#! /bin/sh # $Id$ #********************************************************************* # # fai-setup -- set up FAI # # This script is part of FAI (Fully Automatic Installation) # (c) 2000-2006 by Thomas Lange, lange@informatik.uni-koeln.de # Universitaet zu Koeln # #********************************************************************* # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # A copy of the GNU General Public License is available as # `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution # or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You # can also obtain it by writing to the Free Software Foundation, Inc., # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #********************************************************************* PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin set -e . /etc/fai/fai.conf . /etc/fai/make-fai-nfsroot.conf options=$@ # all options are also passed to make-fai-nfsroot # look for option -e (expert mode) case "$options" in *-e*) expert=1 ;; esac # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - add_export_line() { # add a line to /etc/exports pattern=$1 shift options="$@" [ -f /etc/exports ] && grep -q "^$pattern[[:space:]]" /etc/exports && return echo "Adding line to /etc/exports: $pattern $options" echo "$pattern $options" >> /etc/exports } # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - add_fai_account() { if id $LOGUSER 2>/dev/null 1>&2 ; then echo Account \$LOGUSER=$LOGUSER already exists. echo Make sure that all install clients can echo log into this account without a password. return fi adduser --system --disabled-password --home /var/log/fai --gecos "FAI account for log files" $LOGUSER # there's a bug when the encrypted password is !, so change it to * perl -pi.bak -e "s#^$LOGUSER:.:(.+):/bin/false#$LOGUSER:*:\1:/bin/bash#" /etc/passwd # get the home dir of a user in a variable; do not exit when set -e is used # loguserhome is unset if $LOGUSER does not exists # this is not a evil hack, it's a very clever piece of code loguserhome=`eval "cd ~$LOGUSER 2>/dev/null && pwd;true"` touch $loguserhome/.account_created_by_fai_package } # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - setup_fai_account() { loguserhome=`eval "cd ~$LOGUSER 2>/dev/null && pwd;true"` sshdir=$loguserhome/.ssh if [ -z "$loguserhome" ]; then echo "Can't determine home directory for user $LOGUSER." echo "LOGUSER= $LOGUSER loguserhome= $loguserhome" exit 8 fi if [ $FAI_REMOTESH = "ssh" -o $FAI_REMOTECP = "scp" ]; then # set up ssh on the server mkdir -p -m 700 $loguserhome/.ssh #Generating keys for LOGUSER [ -f $sshdir/id_rsa ] || { ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C "$LOGUSER@$HOSTNAME" cat $sshdir/id_rsa.pub >> $sshdir/authorized_keys } [ -f $sshdir/id_dsa ] || { ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C "$LOGUSER@$HOSTNAME" cat $sshdir/id_dsa.pub >> $sshdir/authorized_keys } #Adding servers keys to known_hosts list of LOGUSER. #So that installed clients can ssh $LOGUSER@$HOSTNAME without password if [ ! -f $sshdir/known_hosts ]; then echo "Using interface $SERVERINTERFACE to determine local hostname." SERVERIP=`LC_ALL=C ifconfig $SERVERINTERFACE | perl -ne '/inet addr:([0-9\.]+)/ && print $1'` HOSTNAME=`grep $SERVERIP /etc/hosts | perl -p -e 's/[\d.\s]*([\w-]*).*// && print $1'` echo "Adding $HOSTNAME to known_hosts." [ -f /etc/ssh/ssh_host_dsa_key.pub ] && DSASERVER=` cat /etc/ssh/ssh_host_dsa_key.pub | sed -e "s/= .*$/=/"` [ -f /etc/ssh/ssh_host_rsa_key.pub ] && RSASERVER=` cat /etc/ssh/ssh_host_rsa_key.pub | sed -e "s/= .*$/=/"` [ -z "$DSASERVER" ] || echo "$HOSTNAME,$SERVERIP $DSASERVER" >> $sshdir/known_hosts [ -z "$RSASERVER" ] || echo "$HOSTNAME,$SERVERIP $RSASERVER" >> $sshdir/known_hosts echo "$sshdir/known_hosts created." else echo "$sshdir/known_hosts remained unchanged." fi chmod 0700 $sshdir/authorized_keys echo "$sshdir/authorized_keys created." fi if [ $FAI_REMOTESH = "rsh" -o $FAI_REMOTECP = "rcp" ]; then # use .rhosts authentication echo "+@faiclients root" > $loguserhome/.rhosts chmod go-rwx $loguserhome/.rhosts echo "$loguserhome/.rhosts created." fi logusergid=`id -ng $LOGUSER` echo "User account $LOGUSER set up." } # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - if [ -n "$LOGUSER" ]; then add_fai_account setup_fai_account fi make-fai-nfsroot $options if [ -n "$LOGUSER" ]; then # chown only if cd was successful cd $loguserhome && chown -R $LOGUSER:$logusergid . chown -R $LOGUSER:$logusergid /srv/tftp/fai fi if [ -z "$FAI_CONFIGDIR" ]; then echo "FAI_CONFIGDIR not set in /etc/fai/fai.conf." echo "Using /srv/fai/config as default." FAI_CONFIGDIR=/srv/fai/config fi [ -d $FAI_CONFIGDIR ] || mkdir -p $FAI_CONFIGDIR # in expert mode, do not export nfs directories if [ -z "$expert" ]; then test -f /etc/init.d/nfs-kernel-server && nfsserver=nfs-kernel-server test -f /etc/init.d/nfs-user-server && nfsserver=nfs-user-server add_export_line $FAI_CONFIGDIR "$FAICLIENTS(async,ro)" add_export_line $NFSROOT "$FAICLIENTS(async,ro,no_root_squash)" if [ -z "$nfsserver" ]; then echo "Could not find the type of your nfs server. Maybe" echo "no nfs server is installed. I can't restart it." else /etc/init.d/$nfsserver reload fi fi if [ ! -d $FAI_CONFIGDIR/class ]; then echo "" echo " You have no FAI configuration space yet. Copy the simple examples with:" echo " cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR" echo " Then change the configuration files to meet your local needs." echo "" fi echo "FAI setup finished."