Contents of /trunk/bin/fai-setup

#! /bin/bash

# $Id$
#*********************************************************************
#
# fai-setup -- set up FAI
#
# This script is part of FAI (Fully Automatic Installation)
# (c) 2000-2008 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
#
#*********************************************************************
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
# 
# A copy of the GNU General Public License is available as
# `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution
# or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html.  You
# can also obtain it by writing to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
#*********************************************************************

PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin

set -e

cfdir=/etc/fai

options=$@ # all options are also passed to make-fai-nfsroot

while getopts ervC:f:kKV: opt ; do
    case "$opt" in
        C) cfdir=$OPTARG ;;
        v) verbose=1 ; v=-v ;;
        e) expert=1 ;;
    esac
done


. $cfdir/fai.conf
. $cfdir/make-fai-nfsroot.conf

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_export_line() {

    # add a line to /etc/exports

    pattern=$1
    shift
    options="$@"

    [ -f /etc/exports ] && grep -q "^$pattern[[:space:]]" /etc/exports && return
    echo "Adding line to /etc/exports: $pattern $options"
    echo "$pattern $options" >> /etc/exports
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_fai_account() {

    if id $LOGUSER 2>/dev/null 1>&2 ; then
        echo Account \$LOGUSER=$LOGUSER  already exists.
        echo Make sure that all install clients can
        echo log into this account without a password.
        return
    fi

    adduser --system --disabled-password --home /var/log/fai --gecos "FAI account for log files" $LOGUSER
    # there's a bug when the encrypted password is !, so change it to *
    perl -pi.bak -e "s#^$LOGUSER:.:(.+):/bin/false#$LOGUSER:*:\1:/bin/bash#" /etc/passwd
    # get the home dir of a user in a variable; do not exit when set -e is used
    # loguserhome is unset if $LOGUSER does not exists
    # this is not a evil hack, it's a very clever piece of code
    loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
    touch $loguserhome/.account_created_by_fai_package
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_fai_account() {

    # most things should be executed as user $LOGUSER, since root may not have write
    # permissions to $loguserhome (e.g if mount via NFS without no_root_squash)

    set +e
    loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
    sshdir=$loguserhome/.ssh
    if [ -z "$loguserhome" ]; then
        echo "Can't determine home directory for user $LOGUSER."
        echo "LOGUSER= $LOGUSER    loguserhome= $loguserhome"
        exit 8
    fi

    if [ "$FAI_LOGPROTO" = "ssh" ]; then
        # set up ssh on the server
        mkdir -p -m 700 $loguserhome/.ssh
        
        #Generating keys for LOGUSER
        [ -f $sshdir/id_rsa ] || {
            ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C "$LOGUSER@$HOSTNAME"
            cat $sshdir/id_rsa.pub >> $sshdir/authorized_keys
        }

        [ -f $sshdir/id_dsa ] || {
            ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C "$LOGUSER@$HOSTNAME"
            cat $sshdir/id_dsa.pub >> $sshdir/authorized_keys
        }
        
        #Adding servers keys to known_hosts list of LOGUSER. 
        #So that installed clients can ssh $LOGUSER@$HOSTNAME without password
        if [ ! -f $sshdir/known_hosts ]; then
            [ -f /etc/ssh/ssh_host_dsa_key.pub ] && DSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_dsa_key.pub)
            [ -f /etc/ssh/ssh_host_rsa_key.pub ] && RSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_rsa_key.pub )
            # determine all IP addresses, and their host names
            ips=$(ip addr | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | grep -v 127.0.0.1)
            for ip in $ips; do
                hname=$(getent hosts $ip| tr -s ' ' ',')
                [ -z "$hname" ] && hname=$ip
                echo "Adding $hname to known_hosts."
                [ -z "$DSASERVER" ] || echo "$hname $DSASERVER" >> $sshdir/known_hosts
                [ -z "$RSASERVER" ] || echo "$hname $RSASERVER" >> $sshdir/known_hosts
            done
            echo "$sshdir/known_hosts created."
        else
            echo "$sshdir/known_hosts remained unchanged."
        fi

        chmod 0600 $sshdir/authorized_keys
        echo "$sshdir/authorized_keys created."
    fi
    if [ "$FAI_LOGPROTO" = "rsh" -a ! -f $loguserhome/.rhosts ]; then
        # use .rhosts authentication
        echo "+@faiclients root" > $loguserhome/.rhosts
        chmod go-rwx $loguserhome/.rhosts
        echo "$loguserhome/.rhosts created."
    fi

    logusergid=$(id -ng $LOGUSER)
    echo "User account $LOGUSER set up."
    set -e
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

{ # start huge block for capturing output

if [ -n "$LOGUSER" ]; then
    add_fai_account
    setup_fai_account
fi

make-fai-nfsroot $options

if [ -n "$LOGUSER" ]; then
    # chown only if cd was successful
    cd $loguserhome
    if [ $? -eq 0 ]; then
        [ -e .rhosts ] && chown $LOGUSER:$logusergid . .rhosts || true
        [ -d .ssh ] && chown -R $LOGUSER:$logusergid .ssh || true
    fi
    mkdir -p $TFTPROOT
    chown -R $LOGUSER:$logusergid $TFTPROOT || true
fi

if [ -z "$FAI_CONFIGDIR" ]; then
    echo "FAI_CONFIGDIR not set in /etc/fai/fai.conf."
    echo "Using /srv/fai/config as default."
    FAI_CONFIGDIR=/srv/fai/config
fi
mkdir -p $FAI_CONFIGDIR

