/usr/sbin/fai-setup is in fai-server 4.3.1+deb8u1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 | #! /bin/bash
#*********************************************************************
#
# fai-setup -- set up FAI
#
# This script is part of FAI (Fully Automatic Installation)
# (c) 2000-2014 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
#
#*********************************************************************
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# A copy of the GNU General Public License is available as
# `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution
# or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You
# can also obtain it by writing to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
#*********************************************************************
PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
set -e
cfdir=/etc/fai
options=$@ # all options are also passed to fai-make-nfsroot
while getopts pvC:efgkKlV:B: opt ; do
case "$opt" in
C) cfdir=$OPTARG ;;
v) verbose=1 ; v=-v ;;
e) expert=1 ;;
esac
done
. $cfdir/fai.conf
. $cfdir/nfsroot.conf
: ${FAI_LOGPROTO:=ssh}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_export_line() {
# add a line to /etc/exports
pattern=$1
shift
options="$@"
[ -f /etc/exports ] && grep -q "^$pattern[[:space:]]" /etc/exports && return
echo "Adding line to /etc/exports: $pattern $options"
echo "$pattern $options" >> /etc/exports
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_fai_account() {
if id $LOGUSER 2>/dev/null 1>&2 ; then
echo Account \$LOGUSER=$LOGUSER already exists.
echo Make sure that all install clients can
echo log into this account without a password.
return
fi
adduser --system --disabled-password --home /var/log/fai --gecos "FAI account for log files" --shell /bin/sh $LOGUSER
# get the home dir of a user in a variable; do not exit when set -e is used
# loguserhome is unset if $LOGUSER does not exists
# this is not a evil hack, it's a very clever piece of code
loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
touch $loguserhome/.account_created_by_fai_package
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_fai_account() {
# most things should be executed as user $LOGUSER, since root may not have write
# permissions to $loguserhome (e.g if mount via NFS without no_root_squash)
set +e
loguserhome=$(eval "cd ~$LOGUSER 2>/dev/null && pwd;true")
sshdir=$loguserhome/.ssh
if [ -z "$loguserhome" ]; then
echo "Can't determine home directory for user $LOGUSER."
echo "LOGUSER= $LOGUSER loguserhome= $loguserhome"
exit 8
fi
if [ "$FAI_LOGPROTO" = "ssh" ]; then
# set up ssh on the server
mkdir -p -m 700 $loguserhome/.ssh
#Generating keys for LOGUSER
[ -f $sshdir/id_rsa ] || {
ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C "$LOGUSER@$HOSTNAME"
cat $sshdir/id_rsa.pub >> $sshdir/authorized_keys
}
[ -f $sshdir/id_dsa ] || {
ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C "$LOGUSER@$HOSTNAME"
cat $sshdir/id_dsa.pub >> $sshdir/authorized_keys
}
#Adding servers keys to known_hosts list of LOGUSER.
#So that installed clients can ssh $LOGUSER@$HOSTNAME without password
if [ ! -f $sshdir/known_hosts ]; then
[ -f /etc/ssh/ssh_host_dsa_key.pub ] && DSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_dsa_key.pub)
[ -f /etc/ssh/ssh_host_rsa_key.pub ] && RSASERVER=$(sed -e "s/= .*$/=/" /etc/ssh/ssh_host_rsa_key.pub )
# determine all IP addresses, and their host names
ips=$(ip addr show up| grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1 | grep -v 127.0.0.1)
for ip in $ips; do
hname=$(getent hosts $ip| tr -s ' ' ',')
: ${hname:=$ip}
echo "Adding $hname to known_hosts."
[ -z "$DSASERVER" ] || echo "$hname $DSASERVER" >> $sshdir/known_hosts
[ -z "$RSASERVER" ] || echo "$hname $RSASERVER" >> $sshdir/known_hosts
done
echo "$sshdir/known_hosts created."
else
echo "$sshdir/known_hosts remained unchanged."
fi
chmod 0600 $sshdir/authorized_keys
echo "$sshdir/authorized_keys created."
fi
if [ "$FAI_LOGPROTO" = "rsh" -a ! -f $loguserhome/.rhosts ]; then
# use .rhosts authentication
echo "+@faiclients root" > $loguserhome/.rhosts
chmod go-rwx $loguserhome/.rhosts
echo "$loguserhome/.rhosts created."
fi
logusergid=$(id -ng $LOGUSER)
echo "User account $LOGUSER set up."
set -e
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{ # start huge block for capturing output
if [ -n "$LOGUSER" ]; then
add_fai_account
setup_fai_account
fi
fai-make-nfsroot $options
if [ -n "$LOGUSER" ]; then
# chown only if cd was successful
cd $loguserhome
if [ $? -eq 0 ]; then
[ -e .rhosts ] && chown $LOGUSER:$logusergid . .rhosts || true
[ -d .ssh ] && chown -R $LOGUSER:$logusergid .ssh || true
fi
mkdir -p $TFTPROOT
chown -R $LOGUSER:$logusergid $TFTPROOT || true
fai-chboot -o default
fi
if [ -z "$FAI_CONFIGDIR" ]; then
echo "FAI_CONFIGDIR not set in /etc/fai/nfsroot.conf."
exit 7
fi
mkdir -p $FAI_CONFIGDIR
# in expert mode, do not export nfs directories
if [ -z "$expert" ]; then
test -f /etc/init.d/nfs-kernel-server && nfsserver=nfs-kernel-server
: ${SERVERINTERFACE:=eth0} # set to eth0 if not already set
addr=$(ip addr show dev $SERVERINTERFACE | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | head -1)
# if not NFS v4 entry is found add a dummy entry. Workaround for #676883
if egrep -v ^# /etc/exports | grep fsid=0; then
echo "No entry for NFS v4 found. Adding a dummy entry. This forces NFS v3 for the nfsroot."
mkdir -p /srv/nfs4
add_export_line "/srv/nfs4 $addr(fsid=0,async,ro,no_subtree_check)"
fi
if [[ "$FAI_CONFIG_SRC" =~ ^nfs:// ]]; then
add_export_line $FAI_CONFIGDIR "$addr(async,ro,no_subtree_check)"
fi
add_export_line $NFSROOT "$addr(async,ro,no_subtree_check,no_root_squash)"
if [ -z "$nfsserver" ]; then
echo "Could not find the type of your nfs server. Maybe"
echo "no nfs server is installed. I can't restart it."
else
/etc/init.d/$nfsserver reload
fi
fi
if [ ! -d $FAI_CONFIGDIR/class ]; then
echo ""
echo " You have no FAI configuration space yet. Copy the simple examples with:"
echo " cp -a /usr/share/doc/fai-doc/examples/simple/* $FAI_CONFIGDIR"
echo " Then change the configuration files to meet your local needs."
echo "Please don't forget to fill out the FAI questionnaire after you've finished your project with FAI."
echo ""
fi
echo "FAI setup finished."
} 2>&1 | tee /var/log/fai/fai-setup.log
echo "Log file written to /var/log/fai/fai-setup.log"
|