commit d5eecc6a222ca8189fb600e46fdd76e76bca1255 Author: Alexander Böhm Date: Wed Aug 26 12:10:36 2020 +0200 Initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c1efe06 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# vim +*.swp + +# Vagrant +.vagrant diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..57189fd --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,26 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +def create(config, name) + config.vm.define name do |v| + v.vm.hostname = name + v.vm.box = "generic/debian10" + + v.vm.provider "virtualbox" do |vb| + vb.memory = "1024" + vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] + end + + v.vm.network "private_network", ip: "192.168.33.1", virtualbox__intnet: true + + v.vm.provision "ansible" do |ans| + ans.playbook = "setup.yml" + #ans.vault_password_file = ".vault_pass" + ans.verbose = true + end + end +end + +Vagrant.configure("2") do |config| + create(config, "faiserver") +end diff --git a/fai.yml b/fai.yml new file mode 100644 index 0000000..a6e080f --- /dev/null +++ b/fai.yml @@ -0,0 +1,85 @@ +- hosts: all + become: yes + vars: + use_ipxe: true + fai_menu: true + ensure_fai_setup_run: false + dhcp_interface: eth1 + wan_interface: eth0 + server_name: faiserver + server_ip: 192.168.33.1 + server_net: 192.168.33 + server_netbits: 24 + server_netmask: 255.255.255.0 + domain_name: lan + linux_version: 4.19.0-10 + tasks: + - name: fai package selection + copy: + content: | + PACKAGES install + linuxmint-keyring + mintdesktop + dest: /srv/fai/config/package_config/MINT + mode: 0644 + owner: root + group: root + + - name: fai deb conf + copy: + content: | + exim4-config exim4/dc_eximconfig_configtype select local delivery only; not on a network + locales locales/default_environment_locale select de_DE.UTF-8 en_US.UTF-8 + locales locales/locales_to_be_generated multiselect de_DE.UTF-8 en_US.UTF-8 UTF-8 + keyboard-configuration keyboard-configuration/modelcode string pc105 + keyboard-configuration keyboard-configuration/xkb-keymap select de + keyboard-configuration keyboard-configuration/variant select USA + keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC + keyboard-configuration keyboard-configuration/layoutcode string + keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp + dest: /srv/fai/config/debconf/DESKTOP + mode: 0644 + owner: root + group: root + + - name: fai set host class + copy: + content: | + #! /bin/bash + echo "DEBIAN GERMAN DESKTOP" + dest: /srv/fai/config/class/50-host-classes + mode: 0755 + owner: root + group: root + + - name: fai desk config + copy: + content: | + # example of new config file for setup-storage + # + # + + disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid + + primary / 2G-50G ext4 rw,noatime,errors=remount-ro + logical swap 200-10G swap sw + logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" + dest: /srv/fai/config/disk_config/DESKTOP + + - name: fai vars + copy: + content: | + FAI_ALLOW_UNSIGNED=0 + UTC=yes + TIMEZONE=Europe/Berlin + # pw is "fai" + ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' + # errors in tasks greater than this value will cause the installation to stop + STOP_ON_ERROR=700 + # set parameter for install_packages(8) + MAXPACKAGES=800 + dest: /srv/fai/config/class/DESKTOP.var + mode: 0644 + owner: root + group: root + diff --git a/roles/fai/.travis.yml b/roles/fai/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/fai/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/fai/README.md b/roles/fai/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/fai/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml new file mode 100644 index 0000000..b587892 --- /dev/null +++ b/roles/fai/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# defaults file for fai + +use_ipxe: true +fai_menu: true +ensure_fai_setup_run: false +dhcp_interface: eth1 +wan_interface: eth0 +server_name: faiserver +server_ip: 192.168.33.1 +server_net: 192.168.33 +server_netmask: 255.255.255.0 +domain_name: lan +linux_version: 4.19.0-10 +use_apt_cache: false diff --git a/roles/fai/files/dban/dban.bzi b/roles/fai/files/dban/dban.bzi new file mode 100644 index 0000000..7b2340d Binary files /dev/null and b/roles/fai/files/dban/dban.bzi differ diff --git a/roles/fai/files/ipxe/ipxe.efi b/roles/fai/files/ipxe/ipxe.efi new file mode 100644 index 0000000..8aba6b6 Binary files /dev/null and b/roles/fai/files/ipxe/ipxe.efi differ diff --git a/roles/fai/files/ipxe/ipxe.lkrn b/roles/fai/files/ipxe/ipxe.lkrn new file mode 100644 index 0000000..7f3b322 Binary files /dev/null and b/roles/fai/files/ipxe/ipxe.lkrn differ diff --git a/roles/fai/files/ipxe/ipxe.pxe b/roles/fai/files/ipxe/ipxe.pxe new file mode 100644 index 0000000..dfc6053 Binary files /dev/null and b/roles/fai/files/ipxe/ipxe.pxe differ diff --git a/roles/fai/files/ipxe/undionly.kpxe b/roles/fai/files/ipxe/undionly.kpxe new file mode 100644 index 0000000..3dce9b5 Binary files /dev/null and b/roles/fai/files/ipxe/undionly.kpxe differ diff --git a/roles/fai/files/profiles/basefiles/mk-basefile b/roles/fai/files/profiles/basefiles/mk-basefile new file mode 100755 index 0000000..f091aff --- /dev/null +++ b/roles/fai/files/profiles/basefiles/mk-basefile @@ -0,0 +1,309 @@ +#! /bin/bash + +# mk-basefile, create basefiles for some distributions +# +# Thomas Lange, Uni Koeln, 2011-2020 +# based on the Makefile implementation of Michael Goetze +# +# Usage example: mk-basefile -J STRETCH64 +# This will create a STRETCH64.tar.xz basefile. + +# Supported distributions (each i386/amd64): +# Debian GNU/Linux +# Ubuntu 14.04/16.04 +# CentOS 5/6/7/8 +# Scientific Linux Cern 5/6 +# +# Packages you might want to install to use this command: +# debootstrap, rinse, xz-utils + + +# Define your local mirros here +# For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf +MIRROR_DEBIAN=http://deb.debian.org/debian/ +MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/ +MIRROR_CENTOS=http://mirror.netcologne.de/ + +EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info +EXCLUDE_WHEEZY=info +EXCLUDE_JESSIE=info +EXCLUDE_STRETCH=info +EXCLUDE_BUSTER= +EXCLUDE_BULLSEYE= +EXCLUDE_SID= + +EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info +EXCLUDE_XENIAL=udhcpc,dibbler-client,info +EXCLUDE_BIONIC=udhcpc,dibbler-client,info +EXCLUDE_FOCAL=udhcpc,dibbler-client,info + +# here you can add packages, that are needed very early +INCLUDE_DEBIAN= + + +setarch() { + + l32= + if [ X$1 = Xi386 ]; then + l32=linux32 + fi +} + +check() { + + if [ `id -u` != 0 ]; then + echo "You must be root to create chroots." + exit 1 + fi + mknod $xtmp/test-dev-null c 1 3 + if [ $? -eq 1 ]; then + echo "Cannot create device files on $xtmp, aborting." + echo "Perhaps this directory is mounted with option nodev." + rm -rf $xtmp + exit 1 + fi + echo test > $xtmp/test-dev-null + if [ $? -eq 1 ]; then + echo "Cannot create device files on $xtmp, aborting." + echo "Perhaps this directory is mounted with option nodev." + rm -rf $xtmp + exit 1 + fi + rm -f $xtmp/test-dev-null +} + + +mkpost-centos() { + + # set local mirror for rinse post script + [ -z "$MIRROR_CENTOS" ] && return + cat < $xtmp/post +#! /bin/sh +mkdir -p $xtmp/etc/yum.repos.d/orig +cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig +perl -pi -e 's,mirrorlist=,#mirrorlist=,; s,#baseurl=http://mirror.centos.org,baseurl=$MIRROR_CENTOS,;' $xtmp/etc/yum.repos.d/CentOS-Base.repo +EOM + chmod 555 $xtmp/post +} + + +mkpost-slc() { + + # set local mirror for rinse post script + ver=$1 + [ -z "$MIRROR_SLC" ] && return + cat < $xtmp/post +#! /bin/sh +mkdir -p $xtmp/etc/yum.repos.d/orig +cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig +perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-os.repo +perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-updates.repo + +EOM + chmod 555 $xtmp/post +} + + +cleanup-deb() { + + chroot $xtmp apt-get clean + rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \ + $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \ + $xtmp/etc/udev/rules.d/70-persistent-net.rules + > $xtmp/etc/machine-id +} + + +cleanup-rinse() { + + # check if chroot works + echo "Installed packages in chroot:" + chroot $xtmp rpm -qa|sort + echo -n "CHROOT rpm -qa: " + chroot $xtmp rpm -qa|wc -l + + rm -f $xtmp/etc/resolv.conf $xtmp/post + if [ -d $xtmp/etc/yum.repos.d/orig ]; then + mv $xtmp/etc/yum.repos.d/orig/* $xtmp/etc/yum.repos.d/ + rm -rf $xtmp/etc/yum.repos.d/orig + fi +} + + +tarit() { + + tar $attributes --numeric-owner --one-file-system -C $xtmp -cf - . | $zip > $target.$ext +} + + +centos() { + + local arch=$1 + local vers=$2 + local domain=$(domainname) + + check + setarch $arch + mkpost-centos + $l32 rinse --directory $xtmp --distribution centos-$vers --arch $arch --before-post-install $xtmp/post + domainname $domain # workaround for #613377 + cleanup-rinse + tarit +} + + +slc() { + + local arch=$1 + local vers=$2 + + check + setarch $arch + mkpost-slc $vers + $l32 rinse --directory $xtmp --distribution slc-$vers --arch $arch --before-post-install $xtmp/post + cleanup-rinse + tarit +} + + +debgeneric() { + + local DIST=$1 + shift + local mirror=$1 + shift + local arch=$1 + + dist=${DIST%%[0-9][0-9]} + local exc="EXCLUDE_$dist" + [ -n "${!exc}" ] && exc="--exclude=${!exc}" || unset exc + dist=${dist,,} + + check + if [ -n "$INCLUDE_DEBIAN" ]; then + local inc="--include=$INCLUDE_DEBIAN" + fi + + if [ -n "$arch" ]; then + qemu-debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror + target="${target}_${arch^^}" + else + if [[ $DIST =~ 64 ]]; then + arch=amd64 + else + arch=i386 + fi + debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror + fi + cleanup-deb + tarit +} + +prtdists() { + + echo "Available: + + CENTOS5_32 CENTOS5_64 + CENTOS6_32 CENTOS6_64 + CENTOS7_32 CENTOS7_64 + CENTOS8_64 + SLC5_32 SLC5_64 + SLC6_32 SLC6_64 + SLC7_64 + TRUSTY32 TRUSTY64 + XENIAL32 XENIAL64 + BIONIC64 + FOCAL64 + SQUEEZE32 SQUEEZE64 + WHEEZY32 WHEEZY64 + JESSIE32 JESSIE64 + STRETCH32 STRETCH64 + BUSTER32 BUSTER64 + BULLSEYE32 BULLSEYE64 + SID32 SID64 +" +} + +usage() { + + cat <&/dev/null && dpkg --print-architecture | tr a-z A-Z + +# determin if we are a DHCP client or not +# count the : chars in the argument of ip= +n="${ip//[^:]}" +if [[ $ip =~ ^(on|any|dhcp)$ ]]; then + echo DHCPC +elif [ ${#n} -lt 6 ]; then + echo DHCPC +fi + +exit 0 diff --git a/roles/fai/files/profiles/class/20-hwdetect.sh b/roles/fai/files/profiles/class/20-hwdetect.sh new file mode 100755 index 0000000..8ba48d4 --- /dev/null +++ b/roles/fai/files/profiles/class/20-hwdetect.sh @@ -0,0 +1,35 @@ +#! /bin/bash + +# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de + +# NOTE: Files named *.sh will be evaluated, but their output ignored. + +[ $do_init_tasks -eq 1 ] || return 0 # Do only execute when doing install + +echo 0 > /proc/sys/kernel/printk + +#kernelmodules= +# here, you can load modules depending on the kernel version +case $(uname -r) in + 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; + [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; +esac + +for mod in $kernelmodules; do + [ X$verbose = X1 ] && echo Loading kernel module $mod + modprobe -a $mod 1>/dev/null 2>&1 +done + +ip ad show up | egrep -iv 'loopback|127.0.0.1|::1/128|_lft' + +echo $printk > /proc/sys/kernel/printk + +odisklist=$disklist +set_disk_info # recalculate list of available disks +if [ "$disklist" != "$odisklist" ]; then + echo New disklist: $disklist + echo disklist=\"$disklist\" >> $LOGDIR/additional.var +fi + +save_dmesg # save new boot messages (from loading modules) + diff --git a/roles/fai/files/profiles/class/40-parse-profiles.sh b/roles/fai/files/profiles/class/40-parse-profiles.sh new file mode 100755 index 0000000..c80cf7a --- /dev/null +++ b/roles/fai/files/profiles/class/40-parse-profiles.sh @@ -0,0 +1,165 @@ +#! /bin/bash + +# parse *.profile and build a curses menu, so the user can select a profile +# +# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de +# Universitaet zu Koeln + +if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then + : +else + return 0 +fi + +[ "$flag_menu" ] || return 0 + +out=$(tty) +tempfile=`(tempfile) 2>/dev/null` +tempfile2=`(tempfile) 2>/dev/null` +trap "rm -f $tempfile $tempfile2" EXIT INT QUIT + +# declare the data structure, use associative arrays +declare -A arshort +declare -A ardesc +declare -A arlong +declare -A arclasses +declare -a list + + +parse_profile() { + + # read a profile and add all info to the data structure + + local short + local long + local desc + local name + local classes + local lflag=0 + + # disable word splitting when reading a line, this helps reading a keyword without a value + local OIF=$IFS + IFS= + + while read -r line || [[ -n $line ]]; do + + if [[ $line =~ "Name: " ]]; then + if [ -n "$long" ]; then + arlong[$name]="$long" + fi + short= + desc= + long= + classes= + lflag=0 + name=${line##Name: } + [ $debug ] && echo "XX NAME $name found" + list+=("$name") # add new item to list + continue + fi + + if [[ $line =~ "Description: " ]]; then + lflag=0 + desc=${line##Description: } + [ $debug ] && echo "XX $desc found" + ardesc[$name]="$desc" + continue + fi + + if [[ $line =~ "Short: " ]]; then + lflag=0 + short=${line##Short: } + [ $debug ] && echo "XX $short found" + arshort[$name]="$short" + continue + fi + + if [[ $line =~ "Classes: " ]]; then + lflag=0 + classes=${line##Classes: } + [ $debug ] && echo "XX classes found" + arclasses[$name]="$classes" + continue + fi + + if [[ $line =~ "Long: " ]]; then + lflag=1 + long=${line##Long: } + [ $debug ] && echo "XX long found" + + # else it's another long line + elif [ $lflag -eq 1 ]; then + long+="\n$line" + fi + + if [[ $line =~ "Default: " ]]; then + lflag=0 + default=${line##Default: } + continue + fi + + done < $1 + + if [ -n "$long" ]; then + arlong[$name]="$long" + fi + IFS=$OIF +} + +prtresult() { + + # set newclasses which is used by fai-class(1) + local res=$(<$tempfile) + echo "$BASH_SOURCE defined new classes: ${arclasses[$res]}" + newclasses="${arclasses[$res]}" +} + + +# read all files with name matching *.profile +_parsed=0 +shopt -s nullglob +for _f in *.profile; do + parse_profile $_f + _parsed=1 +done +unset _f + +# do nothing if no profile was read +if [ $_parsed -eq 0 ]; then + unset _parsed + return 0 +fi + +# create the argument list containing the menu entries +# and the help text file +for i in "${list[@]}"; do + par+=("$i") + par+=("${ardesc[${i}]}") + par+=("${arshort[${i}]}") + echo "Name: ${i}" >> $tempfile2 + echo -e ${arlong[${i}]} >> $tempfile2 + echo -e "Classes: " ${arclasses[${i}]} "\n" >> $tempfile2 +done +unset i + +while true; do + + dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \ + --default-item "$default" \ + --menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\ + 15 70 0 "${par[@]}" 2> $tempfile 1> $out + + _retval=$? + case $_retval in + 0) + prtresult + break ;; + 1) + echo "No profile selected." + break ;; + 2) + dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;; + esac + +done +unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line diff --git a/roles/fai/files/profiles/class/41-warning.sh b/roles/fai/files/profiles/class/41-warning.sh new file mode 100755 index 0000000..e9f9ec5 --- /dev/null +++ b/roles/fai/files/profiles/class/41-warning.sh @@ -0,0 +1,28 @@ +#! /bin/bash + +if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = X ]; then + : +else + return 0 +fi +if [ X$action = Xdirinstall ]; then + return 0 +fi + +grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 +[ "$flag_menu" ] || return 0 + +out=$(tty) +red=$(mktemp) +echo 'screen_color = (CYAN,RED,ON)' > $red + +DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \ + --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out + +# stop on any error, or if ESC was hit +if [ $? -ne 0 ]; then + task_error 999 +fi + +rm $red +unset red diff --git a/roles/fai/files/profiles/class/50-host-classes b/roles/fai/files/profiles/class/50-host-classes new file mode 100755 index 0000000..afa7a95 --- /dev/null +++ b/roles/fai/files/profiles/class/50-host-classes @@ -0,0 +1,32 @@ +#! /bin/bash + +# assign classes to hosts based on their hostname + +# do not use this if a menu will be presented +[ "$flag_menu" ] && exit 0 + +# use a list of classes for our demo machine +case $HOSTNAME in + faiserver) + echo "FAIBASE DEBIAN DEMO FAISERVER" ;; + demohost|client*) + echo "FAIBASE DEBIAN DEMO" ;; + xfcehost) + echo "FAIBASE DEBIAN DEMO XORG XFCE LVM";; + gnomehost) + echo "FAIBASE DEBIAN DEMO XORG GNOME";; + ubuntuhost) + echo "FAIBASE DEBIAN DEMO UBUNTU FOCAL FOCAL64 XORG";; + centos) + echo "FAIBASE CENTOS" # you may want to add class XORG here + ifclass AMD64 && echo CENTOS8_64 + ;; + slchost) + # Scientific Linux Cern, is very similar to CentOS. SLC should alsways use the class CENTOS + echo "FAIBASE CENTOS SLC" # you may want to add class XORG here + ifclass I386 && echo SLC7_32 + ifclass AMD64 && echo SLC7_64 + ;; + *) + echo "UBUNTU MINT DESKTOP" ;; +esac diff --git a/roles/fai/files/profiles/class/60-misc b/roles/fai/files/profiles/class/60-misc new file mode 100755 index 0000000..1c3b4fd --- /dev/null +++ b/roles/fai/files/profiles/class/60-misc @@ -0,0 +1,11 @@ +#! /bin/bash + +ifclass -o CENTOS SLC && exit 0 + +ifclass -o GRUB_PC GRUB_EFI && exit 0 + +if [ -d /sys/firmware/efi ]; then + echo GRUB_EFI +elif ifclass -o I386 AMD64 ; then + echo GRUB_PC +fi diff --git a/roles/fai/files/profiles/class/85-efi-classes b/roles/fai/files/profiles/class/85-efi-classes new file mode 100755 index 0000000..92d2547 --- /dev/null +++ b/roles/fai/files/profiles/class/85-efi-classes @@ -0,0 +1,19 @@ +#! /bin/bash + +# define classes for disk_config in an EFI enironment + +if [ ! -d /sys/firmware/efi ]; then + exit 0 +fi + +if ifclass FAIBASE; then + echo FAIBASE_EFI +elif ifclass FAISERVER; then + echo FAISERVER_EFI +elif ifclass LVM; then + echo LVM_EFI +elif ifclass XENIAL; then + echo XENIAL_EFI +elif ifclass UBUNTU; then + echo UBUNTU_EFI +fi diff --git a/roles/fai/files/profiles/class/CENTOS.var b/roles/fai/files/profiles/class/CENTOS.var new file mode 100644 index 0000000..1ec7250 --- /dev/null +++ b/roles/fai/files/profiles/class/CENTOS.var @@ -0,0 +1,9 @@ +CONSOLEFONT=lat9v-16 +KEYMAP=us +DEFAULTLOCALE=en_US.UTF-8 +SUPPORTEDLOCALE=en_US.UTF-8:en_US:en + +# if you install much software and have only few RAM, use the RAM disk +# not for var/cache/yum +#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum" +FAI_RAMDISKS="$target/var/lib/rpm" diff --git a/roles/fai/files/profiles/class/CLOUD.var b/roles/fai/files/profiles/class/CLOUD.var new file mode 100644 index 0000000..f4cb485 --- /dev/null +++ b/roles/fai/files/profiles/class/CLOUD.var @@ -0,0 +1 @@ +NIC1=eth0 diff --git a/roles/fai/files/profiles/class/DEBIAN.var b/roles/fai/files/profiles/class/DEBIAN.var new file mode 100644 index 0000000..144d32f --- /dev/null +++ b/roles/fai/files/profiles/class/DEBIAN.var @@ -0,0 +1,19 @@ +release=buster +apt_cdn=http://deb.debian.org +security_cdn=http://security.debian.org + +CONSOLEFONT= +KEYMAP=de-latin1 + +# MODULESLIST contains modules that will be loaded by the new system, +# not during installation these modules will be written