+>$*R>^T4<3N++F2P9h%2r9WZ%i$=~~r;~Zh2 z1mKu|9mD|sV^`D|C=T2|?|y>xMEoEpVn2f`c%V`8!!9!UnAX*_I-#o99%#cgVOyK! zt**5o&z*_}^1U*lJXxJrxS;VnhC_Jj`w)#(sA9N-2Q{D$DLx*JLQe9XQsIb%lOxaKz* zX-q|Nl7)2QYOV~<@cmt!pEor#fVE-{-ZBGR0$nc~090VHVdDA~YaFxYRYKj%BA^W0 zMK)AOJ0?)*XuyXS<^7eak(Xw zwbO*Z;ExK>jcZ6Z8aXRX<4T^QKm*f}r&?0($m_!Q_K{;Gldx)58fOWnR)f|k{NTOq zHgprMpdLR4F`gDs3fSdTs5YzIW~SM)r~L(L&_h(yTy&%)4!dR_ymS+FKXhKM6IZ)~ z5SEV+04l7*RFsMd^+Y;Xc4z&*(O&-b~$&f|CB zUVWcF;cl@{-@S4~&3y+q{Kd&`V@$ql@Ew7UNZK+c$t8lCjbn38fOiJ}JO4)Mj>PHs)#RKkT zHNVz62dVrJsJHR1Us@l=#C=jQ?|N0Sxc{_w*~pElnIoHOA4wjN4F|r$!AK>?VfJo1 zW%D*tXLELT?$6@Vw9w|YZTs!3-r>ese#HXU-`w16_5|>x_7P)egGx%z&y8DOLp&=k zzA9MWhZPrG*y`LS;oBG;mnf}k(TSLJiys^7R|H%iHCfjMz!e`fC*HePu-Ss4p^esS znFKtW_0kXy5+YkT=#WU)oY*FVoved%r=thVlvH{E$RX)`}5 zL)3e5I=JH0>L29+N1`wJZn{!269Yx{byXi%*6Oorn4x|qTuJro-oA~aH>06HQSyuT zwz4o8&MEn5GCr29a`=naQKaG;z2bg*#Z}j@JQE_ulYo{5zfZipY0~Jsm>QZ1W1KGK z+GmZ(>B`H=*TN_au|Om?bBknhxRMYvH?c^_4-#>iW@Ii~z!k8~a3L{fTS4|f&^EJO zEKxW=C`uF(=_>wbm@QMt-+e*>sc}y>{3hof9zVz1B`OCa}ThGi9pzexi0sVs`lMU)qUU^c(r; zA?-DW*r)3SFR1q#Q?*kxrMi;#f>MXn!`rl8EdoaIUg5>RYzwh~uCg2OyCv?o*Jueo z85?bfj;a_qqK=Hl(KXE{#{3@il^;u4c#qJIqeZT-S+g2-@+Icl_?b=n!OJQ2UO!$c zatBDj&uh#M77*}vw%0)z(PhNTDE6wr3r20l)qvw?Q2ue8A5Svc7c(Y~lWV_39DB$) zk-M>XELWhF1kc=)xKVHIvl2~yC1-PAS>DZ`Uz0S?FS@;b7Qdu7=dyEn_~WnhSKIqt zzByj?({0OVSa}ieFG7uFw3&@pv({HjzP zB|;U-x(Zd-(JnU??a0hbeK;s0ndX?LWZLVPO^8Xet{sOB%e)m6g&&I@ z(ij6iSvhNhuBQ`mw&^MNZCazhcQqRTR}UUpYG1D^O}QKuyEbwl1Nip3eyjgX2jrFM zR>rx+>+X9apG4ijTT{Ok?DrPepVzs%dRb&KWqRCcEOcwf5|n+rQ9nM=eI??=ayZL*5=*4`w$fU8To` zrDIKYj#x?GJ{|fcs`uCkOt)bO9pZjrjuYBosFTG>! zzlk+bKj3M_j^7Py+V1VS<}5S^7uOnRrXTT3rY_zvk6Q0|j$uh-?W ztB3lI*R^(64CEkmTZ*S|70ogcM+45yFS)fSYZb5RIW%8)WTZ*802TxOz)MOUyHw7z z72aMQaH4=@6(yQ=a*W7v@m6t+z1d(j(O6}&nEv(R0mY5>_xsMT{gcF4Y*0uWKYZJ9 zmo8hACwy@^;I%31l?B$LABavJcys3d?GrB#IWIR|=y}0mHK^R|ta))E3v`~gx$0CG zBH)(Z?7);tMhQfFK+Ms2`iJl>LcGZSYFLSkIc}2qR{nK@<|hpLm!)|VQL@y{3;&ime^h;Y6qe_(D@E6?TgT%6vf+5N8qblOWnS+NE}U+v(- z)$0;ouDx}f|M{lM&x*}0tf$}j=zdqTD~XGGMu-KCEt2~t?*?gS^Pd68an%pc?b+bc z6}i+SI)mF_!#^oF>vSYQ*U(w%`_0qt8>U`^mV5r2L{6UjE0MSNr-2pQQ|GUo(UCj9 zEWd#BJ1@VGwqxcEI>_Iy?1JMxk8P=cHtro{c^s(!s>cjo@A|!C0c4~&bxCJx}A6G8J z9DRg?^EbDZ%5z=(Zt72`_4H*hd#S5uUbK9kD1cj2J zIMu0JI}Ux`^!;dY`A>m=zgi!ie$etteU8HO8DYkE+xD;b!s5p(vATFNoAt;Y;=H=Y z?cC|OSRbdQthn&VGe-Jmhu-7%X{+x4P1r)dR@>vGDzrVl(E*jK(WAzR8X>KBnTC7~ zX;4pgdV@n8nv7tisW{Ie@*WQsx^CSGxJ*|=+%sT*hgz^a|>8-=Q>zMeIqi3CI~ zb7E;vOB%BtG)j>95Vc##nSCY3pEjTZxA{E2g;6Ures^Vu;?Tt1w~to~rKhgw9T#t= zm!fk^0#${m0Ht?63p-1{mD#G)MS(L<-b$`JH)p-z^2#b3x(d>Ja0ChPExWk?ABklD z!@j3EE9`r_=+f<(J{K*)aN}dWLz{AKW}g~9e~AwG)n(;y#2feVWl2PYsndh+V>^Y@ z4Z@~(O6lwO?NKbP4^2~e{A9;xUCOFsINhISj?S*M_xL1RNmu9RBcC-S0%vf}EAbI4 z!9}e#6Xu+LeaCjw$fV}6uB(;1AJ+3tCl777O54ocNkJ#vW2-zkcd@3qZawtcV-C~b zq6)T@bIvKoUN!f-t&VwIa9KQxd26OMB;fR(5QVd)1w=%|7OR&Jw@m6Q9cqAEt03Vz z-AYvxw1OR{3QXmH8JWF05_>o|=jpXt^B60)ffilwm+wG5+s$}S&Jt}d&TM%)y`|^q znf7$>$9LJAN?MZR4rpY3NjVa6&7WI&xFF!^npJ2{1y*PiQML^?BKmc3GjF$ZZ@YEd zsw*E`$G>T(+7jBZ>Sqd(8#j_dOFjT}oc??~J(T6XVR=TMyyYAYnckWmZimElNmS8;EnPjU{y5LOUb-%61ijAky@~&Lyv^Ww@N0I7 zeY5Rkx0B{IvybE^ysq99Yw?UjoF{E8TmPC&vzbMJG}Et0s0&) z1hp?y@K22`ddUjF}deh zJ9oG{x?}+p>n~~-MRZSoiuBg5IcB;cW!*L%Xkoz4m)zFrgS#cx=mSdjUu&n2U1f+q z@O*RfwqL`%p81rE|C#hc-E(CA{Ueus^}=FFG;DUwu*Eg&Rf>q)zfDd>KEGpFHe7`J zS`$}1q1MqaMm!S!B*g)plv>H=hKn8&hG2pnXPJBjkDqQ4#LXn zOO}UB@_KFdIF~<9y|)IRZW{}+1QAYW0RS^?M}3bK$xwBj5WwvgF_FcqBlr z!u)vg)<&iIMPl9P{x_BKChc>gc`E1a<3Q4t=ZX1#Ukm?C)h;aBtZlzNHD`LdU@MCA zhfvmBAC~)IV?&?+#hlFi?oDgg+Vs?@KC+ll3Kjnr^>waG_%3O!X57v!2I;ITen0ui zsO|t}J{ST~3Gy1PsbLG2^Tw-5ovs@g$SOM_T zSMG-OV3o;}#_fD3r`SI{)Ax=AfF-KF7wPt&b~P!{dcBnkpQ5hfYfaV)h~DtRmA9u+hGL|4oJR2v+MW{cY^EMl+HaUmYc~%= zzQ}TMCdg0Y-{c>^S3I|qpHA9r(j&Yr*dh0^&G?kP^q`z`d~(6*f#8fz`~5dE0_KWb zKlqeTeQ#aX?s$6NsbM`YLBo%CgpvaetGzt>oW3FI zC-s@rCtaZ0$5J`fUC*P)Y8B91N<>5HAu*p+1&#=F+!d_*iMi<9U`AzH6Ewj zsu%zGv(MC=R5gIjThpxlTk8Gc===EB2mMm4K0TcWglp$uACT}(uC)4`7wP%O*Rs&kwfMU z-`~BwtHVO0*MYD(*dgN5O^+Ih-`B>n8k z@v)1;dpatduHB>ScKQUk-Isg7o-XUt_I4y{=o>_wbG)s5AYb1SZlL46WH%nxaolGv z%l;U#NTbWaG}y9&um?ZzzRGow%oUXFtiEXqkvYb;zF&4+@VoFXw(4^u zFH$~lAnim|3?IH*rKFr(t?}lv4@{VvkPjja7gDXe3cp`^qdlAp(NAcHR7nJv-$C*B z%cy&}c6T314}CjXX!*nP2@Y0v;1RGKKq?@Edb@U~dAR?{+?;%iFP58$5Gd`%f&rv?eXkX0_pG@3(Turu6gCUE0qt`e`B~ zHbkCEahr4Bc!kv-$kB-PrNay6m7^m}gBAZ#ag@}QYg zIDE3^Q z*B+SO0h`|$wqN!|U|WnzR0PQ^?yX4w^KMBOfhQ;22gWQcEEE9r=j zWPO_NIiri8HqZWuj(+61j=nxs{oLKSocH+kf9|@e@-&9QNe;(`d-2C)Hus58o7eyy z4DfyLiRbWRS50qjJQcd{7X9SaL(Ti#E*YesJakHOp%qu;6W9CYTtSyLJq#F2*>5^< z`fPlPB*;5tFT!rqR*|*k*&*|r*IL)6AFn-;{oVT^Oy|f;V@+|N_>79vyZ+~3Qp_FX z<*qI&w(HlAae2*-BYd}2{0wJv*#IPGTXdg6p|g$1lQ4GH_R%Z;tua)^p0yT@o_h!5 z(MuM$eeJexsfudewA-Sn2-c-C>S_2sF*m7cr0ijg!KF(JRUb8uk=15BE-GF>+jRK) z!23|D|L4_3?~{|7lII&>XOH5}Rp~s$^<0i>YYSXf&A#JwxAOk-juxytM>qiIe9_E% zB--;aBOyWjJKNJ*<*Kdh*^4LUXDq?rCz2ue{vqEgO*uJsI9p!spXL9D z2Mql`dBFd1#1*amUH;_=1O7U~e`WXoa)gf?nRRBbYu{xZwc_Q}N5)0{$vB^Hk*Uz| z<8ZMmfAG-3XK)q1IiMdN5^`-&@ZRW4gWAue`>t))o8LuSI!g+6onP!oA1#r)RGi{> z?69a?z1AR^*$WEy2)U_z$erVV;m;SdSblI&gP-cN9I=hle$0WXoeHvPCGNO`FKeIA zs9HMzYe7ZetB4(@l&T1U@rN_LMs)*|Ig=yn-Ze*V-xhT>>7HS5TWNb=V0FbeGA_f{ z>`dFZV@;y)q+p_44GeXC7x>}&&(ggLl_swIXPcW6NrxUtV*ppoA0pE}`wT@rPhm6? z%Y8;S^-gg_q37FPuZasTss2!Osw6Js^%UUZ@s9b%OLh)&m!@iMF5>Nb}hzj+ii6%t2UI=$hdGO z&~NH=t77rC#>MT5bL%Z|VzbqA5Mrv^6UTV>1FpEJFTm;%XWgS4wi#_<|L8<`)O=I` z0%lL$R(=C*`0SY6n%KB@&M+|6P6;=uTZT;oBrO!lM~=VU+tWyT5BQND*xOFca|eYW z+w|5y%s-kFJ-x2g!m)`jYiMR%YP#{oWN%!Zm%oiV{&VG)lqwZD#T99;NC>>*3IpWU z8<;Dt*<*5H+Ie5IoTF{>zkR>I%4&uGS7a6#YX3G?xo}9M<>Fq?5>NTCXQz<^t|+6s zZJ9|u{83x99M3?`dH3^d=+xcta-#wI+Qz%Edr48nMXr$iSS1A@WAvy0vkf8g>+3yg zTv{jdP5Pc9<)w6$J(@NRAm`OrwjIizdp=_{)=}&)Reg{wJiFY`!&lUlL;WDsoK5TX zr3}Q_TkM=xEH14;8*J74^SxnbRdYFg0G=nmse+mydf|8AXi@FXQ0dVJ8Qm6vpO+tc z6K1KsHlE)Qw^os1n_&0cIfFS}$=7EWSb%$ed^*SZyjL3 zHI(wgQN4qt%tzae*T0Y_==_NNnYemWQso`%}+B%(X-AbpnsB1bLX3(CV zPhae2)Q|tjK;5WSJJ?r#e^&Nf;hQ&fYxlyAH4<)la3RvDQdv*X{F$w3cwonqkWO`u zyC4u@oY0~X|AF9od`KPXcgoebrYq_leV1uCD?i)ZwvuylU;B4`>ZZho84@4Tm;Q9N zEq>vP9sCmrEiafhJiF`-mYef%)Eg{Pca9|qzz%Ek_57KNbJg~0J3S4~You6sCG8ip z_r|Us%GBiX535~&^lQNGLVD=TpO|5F`cSiPMcdQdafNQZTR@6+aW$!k@uH{OPnuwn zxB8ijcA8M7UgP;Y>;d0jO(%@^lC%nw;QlM>`5V~&NqE?*ZH_AmuaQQ;7%gN`=;0ZU z=OjGknS{*PAAS$ztddPXu}D9EwIEpG8m?k1tsU@>+e`(IUK||cPY*R%T7QWOU1;Eb zsX6&}*Zxfw_IC9Zo1Yi*`ZF!^#lhY-muXMBg}S;w6F#qUc;kI&=cO<>b?JDYXmi=I zxF5CaYWN``cT%BgIso%Irc-&)dbM}vpfh^ECdH!1s*!#_4uRDN0zj`G1?tmMzE8cZ zxxbubJcCF-cf;$7PTRisdtW}<0v-x$xjQ?0Kk4GcXpor}NB+ol)jRTaN^kk~{5Jrn zi9v^kthY~9EXkp)ea?mIqzs?7)dz>+o)w#CIt-k;FLQ~7OJxZRR``P3BwePYW zc3YQBN;I~_kQNR-)!~~+2V!sgF8dB&s7hQ;zhqP;{EBG!$^U9>Z&vB@sDvsnmu0Lb zNgoycejj$h{&!CwPWi?}P}bXnH+LEBd2x5<-D#Bb=l2aFS`mwGuwhoHbY?*m6d2#* zFdHyTw*8nM926hFhR3nqdh^@{z{ejx$F^@~XWg*UgXITv1TBR*O@__En;SQGKT>yA z3D*HUxp|~ST=m6M&OX=5g)Y!mM?Rg*9`&`HM>dLPYZ5U8+_S=eSv?LEB>ews^6dH_ z+?_;sB^}*=YA`2+OQn?F2 zg#j@68`34}oYxzYp#QGqS$F?`nc-SFkmY|Rbamqug+8tWB2~8Ev{rMy_2p9|8U3!> z`d#h0Eqk}L`NJnE18V(0bUNykH_hVYEbg3ltK8zVTX>sru^C+^_ZYnwP7 zW^d}kI!-YKm6X-~MI&iVja;r_YQqLa=K8ivvn_qdQ&;n=VidQ3V@H8^E!Ytq3$ zO(Eol_voHup3l`D*vu@fC`xL~I;D$Hj@hL3N-AXw>$99+9xAHpnr--EteW!6I=<|b z4FXmR_|RYzIAC^U>P()m!rfn@djcdB*1KTj~Jx&w?qg{`$HlOgA|LFTz zpLF!@E)B+%e^K|f_#8;n#Un}T`k3R!Ss9NhPdK?z$q7_g;(XtzVNy*0YG)!XkCB!^ zYa|~!s>;eqdLL55-CYNEaD9L+=MtU%=qI(_PPlM#W|z!)Jkfl!w<^yT3WN` zWXgNxENH@aK*ZsUqKQeK{*{I$x4lg8#@w&{w-Z+R;m^gVdjN8RmIwFjUFvAcE)5Q*l7u9U{V+OdiSgR1Iyz!1FJIZ8f(8rrf&54n)ORgB2T;QHwQ2D4J~^Z z-?leF?vcd+=y^g3`?Lj87TA8vWaHg?nah>>w+?nx&cCBRs&jC?$<2}Pa`wVEhmJUG zws~IeH*5E0PEo>6(Je}V%|D#%e_<+kV>vPOaq;P=v!^0S`iR3k!7ADNK))Rk7ixdk zR)3AS?ylQ=N*$ zOBf|_Z_1)Rn(%Oy_{9^>x~rkgbq(|4rbenp+I~`W!^d4_J1-rJOE>}$-yc?4uQOig zU8eu&R5vZ1LOz4Pray5ewqWsx36KIBUb3#*<^r<%rmnXgT$)<8aIX21Jng0O8I`s^ zQ(17=9%4x*k$T*?W42p!-`qJ96N`Pqn5)*wSE*v-OFQ8w&JNF;zr0vjTUt9i{%m>A zIw{}1M((SF=Y*O7iIPx@jTF=NcllA5u)ZU}*JURC@>w^bW9mp>U zIjS;+Sgt%aKWRPkBc)sEYe$3k){d~=g>{Yz$xI5UDcBN9$(EJVZizpl3P08uSQi@r zSfW?`UA0wu)%s&JJ^7T-Pc?cbm-pY&Eb0fkbZ zj8>kI5x4fJAiMv~%(tEc7xQS?9B58y3LwpJO!BF9pGiW(&upE}pA8+b8*igazt%k+ zJ?0cA*!gH0cgdtsGMSrs?34ZG!6)yP|EIc6`0x1*o=_b8AK4Ek=JJ9=BF(nKg9JhW zml?z}!w6OydIT#!;QxKUm3r@Aojx|qzZ)6<8f_yGMuvp*VqBU3KFB|fK>t$__)lBV zUyc61iok@~IW-h-TJDaXj$BJ?|Jk*Px2Ld2Qxq&Ue@3A5%2VDq%m<_9&sN5cOxIt0 zsM0%An|si6^^2=DUn9G3y*#9T`}>L4-TCfDmVj8P@e=!V!`h{nl)OpE-nTFVQe}9? zE)RbbTww**FbNvA>blR!BGfl4ZXPOY$w{YLz8(Z<^+wku%=g4LDxa^>w=+OL-oz}< zSH4!z)P(6RN%rXV-kZ!n^Kj{N#(-==$Fl#cAdfYivw4GR%$ZDc{%0mtI--;xM(%#p>5OkMZe^P zr)?f<3Wr3g&Oc~tHSfe~>QbIz+NCyvj?QWKqEkrCI|<;c>^leC6DREwav#l!%WtKr zKRow#rffDryJsp#+SC4^l%Hv>HrDv+z}4Xj&+wtz8I|N=JIzi@j|-ckuQ}z0jQT1+ z9+T^>x=?5iy%hf?biI3`0)M3Gy8qoTVWhkiiA`Rbjc)Nmax-03S~JfDhj8iDPu91e z)jFTKrq30W5`M(Wsv>Y-NXHR__9U%c#)i(TgC?azCfP}2T0BwPb@_8=E|=HjNhXdM ze4C-K(}_~Ye(>);n9X_b`SbS^4V5WC7A4PO`%k0j#2Y)JaL}7ZOZp+p(`A;~&--LK zow393FTB5Ycu$)BOhxj@wSO0ZH~%xfJzh(Gtkm?UsP*i&Wgk=je*O63Yq$3e8_YiI z0gk!MEJYnYQDmFl*@T~6cZDA4?j=)Lk0cJz%U*UnUr&SI%KPm%8I)S8bx6pjYoB>B ztakp*mgl$jD7w1;O1jVLsJBmq0-Dcu$UiF6eEMZ8FU#Qit?!$g_IVt)Gc?$i6C;A_ z>)lTYyJ~TB0}qsBUYGae{TkG^2a!HgT305D=TCFSFFQHLhuIB%Prmt0`I?v(_vKFM zH--4Z?iW9#YvbNGOfBDSwA^7dcutC}``*vYe17g?u6CXmZ?yk?gz!flU?`5k@}CoG zn-g3Ky+?B7?CPKTq^|h;9D}v5)dsS@9@u}j&M3S5(i-&nHf(DYdSkn@Y2OxzFiAD` z;o^pxN(;rDXvqfKcZwaVJ!MH|mwKq^*kjGQMrwVe^oSUF(;t77KNNGYWf%P!`;;Eo z7%8q!y|h8c7hh1fcYS7bi$`WkGz@qlNAU5ItHI^4+Vs!asaU<>UAZmmL`9eT^5@U3 z({HtIzq$WzO{|wh0<0|>PX&!`9Dn?oF^+z6zF>GAXH)x)D|tH`T0ncBrPjSa_2>7K z>h$r!8}sSDr`EWsCDq8}AWrMqZll;i=IKr~n@wy;s;ex~`h~*rv5tl_m#6D}ettcW zcql%|$vjxR~t zf28eN<@TFfPOGeOB1i($qjra^HohUEhc4}IRVXP}GFi6%)L;RuYE*}ho8S?vhsTb5 z+F@WC{8N*2Jf!c}yy~qDLx=|(woQ23d!39;eQzu%tGlQAp}hI_x9rik14W2kX&LOE zYExGvv8YnM;?bwp9U1MC(kP;exwwwhb~VrIWYjD6vj2`=1NAY>u}#Jc^>L|35G9~I z%<(oi`lk8p!&w)lA^ac5b~FthI-KGXy(<9_qEX_sH*si--}dxpSL$6a%&lleDO2I} zJw5Zj$laXvs}3tie=+TaGE0Ut zK8!$e5+{_r_^M?2ZEn0W+gZB6lRK}{V>G5)5!Va*FoZJo-))@?J7EzJu^*$ledO6? z-9Est3_bk?Vg33?`DOd^L}xDa^&={NzHxtN9+UdPbZlh(sp{tBczk5Qyk+2U%(k&_ zlJl?P>zOyZhvCf{JC;%mTR+xHAqQNJFY;>^PpVE-th)Z}0VhYz{OWFr&lF8$geSHe zgc;X-T!*}G3qG(gkvE<@hLV#&N^d`WJ#MzN5Z}J(?90I-x?~&gexkhLJ*(|);FyVj zM~=T_gmSp|X@!ickK97f=T$a73Z&(O?lQ4k>w7m5+(TV>_4_Nw0fdAj&@YsY+Qlbk zmb6c7PZ9@Aa~RL`?8*gc`a6N?4zv747aP#-@75a|%ns|Lm?O09%a1yJXTqhA1Ff!X zK_E`LO`cn27^ScIP;T~&VScpi2eh^9>CB$kz^;rfMxl?_M=j!q@_#=T*IXU49^G^K z%g2)>SJ6?2?$v+xG87-2{M?Zc`*7)uclvDl+JaphbTYlRy+(`w$opIy65pgb;HY1N!Rzlg3)osZ@qDhX#S;?-H@3< zrAKieLkEw|-qbWRxsvwXbtBzy6~>oV-Ka4 z*AM+qnpA!G9j4N+eCe)yg>N)U+r~&GDLroUVMn~R!I}NPbQ`luUb^eZ)oCV*EQPM^e#g`6+^~Oc3m_8 zXD_~u*4{?#J^NBC^{M|hxQsaw*=&1_Dd$#VvDP zf|}z0*4zAVcXI8Fj@-o;LD17MN9)u14ty`;%iz3)D|>KFJJKtHOhSpoj}eb;HIBc? zP;k6db{5ffD8rThds^*E%l?j0BbYb->Hw9*nm4)dZrOY<_JL01q@$@xqqGIQ)uu=U z$t;kwrG6_aa~;{y@>2JHY~O=pM<Fs}7sGt*W$q2xsTdkG-0w@P!_he;9X=P}mr>>&xJ^-^VH) z+6t88f&;$#BYG1?aK2%pH(xj zor7}qf_J>tNq?TpS9rZ}d_#WWr22%WTM^WUX^>XYf4JCUNjk(qU3Aj8SKR>B+8+2) zJU*JbF*cUIny*=zx8$XDb4vrB@63m+~Y z(aGf&J1m~<|BYN@n37^rg`WIkkyNuFEXel127EoyIPDXBddr5n3t5q(O9#X^6vs;= z`g_kVj(n2aNbR(){>MG~r?~@_yiER^sJ?#$E9flYJG<`5ePxET&fH-q6l z;JAM_1E?X9QCy*5hZ#yB_C%RUfB*oWgdxJ*gOMC(Aq?pT2gz_eU zC=Mbh8V*H>?LcG+5A1CpN|PeI#8iw3Nr#6yaRG!#o&X#}r%-&6K0aI@Fq|HRWRcO% z_Vh3o5k+L-B10(Q9(?;~8Z(*<^7Tdsp~=3{3?eO(0raNCZ~=G+bO;Q@q)H-!ydA#kV&2XzW{mWH`e3E&u7Mud3ThjFp)OlgRRyQ2>p903NABDe^6h!>wL2%`sc zxB>xRB#wdeaDXrZ(w*h*%a)+rqA4VfILb;w3PsB}R3~m22IeLL2eXCH7dTInaO}kP45}T$R~RhhV~HUGdX&(~lLp6lQKCHQ5fSJRA`Kbi=?kEv zz3AaI6i`YCjv??J$w)3Vnt+nPWhnP3rXzug1;x;$6uOK+hOoThXdx}im*ODB5m_WR zFE^4K3?M@I5`t)szz{f$xU#m#xMO)tl(Q_z$4kN#gs~|go`AvUiG5>Wcwe6|wkH}Z zVSv5d7$}}N*oPwm{2hen6D169C#+j26N!vQ;@sd!cQ@WY-v=BOO>l=tue{NfwL3|O zg}X($yR$Kfm9xXqY$P1u?%?JIXNQr(`R*JzWhIx`;VD=*J3A&0&j@iANkXE-c+3#| z$|WJ(QEo74B%STW^r9kQtY~U*XtWmqgaA_|I7eTOQzVo@W22xkJ}jXuBT?8gl1yb)Is|YA0l*)FC3PG;i0-XZ|3WMQNA2Lti?#z~AqCFjb zk#;~C&b0BC=)CUR2V`rH9jhaNMQ&*Cft!mlfd{wNEn{xDMmN|eK`~{i6Dz`j{s6} z-bkx3o};HTAe4-AkU)VxQ8F(fN6dF1g#u|LI2;%m;=r(?aPSa2n1~_}co66yM5GtU z9wc^OxhGGmuP4pjGg80>aH9#)K!KeH3L#_Dxfm-4ItW9K0r9>0+)%nb4-zbkkWwL5 z5`+w4AL>Soz=m-I!6*mh{8LJuhw72*h?fMqdo`(U&uNG74d ztRzq#F47JhC3eKXh%}O?%!%Y7Ws+sS5QHc?ED|piMDoDFBmmeBfLU45xNHKC z7({hgd3Pe7msLzC9v9{wL>EK7@lwYy1khb940Dh|5e{UAqX6!UB_KuaaDZO-SrgfWpqmXE+G5(jo7zqB3WP$o;S{sF9Tpf;9xuZ7!=EX1VF9uB$1;OaZ7!cha=ZOoG z`d|c+5_=$CL|FMKJu$unq9em<#kKV%x&^JgIDWL)9zgeDI8(!YqMRk6U_y8}p6Kn% zN5+IiJ36vtIHElp%|r-8@o=f5Bb+1%<3xxkp=6GT;T6nW$vHBDBf!%)6ykwf`3g9` z;0P($OKOjhS;51tJVNN6#NbF=3_MuiBqaxVgCd=xqTyab62XV-j*v1)zU&xWs1JZB zWvxUOfg3X-N`^y3U_!!ZGL#@PBA6ipI`bHgz5=0@9ng~;A#)}RA<>*LK@2gB33Dcd zIpYN@0|5*>5G7aw3XSFdb(F9EeCd%O?hB z=gA9m_7+A4F@r#~Ah9=Ag7=YzNgXM)U?+Qkl|u{$0+fkE>(g|P|YR!FLl5-wtd(WnF~Sp*UmLGdM8g@yZK9ATjzzz_%a%3}gx`HpsW!9Mn4 z5yuJcBa3ho1WQF&DT4)z5IS&?VGeXG1B%54i=$w4EEN{yw!(gV86!F<27{+UL5_fM zM3^Tk*Z~y52YT?q5}7OrMP+)d%w&nND2OMI;YopphQNv5d=vpj1YxWw=m@eqm&T6? zc7&q6oqPdepKv6Rh$7oN(7-GTh2UTn91V5^+DSQJ2m;F$Ae`7i4nhhM>cb7ipo4q~ zA$B1UjwIMkK#p*-^ML{=P`1d?SB#ncv`rsY$&e857 z9LPh;<9oQf%Rt^f9+6;-kWZ5^(IHrov#-cmW`~RPgcCU;Cn6vk>**E4VMd09ujD)| zl7tflaajakh%eBAZ0F=d3ld@68D4BD7RnMt2f-jTJcflKuiOa5n}s8Y(Ev$w6bT;Y p6AbZU5^(N79L57h74YFacOcsZ;1Y_VqXGYrK9Y#|zmx%h{}1bra2o&s diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU deleted file mode 100644 index 5efee2887df10e8e9f1518999c74d1abedbeee69..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12723 zcmb7~V~}O*wx(Cwwr$(CZ9B8lwpnT0thAk#wo#R~ZL7L!@3Z5a?t8m$^!&9V)|}t3 zC&qZj`;81>I8cS^Ko1~9z*fX}X;!6$Z9k9!k%ar!Qi+kQIxRo@InM1!@i4G-_@ljf z@aPX=S9!WMynB_cpK2Cm3_m`}Md)y{fkSPhfAz&|4ue`c)YWB2$Qug4K{s_{C zWV0?SyO|9lL^$dH(W1Pyy)DyW5!>nZ2$wtxT=C3b+7MCg{_?f$+urCCKxgCU>{yxw zgg;FzhoAqQ_Y#%QJ?blwNTYZB)97o(0VX=Qrf&ZS5O~bR>l|Eq(dia*bTE=z z`R5?YD2bozu6TLlJ0_PA_=_FXuuXj-p0$b0HZalrkIHAiSk>~Qw(Hvv(xy?jAr*|> zGZ7XsP_{!0el0aJDy6xejEwBJlCs1vJ($COjCCtA=jJ*kc7h*P*%=m>Opyp7*j(t< zYHM%Als`EXEAxI7d>Tl*7UWWL4ZGRWVTHSa;`AdrUJ3c0p6-A^*Pr0x%tOnR1QN;j z^%anj7{ee)BKKcGPv0pc?LviyRDlMvRNF{`dBH6MzVlL7=!=z*q@4YlPSDm8TBo5D z03zV&jUuy+N^#lDyD_bdMtP~w3vn;hCatQx_2iV;nr{dPgWIBMy;VPut4h#Wrlzt) zzJ)=(EPc0GsxFEVu`J!dJwJ^B4?b276$3#-F4Ncwii8*VxlPc_`1-J+ok=S z@Fi8)IJV4+G5rXD1OxzT5>_*IwR3SL6ml}Lv~n{e6moU3w>5IHG9gs4vaqwVvmlf) z^CYBXW@KWfBIGr9aj-RVb}@4jbp7iydJ}tF{;$BCpeR7V0AeuUKWG8tfPlk5K|+84 zgQGzLLqWrUq632f0pkM!V*~)8p%8f#4y$?_2$=Q!5CI84TxxO+C%-z?D{K*`HH#xM zr-qBpY^6qKH0>CrTEM7|0%fjp^MyL3DC?OvW*)zU9GLyo&){um`a%ZB=+?A*&1TJFb2?`-RUAKCbaz<~Y&Z>4-lI+8#jQA+zhm=8}v~V#vjd zE1-YtG2WoA-iS|D1c~weE-TyHG|hRA$wEb^bzXR_1j*;5)_x4??3L+>SA`B6!Q&`+ z@m5_yyktQPnJM2&x~P)evf&+I5x0?ndB`Z4rMIVw$pGPL*s6J;cHJ`&flwNe;lTfn z5CNyvmM^)FfQBJGg=aUb-q)3Y5C`jlnA4@Ow$+woTje?JZ)Z`kna@H?)4s3B_k28uha2yi zHDfz`7i={;NW=NYG|KV=&z#s^8n?v5NWN-yzyOf1z__4@K#&0NKlnuI{y~I`Equi{ zOcADe0pXW{nVHolCy^-H8uW3D!B^4Bn$d1CjJ!e97Y#6UIdI6@W=7e>VSa(I_$K_7 zrI0wC&rI_S_Tl&S5Gd+!M7x+~u6UXanP;5BRv%cBD<%$&i{eFcX;}X!rkfLsb-%?S zM84i`6On>>wz_4bIB0be29P&Ri+pRsJieu(WRL`}6X_^R{8uYV)~SpvMJf>O=EM4V zg=7Ze9QE>w@ddeAUVya+JI58r7BwlOeB7Q2*SfswPztAvcID2p-}Y;FWo+Hf#CtWw zi99E8`Fs%sj>fm{V(!$`gpoZLC4wx1xKu_&!mHeBub!vyN8es(Nq%TOkZaRHRr)92 zuXY$2l~?F`a7+CUd+!gX<=9V?v#^FGx{`s4^N2+5rja*ZcT^$>yxhSU<*FbN_8TRv ziN?E{=~-w-^~v%w^vQ7pbc61X^F8QHD0?BVV|WlAao?Q1F`af(n3n2M2X${JIerjO z8mC3ni|ad0IJe2ts$UfNsk*jgBG!CXNkKa6uFN1<)NXWbAV!DR(suH4XN;>X*ms~m_IePeRB4W0$ssJ~1M;2A1QO z8xg?YhyeeM$XDY(h`_vs_zO@l=vaI~1QdTJZ_eRHIFtz_wR8885rrBfU)Cmnpu@SQ z2W5#Y>#6o4KRAE)H5l1GvW(*I&KX`LzGBIKqqgRZDt6_&Le7j=&P@MKeZH z)6hXt+?X@7H%=d53A=8aDXU1)IH~~+ngW*Qfq;V8N8oV(Qlk%4Rs* zSi<&*(Ky^EP|Iac#8T3Pothk?6Qlmzh6|Lf+e5vZyq`Tm^%E!CqG5k4ym@fB zayLs9slVi=qxjB5G*mC`;Z>*~46X!zE$E>+K-iOI-6ksGw6Ma4-o6t>?`we) zjkC)gJDXz`pDH+;cY7<%Wmg^UbMjeU00=STz*Z*auPEc^R^Y_*;7&GPBnwy@``K@L zKMBl#kVq@+Fi9rtF2)aZeq9LS`s~hKo3%7=1#h2goXt&V&eR~Qi=G$N>p;HSy#`My z<1JSBkweQMBE^{q^_x=PfhwtFt2buKF?}r}ZSQ&G=H@dwxf@yFAj{gE?N4V`l zJNR2AS-<(zg{|a{AYoO+GcuOw6AZcA0Pf13MpFJXw2Du|NSXjX-@Mc7noGP4KAml( zT@rhU9ufu@=wo}VIR5od=FheNf=FcAA4HZ0ZkQ^m6CSGK5doQ>KuOxEN{gbldA5}Wz=5qDHFPV(V{w+IL>Of%#IIaKcO z1eLTG8!L8PS~>9)tdJ8j(oLjeddpKF)N}NIdZvIRRr6n7fLr)8{2GgE6@dq}F2a}E zNqwD~L(T}`qw@P&Qd}PKZRE`y3M8Jinq&rb-GpeJfg8>;FX9`Bmf{SmDD|3Hg_51^ z(jbDE2Om}{{2Qxb#u%T~K*>H%J4~`X(08dunI}nMS)U3osnAgw5nHn1G9W8Hop#il z#I>yylTCG$+u8nuD=UAnWwQxeO-JxU8!A&<6YzjmI=dpbeIJPH4(^}>(#Oz}iZ?sm z9mp*$tw4&ZmMq|zTlEMH$hcD@Wr*aISmN zobkOPK}sIzZ(5L|`Sq=lNItYfG-E2-&JuME_34+eV$jZ?mfjjurCsSmU2bCe9FQGi zw+5xy+xQZORGQ-*Qjq1?D^=Ve`6LXfinAIW_~2#Gtjy^ZfooB;zmljkWykzMaK|owr+jaCV1X zrbP7&8l!dhhcztRbp08w;h5js)yOkEcBLH?8*FE1=1E1_B^uEngCW$0xWC zkksJAWRTtn*|-EXR%N5;-R9>GLJnZu?6_F6ez=Cv*yX{YT@qRDpt6k-I7RiG&ev4) zkF?klTm|9RXpmX)s7dBS0|0VkCe$cs9X(=3dTU!j5qwTjS!i-{mEgVtSY6mUlu5CFYn5&j7A4$jV+ zs%;|jq!HTfM^ar_VP2yqw3$efr^~w~pSmGm3ymL3X4zQDAT8~W@dCT>E21Tv~zTw&s30EborS_YqX;<|{g<**ytJ5Mvq~Yg(ixDD#AK@euj^ z8vHM=2f@O6w=U+N>DukG8{xy~Gp0W+N*R0Tua?0F?2p=_ahk*k#>DJ1d8}R_f>NcDC$W)GUFZq6p109VCKLLZuJGQBqk1+!diIyCg{aHw{7 ziVj}!n3V_;_|fCeWIE6y_o$r&ywuC=5*>KYY((>k-(oco?%2J{gSzF?xS>+jOhmrU zS<$cSrl)5*%(2evdxF>kN(swfa^*cO*4abEty{WzS*iKUq?nj=YmE@2B$uFHTt8g4 z=5YKU-3A+sJ5x)T5phaZuePz814NLVH4C5d$bT-5$*9ly&7Izogext3eczDyR!ec( zV{4SYmp$S!E2rYSlj`Y+C}QmIqV*|oy+Ju#^CO<7*4*-kSD{zilSTL0zs>hwT9b(N zpITG(hzN+-D(eCG$d&*@FK7eWX!q)HC%UL@+1b5+*$}L<6+pkLqbl3{WY+b;=e;)K z)M>|7qGy5y&D+0hKxHlZRF=8|i)%trilD`#;j>kP0@tQhfzxxxpB1zb=<<>Y0Xb-SpSgq;EMiWf>&fD0q)Uy^*1SkcK0$K=W z96W`1KW5j)od9 zW5?%0R@(Uy%1`OL?J4WsP!$6@Ej&9BH+IG?4iA5ClUaQ=wwE4QZ?Q!mNAxMNjnUya z_ZJntV915g87+M0H}x<^qZh1~GG$RdITnEHkQJ;|DjaI<3(H1Sf|0$g7egNtyRq5y z5Vf4!)V@kA{J9UM>Pf4(8spo9p zogX|N^Q3loMAtMvHH@G|luT+J3D14HLU-;4githhe4^XDENCmk(qiwOd~2EL(XaIX z)|!6}N2PcFIUG^oA^Z}z;~H)^Ar>dOx@IWhti?O=KakfgU7p=6gSb(@gebv2XS}_r zY=4RhrvNtaOiQN1g*G3AAA}f7)ORR2gyI?%BIhb-Lu7h%$!U8 zY((oh#jp_m0D^0)W}ExbPYVCVtTlav*gWlw;B#{vzdtxABcQdR`f~poRwSSN<)#hN z>&O%)OU34Jfd7+sk_2XxRgTP*HTA$z3#1eDT;`mIQ%`6BFl2F4zJ;L5CJ%#(?wH2b2^Nr#N+E)dsQSuq zZao>Ud7sW0CSMFQ&q`oQQ7I=NySrK^xTj)eSI*N=8=NswB#PSHw%f8s3I9k)|8#J3 z|8&~tqfFl*J=9Oq!hWk4Z!~Pzv`j!SS$w2G^m8d!00Kddta(?S$-H8#q0c%Lp;4&7 zF$B6tqYY}6sd`ev#XQ~a?8^g%t#rI+UB7fdk{rqjB@e(=%?l?Ir_Z<@mP3I6%aN{2=2wDU!eg^LJ>*&L|;V;psE zcHdSwWe3XD1*{l)M?HcrB8wzh;=7ty3Zrb z4v+5PpW0-m!XjSRmj)Nw+rg%g_at}jT!P#H8MIXY2aj5q*)B- z%OiF^L;Oj)`!MUJq)7`b#<5FS&mi-MU!AeI)do2u+RO_aE&9oMWv1;js1%~< zhL@0uQqVTD7EloGmcf@ z(s!NM?o|EixI=Ul`#snDCO3hf?IH7KO#s z(>{#A=o2%SL8%6krK;g6E$;HZKHO5UJYL3d^!;VNb+7<{g@XkU;IHTZBLn9Azh%Jx zI`KDaf1bY+Vdy`J@E`2{r$jg$i*POjXN;HD`FEDn;^gD}DzL5n*3_s~2Vy$Qm5$v{D&U$2*y{$=>YP>E+(7dLGTHX5pwjS% zBR7FsoueK0di*9<^X^sF)e+80j}tYOb4^qqhUswG*p^{K<%Nn&iZ)^V@Hty!gngvl zWd$S)r{Id=di`6OK5#XzpzSnScZ5>VkcTI9714-T;(_MA^Guv^mwbih3F+pwrOTJh z;h$(erlk$*#nGicDL=2F^TH<|x(XRs0fpC1ba}Fj6Er{!&-*a_>w(ZxlqR%V4+a`a z&?Ftd+73;nv6`SgH?atANPrsX-$PZb!A~;!Zt+0j?APq0OrjNO#@lqMksJ`jU$gF1 z7SVKCk+Rvfu=VJB&v|AR_63nVDV2*fd7pi#_-Sg>o4#0f8Ry0u>RiVTf|O8oJyV0+ zA%)^oVUb(B%!w*AZU8eu-$i$VEpoOVu*D2U zbYb3O7*-jrT|o(~-r>}!HQN(#>!muBSq4S0o3Bv{K#QWmYF3w77}qi$~~C$})-J!RLso+@1O+o#KUP2fT_fsc@gT zL@if-Yk$D z;*0lN1PW=?oPbl-#vCh-rSmcZ;+)VjXf!z#ENif_##CnV^RjWv`AdpKTN7m9R>i=b z*9`E5DktUg6E~WhRfTDh7*;hHvR%)C1uRAY_k`ITl%=?xp(wV0KaB6XoM8Aql$cJm zpmyWD^NJQPfrEK|1`&O=Wu(E_BdR)SMC+}REyq^!)ZMV}(=mg{HnSv<-3><4rz#8J zUV#mHuNaEUTgi@v6*C`M*97Fgff15N5j_(ojzl@i&(%WT8)ZKg*2Xp%vVQb^mmxR# z%k3}ELny8N9_`BEsqAy$W#kSfHQJH}rDEgRwPhU-f07)OX+DHRd+-*RnHA{(?f34l z*!oIvMNuNUzv=l?*#2sG(sfj9zZ+hchMW}EQ@Wa#L(2HQn+@2lf2#M3&Io`ehG5%V z>FvE=)Z76^(3J*`TV#WZz;1LlaL@K;zmc;3XCF>$v9);opcR+-mXb&lMtvgl(FlN*6Y1tt_iA`N) zoM=-#h;_N#HAYCu$xIjh9rduPiHZC_LmuA$Cf$h;2Sr5sYxa_^qht9~YbZBs{HfCE zwZY~AdCoRZ@8*2e&!>_@`5)Et(nsafWq@2J;9VA#3o$E)gOxZ(PJ z5XFBQIu!PALdTn##K5WBX(0tWj<>s1Bv%?}SDMnu^~r~IMXuC#A$ML7C!4`Y?_>ZZ z-!p}($u&PqguI%4qnm2b6F?`+$&w)Fadk%fdtWG7yI62$WSYG~q;hDU%qHYuuOACz zce0^l$o)hhm(gU`BSYsYa3q=Lmbc(A1}e7hlPLs@TD@cSc?K+erWx8%$s{# z)#vXtC+H1~Z^D_hHcClf^mSeI3?h~bmqvJ5n5ML;E467_ zDI=Tb2nF0cO~P7=m=ZDgp|_#xPv%bARc54KikECZM?~{NU=3IliZ`P=3l1ob^|f@9qZ1SiBz)5H2_r zgMIf?_Rt^G7T-9-WWH6D38btgwVWheY_^_^HnFQ#L(wfhO6=~kvcgDc#RoCL8!o)- z-x7rI}=ABkYoy6jc^Sb)`omiGq2O!u{~@ zu&{4Q=UNCVuA9GWJ;sKJd#Cj+kERn9Zh~HKr8C?m47rZa(FX3FuAz}-0`(7k3U!iM z_zL_dL<9y9{r054!$L4%={jn%{~9I!AqQK}M%K5@Cy<^3;gfC8r_E+9*HU4WybEpq z!Ejh=RpDz9le=Iz3ely)!-n=as#0h#FO2cEZt-%hZx%;)UPu%as#G|3ddj%kgk`pK zjK8{Y#KYDJMwI6c3YWY_j&Wj&Mwd!ZD1>=d)T&vd6@N1etKg7yg_S(}FVv{PPXFA< zTV5}&^9Uj`w_Ybpm=M)_-;8Pm23>?8pzhNZj54IQevLSE^MQ$DId zg^#cdGq)Ee1gu$|p}A}fDQ&Dw7_e2agk#;9cdw9`e)9jw5BNN%+l5bI=xVxfN+8xe zOMeHr0cm{GxfdzY{!%{TJFM>y7$wPnTH&dZ=$8dZP;${(tRO~POFmkmsOJKK1ak;&2 zKc)2)0%qspZ*jWZ}>i)<>n`52*t0}!9R7ptcuiw+c3CyG-Y~&jHQ@rzPQ54s4$$V zlKsx>Zt}YP~4a8Mr7P?ejTvI^R6ikU@(SRFTme$E(?H% zd?g{1&5c7@`A)(#D*RJ?FhlJ!b{20h)&lZ!G^DdQv&!P26ERNRwg(Mx{r%rE5a-@n zCxzRV+{@0Ir%uAyee8HfZ)6H_i`=fVQ^U3y$@V5z!T!6s&ih8VOJ{~ zQ!^(*N)aPFdpj!=BO5{~yWa~vcE5j!{MYw>&wGDw`p}vD`P2CCuj%aUoy;6;JOxeu zIpnWJp#N?N{A(@f52OFn5a@q*4=G`D1Ne@N2ns`fs*X~`P_-@I+g4pc;$t!X@STJBf~g6e$y`g1v79E$?l+XMU6BDNLtbwMrX zibH=%7+tB_A%#~#7gwgJ(h4Jr(;B{B^XQpVJKg7j)2lx#S)JnN9yHvhd!zruns*mi zW+N&Cy5u;iNl89fZ9#Xp)Mjan!ltTzjBWhL>p{w{*ApVe&Y4|~`C%3rK7=QK)j@}j zoYvm;ba}X*`@CHT}t9l*Kzxdwi~=f0~!&j60py>q#q}Z^dc@O z%p>&O_0Kvn{!_yWXhr)j30yB4n6TfyVUg6PrN%ty>?Y@K#EYZFV88pb)L48E5RbTG z@XsE-cdh71gc?a(x-Gx+M_9Yg@>m-iDzip^!`J zUdx_scA^b7ehS#E%Pk_}Ec8A8f+rpUY(HTm5U3WP!!*W&e?PCH4{2Dr4Er*2q4a+^EjoVpVK8bgC>* z7ZFtCfjH|Ll6HI><|v}(oQYL5392C{&1<--%aVs!%kyvSY`)eE`;Rg07htun8a~J0 z%PxR@i7Wnjd#eQfJcgvJrBWZBBMp9qnJ5q4#}^&2{hX z5s2gjD^2Go(Z5+YB_CuYNF$r_X7}T`6o1>we@MeY z9i$y=_v>x+R(5k^YAQZYU_K!}A3rcYmz>BfIK;6e9c!z~;c4w>)}KyjUXA|sG0~8G zzSs7UtR0Oe1R2%n1>j)Evk*Fw-ZP1vgQO$1;7AbkilChZ4nLi2jsJGjqWN|f5E0~S z#7?1HYjkTLtwZr4j^bk4z-)Ya2ubl*eftVb0E+qBl%T+X|1K%8e~jp#%5fZp@XKQi zu7Z)QKNcK~UCzxg*_q!A1-s2f>&q+uAaH2~DDEfib}I=}T^E$dIj*cI%He6qHa9wf z=^LzNxY^eG14IY@zUUA>)uk$vudu_$k1ip5$3fuNXt zaWzoo==LCY%9vZ3vphJFYqQdDO^$M;^AC$pUG7bEs8fnlQtYP|pM((6Qsx|~@L?e> z(ua)T^gItU+m|rz?!BPkI6ik?e`qt9Qg;1_eR3V@oQy(s_-?5(vR-uh`9zH<#Rhn}74<3{CR^fj@ri93<8c5l>MatN_ z&7Of$T-={mXK;Bu*#I)Z*RW2JDt$JE*Y_m|bopsxgujyLIr>RKP#;ZyL)wCVPeDd~ zvTwl~%`Z2|af#2}+7YdMTNGa*@=RDKI6cCPZs>{em37j4pfEi2q&mHD%lzTnV$!~R zDAEJN{ThccxY6Xn5x^JzY}@!832|8oUq3x$nFUEy!|$eft>Jm2!cPWbxdJ4Twcuve_*MrAV)0ff;BcHj~M4GZ?lT=Rp3!hDkU-db(oPP-Cu^KT#$=BOggs;?5u6j3? z#?#0Q6?TcJJWR=~cec-bbj}WvS(j0M z=^KL#MIKE0dyl-vt0vziV;1n@Bc>`-t%|*>3OFDln0)&CeRl!g#`6wOQfi;bZ@%VL z+HhGa_^NbEt@UHOPhkiGf8oS!{?V}D-D{Isz*U}V2mhLd9ALHD9w<#7ej{+}bdk+^m1AJ*VIV1>Ov zmD=tS2y|HBQOQ1J!ECa$=<$B5vhWk>z} zL@C@iWI#PrK=es$yTk~e?^wd2Y90m1-#E8RI8Gzy^Uzr`o|oJasMI%;7T^-5bg4wV zOfH>z=xa>?LZu}9Iw&`LxZzXXo@G%8aP{b4sc^v*H#4n8SM*5XIAU$=9fG$ad4hD* zd5E9c`l;4+i>~>Bu{3{8mEu$c9Ov9rz=1E7skd@Gf}osl1aC^l*3eq8xG**U9RP6t z%Z2{gbC&ySjro6Da{j+go>^A?CPGa670`g{!IAev` zXk+tPZI!XVvE)2e3CMJFCs!Kbevy~oa2%(H37<^?W-BaD5}gl95!Cv)fvoEHn>@i1 zR+X*URaY{9z|CFxB+{22LUg)fBf#zQ=x3p%D|X>XEdbD~Ulf-M9&z_CAPsnL4TXhX zy@FY_c%1Yo))ID%shP`U#8+d*(87lWx5h|>>=q=J`LHLYWn|XvpQ#m_aSI|^s8iLI zRqV?!=-PVMH7UC=YN%TR()&;p?jDkjJb(wJ@nsgHTQ|AS2;v!^kQ52J~7?VWFCT^%8^n4Oj4~ zr7Zc!yix`$#vNM4l3hJp|MmL#o_eItw<|86XgXZI8_wC4e#j9B=$vg9SC?y{qSu|Q z2R_Zc#myH*eZx9y7&NOY*F~l;V_*+&(+wuIX`EKbrrb-2$urruz(1eD@$-wWpe|vB zia9k+&=V_nf=ftVJ@zdn^4MYe8d^Ews0|lf&rcGFy}h+iY+0gD_-uXg^q>)%2Uv#m;4pObbz#LzI};&AIEuZ~Hg8lUV7 zGIVR1eqMInXqv{7/$FAI_CONFIGDIR -FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config diff --git a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER b/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER deleted file mode 100644 index 8d2cde2..0000000 --- a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER +++ /dev/null @@ -1,15 +0,0 @@ -# For a detailed description see nfsroot.conf(5) - -# " " for debootstrap -FAI_DEBOOTSTRAP="buster http://deb.debian.org/debian" -FAI_ROOTPW='$5$n4TiokMaqws2PC/i$eqDh77it8N/haBU6OeE6WqbBjI0E1IUczp2EJ7Tr4J/' - -NFSROOT=/srv/fai/nfsroot -TFTPROOT=/srv/tftp/fai -NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/ -FAI_DEBOOTSTRAP_OPTS="--exclude=info" - -# Configuration space -FAI_CONFIGDIR=/srv/fai/config - -NFSROOT_ETC_HOSTS="192.168.33.250 faiserver" diff --git a/roles/fai/files/profiles/files/etc/motd/FAIBASE b/roles/fai/files/profiles/files/etc/motd/FAIBASE deleted file mode 100644 index 9f8fed3..0000000 --- a/roles/fai/files/profiles/files/etc/motd/FAIBASE +++ /dev/null @@ -1,4 +0,0 @@ - - -Plan your installation, and FAI installs your plan. - diff --git a/roles/fai/files/profiles/files/etc/rc.local/CLOUD b/roles/fai/files/profiles/files/etc/rc.local/CLOUD deleted file mode 100755 index 6c2a800..0000000 --- a/roles/fai/files/profiles/files/etc/rc.local/CLOUD +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash - -# regenerate ssh_host keys -ls /etc/ssh/ssh_host_* >/dev/null 2>&1 -if [ $? -ne 0 ]; then - dpkg-reconfigure -fnoninteractive openssh-server -fi -rm $0 diff --git a/roles/fai/files/profiles/files/etc/rc.local/FAISERVER b/roles/fai/files/profiles/files/etc/rc.local/FAISERVER deleted file mode 100755 index 80e51ce..0000000 --- a/roles/fai/files/profiles/files/etc/rc.local/FAISERVER +++ /dev/null @@ -1,102 +0,0 @@ -#! /bin/bash - -# setup script that is only run once at boot time -# set up an FAI install server - -NORMAL='\E(B\E[m' -RED='\E[31m' -GREEN='\E[32m' - -set -o pipefail - -# setup network -nic=$(awk '/iface/ {print $2}' /etc/network/interfaces |egrep -v ^lo) -ifup $nic -# regenerate ssh_host keys -ls /etc/ssh/ssh_host_* > /dev/null -if [ $? -ne 0 ]; then - dpkg-reconfigure -fnoninteractive openssh-server -fi -sleep 8 -[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart - -echo "=================================" -echo "Setting up the FAI install server" -echo "This will take a few minutes" -echo "=================================" - -. /etc/fai/fai.conf -. /etc/fai/nfsroot.conf - -# copy the simple examples and pimp my config space -if [ ! -d "$FAI_CONFIGDIR/class" ]; then - mkdir -p $FAI_CONFIGDIR - cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR - ainsl /srv/fai/config/class/FAIBASE.var "^LOGUSER=fai" - myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1) - echo "APTPROXY=http://$myip:3142" >> /srv/fai/config/class/DEBIAN.var -fi -# set the LOGUSER, wo we get all the logs from our install clients -ainsl /etc/fai/fai.conf "^LOGUSER=fai" - -# make index, then import the packages from the CD mirror -apt-get update >/dev/null -curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null - -# setup the FAI server, including creating the nfsroot, use my own proxy -export APTPROXY="http://127.0.0.1:3142" -if [ -f /var/tmp/base.tar.xz ]; then - fai-setup -fvB /var/tmp/base.tar.xz > /var/log/fai/fai-setup.log 2>&1 -else - fai-setup -fv > /var/log/fai/fai-setup.log 2>&1 -fi -if [ $? -eq 0 ]; then - rm /var/tmp/base.tar.xz - echo "" - echo "================================================" - echo -e "Setting up the FAI server was ${GREEN}successful${NORMAL}" - echo "================================================" - echo "" - sleep 10 -else - echo "" - echo "==================================================" - echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!" - echo "Read /var/log/fai/fai-setup.log for more debugging" - echo "==================================================" - echo "" - sleep 10 - exit 99 -fi - -cat <> /srv/fai/nfsroot/etc/fai/fai.conf -# use short hostname instead of FQDN -export HOSTNAME=\${HOSTNAME%%.