HW4F
/
ansible-install-server
5
0
Fork 1
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Mayor refactoring

This commit is contained in:
rockstable 2022-12-07 14:52:06 +01:00
parent 26bc5cecf5
commit f029e74acd
153 changed files with 1689 additions and 3765 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
README.md
View File

@ -1,8 +1,8 @@
# HW4F Netboot Installer
Server die automatische Installation über das Netzwerks von Ubuntu 20.04
im Rahmen des Projekts [https://hardwareforfuture.de](**Hardware for Future**)
des [https://dezentrale.space/](dezentrale e.V).
Server die automatische Installation über das Netzwerks von Ubuntu 22.04
im Rahmen des Projekts [**Hardware for Future**](https://hardwareforfuture.de)
des [dezentrale e.V](https://dezentrale.space/).
Für den Betrieb wird einmalig eine Internetverbindung benötigt.
Der Server wird über Ansible aufgesetzt.
@ -11,7 +11,8 @@ u.a. FAI (Fully Automatic Installation).
Mit dem Server wird ein Netz aufgespannt,
welches für den Anschluß des zu installierenden Rechner verwendet wird.
Wenn die Rechner mit dem Netzwerk verbunden sind,
können sie über einen Netzwerkboot (F-Testen beim Start des Rechners) über PXE gebootet werden.
können sie über einen Netzwerkboot
(zumeist F12-Taste für das Bootmenü beim Start des Rechners) über PXE gebootet werden.
PXE lädt die erforderliche Dateien vom Server
und der FAI-Installer installiert dann Ubuntu auf den Rechner.
@ -20,25 +21,50 @@ Das Passwort ist `fai`.
Dieser Nutzer kann Administrationsrechte erlangen.
Das Passwort muss im Anschluss geändert werden.
## Verweise
* [FAI Project](https://fai-project.org)
* [FAI Project - Available distributions](https://fai-project.org/download/dists/)
* [FAI Project - FAI-Guide](https://fai-project.org/fai-guide/)
* [FAI Project - Variables](https://wiki.fai-project.org/index.php/Variables)
* [github.com faiproject/fai](https://github.com/faiproject/fai)
* [github.com faiproject/fai-config](https://github.com/faiproject/fai-config)
* [iPXE](https://ipxe.org)
* [Ansible](https://www.ansible.com)
## Komponenten
* DHCP: isc-dhcp-server
* TFTP: tftpd-hpa
* DNS: unbound
* ntp: ntp
* time: inetd
* HTTP: nginx
* rtime: inetd
* Apt Cache: apt-cacher-ng
## Voraussetzungen
Server:
* Debian Buster
* Debian Bullseye
* Zwei Netzwerkports oder zwei Netzwerkkarten (1x für WAN, 1x für LAN und FAI)
Zu installierende Clients:
* CPU mit x86-64 Unterstützung
* 512 MB RAM empfohlen
* mehr als 20 GB Festsplatte oder SSD
* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder iPXE-CD zum Booten der Rechner
* CPU amd64 mit Unterstützung für Hardwarevirtualisierung
* 1GiB empfohlen (min. 512MB RAM)
* mehr als 20 GB SSD oder Festplatte
* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder
iPXE-CD zum Booten der Rechner
## Verwendung
Zunächst Ansible für die automatische Installation
und Konfiguration aller Komponeten herunterladen:
```console
apt install python3-pip
pip3 install ansible
@ -46,7 +72,6 @@ pip3 install ansible
Danach ein Playbook (z.B. `fai.yml`) anlegen
und die grundlegende Parameter festlegen:
```yml
- hosts: localhost
become: true
@ -57,9 +82,8 @@ und die grundlegende Parameter festlegen:
- fai
```
Einen Eintrag hinzufügen in
Einen Eintrag hinzufügen in
`~/.ssh/config`
```
host hw4f-fai hw4f-fai.intern.dezentrale.space
user username
@ -77,9 +101,9 @@ ansible-playbook -i inventory/dezentrale.yml -K --check --diff -v fai.yml
### Virtuale Testinstanz
Für eine testweise Installation kann
[https://www.vagrantup.com/](Vagrant) verwendet werden.
Es richtet anhand der *Vagrantfile* eine virtuelle Maschine ein
und provisioniert sie mittels Ansible.
[Vagrant](https://www.vagrantup.com/) verwendet werden.
Es richtet anhand des *Vagrantfile* eine virtuelle Maschine ein
und provisioniert sie anschließend automatisch mittels Ansible.
Vagrant unterstützt verschiedene Provider für Virtualisierungslösungen
bspw. VirtualBox oder libvirt/KVM.
@ -87,14 +111,20 @@ Zur Verwendung muss Vagrant zunächst installiert werden.
Hier beispielsweise zusammen mit VirtualBox:
```
### VIRTUALBOX
apt install vagrant virtualbox
### Libvirt/KVM
apt install vagrant qemu-system-x86
```
Danach kann die virtuelle Umgebung erstellt
und automatisch eingerichtet werden:
```
vagrant up
### INITIAL PROVISIONING
vagrant up --color
### FULL REPROVISIONING
vagrant destroy; vagrant up --color
```
Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports.
@ -112,28 +142,96 @@ Hier kann es helfen das Netzwerk über *Virt-Manager* neuzustarten oder
ein weiteres isoliertes Netzwerk zu erstellen
und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden.
#### Zugriff auf die vagrant VM
Zugriff auf die vagrant VM wird gewährt über:
```
vagrant ssh
```
Mit Benutzername und Passwort:
```
### CREDENTIALS
Username: `vagrant`
Password: `vagrant`
### COMMAND
ssh vagrant@machine-ip
```
Mit PubKey Auth
```
ssh -i .vagrant/machines/hw4f-fai-vagrant/libvirt/private_key \
vagrant@machine-ip
```
#### Zugriff auf die zu installierende Maschine nehmen (Live System)
Dies ist recht nützlich zur Analyse des Livesystems.
Auf dem FAI-Server wird zunächst die IP-Adresse des Clients herausgesucht.
Diese findet sich unter `/var/lib/dhcp/dhcpd.leases`.
Dann kann per ssh Zugriff genommen werden
```
### CREDENTIALS
Username: `root`
Password: `fai`
ssh root@192.168.33.10
```
Das Installations log findet sich unter
`tail -f /tmp/fai/fai.log`
#### Secrets
In der folgenden Konfigurationsdatei
wird u.A. auch das Root-Passwort
des Live-Systems festgelegt.
Die NFS-root configuration findet sich hier
`/etc/fai/nfsroot.conf`
Das Secret wird definiert in
`/srv/fai/config/class/FAIBASE.var`
#### Debian Versionen
`/srv/fai/nfsroot/etc/debian_version`
Ganz alt: 10.6 (Buster) -> kein ZST
Neuer versuch: 11.5 (Bullseye) - kein ZST
Neuester Versuch: (Bookworm)
### Konfiguration
Über Ansible-Variablen kann die Installation noch weiter angepasst werden.
|**Variable** |**Bedeutung** |**Standard** |
|--- |--- |---------------------------------------- |
|dhcp_interface |NIC des Installtionnetzes (muss gesetzt sein) | |
|wan_interface |NIC zum Internet |`eth0` |
|server_name |Server-Name |hw4f-fai |
|domain_name |Domain-Name des Netzes |local |
|server_ip |IP des Servers |`192.168.33.1` |
|server_netbits |Bits der Netzmaske |`24 ` |
|server_netmask |Netzmaske |`255.255.255.0` |
|apt_cacher_offline_mode |true, um nur den vorhanden Packet-Cache als Repository zu nutzen|false |
|debian_release |Debian Release, was für FAI genutzt werden soll. |buster |
|pxe_preselected_entry |Vorausgewählte iPXE-Eintag |`__exit` (von lokale Datenträger starten)|
|pxe_menu_timeout |Timeout für iPXE-Menu in Milisekunden |5000 |
|ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine |
|use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |`false` |
|fai_hw4f_profile_username |Desktop Benutzername |`user` |
|fai_hw4f_profile_password |Passwort der Benutzers |`dezentrale` |
|**Variable** |**Beschreibung** |**Standard** |
|--- |--- |---------------------------------------- |
|`dhcp_interface` |NIC des Installationnetzes (muss gesetzt sein) |`eth1` |
|`wan_interface` |NIC zum Internet |`eth0` |
|`server_name` |Server-Name |`hw4f-fai` |
|`domain_name` |Domain-Name des Netzes |`local` |
|`server_ip` |IP des Servers in CIDR-Notation |`192.168.33.9/24` |
|`gateway_ip` |IP des Default-Gateways in CIDR-Notation |`192.168.33.1/24` |
|`apt_cacher_offline_mode` |`true`, um nur den vorhanden Packet-Cache als Repository zu nutzen |`false` |
|`debian_release` |Debian Release, was für FAI genutzt werden soll. |`bullseye` |
|`pxe_preselected_entry` |Vorausgewählte iPXE-Eintag |`exit` (von lokalem Datenträger starten) |
|`pxe_menu_timeout` |Timeout für iPXE-Menu in Millisekunden |5000 |
|`ipxe_additional_entries` |Zusätzliche Einträge für iPXE-Menu |keine |
|`use_apt_cache_for_server` |Apt Cache für den Server selbst verwenden |`false` |
|`fai_hw4f_profile_username` |Desktop Benutzername |`user` |
|`fai_hw4f_profile_username` |Desktop Benutzername |`user` |
|`fai_hw4f_profile_password` |Passwort der Benutzers |`dezentrale` |
Alle relevanten Netzwerk-Informationen werden
aus der IP-Adresse des Servers abgeleitet.
Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden,
eine Rechner mit Ubuntu installiert werden und
@ -154,7 +252,11 @@ Danach das Playbook noch einmal ausführen,
um die Konfigration zu aktualisieren:
```
ansible-playbook fai.yml
ansible-playbook -i inventory/dezentrale.yml \
-l hw4f-fai --diff --ask-become-pass fai.yml
### WHEN "sudo_nopasswd: true"
ansible-playbook -i inventory/dezentrale.yml \
-l hw4f-fai --diff fai.yml
```
#### Zusätzliche Menü-Einträge im iPXE-Menü
@ -204,23 +306,3 @@ Es sind folgende Felder für jeden Boot-Eintrag möglich:
Der vorausgewählt Eintrag kann über `pxe_preselected_entry` mit dem Label ausgewählt werden.
Um FAI auszuwählen muss `__fai` gesetzt werden.
## Details
*TBD*
### Komponenten
* DHCP: isc-dhcp-server
* TFTP: tftpd-hpa
* DNS: unbound
* ntp: ntp
* time: inetd
* HTTP: nginx
* rtime: inetd
* Apt Cache: apt-cacher-ng
## Verweise
* [https://fai-project.org](FAI Project)
* [https://ipxe.org](iPXE)
* [https://www.ansible.com](Ansible)

41
Vagrantfile vendored
View File

@ -4,33 +4,41 @@
def create(config, name)
config.vm.define name do |v|
v.vm.hostname = name
v.vm.box = "generic/debian10"
v.vm.box = "generic/debian11"
v.vm.provider "virtualbox" do |vb|
vb.linked_clone = true
vb.cpus = 2
vb.memory = 1024
vb.cpus = 6
vb.memory = 2048
# special thing for virtualbox
vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
end
v.vm.provider "libvirt" do |lv|
lv.cpus = 2
lv.memory = 1024
lv.cpus = 6
lv.memory = 2048
lv.disk_driver :cache => "unsafe"
end
# add a extra NIC for the DHCP services
# ADD EXTRA NIC FOR THE DHCP SERVICES
# https://github.com/vagrant-libvirt/vagrant-libvirt#provider-options
v.vm.network "private_network",
auto_config: false,
ip: '192.168.33.1',
ip: '192.168.33.9',
netmask: '255.255.255.0',
virtualbox__intnet: true,
libvirt__dhcp_enabled: false,
libvirt__forward_mode: 'none',
libvirt__guest_ipv6: false,
mode: 'isolated',
libvirt__forward_mode: 'nat',
#libvirt__guest_ipv6: true,
#mode: 'isolated',
type: 'ethernet'
$provision_net = <<-EOF
ip a add 192.168.33.9/24 dev eth1
ip l set up dev eth1
EOF
v.vm.provision "shell", inline: $provision_net
if ENV['USE_ANSIBLE_IN_VM'] || false
# start vagrant with:
#
@ -44,9 +52,9 @@ def create(config, name)
$provision = <<-EOF
sudo apt-get install -y python3-pip
pip3 install ansible
echo faiserver ansible_connection=local python_interpreter=/usr/bin/python3 > ~/inventory
#echo "faiserver ansible_connection=local python_interpreter=/usr/bin/python3" > ~/inventory/vagrant.ini
cd /home/vagrant/fai
ansible-playbook -i ~/inventory playbook-vagrant.yml
ansible-playbook -i ~/inventory/dezentrale.yml playbook-vagrant.yml
EOF
# and ran the provision with ansible
@ -55,13 +63,18 @@ def create(config, name)
else
# provision with ansible and use VM as target host
v.vm.provision "ansible" do |ans|
ans.playbook = "playbook-vagrant.yml"
ans.inventory_path = "inventory/dezentrale.yml"
ans.limit = name
#ans.ask_become_pass = true
ans.verbose = "v"
ans.playbook = "fai.yml"
#ans.tags = [ "debug_hostvars", "packages" ]
end
end
end
end
Vagrant.configure("2") do |config|
create(config, "faiserver")
create(config, "hw4f-fai-vagrant")
end