# in expert mode, do not export nfs directories
if [ -z "$expert" ]; then
    test -f /etc/init.d/nfs-kernel-server && nfsserver=nfs-kernel-server
    test -f /etc/init.d/nfs-user-server && nfsserver=nfs-user-server

    addr=$(ip addr show dev $SERVERINTERFACE | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1 | grep -v 127.0.0.1 | head -1)

    if expr match "$FAI_CONFIG_SRC" 'nfs:\/\/' > /dev/null; then
        add_export_line $FAI_CONFIGDIR  "$addr(async,ro,no_subtree_check)"
    fi
    add_export_line $NFSROOT  "$addr(async,ro,no_subtree_check,no_root_squash)"
    if [ -z "$nfsserver" ]; then
        echo "Could not find the type of your nfs server. Maybe"
        echo "no nfs server is installed. I can't restart it."
    else
        /etc/init.d/$nfsserver reload
    fi
fi

if [ ! -d $FAI_CONFIGDIR/class ]; then
    echo ""
    echo "   You have no FAI configuration space yet. Copy the simple examples with:"
    echo "   cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR"
    echo "   Then change the configuration files to meet your local needs."
    echo ""
fi
echo "FAI setup finished."
} 2>&1 | tee /var/log/fai/fai-setup.log
echo "Log file written to /var/log/fai/fai-setup.log"
1	#! /bin/bash
2
3	# $Id$
4	#*********************************************************************
5	#
6	# fai-setup -- set up FAI
7	#
8	# This script is part of FAI (Fully Automatic Installation)
9	# (c) 2000-2008 by Thomas Lange, lange@informatik.uni-koeln.de
10	# Universitaet zu Koeln
11	#
12	#*********************************************************************
13	# This program is free software; you can redistribute it and/or modify
14	# it under the terms of the GNU General Public License as published by
15	# the Free Software Foundation; either version 2 of the License, or
16	# (at your option) any later version.
17	#
18	# This program is distributed in the hope that it will be useful, but
19	# WITHOUT ANY WARRANTY; without even the implied warranty of
20	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21	# General Public License for more details.
22	#
23	# A copy of the GNU General Public License is available as
24	# `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution
25	# or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You
26	# can also obtain it by writing to the Free Software Foundation, Inc.,
27	# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
28	#*********************************************************************
29
30	PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
31
32	set -e
33
34	cfdir=/etc/fai
35
36	options=$@ # all options are also passed to make-fai-nfsroot
37
38	while getopts ervC:f:kKV: opt ; do
39	case "$opt" in
40	C) cfdir=$OPTARG ;;
41	v) verbose=1 ; v=-v ;;
42	e) expert=1 ;;
43	esac
44	done
45
46
47	. $cfdir/fai.conf
48	. $cfdir/make-fai-nfsroot.conf
49
50	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
51	add_export_line() {
52
53	# add a line to /etc/exports
54
55	pattern=$1
56	shift
57	options="$@"
58
59	[ -f /etc/exports ] && grep -q "^$pattern[[:space:]]" /etc/exports && return
60	echo "Adding line to /etc/exports: $pattern $options"
61	echo "$pattern $options" >> /etc/exports
62	}
63	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
64	add_fai_account() {
65
66	if id $LOGUSER 2>/dev/null 1>&2 ; then
67	echo Account \$LOGUSER=$LOGUSER already exists.
68	echo Make sure that all install clients can
69	echo log into this account without a password.
70	return
71	fi
72
73	adduser --system --disabled-password --home /var/log/fai --gecos "FAI account for log files" $LOGUSER
74	# there's a bug when the encrypted password is !, so change it to *
75	perl -pi.bak -e "s#^$LOGUSER:.:(.+):/bin/false#$LOGUSER:*:\1:/bin/bash#" /etc/passwd
76	# get the home dir of a user in a variable; do not exit when set -e is used
77	# loguserhome is unset if $LOGUSER does not exists
78	# this is not a evil hack, it's a very clever piece of code
79	loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
80	touch $loguserhome/.account_created_by_fai_package
81	}
82	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
83	setup_fai_account() {
84
85	# most things should be executed as user $LOGUSER, since root may not have write
86	# permissions to $loguserhome (e.g if mount via NFS without no_root_squash)
