diff --git a/README.md b/README.md index 98caf79..22b12a9 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # HW4F Netboot Installer -Server die automatische Installation über das Netzwerks von Ubuntu 20.04 -im Rahmen des Projekts [https://hardwareforfuture.de](**Hardware for Future**) -des [https://dezentrale.space/](dezentrale e.V). +Server die automatische Installation über das Netzwerks von Ubuntu 22.04 +im Rahmen des Projekts [**Hardware for Future**](https://hardwareforfuture.de) +des [dezentrale e.V](https://dezentrale.space/). Für den Betrieb wird einmalig eine Internetverbindung benötigt. Der Server wird über Ansible aufgesetzt. @@ -11,7 +11,8 @@ u.a. FAI (Fully Automatic Installation). Mit dem Server wird ein Netz aufgespannt, welches für den Anschluß des zu installierenden Rechner verwendet wird. Wenn die Rechner mit dem Netzwerk verbunden sind, -können sie über einen Netzwerkboot (F-Testen beim Start des Rechners) über PXE gebootet werden. +können sie über einen Netzwerkboot +(zumeist F12-Taste für das Bootmenü beim Start des Rechners) über PXE gebootet werden. PXE lädt die erforderliche Dateien vom Server und der FAI-Installer installiert dann Ubuntu auf den Rechner. @@ -20,25 +21,50 @@ Das Passwort ist `fai`. Dieser Nutzer kann Administrationsrechte erlangen. Das Passwort muss im Anschluss geändert werden. + +## Verweise + +* [FAI Project](https://fai-project.org) +* [FAI Project - Available distributions](https://fai-project.org/download/dists/) +* [FAI Project - FAI-Guide](https://fai-project.org/fai-guide/) +* [FAI Project - Variables](https://wiki.fai-project.org/index.php/Variables) +* [github.com faiproject/fai](https://github.com/faiproject/fai) +* [github.com faiproject/fai-config](https://github.com/faiproject/fai-config) +* [iPXE](https://ipxe.org) +* [Ansible](https://www.ansible.com) + + +## Komponenten + +* DHCP: isc-dhcp-server +* TFTP: tftpd-hpa +* DNS: unbound +* ntp: ntp +* time: inetd +* HTTP: nginx +* rtime: inetd +* Apt Cache: apt-cacher-ng + + ## Voraussetzungen Server: -* Debian Buster +* Debian Bullseye * Zwei Netzwerkports oder zwei Netzwerkkarten (1x für WAN, 1x für LAN und FAI) Zu installierende Clients: -* CPU mit x86-64 Unterstützung -* 512 MB RAM empfohlen -* mehr als 20 GB Festsplatte oder SSD -* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder iPXE-CD zum Booten der Rechner +* CPU amd64 mit Unterstützung für Hardwarevirtualisierung +* 1GiB empfohlen (min. 512MB RAM) +* mehr als 20 GB SSD oder Festplatte +* PXE-fähig oder USB-Stick mit bootfähigen iPXE oder + iPXE-CD zum Booten der Rechner ## Verwendung Zunächst Ansible für die automatische Installation und Konfiguration aller Komponeten herunterladen: - ```console apt install python3-pip pip3 install ansible @@ -46,7 +72,6 @@ pip3 install ansible Danach ein Playbook (z.B. `fai.yml`) anlegen und die grundlegende Parameter festlegen: - ```yml - hosts: localhost become: true @@ -57,9 +82,8 @@ und die grundlegende Parameter festlegen: - fai ``` -Einen Eintrag hinzufügen in +Einen Eintrag hinzufügen in `~/.ssh/config` - ``` host hw4f-fai hw4f-fai.intern.dezentrale.space user username @@ -77,9 +101,9 @@ ansible-playbook -i inventory/dezentrale.yml -K --check --diff -v fai.yml ### Virtuale Testinstanz Für eine testweise Installation kann -[https://www.vagrantup.com/](Vagrant) verwendet werden. -Es richtet anhand der *Vagrantfile* eine virtuelle Maschine ein -und provisioniert sie mittels Ansible. +[Vagrant](https://www.vagrantup.com/) verwendet werden. +Es richtet anhand des *Vagrantfile* eine virtuelle Maschine ein +und provisioniert sie anschließend automatisch mittels Ansible. Vagrant unterstützt verschiedene Provider für Virtualisierungslösungen bspw. VirtualBox oder libvirt/KVM. @@ -87,14 +111,20 @@ Zur Verwendung muss Vagrant zunächst installiert werden. Hier beispielsweise zusammen mit VirtualBox: ``` +### VIRTUALBOX apt install vagrant virtualbox +### Libvirt/KVM +apt install vagrant qemu-system-x86 ``` Danach kann die virtuelle Umgebung erstellt und automatisch eingerichtet werden: ``` -vagrant up +### INITIAL PROVISIONING +vagrant up --color +### FULL REPROVISIONING +vagrant destroy; vagrant up --color ``` Die Vagrantfile definiert eine Maschinen mit zwei Ethernet-Ports. @@ -112,28 +142,96 @@ Hier kann es helfen das Netzwerk über *Virt-Manager* neuzustarten oder ein weiteres isoliertes Netzwerk zu erstellen und es mit dem zweiten Netzwerkport des FAI-Servers zu verbinden. + +#### Zugriff auf die vagrant VM + +Zugriff auf die vagrant VM wird gewährt über: +``` +vagrant ssh +``` + +Mit Benutzername und Passwort: +``` +### CREDENTIALS +Username: `vagrant` +Password: `vagrant` + +### COMMAND +ssh vagrant@machine-ip +``` + +Mit PubKey Auth +``` +ssh -i .vagrant/machines/hw4f-fai-vagrant/libvirt/private_key \ + vagrant@machine-ip +``` + +#### Zugriff auf die zu installierende Maschine nehmen (Live System) + +Dies ist recht nützlich zur Analyse des Livesystems. + + +Auf dem FAI-Server wird zunächst die IP-Adresse des Clients herausgesucht. +Diese findet sich unter `/var/lib/dhcp/dhcpd.leases`. + +Dann kann per ssh Zugriff genommen werden +``` +### CREDENTIALS +Username: `root` +Password: `fai` +ssh root@192.168.33.10 +``` + +Das Installations log findet sich unter +`tail -f /tmp/fai/fai.log` + + +#### Secrets + +In der folgenden Konfigurationsdatei +wird u.A. auch das Root-Passwort +des Live-Systems festgelegt. + +Die NFS-root configuration findet sich hier +`/etc/fai/nfsroot.conf` + +Das Secret wird definiert in +`/srv/fai/config/class/FAIBASE.var` + +#### Debian Versionen + +`/srv/fai/nfsroot/etc/debian_version` +Ganz alt: 10.6 (Buster) -> kein ZST +Neuer versuch: 11.5 (Bullseye) - kein ZST +Neuester Versuch: (Bookworm) + + + ### Konfiguration Über Ansible-Variablen kann die Installation noch weiter angepasst werden. -|**Variable** |**Bedeutung** |**Standard** | -|--- |--- |---------------------------------------- | -|dhcp_interface |NIC des Installtionnetzes (muss gesetzt sein) | | -|wan_interface |NIC zum Internet |`eth0` | -|server_name |Server-Name |hw4f-fai | -|domain_name |Domain-Name des Netzes |local | -|server_ip |IP des Servers |`192.168.33.1` | -|server_netbits |Bits der Netzmaske |`24 ` | -|server_netmask |Netzmaske |`255.255.255.0` | -|apt_cacher_offline_mode |true, um nur den vorhanden Packet-Cache als Repository zu nutzen|false | -|debian_release |Debian Release, was für FAI genutzt werden soll. |buster | -|pxe_preselected_entry |Vorausgewählte iPXE-Eintag |`__exit` (von lokale Datenträger starten)| -|pxe_menu_timeout |Timeout für iPXE-Menu in Milisekunden |5000 | -|ipxe_additional_entries |Zusätzliche Einträge für iPXE-Menu |keine | -|use_apt_cache_for_server |Apt Cache für den Server selbst verwenden |`false` | -|fai_hw4f_profile_username |Desktop Benutzername |`user` | -|fai_hw4f_profile_password |Passwort der Benutzers |`dezentrale` | +|**Variable** |**Beschreibung** |**Standard** | +|--- |--- |---------------------------------------- | +|`dhcp_interface` |NIC des Installationnetzes (muss gesetzt sein) |`eth1` | +|`wan_interface` |NIC zum Internet |`eth0` | +|`server_name` |Server-Name |`hw4f-fai` | +|`domain_name` |Domain-Name des Netzes |`local` | +|`server_ip` |IP des Servers in CIDR-Notation |`192.168.33.9/24` | +|`gateway_ip` |IP des Default-Gateways in CIDR-Notation |`192.168.33.1/24` | +|`apt_cacher_offline_mode` |`true`, um nur den vorhanden Packet-Cache als Repository zu nutzen |`false` | +|`debian_release` |Debian Release, was für FAI genutzt werden soll. |`bullseye` | +|`pxe_preselected_entry` |Vorausgewählte iPXE-Eintag |`exit` (von lokalem Datenträger starten) | +|`pxe_menu_timeout` |Timeout für iPXE-Menu in Millisekunden |5000 | +|`ipxe_additional_entries` |Zusätzliche Einträge für iPXE-Menu |keine | +|`use_apt_cache_for_server` |Apt Cache für den Server selbst verwenden |`false` | +|`fai_hw4f_profile_username` |Desktop Benutzername |`user` | +|`fai_hw4f_profile_username` |Desktop Benutzername |`user` | +|`fai_hw4f_profile_password` |Passwort der Benutzers |`dezentrale` | + +Alle relevanten Netzwerk-Informationen werden +aus der IP-Adresse des Servers abgeleitet. Beispielsweise kann der Server mit obigen Playbook aufgesetzt werden, eine Rechner mit Ubuntu installiert werden und @@ -154,7 +252,11 @@ Danach das Playbook noch einmal ausführen, um die Konfigration zu aktualisieren: ``` -ansible-playbook fai.yml +ansible-playbook -i inventory/dezentrale.yml \ + -l hw4f-fai --diff --ask-become-pass fai.yml +### WHEN "sudo_nopasswd: true" +ansible-playbook -i inventory/dezentrale.yml \ + -l hw4f-fai --diff fai.yml ``` #### Zusätzliche Menü-Einträge im iPXE-Menü @@ -204,23 +306,3 @@ Es sind folgende Felder für jeden Boot-Eintrag möglich: Der vorausgewählt Eintrag kann über `pxe_preselected_entry` mit dem Label ausgewählt werden. Um FAI auszuwählen muss `__fai` gesetzt werden. -## Details - -*TBD* - -### Komponenten - -* DHCP: isc-dhcp-server -* TFTP: tftpd-hpa -* DNS: unbound -* ntp: ntp -* time: inetd -* HTTP: nginx -* rtime: inetd -* Apt Cache: apt-cacher-ng - -## Verweise - -* [https://fai-project.org](FAI Project) -* [https://ipxe.org](iPXE) -* [https://www.ansible.com](Ansible) diff --git a/Vagrantfile b/Vagrantfile index 1cf3432..7bb5d99 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,33 +4,41 @@ def create(config, name) config.vm.define name do |v| v.vm.hostname = name - v.vm.box = "generic/debian10" + v.vm.box = "generic/debian11" v.vm.provider "virtualbox" do |vb| vb.linked_clone = true - vb.cpus = 2 - vb.memory = 1024 + vb.cpus = 6 + vb.memory = 2048 # special thing for virtualbox vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] end v.vm.provider "libvirt" do |lv| - lv.cpus = 2 - lv.memory = 1024 + lv.cpus = 6 + lv.memory = 2048 + lv.disk_driver :cache => "unsafe" end - # add a extra NIC for the DHCP services + # ADD EXTRA NIC FOR THE DHCP SERVICES + # https://github.com/vagrant-libvirt/vagrant-libvirt#provider-options v.vm.network "private_network", auto_config: false, - ip: '192.168.33.1', + ip: '192.168.33.9', netmask: '255.255.255.0', virtualbox__intnet: true, libvirt__dhcp_enabled: false, - libvirt__forward_mode: 'none', - libvirt__guest_ipv6: false, - mode: 'isolated', + libvirt__forward_mode: 'nat', + #libvirt__guest_ipv6: true, + #mode: 'isolated', type: 'ethernet' + $provision_net = <<-EOF + ip a add 192.168.33.9/24 dev eth1 + ip l set up dev eth1 + EOF + v.vm.provision "shell", inline: $provision_net + if ENV['USE_ANSIBLE_IN_VM'] || false # start vagrant with: # @@ -44,9 +52,9 @@ def create(config, name) $provision = <<-EOF sudo apt-get install -y python3-pip pip3 install ansible - echo faiserver ansible_connection=local python_interpreter=/usr/bin/python3 > ~/inventory + #echo "faiserver ansible_connection=local python_interpreter=/usr/bin/python3" > ~/inventory/vagrant.ini cd /home/vagrant/fai - ansible-playbook -i ~/inventory playbook-vagrant.yml + ansible-playbook -i ~/inventory/dezentrale.yml playbook-vagrant.yml EOF # and ran the provision with ansible @@ -55,13 +63,18 @@ def create(config, name) else # provision with ansible and use VM as target host v.vm.provision "ansible" do |ans| - ans.playbook = "playbook-vagrant.yml" + ans.inventory_path = "inventory/dezentrale.yml" + ans.limit = name + #ans.ask_become_pass = true + ans.verbose = "v" + ans.playbook = "fai.yml" + #ans.tags = [ "debug_hostvars", "packages" ] end end end end Vagrant.configure("2") do |config| - create(config, "faiserver") + create(config, "hw4f-fai-vagrant") end diff --git a/fai.yml b/fai.yml index b8fe66a..dc0a35c 100644 --- a/fai.yml +++ b/fai.yml @@ -1,38 +1,6 @@ -- hosts: hw4f-fai - vars: - # Additional entries in iPXE menu - ipxe_additional_entries: - "pmagic": - name: "Partition Magic" - key: p - files: "tools/pmagic" - kernel: "bzImage64" - initrd: - - initrd.img - - fu.img - - m64.img - - files.cgz - imgargs: edd=on vga=normal - "clonezilla2.6.6.15r": - name: "Windows Clonzilla 2.6.6.15 Restore" - key: r - kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" - initrd: - - "images/bios/clonezilla2.6.6-15/initrd.img" - imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"' - "clonezilla2.6.6.15b": - key: b - name: "Windows Clonzilla 2.6.6.15 Backup" - kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" - initrd: - - "images/bios/clonezilla2.6.6-15/initrd.img" - ##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5 - imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs' - "dban": - name: "Dariks boot and nuke (DBAN)" - key: d - kernel: "dban.bzi" - imgargs: "silent vga=785" - +- hosts: all + collections: + - ansible.utils + - ansible.netcommon roles: - fai diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..57a2033 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,121 @@ +--- +### FAI +debian_release_fai: "bookworm" +debian_release_nfsroot: "bookworm" + +### REPOS IN THE FAI-SERVER +repos: + - repo: "deb http://fai-project.org/download bullseye koeln" + filename: "fai" + preferences: + - package: '*' + origin: "fai-project.org" + release_name: "{{ debian_release_fai }}" + pin_priority: 500 + - repo: "deb http://deb.debian.org/debian {{ debian_release_fai }} main contrib non-free" + filename: "{{ debian_release_fai }}" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "{{ debian_release_fai }}" + pin_priority: 500 + - repo: "deb http://deb.debian.org/debian {{ debian_release_fai }}-updates main contrib non-free" + filename: "{{ debian_release_fai }}" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "{{ debian_release_fai }}-updates" + pin_priority: 500 + - repo: "deb http://security.debian.org/debian-security {{ debian_release_fai }}-security main contrib non-free" + filename: "{{ debian_release_fai }}" + - repo: "deb http://deb.debian.org/debian {{ debian_release_fai }}-backports main contrib non-free" + filename: "{{ debian_release_fai }}" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "{{ debian_release_fai }}-backports" + pin_priority: 490 + - repo: "deb http://deb.debian.org/debian testing main contrib non-free" + filename: "testing" + preferences: + - package: '*' + origin: "deb.debian.org" + suite: "testing" + pin_priority: 400 + - repo: "deb http://deb.debian.org/debian testing-updates main contrib non-free" + filename: "testing" + preferences: + - package: '*' + origin: "deb.debian.org" + suite: "testing-updates" + pin_priority: 400 + - repo: "deb http://deb.debian.org/debian sid main contrib non-free" + filename: "sid" + preferences: + - package: '*' + origin: "deb.debian.org" + release_name: "sid" + pin_priority: 120 + - repo: "deb http://deb.debian.org/debian experimental main contrib non-free" + filename: "experimental" + preferences: + - package: '*' + origin: "deb.debian.org" + suite: "experimental" + pin_priority: 110 + - package: '/^fai-.*/' + origin: "deb.debian.org" + suite: "experimental" + pin_priority: 500 + +# Additional entries in iPXE menu +ipxe_additional_entries: + "clonezilla2.6.6.15r": + name: "Windows Clonzilla 2.6.6.15 Restore" + key: r + kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" + initrd: + - "images/bios/clonezilla2.6.6-15/initrd.img" + imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot restoredisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch="http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs"' + "clonezilla2.6.6.15b": + key: b + name: "Windows Clonzilla 2.6.6.15 Backup" + kernel: "images/bios/clonezilla2.6.6-15/vmlinuz" + initrd: + - "images/bios/clonezilla2.6.6-15/initrd.img" + ##boot=live config noswap edd=on nomodeset noprompt nosplash locales=de_DE.UTF-8 keyboard-layouts=de ocs_prerun="dhclient" ocs_live_run="/usr/sbin/ocs-sr -q2 -c -j2 -z1p -i 4096 -fsck -enc -p poweroff savedisk 'Beispiel-`date +%d-%m-%Y`' nvme0n1" ocs_live_extra_param="" ocs_repository="smb://clonezilla:clonezilla@192.168.178.4/Backups/" ocs_live_batch=no ocs_netlink_timeout=5 + imgargs: 'initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_prerun2="sleep 3" ocs_prerun3="mount -t cifs -o user=gast,password= //192.168.33.2/Images /home/partimag" ocs_prerun4="sleep 1" ocs_live_run="sudo ocs-sr -g auto -e1 auto -e2 -r -j2 -c -scr -p reboot savedisk ask_user sda" ocs_live_extra_param="" keyboard-layouts="NONE" ocs_live_batch="no" locales="de_DE.UTF-8" vga=788 nosplash noprompt fetch=http://192.168.33.9/tftp/fai/images/bios/clonezilla2.6.6-15/filesystem.squashfs' +# "pmagic": +# name: "Partition Magic" +# key: p +# files: "tools/pmagic" +# kernel: "bzImage64" +# initrd: +# - initrd.img +# - fu.img +# - m64.img +# - files.cgz +# imgargs: edd=on vga=normal +# "dban": +# name: "Dariks boot and nuke (DBAN)" +# key: d +# kernel: "dban.bzi" +# imgargs: "silent vga=785" +# "memtest": +# name: "Memtest86+" +# key: m +# files: "tools/memtest" +# kernel: "memtest86+-5.31b.bin" +# other: +# name: Menu Entry +# files: path/to/files/to/copy +# kernel: a-kernel-image +# args: some arguments +# initrd: +# - initrd0.img +# - initrd1.img +# - ... +# multiboot: +# - module0.img +# - module1.img +# - ... diff --git a/inventory/dezentrale.yml b/inventory/dezentrale.yml index c061667..4e9cd5a 100644 --- a/inventory/dezentrale.yml +++ b/inventory/dezentrale.yml @@ -1,19 +1,29 @@ all: - hosts: - hw4f-fai: - ansible_nopasswd: True + vars: + ansible_nopasswd: true use_apt_cache_for_server: true # interface for a internet connection - wan_interface: ens18 + wan_interface: "{{ ansible_default_ipv4.interface }}" + # ip of the server of the installer network + server_ip: "192.168.33.8/24" + routers: + - "192.168.33.1" + #nameservers: + fai_config_git: "https://git.dezentrale.cloud/HW4F/fai-config.git" + + hosts: + hw4f-fai: # interface to the clients to install dhcp_interface: ens19 # customized server name server_name: "hw4f-fai" # ip of the server of the installer network - server_ip: 192.168.33.9 - timeservers: - - 192.168.33.1 - routers: - - 192.168.33.1 - #nameservers: - pxe_preselected_entry: "fai" + hw4f-fai-vagrant: + ansible_host: "192.168.33.9" + #ansible_connection: "local" + #python_interpreter: "/usr/bin/python3" + # interface to the clients to install + dhcp_interface: eth1 + # customized server name + server_name: "hw4f-fai-vagrant" + #localhost: diff --git a/ip_calc.yml b/ip_calc.yml new file mode 100644 index 0000000..929ad1f --- /dev/null +++ b/ip_calc.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + tasks: + - name: "Debug ipddr() filter" + vars: + server_ip: "192.168.33.9/24" + ansible.builtin.debug: + msg: | + network/prefix: "{{ server_ip | ipaddr('network/prefix') }}" + network: "{{ server_ip | ipaddr('network') }}" + address: "{{ server_ip | ipaddr('address') }}" + prefix: "{{ server_ip | ipaddr('prefix') }}" + netmask: "{{ server_ip | ipaddr('netmask') }}" + broadcast: "{{ server_ip | ipaddr('broadcast') }}" + delegate_to: localhost diff --git a/playbook-vagrant.yml b/playbook-vagrant.yml deleted file mode 100644 index ebcdab3..0000000 --- a/playbook-vagrant.yml +++ /dev/null @@ -1,35 +0,0 @@ -- hosts: faiserver - become: true - vars: - # interface to the clients to install - dhcp_interface: eth1 - # interface for a internet connection - wan_interface: "{{ ansible_default_ipv4.interface }}" - # customized server name - server_name: faiserver - # ip of the server of the installer network - server_ip: 192.168.33.1 - - pxe_preselected_entry: __fai - - ipxe_additional_entries: - memtest: - name: Memtest86+ - files: tools/memtest - kernel: memtest86+-5.31b.bin - # other: - # name: Menu Entry - # files: path/to/files/to/copy - # kernel: a-kernel-image - # args: some arguments - # initrd: - # - initrd0.img - # - initrd1.img - # - ... - # multiboot: - # - module0.img - # - module1.img - # - ... - - roles: - - fai diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml index 47afb54..4d1853c 100644 --- a/roles/fai/defaults/main.yml +++ b/roles/fai/defaults/main.yml @@ -1,29 +1,101 @@ --- -# defaults file for fai +### FAI defaults +debian_release_fai: "bullseye" +debian_release_nfsroot: "bullseye" +ubuntu_mirror_url: "http://archive.ubuntu.com" -dhcp_interface: eth1 +dhcp_interface: "eth1" wan_interface: "{{ (ansible_default_ipv4 |d(ansible_default_ipv6)).interface }}" -server_name: faiserver -domain_name: local -server_ip: 192.168.33.1 -server_netbits: 24 -server_netmask: 255.255.255.0 +server_name: "faiserver" +domain_name: "local" +server_ip: "192.168.33.9/24" +server_network_prefix: "{{ server_ip | ipaddr('network/prefix') }}" +server_network: "{{ server_ip | ipaddr('network') }}" +server_address: "{{ server_ip | ipaddr('address') }}" +server_prefix: "{{ server_ip | ipaddr('prefix') }}" +server_netmask: "{{ server_ip | ipaddr('netmask') }}" +server_broadcast: "{{ server_ip | ipaddr('broadcast') }}" +timeservers: + - "{{ server_address }}" +ntpservers: + - "{{ server_address }}" apt_cacher_offline_mode: false -debian_release: buster use_apt_cache_for_server: false -fai_configdir: "/srv/fai/config" -fai_profiles_archive: "config.tar" +fai_etc_dir: "/etc/fai" +fai_dir: "/srv/fai" +fai_dir_config: "{{ fai_dir }}/config" +fai_dir_nfsroot: "{{ fai_dir }}/nfsroot" +fai_dir_nfsroot_boot: "{{ fai_dir_nfsroot }}/boot" +fai_config_archive: "config.tar" fai_squashfs_file: "squash.img" +fai_squashfs_path: "{{ fai_dir_download + '/' + fai_squashfs_file }}" +#fai_loguser: "fai" +fai_menu_default: 'HW4F Desktop Jammy' -fai_hw4f_profile_username: user -fai_hw4f_profile_password: dezentrale +fai_hw4f_rootpw_fai: "fai" +fai_hw4f_profile_username: "user" +fai_hw4f_profile_password: "dezentrale" +fai_hw4f_rootpw: "{{ fai_hw4f_profile_password }}" tftp_dir: "/srv/tftp/fai" + +nginx_root: "/var/www/html" +nginx_dir_config: "/etc/nginx" +nginx_site_available: "{{ nginx_dir_config + '/sites-available/' + ansible_hostname + '.conf' }}" +nginx_site_enabled: "{{ nginx_dir_config + '/sites-enabled/' + ansible_hostname + '.conf' }}" +nginx_site_default: "{{ nginx_dir_config + '/sites-enabled/' + 'default' }}" +fai_dir_download: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}" +fai_dir_basefile: "{{ fai_dir_download + '/' + http_mirror_basefile_path_prefix }}" + +http_mirror: "http://{{ server_name }}" http_mirror_ipxe_path_prefix: "ipxe" http_mirror_fai_path_prefix: "fai" +http_mirror_basefile_path_prefix: "basefile" +http_mirror_ipxe_root_url: "{{ http_mirror + '/' + http_mirror_ipxe_path_prefix }}" +http_mirror_fai_root_url: "{{ http_mirror + '/' + http_mirror_fai_path_prefix }}" +http_mirror_fai_profiles_url: "{{ http_mirror_fai_root_url + '/' + fai_config_archive }}" +http_mirror_fai_squashfs_url: "{{ http_mirror_fai_root_url + '/' + fai_squashfs_file }}" +http_mirror_fai_basefile_url: "{{ http_mirror_fai_root_url + '/' + http_mirror_basefile_path_prefix }}" -ipxe_additional_entries: +ipxe_additional_entries: [] +ipxe_dir_binaries: "/usr/lib/ipxe" +ipxe_dir_download: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}" -pxe_preselected_entry: __exit +pxe_preselected_entry: "fai" +#pxe_preselected_entry: "exit" pxe_menu_timeout: 5000 + +### CLONEZILLA +clonezilla_dir: "{{ nginx_root }}/clonezilla" +clonezilla_dir_download: "{{ clonezilla_dir + '/download' }}" +clonezilla_base_download_url_osdn: "https://osdn.net/dl" +clonezilla_base_download_url_sf: "https://downloads.sourceforge.net" +clonezilla_base_download_url: "{{ clonezilla_base_download_url_osdn }}" +clonezilla_version: "2.8.1-12" +### amd64/i686-pae/i686 +clonezilla_arch: "amd64" +### zip/iso +clonezilla_type: "zip" +clonezilla_archive: "{{ + '/clonezilla-live-' + + clonezilla_version + '-' + + clonezilla_arch + '.' + + clonezilla_type + }}" +clonezilla_download_url: "{{ + clonezilla_base_download_url + + '/clonezilla' + + clonezilla_archive + }}" + +package_set: + core: + debian: + standard: [ + apt-file, apt-transport-https, aptitude, bash-completion, ca-certificates, curl, + dmidecode, dosfstools, git, htop, haveged, iftop, info, iotop, jq, libcrack2, + locales, lsb-release, lsof, man-db, mc, mlocate, openssl, parted, pigz, psmisc, + pv, pwgen, python3-apt, rsync, screen, sqlite3, ssl-cert, strace, sudo, + sysstat, tcpdump, tmux, unattended-upgrades, vim, wget, zsh ] + extra: [ btrfs-progs ] diff --git a/roles/fai/files/bashrc b/roles/fai/files/bashrc new file mode 100644 index 0000000..275619f --- /dev/null +++ b/roles/fai/files/bashrc @@ -0,0 +1,72 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. + +# Note: PS1 and umask are already set in /etc/profile. You should not +# need this unless you want different defaults for root. +# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ ' +# umask 022 + +# You may uncomment the following lines if you want `ls' to be colorized: +export LS_OPTIONS='--color=auto' +eval "`dircolors`" +alias ls='ls $LS_OPTIONS' +alias ll='ls $LS_OPTIONS -l' +alias l='ls $LS_OPTIONS -lA' + +# Some more alias to avoid making mistakes: +# alias rm='rm -i' +# alias cp='cp -i' +# alias mv='mv -i' +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; +esac + +# comment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + alias dir='dir --color=auto' + alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +alias ..