40
fai.yml
View File

@ -1,38 +1,6 @@
- hosts: hw4f-fai
vars:
# Additional entries in iPXE menu
ipxe_additional_entries:
"pmagic":
name: "Partition Magic"
key: p
files: "tools/pmagic"
kernel: "bzImage64"
initrd:
- initrd.img
- fu.img
- m64.img
- files.cgz
imgargs: edd=on vga=normal
"clonezilla2.6.6.15r":
name: "Windows Clonzilla 2.6.6.15 Restore"
key: r
kernel: "images/bios/clonezilla2.6.6-15/vmlinuz"
initrd:
- "images/bios/clonezilla2.6.6-15/initrd.img"
imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"'
"clonezilla2.6.6.15b":
key: b
name: "Windows Clonzilla 2.6.6.15 Backup"
kernel: "images/bios/clonezilla2.6.6-15/vmlinuz"
initrd:
- "images/bios/clonezilla2.6.6-15/initrd.img"
##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5
imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs'
"dban":
name: "Dariks boot and nuke (DBAN)"
key: d
kernel: "dban.bzi"
imgargs: "silent vga=785"
- hosts: all
collections:
- ansible.utils
- ansible.netcommon
roles:
- fai

121
group_vars/all.yml Normal file
View File

@ -0,0 +1,121 @@
---
### FAI
debian_release_fai: "bookworm"
debian_release_nfsroot: "bookworm"
### REPOS IN THE FAI-SERVER
repos:
- repo: "deb http://fai-project.org/download bullseye koeln"
filename: "fai"
preferences:
- package: '*'
origin: "fai-project.org"
release_name: "{{ debian_release_fai }}"
pin_priority: 500
- repo: "deb http://deb.debian.org/debian {{ debian_release_fai }} main contrib non-free"
filename: "{{ debian_release_fai }}"
preferences:
- package: '*'
origin: "deb.debian.org"
release_name: "{{ debian_release_fai }}"
pin_priority: 500
- repo: "deb http://deb.debian.org/debian {{ debian_release_fai }}-updates main contrib non-free"
filename: "{{ debian_release_fai }}"
preferences:
- package: '*'
origin: "deb.debian.org"
release_name: "{{ debian_release_fai }}-updates"
pin_priority: 500
- repo: "deb http://security.debian.org/debian-security {{ debian_release_fai }}-security main contrib non-free"
filename: "{{ debian_release_fai }}"
- repo: "deb http://deb.debian.org/debian {{ debian_release_fai }}-backports main contrib non-free"
filename: "{{ debian_release_fai }}"
preferences:
- package: '*'
origin: "deb.debian.org"
release_name: "{{ debian_release_fai }}-backports"
pin_priority: 490
- repo: "deb http://deb.debian.org/debian testing main contrib non-free"
filename: "testing"
preferences:
- package: '*'
origin: "deb.debian.org"
suite: "testing"
pin_priority: 400
- repo: "deb http://deb.debian.org/debian testing-updates main contrib non-free"
filename: "testing"
preferences:
- package: '*'
origin: "deb.debian.org"
suite: "testing-updates"
pin_priority: 400
- repo: "deb http://deb.debian.org/debian sid main contrib non-free"
filename: "sid"
preferences:
- package: '*'
origin: "deb.debian.org"
release_name: "sid"
pin_priority: 120
- repo: "deb http://deb.debian.org/debian experimental main contrib non-free"
filename: "experimental"
preferences:
- package: '*'
origin: "deb.debian.org"
suite: "experimental"
pin_priority: 110
- package: '/^fai-.*/'
origin: "deb.debian.org"
suite: "experimental"
pin_priority: 500
# Additional entries in iPXE menu
ipxe_additional_entries:
"clonezilla2.6.6.15r":
name: "Windows Clonzilla 2.6.6.15 Restore"
key: r
kernel: "images/bios/clonezilla2.6.6-15/vmlinuz"
initrd:
- "images/bios/clonezilla2.6.6-15/initrd.img"
imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"'
"clonezilla2.6.6.15b":
key: b
name: "Windows Clonzilla 2.6.6.15 Backup"
kernel: "images/bios/clonezilla2.6.6-15/vmlinuz"
initrd:
- "images/bios/clonezilla2.6.6-15/initrd.img"
##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5
imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs'
# "pmagic":
# name: "Partition Magic"
# key: p
# files: "tools/pmagic"
# kernel: "bzImage64"
# initrd:
# - initrd.img
# - fu.img
# - m64.img
# - files.cgz
# imgargs: edd=on vga=normal
# "dban":
# name: "Dariks boot and nuke (DBAN)"
# key: d
# kernel: "dban.bzi"
# imgargs: "silent vga=785"
# "memtest":
# name: "Memtest86+"
# key: m
# files: "tools/memtest"
# kernel: "memtest86+-5.31b.bin"
# other:
# name: Menu Entry
# files: path/to/files/to/copy
# kernel: a-kernel-image
# args: some arguments
# initrd:
# - initrd0.img
# - initrd1.img
# - ...
# multiboot:
# - module0.img
# - module1.img
# - ...

32
inventory/dezentrale.yml
View File

@ -1,19 +1,29 @@
all:
hosts:
hw4f-fai:
ansible_nopasswd: True
vars:
ansible_nopasswd: true
use_apt_cache_for_server: true
# interface for a internet connection
wan_interface: ens18
wan_interface: "{{ ansible_default_ipv4.interface }}"
# ip of the server of the installer network
server_ip: "192.168.33.8/24"
routers:
- "192.168.33.1"
#nameservers:
fai_config_git: "https://git.dezentrale.cloud/HW4F/fai-config.git"
hosts:
hw4f-fai:
# interface to the clients to install
dhcp_interface: ens19
# customized server name
server_name: "hw4f-fai"
# ip of the server of the installer network
server_ip: 192.168.33.9
timeservers:
- 192.168.33.1
routers:
- 192.168.33.1
#nameservers:
pxe_preselected_entry: "fai"
hw4f-fai-vagrant:
ansible_host: "192.168.33.9"
#ansible_connection: "local"
#python_interpreter: "/usr/bin/python3"
# interface to the clients to install
dhcp_interface: eth1
# customized server name
server_name: "hw4f-fai-vagrant"
#localhost:

15
ip_calc.yml Normal file
View File

@ -0,0 +1,15 @@
---
- hosts: all
tasks:
- name: "Debug ipddr() filter"
vars:
server_ip: "192.168.33.9/24"
ansible.builtin.debug:
msg: |
network/prefix: "{{ server_ip | ipaddr('network/prefix') }}"
network: "{{ server_ip | ipaddr('network') }}"
address: "{{ server_ip | ipaddr('address') }}"
prefix: "{{ server_ip | ipaddr('prefix') }}"
netmask: "{{ server_ip | ipaddr('netmask') }}"
broadcast: "{{ server_ip | ipaddr('broadcast') }}"
delegate_to: localhost

35
playbook-vagrant.yml
View File

@ -1,35 +0,0 @@
- hosts: faiserver
become: true
vars:
# interface to the clients to install
dhcp_interface: eth1
# interface for a internet connection
wan_interface: "{{ ansible_default_ipv4.interface }}"
# customized server name
server_name: faiserver
# ip of the server of the installer network
server_ip: 192.168.33.1
pxe_preselected_entry: __fai
ipxe_additional_entries:
memtest:
name: Memtest86+
files: tools/memtest
kernel: memtest86+-5.31b.bin
# other:
# name: Menu Entry
# files: path/to/files/to/copy
# kernel: a-kernel-image
# args: some arguments
# initrd:
# - initrd0.img
# - initrd1.img
# - ...
# multiboot:
# - module0.img
# - module1.img
# - ...
roles:
- fai

100
roles/fai/defaults/main.yml
View File

@ -1,29 +1,101 @@
---
# defaults file for fai
### FAI defaults
debian_release_fai: "bullseye"
debian_release_nfsroot: "bullseye"
ubuntu_mirror_url: "http://archive.ubuntu.com"
dhcp_interface: eth1
dhcp_interface: "eth1"
wan_interface: "{{ (ansible_default_ipv4 |d(ansible_default_ipv6)).interface }}"
server_name: faiserver
domain_name: local
server_ip: 192.168.33.1
server_netbits: 24
server_netmask: 255.255.255.0
server_name: "faiserver"
domain_name: "local"
server_ip: "192.168.33.9/24"
server_network_prefix: "{{ server_ip | ipaddr('network/prefix') }}"
server_network: "{{ server_ip | ipaddr('network') }}"
server_address: "{{ server_ip | ipaddr('address') }}"
server_prefix: "{{ server_ip | ipaddr('prefix') }}"
server_netmask: "{{ server_ip | ipaddr('netmask') }}"
server_broadcast: "{{ server_ip | ipaddr('broadcast') }}"
timeservers:
- "{{ server_address }}"
ntpservers:
- "{{ server_address }}"
apt_cacher_offline_mode: false
debian_release: buster
use_apt_cache_for_server: false
fai_configdir: "/srv/fai/config"
fai_profiles_archive: "config.tar"
fai_etc_dir: "/etc/fai"
fai_dir: "/srv/fai"
fai_dir_config: "{{ fai_dir }}/config"
fai_dir_nfsroot: "{{ fai_dir }}/nfsroot"
fai_dir_nfsroot_boot: "{{ fai_dir_nfsroot }}/boot"
fai_config_archive: "config.tar"
fai_squashfs_file: "squash.img"
fai_squashfs_path: "{{ fai_dir_download + '/' + fai_squashfs_file }}"
#fai_loguser: "fai"
fai_menu_default: 'HW4F Desktop Jammy'
fai_hw4f_profile_username: user
fai_hw4f_profile_password: dezentrale
fai_hw4f_rootpw_fai: "fai"
fai_hw4f_profile_username: "user"
fai_hw4f_profile_password: "dezentrale"
fai_hw4f_rootpw: "{{ fai_hw4f_profile_password }}"
tftp_dir: "/srv/tftp/fai"
nginx_root: "/var/www/html"
nginx_dir_config: "/etc/nginx"
nginx_site_available: "{{ nginx_dir_config + '/sites-available/' + ansible_hostname + '.conf' }}"
nginx_site_enabled: "{{ nginx_dir_config + '/sites-enabled/' + ansible_hostname + '.conf' }}"
nginx_site_default: "{{ nginx_dir_config + '/sites-enabled/' + 'default' }}"
fai_dir_download: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}"
fai_dir_basefile: "{{ fai_dir_download + '/' + http_mirror_basefile_path_prefix }}"
http_mirror: "http://{{ server_name }}"
http_mirror_ipxe_path_prefix: "ipxe"
http_mirror_fai_path_prefix: "fai"
http_mirror_basefile_path_prefix: "basefile"
http_mirror_ipxe_root_url: "{{ http_mirror + '/' + http_mirror_ipxe_path_prefix }}"
http_mirror_fai_root_url: "{{ http_mirror + '/' + http_mirror_fai_path_prefix }}"
http_mirror_fai_profiles_url: "{{ http_mirror_fai_root_url + '/' + fai_config_archive }}"
http_mirror_fai_squashfs_url: "{{ http_mirror_fai_root_url + '/' + fai_squashfs_file }}"
http_mirror_fai_basefile_url: "{{ http_mirror_fai_root_url + '/' + http_mirror_basefile_path_prefix }}"
ipxe_additional_entries:
ipxe_additional_entries: []
ipxe_dir_binaries: "/usr/lib/ipxe"
ipxe_dir_download: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}"
pxe_preselected_entry: __exit
pxe_preselected_entry: "fai"
#pxe_preselected_entry: "exit"
pxe_menu_timeout: 5000
### CLONEZILLA
clonezilla_dir: "{{ nginx_root }}/clonezilla"
clonezilla_dir_download: "{{ clonezilla_dir + '/download' }}"
clonezilla_base_download_url_osdn: "https://osdn.net/dl"
clonezilla_base_download_url_sf: "https://downloads.sourceforge.net"
clonezilla_base_download_url: "{{ clonezilla_base_download_url_osdn }}"
clonezilla_version: "2.8.1-12"
### amd64/i686-pae/i686
clonezilla_arch: "amd64"
### zip/iso
clonezilla_type: "zip"
clonezilla_archive: "{{
'/clonezilla-live-' +
clonezilla_version + '-' +
clonezilla_arch + '.' +
clonezilla_type
}}"
clonezilla_download_url: "{{
clonezilla_base_download_url +
'/clonezilla' +
clonezilla_archive
}}"
package_set:
core:
debian:
standard: [
apt-file, apt-transport-https, aptitude, bash-completion, ca-certificates, curl,
dmidecode, dosfstools, git, htop, haveged, iftop, info, iotop, jq, libcrack2,
locales, lsb-release, lsof, man-db, mc, mlocate, openssl, parted, pigz, psmisc,
pv, pwgen, python3-apt, rsync, screen, sqlite3, ssl-cert, strace, sudo,
sysstat, tcpdump, tmux, unattended-upgrades, vim, wget, zsh ]
extra: [ btrfs-progs ]