to /etc/modules +# If you need a module during installation, add it to $kernelmodules +# in 20-hwdetect.sh. +MODULESLIST="usbhid psmouse" + +# if you have enough RAM (>2GB) you may want to enable this line. It +# also puts /var/cache into a ramdisk. +#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache" + +# if you want to use the faiserver as APT proxy +APTPROXY=http://faiserver:3142 diff --git a/roles/fai/files/profiles/class/FAIBASE.var b/roles/fai/files/profiles/class/FAIBASE.var new file mode 100644 index 0000000..a02d8bc --- /dev/null +++ b/roles/fai/files/profiles/class/FAIBASE.var @@ -0,0 +1,22 @@ +# default values for installation. You can override them in your *.var files + +# allow installation of packages from unsigned repositories +FAI_ALLOW_UNSIGNED=0 + +# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not. +UTC=yes +TIMEZONE=Europe/Berlin + +# the hash of the root password for the new installed linux system +# pw is "fai" +ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' + +# errors in tasks greater than this value will cause the installation to stop +STOP_ON_ERROR=700 + +# set parameter for install_packages(8) +MAXPACKAGES=800 + +# a user account will be created +username=demo +USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' diff --git a/roles/fai/files/profiles/class/GERMAN.var b/roles/fai/files/profiles/class/GERMAN.var new file mode 100644 index 0000000..8638a75 --- /dev/null +++ b/roles/fai/files/profiles/class/GERMAN.var @@ -0,0 +1,3 @@ +# german environment (for Debian) +KEYMAP=de-latin1-nodeadkeys + diff --git a/roles/fai/files/profiles/class/INSTALL.var b/roles/fai/files/profiles/class/INSTALL.var new file mode 100644 index 0000000..f0c4cbd --- /dev/null +++ b/roles/fai/files/profiles/class/INSTALL.var @@ -0,0 +1 @@ +FAI_ACTION=install diff --git a/roles/fai/files/profiles/class/INVENTORY.var b/roles/fai/files/profiles/class/INVENTORY.var new file mode 100644 index 0000000..6afe995 --- /dev/null +++ b/roles/fai/files/profiles/class/INVENTORY.var @@ -0,0 +1 @@ +FAI_ACTION=inventory diff --git a/roles/fai/files/profiles/class/SYSINFO.var b/roles/fai/files/profiles/class/SYSINFO.var new file mode 100644 index 0000000..617b88d --- /dev/null +++ b/roles/fai/files/profiles/class/SYSINFO.var @@ -0,0 +1 @@ +FAI_ACTION=sysinfo diff --git a/roles/fai/files/profiles/class/UBUNTU.var b/roles/fai/files/profiles/class/UBUNTU.var new file mode 100644 index 0000000..a258b6a --- /dev/null +++ b/roles/fai/files/profiles/class/UBUNTU.var @@ -0,0 +1,2 @@ +ubuntumirror=http://archive.ubuntu.com +ubuntudist=focal diff --git a/roles/fai/files/profiles/class/UBUNTU_DESKTOP.var b/roles/fai/files/profiles/class/UBUNTU_DESKTOP.var new file mode 100644 index 0000000..f9c1dc7 --- /dev/null +++ b/roles/fai/files/profiles/class/UBUNTU_DESKTOP.var @@ -0,0 +1,14 @@ +# set time +UTC=yes +TIMEZONE=Europe/Berlin + +# some install parameters +STOP_ON_ERROR=700 +MAXPACKAGES=800 + +# set root password +ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' + +# start user and password +username=demo +USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' diff --git a/roles/fai/files/profiles/class/menu.profile b/roles/fai/files/profiles/class/menu.profile new file mode 100644 index 0000000..d8398a7 --- /dev/null +++ b/roles/fai/files/profiles/class/menu.profile @@ -0,0 +1,72 @@ +Default: Ubuntu Desktop + +Name: Ubuntu Desktop +Description: Ubuntu Deskop +Short: Ubuntu Desktop +Long: Ubuntu 20.04 LTS (Focal Fossa) +Classes: INSTALL UBUNTU UBUNTU_DESKTOP + +Name: Ubuntu +Description: Ubuntu +Short: Ubuntu +Long: Ubuntu 20.04 LTS (Focal Fossa) +Classes: INSTALL UBUNTU + +Name: Minimalist debian +Description: Minimal debian installation +Short: Simple debian +Long: Simple debian without additional packages +Classes: DEBIAN + +Name: Debian Desktop with Cinnamon +Description: Xfce desktop, LVM partitioning +Short: A fancy Xfce desktop will be installed, the user account is demo +Long: This is the Xfce desktop example. Additional account called +demo with password: fai, root password: fai +All needed packages are already on the CD or USB stick. +Classes: INSTALL DEBIAN CINNAMON + +Name: Xfce +Description: Xfce desktop, LVM partitioning +Short: A fancy Xfce desktop will be installed, the user account is demo +Long: This is the Xfce desktop example. Additional account called +demo with password: fai, root password: fai +All needed packages are already on the CD or USB stick. +Classes: INSTALL FAIBASE DEBIAN DEMO XORG XFCE LVM + +Name: Gnome +Description: Gnome desktop installation +Short: A Gnome desktop, no LVM, You will get an account called demo +Long: This is the Gnome desktop example. Additional account called +demo with password: fai, root password: fai +You should have a fast network connection, because most packages are +downloaded from the internet. +Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME + +Name: CentOS 8 +Description: CentOS 8 with Xfce desktop +Short: A normal Xfce desktop, running CentOS 8 +Long: We use the Debian nfsroot for installing the CentOS 8 OS. +You should have a fast network connection, because most packages are +downloaded from the internet. +Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG + +Name: Ubuntu +Description: Ubuntu 20.04 desktop installation +Short: Unity desktop +Long: We use the Debian nfsroot for installing the Ubuntu OS. +You should have a fast network connection, because most packages are +downloaded from the internet. +Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG + +Name: Inventory +Description: Show hardware info +Short: Show some basic hardware infos +Long: Execute commands for showing hardware info +Classes: INVENTORY + +Name: Sysinfo +Description: Show defailed system information +Short: Show detailed hardware and system information +Long: Execute a lot of commands for collecting system information +Classes: SYSINFO diff --git a/roles/fai/files/profiles/debconf/CLOUD b/roles/fai/files/profiles/debconf/CLOUD new file mode 100644 index 0000000..e3614d6 --- /dev/null +++ b/roles/fai/files/profiles/debconf/CLOUD @@ -0,0 +1,2 @@ +# Linux command line: +grub-pc grub2/linux_cmdline_default string elevator=noop quiet diff --git a/roles/fai/files/profiles/debconf/DEBIAN b/roles/fai/files/profiles/debconf/DEBIAN new file mode 100644 index 0000000..9b23c87 --- /dev/null +++ b/roles/fai/files/profiles/debconf/DEBIAN @@ -0,0 +1,9 @@ +exim4-config exim4/dc_eximconfig_configtype select local delivery only; not on a network +locales locales/default_environment_locale select de_DE.UTF-8 +locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/xkb-keymap select us +keyboard-configuration keyboard-configuration/variant select Deutsch +keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC +keyboard-configuration keyboard-configuration/layoutcode string de +keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/roles/fai/files/profiles/debconf/GERMAN b/roles/fai/files/profiles/debconf/GERMAN new file mode 100644 index 0000000..cca0416 --- /dev/null +++ b/roles/fai/files/profiles/debconf/GERMAN @@ -0,0 +1,8 @@ +locales locales/default_environment_locale select de_DE.UTF-8 +locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/xkb-keymap select de +keyboard-configuration keyboard-configuration/variant select Germany +keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC +keyboard-configuration keyboard-configuration/layoutcode string de +keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP b/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP new file mode 100644 index 0000000..aea3fdf --- /dev/null +++ b/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP @@ -0,0 +1,261 @@ +dictionaries-common dictionaries-common/selecting_ispell_wordlist_default note +# Choices: Alle Locales, aa_DJ ISO-8859-1, aa_DJ.UTF-8 UTF-8, aa_ER UTF-8, aa_ER@saaho UTF-8, aa_ET UTF-8, af_ZA ISO-8859-1, af_ZA.UTF-8 UTF-8, agr_PE UTF-8, ak_GH UTF-8, am_ET UTF-8, an_ES ISO-8859-15, an_ES.UTF-8 UTF-8, anp_IN UTF-8, ar_AE ISO-8859-6, ar_AE.UTF-8 UTF-8, ar_BH ISO-8859-6, ar_BH.UTF-8 UTF-8, ar_DZ ISO-8859-6, ar_DZ.UTF-8 UTF-8, ar_EG ISO-8859-6, ar_EG.UTF-8 UTF-8, ar_IN UTF-8, ar_IQ ISO-8859-6, ar_IQ.UTF-8 UTF-8, ar_JO ISO-8859-6, ar_JO.UTF-8 UTF-8, ar_KW ISO-8859-6, ar_KW.UTF-8 UTF-8, ar_LB ISO-8859-6, ar_LB.UTF-8 UTF-8, ar_LY ISO-8859-6, ar_LY.UTF-8 UTF-8, ar_MA ISO-8859-6, ar_MA.UTF-8 UTF-8, ar_OM ISO-8859-6, ar_OM.UTF-8 UTF-8, ar_QA ISO-8859-6, ar_QA.UTF-8 UTF-8, ar_SA ISO-8859-6, ar_SA.UTF-8 UTF-8, ar_SD ISO-8859-6, ar_SD.UTF-8 UTF-8, ar_SS UTF-8, ar_SY ISO-8859-6, ar_SY.UTF-8 UTF-8, ar_TN ISO-8859-6, ar_TN.UTF-8 UTF-8, ar_YE ISO-8859-6, ar_YE.UTF-8 UTF-8, as_IN UTF-8, ast_ES ISO-8859-15, ast_ES.UTF-8 UTF-8, ayc_PE UTF-8, az_AZ UTF-8, az_IR UTF-8, be_BY CP1251, be_BY.UTF-8 UTF-8, be_BY@latin UTF-8, bem_ZM UTF-8, ber_DZ UTF-8, ber_MA UTF-8, bg_BG CP1251, bg_BG.UTF-8 UTF-8, bhb_IN.UTF-8 UTF-8, bho_IN UTF-8, bho_NP UTF-8, bi_VU UTF-8, bn_BD UTF-8, bn_IN UTF-8, bo_CN UTF-8, bo_IN UTF-8, br_FR ISO-8859-1, br_FR.UTF-8 UTF-8, br_FR@euro ISO-8859-15, brx_IN UTF-8, bs_BA ISO-8859-2, bs_BA.UTF-8 UTF-8, byn_ER UTF-8, ca_AD ISO-8859-15, ca_AD.UTF-8 UTF-8, ca_ES ISO-8859-1, ca_ES.UTF-8 UTF-8, ca_ES@euro ISO-8859-15, ca_ES@valencia UTF-8, ca_FR ISO-8859-15, ca_FR.UTF-8 UTF-8, ca_IT ISO-8859-15, ca_IT.UTF-8 UTF-8, ce_RU UTF-8, chr_US UTF-8, ckb_IQ UTF-8, cmn_TW UTF-8, crh_UA UTF-8, cs_CZ ISO-8859-2, cs_CZ.UTF-8 UTF-8, csb_PL UTF-8, cv_RU UTF-8, cy_GB ISO-8859-14, cy_GB.UTF-8 UTF-8, da_DK ISO-8859-1, da_DK.UTF-8 UTF-8, de_AT ISO-8859-1, de_AT.UTF-8 UTF-8, de_AT@euro ISO-8859-15, de_BE ISO-8859-1, de_BE.UTF-8 UTF-8, de_BE@euro ISO-8859-15, de_CH ISO-8859-1, de_CH.UTF-8 UTF-8, de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, de_IT ISO-8859-1, de_IT.UTF-8 UTF-8, de_LI.UTF-8 UTF-8, de_LU ISO-8859-1, de_LU.UTF-8 UTF-8, de_LU@euro ISO-8859-15, doi_IN UTF-8, dsb_DE UTF-8, dv_MV UTF-8, dz_BT UTF-8, el_CY ISO-8859-7, el_CY.UTF-8 UTF-8, el_GR ISO-8859-7, el_GR.UTF-8 UTF-8, el_GR@euro ISO-8859-7, en_AG UTF-8, en_AU ISO-8859-1, en_AU.UTF-8 UTF-8, en_BW ISO-8859-1, en_BW.UTF-8 UTF-8, en_CA ISO-8859-1, en_CA.UTF-8 UTF-8, en_DK ISO-8859-1, en_DK.ISO-8859-15 ISO-8859-15, en_DK.UTF-8 UTF-8, en_GB ISO-8859-1, en_GB.ISO-8859-15 ISO-8859-15, en_GB.UTF-8 UTF-8, en_HK ISO-8859-1, en_HK.UTF-8 UTF-8, en_IE ISO-8859-1, en_IE.UTF-8 UTF-8, en_IE@euro ISO-8859-15, en_IL UTF-8, en_IN UTF-8, en_NG UTF-8, en_NZ ISO-8859-1, en_NZ.UTF-8 UTF-8, en_PH ISO-8859-1, en_PH.UTF-8 UTF-8, en_SC.UTF-8 UTF-8, en_SG ISO-8859-1, en_SG.UTF-8 UTF-8, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8, en_ZA ISO-8859-1, en_ZA.UTF-8 UTF-8, en_ZM UTF-8, en_ZW ISO-8859-1, en_ZW.UTF-8 UTF-8, eo UTF-8, eo_US.UTF-8 UTF-8, es_AR ISO-8859-1, es_AR.UTF-8 UTF-8, es_BO ISO-8859-1, es_BO.UTF-8 UTF-8, es_CL ISO-8859-1, es_CL.UTF-8 UTF-8, es_CO ISO-8859-1, es_CO.UTF-8 UTF-8, es_CR ISO-8859-1, es_CR.UTF-8 UTF-8, es_CU UTF-8, es_DO ISO-8859-1, es_DO.UTF-8 UTF-8, es_EC ISO-8859-1, es_EC.UTF-8 UTF-8, es_ES ISO-8859-1, es_ES.UTF-8 UTF-8, es_ES@euro ISO-8859-15, es_GT ISO-8859-1, es_GT.UTF-8 UTF-8, es_HN ISO-8859-1, es_HN.UTF-8 UTF-8, es_MX ISO-8859-1, es_MX.UTF-8 UTF-8, es_NI ISO-8859-1, es_NI.UTF-8 UTF-8, es_PA ISO-8859-1, es_PA.UTF-8 UTF-8, es_PE ISO-8859-1, es_PE.UTF-8 UTF-8, es_PR ISO-8859-1, es_PR.UTF-8 UTF-8, es_PY ISO-8859-1, es_PY.UTF-8 UTF-8, es_SV ISO-8859-1, es_SV.UTF-8 UTF-8, es_US ISO-8859-1, es_US.UTF-8 UTF-8, es_UY ISO-8859-1, es_UY.UTF-8 UTF-8, es_VE ISO-8859-1, es_VE.UTF-8 UTF-8, et_EE ISO-8859-1, et_EE.ISO-8859-15 ISO-8859-15, et_EE.UTF-8 UTF-8, eu_ES ISO-8859-1, eu_ES.UTF-8 UTF-8, eu_ES@euro ISO-8859-15, eu_FR ISO-8859-1, eu_FR.UTF-8 UTF-8, eu_FR@euro ISO-8859-15, fa_IR UTF-8, ff_SN UTF-8, fi_FI ISO-8859-1, fi_FI.UTF-8 UTF-8, fi_FI@euro ISO-8859-15, fil_PH UTF-8, fo_FO ISO-8859-1, fo_FO.UTF-8 UTF-8, fr_BE ISO-8859-1, fr_BE.UTF-8 UTF-8, fr_BE@euro ISO-8859-15, fr_CA ISO-8859-1, fr_CA.UTF-8 UTF-8, fr_CH ISO-8859-1, fr_CH.UTF-8 UTF-8, fr_FR ISO-8859-1, fr_FR.UTF-8 UTF-8, fr_FR@euro ISO-8859-15, fr_LU ISO-8859-1, fr_LU.UTF-8 UTF-8, fr_LU@euro ISO-8859-15, fur_IT UTF-8, fy_DE UTF-8, fy_NL UTF-8, ga_IE ISO-8859-1, ga_IE.UTF-8 UTF-8, ga_IE@euro ISO-8859-15, gd_GB ISO-8859-15, gd_GB.UTF-8 UTF-8, gez_ER UTF-8, gez_ER@abegede UTF-8, gez_ET UTF-8, gez_ET@abegede UTF-8, gl_ES ISO-8859-1, gl_ES.UTF-8 UTF-8, gl_ES@euro ISO-8859-15, gu_IN UTF-8, gv_GB ISO-8859-1, gv_GB.UTF-8 UTF-8, ha_NG UTF-8, hak_TW UTF-8, he_IL ISO-8859-8, he_IL.UTF-8 UTF-8, hi_IN UTF-8, hif_FJ UTF-8, hne_IN UTF-8, hr_HR ISO-8859-2, hr_HR.UTF-8 UTF-8, hsb_DE ISO-8859-2, hsb_DE.UTF-8 UTF-8, ht_HT UTF-8, hu_HU ISO-8859-2, hu_HU.UTF-8 UTF-8, hy_AM UTF-8, hy_AM.ARMSCII-8 ARMSCII-8, ia_FR UTF-8, id_ID ISO-8859-1, id_ID.UTF-8 UTF-8, ig_NG UTF-8, ik_CA UTF-8, is_IS ISO-8859-1, is_IS.UTF-8 UTF-8, it_CH ISO-8859-1, it_CH.UTF-8 UTF-8, it_IT ISO-8859-1, it_IT.UTF-8 UTF-8, it_IT@euro ISO-8859-15, iu_CA UTF-8, ja_JP.EUC-JP EUC-JP, ja_JP.UTF-8 UTF-8, ka_GE GEORGIAN-PS, ka_GE.UTF-8 UTF-8, kab_DZ UTF-8, kk_KZ PT154, kk_KZ.RK1048 RK1048, kk_KZ.UTF-8 UTF-8, kl_GL ISO-8859-1, kl_GL.UTF-8 UTF-8, km_KH UTF-8, kn_IN UTF-8, ko_KR.EUC-KR EUC-KR, ko_KR.UTF-8 UTF-8, kok_IN UTF-8, ks_IN UTF-8, ks_IN@devanagari UTF-8, ku_TR ISO-8859-9, ku_TR.UTF-8 UTF-8, kw_GB ISO-8859-1, kw_GB.UTF-8 UTF-8, ky_KG UTF-8, lb_LU UTF-8, lg_UG ISO-8859-10, lg_UG.UTF-8 UTF-8, li_BE UTF-8, li_NL UTF-8, lij_IT UTF-8, ln_CD UTF-8, lo_LA UTF-8, lt_LT ISO-8859-13, lt_LT.UTF-8 UTF-8, lv_LV ISO-8859-13, lv_LV.UTF-8 UTF-8, lzh_TW UTF-8, mag_IN UTF-8, mai_IN UTF-8, mai_NP UTF-8, mfe_MU UTF-8, mg_MG ISO-8859-15, mg_MG.UTF-8 UTF-8, mhr_RU UTF-8, mi_NZ ISO-8859-13, mi_NZ.UTF-8 UTF-8, miq_NI UTF-8, mjw_IN UTF-8, mk_MK ISO-8859-5, mk_MK.UTF-8 UTF-8, ml_IN UTF-8, mn_MN UTF-8, mni_IN UTF-8, mnw_MM UTF-8, mr_IN UTF-8, ms_MY ISO-8859-1, ms_MY.UTF-8 UTF-8, mt_MT ISO-8859-3, mt_MT.UTF-8 UTF-8, my_MM UTF-8, nan_TW UTF-8, nan_TW@latin UTF-8, nb_NO ISO-8859-1, nb_NO.UTF-8 UTF-8, nds_DE UTF-8, nds_NL UTF-8, ne_NP UTF-8, nhn_MX UTF-8, niu_NU UTF-8, niu_NZ UTF-8, nl_AW UTF-8, nl_BE ISO-8859-1, nl_BE.UTF-8 UTF-8, nl_BE@euro ISO-8859-15, nl_NL ISO-8859-1, nl_NL.UTF-8 UTF-8, nl_NL@euro ISO-8859-15, nn_NO ISO-8859-1, nn_NO.UTF-8 UTF-8, nr_ZA UTF-8, nso_ZA UTF-8, oc_FR ISO-8859-1, oc_FR.UTF-8 UTF-8, om_ET UTF-8, om_KE ISO-8859-1, om_KE.UTF-8 UTF-8, or_IN UTF-8, os_RU UTF-8, pa_IN UTF-8, pa_PK UTF-8, pap_AW UTF-8, pap_CW UTF-8, pl_PL ISO-8859-2, pl_PL.UTF-8 UTF-8, ps_AF UTF-8, pt_BR ISO-8859-1, pt_BR.UTF-8 UTF-8, pt_PT ISO-8859-1, pt_PT.UTF-8 UTF-8, pt_PT@euro ISO-8859-15, quz_PE UTF-8, raj_IN UTF-8, ro_RO ISO-8859-2, ro_RO.UTF-8 UTF-8, ru_RU ISO-8859-5, ru_RU.CP1251 CP1251, ru_RU.KOI8-R KOI8-R, ru_RU.UTF-8 UTF-8, ru_UA KOI8-U, ru_UA.UTF-8 UTF-8, rw_RW UTF-8, sa_IN UTF-8, sah_RU UTF-8, sat_IN UTF-8, sc_IT UTF-8, sd_IN UTF-8, sd_IN@devanagari UTF-8, sd_PK UTF-8, se_NO UTF-8, sgs_LT UTF-8, shn_MM UTF-8, shs_CA UTF-8, si_LK UTF-8, sid_ET UTF-8, sk_SK ISO-8859-2, sk_SK.UTF-8 UTF-8, sl_SI ISO-8859-2, sl_SI.UTF-8 UTF-8, sm_WS UTF-8, so_DJ ISO-8859-1, so_DJ.UTF-8 UTF-8, so_ET UTF-8, so_KE ISO-8859-1, so_KE.UTF-8 UTF-8, so_SO ISO-8859-1, so_SO.UTF-8 UTF-8, sq_AL ISO-8859-1, sq_AL.UTF-8 UTF-8, sq_MK UTF-8, sr_ME UTF-8, sr_RS UTF-8, sr_RS@latin UTF-8, ss_ZA UTF-8, st_ZA ISO-8859-1, st_ZA.UTF-8 UTF-8, sv_FI ISO-8859-1, sv_FI.UTF-8 UTF-8, sv_FI@euro ISO-8859-15, sv_SE ISO-8859-1, sv_SE.ISO-8859-15 ISO-8859-15, sv_SE.UTF-8 UTF-8, sw_KE UTF-8, sw_TZ UTF-8, szl_PL UTF-8, ta_IN UTF-8, ta_LK UTF-8, tcy_IN.UTF-8 UTF-8, te_IN UTF-8, tg_TJ KOI8-T, tg_TJ.UTF-8 UTF-8, th_TH TIS-620, th_TH.UTF-8 UTF-8, the_NP UTF-8, ti_ER UTF-8, ti_ET UTF-8, tig_ER UTF-8, tk_TM UTF-8, tl_PH ISO-8859-1, tl_PH.UTF-8 UTF-8, tn_ZA UTF-8, to_TO UTF-8, tpi_PG UTF-8, tr_CY ISO-8859-9, tr_CY.UTF-8 UTF-8, tr_TR ISO-8859-9, tr_TR.UTF-8 UTF-8, ts_ZA UTF-8, tt_RU UTF-8, tt_RU@iqtelif UTF-8, ug_CN UTF-8, ug_CN@latin UTF-8, uk_UA KOI8-U, uk_UA.UTF-8 UTF-8, unm_US UTF-8, ur_IN UTF-8, ur_PK UTF-8, uz_UZ ISO-8859-1, uz_UZ.UTF-8 UTF-8, uz_UZ@cyrillic UTF-8, ve_ZA UTF-8, vi_VN UTF-8, wa_BE ISO-8859-1, wa_BE.UTF-8 UTF-8, wa_BE@euro ISO-8859-15, wae_CH UTF-8, wal_ET UTF-8, wo_SN UTF-8, xh_ZA ISO-8859-1, xh_ZA.UTF-8 UTF-8, yi_US CP1255, yi_US.UTF-8 UTF-8, yo_NG UTF-8, yue_HK UTF-8, yuw_PG UTF-8, zh_CN GB2312, zh_CN.GB18030 GB18030, zh_CN.GBK GBK, zh_CN.UTF-8 UTF-8, zh_HK BIG5-HKSCS, zh_HK.UTF-8 UTF-8, zh_SG GB2312, zh_SG.GBK GBK, zh_SG.UTF-8 UTF-8, zh_TW BIG5, zh_TW.EUC-TW EUC-TW, zh_TW.UTF-8 UTF-8, zu_ZA ISO-8859-1, zu_ZA.UTF-8 UTF-8 +locales locales/locales_to_be_generated multiselect +# Zeitzone: +# Choices: Abidjan, Accra, Addis Abeba, Algier, Asmara, Bamako, Bangui, Banjul, Bissau, Blantyre, Brazzaville, Bujumbura, Kairo, Casablanca, Ceuta, Conakry, Dakar, Dar es Salam, Dschibuti, Duala, El Ajun, Freetown, Gaborone, Harare, Johannesburg, Juba, Kampala, Khartum, Kigali, Kinshasa, Lagos, Libreville, Lomé, Luanda, Lubumbashi, Lusaka, Malabo, Maputo, Maseru, Mbabane, Mogadischu, Monrovia, Nairobi, Ndjamena, Niamey, Nouakchott, Ouagadougou, Porto-Novo, São Tomé, Timbuktu, Tripolis, Tunis, Windhoek +tzdata tzdata/Zones/Africa select +# Zusätzliche autorisierte Dienste: +ufw ufw/allow_custom_ports string +# Inkompatible PAM-Profile ausgewählt. +libpam-runtime libpam-runtime/conflicts error +# Dienste bei Paket-Upgrades ohne Rückfrage neu starten? +libc6 libraries/restart-without-asking boolean false +libc6:amd64 libraries/restart-without-asking boolean false +libpam0g:amd64 libraries/restart-without-asking boolean false +libssl1.1:amd64 libraries/restart-without-asking boolean false +# Standard-Befehlszeile für Linux: +grub-pc grub2/linux_cmdline_default string quiet splash +# Participate in the package usage survey? +popularity-contest popularity-contest/participate boolean false +# Methode zur Umschaltung zwischen nationalem und lateinischem Modus: +# Choices: Feststelltaste, Alt rechts (AltGr), Strg rechts, Umschalttaste rechts, Windows-Taste rechts, Menütaste, Alt+Umschalttaste, Strg+Umschalttaste, Strg+Alt, Alt+Feststelltaste, Strg links+Umschalttaste links, Alt links, Strg links, Umschalttaste links, Windows-Taste links, Rollen-Taste, Keine Umschaltung +keyboard-configuration keyboard-configuration/toggle select No toggling +# Möchten Sie man und mandb »setuid man« installieren? +man-db man-db/install-setuid boolean false +# Kernelversion wird nicht unterstützt +libc6 glibc/kernel-not-supported note +libc6:amd64 glibc/kernel-not-supported note +# Rechnername: +ssl-cert make-ssl-cert/hostname string localhost +console-setup console-setup/charmap47 select UTF-8 + +# TODO: set later +grub-pc grub-pc/install_devices multiselect /dev/disk/by-id/ata-VBOX_HARDDISK_VB71f9e682-3531daf0 + +console-setup console-setup/fontface47 select Fixed +# Zeitzone: +# Choices: Casey, Davis, DumontDUrville, Macquarieinsel, Mawson, McMurdo, Palmer, Rothera, Syowa, Troll, Vostok +tzdata tzdata/Zones/Antarctica select +console-setup console-setup/codesetcode string +# Aktuelle Optionen der Tastaturbelegung in der Konfigurationsdatei behalten? +keyboard-configuration keyboard-configuration/unsupported_config_options boolean true +# Standard-Standorteinstellung für die Systemumgebung: +# Choices: Keine, C.UTF-8, +locales locales/default_environment_locale select None +# Zeitzone: +# Choices: