On 09/30/2015 04:41 AM, Thomas Lange wrote:
On Tue, 29 Sep 2015 08:28:13 -0500, John G Heim <jh...@math.wisc.edu> said:
> Anybody got some good example scripts for using w/i nfsroot-hooks? Some
> things I want to do:
Hi John,
hooks for fai-make-nfsroot are no that flexible as in a normal FAI
installation. There are only two placed, where fai-make-nfsroot calls
hooks. Both are after all packages are already installed into the
nfsroot. So, it will not help if you want to add apt keys before
installing more packages. Except of you install those packages in your
hook but not using /etc/fai/NFSROOT.
Well, it's not a huge thing but my problem is that you get error
messages during a fai install if you're installing packages from an
unofficial archive (like fai itself) unless you install the apt key.
I discovered that if you want to install packages from an unofficial
repository during a normal fai install, you can get the sources file
into your nfsroot by createing a sources.list.d subdir within
/etc/fai/apt. So make a subdir /etc/fai/apt/sources.list.d and put them
in there. The packages from those repositories will be available during
a fai install but there will be error messages in fai.log about there
being no key. I don't remember the exact wording of the error message
but I think we've probably all seen it a gazillion times. The error
messages don't prevent you from installing the packages though.
Actually, after I posted my question, I solved this particular problem.
From an example on the fai wiki page about installing ubuntu, I saw
that $ROOTCMD works. So you can say something like this in an
nfsroot-hooks script:
$ROOTCMDwget http://fai-project.org/download/074BCDE4.asc -q -O - |
apt-key add -
So that would make it possible to install the fai-client package from
the fai repository w/o generating that annoying error message in your
fai.log.
If you want to restore ssh from a previous nfsroot creation, there's
the option -p. It only restores the $NFSROOT/root/.ssh directory, not
the host keys inside the nfsroot.
Again it's not that big of a deal. It mostly comes up only in building
& testing your fai setup. Every time you rebuild your nfsroot, you have
to delete the old key from your known_hosts file.
I kind of solved this problem too although it's kind of sloppy. I put
this in an nfsroot-hooks script:
cp /etc/ssh/ssh_host_* /srv/fai/nfsroot/live/filesystem.dir/etc/ssh/
That copies the ssh keys from the fai server to the nfsroot. So unless
you build a new fai server, the ssh keys on the nfsroot won't change.
I now have 4 nfsroot-hooks scripts to do the following:
1. Set the locale on the nfsroot. (This was stolen from the regular fai
hooks example. IIRC, it works unmodified as an nfsroot hook.)
2. Download/install apt keys for fai, macauley, and dropbox.
3. Copy ssh keys from fai host to nfsroot.
4. Install upstart-sysv. (Copied straight from fai wiki.)
I think the main reason I prefer hooks is that they essentially act as
documentation of everything you have to do to build the nfsroot.