72
roles/fai/files/bashrc Normal file
View File

@ -0,0 +1,72 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# Note: PS1 and umask are already set in /etc/profile. You should not
# need this unless you want different defaults for root.
# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
# umask 022
# You may uncomment the following lines if you want `ls' to be colorized:
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -lA'
# Some more alias to avoid making mistakes:
# alias rm='rm -i'
# alias cp='cp -i'
# alias mv='mv -i'
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# comment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
alias dir='dir --color=auto'
alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
alias ..='cd ..'

17
roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER → roles/fai/files/examples/etc/dhcpd.conf
View File

@ -1,18 +1,17 @@
# dhcpd.conf for a fai installation server
# replace faiserver with the name of your install server
ignore-client-uids on;
deny unknown-clients;
option dhcp-max-message-size 2048;
use-host-decl-names on;
#always-reply-rfc1048 on;
subnet 192.168.33.0 netmask 255.255.255.0 {
option routers 192.168.33.1;
option domain-name "fai.example";
option routers 192.168.33.250;
option domain-name "fai";
option domain-name-servers 192.168.33.250;
option time-servers faiserver;
# option ntp-servers faiserver;
option ntp-servers faiserver;
server-name faiserver;
next-server faiserver;
if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" {
@ -21,12 +20,10 @@ subnet 192.168.33.0 netmask 255.255.255.0 {
if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007" {
filename "fai/syslinux.efi";
}
allow unknown-clients;
pool {
range 192.168.33.100 192.168.33.150;
}
}
# generate a lot of entries with:
# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet XXX:$_;fixed-address client%02s;}\n",$_,$_;}'
# then replace XXX with the hardware addresses of your clients
# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet 52:54:00:11:23:%02X;fixed-address client%02s;}\n",$_,$_,$_;}'
# then replace 52:54:00:11:23:XX with the hardware addresses of your clients
# 52:54:00:11:23 is a prefix used by fai-kvm
host demohost {hardware ethernet 0:2:a3:b5:c5:41;fixed-address demohost;}

43
roles/fai/files/examples/etc/netgroup Normal file
View File

@ -0,0 +1,43 @@
# permission for a list of hosts
# the beowulf cluster
nucleus (nucleus,,)
atom00 (atom00,,)
atom01 (atom01,,)
atom02 (atom02,,)
atom03 (atom03,,)
atom04 (atom04,,)
atom05 (atom05,,)
atom06 (atom06,,)
atom07 (atom07,,)
atom08 (atom08,,)
atom09 (atom09,,)
atom10 (atom10,,)
atom11 (atom11,,)
atom12 (atom12,,)
atom13 (atom13,,)
atom14 (atom14,,)
atom15 (atom15,,)
atom16 (atom16,,)
atom17 (atom17,,)
atom18 (atom18,,)
atom19 (atom19,,)
atom20 (atom20,,)
atom21 (atom21,,)
atom22 (atom22,,)
atom23 (atom23,,)
atom24 (atom24,,)
atom25 (atom25,,)
atoms atom01 atom02 atom03 atom04 atom05 atom06 atom07 atom08 atom09 atom10 atom11 atom12 atom13 atom14 atom15 atom16 atom17 atom18 atom19 atom20 atom21 atom22 atom23 atom24 atom25
# used for script all_hosts
allhosts atom00 atoms
beowulf atoms atom00 nucleus
homeclients beowulf
faiclients workstations beowulf
# this definition grants permission for every host
# faiclients (,,)

41
roles/fai/files/examples/utils/mkdebmirror Executable file
View File

@ -0,0 +1,41 @@
#! /bin/sh
# Thomas Lange, lange@informatik.uni-koeln.de, (c) 2001-2018
# - - - - - - - - - - - - - - - - - - - - - - - - - - - -
update_from() {
# update local mirror from a host
host=$1
shift
defopt="--keyring /usr/share/keyrings/debian-archive-keyring.gpg --method=http --rsync-extra=none --diff=none $allopt --host=$host --dist=$dist $sect"
echo "------------------ create mirror for debian ------------------"
debmirror $excl $destdir/debian $defopt $*
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# main program
#
# here you have to adjust the hostnames of the mirror and the names of the distributions
# excluding dbg_ packages saves a lot of disk space. About 33G for squeeze,wheezy in amd64,i386
excl="--exclude=-dbg_ --exclude=debian-installer-netboot-images --include=libc6-dbg"
debug="$@"
arch=amd64
dist=bullseye,bullseye-backports
destdir=/files/scratch/debmirror
sect="--section main,contrib,non-free"
allopt="$debug --state-cache-days=100 --ignore-missing-release --ignore-release-gpg --passive --nosource --arch=$arch"
# first sync from a mirror near to you
#update_from ftp.uni-koeln.de $*
# If this mirror isn't always up to date, sync again from an official mirror
# sync from an official mirror
update_from deb.debian.org --getcontents $*
# even one should not mirror the security site, but I will do it.
echo "------------------ create mirror for debian-security ------------------"
debmirror --keyring /usr/share/keyrings/debian-archive-keyring.gpg --method=http $excl $destdir/debian-security $allopt --host=deb.debian.org -r debian-security $sect -d bullseye-security $*

309
roles/fai/files/profiles/basefiles/mk-basefile
View File

@ -1,309 +0,0 @@
#! /bin/bash
# mk-basefile, create basefiles for some distributions
#
# Thomas Lange, Uni Koeln, 2011-2020
# based on the Makefile implementation of Michael Goetze
#
# Usage example: mk-basefile -J STRETCH64
# This will create a STRETCH64.tar.xz basefile.
# Supported distributions (each i386/amd64):
# Debian GNU/Linux
# Ubuntu 14.04/16.04
# CentOS 5/6/7/8
# Scientific Linux Cern 5/6
#
# Packages you might want to install to use this command:
# debootstrap, rinse, xz-utils
# Define your local mirros here
# For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf
MIRROR_DEBIAN=http://deb.debian.org/debian/
MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/
MIRROR_CENTOS=http://mirror.netcologne.de/
EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info
EXCLUDE_WHEEZY=info
EXCLUDE_JESSIE=info
EXCLUDE_STRETCH=info
EXCLUDE_BUSTER=
EXCLUDE_BULLSEYE=
EXCLUDE_SID=
EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info
EXCLUDE_XENIAL=udhcpc,dibbler-client,info
EXCLUDE_BIONIC=udhcpc,dibbler-client,info
EXCLUDE_FOCAL=udhcpc,dibbler-client,info
# here you can add packages, that are needed very early
INCLUDE_DEBIAN=
setarch() {
l32=
if [ X$1 = Xi386 ]; then
l32=linux32
fi
}
check() {
if [ `id -u` != 0 ]; then
echo "You must be root to create chroots."
exit 1
fi
mknod $xtmp/test-dev-null c 1 3
if [ $? -eq 1 ]; then
echo "Cannot create device files on $xtmp, aborting."
echo "Perhaps this directory is mounted with option nodev."
rm -rf $xtmp
exit 1
fi
echo test > $xtmp/test-dev-null
if [ $? -eq 1 ]; then
echo "Cannot create device files on $xtmp, aborting."
echo "Perhaps this directory is mounted with option nodev."
rm -rf $xtmp
exit 1
fi
rm -f $xtmp/test-dev-null
}
mkpost-centos() {
# set local mirror for rinse post script
[ -z "$MIRROR_CENTOS" ] && return
cat <<EOM > $xtmp/post
#! /bin/sh
mkdir -p $xtmp/etc/yum.repos.d/orig
cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig
perl -pi -e 's,mirrorlist=,#mirrorlist=,; s,#baseurl=http://mirror.centos.org,baseurl=$MIRROR_CENTOS,;' $xtmp/etc/yum.repos.d/CentOS-Base.repo
EOM
chmod 555 $xtmp/post
}
mkpost-slc() {
# set local mirror for rinse post script
ver=$1
[ -z "$MIRROR_SLC" ] && return
cat <<EOM > $xtmp/post
#! /bin/sh
mkdir -p $xtmp/etc/yum.repos.d/orig
cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig
perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-os.repo
perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-updates.repo
EOM
chmod 555 $xtmp/post
}
cleanup-deb() {
chroot $xtmp apt-get clean
rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
$xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
$xtmp/etc/udev/rules.d/70-persistent-net.rules
> $xtmp/etc/machine-id
}
cleanup-rinse() {
# check if chroot works
echo "Installed packages in chroot:"
chroot $xtmp rpm -qa|sort
echo -n "CHROOT rpm -qa: "
chroot $xtmp rpm -qa|wc -l
rm -f $xtmp/etc/resolv.conf $xtmp/post
if [ -d $xtmp/etc/yum.repos.d/orig ]; then
mv $xtmp/etc/yum.repos.d/orig/* $xtmp/etc/yum.repos.d/
rm -rf $xtmp/etc/yum.repos.d/orig
fi
}
tarit() {
tar $attributes --numeric-owner --one-file-system -C $xtmp -cf - . | $zip > $target.$ext
}
centos() {
local arch=$1
local vers=$2
local domain=$(domainname)
check
setarch $arch
mkpost-centos
$l32 rinse --directory $xtmp --distribution centos-$vers --arch $arch --before-post-install $xtmp/post
domainname $domain # workaround for #613377
cleanup-rinse
tarit
}
slc() {
local arch=$1
local vers=$2
check
setarch $arch
mkpost-slc $vers
$l32 rinse --directory $xtmp --distribution slc-$vers --arch $arch --before-post-install $xtmp/post
cleanup-rinse
tarit
}
debgeneric() {
local DIST=$1
shift
local mirror=$1
shift
local arch=$1
dist=${DIST%%[0-9][0-9]}
local exc="EXCLUDE_$dist"
[ -n "${!exc}" ] && exc="--exclude=${!exc}" || unset exc
dist=${dist,,}
check
if [ -n "$INCLUDE_DEBIAN" ]; then
local inc="--include=$INCLUDE_DEBIAN"
fi
if [ -n "$arch" ]; then
qemu-debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror
target="${target}_${arch^^}"
else
if [[ $DIST =~ 64 ]]; then
arch=amd64
else
arch=i386
fi
debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror
fi
cleanup-deb
tarit
}
prtdists() {
echo "Available:
CENTOS5_32 CENTOS5_64
CENTOS6_32 CENTOS6_64
CENTOS7_32 CENTOS7_64
CENTOS8_64
SLC5_32 SLC5_64
SLC6_32 SLC6_64
SLC7_64
TRUSTY32 TRUSTY64
XENIAL32 XENIAL64
BIONIC64
FOCAL64
SQUEEZE32 SQUEEZE64
WHEEZY32 WHEEZY64
JESSIE32 JESSIE64
STRETCH32 STRETCH64
BUSTER32 BUSTER64
BULLSEYE32 BULLSEYE64
SID32 SID64
"
}
usage() {
cat <<EOF
mk-basefile, create minimal base files for a Linux distritubtion
Copyright (C) 2011-2020 by Thomas Lange
Usage: mk-basefile [OPTION] ... DISTRIBUTION
-s Show list of supported linux distributions
-f ARCH Build for foreign architecture ARCH.
-d DIR Use DIR for creating the temporary subtree structure.
-z Use gzip for compressing the tar file.
-J Use xz for compressing the tar file.
-k Keep the temporary subtree structure, do not remove it.
-h Print help.
Usage example: mk-basefile -J STRETCH64
This will create a STRETCH64.tar.xz basefile.
EOF
exit 0
}
# main routine
ext=tar
zip=cat
attributes=
cleanup=1
attributes="--xattrs --selinux --acls"
while getopts ashzJd:kf: opt ; do
case "$opt" in
a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
d) export TMPDIR=$OPTARG ;;
f) export ARCH=$OPTARG ;;
z) zip="gzip -9"; ext=tar.gz ;;
J) zip="xz -8" ext=tar.xz ;;
k) cleanup=0 ;;
h) usage ;;
s) prtdists ; exit 0;;
?) exit 3 ;; # error in option parsing
esac
done
shift $(($OPTIND - 1))
xtmp=$(mktemp --tmpdir -d basefiles.XXXXXXXX)
if [ $? -eq 1 ]; then
echo "mktemp failed. Aborting."
exit 2
fi
chmod 755 $xtmp
target=$1 # also the name of the output file
[ -z "$target" ] && usage
case "$target" in
CENTOS5_32) centos i386 5 ;;
CENTOS5_64) centos amd64 5 ;;
CENTOS6_32) centos i386 6 ;;
CENTOS6_64) centos amd64 6 ;;
CENTOS7_32) centos i386 7 ;;
CENTOS7_64) centos amd64 7 ;;
CENTOS8_64) centos amd64 8 ;;
SLC5_32) slc i386 5 ;;
SLC5_64) slc amd64 5 ;;
SLC6_32) slc i386 6 ;;
SLC6_64) slc amd64 6 ;;
SLC7_64) slc amd64 7 ;;
TRUSTY*|XENIAL*|BIONIC*|FOCAL*)
debgeneric $target $MIRROR_UBUNTU ;;
SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|SID*)
debgeneric $target $MIRROR_DEBIAN $ARCH;;
*) echo "Unknown distribution. Aborting."
prtdists
exit 99 ;;
esac
# cleanup
if [ $cleanup -eq 1 ]; then
rm -rf $xtmp
fi