Adak, Anchorage, Anguilla, Antigua, Aracaju, Argentinien/Buenos Aires, Argentinien/Catamarca, Argentinien/Córdoba, Argentinien/Jujuy, Argentinien/La Rioja, Argentinien/Mendoza, Argentinien/Río Gallegos, Argentinien/Salta, Argentinien/San Juan, Argentinien/San Luis, Argentinien/Tucumán, Argentinien/Ushuaia, Aruba, Asunción, Atikokan, Atka, Bahia, Bahia Banderas, Barbados, Belém, Belize, Blanc-Sablon, Boa Vista, Bogotá, Boise, Cambridge Bay, Campo Grande, Cancún, Caracas, Cayenne, Kaiman, Chicago, Chihuahua, Coral Harbour, Costa Rica, Creston, Cuiabá, Curaçao, Danmarkshavn, Dawson, Dawson Creek, Denver, Detroit, Dominica, Edmonton, Eirunepe, El Salvador, Ensenada, Fort Nelson, Fortaleza, Glace Bay, Godthåb, Goose Bay, Grand Turk, Grenada, Guadeloupe, Guatemala, Guayaquil, Guyana, Halifax, Havana, Hermosillo, Indiana/Indianapolis, Indiana/Knox, Indiana/Marengo, Indiana/Petersburg, Indiana/Tell City, Indiana/Vevay, Indiana/Vincennes, Indiana/Winamac, Inuvik, Iqaluit, Jamaika, Juneau, Kentucky/Louisville, Kentucky/Monticello, Kralendijk, La Paz, Lima, Los Angeles, Lower Princes, Maceió, Managua, Manaus, Marigot, Martinique, Matamoros, Mazatlán, Menominee, Mérida, Metlakatla, Mexiko-Stadt, Miquelon, Moncton, Monterrey, Montevideo, Montreal, Montserrat, Nassau, New York, Nipigon, Nome, Noronha, North Dakota/Beulah, North Dakota/Zentral, North Dakota/New Salem, Nuuk, Ojinaga, Panama, Pangnirtung, Paramaribo, Phoenix, Port-au-Prince, Port of Spain, Porto Acre, Pôrto Velho, Puerto Rico, Punta Arenas, Rainy River, Rankin Inlet, Recife, Regina, Resolute, Rio Branco, Santa Isabel, Santarém, Santiago, Santo Domingo, São Paulo, Scoresbysund, Shiprock, Sitka, Saint-Barthélemy, St Johns, St Kitts, St Lucia, St Thomas, St Vincent, Swift Current, Tegucigalpa, Thule, Thunder Bay, Tijuana, Toronto, Tortola, Vancouver, Virgin, Whitehorse, Winnipeg, Yakutat, Yellowknife +tzdata tzdata/Zones/America select +grub-pc grub2/update_nvram boolean true +dictionaries-common dictionaries-common/invalid_debconf_value error +libpam0g:amd64 libpam0g/restart-services string +popularity-contest popularity-contest/submiturls string +console-setup console-setup/fontsize-text47 select 8x16 +iproute2 iproute2/setcaps boolean false +ucf ucf/conflicts_found error +keyboard-configuration keyboard-configuration/store_defaults_in_debconf_db boolean true +# Möchten Sie, dass CUPS unbekannte Druckaufträge unbearbeitet (raw) druckt? +cups cupsys/raw-print boolean true +grub-pc grub2/kfreebsd_cmdline string +grub-pc grub-pc/timeout string 0 +tzdata tzdata/Zones/Etc select UTC +tzdata tzdata/Zones/Australia select +base-passwd base-passwd/group-add boolean true +keyboard-configuration keyboard-configuration/layoutcode string de +gdm3 shared/default-x-display-manager select gdm3 +keyboard-configuration keyboard-configuration/xkb-keymap select +keyboard-configuration keyboard-configuration/modelcode string pc105 +tzdata tzdata/Zones/Arctic select +linux-base linux-base/removing-running-kernel boolean true +# Saned-Benutzer zu der Scanner-Gruppe hinzufügen? +sane-utils sane-utils/saned_scanner_group boolean true +# Möchten Sie das Upgrade von Glibc jetzt durchführen? +libc6 glibc/upgrade boolean true +libc6:amd64 glibc/upgrade boolean true +# Hide the GRUB timeout; for internal use +grub-pc grub-pc/hidden_timeout boolean true +# Choices: american (American English), british (British English), deutsch (New German), deutsch (Old German), deutsch (Swiss German), Manuelle Einrichtung von symbolischen Verweisen +dictionaries-common dictionaries-common/default-wordlist select deutsch (New German) +console-setup console-setup/codeset47 select Guess optimal character set +keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean false +grub-pc grub-pc/install_devices_disks_changed multiselect +libpam0g:amd64 libpam0g/restart-failed error +xserver-xorg-legacy xserver-xorg-legacy/xwrapper/allowed_users select Console Users Only +libpam-modules libpam-modules/disable-screensaver error +dash dash/sh boolean true +apparmor apparmor/homedirs string +libc6 glibc/restart-failed error +libc6:amd64 glibc/restart-failed error +grub-pc grub-pc/kopt_extracted boolean false +libpam-runtime libpam-runtime/profiles multiselect unix, systemd, gnome-keyring, capability +grub-pc grub-pc/chainload_from_menu.lst boolean true +grub-pc grub-pc/install_devices_failed_upgrade boolean true +keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout +printer-driver-pnm2ppa pnm2ppa/use_debconf boolean true +# for internal use +console-setup console-setup/store_defaults_in_debconf_db boolean true +# for internal use +console-setup console-setup/fontsize string 8x16 +# Methode zum vorübergehenden Wechseln zwischen nationaler und lateinischer Eingabe: +# Choices: Kein vorübergehender Wechsel, Beide Windows-Tasten, Alt rechts (AltGr), Windows-Taste rechts, Alt links, Windows-Taste links +keyboard-configuration keyboard-configuration/switch select No temporary switch +grub-pc grub-efi/install_devices multiselect +ubuntu-drivers-common ubuntu-drivers-common/obsolete-driver error +base-passwd base-passwd/group-change-gid boolean true +man-db man-db/auto-update boolean true +console-setup console-setup/fontsize-fb47 select 8x16 +ca-certificates ca-certificates/enable_crts multiselect mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/E-Tugra_Certification_Authority.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Taiwan_GRCA.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt +ucf ucf/changeprompt_threeway select keep_current +libpam-runtime libpam-runtime/override boolean false +dictionaries-common dictionaries-common/debconf_database_corruption error +tzdata tzdata/Areas select Etc +grub-pc grub-pc/install_devices_empty boolean false +tzdata tzdata/Zones/Indian select +# Zeitzone: +# Choices: AST4, AST4ADT, CST6, CST6CDT, EST5, EST5EDT, HST10, MST7, MST7MDT, PST8, PST8PDT, YST9, YST9YDT +tzdata tzdata/Zones/SystemV select +# Tastaturbelegung: +# Choices: German, German - German (dead acute), German - German (dead grave acute), German - German (dead tilde), German - German (Dvorak), German - German (Macintosh), German - German (Macintosh\, no dead keys), German - German (Neo 2), German - German (no dead keys), German - German (QWERTY), German - German (T3), German - German (with Sun dead keys), German - Lower Sorbian, German - Lower Sorbian (QWERTZ), German - Romanian (Germany), German - Romanian (Germany\, no dead keys), German - Russian (Germany\, phonetic), German - Turkish (Germany) +keyboard-configuration keyboard-configuration/variant select German +# for internal use +keyboard-configuration keyboard-configuration/variantcode string +# Compose-Taste: +# Choices: Keine Compose-Taste, Alt rechts (AltGr), Strg rechts, Windows-Taste rechts, Menütaste, Windows-Taste links, Feststelltaste +keyboard-configuration keyboard-configuration/compose select No compose key +# Xscreensaver und Xlockmore müssen vor dem Upgrade neu gestartet werden +libc6 glibc/disable-screensaver error +libc6:amd64 glibc/disable-screensaver error +# Zeitzone: +# Choices: Apia, Auckland, Bougainville, Chatham, Chuuk, Easter, Éfaté, Enderbury, Fakaofo, Fidschi, Funafuti, Galapagos, Gambier, Guadalcanal, Guam, Honolulu, Johnston, Kiritimati, Kosrae, Kwajalein, Majuro, Marquesas, Midway, Nauru, Niue, Norfolk, Nouméa, Pago Pago, Palau, Pitcairn, Pohnpei, Ponape, Port Moresby, Rarotonga, Saipan, Samoa, Tahiti, Tarawa, Tongatapu, Truk, Wake, Wallis, Yap +tzdata tzdata/Zones/Pacific select +# Jetzt die Umstellung auf GRUB 2 abschließen? +grub-pc grub-pc/mixed_legacy_and_grub2 boolean true +# Möchten Sie die Gruppe verschieben? +base-passwd base-passwd/group-move boolean true +# Soll der veraltete Verweis /etc/dictionary gelöscht werden? +dictionaries-common dictionaries-common/old_wordlist_link boolean true +# Ufw automatisch starten? +ufw ufw/enable boolean false +# Wollen Sie das GECOS des Benutzers ändern? +base-passwd base-passwd/user-change-gecos boolean true +# Standard-Papierformat für Ihr System: +# Choices: letter, A4, note, legal, executive, halfletter, halfexecutive, 11x17, statement, folio, quarto, 10x14, ledger, tabloid, A0, A1, A2, A3, A5, A6, A7, A8, A9, A10, B0, B1, B2, B3, B4, B5, C5, DL, Comm10, Monarch, archE, archD, archC, archB, archA, flsa, flse, csheet, dsheet, esheet +libpaper1 libpaper/defaultpaper select a4 +libpaper1:amd64 libpaper/defaultpaper select a4 +# Herkunftsland für die Tastatur: +# Choices: Afghani, Albanian, Amharic, Arabic, Arabic (Morocco), Arabic (Syria), Armenian, Azerbaijani, Bambara, Bangla, Belarusian, Belgian, Berber (Algeria\, Latin), Bosnian, Braille, Bulgarian, Burmese, Chinese, Croatian, Czech, Danish, Dhivehi, Dutch, Dzongkha, English (Australian), English (Cameroon), English (Ghana), English (Nigeria), English (South Africa), English (UK), English (US), Esperanto, Estonian, Faroese, Filipino, Finnish, French, French (Canada), French (Democratic Republic of the Congo), French (Guinea), French (Togo), Georgian, German, German (Austria), Greek, Hebrew, Hungarian, Icelandic, Indian, Indonesian (Arab Melayu\, phonetic), Indonesian (Javanese), Iraqi, Irish, Italian, Japanese, Japanese (PC-98), Kazakh, Khmer (Cambodia), Korean, Kyrgyz, Lao, Latvian, Lithuanian, Macedonian, Malay (Jawi\, Arabic Keyboard), Maltese, Maori, Moldavian, Mongolian, Montenegrin, Nepali, Norwegian, Persian, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Sinhala (phonetic), Slovak, Slovenian, Spanish, Spanish (Latin American), Swahili (Kenya), Swahili (Tanzania), Swedish, Switzerland, Taiwanese, Tajik, Thai, Tswana, Turkish, Turkmen, Ukrainian, Urdu (Pakistan), Uzbek, Vietnamese, Wolof +keyboard-configuration keyboard-configuration/layout select German +# Wünschen Sie systemweit lesbare Home-Verzeichnisse? +adduser adduser/homedir-permission boolean true +# Möchten Sie die GID des Benutzers ändern? +base-passwd base-passwd/user-change-gid boolean true +# Zu nutzende Schnittstellenoberfläche: +# Choices: Dialog, Readline, Gnome, Kde, Editor, Nicht-interaktiv +debconf debconf/frontend select Dialog +# for internal use +keyboard-configuration keyboard-configuration/optionscode string +# Inetd-Einträge deaktivieren? +update-inetd update-inetd/ask-disable-entries boolean false +# Wie wollen Sie mit der geänderten Konfigurationsdatei verfahren? +# Choices: Version des Paketbetreuers installieren, aktuell lokal installierte Version beibehalten, Unterschiede zwischen den Versionen anzeigen, Unterschiede zwischen den Versionen nebeneinander anzeigen, die Angelegenheit in einer neu gestarteten Shell untersuchen +ucf ucf/changeprompt select keep_current +# Detect keyboard layout? +keyboard-configuration console-setup/ask_detect boolean false +# Neuen Zertifikaten von Zertifizierungsstellen vertrauen? +# Choices: Ja, Nein, Fragen +ca-certificates ca-certificates/trust_new_crts select yes +# for internal use only +gdm3 gdm3/daemon_name string /usr/sbin/gdm3 +# Alternativ-Name(n): +ssl-cert make-ssl-cert/altname string +# Möchten Sie den Kompatibilitäts-Server für BSD lpd einrichten? +cups-bsd cups-bsd/setuplpd boolean false +# GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren? +grub-pc grub-pc/install_devices_failed boolean false +# Zu aktivierende neue Zertifikate: +# Choices: +ca-certificates ca-certificates/new_crts multiselect +# Neustarten einiger Dienste beim OpenSSL-Upgrade fehlgeschlagen +libssl1.1:amd64 libssl1.1/restart-failed error +# GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren? +grub-pc grub-efi/install_devices_failed boolean false +# Unterschiede zwischen den Versionen zeilenweise anzeigen +ucf ucf/show_diff note +# Inetd-Einträge entfernen? +update-inetd update-inetd/ask-remove-entries boolean false +# Soll lilo nach dem Upgrade automatisch ausgeführt werden (falls vorhanden)? +memtest86+ shared/memtest86-run-lilo boolean false +# TUN/TAP-Gerät anlegen? +openvpn openvpn/create_tun boolean false +# Bestehende Konfiguration gefunden +ufw ufw/existing_configuration error +# Probleme bei der Neuerstellung einer -Hash-Datei () +dictionaries-common dictionaries-common/ispell-autobuildhash-message note +# Zeitzone: +# Choices: Azoren, Bermuda, Kanaren, Kap Verde, Farör, Jan Mayen, Madeira, Reykjavík, South Georgia, St Helena, Stanley +tzdata tzdata/Zones/Atlantic select +# Möchten Sie das Home-Verzeichnis des Benutzers ändern? +base-passwd base-passwd/user-change-home boolean true +# Zeitzone: +# Choices: Amsterdam, Andorra, Astrachan, Athen, Belfast, Belgrad, Berlin, Bratislava, Brüssel, Bukarest, Budapest, Büsingen, Chisinau, Kopenhagen, Dublin, Gibraltar, Guernsey, Helsinki, Isle of Man, Istanbul, Jersey, Kaliningrad, Kiew, Kirow, Lissabon, Ljubljana, London, Luxemburg, Madrid, Malta, Mariehamn, Minsk, Monaco, Moskau, Nicosia, Oslo, Paris, Podgorica, Prag, Riga, Rom, Samara, San Marino, Sarajevo, Saratov, Simferopol, Skopje, Sofia, Stockholm, Tallinn, Tirana, Tiraspol, Uljanowsk, Uschhorod, Vaduz, Vatikan, Wien, Vilnius, Wolgograd, Warschau, Zagreb, Saporischschja, Zürich +tzdata tzdata/Zones/Europe select +# Möchten Sie den Benutzer entfernen? +base-passwd base-passwd/user-remove boolean true +# Aktiviere Saned als Einzel-Server? +sane-utils sane-utils/saned_run boolean false +# Mehrfache Einträge ignorieren und ohne Änderungen fortfahren? +update-inetd update-inetd/ask-several-entries boolean true +# Zeitzone: +# Choices: Aden, Almaty, Amman, Anadyr, Aqtau, Aqtöbe, Asgabat, Atyrau, Bagdad, Bahrain, Baku, Bangkok, Barnaul, Beirut, Bischkek, Brunei, Chita, Tschoibalsan, Chongqing, Colombo, Damaskus, Dhaka, Dili, Dubai, Duschanbe, Famagusta, Gasa, Harbin, Hebron, Ho-Chi-Minh-Stadt, Hong Kong, Chovd, Irkutsk, Istanbul, Jakarta, Jayapura, Jerusalem, Kabul, Kamtschatka, Karatschi, Kaschgar, Katmandu, Khandyga, Kolkata, Krasnojarsk, Kuala Lumpur, Kuching, Kuwait, Macao, Magadan, Ujung Pandang (Makassar), Manila, Maskat, Nicosia, Nowokusnezk, Novosibirsk, Omsk, Oral, Phnom Penh, Pontianak, Pjöngjang, Katar, Qostanay, Ksyl-Orda, Rangun, Riad, Sachalin, Samarkand, Seoul, Shanghai, Singapur, Srednekolymsk, Taipeh, Taschkent, Tiflis, Teheran, Tel Aviv, Thimphu, Tokio, Tomsk, Makassar, Ulan-Bator (Ulaanbaatar), Ürümqi, Ust-Nera, Vientiane, Wladiwostok, Jakutsk, Rangun, Jekaterinburg, Eriwan +tzdata tzdata/Zones/Asia select +# Aktualisierungen für Stable automatisch herunterladen und installieren? +unattended-upgrades unattended-upgrades/enable_auto_updates boolean true +# Voreingestellte Tastaturbelegung () beibehalten? +keyboard-configuration keyboard-configuration/unsupported_layout boolean true +# Möchten Sie die Gruppe entfernen? +base-passwd base-passwd/group-remove boolean true +# Backends für die Kommunikation mit dem Drucker: +# Choices: lpd, Socket, USB, SNMP, dnssd +cups cupsys/backend multiselect lpd, socket, usb, snmp, dnssd +# Möchten Sie den Benutzer hinzufügen? +base-passwd base-passwd/user-add boolean true +# Keyboard layout detection complete +keyboard-configuration console-setup/detected note +# Existierenden Eintrag belassen und ohne Änderungen fortfahren? +update-inetd update-inetd/ask-entry-present boolean true +# Wollen Sie die Shell des Benutzers ändern? +# Standard-Befehlszeile für kFreeBSD: + +printer-driver-pnm2ppa pnm2ppa/printer_model select 710 + +linux-sound-base linux-sound-base/sound_system select ALSA + +debconf debconf/priority select high + +base-passwd base-passwd/user-move boolean true +base-passwd base-passwd/user-change-shell boolean true + +libssl1.1:amd64 libssl1.1/restart-services string + +base-passwd base-passwd/user-change-uid boolean true + +grub-pc grub2/kfreebsd_cmdline_default string quiet splash +grub-pc grub2/no_efi_extra_removable boolean false +grub-pc grub-efi/install_devices_disks_changed multiselect + +keyboard-configuration keyboard-configuration/unsupported_config_layout boolean true +keyboard-configuration keyboard-configuration/unsupported_options boolean true +keyboard-configuration keyboard-configuration/model select Generic 105-key PC (intl.) + +xserver-xorg-legacy xserver-xorg-legacy/xwrapper/actual_allowed_users string console + +printer-driver-pnm2ppa pnm2ppa/create_magicfilter boolean false +grub-pc grub2/linux_cmdline string +libc6 glibc/restart-services string +libc6:amd64 glibc/restart-services string +tzdata tzdata/Zones/US select +dictionaries-common dictionaries-common/default-ispell select +keyboard-configuration console-setup/detect detect-keyboard +libpam-runtime libpam-runtime/no_profiles_chosen error +grub-pc grub-pc/postrm_purge_boot_grub boolean false +ssl-cert make-ssl-cert/vulnerable_prng note +grub-pc grub-efi/install_devices_empty boolean false diff --git a/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP2 b/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP2 new file mode 100644 index 0000000..85c0d49 --- /dev/null +++ b/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP2 @@ -0,0 +1,132 @@ +base-passwd base-passwd/group-add boolean true +base-passwd base-passwd/group-change-gid boolean true +base-passwd base-passwd/group-move boolean true +base-passwd base-passwd/group-remove boolean true +base-passwd base-passwd/user-add boolean true +base-passwd base-passwd/user-change-gecos boolean true +base-passwd base-passwd/user-change-gid boolean true +base-passwd base-passwd/user-change-home boolean true +base-passwd base-passwd/user-change-shell boolean true +base-passwd base-passwd/user-change-uid boolean true +base-passwd base-passwd/user-move boolean true +base-passwd base-passwd/user-remove boolean true + +ca-certificates ca-certificates/enable_crts multiselect mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/E-Tugra_Certification_Authority.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Taiwan_GRCA.