='cd ..' diff --git a/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER b/roles/fai/files/examples/etc/dhcpd.conf similarity index 67% rename from roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER rename to roles/fai/files/examples/etc/dhcpd.conf index b0343cc..b6f6f7f 100644 --- a/roles/fai/files/profiles/files/etc/dhcp/dhcpd.conf/FAISERVER +++ b/roles/fai/files/examples/etc/dhcpd.conf @@ -1,18 +1,17 @@ # dhcpd.conf for a fai installation server # replace faiserver with the name of your install server -ignore-client-uids on; deny unknown-clients; option dhcp-max-message-size 2048; use-host-decl-names on; #always-reply-rfc1048 on; subnet 192.168.33.0 netmask 255.255.255.0 { - option routers 192.168.33.1; - option domain-name "fai.example"; + option routers 192.168.33.250; + option domain-name "fai"; option domain-name-servers 192.168.33.250; option time-servers faiserver; -# option ntp-servers faiserver; + option ntp-servers faiserver; server-name faiserver; next-server faiserver; if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" { @@ -21,12 +20,10 @@ subnet 192.168.33.0 netmask 255.255.255.0 { if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007" { filename "fai/syslinux.efi"; } - allow unknown-clients; - pool { - range 192.168.33.100 192.168.33.150; - } } # generate a lot of entries with: -# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet XXX:$_;fixed-address client%02s;}\n",$_,$_;}' -# then replace XXX with the hardware addresses of your clients +# perl -e 'for (1..10) {printf "host client%02s {hardware ethernet 52:54:00:11:23:%02X;fixed-address client%02s;}\n",$_,$_,$_;}' +# then replace 52:54:00:11:23:XX with the hardware addresses of your clients +# 52:54:00:11:23 is a prefix used by fai-kvm +host demohost {hardware ethernet 0:2:a3:b5:c5:41;fixed-address demohost;} diff --git a/roles/fai/files/examples/etc/netgroup b/roles/fai/files/examples/etc/netgroup new file mode 100644 index 0000000..5a0d03c --- /dev/null +++ b/roles/fai/files/examples/etc/netgroup @@ -0,0 +1,43 @@ +# permission for a list of hosts + +# the beowulf cluster +nucleus (nucleus,,) +atom00 (atom00,,) +atom01 (atom01,,) +atom02 (atom02,,) +atom03 (atom03,,) +atom04 (atom04,,) +atom05 (atom05,,) +atom06 (atom06,,) +atom07 (atom07,,) +atom08 (atom08,,) +atom09 (atom09,,) +atom10 (atom10,,) +atom11 (atom11,,) +atom12 (atom12,,) +atom13 (atom13,,) +atom14 (atom14,,) +atom15 (atom15,,) +atom16 (atom16,,) +atom17 (atom17,,) +atom18 (atom18,,) +atom19 (atom19,,) +atom20 (atom20,,) +atom21 (atom21,,) +atom22 (atom22,,) +atom23 (atom23,,) +atom24 (atom24,,) +atom25 (atom25,,) + +atoms atom01 atom02 atom03 atom04 atom05 atom06 atom07 atom08 atom09 atom10 atom11 atom12 atom13 atom14 atom15 atom16 atom17 atom18 atom19 atom20 atom21 atom22 atom23 atom24 atom25 + +# used for script all_hosts +allhosts atom00 atoms + +beowulf atoms atom00 nucleus +homeclients beowulf + +faiclients workstations beowulf + +# this definition grants permission for every host +# faiclients (,,) diff --git a/roles/fai/files/examples/utils/mkdebmirror b/roles/fai/files/examples/utils/mkdebmirror new file mode 100755 index 0000000..ab15bec --- /dev/null +++ b/roles/fai/files/examples/utils/mkdebmirror @@ -0,0 +1,41 @@ +#! /bin/sh + +# Thomas Lange, lange@informatik.uni-koeln.de, (c) 2001-2018 + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - +update_from() { + + # update local mirror from a host + host=$1 + shift + defopt="--keyring /usr/share/keyrings/debian-archive-keyring.gpg --method=http --rsync-extra=none --diff=none $allopt --host=$host --dist=$dist $sect" + + echo "------------------ create mirror for debian ------------------" + debmirror $excl $destdir/debian $defopt $* +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# main program +# +# here you have to adjust the hostnames of the mirror and the names of the distributions + +# excluding dbg_ packages saves a lot of disk space. About 33G for squeeze,wheezy in amd64,i386 +excl="--exclude=-dbg_ --exclude=debian-installer-netboot-images --include=libc6-dbg" + +debug="$@" +arch=amd64 +dist=bullseye,bullseye-backports + +destdir=/files/scratch/debmirror +sect="--section main,contrib,non-free" +allopt="$debug --state-cache-days=100 --ignore-missing-release --ignore-release-gpg --passive --nosource --arch=$arch" + +# first sync from a mirror near to you +#update_from ftp.uni-koeln.de $* +# If this mirror isn't always up to date, sync again from an official mirror + +# sync from an official mirror +update_from deb.debian.org --getcontents $* + +# even one should not mirror the security site, but I will do it. +echo "------------------ create mirror for debian-security ------------------" +debmirror --keyring /usr/share/keyrings/debian-archive-keyring.gpg --method=http $excl $destdir/debian-security $allopt --host=deb.debian.org -r debian-security $sect -d bullseye-security $* diff --git a/roles/fai/files/profiles/basefiles/mk-basefile b/roles/fai/files/profiles/basefiles/mk-basefile deleted file mode 100755 index f091aff..0000000 --- a/roles/fai/files/profiles/basefiles/mk-basefile +++ /dev/null @@ -1,309 +0,0 @@ -#! /bin/bash - -# mk-basefile, create basefiles for some distributions -# -# Thomas Lange, Uni Koeln, 2011-2020 -# based on the Makefile implementation of Michael Goetze -# -# Usage example: mk-basefile -J STRETCH64 -# This will create a STRETCH64.tar.xz basefile. - -# Supported distributions (each i386/amd64): -# Debian GNU/Linux -# Ubuntu 14.04/16.04 -# CentOS 5/6/7/8 -# Scientific Linux Cern 5/6 -# -# Packages you might want to install to use this command: -# debootstrap, rinse, xz-utils - - -# Define your local mirros here -# For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf -MIRROR_DEBIAN=http://deb.debian.org/debian/ -MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/ -MIRROR_CENTOS=http://mirror.netcologne.de/ - -EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info -EXCLUDE_WHEEZY=info -EXCLUDE_JESSIE=info -EXCLUDE_STRETCH=info -EXCLUDE_BUSTER= -EXCLUDE_BULLSEYE= -EXCLUDE_SID= - -EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info -EXCLUDE_XENIAL=udhcpc,dibbler-client,info -EXCLUDE_BIONIC=udhcpc,dibbler-client,info -EXCLUDE_FOCAL=udhcpc,dibbler-client,info - -# here you can add packages, that are needed very early -INCLUDE_DEBIAN= - - -setarch() { - - l32= - if [ X$1 = Xi386 ]; then - l32=linux32 - fi -} - -check() { - - if [ `id -u` != 0 ]; then - echo "You must be root to create chroots." - exit 1 - fi - mknod $xtmp/test-dev-null c 1 3 - if [ $? -eq 1 ]; then - echo "Cannot create device files on $xtmp, aborting." - echo "Perhaps this directory is mounted with option nodev." - rm -rf $xtmp - exit 1 - fi - echo test > $xtmp/test-dev-null - if [ $? -eq 1 ]; then - echo "Cannot create device files on $xtmp, aborting." - echo "Perhaps this directory is mounted with option nodev." - rm -rf $xtmp - exit 1 - fi - rm -f $xtmp/test-dev-null -} - - -mkpost-centos() { - - # set local mirror for rinse post script - [ -z "$MIRROR_CENTOS" ] && return - cat < $xtmp/post -#! /bin/sh -mkdir -p $xtmp/etc/yum.repos.d/orig -cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig -perl -pi -e 's,mirrorlist=,#mirrorlist=,; s,#baseurl=http://mirror.centos.org,baseurl=$MIRROR_CENTOS,;' $xtmp/etc/yum.repos.d/CentOS-Base.repo -EOM - chmod 555 $xtmp/post -} - - -mkpost-slc() { - - # set local mirror for rinse post script - ver=$1 - [ -z "$MIRROR_SLC" ] && return - cat < $xtmp/post -#! /bin/sh -mkdir -p $xtmp/etc/yum.repos.d/orig -cp -p $xtmp/etc/yum.repos.d/*.repo $xtmp/etc/yum.repos.d/orig -perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-os.repo -perl -pi -e 's,baseurl=http://linuxsoft.cern.ch,baseurl=$MIRROR_SLC,;' $xtmp/etc/yum.repos.d/slc$ver-updates.repo - -EOM - chmod 555 $xtmp/post -} - - -cleanup-deb() { - - chroot $xtmp apt-get clean - rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \ - $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \ - $xtmp/etc/udev/rules.d/70-persistent-net.rules - > $xtmp/etc/machine-id -} - - -cleanup-rinse() { - - # check if chroot works - echo "Installed packages in chroot:" - chroot $xtmp rpm -qa|sort - echo -n "CHROOT rpm -qa: " - chroot $xtmp rpm -qa|wc -l - - rm -f $xtmp/etc/resolv.conf $xtmp/post - if [ -d $xtmp/etc/yum.repos.d/orig ]; then - mv $xtmp/etc/yum.repos.d/orig/* $xtmp/etc/yum.repos.d/ - rm -rf $xtmp/etc/yum.repos.d/orig - fi -} - - -tarit() { - - tar $attributes --numeric-owner --one-file-system -C $xtmp -cf - . | $zip > $target.$ext -} - - -centos() { - - local arch=$1 - local vers=$2 - local domain=$(domainname) - - check - setarch $arch - mkpost-centos - $l32 rinse --directory $xtmp --distribution centos-$vers --arch $arch --before-post-install $xtmp/post - domainname $domain # workaround for #613377 - cleanup-rinse - tarit -} - - -slc() { - - local arch=$1 - local vers=$2 - - check - setarch $arch - mkpost-slc $vers - $l32 rinse --directory $xtmp --distribution slc-$vers --arch $arch --before-post-install $xtmp/post - cleanup-rinse - tarit -} - - -debgeneric() { - - local DIST=$1 - shift - local mirror=$1 - shift - local arch=$1 - - dist=${DIST%%[0-9][0-9]} - local exc="EXCLUDE_$dist" - [ -n "${!exc}" ] && exc="--exclude=${!exc}" || unset exc - dist=${dist,,} - - check - if [ -n "$INCLUDE_DEBIAN" ]; then - local inc="--include=$INCLUDE_DEBIAN" - fi - - if [ -n "$arch" ]; then - qemu-debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror - target="${target}_${arch^^}" - else - if [[ $DIST =~ 64 ]]; then - arch=amd64 - else - arch=i386 - fi - debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror - fi - cleanup-deb - tarit -} - -prtdists() { - - echo "Available: - - CENTOS5_32 CENTOS5_64 - CENTOS6_32 CENTOS6_64 - CENTOS7_32 CENTOS7_64 - CENTOS8_64 - SLC5_32 SLC5_64 - SLC6_32 SLC6_64 - SLC7_64 - TRUSTY32 TRUSTY64 - XENIAL32 XENIAL64 - BIONIC64 - FOCAL64 - SQUEEZE32 SQUEEZE64 - WHEEZY32 WHEEZY64 - JESSIE32 JESSIE64 - STRETCH32 STRETCH64 - BUSTER32 BUSTER64 - BULLSEYE32 BULLSEYE64 - SID32 SID64 -" -} - -usage() { - - cat <&/dev/null && dpkg --print-architecture | tr a-z A-Z - -# determin if we are a DHCP client or not -# count the : chars in the argument of ip= -n="${ip//[^:]}" -if [[ $ip =~ ^(on|any|dhcp)$ ]]; then - echo DHCPC -elif [ ${#n} -lt 6 ]; then - echo DHCPC -fi - -exit 0 diff --git a/roles/fai/files/profiles/class/20-hwdetect.sh b/roles/fai/files/profiles/class/20-hwdetect.sh deleted file mode 100755 index 8ba48d4..0000000 --- a/roles/fai/files/profiles/class/20-hwdetect.sh +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de - -# NOTE: Files named *.sh will be evaluated, but their output ignored. - -[ $do_init_tasks -eq 1 ] || return 0 # Do only execute when doing install - -echo 0 > /proc/sys/kernel/printk - -#kernelmodules= -# here, you can load modules depending on the kernel version -case $(uname -r) in - 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; - [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; -esac - -for mod in $kernelmodules; do - [ X$verbose = X1 ] && echo Loading kernel module $mod - modprobe -a $mod 1>/dev/null 2>&1 -done - -ip ad show up | egrep -iv 'loopback|127.0.0.1|::1/128|_lft' - -echo $printk > /proc/sys/kernel/printk - -odisklist=$disklist -set_disk_info # recalculate list of available disks -if [ "$disklist" != "$odisklist" ]; then - echo New disklist: $disklist - echo disklist=\"$disklist\" >> $LOGDIR/additional.var -fi - -save_dmesg # save new boot messages (from loading modules) - diff --git a/roles/fai/files/profiles/class/40-parse-profiles.sh b/roles/fai/files/profiles/class/40-parse-profiles.sh deleted file mode 100755 index c80cf7a..0000000 --- a/roles/fai/files/profiles/class/40-parse-profiles.sh +++ /dev/null @@ -1,165 +0,0 @@ -#! /bin/bash - -# parse *.profile and build a curses menu, so the user can select a profile -# -# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de -# Universitaet zu Koeln - -if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then - : -else - return 0 -fi - -[ "$flag_menu" ] || return 0 - -out=$(tty) -tempfile=`(tempfile) 2>/dev/null` -tempfile2=`(tempfile) 2>/dev/null` -trap "rm -f $tempfile $tempfile2" EXIT INT QUIT - -# declare the data structure, use associative arrays -declare -A arshort -declare -A ardesc -declare -A arlong -declare -A arclasses -declare -a list - - -parse_profile() { - - # read a profile and add all info to the data structure - - local short - local long - local desc - local name - local classes - local lflag=0 - - # disable word splitting when reading a line, this helps reading a keyword without a value - local OIF=$IFS - IFS= - - while read -r line || [[ -n $line ]]; do - - if [[ $line =~ "Name: " ]]; then - if [ -n "$long" ]; then - arlong[$name]="$long" - fi - short= - desc= - long= - classes= - lflag=0 - name=${line##Name: } - [ $debug ] && echo "XX NAME $name found" - list+=("$name") # add new item to list - continue - fi - - if [[ $line =~ "Description: " ]]; then - lflag=0 - desc=${line##Description: } - [ $debug ] && echo "XX $desc found" - ardesc[$name]="$desc" - continue - fi - - if [[ $line =~ "Short: " ]]; then - lflag=0 - short=${line##Short: } - [ $debug ] && echo "XX $short found" - arshort[$name]="$short" - continue - fi - - if [[ $line =~ "Classes: " ]]; then - lflag=0 - classes=${line##Classes: } - [ $debug ] && echo "XX classes found" - arclasses[$name]="$classes" - continue - fi - - if [[ $line =~ "Long: " ]]; then - lflag=1 - long=${line##Long: } - [ $debug ] && echo "XX long found" - - # else it's another long line - elif [ $lflag -eq 1 ]; then - long+="\n$line" - fi - - if [[ $line =~ "Default: " ]]; then - lflag=0 - default=${line##Default: } - continue - fi - - done < $1 - - if [ -n "$long" ]; then - arlong[$name]="$long" - fi - IFS=$OIF -} - -prtresult() { - - # set newclasses which is used by fai-class(1) - local res=$(<$tempfile) - echo "$BASH_SOURCE defined new classes: ${arclasses[$res]}" - newclasses="${arclasses[$res]}" -} - - -# read all files with name matching *.profile -_parsed=0 -shopt -s nullglob -for _f in *.profile; do - parse_profile $_f - _parsed=1 -done -unset _f - -# do nothing if no profile was read -if [ $_parsed -eq 0 ]; then - unset _parsed - return 0 -fi - -# create the argument list containing the menu entries -# and the help text file -for i in "${list[@]}"; do - par+=("$i") - par+=("${ardesc[${i}]}") - par+=("${arshort[${i}]}") - echo "Name: ${i}" >> $tempfile2 - echo -e ${arlong[${i}]} >> $tempfile2 - echo -e "Classes: " ${arclasses[${i}]} "\n" >> $tempfile2 -done -unset i - -while true; do - - dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \ - --default-item "$default" \ - --menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\ - 15 70 0 "${par[@]}" 2> $tempfile 1> $out - - _retval=$? - case $_retval in - 0) - prtresult - break ;; - 1) - echo "No profile selected." - break ;; - 2) - dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;; - esac - -done -unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line diff --git a/roles/fai/files/profiles/class/41-warning.sh b/roles/fai/files/profiles/class/41-warning.sh deleted file mode 100755 index e9f9ec5..0000000 --- a/roles/fai/files/profiles/class/41-warning.sh +++ /dev/null @@ -1,28 +0,0 @@ -#! /bin/bash - -if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = X ]; then - : -else - return 0 -fi -if [ X$action = Xdirinstall ]; then - return 0 -fi - -grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 -[ "$flag_menu" ] || return 0 - -out=$(tty) -red=$(mktemp) -echo 'screen_color = (CYAN,RED,ON)' > $red - -DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \ - --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out - -# stop on any error, or if ESC was hit -if [ $? -ne 0 ]; then - task_error 999 -fi - -rm $red -unset red diff --git a/roles/fai/files/profiles/class/50-host-classes b/roles/fai/files/profiles/class/50-host-classes deleted file mode 100755 index afa7a95..0000000 --- a/roles/fai/files/profiles/class/50-host-classes +++ /dev/null @@ -1,32 +0,0 @@ -#! /bin/bash - -# assign classes to hosts based on their hostname - -# do not use this if a menu will be presented -[ "$flag_menu" ] && exit 0 - -# use a list of classes for our demo machine -case $HOSTNAME in - faiserver) - echo "FAIBASE DEBIAN DEMO FAISERVER" ;; - demohost|client*) - echo "FAIBASE DEBIAN DEMO" ;; - xfcehost) - echo "FAIBASE DEBIAN DEMO XORG XFCE LVM";; - gnomehost) - echo "FAIBASE DEBIAN DEMO XORG GNOME";; - ubuntuhost) - echo "FAIBASE DEBIAN DEMO UBUNTU FOCAL FOCAL64 XORG";; - centos) - echo "FAIBASE CENTOS" # you may want to add class XORG here - ifclass AMD64 && echo CENTOS8_64 - ;; - slchost) - # Scientific Linux Cern, is very similar to CentOS. SLC should alsways use the class CENTOS - echo "FAIBASE CENTOS SLC" # you may want to add class XORG here - ifclass I386 && echo SLC7_32 - ifclass AMD64 && echo SLC7_64 - ;; - *) - echo "UBUNTU MINT DESKTOP" ;; -esac diff --git a/roles/fai/files/profiles/class/60-misc b/roles/fai/files/profiles/class/60-misc deleted file mode 100755 index 1c3b4fd..0000000 --- a/roles/fai/files/profiles/class/60-misc +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash - -ifclass -o CENTOS SLC && exit 0 - -ifclass -o GRUB_PC GRUB_EFI && exit 0 - -if [ -d /sys/firmware/efi ]; then - echo GRUB_EFI -elif ifclass -o I386 AMD64 ; then - echo GRUB_PC -fi diff --git a/roles/fai/files/profiles/class/85-efi-classes b/roles/fai/files/profiles/class/85-efi-classes deleted file mode 100755 index 4aa554c..0000000 --- a/roles/fai/files/profiles/class/85-efi-classes +++ /dev/null @@ -1,21 +0,0 @@ -#! /bin/bash - -# define classes for disk_config in an EFI enironment - -if [ ! -d /sys/firmware/efi ]; then - exit 0 -fi - -if ifclass FAIBASE; then - echo FAIBASE_EFI -elif ifclass FAISERVER; then - echo FAISERVER_EFI -elif ifclass LVM; then - echo LVM_EFI -elif ifclass XENIAL; then - echo XENIAL_EFI -elif ifclass UBUNTU; then - echo UBUNTU_EFI -elif ifclass HW4F_DESKTOP; then - echo HW4F_DESKTOP_EFI -fi diff --git a/roles/fai/files/profiles/class/CENTOS.var b/roles/fai/files/profiles/class/CENTOS.var deleted file mode 100644 index 1ec7250..0000000 --- a/roles/fai/files/profiles/class/CENTOS.var +++ /dev/null @@ -1,9 +0,0 @@ -CONSOLEFONT=lat9v-16 -KEYMAP=us -DEFAULTLOCALE=en_US.UTF-8 -SUPPORTEDLOCALE=en_US.UTF-8:en_US:en - -# if you install much software and have only few RAM, use the RAM disk -# not for var/cache/yum -#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum" -FAI_RAMDISKS="$target/var/lib/rpm" diff --git a/roles/fai/files/profiles/class/CLOUD.var b/roles/fai/files/profiles/class/CLOUD.var deleted file mode 100644 index f4cb485..0000000 --- a/roles/fai/files/profiles/class/CLOUD.var +++ /dev/null @@ -1 +0,0 @@ -NIC1=eth0 diff --git a/roles/fai/files/profiles/class/DEBIAN.var b/roles/fai/files/profiles/class/DEBIAN.var deleted file mode 100644 index 144d32f..0000000 --- a/roles/fai/files/profiles/class/DEBIAN.var +++ /dev/null @@ -1,19 +0,0 @@ -release=buster -apt_cdn=http://deb.debian.org -security_cdn=http://security.debian.org - -CONSOLEFONT= -KEYMAP=de-latin1 - -# MODULESLIST contains modules that will be loaded by the new system, -# not during installation these modules will be written to /etc/modules -# If you need a module during installation, add it to $kernelmodules -# in 20-hwdetect.sh. -MODULESLIST="usbhid psmouse" - -# if you have enough RAM (>2GB) you may want to enable this line. It -# also puts /var/cache into a ramdisk. -#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache" - -# if you want to use the faiserver as APT proxy -APTPROXY=http://faiserver:3142 diff --git a/roles/fai/files/profiles/class/FAIBASE.var b/roles/fai/files/profiles/class/FAIBASE.var deleted file mode 100644 index a02d8bc..0000000 --- a/roles/fai/files/profiles/class/FAIBASE.var +++ /dev/null @@ -1,22 +0,0 @@ -# default values for installation. You can override them in your *.var files - -# allow installation of packages from unsigned repositories -FAI_ALLOW_UNSIGNED=0 - -# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not. -UTC=yes -TIMEZONE=Europe/Berlin - -# the hash of the root password for the new installed linux system -# pw is "fai" -ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' - -# errors in tasks greater than this value will cause the installation to stop -STOP_ON_ERROR=700 - -# set parameter for install_packages(8) -MAXPACKAGES=800 - -# a user account will be created -username=demo -USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' diff --git a/roles/fai/files/profiles/class/GERMAN.var b/roles/fai/files/profiles/class/GERMAN.var deleted file mode 100644 index 8638a75..0000000 --- a/roles/fai/files/profiles/class/GERMAN.var +++ /dev/null @@ -1,3 +0,0 @@ -# german environment (for Debian) -KEYMAP=de-latin1-nodeadkeys - diff --git a/roles/fai/files/profiles/class/INSTALL.var b/roles/fai/files/profiles/class/INSTALL.var deleted file mode 100644 index f0c4cbd..0000000 --- a/roles/fai/files/profiles/class/INSTALL.var +++ /dev/null @@ -1 +0,0 @@ -FAI_ACTION=install diff --git a/roles/fai/files/profiles/class/INVENTORY.var b/roles/fai/files/profiles/class/INVENTORY.var deleted file mode 100644 index 6afe995..0000000 --- a/roles/fai/files/profiles/class/INVENTORY.var +++ /dev/null @@ -1 +0,0 @@ -FAI_ACTION=inventory diff --git a/roles/fai/files/profiles/class/SYSINFO.var b/roles/fai/files/profiles/class/SYSINFO.var deleted file mode 100644 index 617b88d..0000000 --- a/roles/fai/files/profiles/class/SYSINFO.var +++ /dev/null @@ -1 +0,0 @@ -FAI_ACTION=sysinfo diff --git a/roles/fai/files/profiles/class/UBUNTU.var b/roles/fai/files/profiles/class/UBUNTU.var deleted file mode 100644 index a258b6a..0000000 --- a/roles/fai/files/profiles/class/UBUNTU.var +++ /dev/null @@ -1,2 +0,0 @@ -ubuntumirror=http://archive.ubuntu.com -ubuntudist=focal diff --git a/roles/fai/files/profiles/class/menu.profile b/roles/fai/files/profiles/class/menu.profile deleted file mode 100644 index e0c6181..0000000 --- a/roles/fai/files/profiles/class/menu.profile +++ /dev/null @@ -1,78 +0,0 @@ -Default: HW4F Desktop - -Name: HW4F Desktop -Description: Desktop installtion for Hardware for future -Short: HW4F -Long: Ubuntu 20.04 LTS (Focal Fossa) Desktop installtion -Classes: INSTALL GERMAN HW4F_DESKTOP UBUNTU HW4F_DESKTOP_LAST - -Name: Secure erase SSD -Description: Run a secure erase for SSD -Short: Secure erase -Long: Run a secure erase on SSD -Classes: SECURE_ERASE - -Name: Ubuntu -Description: Ubuntu -Short: Ubuntu -Long: Ubuntu 20.04 LTS (Focal Fossa) -Classes: INSTALL UBUNTU - -Name: Minimalist debian -Description: Minimal debian installation -Short: Simple debian -Long: Simple debian without additional packages -Classes: DEBIAN - -Name: Debian Desktop with Cinnamon -Description: Xfce desktop, LVM partitioning -Short: A fancy Xfce desktop will be installed, the user account is demo -Long: This is the Xfce desktop example. Additional account called -demo with password: fai, root password: fai -All needed packages are already on the CD or USB stick. -Classes: INSTALL DEBIAN CINNAMON - -Name: Xfce -Description: Xfce desktop, LVM partitioning -Short: A fancy Xfce desktop will be installed, the user account is demo -Long: This is the Xfce desktop example. Additional account called -demo with password: fai, root password: fai -All needed packages are already on the CD or USB stick. -Classes: INSTALL FAIBASE DEBIAN DEMO XORG XFCE LVM - -Name: Gnome -Description: Gnome desktop installation -Short: A Gnome desktop, no LVM, You will get an account called demo -Long: This is the Gnome desktop example. Additional account called -demo with password: fai, root password: fai -You should have a fast network connection, because most packages are -downloaded from the internet. -Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME - -Name: CentOS 8 -Description: CentOS 8 with Xfce desktop -Short: A normal Xfce desktop, running CentOS 8 -Long: We use the Debian nfsroot for installing the CentOS 8 OS. -You should have a fast network connection, because most packages are -downloaded from the internet. -Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG - -Name: Ubuntu -Description: Ubuntu 20.04 desktop installation -Short: Unity desktop -Long: We use the Debian nfsroot for installing the Ubuntu OS. -You should have a fast network connection, because most packages are -downloaded from the internet. -Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG - -Name: Inventory -Description: Show hardware info -Short: Show some basic hardware infos -Long: Execute commands for showing hardware info -Classes: INVENTORY - -Name: Sysinfo -Description: Show defailed system information -Short: Show detailed hardware and system information -Long: Execute a lot of commands for collecting system information -Classes: SYSINFO diff --git a/roles/fai/files/profiles/debconf/CLOUD b/roles/fai/files/profiles/debconf/CLOUD deleted file mode 100644 index e3614d6..0000000 --- a/roles/fai/files/profiles/debconf/CLOUD +++ /dev/null @@ -1,2 +0,0 @@ -# Linux command line: -grub-pc grub2/linux_cmdline_default string elevator=noop quiet diff --git a/roles/fai/files/profiles/debconf/DEBIAN b/roles/fai/files/profiles/debconf/DEBIAN deleted file mode 100644 index 9b23c87..0000000 --- a/roles/fai/files/profiles/debconf/DEBIAN +++ /dev/null @@ -1,9 +0,0 @@ -exim4-config exim4/dc_eximconfig_configtype select local delivery only; not on a network -locales locales/default_environment_locale select de_DE.UTF-8 -locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 -keyboard-configuration keyboard-configuration/modelcode string pc105 -keyboard-configuration keyboard-configuration/xkb-keymap select us -keyboard-configuration keyboard-configuration/variant select Deutsch -keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC -keyboard-configuration keyboard-configuration/layoutcode string de -keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/roles/fai/files/profiles/debconf/GERMAN b/roles/fai/files/profiles/debconf/GERMAN deleted file mode 100644 index cca0416..0000000 --- a/roles/fai/files/profiles/debconf/GERMAN +++ /dev/null @@ -1,8 +0,0 @@ -locales locales/default_environment_locale select de_DE.UTF-8 -locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 -keyboard-configuration keyboard-configuration/modelcode string pc105 -keyboard-configuration keyboard-configuration/xkb-keymap select de -keyboard-configuration keyboard-configuration/variant select Germany -keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC -keyboard-configuration keyboard-configuration/layoutcode string de -keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/roles/fai/files/profiles/debconf/HW4F_DESKTOP b/roles/fai/files/profiles/debconf/HW4F_DESKTOP deleted file mode 100644 index 0fec074..0000000 --- a/roles/fai/files/profiles/debconf/HW4F_DESKTOP +++ /dev/null @@ -1,36 +0,0 @@ -locales locales/default_environment_locale select de_DE.UTF-8 -locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 - -xserver-xorg xserver-xorg/config/inputdevice/keyboard/layout string de -xserver-xorg xserver-xorg/config/inputdevice/keyboard/model string pc105 -xserver-xorg xserver-xorg/config/inputdevice/keyboard/options string lv3:ralt_switch -xserver-xorg xserver-xorg/autodetect_monitor boolean false -xserver-xorg xserver-xorg/autodetect_keyboard boolean true -xserver-xorg xserver-xorg/autodetect_mouse boolean true -xserver-xorg xserver-xorg/autodetect_video_card boolean true - -console-setup console-setup/variant select Germany -console-setup console-setup/charmap select UTF-8 -console-setup console-setup/layoutcode string de -console-setup console-setup/compose select No compose key -console-setup console-setup/fontsize-text select 16 -console-setup console-setup/optionscode string lv3:ralt_switch -console-setup console-setup/layout select Germany -console-setup console-setup/detected note -console-setup console-setup/variantcode string -console-setup console-setup/codesetcode string Lat15 -console-setup console-setup/modelcode string pc105 -console-setup console-setup/ask_detect boolean false -console-setup console-setup/altgr select Right Alt -console-setup console-setup/ttys string /dev/tty[1-6] -console-setup console-setup/model select Generic 105-key (Intl) PC -console-setup console-setup/fontsize-fb select 16 -console-setup console-setup/switch select No temporary switch -console-setup console-setup/codeset select # Latin1 and Latin5 - western Europe and Turkic languages -console-setup console-setup/toggle select No toggling -console-setup console-setup/fontface select VGA -console-setup console-setup/fontsize string 16 - -tzdata tzdata/Zones/Etc select UTC -tzdata tzdata/Zones/Europe select Berlin -tzdata tzdata/Areas select Europe diff --git a/roles/fai/files/profiles/debconf/HW4F_DESKTOP2 b/roles/fai/files/profiles/debconf/HW4F_DESKTOP2 deleted file mode 100644 index 85c0d49..0000000 --- a/roles/fai/files/profiles/debconf/HW4F_DESKTOP2 +++ /dev/null @@ -1,132 +0,0 @@ -base-passwd base-passwd/group-add boolean true -base-passwd base-passwd/group-change-gid boolean true -base-passwd base-passwd/group-move boolean true -base-passwd base-passwd/group-remove boolean true -base-passwd base-passwd/user-add boolean true -base-passwd base-passwd/user-change-gecos boolean true -base-passwd base-passwd/user-change-gid boolean true -base-passwd base-passwd/user-change-home boolean true -base-passwd base-passwd/user-change-shell boolean true -base-passwd base-passwd/user-change-uid boolean true -base-passwd base-passwd/user-move boolean true -base-passwd base-passwd/user-remove boolean true - -ca-certificates ca-certificates/enable_crts multiselect mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/E-Tugra_Certification_Authority.