*} -echo \$HOSTNAME > /proc/sys/kernel/hostname -EOF - -# create default pxelinux boot configuration -fai-chboot -o default - -# create a template for booting the installation -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config buster.tmpl - -# Since we do not know the MAC address, our DHCP cannot provide the hostname. -# Therefore we do explicitly set the hostname -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=xfcehost xfcehost -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=demohost demohost -for c in {01..10}; do - fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=client$c client$c -done - -fai-monitor > /var/log/fai/fai-monitor.log & - -# move me away -mv $0 /var/tmp - -# create new rc.local for next reboot -echo '#! /bin/bash' > /etc/rc.local -echo 'fai-monitor > /var/log/fai/fai-monitor.log &' >> /etc/rc.local -chmod a+rx /etc/rc.local - -exit 0 diff --git a/roles/fai/files/profiles/files/etc/selinux/config/CENTOS b/roles/fai/files/profiles/files/etc/selinux/config/CENTOS deleted file mode 100644 index 9878acb..0000000 --- a/roles/fai/files/profiles/files/etc/selinux/config/CENTOS +++ /dev/null @@ -1,12 +0,0 @@ -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=disabled -# SELINUXTYPE= can take one of these two values: -# targeted - Only targeted network daemons are protected. -# strict - Full SELinux protection. -# mls - Multi Level Security protection. -SELINUXTYPE=targeted -# SETLOCALDEFS= Check local definition changes diff --git a/roles/fai/files/profiles/hooks/debconf.CENTOS b/roles/fai/files/profiles/hooks/debconf.CENTOS deleted file mode 100755 index f98becd..0000000 --- a/roles/fai/files/profiles/hooks/debconf.CENTOS +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash - -skiptask debconf diff --git a/roles/fai/files/profiles/hooks/debconf.IMAGE b/roles/fai/files/profiles/hooks/debconf.IMAGE deleted file mode 100755 index c396636..0000000 --- a/roles/fai/files/profiles/hooks/debconf.IMAGE +++ /dev/null @@ -1,45 +0,0 @@ -#! /bin/bash - -# hook for installing a file system image (tar file) -# this works for Ubuntu 14.04 -# -# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de - - -# I use this tar command to create the image of an already running and configured machine -# tar -cf /tmp/IMAGE.tar --exclude /tmp/\* --exclude /run/\* --exclude /proc/\* --exclude /sys/\* --exclude /dev/\* / -# add --xattrs --selinux --acls if needed (for CentOS 7) -# Then copy this image to /srv/fai/config/basefiles/IMAGE.tar and make sure your client belongs to the class IMAGE - -skiptask extrbase debconf repository updatebase instsoft -skiptask configure # do not run the usual configure scripts - -# we assume, that the new host will get its hostname and IP via DHCP -# remove old hostname -fgrep -v 127.0.1.1 $target/etc/hosts >> /tmp/fai/hosts -mv /tmp/fai/hosts $target/etc/hosts -rm $target/etc/hostname - -#install grub -mount -t proc proc $FAI_ROOT/proc -mount -t sysfs sysfs $FAI_ROOT/sys -mount --bind /dev $FAI_ROOT/dev - -if [ -f $target/etc/debian_version ]; then - $ROOTCMD grub-install $BOOT_DEVICE - $ROOTCMD update-grub -fi -if [ -f $target/etc/centos-release ]; then - rm $target/etc/grub2/device.map - $FAI/scripts/CENTOS/40-install-grub - $FAI/scripts/CENTOS/30-mkinitrd - $ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot -fi - - -# things that may be adjusted: -# -# MAC address ?? (not needed for Ubuntu, it uses iftab(5) -# /etc/hosts may contain the IP and name of the original host -# /etc/hostname (for Ubuntu just remove it) -# /var/lib/NetworkManager/dhclient-eth0.conf? diff --git a/roles/fai/files/profiles/hooks/instsoft.DEBIAN b/roles/fai/files/profiles/hooks/instsoft.DEBIAN deleted file mode 100755 index 35ac306..0000000 --- a/roles/fai/files/profiles/hooks/instsoft.DEBIAN +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -# if package locales will be installed, then install it early, before -# other packages -if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then - exit 0 -fi - -fcopy -Bi /etc/apt/apt.conf.d/force_confdef -ainsl -a /etc/ucf.conf "^conf_force_conffold=YES" - -# in case the locales are already included inside the base file (Ubuntu) -if [ -f $target/usr/sbin/locale-gen ]; then - exit -fi - -# if we want to install locales, install them now -install_packages -l 2>/dev/null | egrep -q ' locales|locales ' -if [ $? -eq 0 ]; then - if [ X$verbose = X1 ]; then - $ROOTCMD apt-get -y install locales - else - $ROOTCMD apt-get -y install locales > /dev/null - fi -fi diff --git a/roles/fai/files/profiles/hooks/repository.CENTOS b/roles/fai/files/profiles/hooks/repository.CENTOS deleted file mode 100755 index e78c0bb..0000000 --- a/roles/fai/files/profiles/hooks/repository.CENTOS +++ /dev/null @@ -1,31 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -if [ $FAI_ACTION = "install" ]; then - mount -t proc proc $target/proc - mount -t sysfs sysfs $target/sys - [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab - - cat > $target/etc/sysconfig/network <<-EOF - NETWORKING=yes - HOSTNAME=$HOSTNAME.$DOMAIN - EOF - echo "127.0.0.1 localhost" > $target/etc/hosts - ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" - cp /etc/resolv.conf $target/etc -fi - -mkdir $target/dev/pts -mknod -m 000 $target/dev/pts/ptmx c 5 2 - -fcopy -riv /etc/yum.repos.d/ - -# disable the fastestmirror plugin -#sed -i -e 's/enabled=1/enabled=0/' $target/etc/yum/pluginconf.d/fastestmirror.conf - -skiptask repository - -exit $error diff --git a/roles/fai/files/profiles/hooks/savelog.LAST.sh b/roles/fai/files/profiles/hooks/savelog.LAST.sh deleted file mode 100755 index e9081dc..0000000 --- a/roles/fai/files/profiles/hooks/savelog.LAST.sh +++ /dev/null @@ -1,223 +0,0 @@ -#! /bin/bash - -# parse all log files for error messages -# print errors and warnings found to error.log -# WARNING: This will only work with english error messages! - -errfile=$LOGDIR/error.log - -# Define grep patterns. Do not start or end with an empty line! -globalerrorpatterns="error -fail -warn - bad -bad -no space -syntax -Couldn't stat -Cannot access - conflict -is bigger than the limit -did not exist -non existent -not found -couldn't -can't -E: Sorry, broken packages -^E: -operator expected -ambiguous redirect -No previous regular expression -No such -Device or resource busy -unknown option -[a-z]\+\.log:E: -No candidate version found -segfault -Couldn't find any package whose name or description matched -cannot create -The following packages have unmet dependencies" - -globalignorepatterns="[a-z]\+\.log:# -Error: Driver 'pcspkr' is already registered, aborting -: bytes packets errors dropped -:+ error=0 -:+ trap error= -task_error_func= -STOP_ON_ERROR= -courier-webadmin -plugins-bad -Enabling conf localized-error-pages -ibwebadmin -kernel-patch-badram -kolab-webadmin -kolabadmin -gstreamer.\+-plugins-really-bad -liberrors.so -liberrors-samba -libsamba-errors -gsambad -libad -libtest-nowarnings-perl -libtest-warn-perl -libclass-errorhandler-perl -zope-ploneerrorreporting -libroxen-errormessage -liberror-perl -perl-Error -libgpg-error-dev -libgpg-error0 -Opts:.\+errors=remount -[RT]X packets: -WARNING: unexpected IO-APIC -warned about = ( ) -daemon.warn -kern.warn -rw,errors= -Expect some cache -no error -failmsg -RPC call returned error 101 -deverror.out -(floppy), sector 0 -mount version older than kernel -Can't locate module -Warning only .\+MB will be used. -hostname: Host name lookup failure -I can't tell the difference. -warning, not much extra random data, consider using the -rand option -confC._FILE -Warning: 3 database(s) sources -were not found, (but were created) -removing exim -The home dir you specified already exists. -No Rule for /usr/lib/ispell/default.hash. -/usr/sbin/update-fonts-.\+: warning: absolute path -hostname: Unknown server error -EXT2-fs warning: checktime reached -RPC: sendmsg returned error 101 -can't print them to stdout. Define these classes -warning: downgrading -suppress emacs errors -echo Error: -Can't open dependencies file -documents in /usr/doc are no longer supported -if you have both a SCSI and an IDE CD-ROM -Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon -Monitoring disabled -Error: only one processor found. -Error Recovery Strategy: -sector 0 does not have an -syslogin_perform_logout: logout() returned an error -grub is not in an XFS filesystem. -grub-install: line 374: -grub-probe: error: Cannot open \`/boot/grub/device.map' -is harmless -not updating .\+ font directory data. -register_serial(): autoconfig failed -Fontconfig error: Cannot load default config file -asking for cache data failed -However, I can not read the target: -Warning: The partition table looks like it was made -task_error=0 -task_local_error=0 -^info: Trying to set -warning: /usr/lib/X11/fonts -can't read /etc/udev/rules.d/z25_persistent-net.rules -/cow': No such file or directory -Dummy start-stop-daemon called -X: bytes packets errors -ACPI Error -ACPI Warning -AE_NOT_FOUND -conflicts with ACPI region -cannot stat \`/etc/modprobe.d/\*.conf' -cdrom: open failed. -libgpg-error -process \`kudzu' used the deprecated sysctl system call -PM: Resume from disk failed -JBD: barrier-based sync failed -aufs: module is from the staging directory, the quality is unknown -warning: linuxlogo stop runlevel arguments (none) do not match -insserv: warning: script .\+ missing LSB tags and overrides -live-premount.\+ If this fails -cannot read table of mounted file systems -error: no alternatives for -ERST: Error Record Serialization Table (ERST) support is initialized -ERST: Table is not found -HEST: Table not found -failed to stat /dev/pts -Failed to connect to socket /var/run/dbus/system_bus_socket -fail to add MMCONFIG information -can't initialize iptables table -can't initialize ip6tables table -Authentication warning overridden -41-warning.sh -PCCT header not found -Download is performed unsandboxed as root as file -update-alternatives: warning: skip creation of -loop: module verification failed: signature -Warning: apt-key output should not be parsed -WARNING: Failed to connect to lvmetad. Falling back to device scanning -Warning: The home dir /var/lib/usbmux you specified -diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory -error reporting disabled -Enabling Firmware First mode for corrected errors -errors: 0 - 0 errors -Memory Error Correction: -Memory Controller 0 - Channel . Error -IIO RAS/Control Status/Global Errors -RAS: Correctable Errors collector initialized -__stack_chk_fail -grub.cfg.new: Directory nonexistent -can't derive routing for PCI INT A -failed to load isci/isci_firmware.bin -Direct firmware load for isci/isci_firmware.bin failed with error -Loading user firmware failed, using default values -stunnel4 you specified can't be accessed: No such file or directory -install-docs --verbose --check file_name' may give more details about the above errors -cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory -can't claim BAR -disabling ASPM -data block query control method not found -subprocess.py.\+RuntimeWarning: line buffering -Resource conflict.\+ found -update-rc.d: warning: start and stop actions are no longer supported" - -# add pattern on some conditions -if [ -n $FAI_ALLOW_UNSIGNED ] ; then - globalignorepatterns="$globalignorepatterns -WARNING: untrusted versions -WARNING: The following packages cannot be authenticated -Ignoring these trust violations" -fi -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# Here you can define your own patterns. Put one pattern in a line, -# do not create empty lines. -myerrorpatterns="X_X-X_XX" -myignorepatterns="X_X-X_XX" -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# The main routine -errorpatterns="$globalerrorpatterns -$myerrorpatterns" -ignorepatterns="$globalignorepatterns -$myignorepatterns" - -cd $LOGDIR || exit 3 -if [ -s $errfile ]; then - echo "Errorfile already exists. Aborting." >&2 - exit -fi - -grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile -if [ X$verbose = X1 ]; then - egrep -v '^software.log:' $errfile > $LOGDIR/tempfile - mv $LOGDIR/tempfile $errfile -fi - -if [ -s $errfile ]; then - echo "ERRORS found in log files. See $errfile" >&2 -else - echo "Congratulations! No errors found in log files." -fi diff --git a/roles/fai/files/profiles/hooks/setup.DEFAULT.sh b/roles/fai/files/profiles/hooks/setup.DEFAULT.sh deleted file mode 100755 index 00a1df2..0000000 --- a/roles/fai/files/profiles/hooks/setup.DEFAULT.sh +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/bash - -# use short hostname instead of FQDN -export HOSTNAME=${HOSTNAME%%.*} -if [ $do_init_tasks -eq 1 ]; then - echo $HOSTNAME > /proc/sys/kernel/hostname -fi diff --git a/roles/fai/files/profiles/hooks/updatebase.CENTOS b/roles/fai/files/profiles/hooks/updatebase.CENTOS deleted file mode 100755 index dd418d8..0000000 --- a/roles/fai/files/profiles/hooks/updatebase.CENTOS +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -if [ ! -f $target/etc/resolv.conf ]; then - cp /etc/resolv.conf $target/etc -fi - -if [ X$verbose = X1 ]; then - echo "Updating base" - $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log -else - $ROOTCMD yum -y update >> $LOGDIR/software.log -fi - -$ROOTCMD systemd-machine-id-setup - -cat > $target/etc/sysconfig/kernel < $target/etc/apt/apt.conf.d/02proxy -else - rm -f $target/etc/apt/apt.conf.d/02proxy -fi - -echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io - -# you may want to add i386 arch to amd64 hosts -# if ifclass AMD64; then -# $ROOTCMD dpkg --add-architecture i386 -# fi diff --git a/roles/fai/files/profiles/hooks/updatebase.UBUNTU b/roles/fai/files/profiles/hooks/updatebase.UBUNTU deleted file mode 100755 index 2d1161c..0000000 --- a/roles/fai/files/profiles/hooks/updatebase.UBUNTU +++ /dev/null @@ -1,30 +0,0 @@ -#! /bin/bash - -# use external mirror, remove this script when using a mirror from CD - -cat < $target/etc/apt/sources.list -# external mirror -deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse -EOM - - -# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html -# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has -# changed. There is a /var/lib/dpkg/info/locales.config file, which -# overrides /var/lib/dpkg/info/locales.postinst and consults -# /var/lib/locales/supported.d/local instead of the debconf system. (See -# the code in /usr/share/debconf/frontend that prefers locales.config.) This -# hook applies the debconf setting. It must run after FAI's debconf task -# but before dpkg gets a chance to clobber debconf with an empty setting. - -if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then - $ROOTCMD debconf --owner=locales sh -c ' - . /usr/share/debconf/confmodule - db_version 2.0 - db_get locales/locales_to_be_generated && - mkdir -p /var/lib/locales/supported.d && - echo "$RET" > /var/lib/locales/supported.d/local' && - $ROOTCMD dpkg-reconfigure locales -fi diff --git a/roles/fai/files/profiles/package_config/CENTOS b/roles/fai/files/profiles/package_config/CENTOS deleted file mode 100644 index 86b2c61..0000000 --- a/roles/fai/files/profiles/package_config/CENTOS +++ /dev/null @@ -1,30 +0,0 @@ -PACKAGES dnfgroup -core -minimal-environment -#server-product-environment -#headless-management - -PACKAGES dnfgroup XORG -graphical-server-environment -workstation-product-environment - -PACKAGES dnfi -NetworkManager -chrony -kernel -dracut -grub2-pc -# CentOS 7 -less -openssh -openssh-clients -openssh-server -vim-enhanced -man -curl -unzip -which -ncurses ncurses-base - -PACKAGES dnfi LVM -lvm2 diff --git a/roles/fai/files/profiles/package_config/CINNAMON b/roles/fai/files/profiles/package_config/CINNAMON deleted file mode 100644 index d074217..0000000 --- a/roles/fai/files/profiles/package_config/CINNAMON +++ /dev/null @@ -1,10 +0,0 @@ -PACKAGES install DEBIAN -task-cinnamon-desktop -network-manager -network-manager-applet -network-manager-config-connectivity-debian -network-manager-gnome - -PACKAGES install UBUNTU -cinnamon-desktop-environment -network-manager diff --git a/roles/fai/files/profiles/package_config/DEBIAN b/roles/fai/files/profiles/package_config/DEBIAN deleted file mode 100644 index 3406534..0000000 --- a/roles/fai/files/profiles/package_config/DEBIAN +++ /dev/null @@ -1,56 +0,0 @@ -PACKAGES install-norec -apt-transport-https # is only needed for stretch -debconf-utils -file -less -linuxlogo -rsync -openssh-client openssh-server -time -procinfo -nullmailer -eject -locales -console-setup kbd -pciutils usbutils -unattended-upgrades - -PACKAGES install NONFREE -# you may want these non-free kernel drivers -firmware-bnx2 firmware-bnx2x firmware-realtek -firmware-linux-nonfree - -PACKAGES install I386 -linux-image-686-pae -memtest86+ - -PACKAGES install CHROOT -linux-image-686-pae- -linux-image-amd64- - -PACKAGES install AMD64 -linux-image-amd64 -memtest86+ - -PACKAGES install ARM64 -grub-efi-arm64 -linux-image-arm64 - -PACKAGES install GRUB_PC -grub-pc - -PACKAGES install GRUB_EFI -grub-efi - -PACKAGES install LVM -lvm2 - -PACKAGES install CLOUD -unattended-upgrades - -PACKAGE install-norec CINNAMON -task-cinnamon-desktop -task-desktop - -PACKAGE install-norec GERMAN -task-german diff --git a/roles/fai/files/profiles/package_config/DEBIAN.gpg b/roles/fai/files/profiles/package_config/DEBIAN.gpg deleted file mode 100644 index 0d5b7a903f651c65861986617e62a2be8cb53e70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2824 zcmZwIc{~%0AHeZ#HaByR#+EZ=gybPPbCaAsbEL@(!z4VeQpg!036CR`D`!O1+%ek7 zEobigEN0GMPyhU$*X#HD>-+!r`+j{t=^!?+Ikm?X$N{KXEpB?uCJRT^qFCf^NgQAA z{vgp-!@c^`BJz!LK!vo2?TDyjP>iNq1`8L8OALfCh=};eCl>%k2+s3SDY(JcqTpuJ zo_uP<%p~UFfH}B0Y8MmkLU~A&73WZU;ikDyiwvLddm7os5V(VQNo#3rpk5(WG@jfx zff+coslnGS;#APS9;LRowE}-I-QzOIILS^i^#Y5&WW7StV{fWz$gt8QZz5l=fHZnT-bf7_y>Hz98%io@F7Y`FMZkyDe$W7mn?^>UwF1dX!_pgEdYrx9ho zu9^Z;R%k+cRDRLM`s!fucIZo#XTDEuBwG}Q=Ausk#?#gBf%7%be;1K6vEStz5IZwd z^A}-^`a?K|D*!%xqb2aG{zcxTv$AZa2>L?__MCGy-jd6@u9!;$-l{Cani??t$0+o( zg6DRqzrVfiESuV#+jNn*d*o6lUn=Iv*@6=i>I7+qk(_Pg?q7Z-<&>*g^mUc}oGUkG92yo$NK!3|UR`1a0l*$MMBT4Yh@CcXr#N)?-zT~N zn)3G{nxP&0^KwJs30My=S!b+z3`iBs4FmziKyW$`0tkXVg0L_#GSESInVA?_AbcP? zAOHd~r+(D{2>=1iOdJ;vzMV1{Q|1K&IRG(lZ{`X*Fn>Ij^4V;x^oFFpk2Tf|PVQio zwKq%FpE)hyz{s8Tv85}*PFg0mF*<~; zIr<7=>u(#@4Ke5>;#e=QBZSwz-^sgscm=X3iBp!*apyU!cNdJQB5Sca>=`b?t7ib~ zqY4JkM@*I=^w(X(e*Dl!gslv(odcXDwVia66y$CH&UXr!4iwS$F2k(TqeX^{8&`FuRn8)siElDXn|DO@g;*yIcp3eeVDtfS$Cw z6jWeFhPTJMEFaoMWCU33yl%aG3L0;Y+)JXDvstBo&dJA*y*vj& zy|vgL%>wr2vt?FbCXJv-gVoqcv2{6;^qW|eqsRXF1Bn@aVWb{Ny6ng-y3U`tGkFB= zdP7frymG+PT*}c8^L#eN6Jj?=R$97B$qjoHE?tt@%az2e`-YgNx{jMLQO|{o8mge8 zJ+$B?%@>MlTsXQm$(Vq^KtfB6+7Z z1$p+lpB1ho>LD^O)I{d?rkV&SaS4_}vT7|9zu$tF8WraFK8(j04}x%C4*e_=?&?_n z#EpZ>mLt}($@SAkjBg^%(pVrs{G{FKlQG5Q?}9K0`%m_1CDOLpjxr4&Gqg+mQ(Lyr z)SBgl`;^xrSH^O%Ud5DQ@0)h7zG_ACtcHI7pciYkX}VIGe_TOwNIHXKBKoohGqj`j z7@75%BipY&rbhBm9+NvgG-eck5CY{*)ncEUeK>r>q1Rx=eAkcIbMq9)+D9?VWKeqL z2@oE|pSo{uUSOBcz9ThWJs%`l!FkW;K|fDwr&fbF?tW&0N+Y)J1vX##kM*oXYgP$% z2df{@p3{Fxl%(p~1%Z=mm5MX=?+2qZ4hR%_QrUMe5IP2B9t*2;QX zykntrEgzo-ym-F~(ux4zpM5Y{i|xr z+^hZ0UN$2RO)mZ3LS}8DsX1ZSm$a;H`IbP2raGd_BcHanpXQ~NBA>`d?iBHgg2h){l6-mFzd;2Yj!jZyX zC$J!=e?9L0j6pUeKw#MXKQL-iAt(ASu*bYmF( zfi`c>uOoyeh2>{qL%8mAu;;FCh-yaDt@{r|EM?+F*lgJ*qI*~YHQr@UOB$5mrY8jg z(Ba7;Y;Ln`&uzdA(@^GApFy# zwjp3cY3B!j@T-^It+92}jGEedJ70?7Q9pe`l{`2{c3QnAnoY%x<*u~0ej#vIMY*DN z76dc~2Nc_E|JV2QvUayRGDu41JC3dfsBQUVBKB@e9iPb_cn3`MV1}LGksyy9ZCe69LgeiL;-QQJ<0U^QszdFVA zJ4R>_ob}%y196)J5Rt5h{V>01b=BX#%P#2M1D#8U?8}1g8hg!~OC{?Gm_njV?;tWy zie3WKg!CqB-UwGP$^otQ^mqrYvFhogVEn}=>Xta7{T-VHn6^fe@py$>oceJ(%jK`{ z^By-WzX%`P51LRYqPKQVxQOU0$GqY-An5i(PeZj2I^(RMO3p#6!ntHB-cCPLzeyx} zE|t&pfbIb(tI{OZ%`v9Io5g_Zh*vmL|o-3lPJ7 zb3rZv2QOKPUzi1*5bF42(xq3bDaIY!LSvKRxX&>Wel3B6C$0XEm{Vd;CXDA6J;A7jRhMbz-c9q40=~ zR~!7jtyISLZ2gP{{}WmbhbL`oFzG;g%2m9&H({_Y<}&3NF71e&Zsb4hu#(gr2rI3_ zUc9I-~2{wNf(!!|e#9%H0#V9p6P{U_9 zS;Lm)F2m7`K@NU-7N@=0`$error?$?:$error))' ERR # save maximum error code - -$ROOTCMD usermod -p $ROOTPW root - -fcopy -v /etc/selinux/config -$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot -chmod a+rx $target - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd b/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd deleted file mode 100755 index 9ccbeba..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net -# (c) Thomas Lange, 2011, Uni Koeln - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -ainsl -v /etc/fstab "proc /proc proc defaults 0 0" -ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0" - -version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-` - - -if [ -f $target/etc/lvm/lvm.conf ]; then - sed -i -e 's/use_lvmetad = 1/use_lvmetad = 0/' $target/etc/lvm/lvm.conf - ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "' -fi - - -# add filesystem driver into initrd -ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+="ext4"' -$ROOTCMD dracut -v --kver $version --force - - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/40-install-grub b/roles/fai/files/profiles/scripts/CENTOS/40-install-grub deleted file mode 100755 index 45c6322..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/40-install-grub +++ /dev/null @@ -1,96 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2011, mgoetze@mgoetze.net -# (c) Thomas Lange 2014 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -if [ -r $LOGDIR/disk_var.sh ] ; then - . $LOGDIR/disk_var.sh -else - echo "disk_var.sh not found!" - exit 1 -fi - - -# CentOS 7 does not have a device.map file, so generate one -if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then - echo "# Generated by FAI" >> $target/boot/grub2/device.map - centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort) - dcount=0 - for d in $centosdisks; do - echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map - dcount=$((dcount + 1)) - done -fi - -bootdev=`device2grub $BOOT_DEVICE` -bootpart=`device2grub $BOOT_PARTITION` -version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-` - -if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then - bootdir='' -else - bootdir='/boot' -fi - -mount -o bind /dev $target/dev - - - -if [ -f $target/usr/sbin/grub2-install ]; then - - # CentOS 7 - $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE" - $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg -else - -$ROOTCMD grub-install --just-copy - -$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF - device $bootdev $BOOT_DEVICE - root $bootpart - setup $bootdev - quit - EOF - -ln -s ./menu.lst $target/boot/grub/grub.conf - -if [ -f $target/boot/grub/splash.xpm.gz ]; then - pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz" -else - pretty="color cyan/blue white/blue" -fi - -if [ -f $target/sbin/dracut -o -f $target/usr/sbin/dracut ]; then - # CentOS 6 - iname=initramfs -else - # CentOS 5 - iname=initrd -fi -title=`head -1 $target/etc/redhat-release` - -cat > $target/boot/grub/grub.conf <<-EOF - timeout 5 - default 0 - $pretty - hiddenmenu - - title $title - root $bootpart - kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro - initrd $bootdir/$iname-$version.img - EOF - -fi - -umount $target/dev - -echo "" -echo "Grub installed on $BOOT_DEVICE = $bootdev" -echo "Grub boot partition is $BOOT_PARTITION = $bootpart" -echo "Root partition is $ROOT_PARTITION" -echo "Boot kernel: $version" - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig b/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig deleted file mode 100755 index 0dd0f4e..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2011, mgoetze@mgoetze.net - -error=0 ; trap "error=$((error|1))" ERR - -cat > $target/etc/sysconfig/clock <<-EOF - UTC=$UTC - ZONE=$TIMEZONE - EOF -cat > $target/etc/sysconfig/i18n <<-EOF - LANG="$DEFAULTLOCALE" - SUPPORTED="$SUPPORTEDLOCALE" - SYSFONT="$CONSOLEFONT" - EOF -cat > $target/etc/sysconfig/keyboard <<-EOF - KEYBOARDTYPE="pc" - KEYTABLE="$KEYMAP" - EOF - -if [ -f $target/usr/lib/locale/locale-archive.tmpl \ - -a ! -s $target/usr/lib/locale/locale-archive ]; then - mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive -fi - -fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard - -exit $error - diff --git a/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts b/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts deleted file mode 100755 index 2542b9e..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts +++ /dev/null @@ -1,40 +0,0 @@ -#! /bin/bash - -error=0 ; trap "error=$((error|1))" ERR - - -# determine predictable network names -fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" -for field in $fields; do - name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") - if [[ $name ]]; then - NIC1=$name - break - fi -done -if [[ ! $name ]]; then - echo "$0: error: could not find systemd predictable network name. Using $NIC1." -fi - - -if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then - cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF - # generated by FAI - TYPE=Ethernet - PROXY_METHOD=none - BOOTPROTO=dhcp - DEFROUTE=yes - BROWSER_ONLY=no - IP4_FAILURE_FATAL=no - IPV6INIT=no - IPV6_AUTOCONF=no - NAME=$NIC1 - DEVICE=$NIC1 - ONBOOT=yes - EOF -fi - -fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks -fcopy -ivr /etc/sysconfig/network-scripts - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/80-misc b/roles/fai/files/profiles/scripts/CENTOS/80-misc deleted file mode 100755 index eff7f18..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/80-misc +++ /dev/null @@ -1,21 +0,0 @@ -#! /bin/bash - -error=0 ; trap "error=$((error|1))" ERR - -# add a $username user account -if [ -n "$username" ]; then - if ! $ROOTCMD getent passwd $username ; then - $ROOTCMD adduser -c "$username user" $username - $ROOTCMD usermod -p "$USERPW" $username - fi -fi - -# enable graphical login screen, make run level 5 as default -if [ -f $target/usr/sbin/gdm ]; then - sed -i -e 's/id:3:initdefault:/id:5:initdefault:/' $target/etc/inittab - # do not run this tool - echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot -fi - -exit $error - diff --git a/roles/fai/files/profiles/scripts/CENTOS/90-cleanup b/roles/fai/files/profiles/scripts/CENTOS/90-cleanup deleted file mode 100755 index 2eadacd..