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt +ca-certificates ca-certificates/new_crts multiselect +ca-certificates ca-certificates/trust_new_crts select yes + +console-setup console-setup/charmap47 select UTF-8 +console-setup console-setup/codeset47 select Guess optimal character set +console-setup console-setup/codesetcode string +console-setup console-setup/fontface47 select Fixed +console-setup console-setup/fontsize-fb47 select 8x16 +console-setup console-setup/fontsize string 8x16 +console-setup console-setup/fontsize-text47 select 8x16 +console-setup console-setup/store_defaults_in_debconf_db boolean true + +cups-bsd cups-bsd/setuplpd boolean false +cups cupsys/backend multiselect lpd, socket, usb, snmp, dnssd +cups cupsys/raw-print boolean true +dash dash/sh boolean true + +debconf debconf/frontend select Dialog +debconf debconf/priority select high + +dictionaries-common dictionaries-common/debconf_database_corruption error +dictionaries-common dictionaries-common/default-ispell select +dictionaries-common dictionaries-common/default-wordlist select deutsch (New German) +dictionaries-common dictionaries-common/invalid_debconf_value error +dictionaries-common dictionaries-common/ispell-autobuildhash-message note +dictionaries-common dictionaries-common/old_wordlist_link boolean true +dictionaries-common dictionaries-common/selecting_ispell_wordlist_default note + +gdm3 gdm3/daemon_name string /usr/sbin/gdm3 +gdm3 shared/default-x-display-manager select gdm3 + +grub-pc grub2/kfreebsd_cmdline_default string quiet splash +grub-pc grub2/linux_cmdline_default string quiet splash +grub-pc grub2/no_efi_extra_removable boolean false +grub-pc grub2/update_nvram boolean true +grub-pc grub-efi/install_devices_disks_changed multiselect +grub-pc grub-efi/install_devices_empty boolean false +grub-pc grub-efi/install_devices_failed boolean false +grub-pc grub-pc/chainload_from_menu.lst boolean true +grub-pc grub-pc/hidden_timeout boolean true +grub-pc grub-pc/install_devices_disks_changed multiselect +grub-pc grub-pc/install_devices_empty boolean false +grub-pc grub-pc/install_devices_failed boolean false +grub-pc grub-pc/install_devices_failed_upgrade boolean true +grub-pc grub-pc/install_devices multiselect /dev/disk/by-id/ata-VBOX_HARDDISK_VB71f9e682-3531daf0 +grub-pc grub-pc/kopt_extracted boolean false +grub-pc grub-pc/mixed_legacy_and_grub2 boolean true +grub-pc grub-pc/postrm_purge_boot_grub boolean false +grub-pc grub-pc/timeout string 0 + +keyboard-configuration console-setup/ask_detect boolean false +keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout +keyboard-configuration keyboard-configuration/compose select No compose key +keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean false +keyboard-configuration keyboard-configuration/layoutcode string de +keyboard-configuration keyboard-configuration/layout select German +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/model select Generic 105-key PC (intl.) +keyboard-configuration keyboard-configuration/store_defaults_in_debconf_db boolean true +keyboard-configuration keyboard-configuration/switch select No temporary switch +keyboard-configuration keyboard-configuration/toggle select No toggling +keyboard-configuration keyboard-configuration/unsupported_config_layout boolean true +keyboard-configuration keyboard-configuration/unsupported_config_options boolean true +keyboard-configuration keyboard-configuration/unsupported_layout boolean true +keyboard-configuration keyboard-configuration/unsupported_options boolean true +keyboard-configuration keyboard-configuration/variantcode string +keyboard-configuration keyboard-configuration/variant select German +keyboard-configuration keyboard-configuration/xkb-keymap select + +libc6:amd64 libraries/restart-without-asking boolean false +libc6 glibc/upgrade boolean true +libc6 libraries/restart-without-asking boolean false +libpam0g:amd64 libraries/restart-without-asking boolean false +libpam-runtime libpam-runtime/profiles multiselect unix, systemd, gnome-keyring, capability +libssl1.1:amd64 libraries/restart-without-asking boolean false +linux-base linux-base/removing-running-kernel boolean true + +linux-sound-base linux-sound-base/sound_system select ALSA + +locales locales/default_environment_locale select None + +man-db man-db/auto-update boolean true +man-db man-db/install-setuid boolean false + +memtest86+ shared/memtest86-run-lilo boolean false + +openvpn openvpn/create_tun boolean false + +popularity-contest popularity-contest/participate boolean false + +printer-driver-pnm2ppa pnm2ppa/create_magicfilter boolean false +printer-driver-pnm2ppa pnm2ppa/printer_model select 710 +printer-driver-pnm2ppa pnm2ppa/use_debconf boolean true + +sane-utils sane-utils/saned_run boolean false +sane-utils sane-utils/saned_scanner_group boolean true + +ssl-cert make-ssl-cert/hostname string localhost + +tzdata tzdata/Areas select Etc +tzdata tzdata/Zones/Etc select UTC + +ucf ucf/changeprompt select keep_current +ucf ucf/changeprompt_threeway select keep_current + +ufw ufw/enable boolean false +ufw ufw/existing_configuration error + +unattended-upgrades unattended-upgrades/enable_auto_updates boolean true + +update-inetd update-inetd/ask-disable-entries boolean false +update-inetd update-inetd/ask-entry-present boolean true +update-inetd update-inetd/ask-remove-entries boolean false +update-inetd update-inetd/ask-several-entries boolean true + +xserver-xorg-legacy xserver-xorg-legacy/xwrapper/actual_allowed_users string console +xserver-xorg-legacy xserver-xorg-legacy/xwrapper/allowed_users select Console Users Only + diff --git a/roles/fai/files/profiles/disk_config/CENTOS b/roles/fai/files/profiles/disk_config/CENTOS new file mode 100644 index 0000000..9c3c933 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/CENTOS @@ -0,0 +1,16 @@ +# example of new config file for setup-storage +# +# + +disk_config disk1 disklabel:msdos bootable:1 fstabkey:label + +# Note that the CentOS 5 version of GRUB cannot read from ext3 filesystems with inode_size > 128 +# CentOS 5.6 needs /boot as ext3, so we use ext3 for / + +#primary / 350 ext3 rw,noatime,errors=remount-ro createopts="-L ROOT -I 128" + +# use following line for CentOS 7 +primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT" + +logical swap 200-10G swap sw createopts="-L SWAP" +logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/CLOUD b/roles/fai/files/profiles/disk_config/CLOUD new file mode 100644 index 0000000..0b76001 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/CLOUD @@ -0,0 +1,7 @@ +# config for a disk image for a VM +# +# + +disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid align-at:1M + +primary / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAIBASE b/roles/fai/files/profiles/disk_config/FAIBASE new file mode 100644 index 0000000..0c66cbc --- /dev/null +++ b/roles/fai/files/profiles/disk_config/FAIBASE @@ -0,0 +1,9 @@ +# example of new config file for setup-storage +# +# + +disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid + +primary / 2G-50G ext4 rw,noatime,errors=remount-ro +logical swap 200-10G swap sw +logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAIBASE_EFI b/roles/fai/files/profiles/disk_config/FAIBASE_EFI new file mode 100644 index 0000000..8ff0e4b --- /dev/null +++ b/roles/fai/files/profiles/disk_config/FAIBASE_EFI @@ -0,0 +1,10 @@ +# example of new config file for setup-storage +# +# + +disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid + +primary /boot/efi 512M vfat rw +primary / 2G-50G ext4 rw,noatime,errors=remount-ro +primary swap 200-10G swap sw +primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAISERVER b/roles/fai/files/profiles/disk_config/FAISERVER new file mode 100644 index 0000000..29bf219 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/FAISERVER @@ -0,0 +1,11 @@ +# config file for an FAI install server +# +# + +disk_config disk1 disklabel:msdos fstabkey:uuid + +primary / 2G-15G ext4 rw,noatime,errors=remount-ro +logical swap 200-1000 swap sw +logical /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" +logical /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" +logical /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAISERVER_EFI b/roles/fai/files/profiles/disk_config/FAISERVER_EFI new file mode 100644 index 0000000..30adbe3 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/FAISERVER_EFI @@ -0,0 +1,12 @@ +# config file for an FAI install server +# +# + +disk_config disk1 disklabel:gpt fstabkey:uuid + +primary /boot/efi 512M vfat rw +primary / 2G-15G ext4 rw,noatime,errors=remount-ro +primary swap 200-1000 swap sw +primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" +primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" +primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/LVM b/roles/fai/files/profiles/disk_config/LVM new file mode 100644 index 0000000..868970a --- /dev/null +++ b/roles/fai/files/profiles/disk_config/LVM @@ -0,0 +1,15 @@ +# + +# entire disk with LVM, separate /home + +disk_config disk1 fstabkey:uuid align-at:1M + +primary /boot 200 ext2 rw,noatime +primary - 4G- - - + +disk_config lvm + +vg vg1 disk1.2 +vg1-root / 3G-50G ext4 noatime,rw +vg1-swap swap 200-4G swap sw +vg1-home /home 600- ext4 noatime,nosuid,nodev,rw diff --git a/roles/fai/files/profiles/disk_config/LVM_EFI b/roles/fai/files/profiles/disk_config/LVM_EFI new file mode 100644 index 0000000..b2609a5 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/LVM_EFI @@ -0,0 +1,16 @@ +# + +# entire disk with LVM, separate /home + +disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M + +primary /boot/efi 512M vfat rw +primary /boot 200 ext2 rw,noatime +primary - 4G- - - + +disk_config lvm + +vg vg1 disk1.3 +vg1-root / 3G-50G ext4 noatime,rw +vg1-swap swap 200-4G swap sw +vg1-home /home 600- ext4 noatime,nosuid,nodev,rw diff --git a/roles/fai/files/profiles/disk_config/UBUNTU_DESKTOP b/roles/fai/files/profiles/disk_config/UBUNTU_DESKTOP new file mode 100644 index 0000000..1e136e0 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/UBUNTU_DESKTOP @@ -0,0 +1,5 @@ +disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid + +primary / 2G-50G ext4 rw,noatime,errors=remount-ro +logical swap 200-10G swap sw +logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/UBUNTU_DESKTOP_EFI b/roles/fai/files/profiles/disk_config/UBUNTU_DESKTOP_EFI new file mode 100644 index 0000000..c95a40c --- /dev/null +++ b/roles/fai/files/profiles/disk_config/UBUNTU_DESKTOP_EFI @@ -0,0 +1,6 @@ +disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid + +primary /boot/efi 512M vfat rw +primary / 2G-50G ext4 rw,noatime,errors=remount-ro +primary swap 200-10G swap sw +primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/XENIAL b/roles/fai/files/profiles/disk_config/XENIAL new file mode 100644 index 0000000..22ab65c --- /dev/null +++ b/roles/fai/files/profiles/disk_config/XENIAL @@ -0,0 +1,12 @@ +# example of new config file for setup-storage +# +# + +# this is a copy of FAIBASE, but with metadata_csum disabled. +# Ubuntu XENIAL does not yet suport this option + +disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid + +primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum" +logical swap 200-1G swap sw +logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/XENIAL_EFI b/roles/fai/files/profiles/disk_config/XENIAL_EFI new file mode 100644 index 0000000..d72f130 --- /dev/null +++ b/roles/fai/files/profiles/disk_config/XENIAL_EFI @@ -0,0 +1,13 @@ +# example of new config file for setup-storage +# +# + +# this is a copy of FAIBASE, but with metadata_csum disabled. +# Ubuntu XENIAL does not yet suport this option + +disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid + +primary /boot/efi 512M vfat rw +primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum" +primary swap 200-1G swap sw +primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN b/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN new file mode 100644 index 0000000..deb7948 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN @@ -0,0 +1,5 @@ +DPkg { + Options { + "--force-confdef"; + } +}; diff --git a/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT b/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT new file mode 100644 index 0000000..e953293 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT @@ -0,0 +1,11 @@ +Package: * +Pin: origin live.linuxmint.com +Pin-Priority: 750 + +Package: * +Pin: release o=linuxmint,c=upstream +Pin-Priority: 700 + +Package: * +Pin: release o=Ubuntu +Pin-Priority: 500 diff --git a/roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP b/roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP new file mode 100644 index 0000000..e69de29 diff --git a/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME b/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME new file mode 100644 index 0000000..f016a99 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME @@ -0,0 +1,3 @@ +deb {%apt_cdn%}/debian {%release%} main +deb {%security_cdn%}/debian-security {%release%}/updates main +deb {%apt_cdn%}/debian {%release%}-updates main diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN new file mode 100644 index 0000000..d720a78 Binary files /dev/null and b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN differ diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA new file mode 100644 index 0000000..1327be6 Binary files /dev/null and b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA differ diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP new file mode 100644 index 0000000..184362a Binary files /dev/null and b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP differ diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU new file mode 100644 index 0000000..5efee28 Binary files /dev/null and b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU differ diff --git a/roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD b/roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD new file mode 100644 index 0000000..ad11d23 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD @@ -0,0 +1,6 @@ +# Disable systemd's network interface name management. +# References: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385 +# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ + +GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT net.ifnames=0" diff --git a/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER b/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER new file mode 100644 index 0000000..b0343cc --- /dev/null +++ b/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER @@ -0,0 +1,32 @@ +# dhcpd.conf for a fai installation server +# replace faiserver with the name of your install server + +ignore-client-uids on; +deny unknown-clients; +option dhcp-max-message-size 2048; +use-host-decl-names on; +#always-reply-rfc1048 on; + +subnet 192.168.33.0 netmask 255.255.255.0 { + option routers 192.168.33.1; + option domain-name "fai.example"; + option domain-name-servers 192.168.33.250; + option time-servers faiserver; +# option ntp-servers faiserver; + server-name faiserver; + next-server faiserver; + if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" { + filename "fai/pxelinux.0"; + } + if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007" { + filename "fai/syslinux.efi"; + } + allow unknown-clients; + pool { + range 192.168.33.100 192.168.33.150; + } +} + +# generate a lot of entries with: +# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet XXX:$_;fixed-address client%02s;}\n",$_,$_;}' +# then replace XXX with the hardware addresses of your clients diff --git a/roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER b/roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER new file mode 100644 index 0000000..4711cd1 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER @@ -0,0 +1,8 @@ +# See fai.conf(5) for detailed information. + +# Account for saving log files and calling fai-chboot. +LOGUSER=fai + +# URL to access the fai config space +# If undefined, use default nfs:///$FAI_CONFIGDIR +FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config diff --git a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER b/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER new file mode 100644 index 0000000..dfa5c1f --- /dev/null +++ b/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER @@ -0,0 +1,15 @@ +# For a detailed description see nfsroot.conf(5) + +# " " for debootstrap +FAI_DEBOOTSTRAP="buster http://deb.debian.org/debian" +FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' + +NFSROOT=/srv/fai/nfsroot +TFTPROOT=/srv/tftp/fai +NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/ +FAI_DEBOOTSTRAP_OPTS="--exclude=info" + +# Configuration space +FAI_CONFIGDIR=/srv/fai/config + +NFSROOT_ETC_HOSTS="192.168.33.250 faiserver" diff --git a/roles/fai/files/profiles/files/etc/motd/FAIBASE b/roles/fai/files/profiles/files/etc/motd/FAIBASE new file mode 100644 index 0000000..9f8fed3 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/motd/FAIBASE @@ -0,0 +1,4 @@ + + +Plan your installation, and FAI installs your plan. + diff --git a/roles/fai/files/profiles/files/etc/netplan/01-network-manager-all.yaml/UBUNTU_DESKTOP b/roles/fai/files/profiles/files/etc/netplan/01-network-manager-all.yaml/UBUNTU_DESKTOP new file mode 100644 index 0000000..770556e --- /dev/null +++ b/roles/fai/files/profiles/files/etc/netplan/01-network-manager-all.yaml/UBUNTU_DESKTOP @@ -0,0 +1,4 @@ +# NetworkManager should manage all NICs +network: + version: 2 + renderer: NetworkManager diff --git a/roles/fai/files/profiles/files/etc/rc.local/CLOUD b/roles/fai/files/profiles/files/etc/rc.local/CLOUD new file mode 100755 index 0000000..6c2a800 --- /dev/null +++ b/roles/fai/files/profiles/files/etc/rc.local/CLOUD @@ -0,0 +1,8 @@ +#! /bin/bash + +# regenerate ssh_host keys +ls /etc/ssh/ssh_host_* >/dev/null 2>&1 +if [ $? -ne 0 ]; then + dpkg-reconfigure -fnoninteractive openssh-server +fi +rm $0 diff --git a/roles/fai/files/profiles/files/etc/rc.local/FAISERVER b/roles/fai/files/profiles/files/etc/rc.local/FAISERVER new file mode 100755 index 0000000..80e51ce --- /dev/null +++ b/roles/fai/files/profiles/files/etc/rc.local/FAISERVER @@ -0,0 +1,102 @@ +#! /bin/bash + +# setup script that is only run once at boot time +# set up an FAI install server + +NORMAL='\E(B\E[m' +RED='\E[31m' +GREEN='\E[32m' + +set -o pipefail + +# setup network +nic=$(awk '/iface/ {print $2}' /etc/network/interfaces |egrep -v ^lo) +ifup $nic +# regenerate ssh_host keys +ls /etc/ssh/ssh_host_* > /dev/null +if [ $? -ne 0 ]; then + dpkg-reconfigure -fnoninteractive openssh-server +fi +sleep 8 +[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart + +echo "=================================" +echo "Setting up the FAI install server" +echo "This will take a few minutes" +echo "=================================" + +. /etc/fai/fai.conf +. /etc/fai/nfsroot.conf + +# copy the simple examples and pimp my config space +if [ ! -d "$FAI_CONFIGDIR/class" ]; then + mkdir -p $FAI_CONFIGDIR + cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR + ainsl /srv/fai/config/class/FAIBASE.var "^LOGUSER=fai" + myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1) + echo "APTPROXY=http://$myip:3142" >> /srv/fai/config/class/DEBIAN.var +fi +# set the LOGUSER, wo we get all the logs from our install clients +ainsl /etc/fai/fai.conf "^LOGUSER=fai" + +# make index, then import the packages from the CD mirror +apt-get update >/dev/null +curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null + +# setup the FAI server, including creating the nfsroot, use my own proxy +export APTPROXY="http://127.0.0.1:3142" +if [ -f /var/tmp/base.tar.xz ]; then + fai-setup -fvB /var/tmp/base.tar.xz > /var/log/fai/fai-setup.log 2>&1 +else + fai-setup -fv > /var/log/fai/fai-setup.log 2>&1 +fi +if [ $? -eq 0 ]; then + rm /var/tmp/base.tar.xz + echo "" + echo "================================================" + echo -e "Setting up the FAI server was ${GREEN}successful${NORMAL}" + echo "================================================" + echo "" + sleep 10 +else + echo "" + echo "==================================================" + echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!" + echo "Read /var/log/fai/fai-setup.log for more debugging" + echo "==================================================" + echo "" + sleep 10 + exit 99 +fi + +cat <> /srv/fai/nfsroot/etc/fai/fai.conf +# use short hostname instead of FQDN +export HOSTNAME=\${HOSTNAME%%.