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Taiwan_GRCA.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt -ca-certificates ca-certificates/new_crts multiselect -ca-certificates ca-certificates/trust_new_crts select yes - -console-setup console-setup/charmap47 select UTF-8 -console-setup console-setup/codeset47 select Guess optimal character set -console-setup console-setup/codesetcode string -console-setup console-setup/fontface47 select Fixed -console-setup console-setup/fontsize-fb47 select 8x16 -console-setup console-setup/fontsize string 8x16 -console-setup console-setup/fontsize-text47 select 8x16 -console-setup console-setup/store_defaults_in_debconf_db boolean true - -cups-bsd cups-bsd/setuplpd boolean false -cups cupsys/backend multiselect lpd, socket, usb, snmp, dnssd -cups cupsys/raw-print boolean true -dash dash/sh boolean true - -debconf debconf/frontend select Dialog -debconf debconf/priority select high - -dictionaries-common dictionaries-common/debconf_database_corruption error -dictionaries-common dictionaries-common/default-ispell select -dictionaries-common dictionaries-common/default-wordlist select deutsch (New German) -dictionaries-common dictionaries-common/invalid_debconf_value error -dictionaries-common dictionaries-common/ispell-autobuildhash-message note -dictionaries-common dictionaries-common/old_wordlist_link boolean true -dictionaries-common dictionaries-common/selecting_ispell_wordlist_default note - -gdm3 gdm3/daemon_name string /usr/sbin/gdm3 -gdm3 shared/default-x-display-manager select gdm3 - -grub-pc grub2/kfreebsd_cmdline_default string quiet splash -grub-pc grub2/linux_cmdline_default string quiet splash -grub-pc grub2/no_efi_extra_removable boolean false -grub-pc grub2/update_nvram boolean true -grub-pc grub-efi/install_devices_disks_changed multiselect -grub-pc grub-efi/install_devices_empty boolean false -grub-pc grub-efi/install_devices_failed boolean false -grub-pc grub-pc/chainload_from_menu.lst boolean true -grub-pc grub-pc/hidden_timeout boolean true -grub-pc grub-pc/install_devices_disks_changed multiselect -grub-pc grub-pc/install_devices_empty boolean false -grub-pc grub-pc/install_devices_failed boolean false -grub-pc grub-pc/install_devices_failed_upgrade boolean true -grub-pc grub-pc/install_devices multiselect /dev/disk/by-id/ata-VBOX_HARDDISK_VB71f9e682-3531daf0 -grub-pc grub-pc/kopt_extracted boolean false -grub-pc grub-pc/mixed_legacy_and_grub2 boolean true -grub-pc grub-pc/postrm_purge_boot_grub boolean false -grub-pc grub-pc/timeout string 0 - -keyboard-configuration console-setup/ask_detect boolean false -keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout -keyboard-configuration keyboard-configuration/compose select No compose key -keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean false -keyboard-configuration keyboard-configuration/layoutcode string de -keyboard-configuration keyboard-configuration/layout select German -keyboard-configuration keyboard-configuration/modelcode string pc105 -keyboard-configuration keyboard-configuration/model select Generic 105-key PC (intl.) -keyboard-configuration keyboard-configuration/store_defaults_in_debconf_db boolean true -keyboard-configuration keyboard-configuration/switch select No temporary switch -keyboard-configuration keyboard-configuration/toggle select No toggling -keyboard-configuration keyboard-configuration/unsupported_config_layout boolean true -keyboard-configuration keyboard-configuration/unsupported_config_options boolean true -keyboard-configuration keyboard-configuration/unsupported_layout boolean true -keyboard-configuration keyboard-configuration/unsupported_options boolean true -keyboard-configuration keyboard-configuration/variantcode string -keyboard-configuration keyboard-configuration/variant select German -keyboard-configuration keyboard-configuration/xkb-keymap select - -libc6:amd64 libraries/restart-without-asking boolean false -libc6 glibc/upgrade boolean true -libc6 libraries/restart-without-asking boolean false -libpam0g:amd64 libraries/restart-without-asking boolean false -libpam-runtime libpam-runtime/profiles multiselect unix, systemd, gnome-keyring, capability -libssl1.1:amd64 libraries/restart-without-asking boolean false -linux-base linux-base/removing-running-kernel boolean true - -linux-sound-base linux-sound-base/sound_system select ALSA - -locales locales/default_environment_locale select None - -man-db man-db/auto-update boolean true -man-db man-db/install-setuid boolean false - -memtest86+ shared/memtest86-run-lilo boolean false - -openvpn openvpn/create_tun boolean false - -popularity-contest popularity-contest/participate boolean false - -printer-driver-pnm2ppa pnm2ppa/create_magicfilter boolean false -printer-driver-pnm2ppa pnm2ppa/printer_model select 710 -printer-driver-pnm2ppa pnm2ppa/use_debconf boolean true - -sane-utils sane-utils/saned_run boolean false -sane-utils sane-utils/saned_scanner_group boolean true - -ssl-cert make-ssl-cert/hostname string localhost - -tzdata tzdata/Areas select Etc -tzdata tzdata/Zones/Etc select UTC - -ucf ucf/changeprompt select keep_current -ucf ucf/changeprompt_threeway select keep_current - -ufw ufw/enable boolean false -ufw ufw/existing_configuration error - -unattended-upgrades unattended-upgrades/enable_auto_updates boolean true - -update-inetd update-inetd/ask-disable-entries boolean false -update-inetd update-inetd/ask-entry-present boolean true -update-inetd update-inetd/ask-remove-entries boolean false -update-inetd update-inetd/ask-several-entries boolean true - -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/actual_allowed_users string console -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/allowed_users select Console Users Only - diff --git a/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP b/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP deleted file mode 100644 index aea3fdf..0000000 --- a/roles/fai/files/profiles/debconf/UBUNTU_DESKTOP +++ /dev/null @@ -1,261 +0,0 @@ -dictionaries-common dictionaries-common/selecting_ispell_wordlist_default note -# Choices: Alle Locales, aa_DJ ISO-8859-1, aa_DJ.UTF-8 UTF-8, aa_ER UTF-8, aa_ER@saaho UTF-8, aa_ET UTF-8, af_ZA ISO-8859-1, af_ZA.UTF-8 UTF-8, agr_PE UTF-8, ak_GH UTF-8, am_ET UTF-8, an_ES ISO-8859-15, an_ES.UTF-8 UTF-8, anp_IN UTF-8, ar_AE ISO-8859-6, ar_AE.UTF-8 UTF-8, ar_BH ISO-8859-6, ar_BH.UTF-8 UTF-8, ar_DZ ISO-8859-6, ar_DZ.UTF-8 UTF-8, ar_EG ISO-8859-6, ar_EG.UTF-8 UTF-8, ar_IN UTF-8, ar_IQ ISO-8859-6, ar_IQ.UTF-8 UTF-8, ar_JO ISO-8859-6, ar_JO.UTF-8 UTF-8, ar_KW ISO-8859-6, ar_KW.UTF-8 UTF-8, ar_LB ISO-8859-6, ar_LB.UTF-8 UTF-8, ar_LY ISO-8859-6, ar_LY.UTF-8 UTF-8, ar_MA ISO-8859-6, ar_MA.UTF-8 UTF-8, ar_OM ISO-8859-6, ar_OM.UTF-8 UTF-8, ar_QA ISO-8859-6, ar_QA.UTF-8 UTF-8, ar_SA ISO-8859-6, ar_SA.UTF-8 UTF-8, ar_SD ISO-8859-6, ar_SD.UTF-8 UTF-8, ar_SS UTF-8, ar_SY ISO-8859-6, ar_SY.UTF-8 UTF-8, ar_TN ISO-8859-6, ar_TN.UTF-8 UTF-8, ar_YE ISO-8859-6, ar_YE.UTF-8 UTF-8, as_IN UTF-8, ast_ES ISO-8859-15, ast_ES.UTF-8 UTF-8, ayc_PE UTF-8, az_AZ UTF-8, az_IR UTF-8, be_BY CP1251, be_BY.UTF-8 UTF-8, be_BY@latin UTF-8, bem_ZM UTF-8, ber_DZ UTF-8, ber_MA UTF-8, bg_BG CP1251, bg_BG.UTF-8 UTF-8, bhb_IN.UTF-8 UTF-8, bho_IN UTF-8, bho_NP UTF-8, bi_VU UTF-8, bn_BD UTF-8, bn_IN UTF-8, bo_CN UTF-8, bo_IN UTF-8, br_FR ISO-8859-1, br_FR.UTF-8 UTF-8, br_FR@euro ISO-8859-15, brx_IN UTF-8, bs_BA ISO-8859-2, bs_BA.UTF-8 UTF-8, byn_ER UTF-8, ca_AD ISO-8859-15, ca_AD.UTF-8 UTF-8, ca_ES ISO-8859-1, ca_ES.UTF-8 UTF-8, ca_ES@euro ISO-8859-15, ca_ES@valencia UTF-8, ca_FR ISO-8859-15, ca_FR.UTF-8 UTF-8, ca_IT ISO-8859-15, ca_IT.UTF-8 UTF-8, ce_RU UTF-8, chr_US UTF-8, ckb_IQ UTF-8, cmn_TW UTF-8, crh_UA UTF-8, cs_CZ ISO-8859-2, cs_CZ.UTF-8 UTF-8, csb_PL UTF-8, cv_RU UTF-8, cy_GB ISO-8859-14, cy_GB.UTF-8 UTF-8, da_DK ISO-8859-1, da_DK.UTF-8 UTF-8, de_AT ISO-8859-1, de_AT.UTF-8 UTF-8, de_AT@euro ISO-8859-15, de_BE ISO-8859-1, de_BE.UTF-8 UTF-8, de_BE@euro ISO-8859-15, de_CH ISO-8859-1, de_CH.UTF-8 UTF-8, de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, de_IT ISO-8859-1, de_IT.UTF-8 UTF-8, de_LI.UTF-8 UTF-8, de_LU ISO-8859-1, de_LU.UTF-8 UTF-8, de_LU@euro ISO-8859-15, doi_IN UTF-8, dsb_DE UTF-8, dv_MV UTF-8, dz_BT UTF-8, el_CY ISO-8859-7, el_CY.UTF-8 UTF-8, el_GR ISO-8859-7, el_GR.UTF-8 UTF-8, el_GR@euro ISO-8859-7, en_AG UTF-8, en_AU ISO-8859-1, en_AU.UTF-8 UTF-8, en_BW ISO-8859-1, en_BW.UTF-8 UTF-8, en_CA ISO-8859-1, en_CA.UTF-8 UTF-8, en_DK ISO-8859-1, en_DK.ISO-8859-15 ISO-8859-15, en_DK.UTF-8 UTF-8, en_GB ISO-8859-1, en_GB.ISO-8859-15 ISO-8859-15, en_GB.UTF-8 UTF-8, en_HK ISO-8859-1, en_HK.UTF-8 UTF-8, en_IE ISO-8859-1, en_IE.UTF-8 UTF-8, en_IE@euro ISO-8859-15, en_IL UTF-8, en_IN UTF-8, en_NG UTF-8, en_NZ ISO-8859-1, en_NZ.UTF-8 UTF-8, en_PH ISO-8859-1, en_PH.UTF-8 UTF-8, en_SC.UTF-8 UTF-8, en_SG ISO-8859-1, en_SG.UTF-8 UTF-8, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8, en_ZA ISO-8859-1, en_ZA.UTF-8 UTF-8, en_ZM UTF-8, en_ZW ISO-8859-1, en_ZW.UTF-8 UTF-8, eo UTF-8, eo_US.UTF-8 UTF-8, es_AR ISO-8859-1, es_AR.UTF-8 UTF-8, es_BO ISO-8859-1, es_BO.UTF-8 UTF-8, es_CL ISO-8859-1, es_CL.UTF-8 UTF-8, es_CO ISO-8859-1, es_CO.UTF-8 UTF-8, es_CR ISO-8859-1, es_CR.UTF-8 UTF-8, es_CU UTF-8, es_DO ISO-8859-1, es_DO.UTF-8 UTF-8, es_EC ISO-8859-1, es_EC.UTF-8 UTF-8, es_ES ISO-8859-1, es_ES.UTF-8 UTF-8, es_ES@euro ISO-8859-15, es_GT ISO-8859-1, es_GT.UTF-8 UTF-8, es_HN ISO-8859-1, es_HN.UTF-8 UTF-8, es_MX ISO-8859-1, es_MX.UTF-8 UTF-8, es_NI ISO-8859-1, es_NI.UTF-8 UTF-8, es_PA ISO-8859-1, es_PA.UTF-8 UTF-8, es_PE ISO-8859-1, es_PE.UTF-8 UTF-8, es_PR ISO-8859-1, es_PR.UTF-8 UTF-8, es_PY ISO-8859-1, es_PY.UTF-8 UTF-8, es_SV ISO-8859-1, es_SV.UTF-8 UTF-8, es_US ISO-8859-1, es_US.UTF-8 UTF-8, es_UY ISO-8859-1, es_UY.UTF-8 UTF-8, es_VE ISO-8859-1, es_VE.UTF-8 UTF-8, et_EE ISO-8859-1, et_EE.ISO-8859-15 ISO-8859-15, et_EE.UTF-8 UTF-8, eu_ES ISO-8859-1, eu_ES.UTF-8 UTF-8, eu_ES@euro ISO-8859-15, eu_FR ISO-8859-1, eu_FR.UTF-8 UTF-8, eu_FR@euro ISO-8859-15, fa_IR UTF-8, ff_SN UTF-8, fi_FI ISO-8859-1, fi_FI.UTF-8 UTF-8, fi_FI@euro ISO-8859-15, fil_PH UTF-8, fo_FO ISO-8859-1, fo_FO.UTF-8 UTF-8, fr_BE ISO-8859-1, fr_BE.UTF-8 UTF-8, fr_BE@euro ISO-8859-15, fr_CA ISO-8859-1, fr_CA.UTF-8 UTF-8, fr_CH ISO-8859-1, fr_CH.UTF-8 UTF-8, fr_FR ISO-8859-1, fr_FR.UTF-8 UTF-8, fr_FR@euro ISO-8859-15, fr_LU ISO-8859-1, fr_LU.UTF-8 UTF-8, fr_LU@euro ISO-8859-15, fur_IT UTF-8, fy_DE UTF-8, fy_NL UTF-8, ga_IE ISO-8859-1, ga_IE.UTF-8 UTF-8, ga_IE@euro ISO-8859-15, gd_GB ISO-8859-15, gd_GB.UTF-8 UTF-8, gez_ER UTF-8, gez_ER@abegede UTF-8, gez_ET UTF-8, gez_ET@abegede UTF-8, gl_ES ISO-8859-1, gl_ES.UTF-8 UTF-8, gl_ES@euro ISO-8859-15, gu_IN UTF-8, gv_GB ISO-8859-1, gv_GB.UTF-8 UTF-8, ha_NG UTF-8, hak_TW UTF-8, he_IL ISO-8859-8, he_IL.UTF-8 UTF-8, hi_IN UTF-8, hif_FJ UTF-8, hne_IN UTF-8, hr_HR ISO-8859-2, hr_HR.UTF-8 UTF-8, hsb_DE ISO-8859-2, hsb_DE.UTF-8 UTF-8, ht_HT UTF-8, hu_HU ISO-8859-2, hu_HU.UTF-8 UTF-8, hy_AM UTF-8, hy_AM.ARMSCII-8 ARMSCII-8, ia_FR UTF-8, id_ID ISO-8859-1, id_ID.UTF-8 UTF-8, ig_NG UTF-8, ik_CA UTF-8, is_IS ISO-8859-1, is_IS.UTF-8 UTF-8, it_CH ISO-8859-1, it_CH.UTF-8 UTF-8, it_IT ISO-8859-1, it_IT.UTF-8 UTF-8, it_IT@euro ISO-8859-15, iu_CA UTF-8, ja_JP.EUC-JP EUC-JP, ja_JP.UTF-8 UTF-8, ka_GE GEORGIAN-PS, ka_GE.UTF-8 UTF-8, kab_DZ UTF-8, kk_KZ PT154, kk_KZ.RK1048 RK1048, kk_KZ.UTF-8 UTF-8, kl_GL ISO-8859-1, kl_GL.UTF-8 UTF-8, km_KH UTF-8, kn_IN UTF-8, ko_KR.EUC-KR EUC-KR, ko_KR.UTF-8 UTF-8, kok_IN UTF-8, ks_IN UTF-8, ks_IN@devanagari UTF-8, ku_TR ISO-8859-9, ku_TR.UTF-8 UTF-8, kw_GB ISO-8859-1, kw_GB.UTF-8 UTF-8, ky_KG UTF-8, lb_LU UTF-8, lg_UG ISO-8859-10, lg_UG.UTF-8 UTF-8, li_BE UTF-8, li_NL UTF-8, lij_IT UTF-8, ln_CD UTF-8, lo_LA UTF-8, lt_LT ISO-8859-13, lt_LT.UTF-8 UTF-8, lv_LV ISO-8859-13, lv_LV.UTF-8 UTF-8, lzh_TW UTF-8, mag_IN UTF-8, mai_IN UTF-8, mai_NP UTF-8, mfe_MU UTF-8, mg_MG ISO-8859-15, mg_MG.UTF-8 UTF-8, mhr_RU UTF-8, mi_NZ ISO-8859-13, mi_NZ.UTF-8 UTF-8, miq_NI UTF-8, mjw_IN UTF-8, mk_MK ISO-8859-5, mk_MK.UTF-8 UTF-8, ml_IN UTF-8, mn_MN UTF-8, mni_IN UTF-8, mnw_MM UTF-8, mr_IN UTF-8, ms_MY ISO-8859-1, ms_MY.UTF-8 UTF-8, mt_MT ISO-8859-3, mt_MT.UTF-8 UTF-8, my_MM UTF-8, nan_TW UTF-8, nan_TW@latin UTF-8, nb_NO ISO-8859-1, nb_NO.UTF-8 UTF-8, nds_DE UTF-8, nds_NL UTF-8, ne_NP UTF-8, nhn_MX UTF-8, niu_NU UTF-8, niu_NZ UTF-8, nl_AW UTF-8, nl_BE ISO-8859-1, nl_BE.UTF-8 UTF-8, nl_BE@euro ISO-8859-15, nl_NL ISO-8859-1, nl_NL.UTF-8 UTF-8, nl_NL@euro ISO-8859-15, nn_NO ISO-8859-1, nn_NO.UTF-8 UTF-8, nr_ZA UTF-8, nso_ZA UTF-8, oc_FR ISO-8859-1, oc_FR.UTF-8 UTF-8, om_ET UTF-8, om_KE ISO-8859-1, om_KE.UTF-8 UTF-8, or_IN UTF-8, os_RU UTF-8, pa_IN UTF-8, pa_PK UTF-8, pap_AW UTF-8, pap_CW UTF-8, pl_PL ISO-8859-2, pl_PL.UTF-8 UTF-8, ps_AF UTF-8, pt_BR ISO-8859-1, pt_BR.UTF-8 UTF-8, pt_PT ISO-8859-1, pt_PT.UTF-8 UTF-8, pt_PT@euro ISO-8859-15, quz_PE UTF-8, raj_IN UTF-8, ro_RO ISO-8859-2, ro_RO.UTF-8 UTF-8, ru_RU ISO-8859-5, ru_RU.CP1251 CP1251, ru_RU.KOI8-R KOI8-R, ru_RU.UTF-8 UTF-8, ru_UA KOI8-U, ru_UA.UTF-8 UTF-8, rw_RW UTF-8, sa_IN UTF-8, sah_RU UTF-8, sat_IN UTF-8, sc_IT UTF-8, sd_IN UTF-8, sd_IN@devanagari UTF-8, sd_PK UTF-8, se_NO UTF-8, sgs_LT UTF-8, shn_MM UTF-8, shs_CA UTF-8, si_LK UTF-8, sid_ET UTF-8, sk_SK ISO-8859-2, sk_SK.UTF-8 UTF-8, sl_SI ISO-8859-2, sl_SI.UTF-8 UTF-8, sm_WS UTF-8, so_DJ ISO-8859-1, so_DJ.UTF-8 UTF-8, so_ET UTF-8, so_KE ISO-8859-1, so_KE.UTF-8 UTF-8, so_SO ISO-8859-1, so_SO.UTF-8 UTF-8, sq_AL ISO-8859-1, sq_AL.UTF-8 UTF-8, sq_MK UTF-8, sr_ME UTF-8, sr_RS UTF-8, sr_RS@latin UTF-8, ss_ZA UTF-8, st_ZA ISO-8859-1, st_ZA.UTF-8 UTF-8, sv_FI ISO-8859-1, sv_FI.UTF-8 UTF-8, sv_FI@euro ISO-8859-15, sv_SE ISO-8859-1, sv_SE.ISO-8859-15 ISO-8859-15, sv_SE.UTF-8 UTF-8, sw_KE UTF-8, sw_TZ UTF-8, szl_PL UTF-8, ta_IN UTF-8, ta_LK UTF-8, tcy_IN.UTF-8 UTF-8, te_IN UTF-8, tg_TJ KOI8-T, tg_TJ.UTF-8 UTF-8, th_TH TIS-620, th_TH.UTF-8 UTF-8, the_NP UTF-8, ti_ER UTF-8, ti_ET UTF-8, tig_ER UTF-8, tk_TM UTF-8, tl_PH ISO-8859-1, tl_PH.UTF-8 UTF-8, tn_ZA UTF-8, to_TO UTF-8, tpi_PG UTF-8, tr_CY ISO-8859-9, tr_CY.UTF-8 UTF-8, tr_TR ISO-8859-9, tr_TR.UTF-8 UTF-8, ts_ZA UTF-8, tt_RU UTF-8, tt_RU@iqtelif UTF-8, ug_CN UTF-8, ug_CN@latin UTF-8, uk_UA KOI8-U, uk_UA.UTF-8 UTF-8, unm_US UTF-8, ur_IN UTF-8, ur_PK UTF-8, uz_UZ ISO-8859-1, uz_UZ.UTF-8 UTF-8, uz_UZ@cyrillic UTF-8, ve_ZA UTF-8, vi_VN UTF-8, wa_BE ISO-8859-1, wa_BE.UTF-8 UTF-8, wa_BE@euro ISO-8859-15, wae_CH UTF-8, wal_ET UTF-8, wo_SN UTF-8, xh_ZA ISO-8859-1, xh_ZA.UTF-8 UTF-8, yi_US CP1255, yi_US.UTF-8 UTF-8, yo_NG UTF-8, yue_HK UTF-8, yuw_PG UTF-8, zh_CN GB2312, zh_CN.GB18030 GB18030, zh_CN.GBK GBK, zh_CN.UTF-8 UTF-8, zh_HK BIG5-HKSCS, zh_HK.UTF-8 UTF-8, zh_SG GB2312, zh_SG.GBK GBK, zh_SG.UTF-8 UTF-8, zh_TW BIG5, zh_TW.EUC-TW EUC-TW, zh_TW.UTF-8 UTF-8, zu_ZA ISO-8859-1, zu_ZA.UTF-8 UTF-8 -locales locales/locales_to_be_generated multiselect -# Zeitzone: -# Choices: Abidjan, Accra, Addis Abeba, Algier, Asmara, Bamako, Bangui, Banjul, Bissau, Blantyre, Brazzaville, Bujumbura, Kairo, Casablanca, Ceuta, Conakry, Dakar, Dar es Salam, Dschibuti, Duala, El Ajun, Freetown, Gaborone, Harare, Johannesburg, Juba, Kampala, Khartum, Kigali, Kinshasa, Lagos, Libreville, Lomé, Luanda, Lubumbashi, Lusaka, Malabo, Maputo, Maseru, Mbabane, Mogadischu, Monrovia, Nairobi, Ndjamena, Niamey, Nouakchott, Ouagadougou, Porto-Novo, São Tomé, Timbuktu, Tripolis, Tunis, Windhoek -tzdata tzdata/Zones/Africa select -# Zusätzliche autorisierte Dienste: -ufw ufw/allow_custom_ports string -# Inkompatible PAM-Profile ausgewählt. -libpam-runtime libpam-runtime/conflicts error -# Dienste bei Paket-Upgrades ohne Rückfrage neu starten? -libc6 libraries/restart-without-asking boolean false -libc6:amd64 libraries/restart-without-asking boolean false -libpam0g:amd64 libraries/restart-without-asking boolean false -libssl1.1:amd64 libraries/restart-without-asking boolean false -# Standard-Befehlszeile für Linux: -grub-pc grub2/linux_cmdline_default string quiet splash -# Participate in the package usage survey? -popularity-contest popularity-contest/participate boolean false -# Methode zur Umschaltung zwischen nationalem und lateinischem Modus: -# Choices: Feststelltaste, Alt rechts (AltGr), Strg rechts, Umschalttaste rechts, Windows-Taste rechts, Menütaste, Alt+Umschalttaste, Strg+Umschalttaste, Strg+Alt, Alt+Feststelltaste, Strg links+Umschalttaste links, Alt links, Strg links, Umschalttaste links, Windows-Taste links, Rollen-Taste, Keine Umschaltung -keyboard-configuration keyboard-configuration/toggle select No toggling -# Möchten Sie man und mandb »setuid man« installieren? -man-db man-db/install-setuid boolean false -# Kernelversion wird nicht unterstützt -libc6 glibc/kernel-not-supported note -libc6:amd64 glibc/kernel-not-supported note -# Rechnername: -ssl-cert make-ssl-cert/hostname string localhost -console-setup console-setup/charmap47 select UTF-8 - -# TODO: set later -grub-pc grub-pc/install_devices multiselect /dev/disk/by-id/ata-VBOX_HARDDISK_VB71f9e682-3531daf0 - -console-setup console-setup/fontface47 select Fixed -# Zeitzone: -# Choices: Casey, Davis, DumontDUrville, Macquarieinsel, Mawson, McMurdo, Palmer, Rothera, Syowa, Troll, Vostok -tzdata tzdata/Zones/Antarctica select -console-setup console-setup/codesetcode string -# Aktuelle Optionen der Tastaturbelegung in der Konfigurationsdatei behalten? -keyboard-configuration keyboard-configuration/unsupported_config_options boolean true -# Standard-Standorteinstellung für die Systemumgebung: -# Choices: Keine, C.UTF-8, -locales locales/default_environment_locale select None -# Zeitzone: -# Choices: Adak, Anchorage, Anguilla, Antigua, Aracaju, Argentinien/Buenos Aires, Argentinien/Catamarca, Argentinien/Córdoba, Argentinien/Jujuy, Argentinien/La Rioja, Argentinien/Mendoza, Argentinien/Río Gallegos, Argentinien/Salta, Argentinien/San Juan, Argentinien/San Luis, Argentinien/Tucumán, Argentinien/Ushuaia, Aruba, Asunción, Atikokan, Atka, Bahia, Bahia Banderas, Barbados, Belém, Belize, Blanc-Sablon, Boa Vista, Bogotá, Boise, Cambridge Bay, Campo Grande, Cancún, Caracas, Cayenne, Kaiman, Chicago, Chihuahua, Coral Harbour, Costa Rica, Creston, Cuiabá, Curaçao, Danmarkshavn, Dawson, Dawson Creek, Denver, Detroit, Dominica, Edmonton, Eirunepe, El Salvador, Ensenada, Fort Nelson, Fortaleza, Glace Bay, Godthåb, Goose Bay, Grand Turk, Grenada, Guadeloupe, Guatemala, Guayaquil, Guyana, Halifax, Havana, Hermosillo, Indiana/Indianapolis, Indiana/Knox, Indiana/Marengo, Indiana/Petersburg, Indiana/Tell City, Indiana/Vevay, Indiana/Vincennes, Indiana/Winamac, Inuvik, Iqaluit, Jamaika, Juneau, Kentucky/Louisville, Kentucky/Monticello, Kralendijk, La Paz, Lima, Los Angeles, Lower Princes, Maceió, Managua, Manaus, Marigot, Martinique, Matamoros, Mazatlán, Menominee, Mérida, Metlakatla, Mexiko-Stadt, Miquelon, Moncton, Monterrey, Montevideo, Montreal, Montserrat, Nassau, New York, Nipigon, Nome, Noronha, North Dakota/Beulah, North Dakota/Zentral, North Dakota/New Salem, Nuuk, Ojinaga, Panama, Pangnirtung, Paramaribo, Phoenix, Port-au-Prince, Port of Spain, Porto Acre, Pôrto Velho, Puerto Rico, Punta Arenas, Rainy River, Rankin Inlet, Recife, Regina, Resolute, Rio Branco, Santa Isabel, Santarém, Santiago, Santo Domingo, São Paulo, Scoresbysund, Shiprock, Sitka, Saint-Barthélemy, St Johns, St Kitts, St Lucia, St Thomas, St Vincent, Swift Current, Tegucigalpa, Thule, Thunder Bay, Tijuana, Toronto, Tortola, Vancouver, Virgin, Whitehorse, Winnipeg, Yakutat, Yellowknife -tzdata tzdata/Zones/America select -grub-pc grub2/update_nvram boolean true -dictionaries-common dictionaries-common/invalid_debconf_value error -libpam0g:amd64 libpam0g/restart-services string -popularity-contest popularity-contest/submiturls string -console-setup console-setup/fontsize-text47 select 8x16 -iproute2 iproute2/setcaps boolean false -ucf ucf/conflicts_found error -keyboard-configuration keyboard-configuration/store_defaults_in_debconf_db boolean true -# Möchten Sie, dass CUPS unbekannte Druckaufträge unbearbeitet (raw) druckt? -cups cupsys/raw-print boolean true -grub-pc grub2/kfreebsd_cmdline string -grub-pc grub-pc/timeout string 0 -tzdata tzdata/Zones/Etc select UTC -tzdata tzdata/Zones/Australia select -base-passwd base-passwd/group-add boolean true -keyboard-configuration keyboard-configuration/layoutcode string de -gdm3 shared/default-x-display-manager select gdm3 -keyboard-configuration keyboard-configuration/xkb-keymap select -keyboard-configuration keyboard-configuration/modelcode string pc105 -tzdata tzdata/Zones/Arctic select -linux-base linux-base/removing-running-kernel boolean true -# Saned-Benutzer zu der Scanner-Gruppe hinzufügen? -sane-utils sane-utils/saned_scanner_group boolean true -# Möchten Sie das Upgrade von Glibc jetzt durchführen? -libc6 glibc/upgrade boolean true -libc6:amd64 glibc/upgrade boolean true -# Hide the GRUB timeout; for internal use -grub-pc grub-pc/hidden_timeout boolean true -# Choices: american (American English), british (British English), deutsch (New German), deutsch (Old German), deutsch (Swiss German), Manuelle Einrichtung von symbolischen Verweisen -dictionaries-common dictionaries-common/default-wordlist select deutsch (New German) -console-setup console-setup/codeset47 select Guess optimal character set -keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean false -grub-pc grub-pc/install_devices_disks_changed multiselect -libpam0g:amd64 libpam0g/restart-failed error -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/allowed_users select Console Users Only -libpam-modules libpam-modules/disable-screensaver error -dash dash/sh boolean true -apparmor apparmor/homedirs string -libc6 glibc/restart-failed error -libc6:amd64 glibc/restart-failed error -grub-pc grub-pc/kopt_extracted boolean false -libpam-runtime libpam-runtime/profiles multiselect unix, systemd, gnome-keyring, capability -grub-pc grub-pc/chainload_from_menu.lst boolean true -grub-pc grub-pc/install_devices_failed_upgrade boolean true -keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout -printer-driver-pnm2ppa pnm2ppa/use_debconf boolean true -# for internal use -console-setup console-setup/store_defaults_in_debconf_db boolean true -# for internal use -console-setup console-setup/fontsize string 8x16 -# Methode zum vorübergehenden Wechseln zwischen nationaler und lateinischer Eingabe: -# Choices: Kein vorübergehender Wechsel, Beide Windows-Tasten, Alt rechts (AltGr), Windows-Taste rechts, Alt links, Windows-Taste links -keyboard-configuration keyboard-configuration/switch select No temporary switch -grub-pc grub-efi/install_devices multiselect -ubuntu-drivers-common ubuntu-drivers-common/obsolete-driver error -base-passwd base-passwd/group-change-gid boolean true -man-db man-db/auto-update boolean true -console-setup console-setup/fontsize-fb47 select 8x16 -ca-certificates ca-certificates/enable_crts multiselect mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/E-Tugra_Certification_Authority.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Taiwan_GRCA.