87
88	set +e
89	loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
90	sshdir=$loguserhome/.ssh
91	if [ -z "$loguserhome" ]; then
92	echo "Can't determine home directory for user $LOGUSER."
93	echo "LOGUSER= $LOGUSER loguserhome= $loguserhome"
94	exit 8
95	fi
96
97	if [ "$FAI_LOGPROTO" = "ssh" ]; then
98	# set up ssh on the server
99	mkdir -p -m 700 $loguserhome/.ssh
100
101	#Generating keys for LOGUSER
102	[ -f $sshdir/id_rsa ] \|\| {
103	ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C "$LOGUSER@$HOSTNAME"
104	cat $sshdir/id_rsa.pub >> $sshdir/authorized_keys
105	}
106
107	[ -f $sshdir/id_dsa ] \|\| {
108	ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C "$LOGUSER@$HOSTNAME"
109	cat $sshdir/id_dsa.pub >> $sshdir/authorized_keys
110	}
111
112	#Adding servers keys to known_hosts list of LOGUSER.
113	#So that installed clients can ssh $LOGUSER@$HOSTNAME without password
114	if [ ! -f $sshdir/known_hosts ]; then
115	[ -f /etc/ssh/ssh_host_dsa_key.pub ] && DSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_dsa_key.pub)
116	[ -f /etc/ssh/ssh_host_rsa_key.pub ] && RSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_rsa_key.pub )
117	# determine all IP addresses, and their host names
118	ips=$(ip addr \| grep -w inet \| cut -d t -f 2 \| cut -d ' ' -f 2 \| grep -v 127.0.0.1)
119	for ip in $ips; do
120	hname=$(getent hosts $ip\| tr -s ' ' ',')
121	[ -z "$hname" ] && hname=$ip
122	echo "Adding $hname to known_hosts."
123	[ -z "$DSASERVER" ] \|\| echo "$hname $DSASERVER" >> $sshdir/known_hosts
124	[ -z "$RSASERVER" ] \|\| echo "$hname $RSASERVER" >> $sshdir/known_hosts
125	done
126	echo "$sshdir/known_hosts created."
127	else
128	echo "$sshdir/known_hosts remained unchanged."
129	fi
130
131	chmod 0600 $sshdir/authorized_keys
132	echo "$sshdir/authorized_keys created."
133	fi
134	if [ "$FAI_LOGPROTO" = "rsh" -a ! -f $loguserhome/.rhosts ]; then
135	# use .rhosts authentication
136	echo "+@faiclients root" > $loguserhome/.rhosts
137	chmod go-rwx $loguserhome/.rhosts
138	echo "$loguserhome/.rhosts created."
139	fi
140
141	logusergid=$(id -ng $LOGUSER)
142	echo "User account $LOGUSER set up."
143	set -e
144	}
145	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
146
147	{ # start huge block for capturing output
148
149	if [ -n "$LOGUSER" ]; then
150	add_fai_account
151	setup_fai_account
152	fi
153
154	make-fai-nfsroot $options
155
156	if [ -n "$LOGUSER" ]; then
157	# chown only if cd was successful
158	cd $loguserhome
159	if [ $? -eq 0 ]; then
160	[ -e .rhosts ] && chown $LOGUSER:$logusergid . .rhosts \|\| true
161	[ -d .ssh ] && chown -R $LOGUSER:$logusergid .ssh \|\| true
162	fi
163	mkdir -p $TFTPROOT
164	chown -R $LOGUSER:$logusergid $TFTPROOT \|\| true
165	fi
166
167	if [ -z "$FAI_CONFIGDIR" ]; then
168	echo "FAI_CONFIGDIR not set in /etc/fai/fai.conf."
169	echo "Using /srv/fai/config as default."
170	FAI_CONFIGDIR=/srv/fai/config
171	fi
172	mkdir -p $FAI_CONFIGDIR
173
174	# in expert mode, do not export nfs directories
175	if [ -z "$expert" ]; then
176	test -f /etc/init.d/nfs-kernel-server && nfsserver=nfs-kernel-server
177	test -f /etc/init.d/nfs-user-server && nfsserver=nfs-user-server
178
179	addr=$(ip addr show dev $SERVERINTERFACE \| grep -w inet \| cut -d t -f 2 \| cut -d ' ' -f 2 \| cut -d / -f 1 \| grep -v 127.0.0.1 \| head -1)
180
181	if expr match "$FAI_CONFIG_SRC" 'nfs:\/\/' > /dev/null; then
182	add_export_line $FAI_CONFIGDIR "$addr(async,ro,no_subtree_check)"
183	fi
184	add_export_line $NFSROOT "$addr(async,ro,no_subtree_check,no_root_squash)"
185	if [ -z "$nfsserver" ]; then
186	echo "Could not find the type of your nfs server. Maybe"
187	echo "no nfs server is installed. I can't restart it."
188	else
189	/etc/init.d/$nfsserver reload
190	fi
191	fi
192
193	if [ ! -d $FAI_CONFIGDIR/class ]; then
194	echo ""
195	echo " You have no FAI configuration space yet. Copy the simple examples with:"
196	echo " cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR"
197	echo " Then change the configuration files to meet your local needs."
198	echo ""
199	fi
200	echo "FAI setup finished."
201	} 2>&1 \| tee /var/log/fai/fai-setup.log
202	echo "Log file written to /var/log/fai/fai-setup.log"
Name	Value
svn:eol-style	native
svn:keywords	Author Date Id Revision