*} +echo \$HOSTNAME > /proc/sys/kernel/hostname +EOF + +# create default pxelinux boot configuration +fai-chboot -o default + +# create a template for booting the installation +fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config buster.tmpl + +# Since we do not know the MAC address, our DHCP cannot provide the hostname. +# Therefore we do explicitly set the hostname +fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=xfcehost xfcehost +fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=demohost demohost +for c in {01..10}; do + fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=client$c client$c +done + +fai-monitor > /var/log/fai/fai-monitor.log & + +# move me away +mv $0 /var/tmp + +# create new rc.local for next reboot +echo '#! /bin/bash' > /etc/rc.local +echo 'fai-monitor > /var/log/fai/fai-monitor.log &' >> /etc/rc.local +chmod a+rx /etc/rc.local + +exit 0 diff --git a/roles/fai/files/profiles/files/etc/selinux/config/CENTOS b/roles/fai/files/profiles/files/etc/selinux/config/CENTOS new file mode 100644 index 0000000..9878acb --- /dev/null +++ b/roles/fai/files/profiles/files/etc/selinux/config/CENTOS @@ -0,0 +1,12 @@ +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=disabled +# SELINUXTYPE= can take one of these two values: +# targeted - Only targeted network daemons are protected. +# strict - Full SELinux protection. +# mls - Multi Level Security protection. +SELINUXTYPE=targeted +# SETLOCALDEFS= Check local definition changes diff --git a/roles/fai/files/profiles/hooks/debconf.CENTOS b/roles/fai/files/profiles/hooks/debconf.CENTOS new file mode 100755 index 0000000..f98becd --- /dev/null +++ b/roles/fai/files/profiles/hooks/debconf.CENTOS @@ -0,0 +1,3 @@ +#! /bin/bash + +skiptask debconf diff --git a/roles/fai/files/profiles/hooks/debconf.IMAGE b/roles/fai/files/profiles/hooks/debconf.IMAGE new file mode 100755 index 0000000..c396636 --- /dev/null +++ b/roles/fai/files/profiles/hooks/debconf.IMAGE @@ -0,0 +1,45 @@ +#! /bin/bash + +# hook for installing a file system image (tar file) +# this works for Ubuntu 14.04 +# +# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de + + +# I use this tar command to create the image of an already running and configured machine +# tar -cf /tmp/IMAGE.tar --exclude /tmp/\* --exclude /run/\* --exclude /proc/\* --exclude /sys/\* --exclude /dev/\* / +# add --xattrs --selinux --acls if needed (for CentOS 7) +# Then copy this image to /srv/fai/config/basefiles/IMAGE.tar and make sure your client belongs to the class IMAGE + +skiptask extrbase debconf repository updatebase instsoft +skiptask configure # do not run the usual configure scripts + +# we assume, that the new host will get its hostname and IP via DHCP +# remove old hostname +fgrep -v 127.0.1.1 $target/etc/hosts >> /tmp/fai/hosts +mv /tmp/fai/hosts $target/etc/hosts +rm $target/etc/hostname + +#install grub +mount -t proc proc $FAI_ROOT/proc +mount -t sysfs sysfs $FAI_ROOT/sys +mount --bind /dev $FAI_ROOT/dev + +if [ -f $target/etc/debian_version ]; then + $ROOTCMD grub-install $BOOT_DEVICE + $ROOTCMD update-grub +fi +if [ -f $target/etc/centos-release ]; then + rm $target/etc/grub2/device.map + $FAI/scripts/CENTOS/40-install-grub + $FAI/scripts/CENTOS/30-mkinitrd + $ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot +fi + + +# things that may be adjusted: +# +# MAC address ?? (not needed for Ubuntu, it uses iftab(5) +# /etc/hosts may contain the IP and name of the original host +# /etc/hostname (for Ubuntu just remove it) +# /var/lib/NetworkManager/dhclient-eth0.conf? diff --git a/roles/fai/files/profiles/hooks/instsoft.DEBIAN b/roles/fai/files/profiles/hooks/instsoft.DEBIAN new file mode 100755 index 0000000..35ac306 --- /dev/null +++ b/roles/fai/files/profiles/hooks/instsoft.DEBIAN @@ -0,0 +1,25 @@ +#! /bin/bash + +# if package locales will be installed, then install it early, before +# other packages +if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then + exit 0 +fi + +fcopy -Bi /etc/apt/apt.conf.d/force_confdef +ainsl -a /etc/ucf.conf "^conf_force_conffold=YES" + +# in case the locales are already included inside the base file (Ubuntu) +if [ -f $target/usr/sbin/locale-gen ]; then + exit +fi + +# if we want to install locales, install them now +install_packages -l 2>/dev/null | egrep -q ' locales|locales ' +if [ $? -eq 0 ]; then + if [ X$verbose = X1 ]; then + $ROOTCMD apt-get -y install locales + else + $ROOTCMD apt-get -y install locales > /dev/null + fi +fi diff --git a/roles/fai/files/profiles/hooks/repository.CENTOS b/roles/fai/files/profiles/hooks/repository.CENTOS new file mode 100755 index 0000000..e78c0bb --- /dev/null +++ b/roles/fai/files/profiles/hooks/repository.CENTOS @@ -0,0 +1,31 @@ +#! /bin/bash + +# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +if [ $FAI_ACTION = "install" ]; then + mount -t proc proc $target/proc + mount -t sysfs sysfs $target/sys + [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab + + cat > $target/etc/sysconfig/network <<-EOF + NETWORKING=yes + HOSTNAME=$HOSTNAME.$DOMAIN + EOF + echo "127.0.0.1 localhost" > $target/etc/hosts + ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" + cp /etc/resolv.conf $target/etc +fi + +mkdir $target/dev/pts +mknod -m 000 $target/dev/pts/ptmx c 5 2 + +fcopy -riv /etc/yum.repos.d/ + +# disable the fastestmirror plugin +#sed -i -e 's/enabled=1/enabled=0/' $target/etc/yum/pluginconf.d/fastestmirror.conf + +skiptask repository + +exit $error diff --git a/roles/fai/files/profiles/hooks/savelog.LAST.sh b/roles/fai/files/profiles/hooks/savelog.LAST.sh new file mode 100755 index 0000000..e9081dc --- /dev/null +++ b/roles/fai/files/profiles/hooks/savelog.LAST.sh @@ -0,0 +1,223 @@ +#! /bin/bash + +# parse all log files for error messages +# print errors and warnings found to error.log +# WARNING: This will only work with english error messages! + +errfile=$LOGDIR/error.log + +# Define grep patterns. Do not start or end with an empty line! +globalerrorpatterns="error +fail +warn + bad +bad +no space +syntax +Couldn't stat +Cannot access + conflict +is bigger than the limit +did not exist +non existent +not found +couldn't +can't +E: Sorry, broken packages +^E: +operator expected +ambiguous redirect +No previous regular expression +No such +Device or resource busy +unknown option +[a-z]\+\.log:E: +No candidate version found +segfault +Couldn't find any package whose name or description matched +cannot create +The following packages have unmet dependencies" + +globalignorepatterns="[a-z]\+\.log:# +Error: Driver 'pcspkr' is already registered, aborting +: bytes packets errors dropped +:+ error=0 +:+ trap error= +task_error_func= +STOP_ON_ERROR= +courier-webadmin +plugins-bad +Enabling conf localized-error-pages +ibwebadmin +kernel-patch-badram +kolab-webadmin +kolabadmin +gstreamer.\+-plugins-really-bad +liberrors.so +liberrors-samba +libsamba-errors +gsambad +libad +libtest-nowarnings-perl +libtest-warn-perl +libclass-errorhandler-perl +zope-ploneerrorreporting +libroxen-errormessage +liberror-perl +perl-Error +libgpg-error-dev +libgpg-error0 +Opts:.\+errors=remount +[RT]X packets: +WARNING: unexpected IO-APIC +warned about = ( ) +daemon.warn +kern.warn +rw,errors= +Expect some cache +no error +failmsg +RPC call returned error 101 +deverror.out +(floppy), sector 0 +mount version older than kernel +Can't locate module +Warning only .\+MB will be used. +hostname: Host name lookup failure +I can't tell the difference. +warning, not much extra random data, consider using the -rand option +confC._FILE +Warning: 3 database(s) sources +were not found, (but were created) +removing exim +The home dir you specified already exists. +No Rule for /usr/lib/ispell/default.hash. +/usr/sbin/update-fonts-.\+: warning: absolute path +hostname: Unknown server error +EXT2-fs warning: checktime reached +RPC: sendmsg returned error 101 +can't print them to stdout. Define these classes +warning: downgrading +suppress emacs errors +echo Error: +Can't open dependencies file +documents in /usr/doc are no longer supported +if you have both a SCSI and an IDE CD-ROM +Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon +Monitoring disabled +Error: only one processor found. +Error Recovery Strategy: +sector 0 does not have an +syslogin_perform_logout: logout() returned an error +grub is not in an XFS filesystem. +grub-install: line 374: +grub-probe: error: Cannot open \`/boot/grub/device.map' +is harmless +not updating .\+ font directory data. +register_serial(): autoconfig failed +Fontconfig error: Cannot load default config file +asking for cache data failed +However, I can not read the target: +Warning: The partition table looks like it was made +task_error=0 +task_local_error=0 +^info: Trying to set +warning: /usr/lib/X11/fonts +can't read /etc/udev/rules.d/z25_persistent-net.rules +/cow': No such file or directory +Dummy start-stop-daemon called +X: bytes packets errors +ACPI Error +ACPI Warning +AE_NOT_FOUND +conflicts with ACPI region +cannot stat \`/etc/modprobe.d/\*.conf' +cdrom: open failed. +libgpg-error +process \`kudzu' used the deprecated sysctl system call +PM: Resume from disk failed +JBD: barrier-based sync failed +aufs: module is from the staging directory, the quality is unknown +warning: linuxlogo stop runlevel arguments (none) do not match +insserv: warning: script .\+ missing LSB tags and overrides +live-premount.\+ If this fails +cannot read table of mounted file systems +error: no alternatives for +ERST: Error Record Serialization Table (ERST) support is initialized +ERST: Table is not found +HEST: Table not found +failed to stat /dev/pts +Failed to connect to socket /var/run/dbus/system_bus_socket +fail to add MMCONFIG information +can't initialize iptables table +can't initialize ip6tables table +Authentication warning overridden +41-warning.sh +PCCT header not found +Download is performed unsandboxed as root as file +update-alternatives: warning: skip creation of +loop: module verification failed: signature +Warning: apt-key output should not be parsed +WARNING: Failed to connect to lvmetad. Falling back to device scanning +Warning: The home dir /var/lib/usbmux you specified +diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory +error reporting disabled +Enabling Firmware First mode for corrected errors +errors: 0 + 0 errors +Memory Error Correction: +Memory Controller 0 - Channel . Error +IIO RAS/Control Status/Global Errors +RAS: Correctable Errors collector initialized +__stack_chk_fail +grub.cfg.new: Directory nonexistent +can't derive routing for PCI INT A +failed to load isci/isci_firmware.bin +Direct firmware load for isci/isci_firmware.bin failed with error +Loading user firmware failed, using default values +stunnel4 you specified can't be accessed: No such file or directory +install-docs --verbose --check file_name' may give more details about the above errors +cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory +can't claim BAR +disabling ASPM +data block query control method not found +subprocess.py.\+RuntimeWarning: line buffering +Resource conflict.\+ found +update-rc.d: warning: start and stop actions are no longer supported" + +# add pattern on some conditions +if [ -n $FAI_ALLOW_UNSIGNED ] ; then + globalignorepatterns="$globalignorepatterns +WARNING: untrusted versions +WARNING: The following packages cannot be authenticated +Ignoring these trust violations" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Here you can define your own patterns. Put one pattern in a line, +# do not create empty lines. +myerrorpatterns="X_X-X_XX" +myignorepatterns="X_X-X_XX" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# The main routine +errorpatterns="$globalerrorpatterns +$myerrorpatterns" +ignorepatterns="$globalignorepatterns +$myignorepatterns" + +cd $LOGDIR || exit 3 +if [ -s $errfile ]; then + echo "Errorfile already exists. Aborting." >&2 + exit +fi + +grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile +if [ X$verbose = X1 ]; then + egrep -v '^software.log:' $errfile > $LOGDIR/tempfile + mv $LOGDIR/tempfile $errfile +fi + +if [ -s $errfile ]; then + echo "ERRORS found in log files. See $errfile" >&2 +else + echo "Congratulations! No errors found in log files." +fi diff --git a/roles/fai/files/profiles/hooks/setup.DEFAULT.sh b/roles/fai/files/profiles/hooks/setup.DEFAULT.sh new file mode 100755 index 0000000..00a1df2 --- /dev/null +++ b/roles/fai/files/profiles/hooks/setup.DEFAULT.sh @@ -0,0 +1,7 @@ +#! /bin/bash + +# use short hostname instead of FQDN +export HOSTNAME=${HOSTNAME%%.*} +if [ $do_init_tasks -eq 1 ]; then + echo $HOSTNAME > /proc/sys/kernel/hostname +fi diff --git a/roles/fai/files/profiles/hooks/updatebase.CENTOS b/roles/fai/files/profiles/hooks/updatebase.CENTOS new file mode 100755 index 0000000..dd418d8 --- /dev/null +++ b/roles/fai/files/profiles/hooks/updatebase.CENTOS @@ -0,0 +1,25 @@ +#! /bin/bash + +if [ ! -f $target/etc/resolv.conf ]; then + cp /etc/resolv.conf $target/etc +fi + +if [ X$verbose = X1 ]; then + echo "Updating base" + $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log +else + $ROOTCMD yum -y update >> $LOGDIR/software.log +fi + +$ROOTCMD systemd-machine-id-setup + +cat > $target/etc/sysconfig/kernel < $target/etc/apt/apt.conf.d/02proxy +else + rm -f $target/etc/apt/apt.conf.d/02proxy +fi + +echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io + +# you may want to add i386 arch to amd64 hosts +# if ifclass AMD64; then +# $ROOTCMD dpkg --add-architecture i386 +# fi diff --git a/roles/fai/files/profiles/hooks/updatebase.UBUNTU b/roles/fai/files/profiles/hooks/updatebase.UBUNTU new file mode 100755 index 0000000..2d1161c --- /dev/null +++ b/roles/fai/files/profiles/hooks/updatebase.UBUNTU @@ -0,0 +1,30 @@ +#! /bin/bash + +# use external mirror, remove this script when using a mirror from CD + +cat < $target/etc/apt/sources.list +# external mirror +deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse +deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse +deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse +EOM + + +# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html +# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has +# changed. There is a /var/lib/dpkg/info/locales.config file, which +# overrides /var/lib/dpkg/info/locales.postinst and consults +# /var/lib/locales/supported.d/local instead of the debconf system. (See +# the code in /usr/share/debconf/frontend that prefers locales.config.) This +# hook applies the debconf setting. It must run after FAI's debconf task +# but before dpkg gets a chance to clobber debconf with an empty setting. + +if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then + $ROOTCMD debconf --owner=locales sh -c ' + . /usr/share/debconf/confmodule + db_version 2.0 + db_get locales/locales_to_be_generated && + mkdir -p /var/lib/locales/supported.d && + echo "$RET" > /var/lib/locales/supported.d/local' && + $ROOTCMD dpkg-reconfigure locales +fi diff --git a/roles/fai/files/profiles/package_config/CENTOS b/roles/fai/files/profiles/package_config/CENTOS new file mode 100644 index 0000000..86b2c61 --- /dev/null +++ b/roles/fai/files/profiles/package_config/CENTOS @@ -0,0 +1,30 @@ +PACKAGES dnfgroup +core +minimal-environment +#server-product-environment +#headless-management + +PACKAGES dnfgroup XORG +graphical-server-environment +workstation-product-environment + +PACKAGES dnfi +NetworkManager +chrony +kernel +dracut +grub2-pc +# CentOS 7 +less +openssh +openssh-clients +openssh-server +vim-enhanced +man +curl +unzip +which +ncurses ncurses-base + +PACKAGES dnfi LVM +lvm2 diff --git a/roles/fai/files/profiles/package_config/CINNAMON b/roles/fai/files/profiles/package_config/CINNAMON new file mode 100644 index 0000000..d074217 --- /dev/null +++ b/roles/fai/files/profiles/package_config/CINNAMON @@ -0,0 +1,10 @@ +PACKAGES install DEBIAN +task-cinnamon-desktop +network-manager +network-manager-applet +network-manager-config-connectivity-debian +network-manager-gnome + +PACKAGES install UBUNTU +cinnamon-desktop-environment +network-manager diff --git a/roles/fai/files/profiles/package_config/DEBIAN b/roles/fai/files/profiles/package_config/DEBIAN new file mode 100644 index 0000000..3406534 --- /dev/null +++ b/roles/fai/files/profiles/package_config/DEBIAN @@ -0,0 +1,56 @@ +PACKAGES install-norec +apt-transport-https # is only needed for stretch +debconf-utils +file +less +linuxlogo +rsync +openssh-client openssh-server +time +procinfo +nullmailer +eject +locales +console-setup kbd +pciutils usbutils +unattended-upgrades + +PACKAGES install NONFREE +# you may want these non-free kernel drivers +firmware-bnx2 firmware-bnx2x firmware-realtek +firmware-linux-nonfree + +PACKAGES install I386 +linux-image-686-pae +memtest86+ + +PACKAGES install CHROOT +linux-image-686-pae- +linux-image-amd64- + +PACKAGES install AMD64 +linux-image-amd64 +memtest86+ + +PACKAGES install ARM64 +grub-efi-arm64 +linux-image-arm64 + +PACKAGES install GRUB_PC +grub-pc + +PACKAGES install GRUB_EFI +grub-efi + +PACKAGES install LVM +lvm2 + +PACKAGES install CLOUD +unattended-upgrades + +PACKAGE install-norec CINNAMON +task-cinnamon-desktop +task-desktop + +PACKAGE install-norec GERMAN +task-german diff --git a/roles/fai/files/profiles/package_config/DEBIAN.gpg b/roles/fai/files/profiles/package_config/DEBIAN.gpg new file mode 100644 index 0000000..0d5b7a9 Binary files /dev/null and b/roles/fai/files/profiles/package_config/DEBIAN.gpg differ diff --git a/roles/fai/files/profiles/package_config/FAISERVER b/roles/fai/files/profiles/package_config/FAISERVER new file mode 100644 index 0000000..25672c8 --- /dev/null +++ b/roles/fai/files/profiles/package_config/FAISERVER @@ -0,0 +1,13 @@ +PACKAGES install-norec +fai-quickstart + +debmirror tcpdump +xorriso grub-pc +lftp curl +netselect +syslinux-common pxelinux +apt-cacher-ng +nscd psmisc +bind9 dnsutils +iptables-persistent +zile diff --git a/roles/fai/files/profiles/package_config/GERMAN b/roles/fai/files/profiles/package_config/GERMAN new file mode 100644 index 0000000..a9731eb --- /dev/null +++ b/roles/fai/files/profiles/package_config/GERMAN @@ -0,0 +1,5 @@ +PACKAGES install +task-german + +PACKAGES install GNOME +firefox-esr-l10n-de thunderbird-l10n-de diff --git a/roles/fai/files/profiles/package_config/GNOME b/roles/fai/files/profiles/package_config/GNOME new file mode 100644 index 0000000..4ddd3a8 --- /dev/null +++ b/roles/fai/files/profiles/package_config/GNOME @@ -0,0 +1,9 @@ +PACKAGES install-norec + +firefox-esr +#thunderbird +menu gdm3 +gnome-core +gconf-editor +gnome-screensaver gnome-system-monitor gnome-system-tools +network-manager-gnome diff --git a/roles/fai/files/profiles/package_config/MINT b/roles/fai/files/profiles/package_config/MINT new file mode 100644 index 0000000..dcf41e8 --- /dev/null +++ b/roles/fai/files/profiles/package_config/MINT @@ -0,0 +1,7 @@ +PACKAGES install-norec DESKTOP +linuxmint-keyring +mint-info-cinnamon +mint-info +mint-meta-cinnamon +mint-meta-core +mint-meta-codecs diff --git a/roles/fai/files/profiles/package_config/STANDARD b/roles/fai/files/profiles/package_config/STANDARD new file mode 100644 index 0000000..bd1b64a --- /dev/null +++ b/roles/fai/files/profiles/package_config/STANDARD @@ -0,0 +1,34 @@ +PACKAGES install-norec + +# the list of standard packages, without any libs and a few packages