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt -ucf ucf/changeprompt_threeway select keep_current -libpam-runtime libpam-runtime/override boolean false -dictionaries-common dictionaries-common/debconf_database_corruption error -tzdata tzdata/Areas select Etc -grub-pc grub-pc/install_devices_empty boolean false -tzdata tzdata/Zones/Indian select -# Zeitzone: -# Choices: AST4, AST4ADT, CST6, CST6CDT, EST5, EST5EDT, HST10, MST7, MST7MDT, PST8, PST8PDT, YST9, YST9YDT -tzdata tzdata/Zones/SystemV select -# Tastaturbelegung: -# Choices: German, German - German (dead acute), German - German (dead grave acute), German - German (dead tilde), German - German (Dvorak), German - German (Macintosh), German - German (Macintosh\, no dead keys), German - German (Neo 2), German - German (no dead keys), German - German (QWERTY), German - German (T3), German - German (with Sun dead keys), German - Lower Sorbian, German - Lower Sorbian (QWERTZ), German - Romanian (Germany), German - Romanian (Germany\, no dead keys), German - Russian (Germany\, phonetic), German - Turkish (Germany) -keyboard-configuration keyboard-configuration/variant select German -# for internal use -keyboard-configuration keyboard-configuration/variantcode string -# Compose-Taste: -# Choices: Keine Compose-Taste, Alt rechts (AltGr), Strg rechts, Windows-Taste rechts, Menütaste, Windows-Taste links, Feststelltaste -keyboard-configuration keyboard-configuration/compose select No compose key -# Xscreensaver und Xlockmore müssen vor dem Upgrade neu gestartet werden -libc6 glibc/disable-screensaver error -libc6:amd64 glibc/disable-screensaver error -# Zeitzone: -# Choices: Apia, Auckland, Bougainville, Chatham, Chuuk, Easter, Éfaté, Enderbury, Fakaofo, Fidschi, Funafuti, Galapagos, Gambier, Guadalcanal, Guam, Honolulu, Johnston, Kiritimati, Kosrae, Kwajalein, Majuro, Marquesas, Midway, Nauru, Niue, Norfolk, Nouméa, Pago Pago, Palau, Pitcairn, Pohnpei, Ponape, Port Moresby, Rarotonga, Saipan, Samoa, Tahiti, Tarawa, Tongatapu, Truk, Wake, Wallis, Yap -tzdata tzdata/Zones/Pacific select -# Jetzt die Umstellung auf GRUB 2 abschließen? -grub-pc grub-pc/mixed_legacy_and_grub2 boolean true -# Möchten Sie die Gruppe verschieben? -base-passwd base-passwd/group-move boolean true -# Soll der veraltete Verweis /etc/dictionary gelöscht werden? -dictionaries-common dictionaries-common/old_wordlist_link boolean true -# Ufw automatisch starten? -ufw ufw/enable boolean false -# Wollen Sie das GECOS des Benutzers ändern? -base-passwd base-passwd/user-change-gecos boolean true -# Standard-Papierformat für Ihr System: -# Choices: letter, A4, note, legal, executive, halfletter, halfexecutive, 11x17, statement, folio, quarto, 10x14, ledger, tabloid, A0, A1, A2, A3, A5, A6, A7, A8, A9, A10, B0, B1, B2, B3, B4, B5, C5, DL, Comm10, Monarch, archE, archD, archC, archB, archA, flsa, flse, csheet, dsheet, esheet -libpaper1 libpaper/defaultpaper select a4 -libpaper1:amd64 libpaper/defaultpaper select a4 -# Herkunftsland für die Tastatur: -# Choices: Afghani, Albanian, Amharic, Arabic, Arabic (Morocco), Arabic (Syria), Armenian, Azerbaijani, Bambara, Bangla, Belarusian, Belgian, Berber (Algeria\, Latin), Bosnian, Braille, Bulgarian, Burmese, Chinese, Croatian, Czech, Danish, Dhivehi, Dutch, Dzongkha, English (Australian), English (Cameroon), English (Ghana), English (Nigeria), English (South Africa), English (UK), English (US), Esperanto, Estonian, Faroese, Filipino, Finnish, French, French (Canada), French (Democratic Republic of the Congo), French (Guinea), French (Togo), Georgian, German, German (Austria), Greek, Hebrew, Hungarian, Icelandic, Indian, Indonesian (Arab Melayu\, phonetic), Indonesian (Javanese), Iraqi, Irish, Italian, Japanese, Japanese (PC-98), Kazakh, Khmer (Cambodia), Korean, Kyrgyz, Lao, Latvian, Lithuanian, Macedonian, Malay (Jawi\, Arabic Keyboard), Maltese, Maori, Moldavian, Mongolian, Montenegrin, Nepali, Norwegian, Persian, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Sinhala (phonetic), Slovak, Slovenian, Spanish, Spanish (Latin American), Swahili (Kenya), Swahili (Tanzania), Swedish, Switzerland, Taiwanese, Tajik, Thai, Tswana, Turkish, Turkmen, Ukrainian, Urdu (Pakistan), Uzbek, Vietnamese, Wolof -keyboard-configuration keyboard-configuration/layout select German -# Wünschen Sie systemweit lesbare Home-Verzeichnisse? -adduser adduser/homedir-permission boolean true -# Möchten Sie die GID des Benutzers ändern? -base-passwd base-passwd/user-change-gid boolean true -# Zu nutzende Schnittstellenoberfläche: -# Choices: Dialog, Readline, Gnome, Kde, Editor, Nicht-interaktiv -debconf debconf/frontend select Dialog -# for internal use -keyboard-configuration keyboard-configuration/optionscode string -# Inetd-Einträge deaktivieren? -update-inetd update-inetd/ask-disable-entries boolean false -# Wie wollen Sie mit der geänderten Konfigurationsdatei verfahren? -# Choices: Version des Paketbetreuers installieren, aktuell lokal installierte Version beibehalten, Unterschiede zwischen den Versionen anzeigen, Unterschiede zwischen den Versionen nebeneinander anzeigen, die Angelegenheit in einer neu gestarteten Shell untersuchen -ucf ucf/changeprompt select keep_current -# Detect keyboard layout? -keyboard-configuration console-setup/ask_detect boolean false -# Neuen Zertifikaten von Zertifizierungsstellen vertrauen? -# Choices: Ja, Nein, Fragen -ca-certificates ca-certificates/trust_new_crts select yes -# for internal use only -gdm3 gdm3/daemon_name string /usr/sbin/gdm3 -# Alternativ-Name(n): -ssl-cert make-ssl-cert/altname string -# Möchten Sie den Kompatibilitäts-Server für BSD lpd einrichten? -cups-bsd cups-bsd/setuplpd boolean false -# GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren? -grub-pc grub-pc/install_devices_failed boolean false -# Zu aktivierende neue Zertifikate: -# Choices: -ca-certificates ca-certificates/new_crts multiselect -# Neustarten einiger Dienste beim OpenSSL-Upgrade fehlgeschlagen -libssl1.1:amd64 libssl1.1/restart-failed error -# GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren? -grub-pc grub-efi/install_devices_failed boolean false -# Unterschiede zwischen den Versionen zeilenweise anzeigen -ucf ucf/show_diff note -# Inetd-Einträge entfernen? -update-inetd update-inetd/ask-remove-entries boolean false -# Soll lilo nach dem Upgrade automatisch ausgeführt werden (falls vorhanden)? -memtest86+ shared/memtest86-run-lilo boolean false -# TUN/TAP-Gerät anlegen? -openvpn openvpn/create_tun boolean false -# Bestehende Konfiguration gefunden -ufw ufw/existing_configuration error -# Probleme bei der Neuerstellung einer -Hash-Datei () -dictionaries-common dictionaries-common/ispell-autobuildhash-message note -# Zeitzone: -# Choices: Azoren, Bermuda, Kanaren, Kap Verde, Farör, Jan Mayen, Madeira, Reykjavík, South Georgia, St Helena, Stanley -tzdata tzdata/Zones/Atlantic select -# Möchten Sie das Home-Verzeichnis des Benutzers ändern? -base-passwd base-passwd/user-change-home boolean true -# Zeitzone: -# Choices: Amsterdam, Andorra, Astrachan, Athen, Belfast, Belgrad, Berlin, Bratislava, Brüssel, Bukarest, Budapest, Büsingen, Chisinau, Kopenhagen, Dublin, Gibraltar, Guernsey, Helsinki, Isle of Man, Istanbul, Jersey, Kaliningrad, Kiew, Kirow, Lissabon, Ljubljana, London, Luxemburg, Madrid, Malta, Mariehamn, Minsk, Monaco, Moskau, Nicosia, Oslo, Paris, Podgorica, Prag, Riga, Rom, Samara, San Marino, Sarajevo, Saratov, Simferopol, Skopje, Sofia, Stockholm, Tallinn, Tirana, Tiraspol, Uljanowsk, Uschhorod, Vaduz, Vatikan, Wien, Vilnius, Wolgograd, Warschau, Zagreb, Saporischschja, Zürich -tzdata tzdata/Zones/Europe select -# Möchten Sie den Benutzer entfernen? -base-passwd base-passwd/user-remove boolean true -# Aktiviere Saned als Einzel-Server? -sane-utils sane-utils/saned_run boolean false -# Mehrfache Einträge ignorieren und ohne Änderungen fortfahren? -update-inetd update-inetd/ask-several-entries boolean true -# Zeitzone: -# Choices: Aden, Almaty, Amman, Anadyr, Aqtau, Aqtöbe, Asgabat, Atyrau, Bagdad, Bahrain, Baku, Bangkok, Barnaul, Beirut, Bischkek, Brunei, Chita, Tschoibalsan, Chongqing, Colombo, Damaskus, Dhaka, Dili, Dubai, Duschanbe, Famagusta, Gasa, Harbin, Hebron, Ho-Chi-Minh-Stadt, Hong Kong, Chovd, Irkutsk, Istanbul, Jakarta, Jayapura, Jerusalem, Kabul, Kamtschatka, Karatschi, Kaschgar, Katmandu, Khandyga, Kolkata, Krasnojarsk, Kuala Lumpur, Kuching, Kuwait, Macao, Magadan, Ujung Pandang (Makassar), Manila, Maskat, Nicosia, Nowokusnezk, Novosibirsk, Omsk, Oral, Phnom Penh, Pontianak, Pjöngjang, Katar, Qostanay, Ksyl-Orda, Rangun, Riad, Sachalin, Samarkand, Seoul, Shanghai, Singapur, Srednekolymsk, Taipeh, Taschkent, Tiflis, Teheran, Tel Aviv, Thimphu, Tokio, Tomsk, Makassar, Ulan-Bator (Ulaanbaatar), Ürümqi, Ust-Nera, Vientiane, Wladiwostok, Jakutsk, Rangun, Jekaterinburg, Eriwan -tzdata tzdata/Zones/Asia select -# Aktualisierungen für Stable automatisch herunterladen und installieren? -unattended-upgrades unattended-upgrades/enable_auto_updates boolean true -# Voreingestellte Tastaturbelegung () beibehalten? -keyboard-configuration keyboard-configuration/unsupported_layout boolean true -# Möchten Sie die Gruppe entfernen? -base-passwd base-passwd/group-remove boolean true -# Backends für die Kommunikation mit dem Drucker: -# Choices: lpd, Socket, USB, SNMP, dnssd -cups cupsys/backend multiselect lpd, socket, usb, snmp, dnssd -# Möchten Sie den Benutzer hinzufügen? -base-passwd base-passwd/user-add boolean true -# Keyboard layout detection complete -keyboard-configuration console-setup/detected note -# Existierenden Eintrag belassen und ohne Änderungen fortfahren? -update-inetd update-inetd/ask-entry-present boolean true -# Wollen Sie die Shell des Benutzers ändern? -# Standard-Befehlszeile für kFreeBSD: - -printer-driver-pnm2ppa pnm2ppa/printer_model select 710 - -linux-sound-base linux-sound-base/sound_system select ALSA - -debconf debconf/priority select high - -base-passwd base-passwd/user-move boolean true -base-passwd base-passwd/user-change-shell boolean true - -libssl1.1:amd64 libssl1.1/restart-services string - -base-passwd base-passwd/user-change-uid boolean true - -grub-pc grub2/kfreebsd_cmdline_default string quiet splash -grub-pc grub2/no_efi_extra_removable boolean false -grub-pc grub-efi/install_devices_disks_changed multiselect - -keyboard-configuration keyboard-configuration/unsupported_config_layout boolean true -keyboard-configuration keyboard-configuration/unsupported_options boolean true -keyboard-configuration keyboard-configuration/model select Generic 105-key PC (intl.) - -xserver-xorg-legacy xserver-xorg-legacy/xwrapper/actual_allowed_users string console - -printer-driver-pnm2ppa pnm2ppa/create_magicfilter boolean false -grub-pc grub2/linux_cmdline string -libc6 glibc/restart-services string -libc6:amd64 glibc/restart-services string -tzdata tzdata/Zones/US select -dictionaries-common dictionaries-common/default-ispell select -keyboard-configuration console-setup/detect detect-keyboard -libpam-runtime libpam-runtime/no_profiles_chosen error -grub-pc grub-pc/postrm_purge_boot_grub boolean false -ssl-cert make-ssl-cert/vulnerable_prng note -grub-pc grub-efi/install_devices_empty boolean false diff --git a/roles/fai/files/profiles/disk_config/CENTOS b/roles/fai/files/profiles/disk_config/CENTOS deleted file mode 100644 index 9c3c933..0000000 --- a/roles/fai/files/profiles/disk_config/CENTOS +++ /dev/null @@ -1,16 +0,0 @@ -# example of new config file for setup-storage -# -# - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:label - -# Note that the CentOS 5 version of GRUB cannot read from ext3 filesystems with inode_size > 128 -# CentOS 5.6 needs /boot as ext3, so we use ext3 for / - -#primary / 350 ext3 rw,noatime,errors=remount-ro createopts="-L ROOT -I 128" - -# use following line for CentOS 7 -primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT" - -logical swap 200-10G swap sw createopts="-L SWAP" -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/CLOUD b/roles/fai/files/profiles/disk_config/CLOUD deleted file mode 100644 index 0b76001..0000000 --- a/roles/fai/files/profiles/disk_config/CLOUD +++ /dev/null @@ -1,7 +0,0 @@ -# config for a disk image for a VM -# -# - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid align-at:1M - -primary / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAIBASE b/roles/fai/files/profiles/disk_config/FAIBASE deleted file mode 100644 index 0c66cbc..0000000 --- a/roles/fai/files/profiles/disk_config/FAIBASE +++ /dev/null @@ -1,9 +0,0 @@ -# example of new config file for setup-storage -# -# - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid - -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -logical swap 200-10G swap sw -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAIBASE_EFI b/roles/fai/files/profiles/disk_config/FAIBASE_EFI deleted file mode 100644 index 8ff0e4b..0000000 --- a/roles/fai/files/profiles/disk_config/FAIBASE_EFI +++ /dev/null @@ -1,10 +0,0 @@ -# example of new config file for setup-storage -# -# - -disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -primary swap 200-10G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAISERVER b/roles/fai/files/profiles/disk_config/FAISERVER deleted file mode 100644 index 29bf219..0000000 --- a/roles/fai/files/profiles/disk_config/FAISERVER +++ /dev/null @@ -1,11 +0,0 @@ -# config file for an FAI install server -# -# - -disk_config disk1 disklabel:msdos fstabkey:uuid - -primary / 2G-15G ext4 rw,noatime,errors=remount-ro -logical swap 200-1000 swap sw -logical /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" -logical /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" -logical /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/FAISERVER_EFI b/roles/fai/files/profiles/disk_config/FAISERVER_EFI deleted file mode 100644 index 30adbe3..0000000 --- a/roles/fai/files/profiles/disk_config/FAISERVER_EFI +++ /dev/null @@ -1,12 +0,0 @@ -# config file for an FAI install server -# -# - -disk_config disk1 disklabel:gpt fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-15G ext4 rw,noatime,errors=remount-ro -primary swap 200-1000 swap sw -primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" -primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" -primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP b/roles/fai/files/profiles/disk_config/HW4F_DESKTOP deleted file mode 100644 index 1e136e0..0000000 --- a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP +++ /dev/null @@ -1,5 +0,0 @@ -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid - -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -logical swap 200-10G swap sw -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI b/roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI deleted file mode 100644 index c95a40c..0000000 --- a/roles/fai/files/profiles/disk_config/HW4F_DESKTOP_EFI +++ /dev/null @@ -1,6 +0,0 @@ -disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -primary swap 200-10G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/LVM b/roles/fai/files/profiles/disk_config/LVM deleted file mode 100644 index 868970a..0000000 --- a/roles/fai/files/profiles/disk_config/LVM +++ /dev/null @@ -1,15 +0,0 @@ -# - -# entire disk with LVM, separate /home - -disk_config disk1 fstabkey:uuid align-at:1M - -primary /boot 200 ext2 rw,noatime -primary - 4G- - - - -disk_config lvm - -vg vg1 disk1.2 -vg1-root / 3G-50G ext4 noatime,rw -vg1-swap swap 200-4G swap sw -vg1-home /home 600- ext4 noatime,nosuid,nodev,rw diff --git a/roles/fai/files/profiles/disk_config/LVM_EFI b/roles/fai/files/profiles/disk_config/LVM_EFI deleted file mode 100644 index b2609a5..0000000 --- a/roles/fai/files/profiles/disk_config/LVM_EFI +++ /dev/null @@ -1,16 +0,0 @@ -# - -# entire disk with LVM, separate /home - -disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M - -primary /boot/efi 512M vfat rw -primary /boot 200 ext2 rw,noatime -primary - 4G- - - - -disk_config lvm - -vg vg1 disk1.3 -vg1-root / 3G-50G ext4 noatime,rw -vg1-swap swap 200-4G swap sw -vg1-home /home 600- ext4 noatime,nosuid,nodev,rw diff --git a/roles/fai/files/profiles/disk_config/XENIAL b/roles/fai/files/profiles/disk_config/XENIAL deleted file mode 100644 index 22ab65c..0000000 --- a/roles/fai/files/profiles/disk_config/XENIAL +++ /dev/null @@ -1,12 +0,0 @@ -# example of new config file for setup-storage -# -# - -# this is a copy of FAIBASE, but with metadata_csum disabled. -# Ubuntu XENIAL does not yet suport this option - -disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid - -primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum" -logical swap 200-1G swap sw -logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/disk_config/XENIAL_EFI b/roles/fai/files/profiles/disk_config/XENIAL_EFI deleted file mode 100644 index d72f130..0000000 --- a/roles/fai/files/profiles/disk_config/XENIAL_EFI +++ /dev/null @@ -1,13 +0,0 @@ -# example of new config file for setup-storage -# -# - -# this is a copy of FAIBASE, but with metadata_csum disabled. -# Ubuntu XENIAL does not yet suport this option - -disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid - -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro createopts="-O ^metadata_csum" -primary swap 200-1G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0" diff --git a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN b/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN deleted file mode 100644 index deb7948..0000000 --- a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/force_confdef/DEBIAN +++ /dev/null @@ -1,5 +0,0 @@ -DPkg { - Options { - "--force-confdef"; - } -}; diff --git a/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT b/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT deleted file mode 100644 index e953293..0000000 --- a/roles/fai/files/profiles/files/etc/apt/preferences.d/mint.pref/MINT +++ /dev/null @@ -1,11 +0,0 @@ -Package: * -Pin: origin live.linuxmint.com -Pin-Priority: 750 - -Package: * -Pin: release o=linuxmint,c=upstream -Pin-Priority: 700 - -Package: * -Pin: release o=Ubuntu -Pin-Priority: 500 diff --git a/roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP b/roles/fai/files/profiles/files/etc/apt/sources.list.d/mint.list/MINTDESKTOP deleted file mode 100644 index e69de29..0000000 diff --git a/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME b/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME deleted file mode 100644 index f016a99..0000000 --- a/roles/fai/files/profiles/files/etc/apt/sources.list/GNOME +++ /dev/null @@ -1,3 +0,0 @@ -deb {%apt_cdn%}/debian {%release%} main -deb {%security_cdn%}/debian-security {%release%}/updates main -deb {%apt_cdn%}/debian {%release%}-updates main diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN deleted file mode 100644 index d720a78..0000000 Binary files a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN and /dev/null differ diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA deleted file mode 100644 index 1327be6..0000000 Binary files a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/DEBIAN_MULTIMEDIA and /dev/null differ diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP deleted file mode 100644 index 184362a..0000000 Binary files a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/MINTDESKTOP and /dev/null differ diff --git a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU b/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU deleted file mode 100644 index 5efee28..0000000 Binary files a/roles/fai/files/profiles/files/etc/apt/trusted.gpg/UBUNTU and /dev/null differ diff --git a/roles/fai/files/profiles/files/etc/default/console-setup/HW4F_DESKTOP b/roles/fai/files/profiles/files/etc/default/console-setup/HW4F_DESKTOP deleted file mode 100644 index 82cb299..0000000 --- a/roles/fai/files/profiles/files/etc/default/console-setup/HW4F_DESKTOP +++ /dev/null @@ -1,49 +0,0 @@ -# A configuration file for setupcon - -# Change to "yes" and setupcon will explain what is being doing -VERBOSE_OUTPUT=no - -# Setup these consoles. Most people do not need to change this. -ACTIVE_CONSOLES="/dev/tty[1-6]" - -# Put here your encoding. Valid charmaps are: UTF-8 ARMSCII-8 CP1251 -# CP1255 CP1256 GEORGIAN-ACADEMY GEORGIAN-PS IBM1133 ISIRI-3342 -# ISO-8859-1 ISO-8859-2 ISO-8859-3 ISO-8859-4 ISO-8859-5 ISO-8859-6 -# ISO-8859-7 ISO-8859-8 ISO-8859-9 ISO-8859-10 ISO-8859-11 ISO-8859-13 -# ISO-8859-14 ISO-8859-15 ISO-8859-16 KOI8-R KOI8-U TIS-620 VISCII -CHARMAP="UTF-8" - -# The codeset determines which symbols are supported by the font. -# Valid codesets are: Arabic Armenian CyrAsia CyrKoi CyrSlav Ethiopian -# Georgian Greek Hebrew Lao Lat15 Lat2 Lat38 Lat7 Thai Uni1 Uni2 Uni3 -# Vietnamese. Read README.fonts for explanation. -CODESET="Lat15" - -# Valid font faces are: VGA (sizes 8, 14 and 16), Terminus (sizes -# 12x6, 14, 16, 20x10, 24x12, 28x14 and 32x16), TerminusBold (sizes -# 14, 16, 20x10, 24x12, 28x14 and 32x16), TerminusBoldVGA (sizes 14 -# and 16), Fixed (sizes 13, 14, 15, 16 and 18), Goha (sizes 12, 14 and -# 16), GohaClassic (sizes 12, 14 and 16). -FONTFACE="VGA" -FONTSIZE="16" - -# You can also directly specify nonstandard font and ACM to load: -# FONT=/usr/local/share/funnyfonts/sarge16.psf -# ACM=/usr/local/share/consoletrans/my_special_encoding.acm - -# The following variables describe your keyboard and can have the same -# values as the XkbModel, XkbLayout, XkbVariant and XkbOptions options -# in /etc/X11/xorg.conf. -XKBMODEL="pc105" -XKBLAYOUT="de" -XKBVARIANT="" -XKBOPTIONS="" - - -# Do not update the following md5 sum if you change -# /etc/console-setup/boottime.kmap.gz and Debconf will not overwrite -# your custom keymap. Do not update it even if you want to make -# Debconf overwrite it. Instead simply specify the empty string as -# a md5 sum. - -BOOTTIME_KMAP_MD5="" diff --git a/roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD b/roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD deleted file mode 100644 index ad11d23..0000000 --- a/roles/fai/files/profiles/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD +++ /dev/null @@ -1,6 +0,0 @@ -# Disable systemd's network interface name management. -# References: -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385 -# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ - -GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT net.ifnames=0" diff --git a/roles/fai/files/profiles/files/etc/default/locale/HW4F_DESKTOP b/roles/fai/files/profiles/files/etc/default/locale/HW4F_DESKTOP deleted file mode 100644 index b20033b..0000000 --- a/roles/fai/files/profiles/files/etc/default/locale/HW4F_DESKTOP +++ /dev/null @@ -1 +0,0 @@ -LANG="de_DE.UTF-8" diff --git a/roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER b/roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER deleted file mode 100644 index 4711cd1..0000000 --- a/roles/fai/files/profiles/files/etc/fai/fai.conf/FAISERVER +++ /dev/null @@ -1,8 +0,0 @@ -# See fai.conf(5) for detailed information. - -# Account for saving log files and calling fai-chboot. -LOGUSER=fai - -# URL to access the fai config space -# If undefined, use default nfs:///$FAI_CONFIGDIR -FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config diff --git a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER b/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER deleted file mode 100644 index 8d2cde2..0000000 --- a/roles/fai/files/profiles/files/etc/fai/nfsroot.conf/FAISERVER +++ /dev/null @@ -1,15 +0,0 @@ -# For a detailed description see nfsroot.conf(5) - -# " " for debootstrap -FAI_DEBOOTSTRAP="buster http://deb.debian.org/debian" -FAI_ROOTPW='$5$n4TiokMaqws2PC/i$eqDh77it8N/haBU6OeE6WqbBjI0E1IUczp2EJ7Tr4J/' - -NFSROOT=/srv/fai/nfsroot -TFTPROOT=/srv/tftp/fai -NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/ -FAI_DEBOOTSTRAP_OPTS="--exclude=info" - -# Configuration space -FAI_CONFIGDIR=/srv/fai/config - -NFSROOT_ETC_HOSTS="192.168.33.250 faiserver" diff --git a/roles/fai/files/profiles/files/etc/motd/FAIBASE b/roles/fai/files/profiles/files/etc/motd/FAIBASE deleted file mode 100644 index 9f8fed3..0000000 --- a/roles/fai/files/profiles/files/etc/motd/FAIBASE +++ /dev/null @@ -1,4 +0,0 @@ - - -Plan your installation, and FAI installs your plan. - diff --git a/roles/fai/files/profiles/files/etc/rc.local/CLOUD b/roles/fai/files/profiles/files/etc/rc.local/CLOUD deleted file mode 100755 index 6c2a800..0000000 --- a/roles/fai/files/profiles/files/etc/rc.local/CLOUD +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash - -# regenerate ssh_host keys -ls /etc/ssh/ssh_host_* >/dev/null 2>&1 -if [ $? -ne 0 ]; then - dpkg-reconfigure -fnoninteractive openssh-server -fi -rm $0 diff --git a/roles/fai/files/profiles/files/etc/rc.local/FAISERVER b/roles/fai/files/profiles/files/etc/rc.local/FAISERVER deleted file mode 100755 index 80e51ce..0000000 --- a/roles/fai/files/profiles/files/etc/rc.local/FAISERVER +++ /dev/null @@ -1,102 +0,0 @@ -#! /bin/bash - -# setup script that is only run once at boot time -# set up an FAI install server - -NORMAL='\E(B\E[m' -RED='\E[31m' -GREEN='\E[32m' - -set -o pipefail - -# setup network -nic=$(awk '/iface/ {print $2}' /etc/network/interfaces |egrep -v ^lo) -ifup $nic -# regenerate ssh_host keys -ls /etc/ssh/ssh_host_* > /dev/null -if [ $? -ne 0 ]; then - dpkg-reconfigure -fnoninteractive openssh-server -fi -sleep 8 -[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart - -echo "=================================" -echo "Setting up the FAI install server" -echo "This will take a few minutes" -echo "=================================" - -. /etc/fai/fai.conf -. /etc/fai/nfsroot.conf - -# copy the simple examples and pimp my config space -if [ ! -d "$FAI_CONFIGDIR/class" ]; then - mkdir -p $FAI_CONFIGDIR - cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR - ainsl /srv/fai/config/class/FAIBASE.var "^LOGUSER=fai" - myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1) - echo "APTPROXY=http://$myip:3142" >> /srv/fai/config/class/DEBIAN.var -fi -# set the LOGUSER, wo we get all the logs from our install clients -ainsl /etc/fai/fai.conf "^LOGUSER=fai" - -# make index, then import the packages from the CD mirror -apt-get update >/dev/null -curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null - -# setup the FAI server, including creating the nfsroot, use my own proxy -export APTPROXY="http://127.0.0.1:3142" -if [ -f /var/tmp/base.tar.xz ]; then - fai-setup -fvB /var/tmp/base.tar.xz > /var/log/fai/fai-setup.log 2>&1 -else - fai-setup -fv > /var/log/fai/fai-setup.log 2>&1 -fi -if [ $? -eq 0 ]; then - rm /var/tmp/base.tar.xz - echo "" - echo "================================================" - echo -e "Setting up the FAI server was ${GREEN}successful${NORMAL}" - echo "================================================" - echo "" - sleep 10 -else - echo "" - echo "==================================================" - echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!" - echo "Read /var/log/fai/fai-setup.log for more debugging" - echo "==================================================" - echo "" - sleep 10 - exit 99 -fi - -cat <> /srv/fai/nfsroot/etc/fai/fai.conf -# use short hostname instead of FQDN -export HOSTNAME=\${HOSTNAME%%.