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/90-cleanup +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash - -$ROOTCMD yum clean all diff --git a/roles/fai/files/profiles/scripts/CLOUD/10-network b/roles/fai/files/profiles/scripts/CLOUD/10-network deleted file mode 100755 index 3406ccc..0000000 --- a/roles/fai/files/profiles/scripts/CLOUD/10-network +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# Disable systemd's network interface name management. -# References: -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385 -# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ - -fcopy -M /etc/default/grub.d/10_cloud_disable_net.ifnames.cfg -$ROOTCMD update-grub diff --git a/roles/fai/files/profiles/scripts/CLOUD/99-cleanup b/roles/fai/files/profiles/scripts/CLOUD/99-cleanup deleted file mode 100755 index 4580988..0000000 --- a/roles/fai/files/profiles/scripts/CLOUD/99-cleanup +++ /dev/null @@ -1,27 +0,0 @@ -#! /bin/bash - -fcopy /etc/init.d/expand-root -if [ -f $target/files/etc/init.d/expand-root ]; then - $ROOTCMD insserv --default expand-root -fi - -sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config -ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120' - -ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr' -ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy' - -rm -f $target/etc/resolv.conf \ - $target/etc/udev/rules.d/70-persistent-net.rules \ - $target/lib/udev/write_net_rules \ - $target/etc/mailname \ - $target/var/lib/dbus/machine-id - -> $target/etc/machine-id - -shred --remove $target/etc/ssh/ssh_host_* - -# FIXME: DHCP RFC3442 is used incorrect in Azure -if [ -f $target/etc/dhcp/dhclient.conf ]; then - sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf -fi diff --git a/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw b/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw deleted file mode 100755 index 8fdf4c8..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# set root password -if [ -n "$ROOTPW" ]; then - $ROOTCMD usermod -p "$ROOTPW" root -else - $ROOTCMD usermod -L root - # enable sudo for user - ainsl /etc/sudoers "$username ALL = ALL" -fi - -exit $error - diff --git a/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities b/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities deleted file mode 100755 index ea650fa..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# -# Capabilities get lost when creating the fai base.tar.xz image. -# Restore them here. -# - -set -e - -if [ ! -x $target/sbin/setcap ] ; then - exit 0 -fi - -for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do - if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then - if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then - echo "Setcap worked! $FILE is not suid!" - fi - fi -done -if [ -x $target/usr/bin/systemd-detect-virt ] ; then - $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt -fi diff --git a/roles/fai/files/profiles/scripts/DEBIAN/30-interface b/roles/fai/files/profiles/scripts/DEBIAN/30-interface deleted file mode 100755 index bff6863..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/30-interface +++ /dev/null @@ -1,125 +0,0 @@ -#! /bin/bash - -netplan_yaml() { - # network configuration using ubuntu's netplan.io - local IFNAME="$1" - local METHOD="$2" - echo "Generating netplan configuration for $IFNAME ($METHOD)" >&2 - echo "# generated by FAI" - echo "network:" - echo " version: 2" - echo " renderer: $RENDERER" - case "$RENDERER" in - networkd) - echo " ethernets:" - echo " $IFNAME:" - case "$METHOD" in - dhcp) - echo " dhcp4: true" - ;; - static) - echo " addresses: [$CIDR]" - echo " gateway4: $GATEWAYS_1" - echo " nameservers:" - echo " search: [$DOMAIN]" - echo " addresses: [${DNSSRVS// /, }]" - ;; - esac - esac -} - -iface_stanza() { - # classic network configuration using /etc/network/interfaces - local IFNAME="$1" - local METHOD="$2" - echo "Generating interface configuration for $IFNAME ($METHOD)" >&2 - echo "# generated by FAI" - echo "auto $IFNAME" - echo "iface $IFNAME inet $METHOD" - case "$METHOD" in - static) - echo " address $IPADDR" - echo " netmask $NETMASK" - echo " broadcast $BROADCAST" - echo " gateway $GATEWAYS" - ;; - esac -} - -newnicnames() { - - # determine predictable network names only for stretch and above - local name - - [ $do_init_tasks -eq 0 ] && return - [ -z "$NIC1" ] && return - ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev) - if dpkg --compare-versions $ver lt 220-7; then - return - fi - - - fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" - for field in $fields; do - name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") - if [[ $name ]]; then - NIC1=$name - return - fi - done - - # try to get altname net dev - name=$(ip link show $NIC1 | awk '/altname / { print $2 }') - if [[ $name ]]; then - NIC1=$name - return - else - echo "$0: error: could not find systemd predictable network name. Using $NIC1." - fi -} - -if [ -z "$NIC1" ]; then - echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces." -fi -CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}') -newnicnames - -case "$FAI_ACTION" in - install|dirinstall) - ifclass DHCPC && METHOD=dhcp || METHOD=static - ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd - - if [ -d $target/etc/netplan ]; then - # Ubuntu >= 17.10 with netplan.io - if [ -n "$NIC1" ]; then - netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml - fi - elif [ -d $target/etc/network/interfaces.d ]; then - # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04) - iface_stanza lo loopback > $target/etc/network/interfaces.d/lo - - if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then - iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1 - fi - else - ( - iface_stanza lo loopback - iface_stanza $NIC1 $METHOD - ) > $target/etc/network/interfaces - fi - - if ! ifclass DHCPC ; then - [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks - if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then - cp -p /etc/resolv.conf $target/etc - fi - fi - ;; -esac - -# here fcopy is mostly used, when installing a client for running in a -# different subnet than during the installation -fcopy -iM /etc/resolv.conf -fcopy -iM /etc/network/interfaces /etc/networks - -exit $error diff --git a/roles/fai/files/profiles/scripts/DEBIAN/40-misc b/roles/fai/files/profiles/scripts/DEBIAN/40-misc deleted file mode 100755 index 714be55..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/40-misc +++ /dev/null @@ -1,51 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2001-2016, lange@debian.org -# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# a list of modules which are loaded at boot time -for module in $MODULESLIST; do - ainsl -a /etc/modules "^$module$" -done - -fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname -ainsl -a /etc/mailname ${HOSTNAME} -if [ ! -e $target/etc/adjtime ]; then - printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime -fi -if [ "$UTC" = "yes" ]; then - sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime -else - sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime -fi - -# enable linuxlogo -if [ -f $target/etc/inittab ]; then - sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab -elif [ -f $target/lib/systemd/system/getty@.service ]; then - sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service -fi - -# make sure a machine-id exists -if [ ! -f $target/etc/machine-id ]; then - > $target/etc/machine-id -fi -# recreate machine-id if the file is empty -if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)" = X0 -a -f $target/bin/systemd-machine-id-setup ]; then - $ROOTCMD systemd-machine-id-setup -fi - -ln -fs /proc/mounts $target/etc/mtab - -rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io - -if [ -d /etc/fai ]; then - if ! fcopy -Mv /etc/fai/fai.conf; then - ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC" - fi -fi -fcopy -iv /etc/rc.local - -exit $error diff --git a/roles/fai/files/profiles/scripts/FAIBASE/10-misc b/roles/fai/files/profiles/scripts/FAIBASE/10-misc deleted file mode 100755 index 7a0599d..0000000 --- a/roles/fai/files/profiles/scripts/FAIBASE/10-misc +++ /dev/null @@ -1,37 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2001-2012, lange@debian.org - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -echo $TIMEZONE > $target/etc/timezone -if [ -L $target/etc/localtime ]; then - ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime -else - cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime -fi - -if [ -f $target/etc/hosts.orig ]; then - mv $target/etc/hosts.orig $target/etc/hosts -fi -if [ -n "$IPADDR" ]; then - ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" -else - ifclass DHCPC && ainsl -s /etc/hosts "127.0.0.1 $HOSTNAME" -fi -fcopy -iM /etc/hosts /etc/motd - -# make /root accessible only by root -chmod -c 0700 $target/root -chown -c root:root $target/root -# copy default dotfiles for root account -fcopy -ir /root - -# use tmpfs for /tmp if not defined in disk_config -if ! grep -Pq '\s/tmp\s' $target/etc/fstab; then - ainsl /etc/fstab "tmpfs /tmp tmpfs nodev,nosuid,size=50%,mode=1777 0 0" -fi -chmod -c 1777 ${target}/tmp -chown -c 0:0 ${target}/tmp - -exit $error diff --git a/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media b/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media deleted file mode 100755 index 8ba10d9..0000000 --- a/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2006,2009, lange@debian.org -# create entries for removable media in fstab and directories in /media - -cdromlist() { - [ -f /proc/sys/dev/cdrom/info ] || return - devs=$(grep 'drive name:' /proc/sys/dev/cdrom/info | cut -d ":" -f 2) - for d in $devs; do - echo $d - done -} - -fstabline () { - line=$(printf "%-15s %-15s %-7s %-15s %-7s %s\n" "$1" "$2" "$3" "$4" "$5" "$6") - ainsl /etc/fstab "$line" -} - -i=0 -for cdrom in $(cdromlist | tac); do - [ $i -eq 0 ] && ln -sfn cdrom0 $target/media/cdrom - mkdir -p $target/media/cdrom$i - fstabline /dev/$cdrom /media/cdrom$i udf,iso9660 ro,user,noauto 0 0 - i=$(($i + 1)) -done diff --git a/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles b/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles deleted file mode 100755 index 578255f..0000000 --- a/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles +++ /dev/null @@ -1,47 +0,0 @@ -#! /bin/bash - -fcopy -BvrS /etc/fai -fcopy -BvS /etc/dhcp/dhcpd.conf - -if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then - - # use the same sources.list for the server itself and the clients - cp -a $target/etc/fai/apt $target/etc/ - - if ifclass DHCPC; then - rm -f $target/etc/resolv.conf - else - echo 127.0.0.1 > $target/etc/resolv.conf - fi - - # faiserver uses its own apt cache - ainsl -av /etc/apt/apt.conf.d/02proxy 'Acquire::http::Proxy "http://127.0.0.1:3142";' - - # create some host entries - myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1) - ainsl /etc/hosts "$myip faiserver" # that's me - ainsl /etc/hosts "192.168.33.100 demohost" - ainsl /etc/hosts "192.168.33.101 xfcehost" - # add entries for 10 hosts called client 01 .. 10 - perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts - - sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf - ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0" - - # copy base file for faster building of nfsroot - if [ -f /var/tmp/base.tar.xz ]; then - cp -p /var/tmp/base.tar.xz $target/var/tmp - fi - - if [ -d /media/mirror/pool ]; then - mkdir $target/var/cache/apt-cacher-ng/_import - cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import - $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/_import - fi - - # copy basefiles from CD to config space - if [ -d $FAI/basefiles ]; then - mkdir -p $target/srv/fai/config/basefiles - cp -vp $FAI/basefiles/*.tar.* $target/srv/fai/config/basefiles 2>/dev/null || true - fi -fi diff --git a/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup b/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup deleted file mode 100755 index f586ba1..0000000 --- a/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup +++ /dev/null @@ -1,68 +0,0 @@ -#! /bin/bash -# support for GRUB version 2 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# This script assumes that the disk has a GPT partition table and -# that the extended system partition (ESP) is mounted on /boot/efi. -# When building a disk image, we don't change the NVRAM to point at -# the boot image we made available, because the disk image is likely -# not installed on the current system. As a result, we force -# installation into the removable media paths as well as the standard -# debian path. - -set -a - -# do not set up grub during dirinstall -if [ "$FAI_ACTION" = "dirinstall" ] ; then - exit 0 -fi -# during softupdate use this file -[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh - -if [ -z "$BOOT_DEVICE" ]; then - exit 189 -fi - -# disable os-prober because of #788062 -ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' - -# skip the rest, if not an initial installation -if [ $FAI_ACTION != "install" ]; then - $ROOTCMD update-grub - exit $error -fi - -GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) - -# handle /boot in lvm-on-md -_bdev=$(readlink -f $BOOT_DEVICE) -if [ "${_bdev%%-*}" = "/dev/dm" ]; then - BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) -fi - -# Check if RAID is used for the boot device -if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then - raiddev=${BOOT_DEVICE#/dev/} - # install grub on all members of RAID - for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do - echo Install grub on /dev/$device - $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" - done - -elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then - # do not update vmram when using a loop device - $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE - if [ $? -eq 0 ]; then - echo "Grub installed on hostdisk $BOOT_DEVICE" - fi - -else - $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT" - if [ $? -eq 0 ]; then - echo "Grub installed on $BOOT_DEVICE = $GROOT" - fi -fi -$ROOTCMD update-grub - -exit $error diff --git a/roles/fai/files/profiles/scripts/GRUB_PC/10-setup b/roles/fai/files/profiles/scripts/GRUB_PC/10-setup deleted file mode 100755 index 5563275..0000000 --- a/roles/fai/files/profiles/scripts/GRUB_PC/10-setup +++ /dev/null @@ -1,52 +0,0 @@ -#! /bin/bash -# support for GRUB version 2 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -set -a - -# do not set up grub during dirinstall -if [ "$FAI_ACTION" = "dirinstall" ] ; then - exit 0 -fi -# during softupdate use this file -[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh - -if [ -z "$BOOT_DEVICE" ]; then - exit 189 -fi - -# disable os-prober because of #788062 -ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' - -# skip the rest, if not an initial installation -if [ $FAI_ACTION != "install" ]; then - $ROOTCMD update-grub - exit $error -fi - -GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) - -# handle /boot in lvm-on-md -_bdev=$(readlink -f $BOOT_DEVICE) -if [ "${_bdev%%-*}" = "/dev/dm" ]; then - BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) -fi - -# Check if RAID is used for the boot device -if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then - raiddev=${BOOT_DEVICE#/dev/} - # install grub on all members of RAID - for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do - echo Install grub on /dev/$device - $ROOTCMD grub-install --no-floppy "/dev/$device" - done -else - $ROOTCMD grub-install --no-floppy "$GROOT" - if [ $? -eq 0 ]; then - echo "Grub installed on $BOOT_DEVICE = $GROOT" - fi -fi -$ROOTCMD update-grub - -exit $error diff --git a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy b/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy deleted file mode 100755 index 82548c7..0000000 --- a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -$ROOTCMD rm -f /etc/apt/apt.conf.d/00-proxy diff --git a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network b/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network deleted file mode 100755 index f3e7bdd..0000000 --- a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# allow configure NICs globally over network manager -#$ROOTCMD touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf -# enable resolved -$ROOTCMD systemctl enable systemd-resolved - -$ROOTCMD tee /etc/netplan/01-network-manager-all.yaml <$error?$?:$error))' ERR # save maximum error code - -if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then - : -else - # check if mdadm has been forgotten - if grep -q active /proc/mdstat 2>/dev/null; then - if [ ! -d $target/etc/mdadm ]; then - echo ERROR: Found Software RAID, but the mdadm package was not installed - error=1 - fi - fi - - usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l) - if [ $usedm -ne 0 ]; then - if [ ! -d $target/etc/lvm ]; then - echo ERROR: Found lvm devices, but the lvm2 package was not installed - error=1 - fi - fi -fi - -# remove backup files from cfengine, but only if cfengine is installed -if [ -x /usr/sbin/cfagent ] || [ -x $target/usr/sbin/cfagent ] ; then - dirs="root etc var" - for path in $dirs; do - find $target/$path -maxdepth 20 -name \*.cfedited -o -name \*.cfsaved | xargs -r rm - done -fi - -[ "$FAI_DEBMIRROR" ] && - ainsl /etc/fstab "#$FAI_DEBMIRROR $MNTPOINT nfs ro 0 0" - -# set bios clock -if [ $do_init_tasks -eq 1 ] ; then - case "$UTC" in - no|"") hwopt="--localtime" ;; - yes) hwopt="--utc" ;; - esac - hwclock $hwopt --systohc || true -fi - -# Make sure everything is configured properly -if ifclass DEBIAN ; then - $ROOTCMD apt-get -f install -y -fi - -if [ $FAI_ACTION = "install" ]; then - lskernels=$(echo $target/boot/vmlinu*) - if [ ! -f ${lskernels%% *} ]; then - echo "ERROR: No kernel was installed. Have a look at shell.log" >&2 - error=1 - fi -fi - -# copy sources.list -fcopy -iSM /etc/apt/sources.list - - -setrel() { - - # if release is not set, try to determine it - - if [ -n "$release" ]; then - return - fi - if [ ! -f $target/etc/os-release ]; then - return - fi - - dists="jessie stretch buster bullseye bookworm focal bionic xenial trusty" - for d in $dists; do - if grep -iq $d $target/etc/os-release; then - release=$d - break - fi - done -} - -# if installation was done from CD, replace useless sources.list -setrel -if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then - grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat < $target/etc/apt/sources.list -deb $apt_cdn/debian $release main contrib non-free -deb $apt_cdn/debian-security $release/updates main contrib non-free -#deb [trusted=yes] http://fai-project.org/download $release koeln -EOF - # if the package fai-server was installed, enable the project's repository - if [ -f $target/var/lib/dpkg/info/fai-server.list ]; then - sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list - fi -fi - -# for ARM architecture, we may need the kernel and initrd to boot or flash the device -if ifclass ARM64; then - cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR -fi - -exit $error diff --git a/roles/fai/files/profiles/scripts/SECURE_ERASE/01-run b/roles/fai/files/profiles/scripts/SECURE_ERASE/01-run deleted file mode 100755 index 3260f41..0000000 --- a/roles/fai/files/profiles/scripts/SECURE_ERASE/01-run +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -IFS=$'\n' -DEVS_PATH=(`lsblk -n -S -o PATH`) -DEVS_DESC=(`lsblk -n -S -o MODEL`) - -DEVS=(0 '' 0 '') - -ITEMS="dialog --clear --title 'Secure erase disk' --menu 'Select:' 0 0 0" -for (( i=0; i<${#DEVS_PATH[@]}; i++ )) ; do - DEVS+=($i $DEVS_DESC[$i]) -done - -echo ${DEVS[@]} diff --git a/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw b/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw deleted file mode 100755 index 8fdf4c8..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# set root password -if [ -n "$ROOTPW" ]; then - $ROOTCMD usermod -p "$ROOTPW" root -else - $ROOTCMD usermod -L root - # enable sudo for user - ainsl /etc/sudoers "$username ALL = ALL" -fi - -exit $error - diff --git a/roles/fai/files/profiles/scripts/UBUNTU/11-user b/roles/fai/files/profiles/scripts/UBUNTU/11-user deleted file mode 100755 index 0ec01b1..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/11-user +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -groups="adm cdrom sudo dip plugdev lpadmin sambashare lxd" - -# add additional user account -if [ -n "$username" ]; then - $ROOTCMD adduser --disabled-login --gecos "$username" $username - $ROOTCMD usermod -p "$USERPW" $username - - for g in $groups; do - $ROOTCMD adduser $username $g - done -fi diff --git a/roles/fai/files/profiles/scripts/UBUNTU/90-apt b/roles/fai/files/profiles/scripts/UBUNTU/90-apt deleted file mode 100755 index 4da7029..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/90-apt +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash - -# check if we already use an external mirror -grep -q "external mirror" $target/etc/apt/sources.list && exit 0 - -cat < $target/etc/apt/sources.list -# external mirror -deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse -EOM diff --git a/roles/fai/files/profiles/scripts/UBUNTU/91-misc b/roles/fai/files/profiles/scripts/UBUNTU/91-misc deleted file mode 100755 index 0d1d6d8..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/91-misc +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/bash - -# disable the first login screen -$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-first-login.desktop -$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop -$ROOTCMD deluser --system gnome-initial-setup -$ROOTCMD dpkg-reconfigure keyboard-configuration diff --git a/roles/fai/files/profiles/tests/FAIBASE_TEST b/roles/fai/files/profiles/tests/FAIBASE_TEST deleted file mode 100755 index 79bfab2..0000000 --- a/roles/fai/files/profiles/tests/FAIBASE_TEST +++ /dev/null @@ -1,44 +0,0 @@ -#! /usr/bin/perl - -use strict; -use warnings; -use Faitest; -package FAITEST; - -setup_test(); -# - - - - - - - - - - - - - - - - - - - - - - - - - - -# now comes the test itself - -my $dev = &getDevByMount("/target/home"); -&checkE2fsAttribute($dev,"Filesystem volume name","home"); -&checkE2fsAttribute($dev,"Maximum mount count","-1"); -&checkE2fsAttribute($dev,"Check interval","0 ()"); - -exit printresult(); -# - - - - - - - - - - - - - - - - - - - - - - - - - - -__END__ - -=head1 NAME - -FAIBASE_TEST - regression test for setup-storage disk layout FAIBASE - -=head1 SYNOPSIS - -FAIBASE_TEST checks some important aspects of setup-storage. The -disk_config/FAIBASE tunes some filesystem parameters upon creation. We -check only the last partition since we expect prior errors to make -creation of the last partition fail. - - Options: - -help simple help - -verbose=n increase verbosity of test script - -=head1 OPTIONS - -=over 8 - -=item B<-help> -simple help - -=item B<-verbose> -increase verbosity of test script diff --git a/roles/fai/files/profiles/tests/Faitest.pm b/roles/fai/files/profiles/tests/Faitest.pm deleted file mode 100644 index 022b407..0000000 --- a/roles/fai/files/profiles/tests/Faitest.pm +++ /dev/null @@ -1,96 +0,0 @@ -#! /usr/bin/perl - -# Subroutines for automatic tests -# -# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de -# Based on the first version by Sebastian Hetze, 08/2008 - -package FAITEST; - -my $errors = 0; - -use strict; -use Getopt::Long; -use Pod::Usage; -# - - - - - - - - - - - - - - - - - - - - - - - - - - -sub setup_test { - - my $verbose = 0; - my $help = 0; - my $man = 0; - $verbose = $ENV{'debug'} if $ENV{'debug'}; - - my $result = GetOptions ( - "verbose=i" => \$verbose, - "help" => \$help, - "man" => \$man, - - ); - - pod2usage(1) if $help; - pod2usage(-exitstatus => 0, -verbose => 2) if $man; - - open(LOGFILE,">> $ENV{LOGDIR}/test.log") || die "Can't open test.log. $!"; - print LOGFILE "------------ Test $0 starting ------------\n"; -} - -sub printresult { - - # write test result and set next test - my ($nexttest) = @_; - - if ($errors > 0) { - print STDERR "\n===> $0 FAILED with $errors errors\n"; - print LOGFILE "\n===> $0 FAILED with $errors errors\n"; - } else { - print STDERR "\n===> $0 PASSED successfully\n"; - print LOGFILE "\n===> $0 PASSED successfully\n"; - print LOGFILE "NEXTTEST=$nexttest\n" if $nexttest; - } - close (LOGFILE); - return $errors; -} - -sub getDevByMount { - - my $mount = shift; - my $dev = qx#mount|grep $mount|cut -d' ' -f1#; - chomp $dev; - return $dev -} - -sub checkMdStat { - - my ($device, $expected) = @_; - my ($value) = qx#grep -i "^$device\\b" /proc/mdstat# =~ m/$device\s*:\s*(.*)/i; - - if ($value eq $expected) { - print LOGFILE "Check raid $device success\n"; - return 0; - } else { - print LOGFILE "Check raid $device FAILED.\n Expect <$expected>\n Found <$value>\n"; - $errors++; - return 1; - } -} - -sub checkE2fsAttribute { - - my ($device, $attribute, $expected) = @_; - - # since attribute is a space separated list of attributes, IMO we must loop over - # the list. Ask Sebastian again - my ($value) = qx#tune2fs -l $device |grep -i "$attribute"# =~ m/$attribute:\s+(.*)/i; - - if ($value eq $expected) { - print LOGFILE "Check $attribute for $device success\n"; - return 0; - } else { - print LOGFILE "Check $attribute for $device FAILED.