removed +apt-listchanges +bash-completion +bind9-host +dbus +dnsutils +doc-debian +file +gettext-base +groff-base +hdparm +less +locales +lsof +man-db +manpages +mime-support +ncurses-term +netcat-traditional +openssh-client +pciutils +perl +python +python-minimal +python3 +python3-minimal +reportbug +telnet +traceroute +ucf +xz-utils +vim diff --git a/roles/fai/files/profiles/package_config/UBUNTU b/roles/fai/files/profiles/package_config/UBUNTU new file mode 100644 index 0000000..5ae44e8 --- /dev/null +++ b/roles/fai/files/profiles/package_config/UBUNTU @@ -0,0 +1,22 @@ +PACKAGES install I386 +python +python-minimal +linux-image-generic +memtest86+ + +PACKAGES install CHROOT +linux-image-generic- + +PACKAGES install AMD64 +linux-image-generic +memtest86+ + +PACKAGES install GRUB_PC +grub-pc + +PACKAGES install GRUB_EFI +grub-efi + +PACKAGES install +ubuntu-minimal +unattended-upgrades diff --git a/roles/fai/files/profiles/package_config/UBUNTU_DESKTOP b/roles/fai/files/profiles/package_config/UBUNTU_DESKTOP new file mode 100644 index 0000000..61f3f11 --- /dev/null +++ b/roles/fai/files/profiles/package_config/UBUNTU_DESKTOP @@ -0,0 +1,10 @@ +PACKAGES install-norec +ubuntu-desktop + +PACKAGES install-norec GERMAN +language-pack-gnome-de +thunderbird-locale-de +firefox-locale-de +libreoffice-l10n-de +libreoffice-help-de +gimp-help-de diff --git a/roles/fai/files/profiles/package_config/XFCE b/roles/fai/files/profiles/package_config/XFCE new file mode 100644 index 0000000..2e878d3 --- /dev/null +++ b/roles/fai/files/profiles/package_config/XFCE @@ -0,0 +1,6 @@ +PACKAGES install-norec +xfce4 # base system +xfce4-goodies # additional tools +lightdm +firefox-esr +network-manager-gnome diff --git a/roles/fai/files/profiles/package_config/XORG b/roles/fai/files/profiles/package_config/XORG new file mode 100644 index 0000000..2dd9d0b --- /dev/null +++ b/roles/fai/files/profiles/package_config/XORG @@ -0,0 +1,12 @@ +PACKAGES install-norec DEBIAN +xorg xserver-xorg-video-all xserver-xorg-input-all +fonts-freefont-ttf +xscreensaver +xscreensaver-gl +xterm +desktop-base + +PACKAGES install UBUNTU +ubuntu-server- +ubuntu-standard +ubuntu-desktop diff --git a/roles/fai/files/profiles/scripts/CENTOS/10-security b/roles/fai/files/profiles/scripts/CENTOS/10-security new file mode 100755 index 0000000..566c3f4 --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/10-security @@ -0,0 +1,14 @@ +#! /bin/bash + +# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net +# Thomas Lange, 2015-2020 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +$ROOTCMD usermod -p $ROOTPW root + +fcopy -v /etc/selinux/config +$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot +chmod a+rx $target + +exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd b/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd new file mode 100755 index 0000000..9ccbeba --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd @@ -0,0 +1,25 @@ +#! /bin/bash + +# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net +# (c) Thomas Lange, 2011, Uni Koeln + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +ainsl -v /etc/fstab "proc /proc proc defaults 0 0" +ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0" + +version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-` + + +if [ -f $target/etc/lvm/lvm.conf ]; then + sed -i -e 's/use_lvmetad = 1/use_lvmetad = 0/' $target/etc/lvm/lvm.conf + ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "' +fi + + +# add filesystem driver into initrd +ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+="ext4"' +$ROOTCMD dracut -v --kver $version --force + + +exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/40-install-grub b/roles/fai/files/profiles/scripts/CENTOS/40-install-grub new file mode 100755 index 0000000..45c6322 --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/40-install-grub @@ -0,0 +1,96 @@ +#! /bin/bash + +# (c) Michael Goetze, 2011, mgoetze@mgoetze.net +# (c) Thomas Lange 2014 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +if [ -r $LOGDIR/disk_var.sh ] ; then + . $LOGDIR/disk_var.sh +else + echo "disk_var.sh not found!" + exit 1 +fi + + +# CentOS 7 does not have a device.map file, so generate one +if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then + echo "# Generated by FAI" >> $target/boot/grub2/device.map + centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort) + dcount=0 + for d in $centosdisks; do + echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map + dcount=$((dcount + 1)) + done +fi + +bootdev=`device2grub $BOOT_DEVICE` +bootpart=`device2grub $BOOT_PARTITION` +version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-` + +if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then + bootdir='' +else + bootdir='/boot' +fi + +mount -o bind /dev $target/dev + + + +if [ -f $target/usr/sbin/grub2-install ]; then + + # CentOS 7 + $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE" + $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg +else + +$ROOTCMD grub-install --just-copy + +$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF + device $bootdev $BOOT_DEVICE + root $bootpart + setup $bootdev + quit + EOF + +ln -s ./menu.lst $target/boot/grub/grub.conf + +if [ -f $target/boot/grub/splash.xpm.gz ]; then + pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz" +else + pretty="color cyan/blue white/blue" +fi + +if [ -f $target/sbin/dracut -o -f $target/usr/sbin/dracut ]; then + # CentOS 6 + iname=initramfs +else + # CentOS 5 + iname=initrd +fi +title=`head -1 $target/etc/redhat-release` + +cat > $target/boot/grub/grub.conf <<-EOF + timeout 5 + default 0 + $pretty + hiddenmenu + + title $title + root $bootpart + kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro + initrd $bootdir/$iname-$version.img + EOF + +fi + +umount $target/dev + +echo "" +echo "Grub installed on $BOOT_DEVICE = $bootdev" +echo "Grub boot partition is $BOOT_PARTITION = $bootpart" +echo "Root partition is $ROOT_PARTITION" +echo "Boot kernel: $version" + +exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig b/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig new file mode 100755 index 0000000..0dd0f4e --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig @@ -0,0 +1,29 @@ +#! /bin/bash + +# (c) Michael Goetze, 2011, mgoetze@mgoetze.net + +error=0 ; trap "error=$((error|1))" ERR + +cat > $target/etc/sysconfig/clock <<-EOF + UTC=$UTC + ZONE=$TIMEZONE + EOF +cat > $target/etc/sysconfig/i18n <<-EOF + LANG="$DEFAULTLOCALE" + SUPPORTED="$SUPPORTEDLOCALE" + SYSFONT="$CONSOLEFONT" + EOF +cat > $target/etc/sysconfig/keyboard <<-EOF + KEYBOARDTYPE="pc" + KEYTABLE="$KEYMAP" + EOF + +if [ -f $target/usr/lib/locale/locale-archive.tmpl \ + -a ! -s $target/usr/lib/locale/locale-archive ]; then + mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive +fi + +fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard + +exit $error + diff --git a/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts b/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts new file mode 100755 index 0000000..2542b9e --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts @@ -0,0 +1,40 @@ +#! /bin/bash + +error=0 ; trap "error=$((error|1))" ERR + + +# determine predictable network names +fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" +for field in $fields; do + name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") + if [[ $name ]]; then + NIC1=$name + break + fi +done +if [[ ! $name ]]; then + echo "$0: error: could not find systemd predictable network name. Using $NIC1." +fi + + +if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then + cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF + # generated by FAI + TYPE=Ethernet + PROXY_METHOD=none + BOOTPROTO=dhcp + DEFROUTE=yes + BROWSER_ONLY=no + IP4_FAILURE_FATAL=no + IPV6INIT=no + IPV6_AUTOCONF=no + NAME=$NIC1 + DEVICE=$NIC1 + ONBOOT=yes + EOF +fi + +fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks +fcopy -ivr /etc/sysconfig/network-scripts + +exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/80-misc b/roles/fai/files/profiles/scripts/CENTOS/80-misc new file mode 100755 index 0000000..eff7f18 --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/80-misc @@ -0,0 +1,21 @@ +#! /bin/bash + +error=0 ; trap "error=$((error|1))" ERR + +# add a $username user account +if [ -n "$username" ]; then + if ! $ROOTCMD getent passwd $username ; then + $ROOTCMD adduser -c "$username user" $username + $ROOTCMD usermod -p "$USERPW" $username + fi +fi + +# enable graphical login screen, make run level 5 as default +if [ -f $target/usr/sbin/gdm ]; then + sed -i -e 's/id:3:initdefault:/id:5:initdefault:/' $target/etc/inittab + # do not run this tool + echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot +fi + +exit $error + diff --git a/roles/fai/files/profiles/scripts/CENTOS/90-cleanup b/roles/fai/files/profiles/scripts/CENTOS/90-cleanup new file mode 100755 index 0000000..2eadacd --- /dev/null +++ b/roles/fai/files/profiles/scripts/CENTOS/90-cleanup @@ -0,0 +1,3 @@ +#! /bin/bash + +$ROOTCMD yum clean all diff --git a/roles/fai/files/profiles/scripts/CLOUD/10-network b/roles/fai/files/profiles/scripts/CLOUD/10-network new file mode 100755 index 0000000..3406ccc --- /dev/null +++ b/roles/fai/files/profiles/scripts/CLOUD/10-network @@ -0,0 +1,11 @@ +#!/bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# Disable systemd's network interface name management. +# References: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385 +# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ + +fcopy -M /etc/default/grub.d/10_cloud_disable_net.ifnames.cfg +$ROOTCMD update-grub diff --git a/roles/fai/files/profiles/scripts/CLOUD/99-cleanup b/roles/fai/files/profiles/scripts/CLOUD/99-cleanup new file mode 100755 index 0000000..4580988 --- /dev/null +++ b/roles/fai/files/profiles/scripts/CLOUD/99-cleanup @@ -0,0 +1,27 @@ +#! /bin/bash + +fcopy /etc/init.d/expand-root +if [ -f $target/files/etc/init.d/expand-root ]; then + $ROOTCMD insserv --default expand-root +fi + +sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config +ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120' + +ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr' +ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy' + +rm -f $target/etc/resolv.conf \ + $target/etc/udev/rules.d/70-persistent-net.rules \ + $target/lib/udev/write_net_rules \ + $target/etc/mailname \ + $target/var/lib/dbus/machine-id + +> $target/etc/machine-id + +shred --remove $target/etc/ssh/ssh_host_* + +# FIXME: DHCP RFC3442 is used incorrect in Azure +if [ -f $target/etc/dhcp/dhclient.conf ]; then + sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf +fi diff --git a/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw b/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw new file mode 100755 index 0000000..8fdf4c8 --- /dev/null +++ b/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw @@ -0,0 +1,15 @@ +#! /bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# set root password +if [ -n "$ROOTPW" ]; then + $ROOTCMD usermod -p "$ROOTPW" root +else + $ROOTCMD usermod -L root + # enable sudo for user + ainsl /etc/sudoers "$username ALL = ALL" +fi + +exit $error + diff --git a/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities b/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities new file mode 100755 index 0000000..ea650fa --- /dev/null +++ b/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities @@ -0,0 +1,22 @@ +#!/bin/bash +# +# Capabilities get lost when creating the fai base.tar.xz image. +# Restore them here. +# + +set -e + +if [ ! -x $target/sbin/setcap ] ; then + exit 0 +fi + +for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do + if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then + if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then + echo "Setcap worked! $FILE is not suid!" + fi + fi +done +if [ -x $target/usr/bin/systemd-detect-virt ] ; then + $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt +fi diff --git a/roles/fai/files/profiles/scripts/DEBIAN/30-interface b/roles/fai/files/profiles/scripts/DEBIAN/30-interface new file mode 100755 index 0000000..bff6863 --- /dev/null +++ b/roles/fai/files/profiles/scripts/DEBIAN/30-interface @@ -0,0 +1,125 @@ +#! /bin/bash + +netplan_yaml() { + # network configuration using ubuntu's netplan.io + local IFNAME="$1" + local METHOD="$2" + echo "Generating netplan configuration for $IFNAME ($METHOD)" >&2 + echo "# generated by FAI" + echo "network:" + echo " version: 2" + echo " renderer: $RENDERER" + case "$RENDERER" in + networkd) + echo " ethernets:" + echo " $IFNAME:" + case "$METHOD" in + dhcp) + echo " dhcp4: true" + ;; + static) + echo " addresses: [$CIDR]" + echo " gateway4: $GATEWAYS_1" + echo " nameservers:" + echo " search: [$DOMAIN]" + echo " addresses: [${DNSSRVS// /, }]" + ;; + esac + esac +} + +iface_stanza() { + # classic network configuration using /etc/network/interfaces + local IFNAME="$1" + local METHOD="$2" + echo "Generating interface configuration for $IFNAME ($METHOD)" >&2 + echo "# generated by FAI" + echo "auto $IFNAME" + echo "iface $IFNAME inet $METHOD" + case "$METHOD" in + static) + echo " address $IPADDR" + echo " netmask $NETMASK" + echo " broadcast $BROADCAST" + echo " gateway $GATEWAYS" + ;; + esac +} + +newnicnames() { + + # determine predictable network names only for stretch and above + local name + + [ $do_init_tasks -eq 0 ] && return + [ -z "$NIC1" ] && return + ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev) + if dpkg --compare-versions $ver lt 220-7; then + return + fi + + + fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" + for field in $fields; do + name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") + if [[ $name ]]; then + NIC1=$name + return + fi + done + + # try to get altname net dev + name=$(ip link show $NIC1 | awk '/altname / { print $2 }') + if [[ $name ]]; then + NIC1=$name + return + else + echo "$0: error: could not find systemd predictable network name. Using $NIC1." + fi +} + +if [ -z "$NIC1" ]; then + echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces." +fi +CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}') +newnicnames + +case "$FAI_ACTION" in + install|dirinstall) + ifclass DHCPC && METHOD=dhcp || METHOD=static + ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd + + if [ -d $target/etc/netplan ]; then + # Ubuntu >= 17.10 with netplan.io + if [ -n "$NIC1" ]; then + netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml + fi + elif [ -d $target/etc/network/interfaces.d ]; then + # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04) + iface_stanza lo loopback > $target/etc/network/interfaces.d/lo + + if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then + iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1 + fi + else + ( + iface_stanza lo loopback + iface_stanza $NIC1 $METHOD + ) > $target/etc/network/interfaces + fi + + if ! ifclass DHCPC ; then + [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks + if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then + cp -p /etc/resolv.conf $target/etc + fi + fi + ;; +esac + +# here fcopy is mostly used, when installing a client for running in a +# different subnet than during the installation +fcopy -iM /etc/resolv.conf +fcopy -iM /etc/network/interfaces /etc/networks + +exit $error diff --git a/roles/fai/files/profiles/scripts/DEBIAN/40-misc b/roles/fai/files/profiles/scripts/DEBIAN/40-misc new file mode 100755 index 0000000..714be55 --- /dev/null +++ b/roles/fai/files/profiles/scripts/DEBIAN/40-misc @@ -0,0 +1,51 @@ +#! /bin/bash + +# (c) Thomas Lange, 2001-2016, lange@debian.org +# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# a list of modules which are loaded at boot time +for module in $MODULESLIST; do + ainsl -a /etc/modules "^$module$" +done + +fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname +ainsl -a /etc/mailname ${HOSTNAME} +if [ ! -e $target/etc/adjtime ]; then + printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime +fi +if [ "$UTC" = "yes" ]; then + sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime +else + sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime +fi + +# enable linuxlogo +if [ -f $target/etc/inittab ]; then + sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab +elif [ -f $target/lib/systemd/system/getty@.service ]; then + sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service +fi + +# make sure a machine-id exists +if [ ! -f $target/etc/machine-id ]; then + > $target/etc/machine-id +fi +# recreate machine-id if the file is empty +if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)" = X0 -a -f $target/bin/systemd-machine-id-setup ]; then + $ROOTCMD systemd-machine-id-setup +fi + +ln -fs /proc/mounts $target/etc/mtab + +rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io + +if [ -d /etc/fai ]; then + if ! fcopy -Mv /etc/fai/fai.conf; then + ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC" + fi +fi +fcopy -iv /etc/rc.local + +exit $error diff --git a/roles/fai/files/profiles/scripts/FAIBASE/10-misc b/roles/fai/files/profiles/scripts/FAIBASE/10-misc new file mode 100755 index 0000000..7a0599d --- /dev/null +++ b/roles/fai/files/profiles/scripts/FAIBASE/10-misc @@ -0,0 +1,37 @@ +#! /bin/bash + +# (c) Thomas Lange, 2001-2012, lange@debian.org + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +echo $TIMEZONE > $target/etc/timezone +if [ -L $target/etc/localtime ]; then + ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +else + cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +fi + +if [ -f $target/etc/hosts.orig ]; then + mv $target/etc/hosts.orig $target/etc/hosts +fi +if [ -n "$IPADDR" ]; then + ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" +else + ifclass DHCPC && ainsl -s /etc/hosts "127.0.0.1 $HOSTNAME" +fi +fcopy -iM /etc/hosts /etc/motd + +# make /root accessible only by root +chmod -c 0700 $target/root +chown -c root:root $target/root +# copy default dotfiles for root account +fcopy -ir /root + +# use tmpfs for /tmp if not defined in disk_config +if ! grep -Pq '\s/tmp\s' $target/etc/fstab; then + ainsl /etc/fstab "tmpfs /tmp tmpfs nodev,nosuid,size=50%,mode=1777 0 0" +fi +chmod -c 1777 ${target}/tmp +chown -c 0:0 ${target}/tmp + +exit $error diff --git a/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media b/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media new file mode 100755 index 0000000..8ba10d9 --- /dev/null +++ b/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media @@ -0,0 +1,25 @@ +#! /bin/bash + +# (c) Thomas Lange, 2006,2009, lange@debian.org +# create entries for removable media in fstab and directories in /media + +cdromlist() { + [ -f /proc/sys/dev/cdrom/info ] || return + devs=$(grep 'drive name:' /proc/sys/dev/cdrom/info | cut -d ":" -f 2) + for d in $devs; do + echo $d + done +} + +fstabline () { + line=$(printf "%-15s %-15s %-7s %-15s %-7s %s\n" "$1" "$2" "$3" "$4" "$5" "$6") + ainsl /etc/fstab "$line" +} + +i=0 +for cdrom in $(cdromlist | tac); do + [ $i -eq 0 ] && ln -sfn cdrom0 $target/media/cdrom + mkdir -p $target/media/cdrom$i + fstabline /dev/$cdrom /media/cdrom$i udf,iso9660 ro,user,noauto 0 0 + i=$(($i + 1)) +done diff --git a/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles b/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles new file mode 100755 index 0000000..578255f --- /dev/null +++ b/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles @@ -0,0 +1,47 @@ +#! /bin/bash + +fcopy -BvrS /etc/fai +fcopy -BvS /etc/dhcp/dhcpd.conf + +if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then + + # use the same sources.list for the server itself and the clients + cp -a $target/etc/fai/apt $target/etc/ + + if ifclass DHCPC; then + rm -f $target/etc/resolv.conf + else + echo 127.0.0.1 > $target/etc/resolv.conf + fi + + # faiserver uses its own apt cache + ainsl -av /etc/apt/apt.conf.d/02proxy 'Acquire::http::Proxy "http://127.0.0.1:3142";' + + # create some host entries + myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1) + ainsl /etc/hosts "$myip faiserver" # that's me + ainsl /etc/hosts "192.168.33.100 demohost" + ainsl /etc/hosts "192.168.33.101 xfcehost" + # add entries for 10 hosts called client 01 .. 