*} -echo \$HOSTNAME > /proc/sys/kernel/hostname -EOF - -# create default pxelinux boot configuration -fai-chboot -o default - -# create a template for booting the installation -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config buster.tmpl - -# Since we do not know the MAC address, our DHCP cannot provide the hostname. -# Therefore we do explicitly set the hostname -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=xfcehost xfcehost -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=demohost demohost -for c in {01..10}; do - fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config -k hostname=client$c client$c -done - -fai-monitor > /var/log/fai/fai-monitor.log & - -# move me away -mv $0 /var/tmp - -# create new rc.local for next reboot -echo '#! /bin/bash' > /etc/rc.local -echo 'fai-monitor > /var/log/fai/fai-monitor.log &' >> /etc/rc.local -chmod a+rx /etc/rc.local - -exit 0 diff --git a/roles/fai/files/profiles/files/etc/selinux/config/CENTOS b/roles/fai/files/profiles/files/etc/selinux/config/CENTOS deleted file mode 100644 index 9878acb..0000000 --- a/roles/fai/files/profiles/files/etc/selinux/config/CENTOS +++ /dev/null @@ -1,12 +0,0 @@ -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=disabled -# SELINUXTYPE= can take one of these two values: -# targeted - Only targeted network daemons are protected. -# strict - Full SELinux protection. -# mls - Multi Level Security protection. -SELINUXTYPE=targeted -# SETLOCALDEFS= Check local definition changes diff --git a/roles/fai/files/profiles/hooks/debconf.CENTOS b/roles/fai/files/profiles/hooks/debconf.CENTOS deleted file mode 100755 index f98becd..0000000 --- a/roles/fai/files/profiles/hooks/debconf.CENTOS +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash - -skiptask debconf diff --git a/roles/fai/files/profiles/hooks/debconf.IMAGE b/roles/fai/files/profiles/hooks/debconf.IMAGE deleted file mode 100755 index c396636..0000000 --- a/roles/fai/files/profiles/hooks/debconf.IMAGE +++ /dev/null @@ -1,45 +0,0 @@ -#! /bin/bash - -# hook for installing a file system image (tar file) -# this works for Ubuntu 14.04 -# -# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de - - -# I use this tar command to create the image of an already running and configured machine -# tar -cf /tmp/IMAGE.tar --exclude /tmp/\* --exclude /run/\* --exclude /proc/\* --exclude /sys/\* --exclude /dev/\* / -# add --xattrs --selinux --acls if needed (for CentOS 7) -# Then copy this image to /srv/fai/config/basefiles/IMAGE.tar and make sure your client belongs to the class IMAGE - -skiptask extrbase debconf repository updatebase instsoft -skiptask configure # do not run the usual configure scripts - -# we assume, that the new host will get its hostname and IP via DHCP -# remove old hostname -fgrep -v 127.0.1.1 $target/etc/hosts >> /tmp/fai/hosts -mv /tmp/fai/hosts $target/etc/hosts -rm $target/etc/hostname - -#install grub -mount -t proc proc $FAI_ROOT/proc -mount -t sysfs sysfs $FAI_ROOT/sys -mount --bind /dev $FAI_ROOT/dev - -if [ -f $target/etc/debian_version ]; then - $ROOTCMD grub-install $BOOT_DEVICE - $ROOTCMD update-grub -fi -if [ -f $target/etc/centos-release ]; then - rm $target/etc/grub2/device.map - $FAI/scripts/CENTOS/40-install-grub - $FAI/scripts/CENTOS/30-mkinitrd - $ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot -fi - - -# things that may be adjusted: -# -# MAC address ?? (not needed for Ubuntu, it uses iftab(5) -# /etc/hosts may contain the IP and name of the original host -# /etc/hostname (for Ubuntu just remove it) -# /var/lib/NetworkManager/dhclient-eth0.conf? diff --git a/roles/fai/files/profiles/hooks/instsoft.DEBIAN b/roles/fai/files/profiles/hooks/instsoft.DEBIAN deleted file mode 100755 index 35ac306..0000000 --- a/roles/fai/files/profiles/hooks/instsoft.DEBIAN +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -# if package locales will be installed, then install it early, before -# other packages -if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then - exit 0 -fi - -fcopy -Bi /etc/apt/apt.conf.d/force_confdef -ainsl -a /etc/ucf.conf "^conf_force_conffold=YES" - -# in case the locales are already included inside the base file (Ubuntu) -if [ -f $target/usr/sbin/locale-gen ]; then - exit -fi - -# if we want to install locales, install them now -install_packages -l 2>/dev/null | egrep -q ' locales|locales ' -if [ $? -eq 0 ]; then - if [ X$verbose = X1 ]; then - $ROOTCMD apt-get -y install locales - else - $ROOTCMD apt-get -y install locales > /dev/null - fi -fi diff --git a/roles/fai/files/profiles/hooks/repository.CENTOS b/roles/fai/files/profiles/hooks/repository.CENTOS deleted file mode 100755 index e78c0bb..0000000 --- a/roles/fai/files/profiles/hooks/repository.CENTOS +++ /dev/null @@ -1,31 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -if [ $FAI_ACTION = "install" ]; then - mount -t proc proc $target/proc - mount -t sysfs sysfs $target/sys - [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab - - cat > $target/etc/sysconfig/network <<-EOF - NETWORKING=yes - HOSTNAME=$HOSTNAME.$DOMAIN - EOF - echo "127.0.0.1 localhost" > $target/etc/hosts - ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" - cp /etc/resolv.conf $target/etc -fi - -mkdir $target/dev/pts -mknod -m 000 $target/dev/pts/ptmx c 5 2 - -fcopy -riv /etc/yum.repos.d/ - -# disable the fastestmirror plugin -#sed -i -e 's/enabled=1/enabled=0/' $target/etc/yum/pluginconf.d/fastestmirror.conf - -skiptask repository - -exit $error diff --git a/roles/fai/files/profiles/hooks/savelog.LAST.sh b/roles/fai/files/profiles/hooks/savelog.LAST.sh deleted file mode 100755 index e9081dc..0000000 --- a/roles/fai/files/profiles/hooks/savelog.LAST.sh +++ /dev/null @@ -1,223 +0,0 @@ -#! /bin/bash - -# parse all log files for error messages -# print errors and warnings found to error.log -# WARNING: This will only work with english error messages! - -errfile=$LOGDIR/error.log - -# Define grep patterns. Do not start or end with an empty line! -globalerrorpatterns="error -fail -warn - bad -bad -no space -syntax -Couldn't stat -Cannot access - conflict -is bigger than the limit -did not exist -non existent -not found -couldn't -can't -E: Sorry, broken packages -^E: -operator expected -ambiguous redirect -No previous regular expression -No such -Device or resource busy -unknown option -[a-z]\+\.log:E: -No candidate version found -segfault -Couldn't find any package whose name or description matched -cannot create -The following packages have unmet dependencies" - -globalignorepatterns="[a-z]\+\.log:# -Error: Driver 'pcspkr' is already registered, aborting -: bytes packets errors dropped -:+ error=0 -:+ trap error= -task_error_func= -STOP_ON_ERROR= -courier-webadmin -plugins-bad -Enabling conf localized-error-pages -ibwebadmin -kernel-patch-badram -kolab-webadmin -kolabadmin -gstreamer.\+-plugins-really-bad -liberrors.so -liberrors-samba -libsamba-errors -gsambad -libad -libtest-nowarnings-perl -libtest-warn-perl -libclass-errorhandler-perl -zope-ploneerrorreporting -libroxen-errormessage -liberror-perl -perl-Error -libgpg-error-dev -libgpg-error0 -Opts:.\+errors=remount -[RT]X packets: -WARNING: unexpected IO-APIC -warned about = ( ) -daemon.warn -kern.warn -rw,errors= -Expect some cache -no error -failmsg -RPC call returned error 101 -deverror.out -(floppy), sector 0 -mount version older than kernel -Can't locate module -Warning only .\+MB will be used. -hostname: Host name lookup failure -I can't tell the difference. -warning, not much extra random data, consider using the -rand option -confC._FILE -Warning: 3 database(s) sources -were not found, (but were created) -removing exim -The home dir you specified already exists. -No Rule for /usr/lib/ispell/default.hash. -/usr/sbin/update-fonts-.\+: warning: absolute path -hostname: Unknown server error -EXT2-fs warning: checktime reached -RPC: sendmsg returned error 101 -can't print them to stdout. Define these classes -warning: downgrading -suppress emacs errors -echo Error: -Can't open dependencies file -documents in /usr/doc are no longer supported -if you have both a SCSI and an IDE CD-ROM -Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon -Monitoring disabled -Error: only one processor found. -Error Recovery Strategy: -sector 0 does not have an -syslogin_perform_logout: logout() returned an error -grub is not in an XFS filesystem. -grub-install: line 374: -grub-probe: error: Cannot open \`/boot/grub/device.map' -is harmless -not updating .\+ font directory data. -register_serial(): autoconfig failed -Fontconfig error: Cannot load default config file -asking for cache data failed -However, I can not read the target: -Warning: The partition table looks like it was made -task_error=0 -task_local_error=0 -^info: Trying to set -warning: /usr/lib/X11/fonts -can't read /etc/udev/rules.d/z25_persistent-net.rules -/cow': No such file or directory -Dummy start-stop-daemon called -X: bytes packets errors -ACPI Error -ACPI Warning -AE_NOT_FOUND -conflicts with ACPI region -cannot stat \`/etc/modprobe.d/\*.conf' -cdrom: open failed. -libgpg-error -process \`kudzu' used the deprecated sysctl system call -PM: Resume from disk failed -JBD: barrier-based sync failed -aufs: module is from the staging directory, the quality is unknown -warning: linuxlogo stop runlevel arguments (none) do not match -insserv: warning: script .\+ missing LSB tags and overrides -live-premount.\+ If this fails -cannot read table of mounted file systems -error: no alternatives for -ERST: Error Record Serialization Table (ERST) support is initialized -ERST: Table is not found -HEST: Table not found -failed to stat /dev/pts -Failed to connect to socket /var/run/dbus/system_bus_socket -fail to add MMCONFIG information -can't initialize iptables table -can't initialize ip6tables table -Authentication warning overridden -41-warning.sh -PCCT header not found -Download is performed unsandboxed as root as file -update-alternatives: warning: skip creation of -loop: module verification failed: signature -Warning: apt-key output should not be parsed -WARNING: Failed to connect to lvmetad. Falling back to device scanning -Warning: The home dir /var/lib/usbmux you specified -diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory -error reporting disabled -Enabling Firmware First mode for corrected errors -errors: 0 - 0 errors -Memory Error Correction: -Memory Controller 0 - Channel . Error -IIO RAS/Control Status/Global Errors -RAS: Correctable Errors collector initialized -__stack_chk_fail -grub.cfg.new: Directory nonexistent -can't derive routing for PCI INT A -failed to load isci/isci_firmware.bin -Direct firmware load for isci/isci_firmware.bin failed with error -Loading user firmware failed, using default values -stunnel4 you specified can't be accessed: No such file or directory -install-docs --verbose --check file_name' may give more details about the above errors -cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory -can't claim BAR -disabling ASPM -data block query control method not found -subprocess.py.\+RuntimeWarning: line buffering -Resource conflict.\+ found -update-rc.d: warning: start and stop actions are no longer supported" - -# add pattern on some conditions -if [ -n $FAI_ALLOW_UNSIGNED ] ; then - globalignorepatterns="$globalignorepatterns -WARNING: untrusted versions -WARNING: The following packages cannot be authenticated -Ignoring these trust violations" -fi -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# Here you can define your own patterns. Put one pattern in a line, -# do not create empty lines. -myerrorpatterns="X_X-X_XX" -myignorepatterns="X_X-X_XX" -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# The main routine -errorpatterns="$globalerrorpatterns -$myerrorpatterns" -ignorepatterns="$globalignorepatterns -$myignorepatterns" - -cd $LOGDIR || exit 3 -if [ -s $errfile ]; then - echo "Errorfile already exists. Aborting." >&2 - exit -fi - -grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile -if [ X$verbose = X1 ]; then - egrep -v '^software.log:' $errfile > $LOGDIR/tempfile - mv $LOGDIR/tempfile $errfile -fi - -if [ -s $errfile ]; then - echo "ERRORS found in log files. See $errfile" >&2 -else - echo "Congratulations! No errors found in log files." -fi diff --git a/roles/fai/files/profiles/hooks/setup.DEFAULT.sh b/roles/fai/files/profiles/hooks/setup.DEFAULT.sh deleted file mode 100755 index 00a1df2..0000000 --- a/roles/fai/files/profiles/hooks/setup.DEFAULT.sh +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/bash - -# use short hostname instead of FQDN -export HOSTNAME=${HOSTNAME%%.*} -if [ $do_init_tasks -eq 1 ]; then - echo $HOSTNAME > /proc/sys/kernel/hostname -fi diff --git a/roles/fai/files/profiles/hooks/updatebase.CENTOS b/roles/fai/files/profiles/hooks/updatebase.CENTOS deleted file mode 100755 index dd418d8..0000000 --- a/roles/fai/files/profiles/hooks/updatebase.CENTOS +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -if [ ! -f $target/etc/resolv.conf ]; then - cp /etc/resolv.conf $target/etc -fi - -if [ X$verbose = X1 ]; then - echo "Updating base" - $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log -else - $ROOTCMD yum -y update >> $LOGDIR/software.log -fi - -$ROOTCMD systemd-machine-id-setup - -cat > $target/etc/sysconfig/kernel < $target/etc/apt/apt.conf.d/02proxy -else - rm -f $target/etc/apt/apt.conf.d/02proxy -fi - -echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io - -# you may want to add i386 arch to amd64 hosts -# if ifclass AMD64; then -# $ROOTCMD dpkg --add-architecture i386 -# fi diff --git a/roles/fai/files/profiles/hooks/updatebase.UBUNTU b/roles/fai/files/profiles/hooks/updatebase.UBUNTU deleted file mode 100755 index 2d1161c..0000000 --- a/roles/fai/files/profiles/hooks/updatebase.UBUNTU +++ /dev/null @@ -1,30 +0,0 @@ -#! /bin/bash - -# use external mirror, remove this script when using a mirror from CD - -cat < $target/etc/apt/sources.list -# external mirror -deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse -EOM - - -# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html -# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has -# changed. There is a /var/lib/dpkg/info/locales.config file, which -# overrides /var/lib/dpkg/info/locales.postinst and consults -# /var/lib/locales/supported.d/local instead of the debconf system. (See -# the code in /usr/share/debconf/frontend that prefers locales.config.) This -# hook applies the debconf setting. It must run after FAI's debconf task -# but before dpkg gets a chance to clobber debconf with an empty setting. - -if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then - $ROOTCMD debconf --owner=locales sh -c ' - . /usr/share/debconf/confmodule - db_version 2.0 - db_get locales/locales_to_be_generated && - mkdir -p /var/lib/locales/supported.d && - echo "$RET" > /var/lib/locales/supported.d/local' && - $ROOTCMD dpkg-reconfigure locales -fi diff --git a/roles/fai/files/profiles/package_config/CENTOS b/roles/fai/files/profiles/package_config/CENTOS deleted file mode 100644 index 86b2c61..0000000 --- a/roles/fai/files/profiles/package_config/CENTOS +++ /dev/null @@ -1,30 +0,0 @@ -PACKAGES dnfgroup -core -minimal-environment -#server-product-environment -#headless-management - -PACKAGES dnfgroup XORG -graphical-server-environment -workstation-product-environment - -PACKAGES dnfi -NetworkManager -chrony -kernel -dracut -grub2-pc -# CentOS 7 -less -openssh -openssh-clients -openssh-server -vim-enhanced -man -curl -unzip -which -ncurses ncurses-base - -PACKAGES dnfi LVM -lvm2 diff --git a/roles/fai/files/profiles/package_config/CINNAMON b/roles/fai/files/profiles/package_config/CINNAMON deleted file mode 100644 index d074217..0000000 --- a/roles/fai/files/profiles/package_config/CINNAMON +++ /dev/null @@ -1,10 +0,0 @@ -PACKAGES install DEBIAN -task-cinnamon-desktop -network-manager -network-manager-applet -network-manager-config-connectivity-debian -network-manager-gnome - -PACKAGES install UBUNTU -cinnamon-desktop-environment -network-manager diff --git a/roles/fai/files/profiles/package_config/DEBIAN b/roles/fai/files/profiles/package_config/DEBIAN deleted file mode 100644 index 3406534..0000000 --- a/roles/fai/files/profiles/package_config/DEBIAN +++ /dev/null @@ -1,56 +0,0 @@ -PACKAGES install-norec -apt-transport-https # is only needed for stretch -debconf-utils -file -less -linuxlogo -rsync -openssh-client openssh-server -time -procinfo -nullmailer -eject -locales -console-setup kbd -pciutils usbutils -unattended-upgrades - -PACKAGES install NONFREE -# you may want these non-free kernel drivers -firmware-bnx2 firmware-bnx2x firmware-realtek -firmware-linux-nonfree - -PACKAGES install I386 -linux-image-686-pae -memtest86+ - -PACKAGES install CHROOT -linux-image-686-pae- -linux-image-amd64- - -PACKAGES install AMD64 -linux-image-amd64 -memtest86+ - -PACKAGES install ARM64 -grub-efi-arm64 -linux-image-arm64 - -PACKAGES install GRUB_PC -grub-pc - -PACKAGES install GRUB_EFI -grub-efi - -PACKAGES install LVM -lvm2 - -PACKAGES install CLOUD -unattended-upgrades - -PACKAGE install-norec CINNAMON -task-cinnamon-desktop -task-desktop - -PACKAGE install-norec GERMAN -task-german diff --git a/roles/fai/files/profiles/package_config/DEBIAN.gpg b/roles/fai/files/profiles/package_config/DEBIAN.gpg deleted file mode 100644 index 0d5b7a9..0000000 Binary files a/roles/fai/files/profiles/package_config/DEBIAN.gpg and /dev/null differ diff --git a/roles/fai/files/profiles/package_config/FAISERVER b/roles/fai/files/profiles/package_config/FAISERVER deleted file mode 100644 index 25672c8..0000000 --- a/roles/fai/files/profiles/package_config/FAISERVER +++ /dev/null @@ -1,13 +0,0 @@ -PACKAGES install-norec -fai-quickstart - -debmirror tcpdump -xorriso grub-pc -lftp curl -netselect -syslinux-common pxelinux -apt-cacher-ng -nscd psmisc -bind9 dnsutils -iptables-persistent -zile diff --git a/roles/fai/files/profiles/package_config/GERMAN b/roles/fai/files/profiles/package_config/GERMAN deleted file mode 100644 index a9731eb..0000000 --- a/roles/fai/files/profiles/package_config/GERMAN +++ /dev/null @@ -1,5 +0,0 @@ -PACKAGES install -task-german - -PACKAGES install GNOME -firefox-esr-l10n-de thunderbird-l10n-de diff --git a/roles/fai/files/profiles/package_config/GNOME b/roles/fai/files/profiles/package_config/GNOME deleted file mode 100644 index 4ddd3a8..0000000 --- a/roles/fai/files/profiles/package_config/GNOME +++ /dev/null @@ -1,9 +0,0 @@ -PACKAGES install-norec - -firefox-esr -#thunderbird -menu gdm3 -gnome-core -gconf-editor -gnome-screensaver gnome-system-monitor gnome-system-tools -network-manager-gnome diff --git a/roles/fai/files/profiles/package_config/HW4F_DESKTOP b/roles/fai/files/profiles/package_config/HW4F_DESKTOP deleted file mode 100644 index 2ae9b04..0000000 --- a/roles/fai/files/profiles/package_config/HW4F_DESKTOP +++ /dev/null @@ -1,14 +0,0 @@ -PACKAGES install -ubuntu-desktop -language-pack-de -language-pack-gnome-de -thunderbird -thunderbird-locale-de -firefox -firefox-locale-de -libreoffice -libreoffice-l10n-de -libreoffice-help-de -ubuntu-software -ubuntu-snappy -snapd diff --git a/roles/fai/files/profiles/package_config/MINT b/roles/fai/files/profiles/package_config/MINT deleted file mode 100644 index dcf41e8..0000000 --- a/roles/fai/files/profiles/package_config/MINT +++ /dev/null @@ -1,7 +0,0 @@ -PACKAGES install-norec DESKTOP -linuxmint-keyring -mint-info-cinnamon -mint-info -mint-meta-cinnamon -mint-meta-core -mint-meta-codecs diff --git a/roles/fai/files/profiles/package_config/STANDARD b/roles/fai/files/profiles/package_config/STANDARD deleted file mode 100644 index bd1b64a..0000000 --- a/roles/fai/files/profiles/package_config/STANDARD +++ /dev/null @@ -1,34 +0,0 @@ -PACKAGES install-norec - -# the list of standard packages, without any libs and a few packages removed -apt-listchanges -bash-completion -bind9-host -dbus -dnsutils -doc-debian -file -gettext-base -groff-base -hdparm -less -locales -lsof -man-db -manpages -mime-support -ncurses-term -netcat-traditional -openssh-client -pciutils -perl -python -python-minimal -python3 -python3-minimal -reportbug -telnet -traceroute -ucf -xz-utils -vim diff --git a/roles/fai/files/profiles/package_config/UBUNTU b/roles/fai/files/profiles/package_config/UBUNTU deleted file mode 100644 index 5ae44e8..0000000 --- a/roles/fai/files/profiles/package_config/UBUNTU +++ /dev/null @@ -1,22 +0,0 @@ -PACKAGES install I386 -python -python-minimal -linux-image-generic -memtest86+ - -PACKAGES install CHROOT -linux-image-generic- - -PACKAGES install AMD64 -linux-image-generic -memtest86+ - -PACKAGES install GRUB_PC -grub-pc - -PACKAGES install GRUB_EFI -grub-efi - -PACKAGES install -ubuntu-minimal -unattended-upgrades diff --git a/roles/fai/files/profiles/package_config/XFCE b/roles/fai/files/profiles/package_config/XFCE deleted file mode 100644 index 2e878d3..0000000 --- a/roles/fai/files/profiles/package_config/XFCE +++ /dev/null @@ -1,6 +0,0 @@ -PACKAGES install-norec -xfce4 # base system -xfce4-goodies # additional tools -lightdm -firefox-esr -network-manager-gnome diff --git a/roles/fai/files/profiles/package_config/XORG b/roles/fai/files/profiles/package_config/XORG deleted file mode 100644 index 2dd9d0b..0000000 --- a/roles/fai/files/profiles/package_config/XORG +++ /dev/null @@ -1,12 +0,0 @@ -PACKAGES install-norec DEBIAN -xorg xserver-xorg-video-all xserver-xorg-input-all -fonts-freefont-ttf -xscreensaver -xscreensaver-gl -xterm -desktop-base - -PACKAGES install UBUNTU -ubuntu-server- -ubuntu-standard -ubuntu-desktop diff --git a/roles/fai/files/profiles/scripts/CENTOS/10-security b/roles/fai/files/profiles/scripts/CENTOS/10-security deleted file mode 100755 index 566c3f4..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/10-security +++ /dev/null @@ -1,14 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net -# Thomas Lange, 2015-2020 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -$ROOTCMD usermod -p $ROOTPW root - -fcopy -v /etc/selinux/config -$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot -chmod a+rx $target - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd b/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd deleted file mode 100755 index 9ccbeba..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/30-mkinitrd +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net -# (c) Thomas Lange, 2011, Uni Koeln - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -ainsl -v /etc/fstab "proc /proc proc defaults 0 0" -ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0" - -version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-` - - -if [ -f $target/etc/lvm/lvm.conf ]; then - sed -i -e 's/use_lvmetad = 1/use_lvmetad = 0/' $target/etc/lvm/lvm.conf - ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "' -fi - - -# add filesystem driver into initrd -ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+="ext4"' -$ROOTCMD dracut -v --kver $version --force - - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/40-install-grub b/roles/fai/files/profiles/scripts/CENTOS/40-install-grub deleted file mode 100755 index 45c6322..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/40-install-grub +++ /dev/null @@ -1,96 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2011, mgoetze@mgoetze.net -# (c) Thomas Lange 2014 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -if [ -r $LOGDIR/disk_var.sh ] ; then - . $LOGDIR/disk_var.sh -else - echo "disk_var.sh not found!" - exit 1 -fi - - -# CentOS 7 does not have a device.map file, so generate one -if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then - echo "# Generated by FAI" >> $target/boot/grub2/device.map - centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort) - dcount=0 - for d in $centosdisks; do - echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map - dcount=$((dcount + 1)) - done -fi - -bootdev=`device2grub $BOOT_DEVICE` -bootpart=`device2grub $BOOT_PARTITION` -version=`$ROOTCMD rpm -qv kernel | cut -d- -f2-` - -if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then - bootdir='' -else - bootdir='/boot' -fi - -mount -o bind /dev $target/dev - - - -if [ -f $target/usr/sbin/grub2-install ]; then - - # CentOS 7 - $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE" - $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg -else - -$ROOTCMD grub-install --just-copy - -$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF - device $bootdev $BOOT_DEVICE - root $bootpart - setup $bootdev - quit - EOF - -ln -s ./menu.lst $target/boot/grub/grub.conf - -if [ -f $target/boot/grub/splash.xpm.gz ]; then - pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz" -else - pretty="color cyan/blue white/blue" -fi - -if [ -f $target/sbin/dracut -o -f $target/usr/sbin/dracut ]; then - # CentOS 6 - iname=initramfs -else - # CentOS 5 - iname=initrd -fi -title=`head -1 $target/etc/redhat-release` - -cat > $target/boot/grub/grub.conf <<-EOF - timeout 5 - default 0 - $pretty - hiddenmenu - - title $title - root $bootpart - kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro - initrd $bootdir/$iname-$version.img - EOF - -fi - -umount $target/dev - -echo "" -echo "Grub installed on $BOOT_DEVICE = $bootdev" -echo "Grub boot partition is $BOOT_PARTITION = $bootpart" -echo "Root partition is $ROOT_PARTITION" -echo "Boot kernel: $version" - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig b/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig deleted file mode 100755 index 0dd0f4e..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/50-sysconfig +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/bash - -# (c) Michael Goetze, 2011, mgoetze@mgoetze.net - -error=0 ; trap "error=$((error|1))" ERR - -cat > $target/etc/sysconfig/clock <<-EOF - UTC=$UTC - ZONE=$TIMEZONE - EOF -cat > $target/etc/sysconfig/i18n <<-EOF - LANG="$DEFAULTLOCALE" - SUPPORTED="$SUPPORTEDLOCALE" - SYSFONT="$CONSOLEFONT" - EOF -cat > $target/etc/sysconfig/keyboard <<-EOF - KEYBOARDTYPE="pc" - KEYTABLE="$KEYMAP" - EOF - -if [ -f $target/usr/lib/locale/locale-archive.tmpl \ - -a ! -s $target/usr/lib/locale/locale-archive ]; then - mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive -fi - -fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard - -exit $error - diff --git a/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts b/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts deleted file mode 100755 index 2542b9e..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/60-network-scripts +++ /dev/null @@ -1,40 +0,0 @@ -#! /bin/bash - -error=0 ; trap "error=$((error|1))" ERR - - -# determine predictable network names -fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" -for field in $fields; do - name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") - if [[ $name ]]; then - NIC1=$name - break - fi -done -if [[ ! $name ]]; then - echo "$0: error: could not find systemd predictable network name. Using $NIC1." -fi - - -if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then - cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF - # generated by FAI - TYPE=Ethernet - PROXY_METHOD=none - BOOTPROTO=dhcp - DEFROUTE=yes - BROWSER_ONLY=no - IP4_FAILURE_FATAL=no - IPV6INIT=no - IPV6_AUTOCONF=no - NAME=$NIC1 - DEVICE=$NIC1 - ONBOOT=yes - EOF -fi - -fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks -fcopy -ivr /etc/sysconfig/network-scripts - -exit $error diff --git a/roles/fai/files/profiles/scripts/CENTOS/80-misc b/roles/fai/files/profiles/scripts/CENTOS/80-misc deleted file mode 100755 index eff7f18..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/80-misc +++ /dev/null @@ -1,21 +0,0 @@ -#! /bin/bash - -error=0 ; trap "error=$((error|1))" ERR - -# add a $username user account -if [ -n "$username" ]; then - if ! $ROOTCMD getent passwd $username ; then - $ROOTCMD adduser -c "$username user" $username - $ROOTCMD usermod -p "$USERPW" $username - fi -fi - -# enable graphical login screen, make run level 5 as default -if [ -f $target/usr/sbin/gdm ]; then - sed -i -e 's/id:3:initdefault:/id:5:initdefault:/' $target/etc/inittab - # do not run this tool - echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot -fi - -exit $error - diff --git a/roles/fai/files/profiles/scripts/CENTOS/90-cleanup b/roles/fai/files/profiles/scripts/CENTOS/90-cleanup deleted file mode 100755 index 2eadacd..0000000 --- a/roles/fai/files/profiles/scripts/CENTOS/90-cleanup +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash - -$ROOTCMD yum clean all diff --git a/roles/fai/files/profiles/scripts/CLOUD/10-network b/roles/fai/files/profiles/scripts/CLOUD/10-network deleted file mode 100755 index 3406ccc..0000000 --- a/roles/fai/files/profiles/scripts/CLOUD/10-network +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# Disable systemd's network interface name management. -# References: -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385 -# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ - -fcopy -M /etc/default/grub.d/10_cloud_disable_net.ifnames.cfg -$ROOTCMD update-grub diff --git a/roles/fai/files/profiles/scripts/CLOUD/99-cleanup b/roles/fai/files/profiles/scripts/CLOUD/99-cleanup deleted file mode 100755 index 4580988..0000000 --- a/roles/fai/files/profiles/scripts/CLOUD/99-cleanup +++ /dev/null @@ -1,27 +0,0 @@ -#! /bin/bash - -fcopy /etc/init.d/expand-root -if [ -f $target/files/etc/init.d/expand-root ]; then - $ROOTCMD insserv --default expand-root -fi - -sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config -ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120' - -ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr' -ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy' - -rm -f $target/etc/resolv.conf \ - $target/etc/udev/rules.d/70-persistent-net.rules \ - $target/lib/udev/write_net_rules \ - $target/etc/mailname \ - $target/var/lib/dbus/machine-id - -> $target/etc/machine-id - -shred --remove $target/etc/ssh/ssh_host_* - -# FIXME: DHCP RFC3442 is used incorrect in Azure -if [ -f $target/etc/dhcp/dhclient.conf ]; then - sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf -fi diff --git a/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw b/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw deleted file mode 100755 index 8fdf4c8..