File: fai-setup

package info (click to toggle)
fai 2.8.4sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 1,284 kB
  • ctags: 176
  • sloc: sh: 3,362; perl: 1,591; makefile: 142
file content (174 lines) | stat: -rw-r--r-- 6,395 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
#! /bin/sh

# $Id: fai-setup 3027 2005-11-10 22:37:16Z lange $
#*********************************************************************
#
# fai-setup -- set up FAI
#
# This script is part of FAI (Fully Automatic Installation)
# (c) 2000-2005 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
#
#*********************************************************************
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
# 
# A copy of the GNU General Public License is available as
# `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution
# or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html.  You
# can also obtain it by writing to the Free Software Foundation, Inc.,
# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#*********************************************************************

PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin

set -e
. /etc/fai/fai.conf
. /etc/fai/make-fai-nfsroot.conf

options=$@ # all options are also passed to make-fai-nfsroot

# look for option -e (expert mode)
case "$options" in
    *-e*) expert=1 ;;
esac
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_export_line() {

    # add a line to /etc/exports

    pattern=$1
    shift
    options="$@"

    [ -f /etc/exports ] && grep -q "^$pattern[[:space:]]" /etc/exports && return
    echo "Adding line to /etc/exports: $pattern $options"
    echo "$pattern $options" >> /etc/exports
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_fai_account() {

    if id $LOGUSER 2>/dev/null 1>&2 ; then
	echo Account \$LOGUSER=$LOGUSER  already exists.
	echo Make sure that all install clients can
	echo log into this account without a password.
	return
    fi

    adduser --system --disabled-password --gecos "FAI account for log files" $LOGUSER
    # there's a bug when the encrypted password is !, so change it to *
    perl -pi.bak -e "s#^$LOGUSER:.:(.+):/bin/false#$LOGUSER:*:\1:/bin/bash#" /etc/passwd
    # get the home dir of a user in a variable; do not exit when set -e is used
    # loguserhome is unset if $LOGUSER does not exists
    # this is not a evil hack, it's a very clever piece of code
    loguserhome=`eval "cd ~$LOGUSER 2>/dev/null && pwd;true"`
    touch $loguserhome/.account_created_by_fai_package
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_fai_account() {

    loguserhome=`eval "cd ~$LOGUSER 2>/dev/null && pwd;true"`
    sshdir=$loguserhome/.ssh
    if [ -z "$loguserhome" ]; then
	echo "Can't determine home directory for user $LOGUSER."
	echo "LOGUSER= $LOGUSER    loguserhome= $loguserhome"
	exit 8
    fi

    if [ $FAI_REMOTESH = "ssh" -o $FAI_REMOTECP = "scp" ]; then
	# set up ssh on the server
	mkdir -p -m 700 $loguserhome/.ssh
	
	#Generating keys for LOGUSER
	[ -f $sshdir/id_rsa ] || {
	    ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C "$LOGUSER@$HOSTNAME"
	    cat $sshdir/id_rsa.pub >> $sshdir/authorized_keys
	}

	[ -f $sshdir/id_dsa ] || {
	    ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C "$LOGUSER@$HOSTNAME"
	    cat $sshdir/id_dsa.pub >> $sshdir/authorized_keys
	}
	
	#Adding servers keys to known_hosts list of LOGUSER. 
	#So that installed clients can ssh $LOGUSER@$HOSTNAME without password
	if [ ! -f $sshdir/known_hosts ]; then
	    echo "Using interface $SERVERINTERFACE to determine local hostname."
	    SERVERIP=`LC_ALL=C ifconfig $SERVERINTERFACE | perl -ne '/inet addr:([0-9\.]+)/ && print $1'`
	    HOSTNAME=`grep $SERVERIP /etc/hosts | perl -p -e 's/[\d.\s]*([\w-]*).*// && print $1'`
	    echo "Adding $HOSTNAME to known_hosts."
	    [ -f /etc/ssh/ssh_host_dsa_key.pub ] && DSASERVER=` cat /etc/ssh/ssh_host_dsa_key.pub | sed -e "s/= .*$/=/"`
	    [ -f /etc/ssh/ssh_host_rsa_key.pub ] && RSASERVER=` cat /etc/ssh/ssh_host_rsa_key.pub | sed -e "s/= .*$/=/"`
	
	    [ -z "$DSASERVER" ] || echo "$HOSTNAME,$SERVERIP $DSASERVER" >> $sshdir/known_hosts
	    [ -z "$RSASERVER" ] || echo "$HOSTNAME,$SERVERIP $RSASERVER" >> $sshdir/known_hosts
	    echo "$sshdir/known_hosts created."
	else
	    echo "$sshdir/known_hosts remained unchanged."
	fi

	chmod 0700 $sshdir/authorized_keys
	echo "$sshdir/authorized_keys created."
    fi
    if [ $FAI_REMOTESH = "rsh" -o $FAI_REMOTECP = "rcp" ]; then
	# use .rhosts authentication
	echo "+@faiclients root" > $loguserhome/.rhosts
	chmod go-rwx $loguserhome/.rhosts
	echo "$loguserhome/.rhosts created."
    fi

    logusergid=`id -ng $LOGUSER`
    echo "User account $LOGUSER set up."
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

if [ -n "$LOGUSER" ]; then
    add_fai_account
    setup_fai_account
fi

make-fai-nfsroot $options

if [ -n "$LOGUSER" ]; then
    # chown only if cd was successful
    cd $loguserhome && chown -R $LOGUSER:$logusergid .
    chown -R $LOGUSER:$logusergid /boot/fai
fi

if [ -z "$FAI_CONFIGDIR" ]; then
    echo "FAI_CONFIGDIR not set in /etc/fai/fai.conf."
    echo "Using /usr/local/share/fai as default."
    FAI_CONFIGDIR=/usr/local/share/fai
fi
mkdir -p $FAI_CONFIGDIR || true

# in expert mode, do not export nfs directories
if [ -z "$expert" ]; then
    test -f /etc/init.d/nfs-kernel-server && nfsserver=nfs-kernel-server
    test -f /etc/init.d/nfs-user-server && nfsserver=nfs-user-server

    add_export_line $FAI_CONFIGDIR  "$FAICLIENTS(async,ro)"
    add_export_line $NFSROOT  "$FAICLIENTS(async,ro,no_root_squash)"
    if [ -z "$nfsserver" ]; then
	echo "Could not find the type of your nfs server. Maybe"
	echo "no nfs server is installed. I can't restart it."
    else
	/etc/init.d/$nfsserver reload
    fi
fi

if [ ! -d $FAI_CONFIGDIR/class ]; then
    echo ""
    echo "   You have no FAI configuration space yet. Copy the simple examples with:"
    echo "   cp -a /usr/share/doc/fai/examples/simple/* $FAI_CONFIGDIR"
    echo "   Then change the configuration files to meet your local needs."
    echo ""
fi
echo "FAI setup finished."