8
roles/fai/files/profiles/class/01-classes
View File

@ -1,8 +0,0 @@
#! /bin/bash
[ "$cmdlineclasses" ] || exit 0
# define the classes given on the cmdline (using -c) very early
echo $cmdlineclasses
exit 0

21
roles/fai/files/profiles/class/10-base-classes
View File

@ -1,21 +0,0 @@
#! /bin/bash
# do only execute if this is called on the client being installed. Do not use during fai-diskimage
if [ X$FAI_ACTION = Xinstall -a $do_init_tasks -eq 0 ]; then
exit 0
fi
# Echo architecture and OS name in uppercase. Do NOT remove these two lines.
uname -s | tr '[:lower:]' '[:upper:]'
command -v dpkg >&/dev/null && dpkg --print-architecture | tr a-z A-Z
# determin if we are a DHCP client or not
# count the : chars in the argument of ip=
n="${ip//[^:]}"
if [[ $ip =~ ^(on|any|dhcp)$ ]]; then
echo DHCPC
elif [ ${#n} -lt 6 ]; then
echo DHCPC
fi
exit 0

35
roles/fai/files/profiles/class/20-hwdetect.sh
View File

@ -1,35 +0,0 @@
#! /bin/bash
# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de
# NOTE: Files named *.sh will be evaluated, but their output ignored.
[ $do_init_tasks -eq 1 ] || return 0 # Do only execute when doing install
echo 0 > /proc/sys/kernel/printk
#kernelmodules=
# here, you can load modules depending on the kernel version
case $(uname -r) in
2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
[3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
esac
for mod in $kernelmodules; do
[ X$verbose = X1 ] && echo Loading kernel module $mod
modprobe -a $mod 1>/dev/null 2>&1
done
ip ad show up | egrep -iv 'loopback|127.0.0.1|::1/128|_lft'
echo $printk > /proc/sys/kernel/printk
odisklist=$disklist
set_disk_info # recalculate list of available disks
if [ "$disklist" != "$odisklist" ]; then
echo New disklist: $disklist
echo disklist=\"$disklist\" >> $LOGDIR/additional.var
fi
save_dmesg # save new boot messages (from loading modules)

165
roles/fai/files/profiles/class/40-parse-profiles.sh
View File

@ -1,165 +0,0 @@
#! /bin/bash
# parse *.profile and build a curses menu, so the user can select a profile
#
# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then
:
else
return 0
fi
[ "$flag_menu" ] || return 0
out=$(tty)
tempfile=`(tempfile) 2>/dev/null`
tempfile2=`(tempfile) 2>/dev/null`
trap "rm -f $tempfile $tempfile2" EXIT INT QUIT
# declare the data structure, use associative arrays
declare -A arshort
declare -A ardesc
declare -A arlong
declare -A arclasses
declare -a list
parse_profile() {
# read a profile and add all info to the data structure
local short
local long
local desc
local name
local classes
local lflag=0
# disable word splitting when reading a line, this helps reading a keyword without a value
local OIF=$IFS
IFS=
while read -r line || [[ -n $line ]]; do
if [[ $line =~ "Name: " ]]; then
if [ -n "$long" ]; then
arlong[$name]="$long"
fi
short=
desc=
long=
classes=
lflag=0
name=${line##Name: }
[ $debug ] && echo "XX NAME $name found"
list+=("$name") # add new item to list
continue
fi
if [[ $line =~ "Description: " ]]; then
lflag=0
desc=${line##Description: }
[ $debug ] && echo "XX $desc found"
ardesc[$name]="$desc"
continue
fi
if [[ $line =~ "Short: " ]]; then
lflag=0
short=${line##Short: }
[ $debug ] && echo "XX $short found"
arshort[$name]="$short"
continue
fi
if [[ $line =~ "Classes: " ]]; then
lflag=0
classes=${line##Classes: }
[ $debug ] && echo "XX classes found"
arclasses[$name]="$classes"
continue
fi
if [[ $line =~ "Long: " ]]; then
lflag=1
long=${line##Long: }
[ $debug ] && echo "XX long found"
# else it's another long line
elif [ $lflag -eq 1 ]; then
long+="\n$line"
fi
if [[ $line =~ "Default: " ]]; then
lflag=0
default=${line##Default: }
continue
fi
done < $1
if [ -n "$long" ]; then
arlong[$name]="$long"
fi
IFS=$OIF
}
prtresult() {
# set newclasses which is used by fai-class(1)
local res=$(<$tempfile)
echo "$BASH_SOURCE defined new classes: ${arclasses[$res]}"
newclasses="${arclasses[$res]}"
}
# read all files with name matching *.profile
_parsed=0
shopt -s nullglob
for _f in *.profile; do
parse_profile $_f
_parsed=1
done
unset _f
# do nothing if no profile was read
if [ $_parsed -eq 0 ]; then
unset _parsed
return 0
fi
# create the argument list containing the menu entries
# and the help text file
for i in "${list[@]}"; do
par+=("$i")
par+=("${ardesc[${i}]}")
par+=("${arshort[${i}]}")
echo "Name: ${i}" >> $tempfile2
echo -e ${arlong[${i}]} >> $tempfile2
echo -e "Classes: " ${arclasses[${i}]} "\n" >> $tempfile2
done
unset i
while true; do
dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \
--default-item "$default" \
--menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\
15 70 0 "${par[@]}" 2> $tempfile 1> $out
_retval=$?
case $_retval in
0)
prtresult
break ;;
1)
echo "No profile selected."
break ;;
2)
dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;;
esac
done
unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line

28
roles/fai/files/profiles/class/41-warning.sh
View File

@ -1,28 +0,0 @@
#! /bin/bash
if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = X ]; then
:
else
return 0
fi
if [ X$action = Xdirinstall ]; then
return 0
fi
grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0
[ "$flag_menu" ] || return 0
out=$(tty)
red=$(mktemp)
echo 'screen_color = (CYAN,RED,ON)' > $red
DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \
--msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out
# stop on any error, or if ESC was hit
if [ $? -ne 0 ]; then
task_error 999
fi
rm $red
unset red

32
roles/fai/files/profiles/class/50-host-classes
View File

@ -1,32 +0,0 @@
#! /bin/bash
# assign classes to hosts based on their hostname
# do not use this if a menu will be presented
[ "$flag_menu" ] && exit 0
# use a list of classes for our demo machine
case $HOSTNAME in
faiserver)
echo "FAIBASE DEBIAN DEMO FAISERVER" ;;
demohost|client*)
echo "FAIBASE DEBIAN DEMO" ;;
xfcehost)
echo "FAIBASE DEBIAN DEMO XORG XFCE LVM";;
gnomehost)
echo "FAIBASE DEBIAN DEMO XORG GNOME";;
ubuntuhost)
echo "FAIBASE DEBIAN DEMO UBUNTU FOCAL FOCAL64 XORG";;
centos)
echo "FAIBASE CENTOS" # you may want to add class XORG here
ifclass AMD64 && echo CENTOS8_64
;;
slchost)
# Scientific Linux Cern, is very similar to CentOS. SLC should alsways use the class CENTOS
echo "FAIBASE CENTOS SLC" # you may want to add class XORG here
ifclass I386 && echo SLC7_32
ifclass AMD64 && echo SLC7_64
;;
*)
echo "UBUNTU MINT DESKTOP" ;;
esac

11
roles/fai/files/profiles/class/60-misc
View File

@ -1,11 +0,0 @@
#! /bin/bash
ifclass -o CENTOS SLC && exit 0
ifclass -o GRUB_PC GRUB_EFI && exit 0
if [ -d /sys/firmware/efi ]; then
echo GRUB_EFI
elif ifclass -o I386 AMD64 ; then
echo GRUB_PC
fi

21
roles/fai/files/profiles/class/85-efi-classes
View File

@ -1,21 +0,0 @@
#! /bin/bash
# define classes for disk_config in an EFI enironment
if [ ! -d /sys/firmware/efi ]; then
exit 0
fi
if ifclass FAIBASE; then
echo FAIBASE_EFI
elif ifclass FAISERVER; then
echo FAISERVER_EFI
elif ifclass LVM; then
echo LVM_EFI
elif ifclass XENIAL; then
echo XENIAL_EFI
elif ifclass UBUNTU; then
echo UBUNTU_EFI
elif ifclass HW4F_DESKTOP; then
echo HW4F_DESKTOP_EFI
fi

9
roles/fai/files/profiles/class/CENTOS.var
View File

@ -1,9 +0,0 @@
CONSOLEFONT=lat9v-16
KEYMAP=us
DEFAULTLOCALE=en_US.UTF-8
SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
# if you install much software and have only few RAM, use the RAM disk
# not for var/cache/yum
#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
FAI_RAMDISKS="$target/var/lib/rpm"