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/10-rootpw +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# set root password -if [ -n "$ROOTPW" ]; then - $ROOTCMD usermod -p "$ROOTPW" root -else - $ROOTCMD usermod -L root - # enable sudo for user - ainsl /etc/sudoers "$username ALL = ALL" -fi - -exit $error - diff --git a/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities b/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities deleted file mode 100755 index ea650fa..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/20-capabilities +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# -# Capabilities get lost when creating the fai base.tar.xz image. -# Restore them here. -# - -set -e - -if [ ! -x $target/sbin/setcap ] ; then - exit 0 -fi - -for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do - if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then - if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then - echo "Setcap worked! $FILE is not suid!" - fi - fi -done -if [ -x $target/usr/bin/systemd-detect-virt ] ; then - $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt -fi diff --git a/roles/fai/files/profiles/scripts/DEBIAN/30-interface b/roles/fai/files/profiles/scripts/DEBIAN/30-interface deleted file mode 100755 index bff6863..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/30-interface +++ /dev/null @@ -1,125 +0,0 @@ -#! /bin/bash - -netplan_yaml() { - # network configuration using ubuntu's netplan.io - local IFNAME="$1" - local METHOD="$2" - echo "Generating netplan configuration for $IFNAME ($METHOD)" >&2 - echo "# generated by FAI" - echo "network:" - echo " version: 2" - echo " renderer: $RENDERER" - case "$RENDERER" in - networkd) - echo " ethernets:" - echo " $IFNAME:" - case "$METHOD" in - dhcp) - echo " dhcp4: true" - ;; - static) - echo " addresses: [$CIDR]" - echo " gateway4: $GATEWAYS_1" - echo " nameservers:" - echo " search: [$DOMAIN]" - echo " addresses: [${DNSSRVS// /, }]" - ;; - esac - esac -} - -iface_stanza() { - # classic network configuration using /etc/network/interfaces - local IFNAME="$1" - local METHOD="$2" - echo "Generating interface configuration for $IFNAME ($METHOD)" >&2 - echo "# generated by FAI" - echo "auto $IFNAME" - echo "iface $IFNAME inet $METHOD" - case "$METHOD" in - static) - echo " address $IPADDR" - echo " netmask $NETMASK" - echo " broadcast $BROADCAST" - echo " gateway $GATEWAYS" - ;; - esac -} - -newnicnames() { - - # determine predictable network names only for stretch and above - local name - - [ $do_init_tasks -eq 0 ] && return - [ -z "$NIC1" ] && return - ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev) - if dpkg --compare-versions $ver lt 220-7; then - return - fi - - - fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" - for field in $fields; do - name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") - if [[ $name ]]; then - NIC1=$name - return - fi - done - - # try to get altname net dev - name=$(ip link show $NIC1 | awk '/altname / { print $2 }') - if [[ $name ]]; then - NIC1=$name - return - else - echo "$0: error: could not find systemd predictable network name. Using $NIC1." - fi -} - -if [ -z "$NIC1" ]; then - echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces." -fi -CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}') -newnicnames - -case "$FAI_ACTION" in - install|dirinstall) - ifclass DHCPC && METHOD=dhcp || METHOD=static - ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd - - if [ -d $target/etc/netplan ]; then - # Ubuntu >= 17.10 with netplan.io - if [ -n "$NIC1" ]; then - netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml - fi - elif [ -d $target/etc/network/interfaces.d ]; then - # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04) - iface_stanza lo loopback > $target/etc/network/interfaces.d/lo - - if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then - iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1 - fi - else - ( - iface_stanza lo loopback - iface_stanza $NIC1 $METHOD - ) > $target/etc/network/interfaces - fi - - if ! ifclass DHCPC ; then - [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks - if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then - cp -p /etc/resolv.conf $target/etc - fi - fi - ;; -esac - -# here fcopy is mostly used, when installing a client for running in a -# different subnet than during the installation -fcopy -iM /etc/resolv.conf -fcopy -iM /etc/network/interfaces /etc/networks - -exit $error diff --git a/roles/fai/files/profiles/scripts/DEBIAN/40-misc b/roles/fai/files/profiles/scripts/DEBIAN/40-misc deleted file mode 100755 index 714be55..0000000 --- a/roles/fai/files/profiles/scripts/DEBIAN/40-misc +++ /dev/null @@ -1,51 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2001-2016, lange@debian.org -# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# a list of modules which are loaded at boot time -for module in $MODULESLIST; do - ainsl -a /etc/modules "^$module$" -done - -fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname -ainsl -a /etc/mailname ${HOSTNAME} -if [ ! -e $target/etc/adjtime ]; then - printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime -fi -if [ "$UTC" = "yes" ]; then - sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime -else - sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime -fi - -# enable linuxlogo -if [ -f $target/etc/inittab ]; then - sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab -elif [ -f $target/lib/systemd/system/getty@.service ]; then - sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service -fi - -# make sure a machine-id exists -if [ ! -f $target/etc/machine-id ]; then - > $target/etc/machine-id -fi -# recreate machine-id if the file is empty -if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)" = X0 -a -f $target/bin/systemd-machine-id-setup ]; then - $ROOTCMD systemd-machine-id-setup -fi - -ln -fs /proc/mounts $target/etc/mtab - -rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io - -if [ -d /etc/fai ]; then - if ! fcopy -Mv /etc/fai/fai.conf; then - ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC" - fi -fi -fcopy -iv /etc/rc.local - -exit $error diff --git a/roles/fai/files/profiles/scripts/FAIBASE/10-misc b/roles/fai/files/profiles/scripts/FAIBASE/10-misc deleted file mode 100755 index 7a0599d..0000000 --- a/roles/fai/files/profiles/scripts/FAIBASE/10-misc +++ /dev/null @@ -1,37 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2001-2012, lange@debian.org - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -echo $TIMEZONE > $target/etc/timezone -if [ -L $target/etc/localtime ]; then - ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime -else - cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime -fi - -if [ -f $target/etc/hosts.orig ]; then - mv $target/etc/hosts.orig $target/etc/hosts -fi -if [ -n "$IPADDR" ]; then - ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" -else - ifclass DHCPC && ainsl -s /etc/hosts "127.0.0.1 $HOSTNAME" -fi -fcopy -iM /etc/hosts /etc/motd - -# make /root accessible only by root -chmod -c 0700 $target/root -chown -c root:root $target/root -# copy default dotfiles for root account -fcopy -ir /root - -# use tmpfs for /tmp if not defined in disk_config -if ! grep -Pq '\s/tmp\s' $target/etc/fstab; then - ainsl /etc/fstab "tmpfs /tmp tmpfs nodev,nosuid,size=50%,mode=1777 0 0" -fi -chmod -c 1777 ${target}/tmp -chown -c 0:0 ${target}/tmp - -exit $error diff --git a/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media b/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media deleted file mode 100755 index 8ba10d9..0000000 --- a/roles/fai/files/profiles/scripts/FAIBASE/20-removable_media +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -# (c) Thomas Lange, 2006,2009, lange@debian.org -# create entries for removable media in fstab and directories in /media - -cdromlist() { - [ -f /proc/sys/dev/cdrom/info ] || return - devs=$(grep 'drive name:' /proc/sys/dev/cdrom/info | cut -d ":" -f 2) - for d in $devs; do - echo $d - done -} - -fstabline () { - line=$(printf "%-15s %-15s %-7s %-15s %-7s %s\n" "$1" "$2" "$3" "$4" "$5" "$6") - ainsl /etc/fstab "$line" -} - -i=0 -for cdrom in $(cdromlist | tac); do - [ $i -eq 0 ] && ln -sfn cdrom0 $target/media/cdrom - mkdir -p $target/media/cdrom$i - fstabline /dev/$cdrom /media/cdrom$i udf,iso9660 ro,user,noauto 0 0 - i=$(($i + 1)) -done diff --git a/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles b/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles deleted file mode 100755 index 578255f..0000000 --- a/roles/fai/files/profiles/scripts/FAISERVER/10-conffiles +++ /dev/null @@ -1,47 +0,0 @@ -#! /bin/bash - -fcopy -BvrS /etc/fai -fcopy -BvS /etc/dhcp/dhcpd.conf - -if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then - - # use the same sources.list for the server itself and the clients - cp -a $target/etc/fai/apt $target/etc/ - - if ifclass DHCPC; then - rm -f $target/etc/resolv.conf - else - echo 127.0.0.1 > $target/etc/resolv.conf - fi - - # faiserver uses its own apt cache - ainsl -av /etc/apt/apt.conf.d/02proxy 'Acquire::http::Proxy "http://127.0.0.1:3142";' - - # create some host entries - myip=$(ip addr show up| grep -P -o '(?<=inet )[^/]+' | grep -v 127.0.0.1) - ainsl /etc/hosts "$myip faiserver" # that's me - ainsl /etc/hosts "192.168.33.100 demohost" - ainsl /etc/hosts "192.168.33.101 xfcehost" - # add entries for 10 hosts called client 01 .. 10 - perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts - - sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf - ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0" - - # copy base file for faster building of nfsroot - if [ -f /var/tmp/base.tar.xz ]; then - cp -p /var/tmp/base.tar.xz $target/var/tmp - fi - - if [ -d /media/mirror/pool ]; then - mkdir $target/var/cache/apt-cacher-ng/_import - cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import - $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/_import - fi - - # copy basefiles from CD to config space - if [ -d $FAI/basefiles ]; then - mkdir -p $target/srv/fai/config/basefiles - cp -vp $FAI/basefiles/*.tar.* $target/srv/fai/config/basefiles 2>/dev/null || true - fi -fi diff --git a/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup b/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup deleted file mode 100755 index f586ba1..0000000 --- a/roles/fai/files/profiles/scripts/GRUB_EFI/10-setup +++ /dev/null @@ -1,68 +0,0 @@ -#! /bin/bash -# support for GRUB version 2 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# This script assumes that the disk has a GPT partition table and -# that the extended system partition (ESP) is mounted on /boot/efi. -# When building a disk image, we don't change the NVRAM to point at -# the boot image we made available, because the disk image is likely -# not installed on the current system. As a result, we force -# installation into the removable media paths as well as the standard -# debian path. - -set -a - -# do not set up grub during dirinstall -if [ "$FAI_ACTION" = "dirinstall" ] ; then - exit 0 -fi -# during softupdate use this file -[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh - -if [ -z "$BOOT_DEVICE" ]; then - exit 189 -fi - -# disable os-prober because of #788062 -ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' - -# skip the rest, if not an initial installation -if [ $FAI_ACTION != "install" ]; then - $ROOTCMD update-grub - exit $error -fi - -GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) - -# handle /boot in lvm-on-md -_bdev=$(readlink -f $BOOT_DEVICE) -if [ "${_bdev%%-*}" = "/dev/dm" ]; then - BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) -fi - -# Check if RAID is used for the boot device -if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then - raiddev=${BOOT_DEVICE#/dev/} - # install grub on all members of RAID - for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do - echo Install grub on /dev/$device - $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" - done - -elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then - # do not update vmram when using a loop device - $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE - if [ $? -eq 0 ]; then - echo "Grub installed on hostdisk $BOOT_DEVICE" - fi - -else - $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT" - if [ $? -eq 0 ]; then - echo "Grub installed on $BOOT_DEVICE = $GROOT" - fi -fi -$ROOTCMD update-grub - -exit $error diff --git a/roles/fai/files/profiles/scripts/GRUB_PC/10-setup b/roles/fai/files/profiles/scripts/GRUB_PC/10-setup deleted file mode 100755 index 5563275..0000000 --- a/roles/fai/files/profiles/scripts/GRUB_PC/10-setup +++ /dev/null @@ -1,52 +0,0 @@ -#! /bin/bash -# support for GRUB version 2 - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -set -a - -# do not set up grub during dirinstall -if [ "$FAI_ACTION" = "dirinstall" ] ; then - exit 0 -fi -# during softupdate use this file -[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh - -if [ -z "$BOOT_DEVICE" ]; then - exit 189 -fi - -# disable os-prober because of #788062 -ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' - -# skip the rest, if not an initial installation -if [ $FAI_ACTION != "install" ]; then - $ROOTCMD update-grub - exit $error -fi - -GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) - -# handle /boot in lvm-on-md -_bdev=$(readlink -f $BOOT_DEVICE) -if [ "${_bdev%%-*}" = "/dev/dm" ]; then - BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) -fi - -# Check if RAID is used for the boot device -if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then - raiddev=${BOOT_DEVICE#/dev/} - # install grub on all members of RAID - for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do - echo Install grub on /dev/$device - $ROOTCMD grub-install --no-floppy "/dev/$device" - done -else - $ROOTCMD grub-install --no-floppy "$GROOT" - if [ $? -eq 0 ]; then - echo "Grub installed on $BOOT_DEVICE = $GROOT" - fi -fi -$ROOTCMD update-grub - -exit $error diff --git a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy b/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy deleted file mode 100755 index 82548c7..0000000 --- a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -$ROOTCMD rm -f /etc/apt/apt.conf.d/00-proxy diff --git a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network b/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network deleted file mode 100755 index f3e7bdd..0000000 --- a/roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# allow configure NICs globally over network manager -#$ROOTCMD touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf -# enable resolved -$ROOTCMD systemctl enable systemd-resolved - -$ROOTCMD tee /etc/netplan/01-network-manager-all.yaml <$error?$?:$error))' ERR # save maximum error code - -if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then - : -else - # check if mdadm has been forgotten - if grep -q active /proc/mdstat 2>/dev/null; then - if [ ! -d $target/etc/mdadm ]; then - echo ERROR: Found Software RAID, but the mdadm package was not installed - error=1 - fi - fi - - usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l) - if [ $usedm -ne 0 ]; then - if [ ! -d $target/etc/lvm ]; then - echo ERROR: Found lvm devices, but the lvm2 package was not installed - error=1 - fi - fi -fi - -# remove backup files from cfengine, but only if cfengine is installed -if [ -x /usr/sbin/cfagent ] || [ -x $target/usr/sbin/cfagent ] ; then - dirs="root etc var" - for path in $dirs; do - find $target/$path -maxdepth 20 -name \*.cfedited -o -name \*.cfsaved | xargs -r rm - done -fi - -[ "$FAI_DEBMIRROR" ] && - ainsl /etc/fstab "#$FAI_DEBMIRROR $MNTPOINT nfs ro 0 0" - -# set bios clock -if [ $do_init_tasks -eq 1 ] ; then - case "$UTC" in - no|"") hwopt="--localtime" ;; - yes) hwopt="--utc" ;; - esac - hwclock $hwopt --systohc || true -fi - -# Make sure everything is configured properly -if ifclass DEBIAN ; then - $ROOTCMD apt-get -f install -y -fi - -if [ $FAI_ACTION = "install" ]; then - lskernels=$(echo $target/boot/vmlinu*) - if [ ! -f ${lskernels%% *} ]; then - echo "ERROR: No kernel was installed. Have a look at shell.log" >&2 - error=1 - fi -fi - -# copy sources.list -fcopy -iSM /etc/apt/sources.list - - -setrel() { - - # if release is not set, try to determine it - - if [ -n "$release" ]; then - return - fi - if [ ! -f $target/etc/os-release ]; then - return - fi - - dists="jessie stretch buster bullseye bookworm focal bionic xenial trusty" - for d in $dists; do - if grep -iq $d $target/etc/os-release; then - release=$d - break - fi - done -} - -# if installation was done from CD, replace useless sources.list -setrel -if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then - grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat < $target/etc/apt/sources.list -deb $apt_cdn/debian $release main contrib non-free -deb $apt_cdn/debian-security $release/updates main contrib non-free -#deb [trusted=yes] http://fai-project.org/download $release koeln -EOF - # if the package fai-server was installed, enable the project's repository - if [ -f $target/var/lib/dpkg/info/fai-server.list ]; then - sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list - fi -fi - -# for ARM architecture, we may need the kernel and initrd to boot or flash the device -if ifclass ARM64; then - cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR -fi - -exit $error diff --git a/roles/fai/files/profiles/scripts/SECURE_ERASE/01-run b/roles/fai/files/profiles/scripts/SECURE_ERASE/01-run deleted file mode 100755 index 3260f41..0000000 --- a/roles/fai/files/profiles/scripts/SECURE_ERASE/01-run +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -IFS=$'\n' -DEVS_PATH=(`lsblk -n -S -o PATH`) -DEVS_DESC=(`lsblk -n -S -o MODEL`) - -DEVS=(0 '' 0 '') - -ITEMS="dialog --clear --title 'Secure erase disk' --menu 'Select:' 0 0 0" -for (( i=0; i<${#DEVS_PATH[@]}; i++ )) ; do - DEVS+=($i $DEVS_DESC[$i]) -done - -echo ${DEVS[@]} diff --git a/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw b/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw deleted file mode 100755 index 8fdf4c8..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/10-rootpw +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -# set root password -if [ -n "$ROOTPW" ]; then - $ROOTCMD usermod -p "$ROOTPW" root -else - $ROOTCMD usermod -L root - # enable sudo for user - ainsl /etc/sudoers "$username ALL = ALL" -fi - -exit $error - diff --git a/roles/fai/files/profiles/scripts/UBUNTU/11-user b/roles/fai/files/profiles/scripts/UBUNTU/11-user deleted file mode 100755 index 0ec01b1..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/11-user +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/bash - -error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code - -groups="adm cdrom sudo dip plugdev lpadmin sambashare lxd" - -# add additional user account -if [ -n "$username" ]; then - $ROOTCMD adduser --disabled-login --gecos "$username" $username - $ROOTCMD usermod -p "$USERPW" $username - - for g in $groups; do - $ROOTCMD adduser $username $g - done -fi diff --git a/roles/fai/files/profiles/scripts/UBUNTU/90-apt b/roles/fai/files/profiles/scripts/UBUNTU/90-apt deleted file mode 100755 index 4da7029..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/90-apt +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash - -# check if we already use an external mirror -grep -q "external mirror" $target/etc/apt/sources.list && exit 0 - -cat < $target/etc/apt/sources.list -# external mirror -deb $ubuntumirror/ubuntu $ubuntudist main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-updates main restricted universe multiverse -deb $ubuntumirror/ubuntu $ubuntudist-security main restricted universe multiverse -EOM diff --git a/roles/fai/files/profiles/scripts/UBUNTU/91-misc b/roles/fai/files/profiles/scripts/UBUNTU/91-misc deleted file mode 100755 index 0d1d6d8..0000000 --- a/roles/fai/files/profiles/scripts/UBUNTU/91-misc +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/bash - -# disable the first login screen -$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-first-login.desktop -$ROOTCMD dpkg-divert --local --rename --add /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop -$ROOTCMD deluser --system gnome-initial-setup -$ROOTCMD dpkg-reconfigure keyboard-configuration diff --git a/roles/fai/files/profiles/tests/FAIBASE_TEST b/roles/fai/files/profiles/tests/FAIBASE_TEST deleted file mode 100755 index 79bfab2..0000000 --- a/roles/fai/files/profiles/tests/FAIBASE_TEST +++ /dev/null @@ -1,44 +0,0 @@ -#! /usr/bin/perl - -use strict; -use warnings; -use Faitest; -package FAITEST; - -setup_test(); -# - - - - - - - - - - - - - - - - - - - - - - - - - - -# now comes the test itself - -my $dev = &getDevByMount("/target/home"); -&checkE2fsAttribute($dev,"Filesystem volume name","home"); -&checkE2fsAttribute($dev,"Maximum mount count","-1"); -&checkE2fsAttribute($dev,"Check interval","0 ()"); - -exit printresult(); -# - - - - - - - - - - - - - - - - - - - - - - - - - - -__END__ - -=head1 NAME - -FAIBASE_TEST - regression test for setup-storage disk layout FAIBASE - -=head1 SYNOPSIS - -FAIBASE_TEST checks some important aspects of setup-storage. The -disk_config/FAIBASE tunes some filesystem parameters upon creation. We -check only the last partition since we expect prior errors to make -creation of the last partition fail. - - Options: - -help simple help - -verbose=n increase verbosity of test script - -=head1 OPTIONS - -=over 8 - -=item B<-help> -simple help - -=item B<-verbose> -increase verbosity of test script diff --git a/roles/fai/files/profiles/tests/Faitest.pm b/roles/fai/files/profiles/tests/Faitest.pm deleted file mode 100644 index 022b407..0000000 --- a/roles/fai/files/profiles/tests/Faitest.pm +++ /dev/null @@ -1,96 +0,0 @@ -#! /usr/bin/perl - -# Subroutines for automatic tests -# -# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de -# Based on the first version by Sebastian Hetze, 08/2008 - -package FAITEST; - -my $errors = 0; - -use strict; -use Getopt::Long; -use Pod::Usage; -# - - - - - - - - - - - - - - - - - - - - - - - - - - -sub setup_test { - - my $verbose = 0; - my $help = 0; - my $man = 0; - $verbose = $ENV{'debug'} if $ENV{'debug'}; - - my $result = GetOptions ( - "verbose=i" => \$verbose, - "help" => \$help, - "man" => \$man, - - ); - - pod2usage(1) if $help; - pod2usage(-exitstatus => 0, -verbose => 2) if $man; - - open(LOGFILE,">> $ENV{LOGDIR}/test.log") || die "Can't open test.log. $!"; - print LOGFILE "------------ Test $0 starting ------------\n"; -} - -sub printresult { - - # write test result and set next test - my ($nexttest) = @_; - - if ($errors > 0) { - print STDERR "\n===> $0 FAILED with $errors errors\n"; - print LOGFILE "\n===> $0 FAILED with $errors errors\n"; - } else { - print STDERR "\n===> $0 PASSED successfully\n"; - print LOGFILE "\n===> $0 PASSED successfully\n"; - print LOGFILE "NEXTTEST=$nexttest\n" if $nexttest; - } - close (LOGFILE); - return $errors; -} - -sub getDevByMount { - - my $mount = shift; - my $dev = qx#mount|grep $mount|cut -d' ' -f1#; - chomp $dev; - return $dev -} - -sub checkMdStat { - - my ($device, $expected) = @_; - my ($value) = qx#grep -i "^$device\\b" /proc/mdstat# =~ m/$device\s*:\s*(.*)/i; - - if ($value eq $expected) { - print LOGFILE "Check raid $device success\n"; - return 0; - } else { - print LOGFILE "Check raid $device FAILED.\n Expect <$expected>\n Found <$value>\n"; - $errors++; - return 1; - } -} - -sub checkE2fsAttribute { - - my ($device, $attribute, $expected) = @_; - - # since attribute is a space separated list of attributes, IMO we must loop over - # the list. Ask Sebastian again - my ($value) = qx#tune2fs -l $device |grep -i "$attribute"# =~ m/$attribute:\s+(.*)/i; - - if ($value eq $expected) { - print LOGFILE "Check $attribute for $device success\n"; - return 0; - } else { - print LOGFILE "Check $attribute for $device FAILED.