\n Expect <$expected>\n Found <$value>\n"; - - $errors++; - return 1; - } -} - -1; diff --git a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/00-proxy/.keep b/roles/fai/files/tools/pmagic/test.file similarity index 100% rename from roles/fai/files/profiles/files/etc/apt/apt.conf.d/00-proxy/.keep rename to roles/fai/files/tools/pmagic/test.file diff --git a/roles/fai/files/vimrc.local b/roles/fai/files/vimrc.local new file mode 100644 index 0000000..4919f34 --- /dev/null +++ b/roles/fai/files/vimrc.local @@ -0,0 +1,51 @@ +" All system-wide defaults are set in $VIMRUNTIME/debian.vim and sourced by +" the call to :runtime you can find below. If you wish to change any of those +" settings, you should do it in this file (/etc/vim/vimrc), since debian.vim +" will be overwritten everytime an upgrade of the vim packages is performed. +" It is recommended to make changes after sourcing debian.vim since it alters +" the value of the 'compatible' option. + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +" Vim will load $VIMRUNTIME/defaults.vim if the user does not have a vimrc. +" This happens after /etc/vim/vimrc(.local) are loaded, so it will override +" any settings in these files. +" If you don't want that to happen, uncomment the below line to prevent +" defaults.vim from being loaded. +let g:skip_defaults_vim = 1 + +" Uncomment the next line to make Vim more Vi-compatible +" NOTE: debian.vim sets 'nocompatible'. Setting 'compatible' changes numerous +" options, so any other options should be set AFTER setting 'compatible'. +"set compatible + +" Vim5 and later versions support syntax highlighting. Uncommenting the next +" line enables syntax highlighting by default. +syntax on + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + +" Uncomment the following to have Vim jump to the last position when +" reopening a file +au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif + +" Uncomment the following to have Vim load indentation rules and plugins +" according to the detected filetype. +filetype plugin indent on + +" The following are commented out as they cause vim to behave a lot +" differently from regular Vi. They are highly recommended though. +set showcmd " Show (partial) command in status line. +set showmatch " Show matching brackets. +"set ignorecase " Do case insensitive matching +"set smartcase " Do smart case matching +"set incsearch " Incremental search +"set autowrite " Automatically save before commands like :next and :make +"set hidden " Hide buffers when they are abandoned +"set mouse=a " Enable mouse usage (all modes) + +colorscheme slate diff --git a/roles/fai/handlers/main.yml b/roles/fai/handlers/main.yml index d8217e7..818d72a 100644 --- a/roles/fai/handlers/main.yml +++ b/roles/fai/handlers/main.yml @@ -2,6 +2,7 @@ # handlers file for fai - name: "Restart tftp server" + become: true ansible.builtin.service: name: tftpd-hpa state: restarted @@ -9,6 +10,7 @@ listen: restart tftpd - name: "Restarting apt-cacher-ng" + become: true ansible.builtin.service: name: apt-cacher-ng state: restarted @@ -16,41 +18,55 @@ listen: restart apt-cacher-ng - name: "Pack fai configuration" + become: true ansible.builtin.shell: | - tar -C "{{ fai_configdir }}" \ - -cf "{{ fai_download_dir + '/' + fai_profiles_archive }}" . + tar -C "{{ fai_dir_config }}" \ + -cf "{{ fai_dir_download + '/' + fai_config_archive }}" . listen: pack fai-config - name: "Restarting inetd" + become: true ansible.builtin.service: name: inetutils-inetd state: restarted listen: restart inetd - name: "Restarting ntp config" + become: true ansible.builtin.service: name: ntp state: restarted listen: restart ntp - name: "Restarting nginx" + become: true ansible.builtin.service: name: nginx state: restarted listen: restart nginx -- name: "apply iptables rules" +- name: "Apply iptables rules" + become: true ansible.builtin.shell: iptables-restore "/etc/iptables/rules.v4" listen: apply iptables -- name: "restart dhcp" +- name: "Restart dhcp" + become: true ansible.builtin.service: name: isc-dhcp-server state: restarted listen: restart dhcpd +- name: "Restarting unbound" + become: true + ansible.builtin.service: + name: unbound + state: restarted + listen: restart unbound + - name: "Reloading unbound" + become: true ansible.builtin.service: name: unbound state: reloaded - listen: "reload unbound" + listen: reload unbound diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml index 489d44f..303e3c4 100644 --- a/roles/fai/tasks/apt-cacher-ng.yml +++ b/roles/fai/tasks/apt-cacher-ng.yml @@ -1,10 +1,12 @@ - name: "Install apt cacher" + become: True ansible.builtin.package: name: - apt-cacher-ng state: present - name: "Configure apt cacher" + become: True ansible.builtin.copy: content: | CacheDir: /var/cache/apt-cacher-ng @@ -40,6 +42,7 @@ notify: restart apt-cacher-ng - name: "Set ubuntu server as backend" + become: True ansible.builtin.copy: content: | http://archive.ubuntu.com/ubuntu/ @@ -49,12 +52,14 @@ mode: '0644' - name: "Ensure service is started and enabled" + become: True ansible.builtin.service: name: apt-cacher-ng enabled: true state: started - name: "Set apt cache also for installer host" + become: True ansible.builtin.copy: dest: "/etc/apt/apt.conf.d/00proxy" content: | diff --git a/roles/fai/tasks/clonezilla.yml b/roles/fai/tasks/clonezilla.yml new file mode 100644 index 0000000..3eb9e75 --- /dev/null +++ b/roles/fai/tasks/clonezilla.yml @@ -0,0 +1,37 @@ +- name: "Install unzip" + ansible.builtin.package: + name: unzip + state: latest + tags: + - clonezilla + - install_unzip + +- name: "Create clonezilla directory '{{ clonezilla_download_dir }}'" + ansible.builtin.file: + dest: "{{ clonezilla_download_dir }}" + owner: root + group: root + mode: '0755' + state: directory + recurse: yes + tags: + - clonezilla + - clonezilla_dir_create + +- name: "Download clonezilla '{{ clonezilla_version }}'" + ansible.builtin.get_url: + url: "{{ clonezilla_download_url }}" + dest: "{{ clonezilla_download_dir }}" + mode: '0644' + tags: + - clonezilla + - clonezilla_download + +- name: "Unzip clonezilla to '{{ clonezilla_download_dir }}'" + ansible.builtin.shell: + chdir: "{{ clonezilla_download_dir }}" + cmd: unzip "{{ clonezilla_download_dir + '/' + clonezilla_archive }}" + check_mode: no + tags: + - clonezilla + - clonezilla_unzip diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index 3d6f5de..8c83bc2 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -1,29 +1,93 @@ -- name: "Setup repos for fai" - ansible.builtin.copy: - dest: "/etc/fai/apt/sources.list" - content: | - {% if use_apt_cache_for_server %} - deb http://localhost:3142/deb.debian.org/debian buster main contrib non-free - deb http://localhost:3142/security.debian.org/debian-security buster/updates main - deb http://localhost:3142/deb.debian.org/debian/ buster-updates main - deb http://localhost:3142/fai-project.org/download buster koeln - {% else %} - deb http://deb.debian.org/debian buster main contrib non-free - deb http://security.debian.org/debian-security buster/updates main - deb http://deb.debian.org/debian/ buster-updates main - deb http://fai-project.org/download buster koeln - {% endif %} +--- +- name: "Configure '{{ fai_etc_dir }}/fai.conf'" + become: true + ansible.builtin.template: + src: "etc/fai/fai.conf.j2" + dest: "{{ fai_etc_dir }}/fai.conf" mode: '0644' owner: root group: root - register: fai_apt_mirrors + tags: + - fai_conf -- name: "Set loguser" +### "/etc/fai/apt" GETS COPIED TO NFSROOT BY "fai-make-nfsroot" +- name: "Set repositories for nfsroot in '{{ dest }}'" + become: true + vars: + dest: "{{ fai_etc_dir }}/apt/sources.list" ansible.builtin.copy: - dest: "/etc/fai/fai.conf" + content: | + deb http://deb.debian.org/debian {{ debian_release_nfsroot }} main contrib non-free + deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-updates main contrib non-free + deb http://deb.debian.org/debian-security {{ debian_release_nfsroot }}-security main contrib non-free + #deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-backports main contrib non-free + + deb http://deb.debian.org/debian testing main contrib non-free + deb http://deb.debian.org/debian sid main contrib non-free + deb http://deb.debian.org/debian experimental main contrib non-free + # repository that may contain newer fai packages for bullseye + deb http://fai-project.org/download bullseye koeln + dest: "{{ dest }}" mode: '0644' owner: root group: root + tags: + - fai_nfsroot_sources_list + +- name: "Create fai dirs for apt'" + become: true + ansible.builtin.file: + name: "{{ item }}" + state: directory + owner: root + group: root + mode: '0755' + loop: + - "{{ fai_etc_dir }}/apt" + - "{{ fai_etc_dir }}/apt/preferences.d" + +- name: "Set preferences for nfsroot in '{{ dest }}'" + become: true + vars: + dest: "{{ fai_etc_dir }}/apt/preferences.d/zz_releases" + ansible.builtin.copy: content: | - LOGUSER=root - FAI_CONFIGDIR={{ fai_configdir }} + Package: * + Pin: release n={{ debian_release_nfsroot |lower }} + Pin-Priority: 500 + + Package: * + Pin: release n={{ debian_release_nfsroot |lower }}-updates + Pin-Priority: 500 + + Package: * + Pin: release n={{ debian_release_nfsroot |lower }}-backports + Pin-Priority: 490 + + Package: * + Pin: release a=testing + Pin-Priority: 400 + + Package: * + Pin: release n=sid + Pin-Priority: 120 + + Package: * + Pin: release a=experimental + Pin-Priority: 110 + + ### PACKAGES + Package: /^fai-.*/ + Pin: release a=experimental + Pin-Priority: 500 + + Package: /^dracut-?.*/ + Pin: release n=sid + Pin-Priority: 500 + dest: "{{ dest }}" + mode: '0644' + owner: root + group: root + tags: + - fai_nfsroot_sources_preferences + diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index 1d5c405..0205c02 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -1,4 +1,6 @@ +--- - name: "Install package ipxe" + become: True ansible.builtin.package: name: ipxe state: present @@ -6,7 +8,8 @@ - ipxe - ipxe_install -- name: "Copy ipxe" +- name: "Copy iPXE binaries to '{{ tftp_dir }}'" + become: True ansible.builtin.copy: src: "{{ item }}" dest: "{{ tftp_dir }}" @@ -21,6 +24,7 @@ - ipxe_copy - name: "Write ipxe menu" + become: True ansible.builtin.template: src: "menu.ipxe.j2" dest: "{{ tftp_dir }}/menu.ipxe" diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml new file mode 100644 index 0000000..70373f6 --- /dev/null +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -0,0 +1,52 @@ +--- +- name: "Create configuration for nfsroot" + become: true + ansible.builtin.template: + src: "etc/fai/nfsroot.conf.j2" + dest: "{{ fai_etc_dir }}/nfsroot.conf" + owner: root + group: root + mode: '0644' + when: false + +- name: "Test if nfsroot dir '{{ fai_dir_nfsroot }}' already exists" + become: true + ansible.builtin.stat: + path: "{{ fai_dir_nfsroot }}" + register: nfsroot_res + +- name: "fai-make-nfsroot - filesystem, kernel and initrd" + become: true + ansible.builtin.shell: fai-make-nfsroot + when: + - not nfsroot_res.stat.exists + +- name: "fai-make-nfsroot - install packages from '{{ fai_etc_dir }}/NFSROOT'" + become: true + ansible.builtin.shell: fai-make-nfsroot -k + when: + - not nfsroot_res.stat.exists + +- name: "Make basefiles" + become: true + ansible.builtin.shell: + cmd: "{{ fai_dir_config }}/basefiles/mk-basefile -J {{ item }}" + chdir: "{{ fai_dir_basefile }}" + creates: "{{ item }}.tar.xz" + loop: + - "FOCAL64" + - "JAMMY64" + +- name: "Allow '{{ fai_loguser }}' to write to '{{ tftp_dir }}' to ship logs" + become: true + ansible.builtin.file: + path: "{{ tftp_dir }}" + state: directory + owner: "{{ fai_loguser }}" + group: "{{ fai_loguser }}" + mode: '0775' + when: + - fai_loguser is defined + - fai_loguser is not none + - false + diff --git a/roles/fai/tasks/fai-prepare.yml b/roles/fai/tasks/fai-prepare.yml index ce23daa..0f0f221 100644 --- a/roles/fai/tasks/fai-prepare.yml +++ b/roles/fai/tasks/fai-prepare.yml @@ -1,32 +1,22 @@ -- name: "Trust fai key" - ansible.builtin.apt_key: - id: B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4 - url: https://fai-project.org/download/2BF8D9FE074BCDE4.asc - state: present - -- name: "Add fai repo" - ansible.builtin.apt_repository: - repo: deb http://fai-project.org/download {{ debian_release }} koeln - state: present - -- name: "Install all required fai programs" - ansible.builtin.package: +--- +- name: "Install all programs required by FAI" + become: true + ansible.builtin.apt: name: - fai-server + - fai-client + - fai-setup-storage + - fai-doc + #- fai-quickstart + #- fai-nfsroot - squashfs-tools - ipxe - state: present + state: latest + tags: + - fai_packages_install -- name: "Create fai profiles directory" - ansible.builtin.file: - name: "{{ fai_configdir }}" - state: directory - mode: '0755' - owner: root - group: root - recurse: true - -- name: "Create http download directories" +- name: "Create directories" + become: true ansible.builtin.file: name: "{{ item }}" state: directory @@ -34,6 +24,11 @@ owner: root group: root recurse: true - with_items: - - "{{ fai_download_dir }}" - - "{{ ipxe_download_dir }}" + loop: + - "{{ fai_dir_config }}" + - "{{ fai_dir_download }}" + - "{{ fai_dir_basefile }}" + - "{{ ipxe_dir_download }}" + tags: + - fai_create_directories + diff --git a/roles/fai/tasks/fai-profiles.yml b/roles/fai/tasks/fai-profiles.yml index 1b340e3..894d162 100644 --- a/roles/fai/tasks/fai-profiles.yml +++ b/roles/fai/tasks/fai-profiles.yml @@ -1,54 +1,91 @@ -- name: "Create fai dir" +--- +- name: "Create fai-config dir '{{ fai_dir_config }}'" + become: true ansible.builtin.file: - name: "/srv/fai/config" + name: "{{ fai_dir_config }}" state: directory owner: root group: root mode: '0755' -- name: "Copy fai profiles" +- name: "Copy fai profiles to '{{ fai_dir_config }}'" + become: true ansible.builtin.copy: src: "profiles/" - dest: "{{ fai_configdir }}" - user: root + dest: "{{ fai_dir_config }}" + owner: root group: root mode: '0755' - force: yes - recursive: yes + force: true + #recursive: true notify: pack fai-config + when: false + +- name: "Git checkout fai-config to '{{ fai_dir_config }}'" + become: true + ansible.builtin.git: + repo: "{{ fai_config_git }}" + dest: "{{ fai_dir_config }}" + version: 'HEAD' + force: true + #recursive: true + notify: pack fai-config + +- name: "Set filesystem permissions of '{{ fai_dir_config }}'" + become: true + ansible.builtin.file: + path: "{{ fai_dir_config }}" + owner: root + group: root + mode: '0755' + #recursive: true + +- name: "Define FAI classes for BASEFILES" + become: true + ansible.builtin.template: + src: "srv/fai/config/class/BASEFILE.var.j2" + dest: "{{ fai_dir_config + '/class/' + item.basefile + '.var' }}" + owner: root + group: root + mode: '0644' + loop: + - basefile: "JAMMY64" + dist: "jammy" + mirror_url: "{{ ubuntu_mirror_url }}" + - basefile: "FOCAL64" + dist: "focal" + mirror_url: "{{ ubuntu_mirror_url }}" - name: "Set APT proxy" + become: true ansible.builtin.template: - src: fai-profile-00-proxy.yml - dest: "{{ fai_configdir }}/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP" + src: "etc/apt/apt.conf.d/02proxy.j2" + dest: "{{ fai_dir_config }}/files/etc/apt/apt.conf.d/02proxy/HW4F_DESKTOP" + owner: root + group: root + mode: '0644' + notify: pack fai-config + when: false + +- name: "Define fai CLASS 'HW4F_DESKTOP'" + become: true + ansible.builtin.template: + src: "srv/fai/config/class/HW4F_DESKTOP.var" + dest: "{{ fai_dir_config }}/class/HW4F_DESKTOP.var" owner: root group: root mode: '0644' notify: pack fai-config -- name: "Set fai provision vars for HW4F profile" +- name: "Set default menu entry to profile" + become: true ansible.builtin.copy: content: | - ### CONFIGURE TIME - UTC=yes - TIMEZONE=Europe/Berlin - - ### INSTALL PARAMETERS - STOP_ON_ERROR=700 - MAXPACKAGES=800 - - KEYMAP=de-latin1-nodeadkeys - - ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512")}}' - - # START USER AND PASSWORD - username={{ fai_hw4f_profile_username }} - USERPW='{{ fai_hw4f_profile_password |password_hash("sha512")}}' - - SUPRESS_GNOME_INITIAL_SCREEN=1 - dest: "{{ fai_configdir }}/class/HW4F_DESKTOP.var" + Default: {{ fai_menu_default }} + dest: "{{ fai_dir_config + '/class/zz_menu_default.profile' }}" owner: root group: root mode: '0644' - notify: pack fai-config - + when: + - fai_menu_default is defined + - fai_menu_default is not none diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index 14444b5..4618303 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -1,30 +1,34 @@ -- name: "Find linux kernel images" +--- +- name: "Find linux kernel images in '{{ fai_dir_nfsroot_boot }}'" ansible.builtin.find: - paths: "/srv/fai/nfsroot/boot" + paths: "{{ fai_dir_nfsroot_boot }}" patterns: "vmlinuz-*" register: fai_live_vmlinuz tags: - ipxe -- name: "Find linux initial ram-disks" +- name: "Find linux initial ram-disks in '{{ fai_dir_nfsroot_boot }}'" ansible.builtin.find: - paths: "/srv/fai/nfsroot/boot" + paths: "{{ fai_dir_nfsroot_boot }}" patterns: "initrd.img-*" register: fai_live_initrd tags: - ipxe -- name: "Manipulate file pathes" +- name: "Extract basenames of 'fai_live_vmlinuz' 'fai_live_initrd'" ansible.builtin.set_fact: - fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}" - fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}" + #fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}" + #fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}" + fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path | basename }}" + fai_live_initrd: "{{ fai_live_initrd.files[0].path | basename }}" tags: - ipxe -- name: "Copy linux kernel and initrd to tftp root" +- name: "Copy linux kernel and initrd to ipxe root '{{ ipxe_dir_download }}'" + become: true ansible.builtin.copy: - src: "/srv/fai/nfsroot/boot/{{ item }}" - dest: "{{ ipxe_download_dir + '/' + item }}" + src: "{{ fai_dir_nfsroot_boot + '/' + item }}" + dest: "{{ ipxe_dir_download + '/' + item }}" owner: root group: root mode: '0544' @@ -32,28 +36,41 @@ with_items: - "{{ fai_live_vmlinuz }}" - "{{ fai_live_initrd }}" + tags: + - ipxe -- name: "Check for generated squashfs image" +- name: "Check for generated squashfs image in '{{ fai_squashfs_path }}'" ansible.builtin.stat: path: "{{ fai_squashfs_path }}" - register: squash_img + register: squashfs + tags: + - ipxe + - fai_squashfs_stat - name: "Generate a downloadable squashfs of root filesystem" - shell: "fai-cd -f -M -S {{ fai_squashfs_path }} -d {{ http_mirror_fai_profiles_url }}" + become: true + ansible.builtin.shell: > + fai-cd -f -M -S "{{ fai_squashfs_path }}" + -d "{{ http_mirror_fai_profiles_url }}" when: - - not squash_img.stat.exists + - not squashfs.stat.exists + tags: + - ipxe + - fai_squashfs_generate -- name: "Copy additional files" +- name: "Copy additional files to '{{ ipxe_dir_download }}'" + become: true ansible.builtin.copy: src: "{{ item.value.files + '/' }}" - dest: "{{ ipxe_download_dir + '/' + item.key }}" + dest: "{{ ipxe_dir_download + '/' + item.key }}" mode: push - force: yes - recursive: yes + force: true + recursive: true loop: "{{ ipxe_additional_entries |dict2items }}" when: - item.value.files is defined - item.value.files|length tags: + - ipxe - copy_additional_files diff --git a/roles/fai/tasks/fai-root.yml b/roles/fai/tasks/fai-root.yml deleted file mode 100644 index 1c16508..0000000 --- a/roles/fai/tasks/fai-root.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: "Create configuration for nfsroot" - ansible.builtin.copy: - dest: "/etc/fai/nfsroot.conf" - content: | - # For a detailed description see nfsroot.conf(5) - - # " " for debootstrap - FAI_DEBOOTSTRAP="{{ debian_release }} http://localhost:3142/debian" - FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' - - NFSROOT=/srv/fai/nfsroot - TFTPROOT={{ tftp_dir }} - NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/ - FAI_DEBOOTSTRAP_OPTS="--exclude=wget" - - # Configuration space - FAI_CONFIGDIR=/srv/fai/config - owner: root - group: root - mode: '0644' - -- name: "Test nfsroot exists" - ansible.builtin.stat: - path: "/srv/fai/nfsroot" - register: nfsroot_res - -- name: "Generate root filesystem, kernel and initrd" - ansible.builtin.shell: fai-make-nfsroot - when: - - not nfsroot_res.stat.exists diff --git a/roles/fai/tasks/isc-dhcp-server.yml b/roles/fai/tasks/isc-dhcp-server.yml index 10dcd21..8d61d74 100644 --- a/roles/fai/tasks/isc-dhcp-server.yml +++ b/roles/fai/tasks/isc-dhcp-server.yml @@ -1,73 +1,41 @@ - name: "Install dhcpd" + become: true ansible.builtin.package: name: - isc-dhcp-server - state: present + state: latest + tags: + - dhcp_install - name: "Configure dhcp server" - ansible.builtin.copy: - content: | - option dhcp-max-message-size 2048; - use-host-decl-names on; - - option architecture-type code 93 = unsigned integer 16; - - subnet {{ server_net }}.0 netmask {{ server_netmask }} { - range {{ server_net }}.10 {{ server_net }}.250; - default-lease-time 6000; - max-lease-time 7200; - - option routers {{ routers |default([server_ip]) |join(', ') }}; - option domain-name "{{ domain_name }}"; - option domain-name-servers {{ nameservers |default([server_ip]) |join(', ') }}; - option time-servers {{ timeservers |default([server_ip]) |join(', ') }}; - option ntp-servers {{ timeservers |default([server_ip]) |join(', ') }}; - server-name {{ server_name }}; - next-server {{ server_ip }}; - interface {{ dhcp_interface }}; - - allow booting; - allow bootp; - - class "pxeclients" { - match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; - - if exists user-class and option user-class = "iPXE" { - filename "menu.ipxe"; - } else { - if option architecture-type = 00:09 { - filename "ipxe.efi"; - } elsif option architecture-type = 00:07 { - filename "ipxe.efi"; - } elsif option architecture-type = 00:06 { - filename "ipxe.efi"; - } else { - filename "ipxe.pxe"; - } - } - } - } + become: true + ansible.builtin.template: + src: "etc/dhcp/dhcpd.conf" dest: "/etc/dhcp/dhcpd.conf" mode: '0644' owner: root group: root validate: dhcpd -t -cf %s notify: restart dhcpd - tags: dhcp_configure + tags: + - dhcp_configure -- name: "Set dhcp server interface" - ansible.builtin.copy: - content: | - INTERFACESv4="{{dhcp_interface}}" - INTERFACESv6="" +- name: "Set dhcp server defaults (interface)" + become: true + ansible.builtin.template: + src: "etc/default/isc-dhcp-server" dest: "/etc/default/isc-dhcp-server" mode: '0644' owner: root group: root notify: restart dhcpd + tags: + - dhcp_defaults -- name: "Start dhcp server" +- name: "Start and enable dhcp server" + become: true ansible.builtin.service: name: isc-dhcp-server - state: started enabled: true + tags: + - dhcp_enable diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index f8c5b90..4fc06af 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -1,54 +1,83 @@ --- # tasks file for fai -- fail: +- name: "Fail if 'dhcp_interface' is undefined" + fail: msg: | Please specify the NIC serving FAI in variable 'dhcp_interface' (e.g. eth1) when: - not dhcp_interface is defined -- name: "Setup apt proxy cache" - include: sudo.yml +- name: "Check packages" + package_facts: + manager: auto + +- name: "Debug host_vars" + debug: + var: hostvars + verbosity: 1 + tags: + - debug_hostvars + +- name: "Configure operating system" + include_tasks: os.yml tags: - ansible_nopasswd +- name: "Configure networking" + include_tasks: network.yml + tags: + - network + +- name: "Configure package management" + include_tasks: package_mgmt.yml + tags: + - package_mgmt + - name: "Setup apt proxy cache" - become: True - include: apt-cacher-ng.yml + include_tasks: apt-cacher-ng.yml - name: "Configure a time server" - become: True - include: time-server.yml + include_tasks: time-server.yml -- name: "Configure a web server" - become: True - include: nginx.yml +- name: "Configure the web server" + include_tasks: nginx.yml -- name: "Configure tftp" - become: True - include: tftpd-hpa.yml +- name: "Configure the tftp server" + include_tasks: tftpd-hpa.yml - name: "Configure dns server" - become: True - include: unbound.yml + include_tasks: unbound.yml + tags: + - unbound -- name: "Configure nic" - become: True - include: network.yml +- name: "Configure dhcp" + include_tasks: isc-dhcp-server.yml + tags: + - dhcp -- name: "Setup dhcp" - become: True - include: isc-dhcp-server.yml +### RUN ALL SO FAR NOTIFIED HANDLERS NOW +- name: "######## Flush handlers ########" + ansible.builtin.meta: flush_handlers -- include: fai-prepare.yml - become: True -- include: fai-configure.yml - become: True -- include: fai-profiles.yml - become: True -- include: fai-root.yml - become: True -- include: fai-pxe.yml - become: True -- include: fai-ipxe.yml - become: True +- name: "Prepare FAI" + include_tasks: fai-prepare.yml + tags: + - fai_prepare + +- name: "Configure FAI" + include_tasks: fai-configure.yml + tags: + - fai_configure + +- name: "Transfer FAI profiles" + include_tasks: fai-profiles.yml + +- name: "Create FAI root" + include_tasks: fai-nfsroot.yml + +- name: "Configure FAI PXE" + include_tasks: fai-pxe.yml + +- name: "Configure FAI iPXE" + include_tasks: fai-ipxe.yml diff --git a/roles/fai/tasks/network.yml b/roles/fai/tasks/network.yml index 2c156f5..a6566ec 100644 --- a/roles/fai/tasks/network.yml +++ b/roles/fai/tasks/network.yml @@ -1,40 +1,42 @@ --- - name: "Install networking packages" + become: true ansible.builtin.package: name: - iptables - iptables-persistent - ifupdown - state: present - -- name: "Ensure systemd-resolved is stopped and disabled" - service: - name: systemd-resolved - enabled: false - state: stopped + state: latest + tags: + - network_packages_install - name: "Write config for lan interface" + become: true ansible.builtin.copy: content: | - auto {{ dhcp_interface }} allow-hotplug {{ dhcp_interface }} iface {{ dhcp_interface }} inet static address {{ server_ip }} - netmask {{ server_netmask }} dest: "/etc/network/interfaces.d/{{ dhcp_interface }}" owner: root group: root mode: 0644 register: dhcp_iface_config + tags: + - network_ - name: "Restart lan interface" + become: true ansible.builtin.shell: | ifdown --force {{ dhcp_interface }} || true ifup {{ dhcp_interface }} when: - dhcp_iface_config.changed + tags: + - network_iface_restart -- name: "Enable permantent masquerading for ipv4" +- name: "Enable masquerading for ipv4 permanently" + become: true ansible.builtin.copy: content: | *nat @@ -46,11 +48,16 @@ COMMIT dest: "/etc/iptables/rules.v4" notify: apply iptables + tags: + - network_masquerade -- name: "Enable ip forwarding" +- name: "Enable IP forwarding" + become: true ansible.builtin.sysctl: name: net.ipv4.ip_forward value: '1' - sysctl_set: yes + sysctl_set: true state: present - reload: yes + reload: true + tags: + - network_ip_forward diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index 4f30d8a..049fe48 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -1,4 +1,5 @@ - name: "Install nginx" + become: true ansible.builtin.package: name: - nginx-light @@ -8,23 +9,9 @@ - nginx_install - name: "Configure http server" - ansible.builtin.copy: - content: | - server { - listen 80 default_server; - listen [::]:80 default_server; - root {{ nginx_root }}; - index index.html; - server_name _; - - location /{{ http_mirror_ipxe_path_prefix }} { - autoindex on; - } - - location /{{ http_mirror_fai_path_prefix }} { - autoindex on; - } - } + become: true + ansible.builtin.template: + src: "etc/nginx/sites-available/default_server.conf.j2" dest: "{{ nginx_site_available }}" mode: '0644' owner: root @@ -35,6 +22,7 @@ - nginx_site_available - name: "Check nginx availability of '{{ nginx_site_available }}'" + become: true ansible.builtin.stat: path: "{{ nginx_site_available }}" register: nginx_site_available_stat @@ -43,15 +31,32 @@ - nginx_site_available_stat - name: "Debug variable 'nginx_site_available_stat'" + become: true ansible.builtin.debug: var: nginx_site_available_stat + verbosity: 2 when: - nginx_site_available_stat.stat is defined tags: - nginx - nginx_site_available_stat +- name: "Disable default site" + become: true + ansible.builtin.file: + dest: "{{ nginx_site_default }}" + state: absent + when: + - nginx_site_available_stat.stat.exists is defined + - nginx_site_available_stat.stat.exists + - nginx_site_available_stat.stat.isreg + notify: restart nginx + tags: + - nginx + - nginx_site_disable_default + - name: "Enable nginx site '{{ nginx_site_available }}'" + become: true ansible.builtin.file: src: "{{ nginx_site_available }}" dest: "{{ nginx_site_enabled }}" @@ -66,20 +71,9 @@ - nginx_site_enable - name: "Place info site" - ansible.builtin.copy: - content: | - - - Hardware for Future - PXE Environment - - -