1
roles/fai/files/profiles/class/CLOUD.var
View File

@ -1 +0,0 @@
NIC1=eth0

19
roles/fai/files/profiles/class/DEBIAN.var
View File

@ -1,19 +0,0 @@
release=buster
apt_cdn=http://deb.debian.org
security_cdn=http://security.debian.org
CONSOLEFONT=
KEYMAP=de-latin1
# MODULESLIST contains modules that will be loaded by the new system,
# not during installation these modules will be written to /etc/modules
# If you need a module during installation, add it to $kernelmodules
# in 20-hwdetect.sh.
MODULESLIST="usbhid psmouse"
# if you have enough RAM (>2GB) you may want to enable this line. It
# also puts /var/cache into a ramdisk.
#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
# if you want to use the faiserver as APT proxy
APTPROXY=http://faiserver:3142

22
roles/fai/files/profiles/class/FAIBASE.var
View File

@ -1,22 +0,0 @@
# default values for installation. You can override them in your *.var files
# allow installation of packages from unsigned repositories
FAI_ALLOW_UNSIGNED=0
# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not.
UTC=yes
TIMEZONE=Europe/Berlin
# the hash of the root password for the new installed linux system
# pw is "fai"
ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
# errors in tasks greater than this value will cause the installation to stop
STOP_ON_ERROR=700
# set parameter for install_packages(8)
MAXPACKAGES=800
# a user account will be created
username=demo
USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'

3
roles/fai/files/profiles/class/GERMAN.var
View File

@ -1,3 +0,0 @@
# german environment (for Debian)
KEYMAP=de-latin1-nodeadkeys

1
roles/fai/files/profiles/class/INSTALL.var
View File

@ -1 +0,0 @@
FAI_ACTION=install

1
roles/fai/files/profiles/class/INVENTORY.var
View File

@ -1 +0,0 @@
FAI_ACTION=inventory

1
roles/fai/files/profiles/class/SYSINFO.var
View File

@ -1 +0,0 @@
FAI_ACTION=sysinfo

2
roles/fai/files/profiles/class/UBUNTU.var
View File

@ -1,2 +0,0 @@
ubuntumirror=http://archive.ubuntu.com
ubuntudist=focal

78
roles/fai/files/profiles/class/menu.profile
View File

@ -1,78 +0,0 @@
Default: HW4F Desktop
Name: HW4F Desktop
Description: Desktop installtion for Hardware for future
Short: HW4F
Long: Ubuntu 20.04 LTS (Focal Fossa) Desktop installtion
Classes: INSTALL GERMAN HW4F_DESKTOP UBUNTU HW4F_DESKTOP_LAST
Name: Secure erase SSD
Description: Run a secure erase for SSD
Short: Secure erase
Long: Run a secure erase on SSD
Classes: SECURE_ERASE
Name: Ubuntu
Description: Ubuntu
Short: Ubuntu
Long: Ubuntu 20.04 LTS (Focal Fossa)
Classes: INSTALL UBUNTU
Name: Minimalist debian
Description: Minimal debian installation
Short: Simple debian
Long: Simple debian without additional packages
Classes: DEBIAN
Name: Debian Desktop with Cinnamon
Description: Xfce desktop, LVM partitioning
Short: A fancy Xfce desktop will be installed, the user account is demo
Long: This is the Xfce desktop example. Additional account called
demo with password: fai, root password: fai
All needed packages are already on the CD or USB stick.
Classes: INSTALL DEBIAN CINNAMON
Name: Xfce
Description: Xfce desktop, LVM partitioning
Short: A fancy Xfce desktop will be installed, the user account is demo
Long: This is the Xfce desktop example. Additional account called
demo with password: fai, root password: fai
All needed packages are already on the CD or USB stick.
Classes: INSTALL FAIBASE DEBIAN DEMO XORG XFCE LVM
Name: Gnome
Description: Gnome desktop installation
Short: A Gnome desktop, no LVM, You will get an account called demo
Long: This is the Gnome desktop example. Additional account called
demo with password: fai, root password: fai
You should have a fast network connection, because most packages are
downloaded from the internet.
Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME
Name: CentOS 8
Description: CentOS 8 with Xfce desktop
Short: A normal Xfce desktop, running CentOS 8
Long: We use the Debian nfsroot for installing the CentOS 8 OS.
You should have a fast network connection, because most packages are
downloaded from the internet.
Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG
Name: Ubuntu
Description: Ubuntu 20.04 desktop installation
Short: Unity desktop
Long: We use the Debian nfsroot for installing the Ubuntu OS.
You should have a fast network connection, because most packages are
downloaded from the internet.
Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG
Name: Inventory
Description: Show hardware info
Short: Show some basic hardware infos
Long: Execute commands for showing hardware info
Classes: INVENTORY
Name: Sysinfo
Description: Show defailed system information
Short: Show detailed hardware and system information
Long: Execute a lot of commands for collecting system information
Classes: SYSINFO

2
roles/fai/files/profiles/debconf/CLOUD
View File

@ -1,2 +0,0 @@
# Linux command line:
grub-pc grub2/linux_cmdline_default string elevator=noop quiet

9
roles/fai/files/profiles/debconf/DEBIAN
View File

@ -1,9 +0,0 @@
exim4-config exim4/dc_eximconfig_configtype select local delivery only; not on a network
locales locales/default_environment_locale select de_DE.UTF-8
locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8
keyboard-configuration keyboard-configuration/modelcode string pc105
keyboard-configuration keyboard-configuration/xkb-keymap select us
keyboard-configuration keyboard-configuration/variant select Deutsch
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
keyboard-configuration keyboard-configuration/layoutcode string de
keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp

8
roles/fai/files/profiles/debconf/GERMAN
View File

@ -1,8 +0,0 @@
locales locales/default_environment_locale select de_DE.UTF-8
locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8
keyboard-configuration keyboard-configuration/modelcode string pc105
keyboard-configuration keyboard-configuration/xkb-keymap select de
keyboard-configuration keyboard-configuration/variant select Germany
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
keyboard-configuration keyboard-configuration/layoutcode string de
keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp

36
roles/fai/files/profiles/debconf/HW4F_DESKTOP
View File

@ -1,36 +0,0 @@
locales locales/default_environment_locale select de_DE.UTF-8
locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8
xserver-xorg xserver-xorg/config/inputdevice/keyboard/layout string de
xserver-xorg xserver-xorg/config/inputdevice/keyboard/model string pc105
xserver-xorg xserver-xorg/config/inputdevice/keyboard/options string lv3:ralt_switch
xserver-xorg xserver-xorg/autodetect_monitor boolean false
xserver-xorg xserver-xorg/autodetect_keyboard boolean true
xserver-xorg xserver-xorg/autodetect_mouse boolean true
xserver-xorg xserver-xorg/autodetect_video_card boolean true
console-setup console-setup/variant select Germany
console-setup console-setup/charmap select UTF-8
console-setup console-setup/layoutcode string de
console-setup console-setup/compose select No compose key
console-setup console-setup/fontsize-text select 16
console-setup console-setup/optionscode string lv3:ralt_switch
console-setup console-setup/layout select Germany
console-setup console-setup/detected note
console-setup console-setup/variantcode string
console-setup console-setup/codesetcode string Lat15
console-setup console-setup/modelcode string pc105
console-setup console-setup/ask_detect boolean false
console-setup console-setup/altgr select Right Alt
console-setup console-setup/ttys string /dev/tty[1-6]
console-setup console-setup/model select Generic 105-key (Intl) PC
console-setup console-setup/fontsize-fb select 16
console-setup console-setup/switch select No temporary switch
console-setup console-setup/codeset select # Latin1 and Latin5 - western Europe and Turkic languages
console-setup console-setup/toggle select No toggling
console-setup console-setup/fontface select VGA
console-setup console-setup/fontsize string 16
tzdata tzdata/Zones/Etc select UTC
tzdata tzdata/Zones/Europe select Berlin
tzdata tzdata/Areas select Europe

132
roles/fai/files/profiles/debconf/HW4F_DESKTOP2
View File

File diff suppressed because one or more lines are too long

261
roles/fai/files/profiles/debconf/UBUNTU_DESKTOP
View File

File diff suppressed because one or more lines are too long

16
roles/fai/files/profiles/disk_config/CENTOS
View File

@ -1,16 +0,0 @@
# example of new config file for setup-storage
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
# Note that the CentOS 5 version of GRUB cannot read from ext3 filesystems with inode_size > 128
# CentOS 5.6 needs /boot as ext3, so we use ext3 for /
#primary / 350 ext3 rw,noatime,errors=remount-ro createopts="-L ROOT -I 128"
# use following line for CentOS 7
primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT"
logical swap 200-10G swap sw createopts="-L SWAP"
logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"

7
roles/fai/files/profiles/disk_config/CLOUD
View File

@ -1,7 +0,0 @@
# config for a disk image for a VM
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid align-at:1M
primary / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"

9
roles/fai/files/profiles/disk_config/FAIBASE
View File

@ -1,9 +0,0 @@
# example of new config file for setup-storage
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
primary / 2G-50G ext4 rw,noatime,errors=remount-ro
logical swap 200-10G swap sw
logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"

10
roles/fai/files/profiles/disk_config/FAIBASE_EFI
View File

@ -1,10 +0,0 @@
# example of new config file for setup-storage
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
primary /boot/efi 512M vfat rw
primary / 2G-50G ext4 rw,noatime,errors=remount-ro
primary swap 200-10G swap sw
primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"

11
roles/fai/files/profiles/disk_config/FAISERVER
View File

@ -1,11 +0,0 @@
# config file for an FAI install server
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:msdos fstabkey:uuid
primary / 2G-15G ext4 rw,noatime,errors=remount-ro
logical swap 200-1000 swap sw
logical /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0"
logical /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0"
logical /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0"

12
roles/fai/files/profiles/disk_config/FAISERVER_EFI
View File

@ -1,12 +0,0 @@
# config file for an FAI install server
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
disk_config disk1 disklabel:gpt fstabkey:uuid
primary /boot/efi 512M vfat rw
primary / 2G-15G ext4 rw,noatime,errors=remount-ro
primary swap 200-1000 swap sw
primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0"
primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0"
primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0"

5
roles/fai/files/profiles/disk_config/HW4F_DESKTOP
View File

@ -1,5 +0,0 @@
disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
primary / 2G-50G ext4 rw,noatime,errors=remount-ro
logical swap 200-10G swap sw
logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"

6
roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI
View File

@ -1,6 +0,0 @@
disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
primary /boot/efi 512M vfat rw
primary / 2G-50G ext4 rw,noatime,errors=remount-ro
primary swap 200-10G swap sw
primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"

15
roles/fai/files/profiles/disk_config/LVM
View File

@ -1,15 +0,0 @@
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
# entire disk with LVM, separate /home
disk_config disk1 fstabkey:uuid align-at:1M
primary /boot 200 ext2 rw,noatime
primary - 4G- - -
disk_config lvm
vg vg1 disk1.2
vg1-root / 3G-50G ext4 noatime,rw
vg1-swap swap 200-4G swap sw
vg1-home /home 600- ext4 noatime,nosuid,nodev,rw

16
roles/fai/files/profiles/disk_config/LVM_EFI
View File

@ -1,16 +0,0 @@
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
# entire disk with LVM, separate /home
disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M
primary /boot/efi 512M vfat rw
primary /boot 200 ext2 rw,noatime
primary - 4G- - -
disk_config lvm
vg vg1 disk1.3
vg1-root / 3G-50G ext4 noatime,rw
vg1-swap swap 200-4G swap sw
vg1-home /home 600- ext4 noatime,nosuid,nodev,rw

12
roles/fai/files/profiles/disk_config/XENIAL
View File

@ -1,12 +0,0 @@
# example of new config file for setup-storage
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
# this is a copy of FAIBASE, but with metadata_csum disabled.
# Ubuntu XENIAL does not yet suport this option
disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum"
logical swap 200-1G swap sw
logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0"

13
roles/fai/files/profiles/disk_config/XENIAL_EFI
View File

@ -1,13 +0,0 @@
# example of new config file for setup-storage
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
# this is a copy of FAIBASE, but with metadata_csum disabled.
# Ubuntu XENIAL does not yet suport this option
disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
primary /boot/efi 512M vfat rw
primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum"
primary swap 200-1G swap sw
primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0"

5
roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN
View File

@ -1,5 +0,0 @@
DPkg {
Options {
"--force-confdef";
}
};

11
roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT
View File

@ -1,11 +0,0 @@
Package: *
Pin: origin live.linuxmint.com
Pin-Priority: 750
Package: *
Pin: release o=linuxmint,c=upstream
Pin-Priority: 700
Package: *
Pin: release o=Ubuntu
Pin-Priority: 500

0
roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP
View File

3
roles/fai/files/profiles/files/etc/apt/sources.list/GNOME
View File

@ -1,3 +0,0 @@
deb {%apt_cdn%}/debian {%release%} main
deb {%security_cdn%}/debian-security {%release%}/updates main
deb {%apt_cdn%}/debian {%release%}-updates main

BIN
roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN
View File

Binary file not shown.