\n Expect <$expected>\n Found <$value>\n"; - - $errors++; - return 1; - } -} - -1; diff --git a/roles/fai/files/profiles/files/etc/apt/apt.conf.d/00-proxy/.keep b/roles/fai/files/tools/pmagic/test.file similarity index 100% rename from roles/fai/files/profiles/files/etc/apt/apt.conf.d/00-proxy/.keep rename to roles/fai/files/tools/pmagic/test.file diff --git a/roles/fai/files/vimrc.local b/roles/fai/files/vimrc.local new file mode 100644 index 0000000..4919f34 --- /dev/null +++ b/roles/fai/files/vimrc.local @@ -0,0 +1,51 @@ +" All system-wide defaults are set in $VIMRUNTIME/debian.vim and sourced by +" the call to :runtime you can find below. If you wish to change any of those +" settings, you should do it in this file (/etc/vim/vimrc), since debian.vim +" will be overwritten everytime an upgrade of the vim packages is performed. +" It is recommended to make changes after sourcing debian.vim since it alters +" the value of the 'compatible' option. + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +" Vim will load $VIMRUNTIME/defaults.vim if the user does not have a vimrc. +" This happens after /etc/vim/vimrc(.local) are loaded, so it will override +" any settings in these files. +" If you don't want that to happen, uncomment the below line to prevent +" defaults.vim from being loaded. +let g:skip_defaults_vim = 1 + +" Uncomment the next line to make Vim more Vi-compatible +" NOTE: debian.vim sets 'nocompatible'. Setting 'compatible' changes numerous +" options, so any other options should be set AFTER setting 'compatible'. +"set compatible + +" Vim5 and later versions support syntax highlighting. Uncommenting the next +" line enables syntax highlighting by default. +syntax on + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + +" Uncomment the following to have Vim jump to the last position when +" reopening a file +au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif + +" Uncomment the following to have Vim load indentation rules and plugins +" according to the detected filetype. +filetype plugin indent on + +" The following are commented out as they cause vim to behave a lot +" differently from regular Vi. They are highly recommended though. +set showcmd " Show (partial) command in status line. +set showmatch " Show matching brackets. +"set ignorecase " Do case insensitive matching +"set smartcase " Do smart case matching +"set incsearch " Incremental search +"set autowrite " Automatically save before commands like :next and :make +"set hidden " Hide buffers when they are abandoned +"set mouse=a " Enable mouse usage (all modes) + +colorscheme slate diff --git a/roles/fai/handlers/main.yml b/roles/fai/handlers/main.yml index d8217e7..818d72a 100644 --- a/roles/fai/handlers/main.yml +++ b/roles/fai/handlers/main.yml @@ -2,6 +2,7 @@ # handlers file for fai - name: "Restart tftp server" + become: true ansible.builtin.service: name: tftpd-hpa state: restarted @@ -9,6 +10,7 @@ listen: restart tftpd - name: "Restarting apt-cacher-ng" + become: true ansible.builtin.service: name: apt-cacher-ng state: restarted @@ -16,41 +18,55 @@ listen: restart apt-cacher-ng - name: "Pack fai configuration" + become: true ansible.builtin.shell: | - tar -C "{{ fai_configdir }}" \ - -cf "{{ fai_download_dir + '/' + fai_profiles_archive }}" . + tar -C "{{ fai_dir_config }}" \ + -cf "{{ fai_dir_download + '/' + fai_config_archive }}" . listen: pack fai-config - name: "Restarting inetd" + become: true ansible.builtin.service: name: inetutils-inetd state: restarted listen: restart inetd - name: "Restarting ntp config" + become: true ansible.builtin.service: name: ntp state: restarted listen: restart ntp - name: "Restarting nginx" + become: true ansible.builtin.service: name: nginx state: restarted listen: restart nginx -- name: "apply iptables rules" +- name: "Apply iptables rules" + become: true ansible.builtin.shell: iptables-restore "/etc/iptables/rules.v4" listen: apply iptables -- name: "restart dhcp" +- name: "Restart dhcp" + become: true ansible.builtin.service: name: isc-dhcp-server state: restarted listen: restart dhcpd +- name: "Restarting unbound" + become: true + ansible.builtin.service: + name: unbound + state: restarted + listen: restart unbound + - name: "Reloading unbound" + become: true ansible.builtin.service: name: unbound state: reloaded - listen: "reload unbound" + listen: reload unbound diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml index 489d44f..303e3c4 100644 --- a/roles/fai/tasks/apt-cacher-ng.yml +++ b/roles/fai/tasks/apt-cacher-ng.yml @@ -1,10 +1,12 @@ - name: "Install apt cacher" + become: True ansible.builtin.package: name: - apt-cacher-ng state: present - name: "Configure apt cacher" + become: True ansible.builtin.copy: content: | CacheDir: /var/cache/apt-cacher-ng @@ -40,6 +42,7 @@ notify: restart apt-cacher-ng - name: "Set ubuntu server as backend" + become: True ansible.builtin.copy: content: | http://archive.ubuntu.com/ubuntu/ @@ -49,12 +52,14 @@ mode: '0644' - name: "Ensure service is started and enabled" + become: True ansible.builtin.service: name: apt-cacher-ng enabled: true state: started - name: "Set apt cache also for installer host" + become: True ansible.builtin.copy: dest: "/etc/apt/apt.conf.d/00proxy" content: | diff --git a/roles/fai/tasks/clonezilla.yml b/roles/fai/tasks/clonezilla.yml new file mode 100644 index 0000000..3eb9e75 --- /dev/null +++ b/roles/fai/tasks/clonezilla.yml @@ -0,0 +1,37 @@ +- name: "Install unzip" + ansible.builtin.package: + name: unzip + state: latest + tags: + - clonezilla + - install_unzip + +- name: "Create clonezilla directory '{{ clonezilla_download_dir }}'" + ansible.builtin.file: + dest: "{{ clonezilla_download_dir }}" + owner: root + group: root + mode: '0755' + state: directory + recurse: yes + tags: + - clonezilla + - clonezilla_dir_create + +- name: "Download clonezilla '{{ clonezilla_version }}'" + ansible.builtin.get_url: + url: "{{ clonezilla_download_url }}" + dest: "{{ clonezilla_download_dir }}" + mode: '0644' + tags: + - clonezilla + - clonezilla_download + +- name: "Unzip clonezilla to '{{ clonezilla_download_dir }}'" + ansible.builtin.shell: + chdir: "{{ clonezilla_download_dir }}" + cmd: unzip "{{ clonezilla_download_dir + '/' + clonezilla_archive }}" + check_mode: no + tags: + - clonezilla + - clonezilla_unzip diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml index 3d6f5de..8c83bc2 100644 --- a/roles/fai/tasks/fai-configure.yml +++ b/roles/fai/tasks/fai-configure.yml @@ -1,29 +1,93 @@ -- name: "Setup repos for fai" - ansible.builtin.copy: - dest: "/etc/fai/apt/sources.list" - content: | - {% if use_apt_cache_for_server %} - deb http://localhost:3142/deb.debian.org/debian buster main contrib non-free - deb http://localhost:3142/security.debian.org/debian-security buster/updates main - deb http://localhost:3142/deb.debian.org/debian/ buster-updates main - deb http://localhost:3142/fai-project.org/download buster koeln - {% else %} - deb http://deb.debian.org/debian buster main contrib non-free - deb http://security.debian.org/debian-security buster/updates main - deb http://deb.debian.org/debian/ buster-updates main - deb http://fai-project.org/download buster koeln - {% endif %} +--- +- name: "Configure '{{ fai_etc_dir }}/fai.conf'" + become: true + ansible.builtin.template: + src: "etc/fai/fai.conf.j2" + dest: "{{ fai_etc_dir }}/fai.conf" mode: '0644' owner: root group: root - register: fai_apt_mirrors + tags: + - fai_conf -- name: "Set loguser" +### "/etc/fai/apt" GETS COPIED TO NFSROOT BY "fai-make-nfsroot" +- name: "Set repositories for nfsroot in '{{ dest }}'" + become: true + vars: + dest: "{{ fai_etc_dir }}/apt/sources.list" ansible.builtin.copy: - dest: "/etc/fai/fai.conf" + content: | + deb http://deb.debian.org/debian {{ debian_release_nfsroot }} main contrib non-free + deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-updates main contrib non-free + deb http://deb.debian.org/debian-security {{ debian_release_nfsroot }}-security main contrib non-free + #deb http://deb.debian.org/debian {{ debian_release_nfsroot }}-backports main contrib non-free + + deb http://deb.debian.org/debian testing main contrib non-free + deb http://deb.debian.org/debian sid main contrib non-free + deb http://deb.debian.org/debian experimental main contrib non-free + # repository that may contain newer fai packages for bullseye + deb http://fai-project.org/download bullseye koeln + dest: "{{ dest }}" mode: '0644' owner: root group: root + tags: + - fai_nfsroot_sources_list + +- name: "Create fai dirs for apt'" + become: true + ansible.builtin.file: + name: "{{ item }}" + state: directory + owner: root + group: root + mode: '0755' + loop: + - "{{ fai_etc_dir }}/apt" + - "{{ fai_etc_dir }}/apt/preferences.d" + +- name: "Set preferences for nfsroot in '{{ dest }}'" + become: true + vars: + dest: "{{ fai_etc_dir }}/apt/preferences.d/zz_releases" + ansible.builtin.copy: content: | - LOGUSER=root - FAI_CONFIGDIR={{ fai_configdir }} + Package: * + Pin: release n={{ debian_release_nfsroot |lower }} + Pin-Priority: 500 + + Package: * + Pin: release n={{ debian_release_nfsroot |lower }}-updates + Pin-Priority: 500 + + Package: * + Pin: release n={{ debian_release_nfsroot |lower }}-backports + Pin-Priority: 490 + + Package: * + Pin: release a=testing + Pin-Priority: 400 + + Package: * + Pin: release n=sid + Pin-Priority: 120 + + Package: * + Pin: release a=experimental + Pin-Priority: 110 + + ### PACKAGES + Package: /^fai-.*/ + Pin: release a=experimental + Pin-Priority: 500 + + Package: /^dracut-?.*/ + Pin: release n=sid + Pin-Priority: 500 + dest: "{{ dest }}" + mode: '0644' + owner: root + group: root + tags: + - fai_nfsroot_sources_preferences + diff --git a/roles/fai/tasks/fai-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml index 1d5c405..0205c02 100644 --- a/roles/fai/tasks/fai-ipxe.yml +++ b/roles/fai/tasks/fai-ipxe.yml @@ -1,4 +1,6 @@ +--- - name: "Install package ipxe" + become: True ansible.builtin.package: name: ipxe state: present @@ -6,7 +8,8 @@ - ipxe - ipxe_install -- name: "Copy ipxe" +- name: "Copy iPXE binaries to '{{ tftp_dir }}'" + become: True ansible.builtin.copy: src: "{{ item }}" dest: "{{ tftp_dir }}" @@ -21,6 +24,7 @@ - ipxe_copy - name: "Write ipxe menu" + become: True ansible.builtin.template: src: "menu.ipxe.j2" dest: "{{ tftp_dir }}/menu.ipxe" diff --git a/roles/fai/tasks/fai-nfsroot.yml b/roles/fai/tasks/fai-nfsroot.yml new file mode 100644 index 0000000..70373f6 --- /dev/null +++ b/roles/fai/tasks/fai-nfsroot.yml @@ -0,0 +1,52 @@ +--- +- name: "Create configuration for nfsroot" + become: true + ansible.builtin.template: + src: "etc/fai/nfsroot.conf.j2" + dest: "{{ fai_etc_dir }}/nfsroot.conf" + owner: root + group: root + mode: '0644' + when: false + +- name: "Test if nfsroot dir '{{ fai_dir_nfsroot }}' already exists" + become: true + ansible.builtin.stat: + path: "{{ fai_dir_nfsroot }}" + register: nfsroot_res + +- name: "fai-make-nfsroot - filesystem, kernel and initrd" + become: true + ansible.builtin.shell: fai-make-nfsroot + when: + - not nfsroot_res.stat.exists + +- name: "fai-make-nfsroot - install packages from '{{ fai_etc_dir }}/NFSROOT'" + become: true + ansible.builtin.shell: fai-make-nfsroot -k + when: + - not nfsroot_res.stat.exists + +- name: "Make basefiles" + become: true + ansible.builtin.shell: + cmd: "{{ fai_dir_config }}/basefiles/mk-basefile -J {{ item }}" + chdir: "{{ fai_dir_basefile }}" + creates: "{{ item }}.tar.xz" + loop: + - "FOCAL64" + - "JAMMY64" + +- name: "Allow '{{ fai_loguser }}' to write to '{{ tftp_dir }}' to ship logs" + become: true + ansible.builtin.file: + path: "{{ tftp_dir }}" + state: directory + owner: "{{ fai_loguser }}" + group: "{{ fai_loguser }}" + mode: '0775' + when: + - fai_loguser is defined + - fai_loguser is not none + - false + diff --git a/roles/fai/tasks/fai-prepare.yml b/roles/fai/tasks/fai-prepare.yml index ce23daa..0f0f221 100644 --- a/roles/fai/tasks/fai-prepare.yml +++ b/roles/fai/tasks/fai-prepare.yml @@ -1,32 +1,22 @@ -- name: "Trust fai key" - ansible.builtin.apt_key: - id: B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4 - url: https://fai-project.org/download/2BF8D9FE074BCDE4.asc - state: present - -- name: "Add fai repo" - ansible.builtin.apt_repository: - repo: deb http://fai-project.org/download {{ debian_release }} koeln - state: present - -- name: "Install all required fai programs" - ansible.builtin.package: +--- +- name: "Install all programs required by FAI" + become: true + ansible.builtin.apt: name: - fai-server + - fai-client + - fai-setup-storage + - fai-doc + #- fai-quickstart + #- fai-nfsroot - squashfs-tools - ipxe - state: present + state: latest + tags: + - fai_packages_install -- name: "Create fai profiles directory" - ansible.builtin.file: - name: "{{ fai_configdir }}" - state: directory - mode: '0755' - owner: root - group: root - recurse: true - -- name: "Create http download directories" +- name: "Create directories" + become: true ansible.builtin.file: name: "{{ item }}" state: directory @@ -34,6 +24,11 @@ owner: root group: root recurse: true - with_items: - - "{{ fai_download_dir }}" - - "{{ ipxe_download_dir }}" + loop: + - "{{ fai_dir_config }}" + - "{{ fai_dir_download }}" + - "{{ fai_dir_basefile }}" + - "{{ ipxe_dir_download }}" + tags: + - fai_create_directories + diff --git a/roles/fai/tasks/fai-profiles.yml b/roles/fai/tasks/fai-profiles.yml index 1b340e3..894d162 100644 --- a/roles/fai/tasks/fai-profiles.yml +++ b/roles/fai/tasks/fai-profiles.yml @@ -1,54 +1,91 @@ -- name: "Create fai dir" +--- +- name: "Create fai-config dir '{{ fai_dir_config }}'" + become: true ansible.builtin.file: - name: "/srv/fai/config" + name: "{{ fai_dir_config }}" state: directory owner: root group: root mode: '0755' -- name: "Copy fai profiles" +- name: "Copy fai profiles to '{{ fai_dir_config }}'" + become: true ansible.builtin.copy: src: "profiles/" - dest: "{{ fai_configdir }}" - user: root + dest: "{{ fai_dir_config }}" + owner: root group: root mode: '0755' - force: yes - recursive: yes + force: true + #recursive: true notify: pack fai-config + when: false + +- name: "Git checkout fai-config to '{{ fai_dir_config }}'" + become: true + ansible.builtin.git: + repo: "{{ fai_config_git }}" + dest: "{{ fai_dir_config }}" + version: 'HEAD' + force: true + #recursive: true + notify: pack fai-config + +- name: "Set filesystem permissions of '{{ fai_dir_config }}'" + become: true + ansible.builtin.file: + path: "{{ fai_dir_config }}" + owner: root + group: root + mode: '0755' + #recursive: true + +- name: "Define FAI classes for BASEFILES" + become: true + ansible.builtin.template: + src: "srv/fai/config/class/BASEFILE.var.j2" + dest: "{{ fai_dir_config + '/class/' + item.basefile + '.var' }}" + owner: root + group: root + mode: '0644' + loop: + - basefile: "JAMMY64" + dist: "jammy" + mirror_url: "{{ ubuntu_mirror_url }}" + - basefile: "FOCAL64" + dist: "focal" + mirror_url: "{{ ubuntu_mirror_url }}" - name: "Set APT proxy" + become: true ansible.builtin.template: - src: fai-profile-00-proxy.yml - dest: "{{ fai_configdir }}/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP" + src: "etc/apt/apt.conf.d/02proxy.j2" + dest: "{{ fai_dir_config }}/files/etc/apt/apt.conf.d/02proxy/HW4F_DESKTOP" + owner: root + group: root + mode: '0644' + notify: pack fai-config + when: false + +- name: "Define fai CLASS 'HW4F_DESKTOP'" + become: true + ansible.builtin.template: + src: "srv/fai/config/class/HW4F_DESKTOP.var" + dest: "{{ fai_dir_config }}/class/HW4F_DESKTOP.var" owner: root group: root mode: '0644' notify: pack fai-config -- name: "Set fai provision vars for HW4F profile" +- name: "Set default menu entry to profile" + become: true ansible.builtin.copy: content: | - ### CONFIGURE TIME - UTC=yes - TIMEZONE=Europe/Berlin - - ### INSTALL PARAMETERS - STOP_ON_ERROR=700 - MAXPACKAGES=800 - - KEYMAP=de-latin1-nodeadkeys - - ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512")}}' - - # START USER AND PASSWORD - username={{ fai_hw4f_profile_username }} - USERPW='{{ fai_hw4f_profile_password |password_hash("sha512")}}' - - SUPRESS_GNOME_INITIAL_SCREEN=1 - dest: "{{ fai_configdir }}/class/HW4F_DESKTOP.var" + Default: {{ fai_menu_default }} + dest: "{{ fai_dir_config + '/class/zz_menu_default.profile' }}" owner: root group: root mode: '0644' - notify: pack fai-config - + when: + - fai_menu_default is defined + - fai_menu_default is not none diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml index 14444b5..4618303 100644 --- a/roles/fai/tasks/fai-pxe.yml +++ b/roles/fai/tasks/fai-pxe.yml @@ -1,30 +1,34 @@ -- name: "Find linux kernel images" +--- +- name: "Find linux kernel images in '{{ fai_dir_nfsroot_boot }}'" ansible.builtin.find: - paths: "/srv/fai/nfsroot/boot" + paths: "{{ fai_dir_nfsroot_boot }}" patterns: "vmlinuz-*" register: fai_live_vmlinuz tags: - ipxe -- name: "Find linux initial ram-disks" +- name: "Find linux initial ram-disks in '{{ fai_dir_nfsroot_boot }}'" ansible.builtin.find: - paths: "/srv/fai/nfsroot/boot" + paths: "{{ fai_dir_nfsroot_boot }}" patterns: "initrd.img-*" register: fai_live_initrd tags: - ipxe -- name: "Manipulate file pathes" +- name: "Extract basenames of 'fai_live_vmlinuz' 'fai_live_initrd'" ansible.builtin.set_fact: - fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}" - fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}" + #fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}" + #fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}" + fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path | basename }}" + fai_live_initrd: "{{ fai_live_initrd.files[0].path | basename }}" tags: - ipxe -- name: "Copy linux kernel and initrd to tftp root" +- name: "Copy linux kernel and initrd to ipxe root '{{ ipxe_dir_download }}'" + become: true ansible.builtin.copy: - src: "/srv/fai/nfsroot/boot/{{ item }}" - dest: "{{ ipxe_download_dir + '/' + item }}" + src: "{{ fai_dir_nfsroot_boot + '/' + item }}" + dest: "{{ ipxe_dir_download + '/' + item }}" owner: root group: root mode: '0544' @@ -32,28 +36,41 @@ with_items: - "{{ fai_live_vmlinuz }}" - "{{ fai_live_initrd }}" + tags: + - ipxe -- name: "Check for generated squashfs image" +- name: "Check for generated squashfs image in '{{ fai_squashfs_path }}'" ansible.builtin.stat: path: "{{ fai_squashfs_path }}" - register: squash_img + register: squashfs + tags: + - ipxe + - fai_squashfs_stat - name: "Generate a downloadable squashfs of root filesystem" - shell: "fai-cd -f -M -S {{ fai_squashfs_path }} -d {{ http_mirror_fai_profiles_url }}" + become: true + ansible.builtin.shell: > + fai-cd -f -M -S "{{ fai_squashfs_path }}" + -d "{{ http_mirror_fai_profiles_url }}" when: - - not squash_img.stat.exists + - not squashfs.stat.exists + tags: + - ipxe + - fai_squashfs_generate -- name: "Copy additional files" +- name: "Copy additional files to '{{ ipxe_dir_download }}'" + become: true ansible.builtin.copy: src: "{{ item.value.files + '/' }}" - dest: "{{ ipxe_download_dir + '/' + item.key }}" + dest: "{{ ipxe_dir_download + '/' + item.key }}" mode: push - force: yes - recursive: yes + force: true + recursive: true loop: "{{ ipxe_additional_entries |dict2items }}" when: - item.value.files is defined - item.value.files|length tags: + - ipxe - copy_additional_files diff --git a/roles/fai/tasks/fai-root.yml b/roles/fai/tasks/fai-root.yml deleted file mode 100644 index 1c16508..0000000 --- a/roles/fai/tasks/fai-root.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: "Create configuration for nfsroot" - ansible.builtin.copy: - dest: "/etc/fai/nfsroot.conf" - content: | - # For a detailed description see nfsroot.conf(5) - - # " " for debootstrap - FAI_DEBOOTSTRAP="{{ debian_release }} http://localhost:3142/debian" - FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' - - NFSROOT=/srv/fai/nfsroot - TFTPROOT={{ tftp_dir }} - NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/ - FAI_DEBOOTSTRAP_OPTS="--exclude=wget" - - # Configuration space - FAI_CONFIGDIR=/srv/fai/config - owner: root - group: root - mode: '0644' - -- name: "Test nfsroot exists" - ansible.builtin.stat: - path: "/srv/fai/nfsroot" - register: nfsroot_res - -- name: "Generate root filesystem, kernel and initrd" - ansible.builtin.shell: fai-make-nfsroot - when: - - not nfsroot_res.stat.exists diff --git a/roles/fai/tasks/isc-dhcp-server.yml b/roles/fai/tasks/isc-dhcp-server.yml index 10dcd21..8d61d74 100644 --- a/roles/fai/tasks/isc-dhcp-server.yml +++ b/roles/fai/tasks/isc-dhcp-server.yml @@ -1,73 +1,41 @@ - name: "Install dhcpd" + become: true ansible.builtin.package: name: - isc-dhcp-server - state: present + state: latest + tags: + - dhcp_install - name: "Configure dhcp server" - ansible.builtin.copy: - content: | - option dhcp-max-message-size 2048; - use-host-decl-names on; - - option architecture-type code 93 = unsigned integer 16; - - subnet {{ server_net }}.0 netmask {{ server_netmask }} { - range {{ server_net }}.10 {{ server_net }}.250; - default-lease-time 6000; - max-lease-time 7200; - - option routers {{ routers |default([server_ip]) |join(', ') }}; - option domain-name "{{ domain_name }}"; - option domain-name-servers {{ nameservers |default([server_ip]) |join(', ') }}; - option time-servers {{ timeservers |default([server_ip]) |join(', ') }}; - option ntp-servers {{ timeservers |default([server_ip]) |join(', ') }}; - server-name {{ server_name }}; - next-server {{ server_ip }}; - interface {{ dhcp_interface }}; - - allow booting; - allow bootp; - - class "pxeclients" { - match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; - - if exists user-class and option user-class = "iPXE" { - filename "menu.ipxe"; - } else { - if option architecture-type = 00:09 { - filename "ipxe.efi"; - } elsif option architecture-type = 00:07 { - filename "ipxe.efi"; - } elsif option architecture-type = 00:06 { - filename "ipxe.efi"; - } else { - filename "ipxe.pxe"; - } - } - } - } + become: true + ansible.builtin.template: + src: "etc/dhcp/dhcpd.conf" dest: "/etc/dhcp/dhcpd.conf" mode: '0644' owner: root group: root validate: dhcpd -t -cf %s notify: restart dhcpd - tags: dhcp_configure + tags: + - dhcp_configure -- name: "Set dhcp server interface" - ansible.builtin.copy: - content: | - INTERFACESv4="{{dhcp_interface}}" - INTERFACESv6="" +- name: "Set dhcp server defaults (interface)" + become: true + ansible.builtin.template: + src: "etc/default/isc-dhcp-server" dest: "/etc/default/isc-dhcp-server" mode: '0644' owner: root group: root notify: restart dhcpd + tags: + - dhcp_defaults -- name: "Start dhcp server" +- name: "Start and enable dhcp server" + become: true ansible.builtin.service: name: isc-dhcp-server - state: started enabled: true + tags: + - dhcp_enable diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml index f8c5b90..4fc06af 100644 --- a/roles/fai/tasks/main.yml +++ b/roles/fai/tasks/main.yml @@ -1,54 +1,83 @@ --- # tasks file for fai -- fail: +- name: "Fail if 'dhcp_interface' is undefined" + fail: msg: | Please specify the NIC serving FAI in variable 'dhcp_interface' (e.g. eth1) when: - not dhcp_interface is defined -- name: "Setup apt proxy cache" - include: sudo.yml +- name: "Check packages" + package_facts: + manager: auto + +- name: "Debug host_vars" + debug: + var: hostvars + verbosity: 1 + tags: + - debug_hostvars + +- name: "Configure operating system" + include_tasks: os.yml tags: - ansible_nopasswd +- name: "Configure networking" + include_tasks: network.yml + tags: + - network + +- name: "Configure package management" + include_tasks: package_mgmt.yml + tags: + - package_mgmt + - name: "Setup apt proxy cache" - become: True - include: apt-cacher-ng.yml + include_tasks: apt-cacher-ng.yml - name: "Configure a time server" - become: True - include: time-server.yml + include_tasks: time-server.yml -- name: "Configure a web server" - become: True - include: nginx.yml +- name: "Configure the web server" + include_tasks: nginx.yml -- name: "Configure tftp" - become: True - include: tftpd-hpa.yml +- name: "Configure the tftp server" + include_tasks: tftpd-hpa.yml - name: "Configure dns server" - become: True - include: unbound.yml + include_tasks: unbound.yml + tags: + - unbound -- name: "Configure nic" - become: True - include: network.yml +- name: "Configure dhcp" + include_tasks: isc-dhcp-server.yml + tags: + - dhcp -- name: "Setup dhcp" - become: True - include: isc-dhcp-server.yml +### RUN ALL SO FAR NOTIFIED HANDLERS NOW +- name: "######## Flush handlers ########" + ansible.builtin.meta: flush_handlers -- include: fai-prepare.yml - become: True -- include: fai-configure.yml - become: True -- include: fai-profiles.yml - become: True -- include: fai-root.yml - become: True -- include: fai-pxe.yml - become: True -- include: fai-ipxe.yml - become: True +- name: "Prepare FAI" + include_tasks: fai-prepare.yml + tags: + - fai_prepare + +- name: "Configure FAI" + include_tasks: fai-configure.yml + tags: + - fai_configure + +- name: "Transfer FAI profiles" + include_tasks: fai-profiles.yml + +- name: "Create FAI root" + include_tasks: fai-nfsroot.yml + +- name: "Configure FAI PXE" + include_tasks: fai-pxe.yml + +- name: "Configure FAI iPXE" + include_tasks: fai-ipxe.yml diff --git a/roles/fai/tasks/network.yml b/roles/fai/tasks/network.yml index 2c156f5..a6566ec 100644 --- a/roles/fai/tasks/network.yml +++ b/roles/fai/tasks/network.yml @@ -1,40 +1,42 @@ --- - name: "Install networking packages" + become: true ansible.builtin.package: name: - iptables - iptables-persistent - ifupdown - state: present - -- name: "Ensure systemd-resolved is stopped and disabled" - service: - name: systemd-resolved - enabled: false - state: stopped + state: latest + tags: + - network_packages_install - name: "Write config for lan interface" + become: true ansible.builtin.copy: content: | - auto {{ dhcp_interface }} allow-hotplug {{ dhcp_interface }} iface {{ dhcp_interface }} inet static address {{ server_ip }} - netmask {{ server_netmask }} dest: "/etc/network/interfaces.d/{{ dhcp_interface }}" owner: root group: root mode: 0644 register: dhcp_iface_config + tags: + - network_ - name: "Restart lan interface" + become: true ansible.builtin.shell: | ifdown --force {{ dhcp_interface }} || true ifup {{ dhcp_interface }} when: - dhcp_iface_config.changed + tags: + - network_iface_restart -- name: "Enable permantent masquerading for ipv4" +- name: "Enable masquerading for ipv4 permanently" + become: true ansible.builtin.copy: content: | *nat @@ -46,11 +48,16 @@ COMMIT dest: "/etc/iptables/rules.v4" notify: apply iptables + tags: + - network_masquerade -- name: "Enable ip forwarding" +- name: "Enable IP forwarding" + become: true ansible.builtin.sysctl: name: net.ipv4.ip_forward value: '1' - sysctl_set: yes + sysctl_set: true state: present - reload: yes + reload: true + tags: + - network_ip_forward diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml index 4f30d8a..049fe48 100644 --- a/roles/fai/tasks/nginx.yml +++ b/roles/fai/tasks/nginx.yml @@ -1,4 +1,5 @@ - name: "Install nginx" + become: true ansible.builtin.package: name: - nginx-light @@ -8,23 +9,9 @@ - nginx_install - name: "Configure http server" - ansible.builtin.copy: - content: | - server { - listen 80 default_server; - listen [::]:80 default_server; - root {{ nginx_root }}; - index index.html; - server_name _; - - location /{{ http_mirror_ipxe_path_prefix }} { - autoindex on; - } - - location /{{ http_mirror_fai_path_prefix }} { - autoindex on; - } - } + become: true + ansible.builtin.template: + src: "etc/nginx/sites-available/default_server.conf.j2" dest: "{{ nginx_site_available }}" mode: '0644' owner: root @@ -35,6 +22,7 @@ - nginx_site_available - name: "Check nginx availability of '{{ nginx_site_available }}'" + become: true ansible.builtin.stat: path: "{{ nginx_site_available }}" register: nginx_site_available_stat @@ -43,15 +31,32 @@ - nginx_site_available_stat - name: "Debug variable 'nginx_site_available_stat'" + become: true ansible.builtin.debug: var: nginx_site_available_stat + verbosity: 2 when: - nginx_site_available_stat.stat is defined tags: - nginx - nginx_site_available_stat +- name: "Disable default site" + become: true + ansible.builtin.file: + dest: "{{ nginx_site_default }}" + state: absent + when: + - nginx_site_available_stat.stat.exists is defined + - nginx_site_available_stat.stat.exists + - nginx_site_available_stat.stat.isreg + notify: restart nginx + tags: + - nginx + - nginx_site_disable_default + - name: "Enable nginx site '{{ nginx_site_available }}'" + become: true ansible.builtin.file: src: "{{ nginx_site_available }}" dest: "{{ nginx_site_enabled }}" @@ -66,20 +71,9 @@ - nginx_site_enable - name: "Place info site" - ansible.builtin.copy: - content: | - - - Hardware for Future - PXE Environment - - -

This mirror is part of the project - - Hardware for Future -

-

Restart the computer and boot into PXE to install Ubuntu.