This mirror is part of the project - - Hardware for Future -

-

Restart the computer and boot into PXE to install Ubuntu.

- - + become: true + ansible.builtin.template: + src: "var/www/html/index.html.j2" dest: "{{ nginx_root }}/index.html" mode: "0644" owner: root @@ -89,6 +83,7 @@ - nginx_html - name: "Ensure http server is running" + become: true ansible.builtin.service: name: nginx state: started diff --git a/roles/fai/tasks/os.yml b/roles/fai/tasks/os.yml new file mode 100644 index 0000000..296b548 --- /dev/null +++ b/roles/fai/tasks/os.yml @@ -0,0 +1,72 @@ +### OPERATING SYSTEM CONFIGURATION + +- name: "Debug conditions" + ansible.builtin.debug: + var: item + verbosity: 2 + loop: + - "{{ ansible_nopasswd }}" + - "{{ ansible_user_id }}" + tags: + - ansible_nopasswd + +- name: "Allow ansible user to use sudo without password (only for testing)" + become: true + ansible.builtin.template: + src: "sudoers.d/ansible.jn2" + dest: "/etc/sudoers.d/ansible" + owner: root + group: root + mode: '0440' + lstrip_blocks: true + backup: no + validate: /usr/sbin/visudo -cf %s + when: + - ansible_nopasswd + - ansible_user_id != "root" + tags: + - ansible_nopasswd + +- name: "Make sure to remove sudo without password (only for testing)" + become: true + ansible.builtin.file: + path: "/etc/sudoers.d/ansible" + state: absent + when: not ansible_nopasswd + tags: + - ansible_nopasswd + +- name: "Configure bashrc" + become: true + ansible.builtin.copy: + src: "bashrc" + dest: "/root/.bashrc" + owner: root + group: root + mode: '0644' + tags: + - bashrc + +- name: "Configure global vimrc.local" + become: true + ansible.builtin.copy: + src: "vimrc.local" + dest: "/etc/vim/vimrc.local" + owner: root + group: root + mode: '0644' + tags: + - vimrc.local + +- name: "Install essential packages" + become: true + vars: + distrib: "{{ ansible_distribution|lower }}" + package: + name: '{{ package_set.core[distrib].standard }}' + state: present + update_cache: False + ### ONLY A SET FOR DEBIAN/UBUNTU HAS BEEN DEFINED YET + when: ansible_facts['os_family'] == "Debian" + tags: + - packages diff --git a/roles/fai/tasks/package_mgmt.yml b/roles/fai/tasks/package_mgmt.yml new file mode 100644 index 0000000..dc05875 --- /dev/null +++ b/roles/fai/tasks/package_mgmt.yml @@ -0,0 +1,48 @@ +- name: "Install gpg" + become: true + ansible.builtin.package: + name: "gpg" + state: present + tags: + - gpg_install + +- name: "Trust fai key" + become: true + ansible.builtin.apt_key: + id: "B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4" + url: "https://fai-project.org/download/2BF8D9FE074BCDE4.asc" + state: present + tags: + - fai_repo_key_install + +- name: "Add repositories" + become: true + ansible.builtin.apt_repository: + repo: "{{ item.repo }}" + filename: "{{ item.filename | default(omit) }}" + state: present + tags: + - fai_repo + loop: "{{ repos }}" + +- name: "Remove sources.list" + become: true + vars: + paths: + - "/etc/apt/sources.list" + - "/etc/apt/sources.list~" + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: "{{ paths }}" + +- name: "Add preferences" + become: true + ansible.builtin.template: + src: "etc/apt/preferences.d/pinning.j2" + dest: "/etc/apt/preferences.d/zz_releases" + owner: root + group: root + mode: "0644" + tags: + - fai_repo diff --git a/roles/fai/tasks/sudo.yml b/roles/fai/tasks/sudo.yml deleted file mode 100644 index 36ef51c..0000000 --- a/roles/fai/tasks/sudo.yml +++ /dev/null @@ -1,37 +0,0 @@ -### OPERATING SYSTEM CONFIGURATION - -- name: "Debug conditions" - debug: - var: item - loop: - - "{{ ansible_nopasswd }}" - - "{{ ansible_user_id }}" - tags: - - ansible_nopasswd - -- name: "Allow ansible user to use sudo without password (only for testing)" - become: true - template: - src: sudoers.d/ansible.jn2 - dest: "/etc/sudoers.d/ansible" - owner: root - group: root - mode: '0440' - lstrip_blocks: true - backup: no - validate: /usr/sbin/visudo -cf %s - when: - - ansible_nopasswd - - ansible_user_id != "root" - tags: - - ansible_nopasswd - -- name: "Make sure to remove sudo without password (only for testing)" - become: true - file: - path: "/etc/sudoers.d/ansible" - state: absent - when: not ansible_nopasswd - tags: - - ansible_nopasswd - diff --git a/roles/fai/tasks/tftpd-hpa.yml b/roles/fai/tasks/tftpd-hpa.yml index a6dc44c..9421c3f 100644 --- a/roles/fai/tasks/tftpd-hpa.yml +++ b/roles/fai/tasks/tftpd-hpa.yml @@ -1,10 +1,12 @@ - name: "Install tftp server" + become: True ansible.builtin.package: name: - tftpd-hpa state: present - name: "Create tftp fai directory" + become: True ansible.builtin.file: name: "{{ tftp_dir }}" state: directory @@ -14,6 +16,7 @@ recurse: true - name: "Configure tftp server" + become: True ansible.builtin.copy: dest: "/etc/default/tftpd-hpa" content: | @@ -27,6 +30,7 @@ notify: restart tftpd - name: "Start tftp daemon" + become: True ansible.builtin.service: name: tftpd-hpa state: started diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml index 86c9b83..1b3eace 100644 --- a/roles/fai/tasks/time-server.yml +++ b/roles/fai/tasks/time-server.yml @@ -1,14 +1,16 @@ -- name: "Install inetd and ntp" +- name: "Install inetd" + become: true ansible.builtin.package: name: - inetutils-tools - inetutils-inetd - - ntp - state: present + state: latest + tags: + - inetd - name: "Configure rdate for inetd" + become: true ansible.builtin.lineinfile: - path: "/etc/inetd.conf" create: yes line: 'time stream tcp nowait root internal' dest: "/etc/inetd.conf" @@ -16,39 +18,44 @@ group: root mode: '0644' notify: restart inetd + tags: + - inetd + - rdate - name: "Start inetd" + become: true ansible.builtin.service: name: inetutils-inetd state: started enabled: true + tags: + - inetd + - inetd_enable + +- name: "Uninstall conflicting 'systemd-timesyncd'" + become: true + ansible.builtin.apt: + name: + - systemd-timesyncd + state: absent + tags: + - inetd + when: + - "'systemd-timesyncd' in ansible_facts.packages" + +- name: "Install inetd" + become: true + ansible.builtin.apt: + name: + - ntp + state: latest + tags: + - inetd - name: "Configure ntp server" - ansible.builtin.copy: - content: | - driftfile /var/lib/ntp/ntp.drift - - leapfile /usr/share/zoneinfo/leap-seconds.list - statistics loopstats peerstats clockstats - - filegen loopstats file loopstats type day enable - filegen peerstats file peerstats type day enable - filegen clockstats file clockstats type day enable - - pool 0.debian.pool.ntp.org iburst - pool 1.debian.pool.ntp.org iburst - pool 2.debian.pool.ntp.org iburst - pool 3.debian.pool.ntp.org iburst - - restrict -4 default kod notrap nomodify nopeer noquery limited - restrict -6 default kod notrap nomodify nopeer noquery limited - - # Local users may interrogate the ntp server more closely. - restrict 127.0.0.1 - restrict {{server_net}}.0/24 - restrict ::1 - - restrict source notrap nomodify noquery + become: true + ansible.builtin.template: + src: "etc/ntp.conf" dest: "/etc/ntp.conf" mode: '0644' owner: root @@ -56,6 +63,7 @@ notify: restart ntp - name: "Start and enable ntp daemon" + become: true ansible.builtin.service: name: ntp state: started diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml index 3841989..14fb3c7 100644 --- a/roles/fai/tasks/unbound.yml +++ b/roles/fai/tasks/unbound.yml @@ -1,28 +1,80 @@ -- name: "Install unbound server" +- name: "Ensure systemd-resolved is stopped and disabled" + service: + name: systemd-resolved + enabled: false + state: stopped + tags: + - systemd-resolved_disable + when: + - "'systemd-resolved' in ansible_facts.packages" + +- name: "Install DNS - unbound server" + become: true ansible.builtin.package: name: unbound - state: present + state: latest + tags: + - unbound_install -- name: "Configure DNS" - ansible.builtin.copy: - content: | - server: - access-control: {{ server_net }}.0/{{ server_netbits }} allow - private-domain: "{{ domain_name }}" - domain-insecure: "{{ domain_name }}" +- name: "Configure DNS - remote control" + become: true + ansible.builtin.template: + src: "etc/unbound/unbound.conf.d/remote.conf" + dest: "/etc/unbound/unbound.conf.d/remote.conf" + mode: '0644' + owner: root + group: root + validate: "unbound-checkconf %s" + notify: restart unbound + tags: + - unbound_configure + when: + - false - interface: 0.0.0.0 - - local-zone: "{{ domain_name }}." static - local-data: "{{ server_name }}.{{ domain_name }}. IN A {{ server_ip }}" +- name: "Configure DNS - zone '{{ domain_name }}'" + become: true + ansible.builtin.template: + src: "etc/unbound/unbound.conf.d/fai.conf" dest: "/etc/unbound/unbound.conf.d/fai.conf" mode: '0644' owner: root group: root - notify: reload unbound + validate: "unbound-checkconf %s" + notify: restart unbound + tags: + - unbound_configure -- name: "Ensure unbound is enabled and running" +- name: "Configure DNS - disable IPv6 to avoid trouble with vagrant" + become: true + ansible.builtin.copy: + content: | + server: + ### DISABLE BIND TO IPV6 TO AVOID TROUBLE WITH VAGRANT + do-ip6: no + dest: "/etc/unbound/unbound.conf.d/ipv6_disabled.conf" + mode: '0644' + owner: root + group: root + validate: "unbound-checkconf %s" + notify: restart unbound + tags: + - unbound_configure + +- name: "Start and enable unbound" + become: true ansible.builtin.service: name: unbound - state: started enabled: true + state: started + tags: + - unbound_enable + +- name: > + "Sleep for '{{wait_timeout_unbound }}' seconds + then run handlers to restart unbound" + vars: + wait_timeout_unbound: 3 + wait_for: + timeout: "{{ wait_timeout_unbound }}" + delegate_to: localhost + when: false diff --git a/roles/fai/templates/etc/apt/preferences.d/pinning.j2 b/roles/fai/templates/etc/apt/preferences.d/pinning.j2 new file mode 100644 index 0000000..8a33974 --- /dev/null +++ b/roles/fai/templates/etc/apt/preferences.d/pinning.j2 @@ -0,0 +1,16 @@ +{% for repo in repos %} +{% if repo.preferences is defined %} +{% for pref in repo.preferences %} +Package: {{ pref.package | lower }} +Pin: +{%- if pref.release_name is defined and pref.release_name is not none %} + release n={{ pref.release_name | lower }} +{% endif %} +{%- if pref.suite is defined and pref.suite is not none %} + release a={{ pref.suite | lower }} +{% endif %} +Pin-Priority: {{ pref.pin_priority }} + +{% endfor %} +{% endif %} +{% endfor %} diff --git a/roles/fai/templates/etc/default/isc-dhcp-server b/roles/fai/templates/etc/default/isc-dhcp-server new file mode 100644 index 0000000..708eb8c --- /dev/null +++ b/roles/fai/templates/etc/default/isc-dhcp-server @@ -0,0 +1,28 @@ +# Defaults for isc-dhcp-server initscript + +# sourced by /etc/init.d/isc-dhcp-server +# installed at /etc/default/isc-dhcp-server by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf + +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). +#DHCPDv4_PID=/var/run/dhcpd.pid +#DHCPDv6_PID=/var/run/dhcpd6.pid + +# Additional options to start dhcpd with. +# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead +#OPTIONS="" + +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? +# Separate multiple interfaces with spaces, e.g. "eth0 eth1". +#INTERFACESv4="" +#INTERFACESv6="" +INTERFACESv4="{{ dhcp_interface }}" +INTERFACESv6="" + diff --git a/roles/fai/templates/etc/dhcp/dhcpd.conf b/roles/fai/templates/etc/dhcp/dhcpd.conf new file mode 100644 index 0000000..da124d6 --- /dev/null +++ b/roles/fai/templates/etc/dhcp/dhcpd.conf @@ -0,0 +1,61 @@ +option dhcp-max-message-size 2048; +use-host-decl-names on; + +option architecture-type code 93 = unsigned integer 16; + +subnet {{ server_network + ' netmask ' + + server_netmask }} { + range {{ server_network_prefix | ipaddr(10) | ipaddr('address') + ' ' + + server_network_prefix | ipaddr(250) | ipaddr('address') }}; + default-lease-time 6000; + max-lease-time 7200; + + option routers {{ routers | default([server_address]) | join(', ') }}; + option domain-name "{{ domain_name }}"; + option domain-name-servers {{ nameservers | default([server_address]) | join(', ') }}; + option time-servers {{ timeservers | default([server_address]) | join(', ') }}; + option ntp-servers {{ ntpservers | default([server_address]) | join(', ') }}; + server-name {{ server_name }}; + next-server {{ server_address }}; + interface {{ dhcp_interface }}; + + allow booting; + allow bootp; + + ## PXE boot handling: support UEFI + ## https://www.syslinux.org/wiki/index.php?title=PXELINUX#UEFI + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + + if exists user-class and option user-class = "iPXE" { + filename "menu.ipxe"; + } else { + if option architecture-type = 00:06 { + filename "ipxe.efi"; + } elsif option architecture-type = 00:07 { + filename "ipxe.efi"; + } elsif option architecture-type = 00:09 { + filename "ipxe.efi"; + } else { + filename "ipxe.pxe"; + } + } + + #### merged with something else that doesn't require "architecture type code 93" + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" { + # filename "pxelinux.0"; + ## needs ldlinux.c32 + #} + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006" { + # filename "syslinux32.efi"; + ## needs ldlinux.e32 + #} + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007" { + # filename "syslinux64.efi"; + ## needs ldlinux.e64 + #} + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009" { + # filename "syslinux64.efi"; + #} + } +} diff --git a/roles/fai/templates/etc/fai/fai.conf.j2 b/roles/fai/templates/etc/fai/fai.conf.j2 new file mode 100644 index 0000000..3fde673 --- /dev/null +++ b/roles/fai/templates/etc/fai/fai.conf.j2 @@ -0,0 +1,84 @@ +# See fai.conf(5) for detailed information. + +# This variable defines how to access the configuration space. +# It defines the protocol, the server and the location of the config space. +# For an initial installation of a client this variable is defined by using fai-chboot(8). +# If you do a fai softupdate, you can set the value in /etc/fai/fai.conf or by using the option --cspace. +# +# The following protocols and URL schemes are currently supported: +# NFS: nfs://[server]/ +# If the server is not specified, FAI tries to extract the server name from the nfsroot mount. +# Example: nfs://faiserver/srv/fai/config +# +# Local directory: file:// +# The directory has to be an absolute path. +# So, this URL always starts with three slashes like this: file:/// +# +# CVS: cvs[+ssh]://@/ [=] +# The config space is received from a cvs checkout. +# +# Subversion: svn[+(file|http|https|ssh)]://[@]/ +# The config space checked out from a subversion repository using several protocol variants. +# Checkouts without a user name are also supported. +# +# Git: git[+]:// +# You can specify the branch by adding # without a whitspace before the #. +# Example: git+ssh:://user@servername/srv/git/..../fai.git#branchname +# The config space checked out from a git repository, host can be empty. +# Also supported is git+http. +# +# Mercurial: hg+(http|https):// +# +# HTTP: (http|https|scp|sftp):/// where is a (compressed) tar archive. +# The config space will be downloaded from the given location via the specified protocol. +# will be extracted by ftar(8), and thus needs to have a recognized suffix, such as .tar.gz or tar.xz. +#FAI_CONFIG_SRC= + +# Account name on the install server to save log files and call +# fai-chboot(8). +# At the end of an installation, fai(8) may connect to the install server using FAI_LOGPROTO (see below) +# to store the generated log files and to change the network boot configuration of the target host. +# By default calling fai-setup(8) will set up ssh access for LO‐ +# GUSER so the install client can save the log files onto the server. +# +# This will not be passed onto the fai clients. +# To enable this on the fai clients check /srv/fai/config/class/FAIBASE.var +# to activate the transfer of logfiles to the server. +# +# This account should have write permissions for /srv/tftp/fai. +# For example, you can use write permissions for the group linuxadm. +# chgrp linuxadm /srv/tftp/fai;chmod g+w /srv/tftp/fai. +# If the variable is undefined, this feature is disabled. +{% if fai_loguser is defined %} +LOGUSER={{ fai_loguser }} +{% else %} +### DISABLE LOG UPLOAD +LOGUSER= +{% endif %} + +# Protocol for saving logs +# Supported values are: ssh (default), rsh, ftp and none. +# This will only be used if also LOGUSER is set. +# ssh: Use the scp command to copy the log files to the log server. +# rsh: Use the rcp command to copy the log files to the log server. +# ftp: This option saves logs to the remote FTP server defined by the $LOGSERVER variable ($SERVER value is used if not set). +# Connection to the FTP server is done as user $LOGUSER using password $LOGPASSWD. +# The FTP server log directory is defined in $LOGREMOTEDIR. +# These variables +# are also defined in file server. +# All files in the directory /tmp/fai are copied to the FTP server following this example: +# ftp://$LOGUSER:$LOGPASSWD@$LOGSERVER/$LOGREMOTEDIR/ +# none: Don't save the log files to the install server. +# FAI_LOGPROTO=ssh + +# Access Debian mirror via NFS-mounted directory +# If defined, FAI mounts the NFS share to $MNTPOINT during installation. +# Example: installserver:/srv/debianmirror +# FAI_DEBMIRROR= + +# The port to which FAI sents messages, if the fai-monitor is running. +# Default to 4711. +# See also fai-monitor(8). +# This variable has to be set inside the nfsroot before the configuration space is available. +# FAI_MONITOR_PORT=4711 + diff --git a/roles/fai/templates/etc/fai/nfsroot.conf.j2 b/roles/fai/templates/etc/fai/nfsroot.conf.j2 new file mode 100644 index 0000000..cbf94f5 --- /dev/null +++ b/roles/fai/templates/etc/fai/nfsroot.conf.j2 @@ -0,0 +1,61 @@ +# For a detailed description see nfsroot.conf(5) + +# Two or three parameters for debootstrap(8), space separated. +# Debootstrap is called as the first part of fai-make-nfsroot unless -B is used. +# This variable defines SUITE and MIRROR for debootstrap. +# The third parameter is the name of the bootstrap script variant to use. +# Example: +# FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="{{ debian_release_nfsroot }} http://localhost:3142/debian" + +# Options that will be passed to debootstrap(8). +# Used for excluding packages and for specifying a different architecture. +FAI_DEBOOTSTRAP_OPTS="--exclude=wget" + +# The encrypted root password on all install clients during the installation process. +# Used when log in via ssh. +# This is not the password for the new installed system. +# Example: +# +# FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' # pw is fai +# +# Use mkpasswd, htpasswd or md5pass for generating the password hash. +# +# echo "yoursecrectpassword" | mkpasswd -m md5 -s + +#FAI_ROOTPW="{{ fai_hw4f_rootpw_fai |password_hash("sha512") }}" +FAI_ROOTPW='$y$j9T$9Gpl96oNFKz9us5aM5iCb.$v/JHwnHRfaxMCPK/nsxu.DAmoGB1hlgRQBDIxTeMd9/' + +# Directory on the install server where the nfsroot is created. +NFSROOT="{{ fai_dir_nfsroot }}" + +# Directory of hooks to be sourced at the end of fai-make-nfsroot, +# i.e. they have to be shell scripts. +NFSROOT_HOOKS="{{ fai_etc_dir }}/nfsroot-hooks" + +# IP address of the NFS server for the rootfs if not on the DHCP server. +# This is only used by fai-chboot to work around dracut's DHCP handling +# which prefers the DHCP server's IP address above all other DHCP options. +# NFSROOT_SERVER= + +# This multiline variable is added to /etc/hosts inside the nfsroot. +# You can use this when DNS is not available on the clients. +# Example: +# NFSROOT_ETC_HOSTS="192.168.33.250 faiserver" + +# Directory on the install server for the tftp data, used by PXE network boot. +TFTPROOT="{{ tftp_dir }}" + +# Location of the configuration space on the install server. +# Used by fai-cd(8), fai-mirror(1) and fai-setup(8). +FAI_CONFIGDIR="{{ fai_dir_config }}" + +# Used to specify the interface when detecting the subnet for the exportfs line. +# Only needed when the install server has multiple interfaces. +# SERVERINTERFACE= + +# Location of a ssh public key file. +# This user can log into the install clients in as root without a password. +# Only useful with FAI_FLAGS="sshd". Example: +# SSH_IDENTITY=/home/admin/.ssh/id_rsa.pub + diff --git a/roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 b/roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 new file mode 100644 index 0000000..3f81cfb --- /dev/null +++ b/roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 @@ -0,0 +1,15 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + root {{ nginx_root }}; + index index.html; + server_name _; + + location /{{ http_mirror_ipxe_path_prefix }}/ { + autoindex on; + } + + location /{{ http_mirror_fai_path_prefix }}/ { + autoindex on; + } +} diff --git a/roles/fai/templates/etc/ntp.conf b/roles/fai/templates/etc/ntp.conf new file mode 100644 index 0000000..d493e05 --- /dev/null +++ b/roles/fai/templates/etc/ntp.conf @@ -0,0 +1,23 @@ +driftfile /var/lib/ntp/ntp.drift + +leapfile /usr/share/zoneinfo/leap-seconds.list +statistics loopstats peerstats clockstats + +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +pool 0.debian.pool.ntp.org iburst +pool 1.debian.pool.ntp.org iburst +pool 2.debian.pool.ntp.org iburst +pool 3.debian.pool.ntp.org iburst + +restrict -4 default kod notrap nomodify nopeer noquery limited +restrict -6 default kod notrap nomodify nopeer noquery limited + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict {{ server_network_prefix }} +restrict ::1 + +restrict source notrap nomodify noquery diff --git a/roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf b/roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf new file mode 100644 index 0000000..0930ebe --- /dev/null +++ b/roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf @@ -0,0 +1,11 @@ +server: + #verbosity: 2 + access-control: {{ server_network_prefix }} allow + private-domain: "{{ domain_name }}" + domain-insecure: "{{ domain_name }}" + + interface: 0.0.0.0 + + local-zone: "{{ domain_name }}." static + local-data: "{{ server_name + '.' + domain_name + '. IN A ' + server_address }}" + diff --git a/roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf b/roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf new file mode 100644 index 0000000..51055f8 --- /dev/null +++ b/roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf @@ -0,0 +1,24 @@ +remote-control: + # Enable remote control with unbound-control(8) here. + # set up the keys and certificates with unbound-control-setup. + control-enable: yes + + # what interfaces are listened to for remote control. + # give 0.0.0.0 and ::0 to listen to all interfaces. + control-interface: 127.0.0.1 + + # port number for remote control operations. + control-port: 8953 + + # unbound server key file. + server-key-file: "/etc/unbound/unbound_server.key" + + # unbound server certificate file. + server-cert-file: "/etc/unbound/unbound_server.pem" + + # unbound-control key file. + control-key-file: "/etc/unbound/unbound_control.key" + + # unbound-control certificate file. + control-cert-file: "/etc/unbound/unbound_control.pem" + diff --git a/roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 b/roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 new file mode 100644 index 0000000..204e982 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 @@ -0,0 +1,3 @@ +ubuntumirror="{{ item.mirror_url }}" +ubuntudist="{{ item.dist }}" +FAI_BASEFILEURL="{{ http_mirror_fai_basefile_url }}" diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var new file mode 100644 index 0000000..851d183 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var @@ -0,0 +1,21 @@ +### CONFIGURE TIME +UTC=yes +TIMEZONE=Europe/Berlin + +### INSTALL PARAMETERS +STOP_ON_ERROR=700 +MAXPACKAGES=800 + +KEYMAP=de-latin1-nodeadkeys + +ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' + +# START USER AND PASSWORD +username={{ fai_hw4f_profile_username }} +USERPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' + +SUPRESS_GNOME_INITIAL_SCREEN=1 + +FAI_ALLOW_UNSIGNED=0 +APTPROXY=http://{{ server_name }}:3142 + diff --git a/roles/fai/templates/fai-profile-00-proxy.yml b/roles/fai/templates/srv/fai/config/files/etc/apt/apt.conf.d/02proxy.j2 similarity index 100% rename from roles/fai/templates/fai-profile-00-proxy.yml rename to roles/fai/templates/srv/fai/config/files/etc/apt/apt.conf.d/02proxy.j2 diff --git a/roles/fai/templates/var/www/html/index.html.j2 b/roles/fai/templates/var/www/html/index.html.j2 new file mode 100644 index 0000000..ac07dfa --- /dev/null +++ b/roles/fai/templates/var/www/html/index.html.j2 @@ -0,0 +1,33 @@ + + + Hardware for Future - PXE Environment + + +

Hardware for Future - PXE Environment

+

This mirror is part of the project + + Hardware for Future + + Please see: +

+

+ +

Restart the computer and boot into PXE.