BIN
roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA
View File

Binary file not shown.

BIN
roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP
View File

Binary file not shown.

BIN
roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU
View File

Binary file not shown.

49
roles/fai/files/profiles/files/etc/default/console-setup/HW4F_DESKTOP
View File

@ -1,49 +0,0 @@
# A configuration file for setupcon
# Change to "yes" and setupcon will explain what is being doing
VERBOSE_OUTPUT=no
# Setup these consoles. Most people do not need to change this.
ACTIVE_CONSOLES="/dev/tty[1-6]"
# Put here your encoding. Valid charmaps are: UTF-8 ARMSCII-8 CP1251
# CP1255 CP1256 GEORGIAN-ACADEMY GEORGIAN-PS IBM1133 ISIRI-3342
# ISO-8859-1 ISO-8859-2 ISO-8859-3 ISO-8859-4 ISO-8859-5 ISO-8859-6
# ISO-8859-7 ISO-8859-8 ISO-8859-9 ISO-8859-10 ISO-8859-11 ISO-8859-13
# ISO-8859-14 ISO-8859-15 ISO-8859-16 KOI8-R KOI8-U TIS-620 VISCII
CHARMAP="UTF-8"
# The codeset determines which symbols are supported by the font.
# Valid codesets are: Arabic Armenian CyrAsia CyrKoi CyrSlav Ethiopian
# Georgian Greek Hebrew Lao Lat15 Lat2 Lat38 Lat7 Thai Uni1 Uni2 Uni3
# Vietnamese. Read README.fonts for explanation.
CODESET="Lat15"
# Valid font faces are: VGA (sizes 8, 14 and 16), Terminus (sizes
# 12x6, 14, 16, 20x10, 24x12, 28x14 and 32x16), TerminusBold (sizes
# 14, 16, 20x10, 24x12, 28x14 and 32x16), TerminusBoldVGA (sizes 14
# and 16), Fixed (sizes 13, 14, 15, 16 and 18), Goha (sizes 12, 14 and
# 16), GohaClassic (sizes 12, 14 and 16).
FONTFACE="VGA"
FONTSIZE="16"
# You can also directly specify nonstandard font and ACM to load:
# FONT=/usr/local/share/funnyfonts/sarge16.psf
# ACM=/usr/local/share/consoletrans/my_special_encoding.acm
# The following variables describe your keyboard and can have the same
# values as the XkbModel, XkbLayout, XkbVariant and XkbOptions options
# in /etc/X11/xorg.conf.
XKBMODEL="pc105"
XKBLAYOUT="de"
XKBVARIANT=""
XKBOPTIONS=""
# Do not update the following md5 sum if you change
# /etc/console-setup/boottime.kmap.gz and Debconf will not overwrite
# your custom keymap. Do not update it even if you want to make
# Debconf overwrite it. Instead simply specify the empty string as
# a md5 sum.
BOOTTIME_KMAP_MD5=""

6
roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD
View File

@ -1,6 +0,0 @@
# Disable systemd's network interface name management.
# References:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385
# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT net.ifnames=0"

1
roles/fai/files/profiles/files/etc/default/locale/HW4F_DESKTOP
View File

@ -1 +0,0 @@
LANG="de_DE.UTF-8"

8
roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER
View File

@ -1,8 +0,0 @@
# See fai.conf(5) for detailed information.
# Account for saving log files and calling fai-chboot.
LOGUSER=fai
# URL to access the fai config space
# If undefined, use default nfs://<install server>/$FAI_CONFIGDIR
FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config

15
roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER
View File

@ -1,15 +0,0 @@
# For a detailed description see nfsroot.conf(5)
# "<suite> <mirror>" for debootstrap
FAI_DEBOOTSTRAP="buster http://deb.debian.org/debian"
FAI_ROOTPW='$5$n4TiokMaqws2PC/i$eqDh77it8N/haBU6OeE6WqbBjI0E1IUczp2EJ7Tr4J/'
NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/
FAI_DEBOOTSTRAP_OPTS="--exclude=info"
# Configuration space
FAI_CONFIGDIR=/srv/fai/config
NFSROOT_ETC_HOSTS="192.168.33.250 faiserver"

4
roles/fai/files/profiles/files/etc/motd/FAIBASE
View File

@ -1,4 +0,0 @@
Plan your installation, and FAI installs your plan.

8
roles/fai/files/profiles/files/etc/rc.local/CLOUD
View File

@ -1,8 +0,0 @@
#! /bin/bash
# regenerate ssh_host keys
ls /etc/ssh/ssh_host_* >/dev/null 2>&1
if [ $? -ne 0 ]; then
dpkg-reconfigure -fnoninteractive openssh-server
fi
rm $0

102
roles/fai/files/profiles/files/etc/rc.local/FAISERVER
View File

@ -1,102 +0,0 @@
#! /bin/bash
# setup script that is only run once at boot time
# set up an FAI install server
NORMAL='\E(B\E[m'
RED='\E[31m'
GREEN='\E[32m'
set -o pipefail
# setup network
nic=$(awk '/iface/ {print $2}' /etc/network/interfaces |egrep -v ^lo)
ifup $nic
# regenerate ssh_host keys
ls /etc/ssh/ssh_host_* > /dev/null
if [ $? -ne 0 ]; then
dpkg-reconfigure -fnoninteractive openssh-server
fi
sleep 8
[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart
echo "================================="
echo "Setting up the FAI install server"
echo "This will take a few minutes"
echo "================================="
. /etc/fai/fai.conf
. /etc/fai/nfsroot.conf
# copy the simple examples and pimp my config space
if [ ! -d "$FAI_CONFIGDIR/class" ]; then
mkdir -p $FAI_CONFIGDIR
cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR
ainsl /srv/fai/config/class/FAIBASE.var "^LOGUSER=fai"
myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1)
echo "APTPROXY=http://$myip:3142" >> /srv/fai/config/class/DEBIAN.var
fi
# set the LOGUSER, wo we get all the logs from our install clients
ainsl /etc/fai/fai.conf "^LOGUSER=fai"
# make index, then import the packages from the CD mirror
apt-get update >/dev/null
curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null
# setup the FAI server, including creating the nfsroot, use my own proxy
export APTPROXY="http://127.0.0.1:3142"
if [ -f /var/tmp/base.tar.xz ]; then
fai-setup -fvB /var/tmp/base.tar.xz > /var/log/fai/fai-setup.log 2>&1
else
fai-setup -fv > /var/log/fai/fai-setup.log 2>&1
fi
if [ $? -eq 0 ]; then
rm /var/tmp/base.tar.xz
echo ""
echo "================================================"
echo -e "Setting up the FAI server was ${GREEN}successful${NORMAL}"
echo "================================================"
echo ""
sleep 10
else
echo ""
echo "=================================================="
echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!"
echo "Read /var/log/fai/fai-setup.log for more debugging"
echo "=================================================="
echo ""
sleep 10
exit 99
fi
cat <<EOF >> /srv/fai/nfsroot/etc/fai/fai.conf
# use short hostname instead of FQDN
export HOSTNAME=\${HOSTNAME%%.*}
echo \$HOSTNAME > /proc/sys/kernel/hostname
EOF
# create default pxelinux boot configuration
fai-chboot -o default
# create a template for booting the installation
fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config buster.tmpl
# Since we do not know the MAC address, our DHCP cannot provide the hostname.
# Therefore we do explicitly set the hostname
fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=xfcehost xfcehost
fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=demohost demohost
for c in {01..10}; do
fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=client$c client$c
done
fai-monitor > /var/log/fai/fai-monitor.log &
# move me away
mv $0 /var/tmp
# create new rc.local for next reboot
echo '#! /bin/bash' > /etc/rc.local
echo 'fai-monitor > /var/log/fai/fai-monitor.log &' >> /etc/rc.local
chmod a+rx /etc/rc.local
exit 0

12
roles/fai/files/profiles/files/etc/selinux/config/CENTOS
View File

@ -1,12 +0,0 @@
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes

3
roles/fai/files/profiles/hooks/debconf.CENTOS
View File

@ -1,3 +0,0 @@
#! /bin/bash
skiptask debconf

45
roles/fai/files/profiles/hooks/debconf.IMAGE
View File

@ -1,45 +0,0 @@
#! /bin/bash
# hook for installing a file system image (tar file)
# this works for Ubuntu 14.04
#
# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de
# I use this tar command to create the image of an already running and configured machine
# tar -cf /tmp/IMAGE.tar --exclude /tmp/\* --exclude /run/\* --exclude /proc/\* --exclude /sys/\* --exclude /dev/\* /
# add --xattrs --selinux --acls if needed (for CentOS 7)
# Then copy this image to /srv/fai/config/basefiles/IMAGE.tar and make sure your client belongs to the class IMAGE
skiptask extrbase debconf repository updatebase instsoft
skiptask configure # do not run the usual configure scripts
# we assume, that the new host will get its hostname and IP via DHCP
# remove old hostname
fgrep -v 127.0.1.1 $target/etc/hosts >> /tmp/fai/hosts
mv /tmp/fai/hosts $target/etc/hosts
rm $target/etc/hostname
#install grub
mount -t proc proc $FAI_ROOT/proc
mount -t sysfs sysfs $FAI_ROOT/sys
mount --bind /dev $FAI_ROOT/dev
if [ -f $target/etc/debian_version ]; then
$ROOTCMD grub-install $BOOT_DEVICE
$ROOTCMD update-grub
fi
if [ -f $target/etc/centos-release ]; then
rm $target/etc/grub2/device.map
$FAI/scripts/CENTOS/40-install-grub
$FAI/scripts/CENTOS/30-mkinitrd
$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
fi
# things that may be adjusted:
#
# MAC address ?? (not needed for Ubuntu, it uses iftab(5)
# /etc/hosts may contain the IP and name of the original host
# /etc/hostname (for Ubuntu just remove it)
# /var/lib/NetworkManager/dhclient-eth0.conf?