- - + become: true + ansible.builtin.template: + src: "var/www/html/index.html.j2" dest: "{{ nginx_root }}/index.html" mode: "0644" owner: root @@ -89,6 +83,7 @@ - nginx_html - name: "Ensure http server is running" + become: true ansible.builtin.service: name: nginx state: started diff --git a/roles/fai/tasks/os.yml b/roles/fai/tasks/os.yml new file mode 100644 index 0000000..296b548 --- /dev/null +++ b/roles/fai/tasks/os.yml @@ -0,0 +1,72 @@ +### OPERATING SYSTEM CONFIGURATION + +- name: "Debug conditions" + ansible.builtin.debug: + var: item + verbosity: 2 + loop: + - "{{ ansible_nopasswd }}" + - "{{ ansible_user_id }}" + tags: + - ansible_nopasswd + +- name: "Allow ansible user to use sudo without password (only for testing)" + become: true + ansible.builtin.template: + src: "sudoers.d/ansible.jn2" + dest: "/etc/sudoers.d/ansible" + owner: root + group: root + mode: '0440' + lstrip_blocks: true + backup: no + validate: /usr/sbin/visudo -cf %s + when: + - ansible_nopasswd + - ansible_user_id != "root" + tags: + - ansible_nopasswd + +- name: "Make sure to remove sudo without password (only for testing)" + become: true + ansible.builtin.file: + path: "/etc/sudoers.d/ansible" + state: absent + when: not ansible_nopasswd + tags: + - ansible_nopasswd + +- name: "Configure bashrc" + become: true + ansible.builtin.copy: + src: "bashrc" + dest: "/root/.bashrc" + owner: root + group: root + mode: '0644' + tags: + - bashrc + +- name: "Configure global vimrc.local" + become: true + ansible.builtin.copy: + src: "vimrc.local" + dest: "/etc/vim/vimrc.local" + owner: root + group: root + mode: '0644' + tags: + - vimrc.local + +- name: "Install essential packages" + become: true + vars: + distrib: "{{ ansible_distribution|lower }}" + package: + name: '{{ package_set.core[distrib].standard }}' + state: present + update_cache: False + ### ONLY A SET FOR DEBIAN/UBUNTU HAS BEEN DEFINED YET + when: ansible_facts['os_family'] == "Debian" + tags: + - packages diff --git a/roles/fai/tasks/package_mgmt.yml b/roles/fai/tasks/package_mgmt.yml new file mode 100644 index 0000000..dc05875 --- /dev/null +++ b/roles/fai/tasks/package_mgmt.yml @@ -0,0 +1,48 @@ +- name: "Install gpg" + become: true + ansible.builtin.package: + name: "gpg" + state: present + tags: + - gpg_install + +- name: "Trust fai key" + become: true + ansible.builtin.apt_key: + id: "B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4" + url: "https://fai-project.org/download/2BF8D9FE074BCDE4.asc" + state: present + tags: + - fai_repo_key_install + +- name: "Add repositories" + become: true + ansible.builtin.apt_repository: + repo: "{{ item.repo }}" + filename: "{{ item.filename | default(omit) }}" + state: present + tags: + - fai_repo + loop: "{{ repos }}" + +- name: "Remove sources.list" + become: true + vars: + paths: + - "/etc/apt/sources.list" + - "/etc/apt/sources.list~" + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: "{{ paths }}" + +- name: "Add preferences" + become: true + ansible.builtin.template: + src: "etc/apt/preferences.d/pinning.j2" + dest: "/etc/apt/preferences.d/zz_releases" + owner: root + group: root + mode: "0644" + tags: + - fai_repo diff --git a/roles/fai/tasks/sudo.yml b/roles/fai/tasks/sudo.yml deleted file mode 100644 index 36ef51c..0000000 --- a/roles/fai/tasks/sudo.yml +++ /dev/null @@ -1,37 +0,0 @@ -### OPERATING SYSTEM CONFIGURATION - -- name: "Debug conditions" - debug: - var: item - loop: - - "{{ ansible_nopasswd }}" - - "{{ ansible_user_id }}" - tags: - - ansible_nopasswd - -- name: "Allow ansible user to use sudo without password (only for testing)" - become: true - template: - src: sudoers.d/ansible.jn2 - dest: "/etc/sudoers.d/ansible" - owner: root - group: root - mode: '0440' - lstrip_blocks: true - backup: no - validate: /usr/sbin/visudo -cf %s - when: - - ansible_nopasswd - - ansible_user_id != "root" - tags: - - ansible_nopasswd - -- name: "Make sure to remove sudo without password (only for testing)" - become: true - file: - path: "/etc/sudoers.d/ansible" - state: absent - when: not ansible_nopasswd - tags: - - ansible_nopasswd - diff --git a/roles/fai/tasks/tftpd-hpa.yml b/roles/fai/tasks/tftpd-hpa.yml index a6dc44c..9421c3f 100644 --- a/roles/fai/tasks/tftpd-hpa.yml +++ b/roles/fai/tasks/tftpd-hpa.yml @@ -1,10 +1,12 @@ - name: "Install tftp server" + become: True ansible.builtin.package: name: - tftpd-hpa state: present - name: "Create tftp fai directory" + become: True ansible.builtin.file: name: "{{ tftp_dir }}" state: directory @@ -14,6 +16,7 @@ recurse: true - name: "Configure tftp server" + become: True ansible.builtin.copy: dest: "/etc/default/tftpd-hpa" content: | @@ -27,6 +30,7 @@ notify: restart tftpd - name: "Start tftp daemon" + become: True ansible.builtin.service: name: tftpd-hpa state: started diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml index 86c9b83..1b3eace 100644 --- a/roles/fai/tasks/time-server.yml +++ b/roles/fai/tasks/time-server.yml @@ -1,14 +1,16 @@ -- name: "Install inetd and ntp" +- name: "Install inetd" + become: true ansible.builtin.package: name: - inetutils-tools - inetutils-inetd - - ntp - state: present + state: latest + tags: + - inetd - name: "Configure rdate for inetd" + become: true ansible.builtin.lineinfile: - path: "/etc/inetd.conf" create: yes line: 'time stream tcp nowait root internal' dest: "/etc/inetd.conf" @@ -16,39 +18,44 @@ group: root mode: '0644' notify: restart inetd + tags: + - inetd + - rdate - name: "Start inetd" + become: true ansible.builtin.service: name: inetutils-inetd state: started enabled: true + tags: + - inetd + - inetd_enable + +- name: "Uninstall conflicting 'systemd-timesyncd'" + become: true + ansible.builtin.apt: + name: + - systemd-timesyncd + state: absent + tags: + - inetd + when: + - "'systemd-timesyncd' in ansible_facts.packages" + +- name: "Install inetd" + become: true + ansible.builtin.apt: + name: + - ntp + state: latest + tags: + - inetd - name: "Configure ntp server" - ansible.builtin.copy: - content: | - driftfile /var/lib/ntp/ntp.drift - - leapfile /usr/share/zoneinfo/leap-seconds.list - statistics loopstats peerstats clockstats - - filegen loopstats file loopstats type day enable - filegen peerstats file peerstats type day enable - filegen clockstats file clockstats type day enable - - pool 0.debian.pool.ntp.org iburst - pool 1.debian.pool.ntp.org iburst - pool 2.debian.pool.ntp.org iburst - pool 3.debian.pool.ntp.org iburst - - restrict -4 default kod notrap nomodify nopeer noquery limited - restrict -6 default kod notrap nomodify nopeer noquery limited - - # Local users may interrogate the ntp server more closely. - restrict 127.0.0.1 - restrict {{server_net}}.0/24 - restrict ::1 - - restrict source notrap nomodify noquery + become: true + ansible.builtin.template: + src: "etc/ntp.conf" dest: "/etc/ntp.conf" mode: '0644' owner: root @@ -56,6 +63,7 @@ notify: restart ntp - name: "Start and enable ntp daemon" + become: true ansible.builtin.service: name: ntp state: started diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml index 3841989..14fb3c7 100644 --- a/roles/fai/tasks/unbound.yml +++ b/roles/fai/tasks/unbound.yml @@ -1,28 +1,80 @@ -- name: "Install unbound server" +- name: "Ensure systemd-resolved is stopped and disabled" + service: + name: systemd-resolved + enabled: false + state: stopped + tags: + - systemd-resolved_disable + when: + - "'systemd-resolved' in ansible_facts.packages" + +- name: "Install DNS - unbound server" + become: true ansible.builtin.package: name: unbound - state: present + state: latest + tags: + - unbound_install -- name: "Configure DNS" - ansible.builtin.copy: - content: | - server: - access-control: {{ server_net }}.0/{{ server_netbits }} allow - private-domain: "{{ domain_name }}" - domain-insecure: "{{ domain_name }}" +- name: "Configure DNS - remote control" + become: true + ansible.builtin.template: + src: "etc/unbound/unbound.conf.d/remote.conf" + dest: "/etc/unbound/unbound.conf.d/remote.conf" + mode: '0644' + owner: root + group: root + validate: "unbound-checkconf %s" + notify: restart unbound + tags: + - unbound_configure + when: + - false - interface: 0.0.0.0 - - local-zone: "{{ domain_name }}." static - local-data: "{{ server_name }}.{{ domain_name }}. IN A {{ server_ip }}" +- name: "Configure DNS - zone '{{ domain_name }}'" + become: true + ansible.builtin.template: + src: "etc/unbound/unbound.conf.d/fai.conf" dest: "/etc/unbound/unbound.conf.d/fai.conf" mode: '0644' owner: root group: root - notify: reload unbound + validate: "unbound-checkconf %s" + notify: restart unbound + tags: + - unbound_configure -- name: "Ensure unbound is enabled and running" +- name: "Configure DNS - disable IPv6 to avoid trouble with vagrant" + become: true + ansible.builtin.copy: + content: | + server: + ### DISABLE BIND TO IPV6 TO AVOID TROUBLE WITH VAGRANT + do-ip6: no + dest: "/etc/unbound/unbound.conf.d/ipv6_disabled.conf" + mode: '0644' + owner: root + group: root + validate: "unbound-checkconf %s" + notify: restart unbound + tags: + - unbound_configure + +- name: "Start and enable unbound" + become: true ansible.builtin.service: name: unbound - state: started enabled: true + state: started + tags: + - unbound_enable + +- name: > + "Sleep for '{{wait_timeout_unbound }}' seconds + then run handlers to restart unbound" + vars: + wait_timeout_unbound: 3 + wait_for: + timeout: "{{ wait_timeout_unbound }}" + delegate_to: localhost + when: false diff --git a/roles/fai/templates/etc/apt/preferences.d/pinning.j2 b/roles/fai/templates/etc/apt/preferences.d/pinning.j2 new file mode 100644 index 0000000..8a33974 --- /dev/null +++ b/roles/fai/templates/etc/apt/preferences.d/pinning.j2 @@ -0,0 +1,16 @@ +{% for repo in repos %} +{% if repo.preferences is defined %} +{% for pref in repo.preferences %} +Package: {{ pref.package | lower }} +Pin: +{%- if pref.release_name is defined and pref.release_name is not none %} + release n={{ pref.release_name | lower }} +{% endif %} +{%- if pref.suite is defined and pref.suite is not none %} + release a={{ pref.suite | lower }} +{% endif %} +Pin-Priority: {{ pref.pin_priority }} + +{% endfor %} +{% endif %} +{% endfor %} diff --git a/roles/fai/templates/etc/default/isc-dhcp-server b/roles/fai/templates/etc/default/isc-dhcp-server new file mode 100644 index 0000000..708eb8c --- /dev/null +++ b/roles/fai/templates/etc/default/isc-dhcp-server @@ -0,0 +1,28 @@ +# Defaults for isc-dhcp-server initscript + +# sourced by /etc/init.d/isc-dhcp-server +# installed at /etc/default/isc-dhcp-server by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf + +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). +#DHCPDv4_PID=/var/run/dhcpd.pid +#DHCPDv6_PID=/var/run/dhcpd6.pid + +# Additional options to start dhcpd with. +# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead +#OPTIONS="" + +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? +# Separate multiple interfaces with spaces, e.g. "eth0 eth1". +#INTERFACESv4="" +#INTERFACESv6="" +INTERFACESv4="{{ dhcp_interface }}" +INTERFACESv6="" + diff --git a/roles/fai/templates/etc/dhcp/dhcpd.conf b/roles/fai/templates/etc/dhcp/dhcpd.conf new file mode 100644 index 0000000..da124d6 --- /dev/null +++ b/roles/fai/templates/etc/dhcp/dhcpd.conf @@ -0,0 +1,61 @@ +option dhcp-max-message-size 2048; +use-host-decl-names on; + +option architecture-type code 93 = unsigned integer 16; + +subnet {{ server_network + ' netmask ' + + server_netmask }} { + range {{ server_network_prefix | ipaddr(10) | ipaddr('address') + ' ' + + server_network_prefix | ipaddr(250) | ipaddr('address') }}; + default-lease-time 6000; + max-lease-time 7200; + + option routers {{ routers | default([server_address]) | join(', ') }}; + option domain-name "{{ domain_name }}"; + option domain-name-servers {{ nameservers | default([server_address]) | join(', ') }}; + option time-servers {{ timeservers | default([server_address]) | join(', ') }}; + option ntp-servers {{ ntpservers | default([server_address]) | join(', ') }}; + server-name {{ server_name }}; + next-server {{ server_address }}; + interface {{ dhcp_interface }}; + + allow booting; + allow bootp; + + ## PXE boot handling: support UEFI + ## https://www.syslinux.org/wiki/index.php?title=PXELINUX#UEFI + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + + if exists user-class and option user-class = "iPXE" { + filename "menu.ipxe"; + } else { + if option architecture-type = 00:06 { + filename "ipxe.efi"; + } elsif option architecture-type = 00:07 { + filename "ipxe.efi"; + } elsif option architecture-type = 00:09 { + filename "ipxe.efi"; + } else { + filename "ipxe.pxe"; + } + } + + #### merged with something else that doesn't require "architecture type code 93" + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" { + # filename "pxelinux.0"; + ## needs ldlinux.c32 + #} + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006" { + # filename "syslinux32.efi"; + ## needs ldlinux.e32 + #} + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007" { + # filename "syslinux64.efi"; + ## needs ldlinux.e64 + #} + #if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009" { + # filename "syslinux64.efi"; + #} + } +} diff --git a/roles/fai/templates/etc/fai/fai.conf.j2 b/roles/fai/templates/etc/fai/fai.conf.j2 new file mode 100644 index 0000000..3fde673 --- /dev/null +++ b/roles/fai/templates/etc/fai/fai.conf.j2 @@ -0,0 +1,84 @@ +# See fai.conf(5) for detailed information. + +# This variable defines how to access the configuration space. +# It defines the protocol, the server and the location of the config space. +# For an initial installation of a client this variable is defined by using fai-chboot(8). +# If you do a fai softupdate, you can set the value in /etc/fai/fai.conf or by using the option --cspace. +# +# The following protocols and URL schemes are currently supported: +# NFS: nfs://[server]/ +# If the server is not specified, FAI tries to extract the server name from the nfsroot mount. +# Example: nfs://faiserver/srv/fai/config +# +# Local directory: file:// +# The directory has to be an absolute path. +# So, this URL always starts with three slashes like this: file:/// +# +# CVS: cvs[+ssh]://@/ [=] +# The config space is received from a cvs checkout. +# +# Subversion: svn[+(file|http|https|ssh)]://[@]/ +# The config space checked out from a subversion repository using several protocol variants. +# Checkouts without a user name are also supported. +# +# Git: git[+]:// +# You can specify the branch by adding # without a whitspace before the #. +# Example: git+ssh:://user@servername/srv/git/..../fai.git#branchname +# The config space checked out from a git repository, host can be empty. +# Also supported is git+http. +# +# Mercurial: hg+(http|https):// +# +# HTTP: (http|https|scp|sftp):/// where is a (compressed) tar archive. +# The config space will be downloaded from the given location via the specified protocol. +# will be extracted by ftar(8), and thus needs to have a recognized suffix, such as .tar.gz or tar.xz. +#FAI_CONFIG_SRC= + +# Account name on the install server to save log files and call +# fai-chboot(8). +# At the end of an installation, fai(8) may connect to the install server using FAI_LOGPROTO (see below) +# to store the generated log files and to change the network boot configuration of the target host. +# By default calling fai-setup(8) will set up ssh access for LO‐ +# GUSER so the install client can save the log files onto the server. +# +# This will not be passed onto the fai clients. +# To enable this on the fai clients check /srv/fai/config/class/FAIBASE.var +# to activate the transfer of logfiles to the server. +# +# This account should have write permissions for /srv/tftp/fai. +# For example, you can use write permissions for the group linuxadm. +# chgrp linuxadm /srv/tftp/fai;chmod g+w /srv/tftp/fai. +# If the variable is undefined, this feature is disabled. +{% if fai_loguser is defined %} +LOGUSER={{ fai_loguser }} +{% else %} +### DISABLE LOG UPLOAD +LOGUSER= +{% endif %} + +# Protocol for saving logs +# Supported values are: ssh (default), rsh, ftp and none. +# This will only be used if also LOGUSER is set. +# ssh: Use the scp command to copy the log files to the log server. +# rsh: Use the rcp command to copy the log files to the log server. +# ftp: This option saves logs to the remote FTP server defined by the $LOGSERVER variable ($SERVER value is used if not set). +# Connection to the FTP server is done as user $LOGUSER using password $LOGPASSWD. +# The FTP server log directory is defined in $LOGREMOTEDIR. +# These variables +# are also defined in file server. +# All files in the directory /tmp/fai are copied to the FTP server following this example: +# ftp://$LOGUSER:$LOGPASSWD@$LOGSERVER/$LOGREMOTEDIR/ +# none: Don't save the log files to the install server. +# FAI_LOGPROTO=ssh + +# Access Debian mirror via NFS-mounted directory +# If defined, FAI mounts the NFS share to $MNTPOINT during installation. +# Example: installserver:/srv/debianmirror +# FAI_DEBMIRROR= + +# The port to which FAI sents messages, if the fai-monitor is running. +# Default to 4711. +# See also fai-monitor(8). +# This variable has to be set inside the nfsroot before the configuration space is available. +# FAI_MONITOR_PORT=4711 + diff --git a/roles/fai/templates/etc/fai/nfsroot.conf.j2 b/roles/fai/templates/etc/fai/nfsroot.conf.j2 new file mode 100644 index 0000000..cbf94f5 --- /dev/null +++ b/roles/fai/templates/etc/fai/nfsroot.conf.j2 @@ -0,0 +1,61 @@ +# For a detailed description see nfsroot.conf(5) + +# Two or three parameters for debootstrap(8), space separated. +# Debootstrap is called as the first part of fai-make-nfsroot unless -B is used. +# This variable defines SUITE and MIRROR for debootstrap. +# The third parameter is the name of the bootstrap script variant to use. +# Example: +# FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="{{ debian_release_nfsroot }} http://localhost:3142/debian" + +# Options that will be passed to debootstrap(8). +# Used for excluding packages and for specifying a different architecture. +FAI_DEBOOTSTRAP_OPTS="--exclude=wget" + +# The encrypted root password on all install clients during the installation process. +# Used when log in via ssh. +# This is not the password for the new installed system. +# Example: +# +# FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' # pw is fai +# +# Use mkpasswd, htpasswd or md5pass for generating the password hash. +# +# echo "yoursecrectpassword" | mkpasswd -m md5 -s + +#FAI_ROOTPW="{{ fai_hw4f_rootpw_fai |password_hash("sha512") }}" +FAI_ROOTPW='$y$j9T$9Gpl96oNFKz9us5aM5iCb.$v/JHwnHRfaxMCPK/nsxu.DAmoGB1hlgRQBDIxTeMd9/' + +# Directory on the install server where the nfsroot is created. +NFSROOT="{{ fai_dir_nfsroot }}" + +# Directory of hooks to be sourced at the end of fai-make-nfsroot, +# i.e. they have to be shell scripts. +NFSROOT_HOOKS="{{ fai_etc_dir }}/nfsroot-hooks" + +# IP address of the NFS server for the rootfs if not on the DHCP server. +# This is only used by fai-chboot to work around dracut's DHCP handling +# which prefers the DHCP server's IP address above all other DHCP options. +# NFSROOT_SERVER= + +# This multiline variable is added to /etc/hosts inside the nfsroot. +# You can use this when DNS is not available on the clients. +# Example: +# NFSROOT_ETC_HOSTS="192.168.33.250 faiserver" + +# Directory on the install server for the tftp data, used by PXE network boot. +TFTPROOT="{{ tftp_dir }}" + +# Location of the configuration space on the install server. +# Used by fai-cd(8), fai-mirror(1) and fai-setup(8). +FAI_CONFIGDIR="{{ fai_dir_config }}" + +# Used to specify the interface when detecting the subnet for the exportfs line. +# Only needed when the install server has multiple interfaces. +# SERVERINTERFACE= + +# Location of a ssh public key file. +# This user can log into the install clients in as root without a password. +# Only useful with FAI_FLAGS="sshd". Example: +# SSH_IDENTITY=/home/admin/.ssh/id_rsa.pub + diff --git a/roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 b/roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 new file mode 100644 index 0000000..3f81cfb --- /dev/null +++ b/roles/fai/templates/etc/nginx/sites-available/default_server.conf.j2 @@ -0,0 +1,15 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + root {{ nginx_root }}; + index index.html; + server_name _; + + location /{{ http_mirror_ipxe_path_prefix }}/ { + autoindex on; + } + + location /{{ http_mirror_fai_path_prefix }}/ { + autoindex on; + } +} diff --git a/roles/fai/templates/etc/ntp.conf b/roles/fai/templates/etc/ntp.conf new file mode 100644 index 0000000..d493e05 --- /dev/null +++ b/roles/fai/templates/etc/ntp.conf @@ -0,0 +1,23 @@ +driftfile /var/lib/ntp/ntp.drift + +leapfile /usr/share/zoneinfo/leap-seconds.list +statistics loopstats peerstats clockstats + +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +pool 0.debian.pool.ntp.org iburst +pool 1.debian.pool.ntp.org iburst +pool 2.debian.pool.ntp.org iburst +pool 3.debian.pool.ntp.org iburst + +restrict -4 default kod notrap nomodify nopeer noquery limited +restrict -6 default kod notrap nomodify nopeer noquery limited + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict {{ server_network_prefix }} +restrict ::1 + +restrict source notrap nomodify noquery diff --git a/roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf b/roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf new file mode 100644 index 0000000..0930ebe --- /dev/null +++ b/roles/fai/templates/etc/unbound/unbound.conf.d/fai.conf @@ -0,0 +1,11 @@ +server: + #verbosity: 2 + access-control: {{ server_network_prefix }} allow + private-domain: "{{ domain_name }}" + domain-insecure: "{{ domain_name }}" + + interface: 0.0.0.0 + + local-zone: "{{ domain_name }}." static + local-data: "{{ server_name + '.' + domain_name + '. IN A ' + server_address }}" + diff --git a/roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf b/roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf new file mode 100644 index 0000000..51055f8 --- /dev/null +++ b/roles/fai/templates/etc/unbound/unbound.conf.d/remote.conf @@ -0,0 +1,24 @@ +remote-control: + # Enable remote control with unbound-control(8) here. + # set up the keys and certificates with unbound-control-setup. + control-enable: yes + + # what interfaces are listened to for remote control. + # give 0.0.0.0 and ::0 to listen to all interfaces. + control-interface: 127.0.0.1 + + # port number for remote control operations. + control-port: 8953 + + # unbound server key file. + server-key-file: "/etc/unbound/unbound_server.key" + + # unbound server certificate file. + server-cert-file: "/etc/unbound/unbound_server.pem" + + # unbound-control key file. + control-key-file: "/etc/unbound/unbound_control.key" + + # unbound-control certificate file. + control-cert-file: "/etc/unbound/unbound_control.pem" + diff --git a/roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 b/roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 new file mode 100644 index 0000000..204e982 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/class/BASEFILE.var.j2 @@ -0,0 +1,3 @@ +ubuntumirror="{{ item.mirror_url }}" +ubuntudist="{{ item.dist }}" +FAI_BASEFILEURL="{{ http_mirror_fai_basefile_url }}" diff --git a/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var new file mode 100644 index 0000000..851d183 --- /dev/null +++ b/roles/fai/templates/srv/fai/config/class/HW4F_DESKTOP.var @@ -0,0 +1,21 @@ +### CONFIGURE TIME +UTC=yes +TIMEZONE=Europe/Berlin + +### INSTALL PARAMETERS +STOP_ON_ERROR=700 +MAXPACKAGES=800 + +KEYMAP=de-latin1-nodeadkeys + +ROOTPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' + +# START USER AND PASSWORD +username={{ fai_hw4f_profile_username }} +USERPW='{{ fai_hw4f_profile_password |password_hash("sha512") }}' + +SUPRESS_GNOME_INITIAL_SCREEN=1 + +FAI_ALLOW_UNSIGNED=0 +APTPROXY=http://{{ server_name }}:3142 + diff --git a/roles/fai/templates/fai-profile-00-proxy.yml b/roles/fai/templates/srv/fai/config/files/etc/apt/apt.conf.d/02proxy.j2 similarity index 100% rename from roles/fai/templates/fai-profile-00-proxy.yml rename to roles/fai/templates/srv/fai/config/files/etc/apt/apt.conf.d/02proxy.j2 diff --git a/roles/fai/templates/var/www/html/index.html.j2 b/roles/fai/templates/var/www/html/index.html.j2 new file mode 100644 index 0000000..ac07dfa --- /dev/null +++ b/roles/fai/templates/var/www/html/index.html.j2 @@ -0,0 +1,33 @@ + + + Hardware for Future - PXE Environment + + +

Hardware for Future - PXE Environment

+

This mirror is part of the project + + Hardware for Future + + Please see: +

+

+ +

Restart the computer and boot into PXE.

+ +

Directories

+
+ 
+    fai/
+    ipxe/
+
+
+ + + diff --git a/roles/fai/vars/main.yml b/roles/fai/vars/main.yml index 21dc142..ae3fbae 100644 --- a/roles/fai/vars/main.yml +++ b/roles/fai/vars/main.yml @@ -1,18 +1,3 @@ --- # vars file for fai -server_net: "{{ server_ip |regex_replace('.[0-9]+$', '') }}" - -nginx_root: "/var/www/html" -nginx_site_available: "/etc/nginx/sites-available/{{ ansible_hostname }}.conf" -nginx_site_enabled: "/etc/nginx/sites-enabled/{{ ansible_hostname }}.conf" -fai_download_dir: "{{ nginx_root + '/' + http_mirror_fai_path_prefix }}" -ipxe_download_dir: "{{ nginx_root + '/' + http_mirror_ipxe_path_prefix }}" -fai_squashfs_path: "{{ fai_download_dir }}/{{ fai_squashfs_file }}" - -http_mirror: "http://{{ server_name }}" -http_mirror_ipxe_root_url: "{{ http_mirror }}/{{ http_mirror_ipxe_path_prefix }}" -http_mirror_fai_profiles_url: "{{ http_mirror }}/{{ http_mirror_fai_path_prefix }}/{{ fai_profiles_archive }}" -http_mirror_fai_squashfs_url: "{{ http_mirror }}/{{ http_mirror_fai_path_prefix }}/{{ fai_squashfs_file }}" - -