+ +

Directories

+
+ 
+    fai/
+    ipxe/
+
+
+ + + diff --git a/roles/fai/vars/main.yml b/roles/fai/vars/main.yml index 21dc142..ae3fbae 100644 --- a/roles/fai/vars/main.yml +++ b/roles/fai/vars/main.yml @@ -1,18 +1,3 @@ --- # vars file for fai -server_net: "{{ server_ip |regex_replace('.[0-9]+$', '') }}" - -nginx_root: "/var/www/html" -nginx_site_available: "/etc/nginx/sites-available/{{ ansible_hostname }}.conf" -nginx_site_enabled: "/etc/nginx/sites-enabled/{{ ansible_hostname }}.conf" -fai_download_dir: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}" -ipxe_download_dir: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}" -fai_squashfs_path: "{{ fai_download_dir }}/{{ fai_squashfs_file }}" - -http_mirror: "http://{{ server_name }}" -http_mirror_ipxe_root_url: "{{ http_mirror }}/{{ http_mirror_ipxe_path_prefix }}" -http_mirror_fai_profiles_url: "{{ http_mirror }}/{{ http_mirror_fai_path_prefix }}/{{ fai_profiles_archive }}" -http_mirror_fai_squashfs_url: "{{ http_mirror }}/{{ http_mirror_fai_path_prefix }}/{{ fai_squashfs_file }}" - - From 5fb112fb565d61c90d4da7b35ff42394ab9f5c9c Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 7 Dec 2022 21:28:10 +0100 Subject: [PATCH 23/64] Provision with a hostname --- roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var index 851d183..edb8c3c 100644 --- a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var @@ -6,8 +6,10 @@ TIMEZONE=Europe/Berlin STOP_ON_ERROR=700 MAXPACKAGES=800 +HOSTNAME="user-pc" KEYMAP=de-latin1-nodeadkeys + ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' # START USER AND PASSWORD From 3cf440cd4eee4084beca575f02164e6a534661eb Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 7 Dec 2022 21:52:49 +0100 Subject: [PATCH 24/64] Add tags --- roles/fai/tasks/main.yml | 110 ++++++++++++++++++++++++++++----------- 1 file changed, 80 insertions(+), 30 deletions(-) diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index 4fc06af..64d122c 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -20,64 +20,114 @@ - debug_hostvars - name: "Configure operating system" - include_tasks: os.yml - tags: - - ansible_nopasswd + include_tasks: + file: os.yml + apply: + tags: + - os + - ansible_nopasswd - name: "Configure networking" - include_tasks: network.yml - tags: - - network + include_tasks: + file: network.yml + apply: + tags: + - network - name: "Configure package management" - include_tasks: package_mgmt.yml - tags: - - package_mgmt + include_tasks: + file: package_mgmt.yml + apply: + tags: + - package_mgmt.yml - name: "Setup apt proxy cache" - include_tasks: apt-cacher-ng.yml + include_tasks: + file: apt-cacher-ng.yml + apply: + tags: + - apt-cacher-ng.yml - name: "Configure a time server" - include_tasks: time-server.yml + include_tasks: + file: time-server.yml + apply: + tags: + - time-server.yml - name: "Configure the web server" - include_tasks: nginx.yml + include_tasks: + file: nginx.yml + apply: + tags: + - nginx - name: "Configure the tftp server" - include_tasks: tftpd-hpa.yml + include_tasks: + file: tftpd-hpa.yml + apply: + tags: + - tftpd-hpa.yml - name: "Configure dns server" - include_tasks: unbound.yml - tags: - - unbound + include_tasks: + file: unbound.yml + apply: + tags: + - unbound - name: "Configure dhcp" - include_tasks: isc-dhcp-server.yml - tags: - - dhcp + include_tasks: + file: isc-dhcp-server.yml + apply: + tags: + - dhcp ### RUN ALL SO FAR NOTIFIED HANDLERS NOW - name: "######## Flush handlers ########" ansible.builtin.meta: flush_handlers - name: "Prepare FAI" - include_tasks: fai-prepare.yml - tags: - - fai_prepare + include_tasks: + file: fai-prepare.yml + apply: + tags: + - fai_prepare - name: "Configure FAI" - include_tasks: fai-configure.yml - tags: - - fai_configure + include_tasks: + file: fai-configure.yml + apply: + tags: + - fai_configure - name: "Transfer FAI profiles" - include_tasks: fai-profiles.yml + include_tasks: + file: fai-profiles.yml + apply: + tags: + - fai_profiles -- name: "Create FAI root" - include_tasks: fai-nfsroot.yml + tags: + - fai_profiles + +- name: "Create FAI nfsroot" + include_tasks: + file: fai-nfsroot.yml + apply: + tags: + - fai_nfsroot - name: "Configure FAI PXE" - include_tasks: fai-pxe.yml + include_tasks: + file: fai-pxe.yml + apply: + tags: + - fai_pxe - name: "Configure FAI iPXE" - include_tasks: fai-ipxe.yml + include_tasks: + file: fai-ipxe.yml + apply: + tags: + - fai_ipxe From 01fef4119412cd6da724a408e84e713e464cd879 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 7 Dec 2022 21:53:12 +0100 Subject: [PATCH 25/64] Remove trailing spaces --- roles/fai/meta/main.yml | 4 ++-- roles/fai/tasks/nginx.yml | 2 +- roles/fai/tasks/tftpd-hpa.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/fai/meta/main.yml b/roles/fai/meta/main.yml index fa1402d..e984390 100644 --- a/roles/fai/meta/main.yml +++ b/roles/fai/meta/main.yml @@ -5,7 +5,7 @@ galaxy_info: # issue_tracker_url: http://example.com/issue/tracker - license: MIT + license: MIT min_ansible_version: 2.9 @@ -19,4 +19,4 @@ galaxy_info: collections: - ansible.posix - + diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index 049fe48..cad7637 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -11,7 +11,7 @@ - name: "Configure http server" become: true ansible.builtin.template: - src: "etc/nginx/sites-available/default_server.conf.j2" + src: "etc/nginx/sites-available/default_server.conf.j2" dest: "{{ nginx_site_available }}" mode: '0644' owner: root diff --git a/roles/fai/tasks/tftpd-hpa.yml b/roles/fai/tasks/tftpd-hpa.yml index 9421c3f..5d2d4d0 100644 --- a/roles/fai/tasks/tftpd-hpa.yml +++ b/roles/fai/tasks/tftpd-hpa.yml @@ -1,7 +1,7 @@ - name: "Install tftp server" become: True ansible.builtin.package: - name: + name: - tftpd-hpa state: present From 46230b77eb2c29f0e84e2968179d6d4a3da50e69 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 7 Dec 2022 23:25:18 +0100 Subject: [PATCH 26/64] Satisfy ansible-lint truth values --- roles/fai/tasks/apt-cacher-ng.yml | 10 +++++----- roles/fai/tasks/clonezilla.yml | 4 ++-- roles/fai/tasks/fai-ipxe.yml | 8 ++++---- roles/fai/tasks/os.yml | 4 ++-- roles/fai/tasks/tftpd-hpa.yml | 8 ++++---- roles/fai/tasks/time-server.yml | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml index 303e3c4..85891e9 100644 --- a/roles/fai/tasks/apt-cacher-ng.yml +++ b/roles/fai/tasks/apt-cacher-ng.yml @@ -1,12 +1,12 @@ - name: "Install apt cacher" - become: True + become: true ansible.builtin.package: name: - apt-cacher-ng state: present - name: "Configure apt cacher" - become: True + become: true ansible.builtin.copy: content: | CacheDir: /var/cache/apt-cacher-ng @@ -42,7 +42,7 @@ notify: restart apt-cacher-ng - name: "Set ubuntu server as backend" - become: True + become: true ansible.builtin.copy: content: | http://archive.ubuntu.com/ubuntu/ @@ -52,14 +52,14 @@ mode: '0644' - name: "Ensure service is started and enabled" - become: True + become: true ansible.builtin.service: name: apt-cacher-ng enabled: true state: started - name: "Set apt cache also for installer host" - become: True + become: true ansible.builtin.copy: dest: "/etc/apt/apt.conf.d/00proxy" content: | diff --git a/roles/fai/tasks/clonezilla.yml b/roles/fai/tasks/clonezilla.yml index 3eb9e75..e3f99c7 100644 --- a/roles/fai/tasks/clonezilla.yml +++ b/roles/fai/tasks/clonezilla.yml @@ -13,7 +13,7 @@ group: root mode: '0755' state: directory - recurse: yes + recurse: true tags: - clonezilla - clonezilla_dir_create @@ -31,7 +31,7 @@ ansible.builtin.shell: chdir: "{{ clonezilla_download_dir }}" cmd: unzip "{{ clonezilla_download_dir + '/' + clonezilla_archive }}" - check_mode: no + check_mode: false tags: - clonezilla - clonezilla_unzip diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index 0205c02..52433be 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -1,6 +1,6 @@ --- - name: "Install package ipxe" - become: True + become: true ansible.builtin.package: name: ipxe state: present @@ -9,11 +9,11 @@ - ipxe_install - name: "Copy iPXE binaries to '{{ tftp_dir }}'" - become: True + become: true ansible.builtin.copy: src: "{{ item }}" dest: "{{ tftp_dir }}" - remote_src: yes + remote_src: true with_items: - "/usr/lib/ipxe/ipxe.efi" - "/usr/lib/ipxe/ipxe.pxe" @@ -24,7 +24,7 @@ - ipxe_copy - name: "Write ipxe menu" - become: True + become: true ansible.builtin.template: src: "menu.ipxe.j2" dest: "{{ tftp_dir }}/menu.ipxe" diff --git a/roles/fai/tasks/os.yml b/roles/fai/tasks/os.yml index 296b548..c557bab 100644 --- a/roles/fai/tasks/os.yml +++ b/roles/fai/tasks/os.yml @@ -19,7 +19,7 @@ group: root mode: '0440' lstrip_blocks: true - backup: no + backup: false validate: /usr/sbin/visudo -cf %s when: - ansible_nopasswd @@ -65,7 +65,7 @@ package: name: '{{ package_set.core[distrib].standard }}' state: present - update_cache: False + update_cache: false ### ONLY A SET FOR DEBIAN/UBUNTU HAS BEEN DEFINED YET when: ansible_facts['os_family'] == "Debian" tags: diff --git a/roles/fai/tasks/tftpd-hpa.yml b/roles/fai/tasks/tftpd-hpa.yml index 5d2d4d0..7cd5a71 100644 --- a/roles/fai/tasks/tftpd-hpa.yml +++ b/roles/fai/tasks/tftpd-hpa.yml @@ -1,12 +1,12 @@ - name: "Install tftp server" - become: True + become: true ansible.builtin.package: name: - tftpd-hpa state: present - name: "Create tftp fai directory" - become: True + become: true ansible.builtin.file: name: "{{ tftp_dir }}" state: directory @@ -16,7 +16,7 @@ recurse: true - name: "Configure tftp server" - become: True + become: true ansible.builtin.copy: dest: "/etc/default/tftpd-hpa" content: | @@ -30,7 +30,7 @@ notify: restart tftpd - name: "Start tftp daemon" - become: True + become: true ansible.builtin.service: name: tftpd-hpa state: started diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml index 1b3eace..ea7feba 100644 --- a/roles/fai/tasks/time-server.yml +++ b/roles/fai/tasks/time-server.yml @@ -11,7 +11,7 @@ - name: "Configure rdate for inetd" become: true ansible.builtin.lineinfile: - create: yes + create: true line: 'time stream tcp nowait root internal' dest: "/etc/inetd.conf" owner: root From d33036dcf6b22fd6c491a81298931683ae66960e Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Wed, 7 Dec 2022 23:46:27 +0100 Subject: [PATCH 27/64] Sastify ansible-lint --- roles/fai/tasks/fai-nfsroot.yml | 2 ++ roles/fai/tasks/main.yml | 7 ++----- roles/fai/tasks/unbound.yml | 19 +++++-------------- 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml index 70373f6..69362e5 100644 --- a/roles/fai/tasks/fai-nfsroot.yml +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -36,6 +36,8 @@ loop: - "FOCAL64" - "JAMMY64" + tags: + - unbound_configure - name: "Allow '{{ fai_loguser }}' to write to '{{ tftp_dir }}' to ship logs" become: true diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index 64d122c..0f8db12 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for fai - name: "Fail if 'dhcp_interface' is undefined" - fail: + ansible.builtin.fail: msg: | Please specify the NIC serving FAI in variable 'dhcp_interface' (e.g. eth1) @@ -13,7 +13,7 @@ manager: auto - name: "Debug host_vars" - debug: + ansible.builtin.debug: var: hostvars verbosity: 1 tags: @@ -108,9 +108,6 @@ tags: - fai_profiles - tags: - - fai_profiles - - name: "Create FAI nfsroot" include_tasks: file: fai-nfsroot.yml diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml index 14fb3c7..1cd6563 100644 --- a/roles/fai/tasks/unbound.yml +++ b/roles/fai/tasks/unbound.yml @@ -1,12 +1,12 @@ - name: "Ensure systemd-resolved is stopped and disabled" - service: + ansible.buildin.service: name: systemd-resolved enabled: false state: stopped - tags: - - systemd-resolved_disable when: - "'systemd-resolved' in ansible_facts.packages" + tags: + - systemd-resolved_disable - name: "Install DNS - unbound server" become: true @@ -26,10 +26,10 @@ group: root validate: "unbound-checkconf %s" notify: restart unbound - tags: - - unbound_configure when: - false + tags: + - unbound_configure - name: "Configure DNS - zone '{{ domain_name }}'" become: true @@ -69,12 +69,3 @@ tags: - unbound_enable -- name: > - "Sleep for '{{wait_timeout_unbound }}' seconds - then run handlers to restart unbound" - vars: - wait_timeout_unbound: 3 - wait_for: - timeout: "{{ wait_timeout_unbound }}" - delegate_to: localhost - when: false From d629b6b10067babbda0f5fe83fd8a73ac63efa78 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:20:35 +0100 Subject: [PATCH 28/64] Create package_config for nfsroot --- roles/fai/tasks/fai-nfsroot.yml | 9 ++++ roles/fai/templates/etc/fai/NFSROOT.j2 | 74 ++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 roles/fai/templates/etc/fai/NFSROOT.j2 diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml index 69362e5..95a6153 100644 --- a/roles/fai/tasks/fai-nfsroot.yml +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -9,6 +9,15 @@ mode: '0644' when: false +- name: "Create package_config for nfsroot" + become: true + ansible.builtin.template: + src: "etc/fai/NFSROOT.j2" + dest: "{{ fai_etc_dir }}/NFSROOT" + owner: root + group: root + mode: '0644' + - name: "Test if nfsroot dir '{{ fai_dir_nfsroot }}' already exists" become: true ansible.builtin.stat: diff --git a/roles/fai/templates/etc/fai/NFSROOT.j2 b/roles/fai/templates/etc/fai/NFSROOT.j2 new file mode 100644 index 0000000..6323fa0 --- /dev/null +++ b/roles/fai/templates/etc/fai/NFSROOT.j2 @@ -0,0 +1,74 @@ +# package list for creating the NFSROOT + +PACKAGES install-norec FULL +nfs-common fai-nfsroot rpcbind +rsync +lshw procinfo +dump reiserfsprogs xfsprogs xfsdump btrfs-progs +hwinfo hdparm smartmontools nvme-cli +rdate +zile +numactl +udns-utils +netcat-traditional nmap +pxelinux syslinux-common +ca-certificates # for get-config-dir-https and apt-transport-https +usbutils pciutils +ssh +netselect +mdadm +cryptsetup +#git # git consumes a lot of disk space on the FAI CD + +PACKAGES install-norec +# dracut replaces live-boot and initramfs-tools +dracut live-boot- initramfs-tools- +dracut-config-generic +dracut-network +sysvinit-core systemd-sysv- +curl lftp +less +ntpdate +dosfstools +lvm2 +psmisc +dialog +console-common kbd +xz-utils pigz zstd +gpg +vim +tmux + + +# some network cards needs firmware +PACKAGES install-norec NONFREE +firmware-bnx2 firmware-bnx2x firmware-realtek +firmware-cavium +firmware-misc-nonfree + + +# you should not edit the lines below +# architecture dependend list of packages that are installed + +PACKAGES install-norec I386 +grub-pc +efibootmgr +linux-image-686-pae + +PACKAGES install-norec AMD64 +grub-pc +grub-efi-amd64-bin +efibootmgr +linux-image-amd64 +#linux-image-amd64/bullseye-backports # if you want to use a newer kernel + +PACKAGES install-norec ARM64 +grub-efi-arm64 +efibootmgr +linux-image-arm64 + +PACKAGES install-norec ARMHF +grub-efi-arm +efibootmgr +linux-image-armmp + From 78dd31d56759d5b1552848a00993bd9440f639ec Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:21:45 +0100 Subject: [PATCH 29/64] Move config to jinja2 --- roles/fai/tasks/fai-configure.yml | 13 ++----------- roles/fai/templates/etc/fai/apt/sources.list.j2 | 11 +++++++++++ 2 files changed, 13 insertions(+), 11 deletions(-) create mode 100644 roles/fai/templates/etc/fai/apt/sources.list.j2 diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index 8c83bc2..ebf8da8 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -15,18 +15,9 @@ become: true vars: dest: "{{ fai_etc_dir }}/apt/sources.list" + src: "etc/fai/apt/sources.list.j2" ansible.builtin.copy: - content: | - deb http://deb.debian.org/debian {{ debian_release_nfsroot }} main contrib non-free - deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-updates main contrib non-free - deb http://deb.debian.org/debian-security {{ debian_release_nfsroot }}-security main contrib non-free - #deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-backports main contrib non-free - - deb http://deb.debian.org/debian testing main contrib non-free - deb http://deb.debian.org/debian sid main contrib non-free - deb http://deb.debian.org/debian experimental main contrib non-free - # repository that may contain newer fai packages for bullseye - deb http://fai-project.org/download bullseye koeln + src: "{{ src }}" dest: "{{ dest }}" mode: '0644' owner: root diff --git a/roles/fai/templates/etc/fai/apt/sources.list.j2 b/roles/fai/templates/etc/fai/apt/sources.list.j2 new file mode 100644 index 0000000..f4d0042 --- /dev/null +++ b/roles/fai/templates/etc/fai/apt/sources.list.j2 @@ -0,0 +1,11 @@ +deb http://deb.debian.org/debian {{ debian_release_nfsroot }} main contrib non-free +deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-updates main contrib non-free +deb http://deb.debian.org/debian-security {{ debian_release_nfsroot }}-security main contrib non-free +#deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-backports main contrib non-free + +deb http://deb.debian.org/debian testing main contrib non-free +deb http://deb.debian.org/debian sid main contrib non-free +deb http://deb.debian.org/debian experimental main contrib non-free +# repository that may contain newer fai packages for bullseye +deb http://fai-project.org/download bullseye koeln + From bc8a46a17eb30815a2ec0bd0251fe19cfef1271a Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:22:57 +0100 Subject: [PATCH 30/64] Reenable creation of nfsconfig --- roles/fai/tasks/fai-nfsroot.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml index 95a6153..3866470 100644 --- a/roles/fai/tasks/fai-nfsroot.yml +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -7,7 +7,6 @@ owner: root group: root mode: '0644' - when: false - name: "Create package_config for nfsroot" become: true From dfc1788e79e9ae364a791a61a4d52fa067122366 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:23:42 +0100 Subject: [PATCH 31/64] Move preferences config to templates --- roles/fai/tasks/fai-configure.yml | 34 +------------------ .../etc/apt/preferences.d/zz_releases.j2 | 32 +++++++++++++++++ 2 files changed, 33 insertions(+), 33 deletions(-) create mode 100644 roles/fai/templates/etc/apt/preferences.d/zz_releases.j2 diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index ebf8da8..3911397 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -42,39 +42,7 @@ vars: dest: "{{ fai_etc_dir }}/apt/preferences.d/zz_releases" ansible.builtin.copy: - content: | - Package: * - Pin: release n={{ debian_release_nfsroot |lower }} - Pin-Priority: 500 - - Package: * - Pin: release n={{ debian_release_nfsroot |lower }}-updates - Pin-Priority: 500 - - Package: * - Pin: release n={{ debian_release_nfsroot |lower }}-backports - Pin-Priority: 490 - - Package: * - Pin: release a=testing - Pin-Priority: 400 - - Package: * - Pin: release n=sid - Pin-Priority: 120 - - Package: * - Pin: release a=experimental - Pin-Priority: 110 - - ### PACKAGES - Package: /^fai-.*/ - Pin: release a=experimental - Pin-Priority: 500 - - Package: /^dracut-?.*/ - Pin: release n=sid - Pin-Priority: 500 + src: "etc/apt/preferences.d/zz_releases.j2" dest: "{{ dest }}" mode: '0644' owner: root diff --git a/roles/fai/templates/etc/apt/preferences.d/zz_releases.j2 b/roles/fai/templates/etc/apt/preferences.d/zz_releases.j2 new file mode 100644 index 0000000..9cd6147 --- /dev/null +++ b/roles/fai/templates/etc/apt/preferences.d/zz_releases.j2 @@ -0,0 +1,32 @@ +Package: * +Pin: release n={{ debian_release_nfsroot | lower }} +Pin-Priority: 500 + +Package: * +Pin: release n={{ debian_release_nfsroot | lower }}-updates +Pin-Priority: 500 + +Package: * +Pin: release n={{ debian_release_nfsroot | lower }}-backports +Pin-Priority: 490 + +Package: * +Pin: release a=testing +Pin-Priority: 400 + +Package: * +Pin: release n=sid +Pin-Priority: 120 + +Package: * +Pin: release a=experimental +Pin-Priority: 110 + +### PACKAGES +Package: /^fai-.*/ +Pin: release a=experimental +Pin-Priority: 500 + +Package: /^dracut-?.*/ +Pin: release n=sid +Pin-Priority: 500 From 4b297d86cb88130a414a1bc7d882c7531ccb8021 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:24:29 +0100 Subject: [PATCH 32/64] Refactor nfsroot.conf --- roles/fai/templates/etc/fai/nfsroot.conf.j2 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/fai/templates/etc/fai/nfsroot.conf.j2 b/roles/fai/templates/etc/fai/nfsroot.conf.j2 index cbf94f5..5d978ed 100644 --- a/roles/fai/templates/etc/fai/nfsroot.conf.j2 +++ b/roles/fai/templates/etc/fai/nfsroot.conf.j2 @@ -6,7 +6,8 @@ # The third parameter is the name of the bootstrap script variant to use. # Example: # FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" -FAI_DEBOOTSTRAP="{{ debian_release_nfsroot }} http://localhost:3142/debian" +FAI_DEBOOTSTRAP="{{ debian_release_nfsroot + + 'http://' + server_name + ':3142/debian' }}" # Options that will be passed to debootstrap(8). # Used for excluding packages and for specifying a different architecture. @@ -23,8 +24,8 @@ FAI_DEBOOTSTRAP_OPTS="--exclude=wget" # # echo "yoursecrectpassword" | mkpasswd -m md5 -s -#FAI_ROOTPW="{{ fai_hw4f_rootpw_fai |password_hash("sha512") }}" -FAI_ROOTPW='$y$j9T$9Gpl96oNFKz9us5aM5iCb.$v/JHwnHRfaxMCPK/nsxu.DAmoGB1hlgRQBDIxTeMd9/' +FAI_ROOTPW="{{ fai_hw4f_rootpw_fai | password_hash("sha512") }}" +#FAI_ROOTPW='$y$j9T$9Gpl96oNFKz9us5aM5iCb.$v/JHwnHRfaxMCPK/nsxu.DAmoGB1hlgRQBDIxTeMd9/' # Directory on the install server where the nfsroot is created. NFSROOT="{{ fai_dir_nfsroot }}" @@ -41,7 +42,7 @@ NFSROOT_HOOKS="{{ fai_etc_dir }}/nfsroot-hooks" # This multiline variable is added to /etc/hosts inside the nfsroot. # You can use this when DNS is not available on the clients. # Example: -# NFSROOT_ETC_HOSTS="192.168.33.250 faiserver" +# NFSROOT_ETC_HOSTS="{{ server_address}} {{ server_name }}" # Directory on the install server for the tftp data, used by PXE network boot. TFTPROOT="{{ tftp_dir }}" From 32880aacc749dec5237b658a82c5b6ff491bf98c Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:24:58 +0100 Subject: [PATCH 33/64] Move preferences to templates --- roles/fai/tasks/fai-configure.