25
roles/fai/files/profiles/hooks/instsoft.DEBIAN
View File

@ -1,25 +0,0 @@
#! /bin/bash
# if package locales will be installed, then install it early, before
# other packages
if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then
exit 0
fi
fcopy -Bi /etc/apt/apt.conf.d/force_confdef
ainsl -a /etc/ucf.conf "^conf_force_conffold=YES"
# in case the locales are already included inside the base file (Ubuntu)
if [ -f $target/usr/sbin/locale-gen ]; then
exit
fi
# if we want to install locales, install them now
install_packages -l 2>/dev/null | egrep -q ' locales|locales '
if [ $? -eq 0 ]; then
if [ X$verbose = X1 ]; then
$ROOTCMD apt-get -y install locales
else
$ROOTCMD apt-get -y install locales > /dev/null
fi
fi

31
roles/fai/files/profiles/hooks/repository.CENTOS
View File

@ -1,31 +0,0 @@
#! /bin/bash
# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
if [ $FAI_ACTION = "install" ]; then
mount -t proc proc $target/proc
mount -t sysfs sysfs $target/sys
[ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
cat > $target/etc/sysconfig/network <<-EOF
NETWORKING=yes
HOSTNAME=$HOSTNAME.$DOMAIN
EOF
echo "127.0.0.1 localhost" > $target/etc/hosts
ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
cp /etc/resolv.conf $target/etc
fi
mkdir $target/dev/pts
mknod -m 000 $target/dev/pts/ptmx c 5 2
fcopy -riv /etc/yum.repos.d/
# disable the fastestmirror plugin
#sed -i -e 's/enabled=1/enabled=0/' $target/etc/yum/pluginconf.d/fastestmirror.conf
skiptask repository
exit $error

223
roles/fai/files/profiles/hooks/savelog.LAST.sh
View File

@ -1,223 +0,0 @@
#! /bin/bash
# parse all log files for error messages
# print errors and warnings found to error.log
# WARNING: This will only work with english error messages!
errfile=$LOGDIR/error.log
# Define grep patterns. Do not start or end with an empty line!
globalerrorpatterns="error
fail
warn
bad
bad
no space
syntax
Couldn't stat
Cannot access
conflict
is bigger than the limit
did not exist
non existent
not found
couldn't
can't
E: Sorry, broken packages
^E:
operator expected
ambiguous redirect
No previous regular expression
No such
Device or resource busy
unknown option
[a-z]\+\.log:E:
No candidate version found
segfault
Couldn't find any package whose name or description matched
cannot create
The following packages have unmet dependencies"
globalignorepatterns="[a-z]\+\.log:#
Error: Driver 'pcspkr' is already registered, aborting
: bytes packets errors dropped
:+ error=0
:+ trap error=
task_error_func=
STOP_ON_ERROR=
courier-webadmin
plugins-bad
Enabling conf localized-error-pages
ibwebadmin
kernel-patch-badram
kolab-webadmin
kolabadmin
gstreamer.\+-plugins-really-bad
liberrors.so
liberrors-samba
libsamba-errors
gsambad
libad
libtest-nowarnings-perl
libtest-warn-perl
libclass-errorhandler-perl
zope-ploneerrorreporting
libroxen-errormessage
liberror-perl
perl-Error
libgpg-error-dev
libgpg-error0
Opts:.\+errors=remount
[RT]X packets:
WARNING: unexpected IO-APIC
warned about = ( )
daemon.warn
kern.warn
rw,errors=
Expect some cache
no error
failmsg
RPC call returned error 101
deverror.out
(floppy), sector 0
mount version older than kernel
Can't locate module
Warning only .\+MB will be used.
hostname: Host name lookup failure
I can't tell the difference.
warning, not much extra random data, consider using the -rand option
confC._FILE
Warning: 3 database(s) sources
were not found, (but were created)
removing exim
The home dir you specified already exists.
No Rule for /usr/lib/ispell/default.hash.
/usr/sbin/update-fonts-.\+: warning: absolute path
hostname: Unknown server error
EXT2-fs warning: checktime reached
RPC: sendmsg returned error 101
can't print them to stdout. Define these classes
warning: downgrading
suppress emacs errors
echo Error:
Can't open dependencies file
documents in /usr/doc are no longer supported
if you have both a SCSI and an IDE CD-ROM
Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon
Monitoring disabled
Error: only one processor found.
Error Recovery Strategy:
sector 0 does not have an
syslogin_perform_logout: logout() returned an error
grub is not in an XFS filesystem.
grub-install: line 374:
grub-probe: error: Cannot open \`/boot/grub/device.map'
is harmless
not updating .\+ font directory data.
register_serial(): autoconfig failed
Fontconfig error: Cannot load default config file
asking for cache data failed
However, I can not read the target:
Warning: The partition table looks like it was made
task_error=0
task_local_error=0
^info: Trying to set
warning: /usr/lib/X11/fonts
can't read /etc/udev/rules.d/z25_persistent-net.rules
/cow': No such file or directory
Dummy start-stop-daemon called
X: bytes packets errors
ACPI Error
ACPI Warning
AE_NOT_FOUND
conflicts with ACPI region
cannot stat \`/etc/modprobe.d/\*.conf'
cdrom: open failed.
libgpg-error
process \`kudzu' used the deprecated sysctl system call
PM: Resume from disk failed
JBD: barrier-based sync failed
aufs: module is from the staging directory, the quality is unknown
warning: linuxlogo stop runlevel arguments (none) do not match
insserv: warning: script .\+ missing LSB tags and overrides
live-premount.\+ If this fails
cannot read table of mounted file systems
error: no alternatives for
ERST: Error Record Serialization Table (ERST) support is initialized
ERST: Table is not found
HEST: Table not found
failed to stat /dev/pts
Failed to connect to socket /var/run/dbus/system_bus_socket
fail to add MMCONFIG information
can't initialize iptables table
can't initialize ip6tables table
Authentication warning overridden
41-warning.sh
PCCT header not found
Download is performed unsandboxed as root as file
update-alternatives: warning: skip creation of
loop: module verification failed: signature
Warning: apt-key output should not be parsed
WARNING: Failed to connect to lvmetad. Falling back to device scanning
Warning: The home dir /var/lib/usbmux you specified
diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory
error reporting disabled
Enabling Firmware First mode for corrected errors
errors: 0
0 errors
Memory Error Correction:
Memory Controller 0 - Channel . Error
IIO RAS/Control Status/Global Errors
RAS: Correctable Errors collector initialized
__stack_chk_fail
grub.cfg.new: Directory nonexistent
can't derive routing for PCI INT A
failed to load isci/isci_firmware.bin
Direct firmware load for isci/isci_firmware.bin failed with error
Loading user firmware failed, using default values
stunnel4 you specified can't be accessed: No such file or directory
install-docs --verbose --check file_name' may give more details about the above errors
cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
can't claim BAR
disabling ASPM
data block query control method not found
subprocess.py.\+RuntimeWarning: line buffering
Resource conflict.\+ found
update-rc.d: warning: start and stop actions are no longer supported"
# add pattern on some conditions
if [ -n $FAI_ALLOW_UNSIGNED ] ; then
globalignorepatterns="$globalignorepatterns
WARNING: untrusted versions
WARNING: The following packages cannot be authenticated
Ignoring these trust violations"
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Here you can define your own patterns. Put one pattern in a line,
# do not create empty lines.
myerrorpatterns="X_X-X_XX"
myignorepatterns="X_X-X_XX"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# The main routine
errorpatterns="$globalerrorpatterns
$myerrorpatterns"
ignorepatterns="$globalignorepatterns
$myignorepatterns"
cd $LOGDIR || exit 3
if [ -s $errfile ]; then
echo "Errorfile already exists. Aborting." >&2
exit
fi
grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile
if [ X$verbose = X1 ]; then
egrep -v '^software.log:' $errfile > $LOGDIR/tempfile
mv $LOGDIR/tempfile $errfile
fi
if [ -s $errfile ]; then
echo "ERRORS found in log files. See $errfile" >&2
else
echo "Congratulations! No errors found in log files."
fi

7
roles/fai/files/profiles/hooks/setup.DEFAULT.sh
View File

@ -1,7 +0,0 @@
#! /bin/bash
# use short hostname instead of FQDN
export HOSTNAME=${HOSTNAME%%.*}
if [ $do_init_tasks -eq 1 ]; then
echo $HOSTNAME > /proc/sys/kernel/hostname
fi

25
roles/fai/files/profiles/hooks/updatebase.CENTOS
View File

@ -1,25 +0,0 @@
#! /bin/bash
if [ ! -f $target/etc/resolv.conf ]; then
cp /etc/resolv.conf $target/etc
fi
if [ X$verbose = X1 ]; then
echo "Updating base"
$ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
else
$ROOTCMD yum -y update >> $LOGDIR/software.log
fi
$ROOTCMD systemd-machine-id-setup
cat > $target/etc/sysconfig/kernel <<EOF
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel-core
EOF
skiptask updatebase

14
roles/fai/files/profiles/hooks/updatebase.DEBIAN
View File

@ -1,14 +0,0 @@
#! /bin/bash
if [ -n "$APTPROXY" ]; then
echo "Acquire::http::Proxy \"$APTPROXY\";" > $target/etc/apt/apt.conf.d/02proxy
else
rm -f $target/etc/apt/apt.conf.d/02proxy
fi
echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io
# you may want to add i386 arch to amd64 hosts
# if ifclass AMD64; then
# $ROOTCMD dpkg --add-architecture i386
# fi

30
roles/fai/files/profiles/hooks/updatebase.UBUNTU
View File

@ -1,30 +0,0 @@
#! /bin/bash
# use external mirror, remove this script when using a mirror from CD
cat <<EOM > $target/etc/apt/sources.list
# external mirror
deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse
deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse
deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse
EOM
# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
# changed. There is a /var/lib/dpkg/info/locales.config file, which
# overrides /var/lib/dpkg/info/locales.postinst and consults
# /var/lib/locales/supported.d/local instead of the debconf system. (See
# the code in /usr/share/debconf/frontend that prefers locales.config.) This
# hook applies the debconf setting. It must run after FAI's debconf task
# but before dpkg gets a chance to clobber debconf with an empty setting.
if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
$ROOTCMD debconf --owner=locales sh -c '
. /usr/share/debconf/confmodule
db_version 2.0
db_get locales/locales_to_be_generated &&
mkdir -p /var/lib/locales/supported.d &&
echo "$RET" > /var/lib/locales/supported.d/local' &&
$ROOTCMD dpkg-reconfigure locales
fi

30
roles/fai/files/profiles/package_config/CENTOS
View File

@ -1,30 +0,0 @@
PACKAGES dnfgroup
core
minimal-environment
#server-product-environment
#headless-management
PACKAGES dnfgroup XORG
graphical-server-environment
workstation-product-environment
PACKAGES dnfi
NetworkManager
chrony
kernel
dracut
grub2-pc
# CentOS 7
less
openssh
openssh-clients
openssh-server
vim-enhanced
man
curl
unzip
which
ncurses ncurses-base
PACKAGES dnfi LVM
lvm2

10
roles/fai/files/profiles/package_config/CINNAMON
View File

@ -1,10 +0,0 @@
PACKAGES install DEBIAN
task-cinnamon-desktop
network-manager
network-manager-applet
network-manager-config-connectivity-debian
network-manager-gnome
PACKAGES install UBUNTU
cinnamon-desktop-environment
network-manager

56
roles/fai/files/profiles/package_config/DEBIAN
View File

@ -1,56 +0,0 @@
PACKAGES install-norec
apt-transport-https # is only needed for stretch
debconf-utils
file
less
linuxlogo
rsync
openssh-client openssh-server
time
procinfo
nullmailer
eject
locales
console-setup kbd
pciutils usbutils
unattended-upgrades
PACKAGES install NONFREE
# you may want these non-free kernel drivers
firmware-bnx2 firmware-bnx2x firmware-realtek
firmware-linux-nonfree
PACKAGES install I386
linux-image-686-pae
memtest86+
PACKAGES install CHROOT
linux-image-686-pae-
linux-image-amd64-
PACKAGES install AMD64
linux-image-amd64
memtest86+
PACKAGES install ARM64
grub-efi-arm64
linux-image-arm64
PACKAGES install GRUB_PC
grub-pc
PACKAGES install GRUB_EFI
grub-efi
PACKAGES install LVM
lvm2
PACKAGES install CLOUD
unattended-upgrades
PACKAGE install-norec CINNAMON
task-cinnamon-desktop
task-desktop
PACKAGE install-norec GERMAN
task-german

BIN
roles/fai/files/profiles/package_config/DEBIAN.gpg
View File

Binary file not shown.