10 + perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts + + sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf + ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0" + + # copy base file for faster building of nfsroot + if [ -f /var/tmp/base.tar.xz ]; then + cp -p /var/tmp/base.tar.xz $target/var/tmp + fi + + if [ -d /media/mirror/pool ]; then + mkdir $target/var/cache/apt-cacher-ng/_import + cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import + $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/_import + fi + + # copy basefiles from CD to config space + if [ -d $FAI/basefiles ]; then + mkdir -p $target/srv/fai/config/basefiles + cp -vp $FAI/basefiles/*.tar.* $target/srv/fai/config/basefiles 2>/dev/null || true + fi +fi diff --git a/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup b/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup new file mode 100755 index 0000000..f586ba1 --- /dev/null +++ b/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup @@ -0,0 +1,68 @@ +#! /bin/bash +# support for GRUB version 2 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# This script assumes that the disk has a GPT partition table and +# that the extended system partition (ESP) is mounted on /boot/efi. +# When building a disk image, we don't change the NVRAM to point at +# the boot image we made available, because the disk image is likely +# not installed on the current system. As a result, we force +# installation into the removable media paths as well as the standard +# debian path. + +set -a + +# do not set up grub during dirinstall +if [ "$FAI_ACTION" = "dirinstall" ] ; then + exit 0 +fi +# during softupdate use this file +[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh + +if [ -z "$BOOT_DEVICE" ]; then + exit 189 +fi + +# disable os-prober because of #788062 +ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' + +# skip the rest, if not an initial installation +if [ $FAI_ACTION != "install" ]; then + $ROOTCMD update-grub + exit $error +fi + +GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) + +# handle /boot in lvm-on-md +_bdev=$(readlink -f $BOOT_DEVICE) +if [ "${_bdev%%-*}" = "/dev/dm" ]; then + BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) +fi + +# Check if RAID is used for the boot device +if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then + raiddev=${BOOT_DEVICE#/dev/} + # install grub on all members of RAID + for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do + echo Install grub on /dev/$device + $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" + done + +elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then + # do not update vmram when using a loop device + $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE + if [ $? -eq 0 ]; then + echo "Grub installed on hostdisk $BOOT_DEVICE" + fi + +else + $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT" + if [ $? -eq 0 ]; then + echo "Grub installed on $BOOT_DEVICE = $GROOT" + fi +fi +$ROOTCMD update-grub + +exit $error diff --git a/roles/fai/files/profiles/scripts/GRUB_PC/10-setup b/roles/fai/files/profiles/scripts/GRUB_PC/10-setup new file mode 100755 index 0000000..5563275 --- /dev/null +++ b/roles/fai/files/profiles/scripts/GRUB_PC/10-setup @@ -0,0 +1,52 @@ +#! /bin/bash +# support for GRUB version 2 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +set -a + +# do not set up grub during dirinstall +if [ "$FAI_ACTION" = "dirinstall" ] ; then + exit 0 +fi +# during softupdate use this file +[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh + +if [ -z "$BOOT_DEVICE" ]; then + exit 189 +fi + +# disable os-prober because of #788062 +ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' + +# skip the rest, if not an initial installation +if [ $FAI_ACTION != "install" ]; then + $ROOTCMD update-grub + exit $error +fi + +GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) + +# handle /boot in lvm-on-md +_bdev=$(readlink -f $BOOT_DEVICE) +if [ "${_bdev%%-*}" = "/dev/dm" ]; then + BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) +fi + +# Check if RAID is used for the boot device +if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then + raiddev=${BOOT_DEVICE#/dev/} + # install grub on all members of RAID + for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do + echo Install grub on /dev/$device + $ROOTCMD grub-install --no-floppy "/dev/$device" + done +else + $ROOTCMD grub-install --no-floppy "$GROOT" + if [ $? -eq 0 ]; then + echo "Grub installed on $BOOT_DEVICE = $GROOT" + fi +fi +$ROOTCMD update-grub + +exit $error diff --git a/roles/fai/files/profiles/scripts/LAST/50-misc b/roles/fai/files/profiles/scripts/LAST/50-misc new file mode 100755 index 0000000..5b34f7b --- /dev/null +++ b/roles/fai/files/profiles/scripts/LAST/50-misc @@ -0,0 +1,103 @@ +#! /bin/bash + +# copyright Thomas Lange 2001-2016, lange@debian.org + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then + : +else + # check if mdadm has been forgotten + if grep -q active /proc/mdstat 2>/dev/null; then + if [ ! -d $target/etc/mdadm ]; then + echo ERROR: Found Software RAID, but the mdadm package was not installed + error=1 + fi + fi + + usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l) + if [ $usedm -ne 0 ]; then + if [ ! -d $target/etc/lvm ]; then + echo ERROR: Found lvm devices, but the lvm2 package was not installed + error=1 + fi + fi +fi + +# remove backup files from cfengine, but only if cfengine is installed +if [ -x /usr/sbin/cfagent ] || [ -x $target/usr/sbin/cfagent ] ; then + dirs="root etc var" + for path in $dirs; do + find $target/$path -maxdepth 20 -name \*.cfedited -o -name \*.cfsaved | xargs -r rm + done +fi + +[ "$FAI_DEBMIRROR" ] && + ainsl /etc/fstab "#$FAI_DEBMIRROR $MNTPOINT nfs ro 0 0" + +# set bios clock +if [ $do_init_tasks -eq 1 ] ; then + case "$UTC" in + no|"") hwopt="--localtime" ;; + yes) hwopt="--utc" ;; + esac + hwclock $hwopt --systohc || true +fi + +# Make sure everything is configured properly +if ifclass DEBIAN ; then + $ROOTCMD apt-get -f install -y +fi + +if [ $FAI_ACTION = "install" ]; then + lskernels=$(echo $target/boot/vmlinu*) + if [ ! -f ${lskernels%% *} ]; then + echo "ERROR: No kernel was installed. Have a look at shell.log" >&2 + error=1 + fi +fi + +# copy sources.list +fcopy -iSM /etc/apt/sources.list + + +setrel() { + + # if release is not set, try to determine it + + if [ -n "$release" ]; then + return + fi + if [ ! -f $target/etc/os-release ]; then + return + fi + + dists="jessie stretch buster bullseye bookworm focal bionic xenial trusty" + for d in $dists; do + if grep -iq $d $target/etc/os-release; then + release=$d + break + fi + done +} + +# if installation was done from CD, replace useless sources.list +setrel +if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then + grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat < $target/etc/apt/sources.list +deb $apt_cdn/debian $release main contrib non-free +deb $apt_cdn/debian-security $release/updates main contrib non-free +#deb [trusted=yes] http://fai-project.org/download $release koeln +EOF + # if the package fai-server was installed, enable the project's repository + if [ -f $target/var/lib/dpkg/info/fai-server.list ]; then + sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list + fi +fi + +# for ARM architecture, we may need the kernel and initrd to boot or flash the device +if ifclass ARM64; then + cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR +fi + +exit $error diff --git a/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw b/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw new file mode 100755 index 0000000..8fdf4c8 --- /dev/null +++ b/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw @@ -0,0 +1,15 @@ +#! /bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# set root password +if [ -n "$ROOTPW" ]; then + $ROOTCMD usermod -p "$ROOTPW" root +else + $ROOTCMD usermod -L root + # enable sudo for user + ainsl /etc/sudoers "$username ALL = ALL" +fi + +exit $error + diff --git a/roles/fai/files/profiles/scripts/UBUNTU/11-user b/roles/fai/files/profiles/scripts/UBUNTU/11-user new file mode 100755 index 0000000..cc15920 --- /dev/null +++ b/roles/fai/files/profiles/scripts/UBUNTU/11-user @@ -0,0 +1,15 @@ +#! /bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +groups="adm cdrom sudo dip plugdev lpadmin sambashare lxd" + +# add additional user account +if [ -n "$username" ]; then + $ROOTCMD adduser --disabled-login --gecos "$username user" $username + $ROOTCMD usermod -p "$USERPW" $username + + for g in $groups; do + $ROOTCMD adduser $username $g + done +fi diff --git a/roles/fai/files/profiles/scripts/UBUNTU/90-apt b/roles/fai/files/profiles/scripts/UBUNTU/90-apt new file mode 100755 index 0000000..4da7029 --- /dev/null +++ b/roles/fai/files/profiles/scripts/UBUNTU/90-apt @@ -0,0 +1,11 @@ +#! /bin/bash + +# check if we already use an external mirror +grep -q "external mirror" $target/etc/apt/sources.list && exit 0 + +cat < $target/etc/apt/sources.list +# external mirror +deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse +deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse +deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse +EOM diff --git a/roles/fai/files/profiles/scripts/UBUNTU/91-misc b/roles/fai/files/profiles/scripts/UBUNTU/91-misc new file mode 100755 index 0000000..0d1d6d8 --- /dev/null +++ b/roles/fai/files/profiles/scripts/UBUNTU/91-misc @@ -0,0 +1,7 @@ +#! /bin/bash + +# disable the first login screen +$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-first-login.desktop +$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop +$ROOTCMD deluser --system gnome-initial-setup +$ROOTCMD dpkg-reconfigure keyboard-configuration diff --git a/roles/fai/files/profiles/scripts/UBUNTU/99-network b/roles/fai/files/profiles/scripts/UBUNTU/99-network new file mode 100755 index 0000000..fc3f512 --- /dev/null +++ b/roles/fai/files/profiles/scripts/UBUNTU/99-network @@ -0,0 +1,6 @@ +#!/bin/bash + +# allow configure NICs globally over network manager +$ROOTCMD touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf +# enable resolved +$ROOTCMD systemctl enable systemd-resolved diff --git a/roles/fai/files/profiles/tests/FAIBASE_TEST b/roles/fai/files/profiles/tests/FAIBASE_TEST new file mode 100755 index 0000000..79bfab2 --- /dev/null +++ b/roles/fai/files/profiles/tests/FAIBASE_TEST @@ -0,0 +1,44 @@ +#! /usr/bin/perl + +use strict; +use warnings; +use Faitest; +package FAITEST; + +setup_test(); +# - - - - - - - - - - - - - - - - - - - - - - - - - - +# now comes the test itself + +my $dev = &getDevByMount("/target/home"); +&checkE2fsAttribute($dev,"Filesystem volume name","home"); +&checkE2fsAttribute($dev,"Maximum mount count","-1"); +&checkE2fsAttribute($dev,"Check interval","0 ()"); + +exit printresult(); +# - - - - - - - - - - - - - - - - - - - - - - - - - - +__END__ + +=head1 NAME + +FAIBASE_TEST - regression test for setup-storage disk layout FAIBASE + +=head1 SYNOPSIS + +FAIBASE_TEST checks some important aspects of setup-storage. The +disk_config/FAIBASE tunes some filesystem parameters upon creation. We +check only the last partition since we expect prior errors to make +creation of the last partition fail. + + Options: + -help simple help + -verbose=n increase verbosity of test script + +=head1 OPTIONS + +=over 8 + +=item B<-help> +simple help + +=item B<-verbose> +increase verbosity of test script diff --git a/roles/fai/files/profiles/tests/Faitest.pm b/roles/fai/files/profiles/tests/Faitest.pm new file mode 100644 index 0000000..022b407 --- /dev/null +++ b/roles/fai/files/profiles/tests/Faitest.pm @@ -0,0 +1,96 @@ +#! /usr/bin/perl + +# Subroutines for automatic tests +# +# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de +# Based on the first version by Sebastian Hetze, 08/2008 + +package FAITEST; + +my $errors = 0; + +use strict; +use Getopt::Long; +use Pod::Usage; +# - - - - - - - - - - - - - - - - - - - - - - - - - - +sub setup_test { + + my $verbose = 0; + my $help = 0; + my $man = 0; + $verbose = $ENV{'debug'} if $ENV{'debug'}; + + my $result = GetOptions ( + "verbose=i" => \$verbose, + "help" => \$help, + "man" => \$man, + + ); + + pod2usage(1) if $help; + pod2usage(-exitstatus => 0, -verbose => 2) if $man; + + open(LOGFILE,">> $ENV{LOGDIR}/test.log") || die "Can't open test.log. $!"; + print LOGFILE "------------ Test $0 starting ------------\n"; +} + +sub printresult { + + # write test result and set next test + my ($nexttest) = @_; + + if ($errors > 0) { + print STDERR "\n===> $0 FAILED with $errors errors\n"; + print LOGFILE "\n===> $0 FAILED with $errors errors\n"; + } else { + print STDERR "\n===> $0 PASSED successfully\n"; + print LOGFILE "\n===> $0 PASSED successfully\n"; + print LOGFILE "NEXTTEST=$nexttest\n" if $nexttest; + } + close (LOGFILE); + return $errors; +} + +sub getDevByMount { + + my $mount = shift; + my $dev = qx#mount|grep $mount|cut -d' ' -f1#; + chomp $dev; + return $dev +} + +sub checkMdStat { + + my ($device, $expected) = @_; + my ($value) = qx#grep -i "^$device\\b" /proc/mdstat# =~ m/$device\s*:\s*(.*)/i; + + if ($value eq $expected) { + print LOGFILE "Check raid $device success\n"; + return 0; + } else { + print LOGFILE "Check raid $device FAILED.\n Expect <$expected>\n Found <$value>\n"; + $errors++; + return 1; + } +} + +sub checkE2fsAttribute { + + my ($device, $attribute, $expected) = @_; + + # since attribute is a space separated list of attributes, IMO we must loop over + # the list. Ask Sebastian again + my ($value) = qx#tune2fs -l $device |grep -i "$attribute"# =~ m/$attribute:\s+(.*)/i; + + if ($value eq $expected) { + print LOGFILE "Check $attribute for $device success\n"; + return 0; + } else { + print LOGFILE "Check $attribute for $device FAILED.\n Expect <$expected>\n Found <$value>\n"; + + $errors++; + return 1; + } +} + +1; diff --git a/roles/fai/handlers/main.yml b/roles/fai/handlers/main.yml new file mode 100644 index 0000000..84c1001 --- /dev/null +++ b/roles/fai/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for fai \ No newline at end of file diff --git a/roles/fai/meta/main.yml b/roles/fai/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/roles/fai/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml new file mode 100644 index 0000000..581038d --- /dev/null +++ b/roles/fai/tasks/apt-cacher-ng.yml @@ -0,0 +1,5 @@ +- apt: + name: apt-cacher-ng + state: present + +- diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml new file mode 100644 index 0000000..459ecd7 --- /dev/null +++ b/roles/fai/tasks/fai-configure.yml @@ -0,0 +1,30 @@ +- name: setup repos for fai + copy: + dest: /etc/fai/apt/sources.list + mode: 0644 + owner: root + group: root + content: | + deb http://deb.debian.org/debian buster main contrib non-free + deb http://deb.debian.org/debian-security buster/updates main contrib non-free + deb http://deb.debian.org/debian buster-backports main contrib non-free + + # fai automated install + deb http://fai-project.org/download buster koeln + + # linux mint + deb http://packages.linuxmint.com main upstream import backport romeo + tags: + - fai + - apt + +- name: set loguser + copy: + dest: /etc/fai/fai.conf + mode: 0644 + owner: root + group: root + content: | + LOGUSER=root + tags: + - fai diff --git a/roles/fai/tasks/fai-finish.yml b/roles/fai/tasks/fai-finish.yml new file mode 100644 index 0000000..b1e24a7 --- /dev/null +++ b/roles/fai/tasks/fai-finish.yml @@ -0,0 +1,5 @@ +- name: pack fai configuration + shell: tar -C /srv/fai/config -cf /srv/fai/config.tar . + when: fai_profiles.changed + + diff --git a/roles/fai/tasks/fai-install.yml b/roles/fai/tasks/fai-install.yml new file mode 100644 index 0000000..2504137 --- /dev/null +++ b/roles/fai/tasks/fai-install.yml @@ -0,0 +1,3 @@ +- apt: + name: fai-server + state: present diff --git a/roles/fai/tasks/fai-prepare.yml b/roles/fai/tasks/fai-prepare.yml new file mode 100644 index 0000000..7d85844 --- /dev/null +++ b/roles/fai/tasks/fai-prepare.yml @@ -0,0 +1,17 @@ +- name: trust fai key + apt_key: + id: B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4 + url: https://fai-project.org/download/2BF8D9FE074BCDE4.asc + state: present + tags: + - apt + - fai + +- name: add fai repo + apt_repository: + repo: deb http://fai-project.org/download buster koeln + state: present + tags: + - apt + - fai + diff --git a/roles/fai/tasks/fai-profile.yml b/roles/fai/tasks/fai-profile.yml new file mode 100644 index 0000000..7901654 --- /dev/null +++ b/roles/fai/tasks/fai-profile.yml @@ -0,0 +1,8 @@ +- name: copy profile + synchronize: + src: profiles/ + dest: /srv/fai/config/ + mode: push + delete: yes + recursive: yes + register: fai_profiles diff --git a/roles/fai/tasks/fai-pxe-ipxe.yml b/roles/fai/tasks/fai-pxe-ipxe.yml new file mode 100644 index 0000000..6557c8c --- /dev/null +++ b/roles/fai/tasks/fai-pxe-ipxe.yml @@ -0,0 +1,98 @@ +- name: install ipxe + package: + name: ipxe + state: present + tags: + - pxe + - bios + - efi + - ipxe + +- name: copy ipxe + copy: + src: "{{ item }}" + dest: /srv/tftp/ + remote_src: yes + with_items: + - /usr/lib/ipxe/ipxe.efi + - /usr/lib/ipxe/ipxe.pxe + tags: + - pxe + - ipxe + - bios + - efi + +- name: write ipxe menu + copy: + content: | + #!ipxe + set menu-default fai + set menu-timeout 5000 + set submenu-timeout ${menu-timeout} + isset ${menu-default} || set menu-default exit + + # Figure out if client is 64-bit capable + cpuid --ext 29 && set arch x64 || set arch x86 + cpuid --ext 29 && set archl amd64 || set archl i386 + + :start + menu iPXE boot menu + item --key f fai FAI Installer + item --gap -- + item --key p pxelinux PXE Linux + item --key d dban Dariks boot and nuke (DBAN) + item --gap -- + item --key c config Configure settings + item shell Drop to iPXE shell + item reboot Reboot computer + item + item --key x exit Exit iPXE and continue BIOS boot + choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel + set menu-timeout 0 + goto ${selected} + + :cancel + echo You cancelled the menu, dropping you to a shell + + :shell + echo Type 'exit' to get the back to the menu + shell + set menu-timeout 0 + set submenu-timeout 0 + goto start + + :failed + echo Booting failed, dropping to shell + goto shell + + :config + config + goto start + + :reboot + reboot + + :exit + exit + + :fai + kernel fai/vmlinuz-4.19.0-10-amd64 + initrd fai/initrd.img-4.19.0-10-amd64 + imgargs vmlinuz-4.19.0-10-amd64 ip=dhcp root=live:http://192.168.33.1/tftp/fai/squash.img FAI_FLAGS=verbose,sshd,createv,menu FAI_CONFIG_SRC=http://192.168.33.1/fai/config.tar FAI_ACTION=install + boot || goto failed + goto start + + :dban + kernel dban.bzi + imgargs dban.bzi silent vga=785 + boot || goto failed + goto start + dest: /srv/tftp/menu.ipxe + mode: 0644 + owner: root + group: root + tags: + - pxe + - tftp + - fai + diff --git a/roles/fai/tasks/fai-pxe-pxelinux.yml b/roles/fai/tasks/fai-pxe-pxelinux.yml new file mode 100644 index 0000000..eb5fbe0 --- /dev/null +++ b/roles/fai/tasks/fai-pxe-pxelinux.yml @@ -0,0 +1,288 @@ +- name: install syslinux + package: + name: "{{ item }}" + state: present + with_items: + - pxelinux + - syslinux + - syslinux-efi + tags: + - pxe + - bios + - efi + - syslinux + +- name: generate pxe directory structure + file: + name: "{{ item }}" + state: directory + with_items: + - /srv/tftp/fai/bios + - /srv/tftp/fai/efi32 + - /srv/tftp/fai/efi64 + tags: + - pxe + - bios + - efi + - syslinux + +- name: copy pxelinux + copy: + src: /usr/lib/PXELINUX/pxelinux.0 + dest: /srv/tftp/fai/bios/pxelinux.0 + owner: root + group: root + remote_src: yes + tags: + - pxe + - syslinux + +- name: copy pxe efi32 + copy: + src: /usr/lib/SYSLINUX.EFI/efi32/syslinux.efi + dest: /srv/tftp/fai/efi32/syslinux.efi + owner: root + group: root + remote_src: yes + +- name: copy pxe bios modules + copy: + src: "{{ item }}" + dest: /srv/tftp/fai/bios/ + owner: root + group: root + remote_src: yes + with_items: + - /usr/lib/syslinux/modules/bios/dmitest.c32 + - /usr/lib/syslinux/modules/bios/chain.c32 + - /usr/lib/syslinux/modules/bios/libcom32.c32 + - /usr/lib/syslinux/modules/bios/sysdump.c32 + - /usr/lib/syslinux/modules/bios/sanboot.c32 + - /usr/lib/syslinux/modules/bios/host.c32 + - /usr/lib/syslinux/modules/bios/vesainfo.c32 + - /usr/lib/syslinux/modules/bios/liblua.c32 + - /usr/lib/syslinux/modules/bios/gfxboot.c32 + - /usr/lib/syslinux/modules/bios/mboot.c32 + - /usr/lib/syslinux/modules/bios/disk.c32 + - /usr/lib/syslinux/modules/bios/meminfo.c32 + - /usr/lib/syslinux/modules/bios/hdt.c32 + - /usr/lib/syslinux/modules/bios/cpuid.c32 + - /usr/lib/syslinux/modules/bios/cpu.c32 + - /usr/lib/syslinux/modules/bios/libgpl.c32 + - /usr/lib/syslinux/modules/bios/libutil.c32 + - /usr/lib/syslinux/modules/bios/kontron_wdt.c32 + - /usr/lib/syslinux/modules/bios/kbdmap.c32 + - /usr/lib/syslinux/modules/bios/vesamenu.c32 + - /usr/lib/syslinux/modules/bios/pci.c32 + - /usr/lib/syslinux/modules/bios/ethersel.c32 + - /usr/lib/syslinux/modules/bios/pmload.c32 + - /usr/lib/syslinux/modules/bios/cptime.c32 + - /usr/lib/syslinux/modules/bios/gpxecmd.c32 + - /usr/lib/syslinux/modules/bios/whichsys.c32 + - /usr/lib/syslinux/modules/bios/vesa.c32 + - /usr/lib/syslinux/modules/bios/pxechn.c32 + - /usr/lib/syslinux/modules/bios/lfs.c32 + - /usr/lib/syslinux/modules/bios/ifplop.c32 + - /usr/lib/syslinux/modules/bios/dmi.c32 + - /usr/lib/syslinux/modules/bios/pcitest.c32 + - /usr/lib/syslinux/modules/bios/cmenu.c32 + - /usr/lib/syslinux/modules/bios/reboot.c32 + - /usr/lib/syslinux/modules/bios/debug.c32 + - /usr/lib/syslinux/modules/bios/ifmemdsk.c32 + - /usr/lib/syslinux/modules/bios/zzjson.c32 + - /usr/lib/syslinux/modules/bios/sdi.c32 + - /usr/lib/syslinux/modules/bios/ldlinux.c32 + - /usr/lib/syslinux/modules/bios/dhcp.c32 + - /usr/lib/syslinux/modules/bios/menu.c32 + - /usr/lib/syslinux/modules/bios/poweroff.c32 + - /usr/lib/syslinux/modules/bios/elf.c32 + - /usr/lib/syslinux/modules/bios/hexdump.c32 + - /usr/lib/syslinux/modules/bios/libmenu.c32 + - /usr/lib/syslinux/modules/bios/vpdtest.c32 + - /usr/lib/syslinux/modules/bios/ifcpu.c32 + - /usr/lib/syslinux/modules/bios/ls.c32 + - /usr/lib/syslinux/modules/bios/cpuidtest.c32 + - /usr/lib/syslinux/modules/bios/cmd.c32 + - /usr/lib/syslinux/modules/bios/rosh.c32 + - /usr/lib/syslinux/modules/bios/pwd.c32 + - /usr/lib/syslinux/modules/bios/linux.c32 + - /usr/lib/syslinux/modules/bios/config.c32 + - /usr/lib/syslinux/modules/bios/ifcpu64.c32 + - /usr/lib/syslinux/modules/bios/cat.c32 + - /usr/lib/syslinux/modules/bios/lua.c32 + - /usr/lib/syslinux/modules/bios/syslinux.c32 + - /usr/lib/syslinux/modules/bios/prdhcp.c32 + - /usr/lib/syslinux/modules/bios/dir.c32 + tags: + - pxe + - efi + +- name: copy pxe efi32 modules + copy: + src: "{{ item }}" + dest: /srv/tftp/fai/efi32/ + owner: root + group: root + remote_src: yes + with_items: + - /usr/lib/syslinux/modules/efi32/dmitest.c32 + - /usr/lib/syslinux/modules/efi32/chain.c32 + - /usr/lib/syslinux/modules/efi32/libcom32.c32 + - /usr/lib/syslinux/modules/efi32/sysdump.c32 + - /usr/lib/syslinux/modules/efi32/host.c32 + - /usr/lib/syslinux/modules/efi32/liblua.c32 + - /usr/lib/syslinux/modules/efi32/gfxboot.c32 + - /usr/lib/syslinux/modules/efi32/mboot.c32 + - /usr/lib/syslinux/modules/efi32/meminfo.c32 + - /usr/lib/syslinux/modules/efi32/hdt.c32 + - /usr/lib/syslinux/modules/efi32/cpuid.c32 + - /usr/lib/syslinux/modules/efi32/cpu.c32 + - /usr/lib/syslinux/modules/efi32/libgpl.c32 + - /usr/lib/syslinux/modules/efi32/ldlinux.e32 + - /usr/lib/syslinux/modules/efi32/libutil.c32 + - /usr/lib/syslinux/modules/efi32/vesamenu.c32 + - /usr/lib/syslinux/modules/efi32/pci.c32 + - /usr/lib/syslinux/modules/efi32/cptime.c32 + - /usr/lib/syslinux/modules/efi32/whichsys.c32 + - /usr/lib/syslinux/modules/efi32/vesa.c32 + - /usr/lib/syslinux/modules/efi32/lfs.c32 + - /usr/lib/syslinux/modules/efi32/dmi.c32 + - /usr/lib/syslinux/modules/efi32/cmenu.c32 + - /usr/lib/syslinux/modules/efi32/reboot.c32 + - /usr/lib/syslinux/modules/efi32/debug.c32 + - /usr/lib/syslinux/modules/efi32/zzjson.c32 + - /usr/lib/syslinux/modules/efi32/dhcp.c32 + - /usr/lib/syslinux/modules/efi32/menu.c32 + - /usr/lib/syslinux/modules/efi32/hexdump.c32 + - /usr/lib/syslinux/modules/efi32/libmenu.c32 + - /usr/lib/syslinux/modules/efi32/vpdtest.c32 + - /usr/lib/syslinux/modules/efi32/ifcpu.c32 + - /usr/lib/syslinux/modules/efi32/ls.c32 + - /usr/lib/syslinux/modules/efi32/cpuidtest.c32 + - /usr/lib/syslinux/modules/efi32/cmd.c32 + - /usr/lib/syslinux/modules/efi32/rosh.c32 + - /usr/lib/syslinux/modules/efi32/pwd.c32 + - /usr/lib/syslinux/modules/efi32/linux.c32 + - /usr/lib/syslinux/modules/efi32/config.c32 + - /usr/lib/syslinux/modules/efi32/ifcpu64.c32 + - /usr/lib/syslinux/modules/efi32/cat.c32 + - /usr/lib/syslinux/modules/efi32/lua.c32 + - /usr/lib/syslinux/modules/efi32/syslinux.c32 + - /usr/lib/syslinux/modules/efi32/dir.c32 + tags: + - pxe + - efi + +- name: copy pxe efi64 modules + copy: + src: "{{ item }}" + dest: /srv/tftp/fai/efi64/ + owner: root + group: root + remote_src: yes + with_items: + - /usr/lib/syslinux/modules/efi64/dmitest.c32 + - /usr/lib/syslinux/modules/efi64/chain.c32 + - /usr/lib/syslinux/modules/efi64/libcom32.c32 + - /usr/lib/syslinux/modules/efi64/sysdump.c32 + - /usr/lib/syslinux/modules/efi64/host.c32 + - /usr/lib/syslinux/modules/efi64/liblua.c32 + - /usr/lib/syslinux/modules/efi64/gfxboot.c32 + - /usr/lib/syslinux/modules/efi64/mboot.c32 + - /usr/lib/syslinux/modules/efi64/meminfo.c32 + - /usr/lib/syslinux/modules/efi64/hdt.c32 + - /usr/lib/syslinux/modules/efi64/cpuid.c32 + - /usr/lib/syslinux/modules/efi64/cpu.c32 + - /usr/lib/syslinux/modules/efi64/libgpl.c32 + - /usr/lib/syslinux/modules/efi64/ldlinux.e64 + - /usr/lib/syslinux/modules/efi64/libutil.c32 + - /usr/lib/syslinux/modules/efi64/vesamenu.c32 + - /usr/lib/syslinux/modules/efi64/pci.c32 + - /usr/lib/syslinux/modules/efi64/cptime.c32 + - /usr/lib/syslinux/modules/efi64/whichsys.c32 + - /usr/lib/syslinux/modules/efi64/vesa.c32 + - /usr/lib/syslinux/modules/efi64/lfs.c32 + - /usr/lib/syslinux/modules/efi64/dmi.c32 + - /usr/lib/syslinux/modules/efi64/cmenu.c32 + - /usr/lib/syslinux/modules/efi64/reboot.c32 + - /usr/lib/syslinux/modules/efi64/debug.c32 + - /usr/lib/syslinux/modules/efi64/zzjson.c32 + - /usr/lib/syslinux/modules/efi64/dhcp.c32 + - /usr/lib/syslinux/modules/efi64/menu.c32 + - /usr/lib/syslinux/modules/efi64/hexdump.c32 + - /usr/lib/syslinux/modules/efi64/libmenu.c32 + - /usr/lib/syslinux/modules/efi64/vpdtest.c32 + - /usr/lib/syslinux/modules/efi64/ifcpu.c32 + - /usr/lib/syslinux/modules/efi64/ls.c32 + - /usr/lib/syslinux/modules/efi64/cpuidtest.c32 + - /usr/lib/syslinux/modules/efi64/cmd.c32 + - /usr/lib/syslinux/modules/efi64/rosh.c32 + - /usr/lib/syslinux/modules/efi64/pwd.c32 + - /usr/lib/syslinux/modules/efi64/linux.c32 + - /usr/lib/syslinux/modules/efi64/config.c32 + - /usr/lib/syslinux/modules/efi64/ifcpu64.c32 + - /usr/lib/syslinux/modules/efi64/cat.c32 + - /usr/lib/syslinux/modules/efi64/lua.c32 + - /usr/lib/syslinux/modules/efi64/syslinux.c32 + - /usr/lib/syslinux/modules/efi64/dir.c32 + tags: + - pxe + - efi + +- name: write pxe default config for bios/efi32/efi64 + copy: + content: | + DEFAULT bios/menu.c32 + PROMPT 0 + + MENU TITLE FAI Setup + MENU AUTOBOOT Starting FAI install + TIMEOUT 300 + + INCLUDE ::fai.cfg + INCLUDE ::dban.cfg + dest: /srv/tftp/fai/bios/default + mode: 0644 + owner: root + group: root + with_items: + - /srv/tftp/fai/bios/default + - /srv/tftp/fai/efi32/default + - /srv/tftp/fai/efi64/default + tags: + - pxe + - tftp + - fai + +- name: write pxe fai boot config + copy: + content: | + LABEL fai + MENU DEFAULT + MENU LABEL FAI Installer + KERNEL vmlinuz-{{linux_version}}-amd64 + APPEND initrd=initrd.img-{{linux_version}}-amd64 ip=dhcp root=live:http://{{server_ip}}/tftp/fai/squash.img FAI_FLAGS=verbose,sshd,createv{% if fai_menu %},menu{% endif %} FAI_CONFIG_SRC=http://{{server_ip}}/fai/config.tar FAI_ACTION=install + dest: /srv/tftp/fai/fai.cfg + mode: 0644 + owner: root + group: root + tags: + - pxe + - tftp + - fai + +- name: write pxe fai boot config + copy: + content: | + LABEL dban + MENU LABEL Darik's Boot And Nuke Tool + KERNEL dban.bzi + APPEND nuke="dwipe" silent vga=785 + dest: /srv/tftp/fai/dban.cfg + mode: 0644 + owner: root + group: root + tags: + - pxe + - tftp + - fai diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml new file mode 100644 index 0000000..4a669fd --- /dev/null +++ b/roles/fai/tasks/fai-pxe.yml @@ -0,0 +1,25 @@ +- name: test pxe config already exists + stat: + path: /srv/tftp/fai + register: fai_tftp + +- name: generate tftp config + shell: fai-chboot -IF -u http://{{server_ip}}/fai/config.tar default + when: fai_tftp.changed + tags: + - fai + - pxe + - http + +- name: copy dban image + copy: + src: files/dban/dban.bzi + dest: /srv/tftp/fai/dban.bzi + owner: root + group: root + +- include: fai-pxe-ipxe.yml + when: use_ipxe + +- include: fai-pxe-pxelinux.yml + when: not use_ipxe diff --git a/roles/fai/tasks/fai-root.yml b/roles/fai/tasks/fai-root.yml new file mode 100644 index 0000000..83c3355 --- /dev/null +++ b/roles/fai/tasks/fai-root.yml @@ -0,0 +1,35 @@ +- name: test nfsroot exists + stat: + path: /srv/fai/nfsroot + register: nfsroot_res + tags: + - fai + - root + +- name: test if fai-setup already ran + file: + dest: /srv/fai/nfsroot + state: absent + when: "ensure_fai_setup_run" + tags: + - fai + - root + +- name: generate fai chroot + shell: fai-make-nfsroot + when: "not nfsroot_res.stat.exists or ensure_fai_setup_run" + tags: + - fai + - root + +- name: test squash image + stat: + path: /srv/tftp/fai/squash.img + register: squash_img + +- name: generate squashfs + shell: fai-cd -M -S /srv/tftp/fai/squash.img + when: "not squash_img.stat.exists or ensure_fai_setup_run" + tags: + - fai + - root diff --git a/roles/fai/tasks/isc-dhcp-server.yml b/roles/fai/tasks/isc-dhcp-server.yml new file mode 100644 index 0000000..174ad55 --- /dev/null +++ b/roles/fai/tasks/isc-dhcp-server.yml @@ -0,0 +1,80 @@ +- name: install dhcpd + apt: + name: isc-dhcp-server + state: present + tags: + - dhcp + +- name: configure dhcp server + copy: + content: | + option dhcp-max-message-size 2048; + use-host-decl-names on; + + option architecture-type code 93 = unsigned integer 16; + + subnet {{server_net}}.0 netmask {{server_netmask}} { + range {{server_net}}.10 {{server_net}}.250; + default-lease-time 6000; + max-lease-time 7200; + + option routers {{server_ip}}; + option domain-name "{{domain_name}}"; + option domain-name-servers {{server_ip}}; + option time-servers {{server_ip}}; + option ntp-servers {{server_ip}}; + server-name {{server_name}}; + next-server {{server_ip}}; + + allow booting; + allow bootp; + + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + + if exists user-class and option user-class = "iPXE" { + filename "menu.ipxe"; + } else { + if option architecture-type = 00:00 { + filename "ipxe.pxe"; + } elsif option architecture-type = 00:09 { + filename "fai/efi64/syslinux.efi"; + } elsif option architecture-type = 00:07 { + filename "fai/efi64/syslinux.efi"; + } elsif option architecture-type = 00:06 { + filename "fai/efi32/syslinux.efi"; + } + } + } + } + dest: /etc/dhcp/dhcpd.conf + mode: 0644 + owner: root + group: root + validate: dhcpd -t -cf %s + register: dhcpd_config + tags: + - dhcp + - routing + +- name: set dhcp server interface + copy: + content: | + INTERFACESv4="{{dhcp_interface}}" + INTERFACESv6="" + dest: /etc/default/isc-dhcp-server + mode: 0644 + owner: root + group: root + register: dhcp_default_config + tags: + - dhcp + +- name: reload dhcp + systemd: + name: isc-dhcp-server + state: restarted + when: dhcp_default_config.changed or dhcpd_config.changed + tags: + - dhcp + diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml new file mode 100644 index 0000000..b2f3f2b --- /dev/null +++ b/roles/fai/tasks/main.yml @@ -0,0 +1,16 @@ +--- +# tasks file for fai +- include: time-server.yml +- include: isc-dhcp-server.yml +- include: nginx.yml +- include: unbound.yml +- include: routing.yml +- include: apt-cacher-ng.yml + when: use_apt_cache +- include: fai-prepare.yml +- include: fai-install.yml +- include: fai-configure.yml +- include: fai-profile.yml +- include: fai-root.yml +- include: fai-pxe.yml +- include: fai-finish.yml diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml new file mode 100644 index 0000000..8fb6879 --- /dev/null +++ b/roles/fai/tasks/nginx.yml @@ -0,0 +1,38 @@ +- name: install nginx + apt: + name: nginx-light + state: present + tags: + - http + +- name: configure http server + copy: + content: | + server { + listen 80 default_server; + listen [::]:80 default_server; + root /srv; + index index.html; + server_name _; + + location / { + autoindex on; + try_files $uri $uri/ =404; + } + } + dest: /etc/nginx/sites-enabled/default + mode: 0644 + owner: root + group: root + register: nginx_conf + tags: + - http + +- name: ensure http server is running + systemd: + name: nginx + state: restarted + when: nginx_conf.changed + tags: + - http + diff --git a/roles/fai/tasks/routing.yml b/roles/fai/tasks/routing.yml new file mode 100644 index 0000000..bfcfbb1 --- /dev/null +++ b/roles/fai/tasks/routing.yml @@ -0,0 +1,41 @@ +- name: ensure iptabes is installed + apt: + name: iptables + state: present + tags: + - routing + +- name: enable permantent masquerading + copy: + content: | + *nat + :PREROUTING ACCEPT [0:0] + :INPUT ACCEPT [0:0] + :POSTROUTING ACCEPT [0:0] + :OUTPUT ACCEPT [0:0] + -A POSTROUTING -o {{wan_interface}} -j MASQUERADE + COMMIT + dest: /etc/network/iptables.up.rules + register: iptables_up_rules + tags: + - routing + +- name: apply iptables rules + iptables: + table: nat + chain: POSTROUTING + out_interface: "{{wan_interface}}" + jump: MASQUERADE + tags: + - routing + +- name: enable ip forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + state: present + reload: yes + tags: + - routing + diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml new file mode 100644 index 0000000..b3b1775 --- /dev/null +++ b/roles/fai/tasks/time-server.yml @@ -0,0 +1,72 @@ +- name: install inetd + apt: + name: inetutils-tools + state: present + tags: + - time + - rdate + +- name: activate rdate + copy: + content: | + time stream tcp nowait root internal + dest: /etc/inetd.conf + owner: root + group: root + mode: 0644 + register: inetd_conf + tags: + - time + - rdate + +- systemd: + name: inetd + state: restarted + when: inetd_conf.changed + tags: + - time + - rdate + +- name: install ntp server + apt: + name: ntp + state: present + +- name: configure ntp server + copy: + content: | + driftfile /var/lib/ntp/ntp.drift + + leapfile /usr/share/zoneinfo/leap-seconds.list + statistics loopstats peerstats clockstats + + filegen loopstats file loopstats type day enable + filegen peerstats file peerstats type day enable + filegen clockstats file clockstats type day enable + + pool 0.debian.pool.ntp.org iburst + pool 1.debian.pool.ntp.org iburst + pool 2.debian.pool.ntp.org iburst + pool 3.debian.pool.ntp.org iburst + + restrict -4 default kod notrap nomodify nopeer noquery limited + restrict -6 default kod notrap nomodify nopeer noquery limited + + # Local users may interrogate the ntp server more closely. + restrict 127.0.0.1 + restrict {{server_net}}.0/24 + restrict ::1 + + restrict source notrap nomodify noquery + dest: /etc/ntp.conf + mode: 0644 + owner: root + group: root + register: ntp_conf + +- name: reload ntp config + systemd: + name: ntp + state: restarted + when: ntp_conf.changed + diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml new file mode 100644 index 0000000..21a5b7b --- /dev/null +++ b/roles/fai/tasks/unbound.yml @@ -0,0 +1,35 @@ +- name: install unbound server + apt: + name: unbound + state: present + tags: + - dns + +- name: configure dns + copy: + content: | + server: + access-control: {{server_net}}.0/{{server_netbits}} allow + private-domain: "{{domain_name}}" + domain-insecure: "{{domain_name}}" + + interface: 0.0.0.0 + + local-zone: "{{domain_name}}." static + local-data: "{{server_name}}.{{domain_name}}. IN A {{server_ip}}" + local-data: "monserver.{{domain_name}} IN A {{server_ip}}" + dest: /etc/unbound/unbound.conf.d/fai.conf + mode: 0644 + owner: root + group: root + register: unbound_conf + tags: + - dns + +- name: apply dns config + systemd: + name: unbound + state: restarted + when: unbound_conf.changed + tags: + - dns diff --git a/roles/fai/tests/inventory b/roles/fai/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/fai/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/fai/tests/test.yml b/roles/fai/tests/test.yml new file mode 100644 index 0000000..f847566 --- /dev/null +++ b/roles/fai/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - fai \ No newline at end of file diff --git a/roles/fai/vars/main.yml b/roles/fai/vars/main.yml new file mode 100644 index 0000000..4b052e6 --- /dev/null +++ b/roles/fai/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for fai \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..4cd6e4e --- /dev/null +++ b/setup.yml @@ -0,0 +1,16 @@ +- hosts: all + become: yes + vars: + ensure_fai_setup_run: false + dhcp_interface: eth1 + wan_interface: eth0 + server_name: faiserver + server_ip: 192.168.33.1 + server_net: 192.168.33 + server_netbits: 24 + server_netmask: 255.255.255.0 + domain_name: lan + linux_version: 4.19.0-10 + roles: + - fai +