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index 3911397..5a11259 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -37,6 +37,19 @@ - "{{ fai_etc_dir }}/apt" - "{{ fai_etc_dir }}/apt/preferences.d" +- name: "Set apt preferences for nfsroot in '{{ dest }}'" + become: true + vars: + dest: "{{ fai_etc_dir }}/apt/preferences.d/zz_releases" + ansible.builtin.template: + src: "etc/apt/preferences.d/pinning.j2" + dest: "{{ dest }}" + owner: root + group: root + mode: "0644" + tags: + - fai_nfsroot_apt_preferences + - name: "Set preferences for nfsroot in '{{ dest }}'" become: true vars: From aceaf94c9b4c5a2a1b7a9b92d591887523864d21 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:25:41 +0100 Subject: [PATCH 34/64] Refactor configuration of the host package management --- roles/fai/tasks/package_mgmt.yml | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/roles/fai/tasks/package_mgmt.yml b/roles/fai/tasks/package_mgmt.yml index dc05875..5f50737 100644 --- a/roles/fai/tasks/package_mgmt.yml +++ b/roles/fai/tasks/package_mgmt.yml @@ -1,3 +1,4 @@ +--- - name: "Install gpg" become: true ansible.builtin.package: @@ -15,17 +16,26 @@ tags: - fai_repo_key_install -- name: "Add repositories" +- name: "Add repositories to apt for the server" become: true ansible.builtin.apt_repository: repo: "{{ item.repo }}" filename: "{{ item.filename | default(omit) }}" state: present + update_cache: false + loop: "{{ repos }}" tags: - fai_repo - loop: "{{ repos }}" -- name: "Remove sources.list" +- name: "Update apt cache" + become: true + ansible.builtin.apt: + update_cache: true + tags: + - fai_repo + - fai_repo_update + +- name: "Remove 'sources.list' from server" become: true vars: paths: @@ -36,13 +46,16 @@ state: absent loop: "{{ paths }}" -- name: "Add preferences" +- name: "Set apt preferences for the server in '{{ dest }}'" become: true + vars: + dest: "/etc/apt/preferences.d/zz_releases" ansible.builtin.template: src: "etc/apt/preferences.d/pinning.j2" - dest: "/etc/apt/preferences.d/zz_releases" + dest: "{{ dest }}" owner: root group: root mode: "0644" tags: - - fai_repo + - fai_repo_apt_preferences + From d17f4f92a73ecacbe077ef50a26ce5076bfbefec Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Fri, 9 Dec 2022 05:26:06 +0100 Subject: [PATCH 35/64] Refactor package management in nfsroot --- roles/fai/tasks/fai-configure.yml | 36 ++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index 5a11259..306bdee 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -11,6 +11,36 @@ - fai_conf ### "/etc/fai/apt" GETS COPIED TO NFSROOT BY "fai-make-nfsroot" +- name: "Copy hosts '{{ src }}' to nfsroot" + become: true + vars: + src: "/etc/apt/sources.list.d" + dest: "/etc/fai/apt/sources.list.d" + ansible.builtin.copy: + remote_src: true + recursive: true + src: "{{ src }}" + dest: "{{ dest }}" + owner: root + group: root + when: + - debian_release_fai == debian_release_nfsroot + tags: + - fai_nfsroot_sources_list + +- name: "Remove 'sources.list' from nfsroot" + become: true + vars: + paths: + - "/etc/fai/apt/sources.list" + - "/etc/fai/apt/sources.list~" + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: "{{ paths }}" + when: + - debian_release_fai == debian_release_nfsroot + - name: "Set repositories for nfsroot in '{{ dest }}'" become: true vars: @@ -22,6 +52,8 @@ mode: '0644' owner: root group: root + when: + - debian_release_fai != debian_release_nfsroot tags: - fai_nfsroot_sources_list @@ -61,5 +93,7 @@ owner: root group: root tags: - - fai_nfsroot_sources_preferences + - fai_nfsroot_apt_preferences + when: + - falsen From 89c992b78b74663e14214babb5afc8854da37f1c Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 19:55:33 +0100 Subject: [PATCH 36/64] Rename files --- roles/fai/meta/main.yml | 15 +- .../{fai-profiles.yml => fai-config-dir.yml} | 131 +++++++++++------- .../{fai-configure.yml => fai-etc-dir.yml} | 0 .../srv/fai/config/class/HW4F_DESKTOP.var | 23 --- .../srv/fai/config/class/HW4F_DESKTOP.var.j2 | 36 +++++ .../srv/fai/config/scripts/00-remove-proxy.j2 | 5 + .../templates/srv/fai/config/scripts/04-snaps | 15 ++ .../templates/srv/fai/config/scripts/91-misc | 7 + 8 files changed, 153 insertions(+), 79 deletions(-) rename roles/fai/tasks/{fai-profiles.yml => fai-config-dir.yml} (56%) rename roles/fai/tasks/{fai-configure.yml => fai-etc-dir.yml} (100%) delete mode 100644 roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var create mode 100644 roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 create mode 100755 roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 create mode 100755 roles/fai/templates/srv/fai/config/scripts/04-snaps create mode 100755 roles/fai/templates/srv/fai/config/scripts/91-misc diff --git a/roles/fai/meta/main.yml b/roles/fai/meta/main.yml index e984390..3e27127 100644 --- a/roles/fai/meta/main.yml +++ b/roles/fai/meta/main.yml @@ -1,22 +1,19 @@ +--- galaxy_info: author: Alexander Böhm description: FAI server for Hardware For Future company: Hardware For Future - # issue_tracker_url: http://example.com/issue/tracker - license: MIT - min_ansible_version: 2.9 - platforms: - - name: Debian - versions: - - 10 - + - name: Debian + versions: + - 10 + - 11 + - 12 galaxy_tags: - hw4f - collections: - ansible.posix diff --git a/roles/fai/tasks/fai-profiles.yml b/roles/fai/tasks/fai-config-dir.yml similarity index 56% rename from roles/fai/tasks/fai-profiles.yml rename to roles/fai/tasks/fai-config-dir.yml index 894d162..217c198 100644 --- a/roles/fai/tasks/fai-profiles.yml +++ b/roles/fai/tasks/fai-config-dir.yml @@ -8,19 +8,6 @@ group: root mode: '0755' -- name: "Copy fai profiles to '{{ fai_dir_config }}'" - become: true - ansible.builtin.copy: - src: "profiles/" - dest: "{{ fai_dir_config }}" - owner: root - group: root - mode: '0755' - force: true - #recursive: true - notify: pack fai-config - when: false - - name: "Git checkout fai-config to '{{ fai_dir_config }}'" become: true ansible.builtin.git: @@ -40,6 +27,90 @@ mode: '0755' #recursive: true +- name: "Set APT proxy" + become: true + ansible.builtin.template: + src: "etc/apt/apt.conf.d/02proxy.j2" + dest: "{{ fai_dir_config }}/files/etc/apt/apt.conf.d/02proxy/HW4F_DESKTOP" + owner: root + group: root + mode: '0644' + notify: pack fai-config + when: false + +- name: "Set default menu entry to profile" + become: true + ansible.builtin.copy: + content: | + Default: {{ fai_menu_default }} + dest: "{{ fai_dir_config + '/class/zz_menu_default.profile' }}" + owner: root + group: root + mode: '0644' + when: + - fai_menu_default is defined + - fai_menu_default is not none + +- name: "Create class specific directories" + become: true + vars: + paths: + - "scripts/HW4F_DESKTOP" + - "scripts/HW4F_DESKTOP_LAST" + ansible.builtin.file: + dest: "{{ fai_dir_config + '/' + item }}" + state: directory + owner: root + group: root + mode: '0755' + loop: "{{ paths }}" + notify: pack fai-config + +- name: "Define files in '{{ fai_dir_config }}'" + become: true + vars: + scripts: + - src: "class/HW4F_DESKTOP.var.j2" + dest: "class/HW4F_DESKTOP.var" + mode: '0644' + - src: "scripts/00-remove-proxy.j2" + dest: "scripts/HW4F_DESKTOP_LAST/00-remove-proxy" + mode: "0755" + ansible.builtin.template: + src: "srv/fai/config/{{ item.src }}" + dest: "{{ fai_dir_config + '/' + item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + notify: pack fai-config + loop: "{{ scripts }}" + +- name: "Define files in '{{ fai_dir_config }}' without templating" + become: true + vars: + scripts: + - src: "scripts/04-snaps" + dest: "scripts/HW4F_DESKTOP/04-snaps" + mode: '0755' + ### TRICK COPY TO FIND THE "FILE" + ### IN THE DIRECTORY "templates" NOT IN "files" + search_prefix: "templates/" + - src: "scripts/91-misc" + dest: "scripts/HW4F_DESKTOP/91-misc" + mode: '0755' + ### TRICK COPY TO FIND THE "FILE" + ### IN THE DIRECTORY "templates" NOT IN "files" + search_prefix: "templates/" + ansible.builtin.copy: + src: "{{ item.search_prefix | default('') + + 'srv/fai/config/' + item.src }}" + dest: "{{ fai_dir_config + '/' + item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + notify: pack fai-config + loop: "{{ scripts }}" + - name: "Define FAI classes for BASEFILES" become: true ansible.builtin.template: @@ -55,37 +126,3 @@ - basefile: "FOCAL64" dist: "focal" mirror_url: "{{ ubuntu_mirror_url }}" - -- name: "Set APT proxy" - become: true - ansible.builtin.template: - src: "etc/apt/apt.conf.d/02proxy.j2" - dest: "{{ fai_dir_config }}/files/etc/apt/apt.conf.d/02proxy/HW4F_DESKTOP" - owner: root - group: root - mode: '0644' - notify: pack fai-config - when: false - -- name: "Define fai CLASS 'HW4F_DESKTOP'" - become: true - ansible.builtin.template: - src: "srv/fai/config/class/HW4F_DESKTOP.var" - dest: "{{ fai_dir_config }}/class/HW4F_DESKTOP.var" - owner: root - group: root - mode: '0644' - notify: pack fai-config - -- name: "Set default menu entry to profile" - become: true - ansible.builtin.copy: - content: | - Default: {{ fai_menu_default }} - dest: "{{ fai_dir_config + '/class/zz_menu_default.profile' }}" - owner: root - group: root - mode: '0644' - when: - - fai_menu_default is defined - - fai_menu_default is not none diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-etc-dir.yml similarity index 100% rename from roles/fai/tasks/fai-configure.yml rename to roles/fai/tasks/fai-etc-dir.yml diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var deleted file mode 100644 index edb8c3c..0000000 --- a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var +++ /dev/null @@ -1,23 +0,0 @@ -### CONFIGURE TIME -UTC=yes -TIMEZONE=Europe/Berlin - -### INSTALL PARAMETERS -STOP_ON_ERROR=700 -MAXPACKAGES=800 - -HOSTNAME="user-pc" -KEYMAP=de-latin1-nodeadkeys - - -ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' - -# START USER AND PASSWORD -username={{ fai_hw4f_profile_username }} -USERPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' - -SUPRESS_GNOME_INITIAL_SCREEN=1 - -FAI_ALLOW_UNSIGNED=0 -APTPROXY=http://{{ server_name }}:3142 - diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 new file mode 100644 index 0000000..8d65370 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 @@ -0,0 +1,36 @@ +### CONFIGURE TIME +UTC=yes +TIMEZONE=Europe/Berlin + +### INSTALL PARAMETERS +STOP_ON_ERROR=700 +MAXPACKAGES=800 + +HOSTNAME="user-pc" +KEYMAP=de-latin1-nodeadkeys + + +ROOTPW='{{ fai_hw4f_profile_password + | password_hash("sha512", fai_hw4f_password_salt ) }}' + +# START USER AND PASSWORD +username={{ fai_hw4f_profile_username }} +USERPW='{{ fai_hw4f_profile_password + | password_hash("sha512", fai_hw4f_password_salt ) }}' + +SUPRESS_GNOME_INITIAL_SCREEN=1 + +FAI_ALLOW_UNSIGNED=0 +APTPROXY=http://{{ server_name }}:3142 + +### CONFIGURE LOG UPLOAD +{% if fai_loguser is defined and + fai_loguser is none %} +### DISABLE LOG UPLOAD +LOGUSER= +{% elif fai_loguser is defined and + fai_loguser is not none %} +LOGUSER={{ fai_loguser }} +{% else %} +#LOGUSER= +{% endif %} diff --git a/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 b/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 new file mode 100755 index 0000000..b696477 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 @@ -0,0 +1,5 @@ +#!/bin/bash + +[ -f $target/etc/apt/apt.conf.d/02proxy ] && \ + rm $target/etc/apt/apt.conf.d/02proxy + diff --git a/roles/fai/templates/srv/fai/config/scripts/04-snaps b/roles/fai/templates/srv/fai/config/scripts/04-snaps new file mode 100755 index 0000000..1b0ffd9 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/scripts/04-snaps @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ "${#SNAPS[*]}" -eq 0 ]; then + SNAPS=( firefox ) +fi + +function package_exists() { + return dpkg -l "$1" &> /dev/null +} + +for SNAP in $SNAPS; do + if ! package_exists "snapd"; then + snap install "$SNAP" + fi +done diff --git a/roles/fai/templates/srv/fai/config/scripts/91-misc b/roles/fai/templates/srv/fai/config/scripts/91-misc new file mode 100755 index 0000000..0d1d6d8 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/scripts/91-misc @@ -0,0 +1,7 @@ +#! /bin/bash + +# disable the first login screen +$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-first-login.desktop +$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop +$ROOTCMD deluser --system gnome-initial-setup +$ROOTCMD dpkg-reconfigure keyboard-configuration From 6ee0e6cca2e181fc549832d5a5ec722004fb7358 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 19:56:38 +0100 Subject: [PATCH 37/64] Split inventory --- inventory/dezentrale.yml | 13 +------------ inventory/local.yml | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 12 deletions(-) create mode 100644 inventory/local.yml diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml index 4e9cd5a..0966c3d 100644 --- a/inventory/dezentrale.yml +++ b/inventory/dezentrale.yml @@ -1,7 +1,6 @@ all: vars: ansible_nopasswd: true - use_apt_cache_for_server: true # interface for a internet connection wan_interface: "{{ ansible_default_ipv4.interface }}" # ip of the server of the installer network @@ -13,17 +12,7 @@ all: hosts: hw4f-fai: - # interface to the clients to install + # interface to install the clients dhcp_interface: ens19 # customized server name server_name: "hw4f-fai" - # ip of the server of the installer network - hw4f-fai-vagrant: - ansible_host: "192.168.33.9" - #ansible_connection: "local" - #python_interpreter: "/usr/bin/python3" - # interface to the clients to install - dhcp_interface: eth1 - # customized server name - server_name: "hw4f-fai-vagrant" - #localhost: diff --git a/inventory/local.yml b/inventory/local.yml new file mode 100644 index 0000000..563f40a --- /dev/null +++ b/inventory/local.yml @@ -0,0 +1,23 @@ +all: + vars: + ansible_nopasswd: true + # interface for a internet connection + wan_interface: "{{ ansible_default_ipv4.interface }}" + # ip of the server of the installer network + server_ip: "192.168.33.8/24" + routers: + - "192.168.33.1" + #nameservers: + fai_config_git: "https://git.dezentrale.cloud/HW4F/fai-config.git" + + hosts: + hw4f-fai-vagrant: + ansible_host: "192.168.33.9" + #ansible_connection: "local" + #python_interpreter: "/usr/bin/python3" + # interface to install the clients + dhcp_interface: eth1 + # customized server name + server_name: "hw4f-fai-vagrant" + #localhost: + From 52e046011c892d877a6e5bd70042b4ff83e3b346 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 19:58:00 +0100 Subject: [PATCH 38/64] Pin dracut to Debian Sid --- group_vars/all.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/group_vars/all.yml b/group_vars/all.yml index 57a2033..c0fbad9 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -56,6 +56,10 @@ repos: origin: "deb.debian.org" release_name: "sid" pin_priority: 120 + - package: '/^dracut-?.*/' + origin: "deb.debian.org" + release_name: "sid" + pin_priority: 500 - repo: "deb http://deb.debian.org/debian experimental main contrib non-free" filename: "experimental" preferences: From fd4b90e010d4c160a741c8f5a444619a94f160ac Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 19:58:32 +0100 Subject: [PATCH 39/64] Fix typo --- roles/fai/tasks/unbound.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml index 1cd6563..a4d29ab 100644 --- a/roles/fai/tasks/unbound.yml +++ b/roles/fai/tasks/unbound.yml @@ -1,5 +1,5 @@ - name: "Ensure systemd-resolved is stopped and disabled" - ansible.buildin.service: + ansible.builtin.service: name: systemd-resolved enabled: false state: stopped From b5fede2d469cb2efe0ba8a5811d9aa57fd0fc8d7 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:01:47 +0100 Subject: [PATCH 40/64] Move configuration of the apt proxy to the defaults --- roles/fai/defaults/main.yml | 2 +- roles/fai/tasks/apt-cacher-ng.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 4d1853c..1af900c 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -20,7 +20,7 @@ timeservers: ntpservers: - "{{ server_address }}" apt_cacher_offline_mode: false -use_apt_cache_for_server: false +use_apt_cache_for_server: true fai_etc_dir: "/etc/fai" fai_dir: "/srv/fai" diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml index 85891e9..0e51544 100644 --- a/roles/fai/tasks/apt-cacher-ng.yml +++ b/roles/fai/tasks/apt-cacher-ng.yml @@ -61,7 +61,7 @@ - name: "Set apt cache also for installer host" become: true ansible.builtin.copy: - dest: "/etc/apt/apt.conf.d/00proxy" + dest: "/etc/apt/apt.conf.d/02proxy" content: | Acquire::http::Proxy "http://localhost:3142"; owner: root From b8ce01d6467c803f6c2c949e940dda29d9185446 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:04:22 +0100 Subject: [PATCH 41/64] Add support to rebuild nfsroot automatically --- roles/fai/defaults/main.yml | 1 + roles/fai/handlers/main.yml | 5 +++++ roles/fai/tasks/fai-etc-dir.yml | 18 ++++++++++++++++++ roles/fai/tasks/fai-nfsroot.yml | 24 +++++++----------------- 4 files changed, 31 insertions(+), 17 deletions(-) diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 1af900c..f62419e 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -32,6 +32,7 @@ fai_squashfs_file: "squash.img" fai_squashfs_path: "{{ fai_dir_download + '/' + fai_squashfs_file }}" #fai_loguser: "fai" fai_menu_default: 'HW4F Desktop Jammy' +fai_nfsroot_force_rebuild: false fai_hw4f_rootpw_fai: "fai" fai_hw4f_profile_username: "user" diff --git a/roles/fai/handlers/main.yml b/roles/fai/handlers/main.yml index 818d72a..d0e4153 100644 --- a/roles/fai/handlers/main.yml +++ b/roles/fai/handlers/main.yml @@ -70,3 +70,8 @@ name: unbound state: reloaded listen: reload unbound + +- name: "Force rebuild nfsroot" + ansible.builtin.set_fact: + fai_nfsroot_force_rebuild: true + diff --git a/roles/fai/tasks/fai-etc-dir.yml b/roles/fai/tasks/fai-etc-dir.yml index 306bdee..0639d7f 100644 --- a/roles/fai/tasks/fai-etc-dir.yml +++ b/roles/fai/tasks/fai-etc-dir.yml @@ -7,6 +7,8 @@ mode: '0644' owner: root group: root + notify: + - Force rebuild nfsroot tags: - fai_conf @@ -25,6 +27,8 @@ group: root when: - debian_release_fai == debian_release_nfsroot + notify: + - Force rebuild nfsroot tags: - fai_nfsroot_sources_list @@ -40,6 +44,8 @@ loop: "{{ paths }}" when: - debian_release_fai == debian_release_nfsroot + notify: + - Force rebuild nfsroot - name: "Set repositories for nfsroot in '{{ dest }}'" become: true @@ -54,6 +60,8 @@ group: root when: - debian_release_fai != debian_release_nfsroot + notify: + - Force rebuild nfsroot tags: - fai_nfsroot_sources_list @@ -68,6 +76,8 @@ loop: - "{{ fai_etc_dir }}/apt" - "{{ fai_etc_dir }}/apt/preferences.d" + notify: + - Force rebuild nfsroot - name: "Set apt preferences for nfsroot in '{{ dest }}'" become: true @@ -79,6 +89,8 @@ owner: root group: root mode: "0644" + notify: + - Force rebuild nfsroot tags: - fai_nfsroot_apt_preferences @@ -94,6 +106,12 @@ group: root tags: - fai_nfsroot_apt_preferences + notify: + - Force rebuild nfsroot when: - falsen + notify: + - Force rebuild nfsroot + notify: + - Force rebuild nfsroot diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml index 3866470..dad9134 100644 --- a/roles/fai/tasks/fai-nfsroot.yml +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -1,21 +1,11 @@ --- -- name: "Create configuration for nfsroot" +- name: "Delete nfsroot '{{ fai_dir_nfsroot }}' to force rebuilt" become: true - ansible.builtin.template: - src: "etc/fai/nfsroot.conf.j2" - dest: "{{ fai_etc_dir }}/nfsroot.conf" - owner: root - group: root - mode: '0644' - -- name: "Create package_config for nfsroot" - become: true - ansible.builtin.template: - src: "etc/fai/NFSROOT.j2" - dest: "{{ fai_etc_dir }}/NFSROOT" - owner: root - group: root - mode: '0644' + ansible.builtin.file: + path: "{{ fai_dir_nfsroot }}" + state: absent + when: + - fai_nfsroot_force_rebuild - name: "Test if nfsroot dir '{{ fai_dir_nfsroot }}' already exists" become: true @@ -45,7 +35,7 @@ - "FOCAL64" - "JAMMY64" tags: - - unbound_configure + - basefiles - name: "Allow '{{ fai_loguser }}' to write to '{{ tftp_dir }}' to ship logs" become: true From 3139977afbea0275f5632e5ebd7657510c379e2a Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:05:06 +0100 Subject: [PATCH 42/64] Disable log uploads --- roles/fai/defaults/main.yml | 2 +- roles/fai/templates/etc/fai/fai.conf.j2 | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index f62419e..9e7ec96 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -30,7 +30,7 @@ fai_dir_nfsroot_boot: "{{ fai_dir_nfsroot }}/boot" fai_config_archive: "config.tar" fai_squashfs_file: "squash.img" fai_squashfs_path: "{{ fai_dir_download + '/' + fai_squashfs_file }}" -#fai_loguser: "fai" +fai_loguser: fai_menu_default: 'HW4F Desktop Jammy' fai_nfsroot_force_rebuild: false diff --git a/roles/fai/templates/etc/fai/fai.conf.j2 b/roles/fai/templates/etc/fai/fai.conf.j2 index 3fde673..f8bf825 100644 --- a/roles/fai/templates/etc/fai/fai.conf.j2 +++ b/roles/fai/templates/etc/fai/fai.conf.j2 @@ -49,11 +49,15 @@ # For example, you can use write permissions for the group linuxadm. # chgrp linuxadm /srv/tftp/fai;chmod g+w /srv/tftp/fai. # If the variable is undefined, this feature is disabled. -{% if fai_loguser is defined %} -LOGUSER={{ fai_loguser }} -{% else %} +{% if fai_loguser is defined and + fai_loguser is none %} ### DISABLE LOG UPLOAD LOGUSER= +{% elif fai_loguser is defined and + fai_loguser is not none %} +LOGUSER={{ fai_loguser }} +{% else %} +#LOGUSER= {% endif %} # Protocol for saving logs From 604a862d0e6d28236fdc83a220d1bc43c3e44558 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:06:23 +0100 Subject: [PATCH 43/64] Use passwords with constant salts to avoid changing --- roles/fai/defaults/main.yml | 1 + roles/fai/templates/etc/fai/nfsroot.conf.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 9e7ec96..18aed0f 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -34,6 +34,7 @@ fai_loguser: fai_menu_default: 'HW4F Desktop Jammy' fai_nfsroot_force_rebuild: false +fai_hw4f_password_salt: "toXu6kiez1haetan" fai_hw4f_rootpw_fai: "fai" fai_hw4f_profile_username: "user" fai_hw4f_profile_password: "dezentrale" diff --git a/roles/fai/templates/etc/fai/nfsroot.conf.j2 b/roles/fai/templates/etc/fai/nfsroot.conf.j2 index 5d978ed..96b658d 100644 --- a/roles/fai/templates/etc/fai/nfsroot.conf.j2 +++ b/roles/fai/templates/etc/fai/nfsroot.conf.j2 @@ -24,8 +24,8 @@ FAI_DEBOOTSTRAP_OPTS="--exclude=wget" # # echo "yoursecrectpassword" | mkpasswd -m md5 -s -FAI_ROOTPW="{{ fai_hw4f_rootpw_fai | password_hash("sha512") }}" -#FAI_ROOTPW='$y$j9T$9Gpl96oNFKz9us5aM5iCb.$v/JHwnHRfaxMCPK/nsxu.DAmoGB1hlgRQBDIxTeMd9/' +FAI_ROOTPW="{{ fai_hw4f_rootpw_fai + | password_hash("sha512", fai_hw4f_password_salt ) }}" # Directory on the install server where the nfsroot is created. NFSROOT="{{ fai_dir_nfsroot }}" From 814c81c3b6c8718126382603b314fdae621586e9 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:08:03 +0100 Subject: [PATCH 44/64] Add space to when rendering debootstrap url --- roles/fai/templates/etc/fai/nfsroot.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fai/templates/etc/fai/nfsroot.conf.j2 b/roles/fai/templates/etc/fai/nfsroot.conf.j2 index 96b658d..aeed307 100644 --- a/roles/fai/templates/etc/fai/nfsroot.conf.j2 +++ b/roles/fai/templates/etc/fai/nfsroot.conf.j2 @@ -7,7 +7,7 @@ # Example: # FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" FAI_DEBOOTSTRAP="{{ debian_release_nfsroot + - 'http://' + server_name + ':3142/debian' }}" + ' http://' + server_name + ':3142/debian' }}" # Options that will be passed to debootstrap(8). # Used for excluding packages and for specifying a different architecture. From 3dea14759d7f6cd365c6bad3d134d2d604018db9 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:08:55 +0100 Subject: [PATCH 45/64] Gather fai "/etc" configuration in one file --- roles/fai/tasks/fai-etc-dir.yml | 52 ++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/roles/fai/tasks/fai-etc-dir.yml b/roles/fai/tasks/fai-etc-dir.yml index 0639d7f..8a1e065 100644 --- a/roles/fai/tasks/fai-etc-dir.yml +++ b/roles/fai/tasks/fai-etc-dir.yml @@ -13,18 +13,33 @@ - fai_conf ### "/etc/fai/apt" GETS COPIED TO NFSROOT BY "fai-make-nfsroot" + +- name: "Create apt configuration directories for nfsroot" + become: true + vars: + paths: + - "{{ fai_etc_dir }}/apt/sources.list.d" + - "{{ fai_etc_dir }}/apt/preferences.d" + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: '0755' + loop: "{{ paths }}" + - name: "Copy hosts '{{ src }}' to nfsroot" become: true vars: - src: "/etc/apt/sources.list.d" - dest: "/etc/fai/apt/sources.list.d" + src: "/etc/apt/sources.list.d/" + dest: "{{ fai_etc_dir }}/apt/sources.list.d" ansible.builtin.copy: remote_src: true - recursive: true src: "{{ src }}" dest: "{{ dest }}" owner: root group: root + mode: '0755' when: - debian_release_fai == debian_release_nfsroot notify: @@ -36,8 +51,8 @@ become: true vars: paths: - - "/etc/fai/apt/sources.list" - - "/etc/fai/apt/sources.list~" + - "{{ fai_etc_dir }}/apt/sources.list" + - "{{ fai_etc_dir }}/apt/sources.list~" ansible.builtin.file: path: "{{ item }}" state: absent @@ -89,6 +104,8 @@ owner: root group: root mode: "0644" + when: + - debian_release_fai == debian_release_nfsroot notify: - Force rebuild nfsroot tags: @@ -109,9 +126,28 @@ notify: - Force rebuild nfsroot when: - - falsen - notify: - - Force rebuild nfsroot + - debian_release_fai != debian_release_nfsroot + +- name: "Create configuration for nfsroot" + become: true + ansible.builtin.template: + src: "etc/fai/nfsroot.conf.j2" + dest: "{{ fai_etc_dir }}/nfsroot.conf" + owner: root + group: root + mode: '0644' + notify: + - Force rebuild nfsroot + +- name: "Create package_config for nfsroot" + become: true + ansible.builtin.template: + src: "etc/fai/NFSROOT.j2" + dest: "{{ fai_etc_dir }}/NFSROOT" + owner: root + group: root + mode: '0644' + register: "etc_fai_NFSROOT" notify: - Force rebuild nfsroot From 99d449b0eb3fc847020c57f14766af039ba3d3ba Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:09:09 +0100 Subject: [PATCH 46/64] Remove trailing spaces --- roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 b/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 index b696477..1195736 100755 --- a/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 +++ b/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 @@ -1,5 +1,5 @@ #!