13
roles/fai/files/profiles/package_config/FAISERVER
View File

@ -1,13 +0,0 @@
PACKAGES install-norec
fai-quickstart
debmirror tcpdump
xorriso grub-pc
lftp curl
netselect
syslinux-common pxelinux
apt-cacher-ng
nscd psmisc
bind9 dnsutils
iptables-persistent
zile

5
roles/fai/files/profiles/package_config/GERMAN
View File

@ -1,5 +0,0 @@
PACKAGES install
task-german
PACKAGES install GNOME
firefox-esr-l10n-de thunderbird-l10n-de

9
roles/fai/files/profiles/package_config/GNOME
View File

@ -1,9 +0,0 @@
PACKAGES install-norec
firefox-esr
#thunderbird
menu gdm3
gnome-core
gconf-editor
gnome-screensaver gnome-system-monitor gnome-system-tools
network-manager-gnome

14
roles/fai/files/profiles/package_config/HW4F_DESKTOP
View File

@ -1,14 +0,0 @@
PACKAGES install
ubuntu-desktop
language-pack-de
language-pack-gnome-de
thunderbird
thunderbird-locale-de
firefox
firefox-locale-de
libreoffice
libreoffice-l10n-de
libreoffice-help-de
ubuntu-software
ubuntu-snappy
snapd

7
roles/fai/files/profiles/package_config/MINT
View File

@ -1,7 +0,0 @@
PACKAGES install-norec DESKTOP
linuxmint-keyring
mint-info-cinnamon
mint-info
mint-meta-cinnamon
mint-meta-core
mint-meta-codecs

34
roles/fai/files/profiles/package_config/STANDARD
View File

@ -1,34 +0,0 @@
PACKAGES install-norec
# the list of standard packages, without any libs and a few packages removed
apt-listchanges
bash-completion
bind9-host
dbus
dnsutils
doc-debian
file
gettext-base
groff-base
hdparm
less
locales
lsof
man-db
manpages
mime-support
ncurses-term
netcat-traditional
openssh-client
pciutils
perl
python
python-minimal
python3
python3-minimal
reportbug
telnet
traceroute
ucf
xz-utils
vim

22
roles/fai/files/profiles/package_config/UBUNTU
View File

@ -1,22 +0,0 @@
PACKAGES install I386
python
python-minimal
linux-image-generic
memtest86+
PACKAGES install CHROOT
linux-image-generic-
PACKAGES install AMD64
linux-image-generic
memtest86+
PACKAGES install GRUB_PC
grub-pc
PACKAGES install GRUB_EFI
grub-efi
PACKAGES install
ubuntu-minimal
unattended-upgrades

6
roles/fai/files/profiles/package_config/XFCE
View File

@ -1,6 +0,0 @@
PACKAGES install-norec
xfce4 # base system
xfce4-goodies # additional tools
lightdm
firefox-esr
network-manager-gnome

12
roles/fai/files/profiles/package_config/XORG
View File

@ -1,12 +0,0 @@
PACKAGES install-norec DEBIAN
xorg xserver-xorg-video-all xserver-xorg-input-all
fonts-freefont-ttf
xscreensaver
xscreensaver-gl
xterm
desktop-base
PACKAGES install UBUNTU
ubuntu-server-
ubuntu-standard
ubuntu-desktop

14
roles/fai/files/profiles/scripts/CENTOS/10-security
View File

@ -1,14 +0,0 @@
#! /bin/bash
# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
# Thomas Lange, 2015-2020
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
$ROOTCMD usermod -p $ROOTPW root
fcopy -v /etc/selinux/config
$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
chmod a+rx $target
exit $error

25
roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd
View File

@ -1,25 +0,0 @@
#! /bin/bash
# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
# (c) Thomas Lange, 2011, Uni Koeln
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
ainsl -v /etc/fstab "proc /proc proc defaults 0 0"
ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0"
version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-`
if [ -f $target/etc/lvm/lvm.conf ]; then
sed -i -e 's/use_lvmetad = 1/use_lvmetad = 0/' $target/etc/lvm/lvm.conf
ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
fi
# add filesystem driver into initrd
ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+="ext4"'
$ROOTCMD dracut -v --kver $version --force
exit $error

96
roles/fai/files/profiles/scripts/CENTOS/40-install-grub
View File

@ -1,96 +0,0 @@
#! /bin/bash
# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
# (c) Thomas Lange 2014
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
if [ -r $LOGDIR/disk_var.sh ] ; then
. $LOGDIR/disk_var.sh
else
echo "disk_var.sh not found!"
exit 1
fi
# CentOS 7 does not have a device.map file, so generate one
if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
echo "# Generated by FAI" >> $target/boot/grub2/device.map
centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
dcount=0
for d in $centosdisks; do
echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map
dcount=$((dcount + 1))
done
fi
bootdev=`device2grub $BOOT_DEVICE`
bootpart=`device2grub $BOOT_PARTITION`
version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-`
if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
bootdir=''
else
bootdir='/boot'
fi
mount -o bind /dev $target/dev
if [ -f $target/usr/sbin/grub2-install ]; then
# CentOS 7
$ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
$ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
else
$ROOTCMD grub-install --just-copy
$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
device $bootdev $BOOT_DEVICE
root $bootpart
setup $bootdev
quit
EOF
ln -s ./menu.lst $target/boot/grub/grub.conf
if [ -f $target/boot/grub/splash.xpm.gz ]; then
pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
else
pretty="color cyan/blue white/blue"
fi
if [ -f $target/sbin/dracut -o -f $target/usr/sbin/dracut ]; then
# CentOS 6
iname=initramfs
else
# CentOS 5
iname=initrd
fi
title=`head -1 $target/etc/redhat-release`
cat > $target/boot/grub/grub.conf <<-EOF
timeout 5
default 0
$pretty
hiddenmenu
title $title
root $bootpart
kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
initrd $bootdir/$iname-$version.img
EOF
fi
umount $target/dev
echo ""
echo "Grub installed on $BOOT_DEVICE = $bootdev"
echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
echo "Root partition is $ROOT_PARTITION"
echo "Boot kernel: $version"
exit $error

29
roles/fai/files/profiles/scripts/CENTOS/50-sysconfig
View File

@ -1,29 +0,0 @@
#! /bin/bash
# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
error=0 ; trap "error=$((error|1))" ERR
cat > $target/etc/sysconfig/clock <<-EOF
UTC=$UTC
ZONE=$TIMEZONE
EOF
cat > $target/etc/sysconfig/i18n <<-EOF
LANG="$DEFAULTLOCALE"
SUPPORTED="$SUPPORTEDLOCALE"
SYSFONT="$CONSOLEFONT"
EOF
cat > $target/etc/sysconfig/keyboard <<-EOF
KEYBOARDTYPE="pc"
KEYTABLE="$KEYMAP"
EOF
if [ -f $target/usr/lib/locale/locale-archive.tmpl \
-a ! -s $target/usr/lib/locale/locale-archive ]; then
mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
fi
fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
exit $error

40
roles/fai/files/profiles/scripts/CENTOS/60-network-scripts
View File

@ -1,40 +0,0 @@
#! /bin/bash
error=0 ; trap "error=$((error|1))" ERR
# determine predictable network names
fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
for field in $fields; do
name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
if [[ $name ]]; then
NIC1=$name
break
fi
done
if [[ ! $name ]]; then
echo "$0: error: could not find systemd predictable network name. Using $NIC1."
fi
if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
# generated by FAI
TYPE=Ethernet
PROXY_METHOD=none
BOOTPROTO=dhcp
DEFROUTE=yes
BROWSER_ONLY=no
IP4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=no
NAME=$NIC1
DEVICE=$NIC1
ONBOOT=yes
EOF
fi
fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
fcopy -ivr /etc/sysconfig/network-scripts
exit $error

21
roles/fai/files/profiles/scripts/CENTOS/80-misc
View File

@ -1,21 +0,0 @@
#! /bin/bash
error=0 ; trap "error=$((error|1))" ERR
# add a $username user account
if [ -n "$username" ]; then
if ! $ROOTCMD getent passwd $username ; then
$ROOTCMD adduser -c "$username user" $username
$ROOTCMD usermod -p "$USERPW" $username
fi
fi
# enable graphical login screen, make run level 5 as default
if [ -f $target/usr/sbin/gdm ]; then
sed -i -e 's/id:3:initdefault:/id:5:initdefault:/' $target/etc/inittab
# do not run this tool
echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
fi
exit $error

3
roles/fai/files/profiles/scripts/CENTOS/90-cleanup
View File

@ -1,3 +0,0 @@
#! /bin/bash
$ROOTCMD yum clean all

11
roles/fai/files/profiles/scripts/CLOUD/10-network
View File

@ -1,11 +0,0 @@
#!/bin/bash
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
# Disable systemd's network interface name management.
# References:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385
# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
fcopy -M /etc/default/grub.d/10_cloud_disable_net.ifnames.cfg
$ROOTCMD update-grub

27
roles/fai/files/profiles/scripts/CLOUD/99-cleanup
View File

@ -1,27 +0,0 @@
#! /bin/bash
fcopy /etc/init.d/expand-root
if [ -f $target/files/etc/init.d/expand-root ]; then
$ROOTCMD insserv --default expand-root
fi
sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config
ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120'
ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr'
ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy'
rm -f $target/etc/resolv.conf \
$target/etc/udev/rules.d/70-persistent-net.rules \
$target/lib/udev/write_net_rules \
$target/etc/mailname \
$target/var/lib/dbus/machine-id
> $target/etc/machine-id
shred --remove $target/etc/ssh/ssh_host_*
# FIXME: DHCP RFC3442 is used incorrect in Azure
if [ -f $target/etc/dhcp/dhclient.conf ]; then
sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf
fi

15
roles/fai/files/profiles/scripts/DEBIAN/10-rootpw
View File

@ -1,15 +0,0 @@
#! /bin/bash
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
# set root password
if [ -n "$ROOTPW" ]; then
$ROOTCMD usermod -p "$ROOTPW" root
else
$ROOTCMD usermod -L root
# enable sudo for user
ainsl /etc/sudoers "$username ALL = ALL"
fi
exit $error

22
roles/fai/files/profiles/scripts/DEBIAN/20-capabilities
View File

@ -1,22 +0,0 @@
#!/bin/bash
#
# Capabilities get lost when creating the fai base.tar.xz image.
# Restore them here.
#
set -e
if [ ! -x $target/sbin/setcap ] ; then
exit 0
fi
for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do
if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then
if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then
echo "Setcap worked! $FILE is not suid!"
fi
fi
done
if [ -x $target/usr/bin/systemd-detect-virt ] ; then
$ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt
fi

125
roles/fai/files/profiles/scripts/DEBIAN/30-interface
View File

@ -1,125 +0,0 @@
#! /bin/bash
netplan_yaml() {
# network configuration using ubuntu's netplan.io
local IFNAME="$1"
local METHOD="$2"
echo "Generating netplan configuration for $IFNAME ($METHOD)" >&2
echo "# generated by FAI"
echo "network:"
echo " version: 2"
echo " renderer: $RENDERER"
case "$RENDERER" in
networkd)
echo " ethernets:"
echo " $IFNAME:"
case "$METHOD" in
dhcp)
echo " dhcp4: true"
;;
static)
echo " addresses: [$CIDR]"
echo " gateway4: $GATEWAYS_1"
echo " nameservers:"
echo " search: [$DOMAIN]"
echo " addresses: [${DNSSRVS// /, }]"
;;
esac
esac
}
iface_stanza() {
# classic network configuration using /etc/network/interfaces
local IFNAME="$1"
local METHOD="$2"
echo "Generating interface configuration for $IFNAME ($METHOD)" >&2
echo "# generated by FAI"
echo "auto $IFNAME"
echo "iface $IFNAME inet $METHOD"
case "$METHOD" in
static)
echo " address $IPADDR"
echo " netmask $NETMASK"
echo " broadcast $BROADCAST"
echo " gateway $GATEWAYS"
;;
esac
}
newnicnames() {
# determine predictable network names only for stretch and above
local name
[ $do_init_tasks -eq 0 ] && return
[ -z "$NIC1" ] && return
ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev)
if dpkg --compare-versions $ver lt 220-7; then
return
fi
fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
for field in $fields; do
name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
if [[ $name ]]; then
NIC1=$name
return
fi
done
# try to get altname net dev
name=$(ip link show $NIC1 | awk '/altname / { print $2 }')
if [[ $name ]]; then
NIC1=$name
return
else
echo "$0: error: could not find systemd predictable network name. Using $NIC1."
fi
}
if [ -z "$NIC1" ]; then
echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces."
fi
CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}')
newnicnames
case "$FAI_ACTION" in
install|dirinstall)
ifclass DHCPC && METHOD=dhcp || METHOD=static
ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd
if [ -d $target/etc/netplan ]; then
# Ubuntu >= 17.10 with netplan.io
if [ -n "$NIC1" ]; then
netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml
fi
elif [ -d $target/etc/network/interfaces.d ]; then
# ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
iface_stanza lo loopback > $target/etc/network/interfaces.d/lo
if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then
iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1
fi
else
(
iface_stanza lo loopback
iface_stanza $NIC1 $METHOD
) > $target/etc/network/interfaces
fi
if ! ifclass DHCPC ; then
[ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks
if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then
cp -p /etc/resolv.conf $target/etc
fi
fi
;;
esac
# here fcopy is mostly used, when installing a client for running in a
# different subnet than during the installation
fcopy -iM /etc/resolv.conf
fcopy -iM /etc/network/interfaces /etc/networks
exit $error

Some files were not shown because too many files have changed in this diff Show More