/bin/bash - + [ -f $target/etc/apt/apt.conf.d/02proxy ] && \ rm $target/etc/apt/apt.conf.d/02proxy From d2f5548a574ddbc4b4077161966a63e3ce60f4ef Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:09:27 +0100 Subject: [PATCH 47/64] Add ZSH config --- roles/fai/tasks/zsh.yml | 120 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 roles/fai/tasks/zsh.yml diff --git a/roles/fai/tasks/zsh.yml b/roles/fai/tasks/zsh.yml new file mode 100644 index 0000000..6bdda22 --- /dev/null +++ b/roles/fai/tasks/zsh.yml @@ -0,0 +1,120 @@ +### ZSH +- name: "zsh - grml-config" + become: true + ansible.builtin.git: + repo: 'git://git.grml.org/grml-etc-core.git' + dest: "/opt/grml-etc-core" + version: HEAD + tags: + - grml + - zsh + - zshrc + +- name: "zsh - stat '/etc/zsh'" + ansible.builtin.stat: + path: "/etc/zsh" + register: etc_zsh + tags: + - grml + - zsh + - zshrc + +- name: "zsh - debug variable 'etc_zsh'" + ansible.builtin.debug: + var: etc_zsh + verbosity: 2 + when: + - etc_zsh.stat.exists + tags: + - debug + - grml + - zsh + - zshrc + +- name: "zsh - debug path '/etc/zsh' and path type" + ansible.builtin.debug: + msg: > + "zsh - path '/etc/zsh' exists" + "and the chack for symlink is {{ etc_zsh.stat.islnk }}" + verbosity: 2 + when: + - etc_zsh.stat.islnk is defined + tags: + - debug + - grml + - zsh + - zshrc + +- name: "zsh - move '/etc/zsh' to '/etc/zsh.dist'" + become: true + ansible.builtin.command: > + mv -v "/etc/zsh" "/etc/zsh.dist" + when: + - etc_zsh.stat.islnk is defined + - not etc_zsh.stat.islnk + register: etc_zsh_mv + tags: + - grml + - zsh + - zshrc + +- name: "zsh - debug variable 'etc_zsh_mv'" + ansible.builtin.debug: + var: etc_zsh_mv + verbosity: 2 + when: + - etc_zsh_mv.changed + +- name: "zsh - sym-link '/etc/zsh' to '/opt/grml-etc-core/etc/zsh'" + become: true + ansible.builtin.file: + src: "/opt/grml-etc-core/etc/zsh" + path: "/etc/zsh" + state: link + owner: root + group: root + when: + - etc_zsh_mv.changed + - etc_zsh_mv.failed is defined + - not etc_zsh_mv.failed + tags: + - grml + - zsh + - zshrc + +- name: "zsh - stat '/etc/zsh'" + ansible.builtin.stat: + path: "/etc/zsh" + register: etc_zsh + when: + tags: + - grml + - zsh + - zshrc + +- name: "Show variable 'etc_zsh'" + ansible.builtin.debug: + var: etc_zsh + verbosity: 2 + when: + - etc_zsh.stat.exists + tags: + - grml + - zsh + - zshrc + +- name: "zsh - make zsh default shell for selected users" + become: true + ansible.builtin.user: + name: "{{ item }}" + shell: "/bin/zsh" + loop: + - rockstable + when: + - etc_zsh.stat.exists is defined + - etc_zsh.stat.exists + tags: + - grml + - zsh + - zshrc + From 29568f5a059b63077668dbc80eb0930a74140c29 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 20:09:47 +0100 Subject: [PATCH 48/64] Add support for tags --- roles/fai/tasks/main.yml | 137 +++++++++++++++++---------------------- 1 file changed, 59 insertions(+), 78 deletions(-) diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index 0f8db12..5dd3748 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -20,111 +20,92 @@ - debug_hostvars - name: "Configure operating system" - include_tasks: - file: os.yml - apply: - tags: - - os - - ansible_nopasswd + import_tasks: os.yml + tags: + - os + - ansible_nopasswd - name: "Configure networking" - include_tasks: - file: network.yml - apply: - tags: - - network + import_tasks: network.yml + tags: + - network - name: "Configure package management" - include_tasks: - file: package_mgmt.yml - apply: - tags: - - package_mgmt.yml + import_tasks: package_mgmt.yml + tags: + - package_mgmt + +- name: "Configure zsh" + import_tasks: zsh.yml + tags: + - zsh - name: "Setup apt proxy cache" - include_tasks: - file: apt-cacher-ng.yml - apply: - tags: - - apt-cacher-ng.yml + import_tasks: apt-cacher-ng.yml + tags: + - apt-cacher-ng - name: "Configure a time server" - include_tasks: - file: time-server.yml - apply: - tags: - - time-server.yml + import_tasks: time-server.yml + tags: + - time-server - name: "Configure the web server" - include_tasks: - file: nginx.yml - apply: - tags: - - nginx + import_tasks: nginx.yml + tags: + - nginx - name: "Configure the tftp server" - include_tasks: - file: tftpd-hpa.yml - apply: - tags: - - tftpd-hpa.yml + import_tasks: tftpd-hpa.yml + tags: + - tftpd-hpa - name: "Configure dns server" - include_tasks: - file: unbound.yml - apply: - tags: - - unbound + import_tasks: unbound.yml + tags: + - unbound - name: "Configure dhcp" - include_tasks: - file: isc-dhcp-server.yml - apply: - tags: - - dhcp + import_tasks: isc-dhcp-server.yml + tags: + - dhcp + - isc-dhcp-server ### RUN ALL SO FAR NOTIFIED HANDLERS NOW - name: "######## Flush handlers ########" ansible.builtin.meta: flush_handlers - name: "Prepare FAI" - include_tasks: - file: fai-prepare.yml - apply: - tags: - - fai_prepare + import_tasks: fai-prepare.yml + tags: + - fai_prepare -- name: "Configure FAI" - include_tasks: - file: fai-configure.yml - apply: - tags: - - fai_configure +- name: "Configure '{{ fai_dir_etc }}'" + import_tasks: fai-etc-dir.yml + tags: + - fai_etc_dir + - fai_nfsroot -- name: "Transfer FAI profiles" - include_tasks: - file: fai-profiles.yml - apply: - tags: - - fai_profiles +- name: "Configure '{{ fai_dir_config }}'" + import_tasks: fai-config-dir.yml + tags: + - fai_config_dir + +### RUN ALL SO FAR NOTIFIED HANDLERS NOW +- name: "######## Flush handlers ########" + ansible.builtin.meta: flush_handlers - name: "Create FAI nfsroot" - include_tasks: - file: fai-nfsroot.yml - apply: - tags: - - fai_nfsroot + import_tasks: fai-nfsroot.yml + tags: + - fai_nfsroot - name: "Configure FAI PXE" - include_tasks: - file: fai-pxe.yml - apply: - tags: - - fai_pxe + import_tasks: fai-pxe.yml + tags: + - fai_pxe - name: "Configure FAI iPXE" - include_tasks: - file: fai-ipxe.yml - apply: - tags: - - fai_ipxe + import_tasks: fai-ipxe.yml + tags: + - fai_ipxe From 84f64b8eb3dc3a0d57c0ef4085284f1ea3dd8d46 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 21:17:36 +0100 Subject: [PATCH 49/64] Add support for FAI_FLAGS --- roles/fai/defaults/main.yml | 6 ++++++ roles/fai/templates/menu.ipxe.j2 | 9 ++++++++- .../templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 | 2 ++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 18aed0f..89782ad 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -33,6 +33,12 @@ fai_squashfs_path: "{{ fai_dir_download + '/' + fai_squashfs_file }}" fai_loguser: fai_menu_default: 'HW4F Desktop Jammy' fai_nfsroot_force_rebuild: false +#fai_flags: [verbose,sshd,createvt,menu,debug,reboot] +fai_flags: + - verbose + - sshd + - createvt + - menu fai_hw4f_password_salt: "toXu6kiez1haetan" fai_hw4f_rootpw_fai: "fai" diff --git a/roles/fai/templates/menu.ipxe.j2 b/roles/fai/templates/menu.ipxe.j2 index 7951646..46fe76a 100644 --- a/roles/fai/templates/menu.ipxe.j2 +++ b/roles/fai/templates/menu.ipxe.j2 @@ -68,7 +68,14 @@ exit :fai kernel ${boot-root}/{{ fai_live_vmlinuz }} initrd ${boot-root}/{{ fai_live_initrd }} || goto reload_after_fail -imgargs {{ fai_live_vmlinuz|basename }} ip=dhcp root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS=verbose,sshd,createv,menu FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 +imgargs {{ fai_live_vmlinuz | basename }} ip=dhcp root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS={{ fai_flags | join(',') }} FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 +boot || goto reload_after_fail +goto start + +:fai+reboot +kernel ${boot-root}/{{ fai_live_vmlinuz }} +initrd ${boot-root}/{{ fai_live_initrd }} || goto reload_after_fail +imgargs {{ fai_live_vmlinuz | basename }} ip=dhcp root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS={{{ fai_flags | join(',') }},reboot FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 boot || goto reload_after_fail goto start diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 index 8d65370..eb7ea17 100644 --- a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 @@ -20,6 +20,8 @@ USERPW='{{ fai_hw4f_profile_password SUPRESS_GNOME_INITIAL_SCREEN=1 +### ALREADY SET IN IPXE MENU ON KERNEL CMDLINE +#FAI_FLAGS="verbose sshd createvt menu " FAI_ALLOW_UNSIGNED=0 APTPROXY=http://{{ server_name }}:3142 From 14662149fe48aa3b2e106c69c83a009f7733c7f0 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 21:18:23 +0100 Subject: [PATCH 50/64] Reformat variable template for fai class HW4F_DESKTOP --- .../srv/fai/config/class/HW4F_DESKTOP.var.j2 | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 index eb7ea17..90a2fbb 100644 --- a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 @@ -1,20 +1,20 @@ ### CONFIGURE TIME -UTC=yes -TIMEZONE=Europe/Berlin +UTC="yes" +TIMEZONE="Europe/Berlin" ### INSTALL PARAMETERS STOP_ON_ERROR=700 MAXPACKAGES=800 HOSTNAME="user-pc" -KEYMAP=de-latin1-nodeadkeys +KEYMAP="de-latin1-nodeadkeys" +# USER AND PASSWORD ROOTPW='{{ fai_hw4f_profile_password | password_hash("sha512", fai_hw4f_password_salt ) }}' -# START USER AND PASSWORD -username={{ fai_hw4f_profile_username }} +username='{{ fai_hw4f_profile_username }}' USERPW='{{ fai_hw4f_profile_password | password_hash("sha512", fai_hw4f_password_salt ) }}' @@ -23,12 +23,11 @@ SUPRESS_GNOME_INITIAL_SCREEN=1 ### ALREADY SET IN IPXE MENU ON KERNEL CMDLINE #FAI_FLAGS="verbose sshd createvt menu " FAI_ALLOW_UNSIGNED=0 -APTPROXY=http://{{ server_name }}:3142 +APTPROXY="http://{{ server_name }}:3142" ### CONFIGURE LOG UPLOAD {% if fai_loguser is defined and fai_loguser is none %} -### DISABLE LOG UPLOAD LOGUSER= {% elif fai_loguser is defined and fai_loguser is not none %} From 9f6d352899ddeaaaf9f4d5362e4119bd8bd99cfc Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 21:18:37 +0100 Subject: [PATCH 51/64] Add failing script to install firefox --- roles/fai/templates/srv/fai/config/scripts/04-snaps | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/fai/templates/srv/fai/config/scripts/04-snaps b/roles/fai/templates/srv/fai/config/scripts/04-snaps index 1b0ffd9..b05ccd6 100755 --- a/roles/fai/templates/srv/fai/config/scripts/04-snaps +++ b/roles/fai/templates/srv/fai/config/scripts/04-snaps @@ -1,15 +1,18 @@ #!/bin/bash +### FAILS: snapd is not running during FAI + if [ "${#SNAPS[*]}" -eq 0 ]; then SNAPS=( firefox ) fi function package_exists() { - return dpkg -l "$1" &> /dev/null + $ROOTCMD dpkg -l "$1" &> /dev/null + return $? } -for SNAP in $SNAPS; do - if ! package_exists "snapd"; then - snap install "$SNAP" +for SNAP in "${SNAPS[@]}"; do + if package_exists "snapd"; then + $ROOTCMD snap install "$SNAP" fi done From 3bc3dbe301a3fe6a0b0a15fc334e1549dacfa213 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 23:34:08 +0100 Subject: [PATCH 52/64] Add support to set hostname --- roles/fai/defaults/main.yml | 1 + .../srv/fai/config/class/HW4F_DESKTOP.var.j2 | 2 +- .../srv/fai/config/scripts/01-hostname.j2 | 15 +++++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100755 roles/fai/templates/srv/fai/config/scripts/01-hostname.j2 diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 89782ad..cb6b22e 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -39,6 +39,7 @@ fai_flags: - sshd - createvt - menu +fai_install_hostname: "user-pc" fai_hw4f_password_salt: "toXu6kiez1haetan" fai_hw4f_rootpw_fai: "fai" diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 index 90a2fbb..21fa88a 100644 --- a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var.j2 @@ -6,7 +6,7 @@ TIMEZONE="Europe/Berlin" STOP_ON_ERROR=700 MAXPACKAGES=800 -HOSTNAME="user-pc" +INSTALL_HOSTNAME="{{ fai_install_hostname }}" KEYMAP="de-latin1-nodeadkeys" diff --git a/roles/fai/templates/srv/fai/config/scripts/01-hostname.j2 b/roles/fai/templates/srv/fai/config/scripts/01-hostname.j2 new file mode 100755 index 0000000..383efba --- /dev/null +++ b/roles/fai/templates/srv/fai/config/scripts/01-hostname.j2 @@ -0,0 +1,15 @@ +#!/bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' + +if [ -n "$INSTALL_HOSTNAME" ]; then + echo "Setting HOSTNAME to '$INSTALL_HOSTNAME'" + echo "$INSTALL_HOSTNAME" > "$target/etc/hostname" +else + echo "Variable HOSTNAME is empty. Not setting HOSTNAME." +fi + +echo "Removing FAI server from /etc/hosts" +sed -ri -e '/{{ server_name }}/d' "$target/etc/hosts" + +exit $error From 8382e372a837a883e44e6fc32522833dd4a7db66 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 23:34:59 +0100 Subject: [PATCH 53/64] Move tasks for squashfs into nfsroot --- roles/fai/tasks/fai-nfsroot.yml | 20 ++++++++++++++++++++ roles/fai/tasks/fai-pxe.yml | 3 ++- roles/fai/tasks/main.yml | 1 + 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml index dad9134..e8943c6 100644 --- a/roles/fai/tasks/fai-nfsroot.yml +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -50,3 +50,23 @@ - fai_loguser is not none - false +- name: "Check for squashfs image of nfsroot in '{{ fai_squashfs_path }}'" + ansible.builtin.stat: + path: "{{ fai_squashfs_path }}" + register: squashfs + tags: + - ipxe + - fai_squashfs_stat + +- name: "Generate a squashfs of nfsroot filesystem in '{{ fai_squashfs_path }}'" + become: true + ansible.builtin.shell: + cmd: > + fai-cd -f -M -S "{{ fai_squashfs_path }}" + -d "{{ http_mirror_fai_profiles_url }}" + when: + - not squashfs.stat.exists or + fai_nfsroot_force_rebuild + tags: + - ipxe + - fai_squashfs_generate diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index 4618303..5cd733f 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -53,7 +53,8 @@ fai-cd -f -M -S "{{ fai_squashfs_path }}" -d "{{ http_mirror_fai_profiles_url }}" when: - - not squashfs.stat.exists + - not squashfs.stat.exists or + fai_nfsroot_force_rebuild tags: - ipxe - fai_squashfs_generate diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index 5dd3748..97f1113 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -104,6 +104,7 @@ import_tasks: fai-pxe.yml tags: - fai_pxe + - fai_ipxe - name: "Configure FAI iPXE" import_tasks: fai-ipxe.yml From 9bcbac6aea28d3d1ee8fa5fff6f070d7a48e6a52 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 23:35:38 +0100 Subject: [PATCH 54/64] Fix typo --- roles/fai/templates/menu.ipxe.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fai/templates/menu.ipxe.j2 b/roles/fai/templates/menu.ipxe.j2 index 46fe76a..8881777 100644 --- a/roles/fai/templates/menu.ipxe.j2 +++ b/roles/fai/templates/menu.ipxe.j2 @@ -75,7 +75,7 @@ goto start :fai+reboot kernel ${boot-root}/{{ fai_live_vmlinuz }} initrd ${boot-root}/{{ fai_live_initrd }} || goto reload_after_fail -imgargs {{ fai_live_vmlinuz | basename }} ip=dhcp root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS={{{ fai_flags | join(',') }},reboot FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 +imgargs {{ fai_live_vmlinuz | basename }} ip=dhcp root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS={{ fai_flags | join(',') }},reboot FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 boot || goto reload_after_fail goto start From 5d05021926a22877e2d1661778e41f067db88ac8 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sat, 10 Dec 2022 23:36:20 +0100 Subject: [PATCH 55/64] Add better error handling --- roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 | 2 +- roles/fai/templates/srv/fai/config/scripts/04-snaps | 2 ++ roles/fai/templates/srv/fai/config/scripts/91-misc | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 b/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 index 1195736..891756f 100755 --- a/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 +++ b/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 @@ -1,5 +1,5 @@ #!/bin/bash [ -f $target/etc/apt/apt.conf.d/02proxy ] && \ - rm $target/etc/apt/apt.conf.d/02proxy + $ROOTCMD rm -v /etc/apt/apt.conf.d/02proxy diff --git a/roles/fai/templates/srv/fai/config/scripts/04-snaps b/roles/fai/templates/srv/fai/config/scripts/04-snaps index b05ccd6..18b08b7 100755 --- a/roles/fai/templates/srv/fai/config/scripts/04-snaps +++ b/roles/fai/templates/srv/fai/config/scripts/04-snaps @@ -1,5 +1,7 @@ #!/bin/bash +error=0; trap 'error=$(($?>$error?$?:$error))' + ### FAILS: snapd is not running during FAI if [ "${#SNAPS[*]}" -eq 0 ]; then diff --git a/roles/fai/templates/srv/fai/config/scripts/91-misc b/roles/fai/templates/srv/fai/config/scripts/91-misc index 0d1d6d8..64f0ec9 100755 --- a/roles/fai/templates/srv/fai/config/scripts/91-misc +++ b/roles/fai/templates/srv/fai/config/scripts/91-misc @@ -1,7 +1,11 @@ #! /bin/bash +error=0; trap 'error=$(($?>$error?$?:$error))' + # disable the first login screen $ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-first-login.desktop $ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop $ROOTCMD deluser --system gnome-initial-setup $ROOTCMD dpkg-reconfigure keyboard-configuration + +exit $error From 40b0d6b56eb8bba6a5413a345232a31244686cde Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 11 Dec 2022 20:54:23 +0100 Subject: [PATCH 56/64] Move proxy script --- roles/fai/tasks/fai-config-dir.yml | 4 ++-- .../config/scripts/{00-remove-proxy.j2 => 02-remove-proxy.j2} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename roles/fai/templates/srv/fai/config/scripts/{00-remove-proxy.j2 => 02-remove-proxy.j2} (100%) diff --git a/roles/fai/tasks/fai-config-dir.yml b/roles/fai/tasks/fai-config-dir.yml index 217c198..2765e28 100644 --- a/roles/fai/tasks/fai-config-dir.yml +++ b/roles/fai/tasks/fai-config-dir.yml @@ -73,8 +73,8 @@ - src: "class/HW4F_DESKTOP.var.j2" dest: "class/HW4F_DESKTOP.var" mode: '0644' - - src: "scripts/00-remove-proxy.j2" - dest: "scripts/HW4F_DESKTOP_LAST/00-remove-proxy" + - src: "scripts/02-remove-proxy.j2" + dest: "scripts/HW4F_DESKTOP_LAST/02-remove-proxy" mode: "0755" ansible.builtin.template: src: "srv/fai/config/{{ item.src }}" diff --git a/roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 b/roles/fai/templates/srv/fai/config/scripts/02-remove-proxy.j2 similarity index 100% rename from roles/fai/templates/srv/fai/config/scripts/00-remove-proxy.j2 rename to roles/fai/templates/srv/fai/config/scripts/02-remove-proxy.j2 From 8f09f2dd14e71af6f52f096dcf68730ca3a24277 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 11 Dec 2022 20:54:47 +0100 Subject: [PATCH 57/64] Add setting of hostname --- roles/fai/tasks/fai-config-dir.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/fai/tasks/fai-config-dir.yml b/roles/fai/tasks/fai-config-dir.yml index 2765e28..c9d354f 100644 --- a/roles/fai/tasks/fai-config-dir.yml +++ b/roles/fai/tasks/fai-config-dir.yml @@ -73,6 +73,9 @@ - src: "class/HW4F_DESKTOP.var.j2" dest: "class/HW4F_DESKTOP.var" mode: '0644' + - src: "scripts/01-hostname.j2" + dest: "scripts/HW4F_DESKTOP/01-hostname" + mode: "0755" - src: "scripts/02-remove-proxy.j2" dest: "scripts/HW4F_DESKTOP_LAST/02-remove-proxy" mode: "0755" From d051136851f9c9a7b4b135a8c3a0535a43b719a1 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 11 Dec 2022 20:55:14 +0100 Subject: [PATCH 58/64] Add tags fai enable a fai limited provisioning --- roles/fai/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index 97f1113..ac6346b 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -78,17 +78,20 @@ - name: "Prepare FAI" import_tasks: fai-prepare.yml tags: + - fai - fai_prepare - name: "Configure '{{ fai_dir_etc }}'" import_tasks: fai-etc-dir.yml tags: + - fai - fai_etc_dir - fai_nfsroot - name: "Configure '{{ fai_dir_config }}'" import_tasks: fai-config-dir.yml tags: + - fai - fai_config_dir ### RUN ALL SO FAR NOTIFIED HANDLERS NOW @@ -98,15 +101,18 @@ - name: "Create FAI nfsroot" import_tasks: fai-nfsroot.yml tags: + - fai - fai_nfsroot - name: "Configure FAI PXE" import_tasks: fai-pxe.yml tags: + - fai - fai_pxe - fai_ipxe - name: "Configure FAI iPXE" import_tasks: fai-ipxe.yml tags: + - fai - fai_ipxe From 0a8683799bb2b79d7c302f283f7a76c8927f0298 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 11 Dec 2022 20:55:32 +0100 Subject: [PATCH 59/64] Add commented flag debug --- roles/fai/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index cb6b22e..e8f12a7 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -39,6 +39,7 @@ fai_flags: - sshd - createvt - menu + #- debug fai_install_hostname: "user-pc" fai_hw4f_password_salt: "toXu6kiez1haetan" From aaa84a190f30a703ba723f266b519ca3db5d8b8a Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 11 Dec 2022 20:56:04 +0100 Subject: [PATCH 60/64] =?UTF-8?q?Disable=20task=20to=20ro=C3=B6eout=20file?= =?UTF-8?q?s=20without=20templating.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/fai/tasks/fai-config-dir.yml | 50 +++++++++++++++--------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/roles/fai/tasks/fai-config-dir.yml b/roles/fai/tasks/fai-config-dir.yml index c9d354f..c7da711 100644 --- a/roles/fai/tasks/fai-config-dir.yml +++ b/roles/fai/tasks/fai-config-dir.yml @@ -88,31 +88,31 @@ notify: pack fai-config loop: "{{ scripts }}" -- name: "Define files in '{{ fai_dir_config }}' without templating" - become: true - vars: - scripts: - - src: "scripts/04-snaps" - dest: "scripts/HW4F_DESKTOP/04-snaps" - mode: '0755' - ### TRICK COPY TO FIND THE "FILE" - ### IN THE DIRECTORY "templates" NOT IN "files" - search_prefix: "templates/" - - src: "scripts/91-misc" - dest: "scripts/HW4F_DESKTOP/91-misc" - mode: '0755' - ### TRICK COPY TO FIND THE "FILE" - ### IN THE DIRECTORY "templates" NOT IN "files" - search_prefix: "templates/" - ansible.builtin.copy: - src: "{{ item.search_prefix | default('') + - 'srv/fai/config/' + item.src }}" - dest: "{{ fai_dir_config + '/' + item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - notify: pack fai-config - loop: "{{ scripts }}" +#- name: "Define files in '{{ fai_dir_config }}' without templating" +# become: true +# vars: +# scripts: +# #- src: "scripts/04-snaps" +# # dest: "scripts/HW4F_DESKTOP/04-snaps" +# # mode: '0755' +# # ### TRICK COPY TO FIND THE "FILE" +# # ### IN THE DIRECTORY "templates" NOT IN "files" +# # search_prefix: "templates/" +# #- src: "scripts/91-misc" +# # dest: "scripts/HW4F_DESKTOP/91-misc" +# # mode: '0755' +# # ### TRICK COPY TO FIND THE "FILE" +# # ### IN THE DIRECTORY "templates" NOT IN "files" +# #search_prefix: "templates/" +# ansible.builtin.copy: +# src: "{{ item.search_prefix | default('') + +# 'srv/fai/config/' + item.src }}" +# dest: "{{ fai_dir_config + '/' + item.dest }}" +# owner: root +# group: root +# mode: "{{ item.mode }}" +# notify: pack fai-config +# loop: "{{ scripts }}" - name: "Define FAI classes for BASEFILES" become: true From b959e6eab4273b68516386c21a260f90d07ce4eb Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Sun, 11 Dec 2022 21:35:58 +0100 Subject: [PATCH 61/64] Add docu --- README.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 22b12a9..3d7e866 100644 --- a/README.md +++ b/README.md @@ -85,9 +85,9 @@ und die grundlegende Parameter festlegen: Einen Eintrag hinzufügen in `~/.ssh/config` ``` -host hw4f-fai hw4f-fai.intern.dezentrale.space +host hw4f-fai hw4f-fai.server.dezentrale.space user username - #hostname 192.168.1.11 + #hostname 10.137.0.8 ``` Danach das Playbook ausführen: @@ -95,9 +95,19 @@ Danach das Playbook ausführen: ``` ansible-playbook fai.yml -ansible-playbook -i inventory/dezentrale.yml -K --check --diff -v fai.yml +ansible-playbook -i inventory/dezentrale.yml \ + -K --check --diff -v fai.yml ``` +Nur FAI rekonfigurieren und das NFSROOT erzwungen neu bauen. +``` +ansible-playbook -i inventory/dezentrale.yml -l hw4f-fai \ + -v --diff -t fai \ + -e 'fai_nfsroot_force_rebuild=true' fai.yml +``` + + + ### Virtuale Testinstanz Für eine testweise Installation kann @@ -197,15 +207,7 @@ Die NFS-root configuration findet sich hier Das Secret wird definiert in `/srv/fai/config/class/FAIBASE.var` - -#### Debian Versionen - -`/srv/fai/nfsroot/etc/debian_version` -Ganz alt: 10.6 (Buster) -> kein ZST -Neuer versuch: 11.5 (Bullseye) - kein ZST -Neuester Versuch: (Bookworm) - - + ### Konfiguration From bc27777a7040e40d93d82f9ff2839bdffa74b2ca Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Tue, 13 Dec 2022 19:32:41 +0100 Subject: [PATCH 62/64] Move squashfs generation to fai-nfsroot.yml --- roles/fai/tasks/fai-pxe.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index 5cd733f..802f480 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -39,26 +39,6 @@ tags: - ipxe -- name: "Check for generated squashfs image in '{{ fai_squashfs_path }}'" - ansible.builtin.stat: - path: "{{ fai_squashfs_path }}" - register: squashfs - tags: - - ipxe - - fai_squashfs_stat - -- name: "Generate a downloadable squashfs of root filesystem" - become: true - ansible.builtin.shell: > - fai-cd -f -M -S "{{ fai_squashfs_path }}" - -d "{{ http_mirror_fai_profiles_url }}" - when: - - not squashfs.stat.exists or - fai_nfsroot_force_rebuild - tags: - - ipxe - - fai_squashfs_generate - - name: "Copy additional files to '{{ ipxe_dir_download }}'" become: true ansible.builtin.copy: From 4515c8c3bafd12e312a288f43bbc3e83e43811ed Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Tue, 13 Dec 2022 19:32:58 +0100 Subject: [PATCH 63/64] Cleanup --- roles/fai/tasks/fai-config-dir.yml | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/roles/fai/tasks/fai-config-dir.yml b/roles/fai/tasks/fai-config-dir.yml index c7da711..b36d5bc 100644 --- a/roles/fai/tasks/fai-config-dir.yml +++ b/roles/fai/tasks/fai-config-dir.yml @@ -88,32 +88,6 @@ notify: pack fai-config loop: "{{ scripts }}" -#- name: "Define files in '{{ fai_dir_config }}' without templating" -# become: true -# vars: -# scripts: -# #- src: "scripts/04-snaps" -# # dest: "scripts/HW4F_DESKTOP/04-snaps" -# # mode: '0755' -# # ### TRICK COPY TO FIND THE "FILE" -# # ### IN THE DIRECTORY "templates" NOT IN "files" -# # search_prefix: "templates/" -# #- src: "scripts/91-misc" -# # dest: "scripts/HW4F_DESKTOP/91-misc" -# # mode: '0755' -# # ### TRICK COPY TO FIND THE "FILE" -# # ### IN THE DIRECTORY "templates" NOT IN "files" -# #search_prefix: "templates/" -# ansible.builtin.copy: -# src: "{{ item.search_prefix | default('') + -# 'srv/fai/config/' + item.src }}" -# dest: "{{ fai_dir_config + '/' + item.dest }}" -# owner: root -# group: root -# mode: "{{ item.mode }}" -# notify: pack fai-config -# loop: "{{ scripts }}" - - name: "Define FAI classes for BASEFILES" become: true ansible.builtin.template: From 249b2aea74ce09a76b7099a513dd197365f544a6 Mon Sep 17 00:00:00 2001 From: Tobias Stein Date: Tue, 13 Dec 2022 19:33:21 +0100 Subject: [PATCH 64/64] Add kamikaze script to install snaps --- roles/fai/defaults/main.yml | 7 +++++++ roles/fai/tasks/fai-config-dir.yml | 4 ++++ .../templates/srv/fai/config/files/etc/cron.d/kamikaze.j2 | 5 +++++ 3 files changed, 16 insertions(+) create mode 100644 roles/fai/templates/srv/fai/config/files/etc/cron.d/kamikaze.j2 diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index e8f12a7..1dcbe8c 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -109,3 +109,10 @@ package_set: pv, pwgen, python3-apt, rsync, screen, sqlite3, ssl-cert, strace, sudo, sysstat, tcpdump, tmux, unattended-upgrades, vim, wget, zsh ] extra: [ btrfs-progs ] + +crond_kamikaze: "/etc/cron.d/kamikaze.sh" +ubuntu: + snaps: + - name: firefox + channel: stable + classic: false diff --git a/roles/fai/tasks/fai-config-dir.yml b/roles/fai/tasks/fai-config-dir.yml index b36d5bc..c89bdda 100644 --- a/roles/fai/tasks/fai-config-dir.yml +++ b/roles/fai/tasks/fai-config-dir.yml @@ -55,6 +55,7 @@ become: true vars: paths: + - "files/etc/cron.d/kamikaze" - "scripts/HW4F_DESKTOP" - "scripts/HW4F_DESKTOP_LAST" ansible.builtin.file: @@ -79,6 +80,9 @@ - src: "scripts/02-remove-proxy.j2" dest: "scripts/HW4F_DESKTOP_LAST/02-remove-proxy" mode: "0755" + - src: "files/etc/cron.d/kamikaze.j2" + dest: "files/etc/cron.d/kamikaze/HW4F_DESKTOP_LAST" + mode: "0755" ansible.builtin.template: src: "srv/fai/config/{{ item.src }}" dest: "{{ fai_dir_config + '/' + item.dest }}" diff --git a/roles/fai/templates/srv/fai/config/files/etc/cron.d/kamikaze.j2 b/roles/fai/templates/srv/fai/config/files/etc/cron.d/kamikaze.j2 new file mode 100644 index 0000000..b49f975 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/files/etc/cron.d/kamikaze.j2 @@ -0,0 +1,5 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +@reboot root sleep 30 && snap install {{ + ubuntu.snaps|map(attribute="name") |join(' ') + }} && [ -f "{{ crond_kamikaze }}" ] && rm "{{ crond_kamikaze }}"