Re: FAI 2.9 - PB with FAI-NFSROOT
--- Patrick Cornelißen [EMAIL PROTECTED] a écrit : tundis phil schrieb: It is normal since my source.list is in stable. How can I say to fai-setup to look in a local directory for the paquet fai-nfsroot. Just have a look at the various tutorials how to setup a local deb repository. I've no link available, but google will help you there. Hi, I follow your answer and find this URL (I put it here for the others on the list) http://www.debian.org/doc/manuals/quick-reference/ch-package.en.html; which say A local deb repository similar to an official Debian archive can be made in this way: # aptitude install dpkg-dev # cd /usr/local # install -d pool # physical packages are located here # install -d dists/unstable/main/binary-i386 # ls -1 pool | sed 's/_.*$/ priority section/' | uniq override # editor override # adjust priority and section # dpkg-scanpackages pool override /usr/local/ \ dists/unstable/main/binary-i386/Packages # cat dists/unstable/main/Release EOF Archive: unstable Version: 3.0 Component: main Origin: Local Label: Local Architecture: i386 EOF # echo deb file:/usr/local unstable main \ /etc/apt/sources.list However, I have to modify it by replacing : cat dists/unstable/main/Release EOF and dpkg-scanpackages pool override /usr/local/ \ dists/unstable/main/binary-i386/Packages by cat dists/unstable/main/binary-i386/Release EOF and dpkg-scanpackages pool override \ dists/unstable/main/binary-i386/Packages And my local mirror works. So I have to try the install now. Thanks a lot Phil Tundis -- Bye, Patrick Cornelissen http://www.p-c-software.de ICQ:15885533 ___ Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez sur http://fr.messenger.yahoo.com
FAI 2.9 - PB with FAI-NFSROOT
Hi, I just try to install FAI 2.9 on a sarge and I encounter the following problem with fai-nfsroot. To install FAI 2.9, I can not do an apt-get since all the packages are in testing, so I dowload them : fai-doc fai-nfsroot fai-client fai-server I do an dpkg -i fai-doc.. fai-client.. fai-server.. Everything goes well and my packages were installed. I modified fai.conf and the source.list. Then I run fai-setup and at the end, I have :Adding additional packages to /usr/lib/fai/nfsroot: fai-nfsroot module-init-tools dhcp3-client ssh file rdate hwinfo portmap bootpc rsync wget rsh-client less dump reiserfsprogs usbutils psmisc pciutils hdparm smartmontools parted mdadm lvm2 dnsutils ntpdate dosfstools cvs jove xfsprogs xfsdump sysutils dialog discover mdetect libnet-perl! netcat libapt-pkg-perl grub lilo dmidecode hwtools read-edid E: Couldn't find package fai-nfsrootIt is normal since my source.list is in stable. How can I say to fai-setup to look in a local directory for the paquet fai-nfsroot. Any help welcome Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez la version beta.
Re : Strange problem with fai-mirror not finding the kernel package from my mirror
Hi, I just use Fai-cd and I had the same problem. I resolved it by putting some a line in the script /usr/sbin/fai-cd. In the old script, there was : deb file:/file/mirror stable main I replace it by deb file:/file/mirror stable main deb file:/file/mirror sarge main I think the problem came for the section of the kernel, it was sarge and now it is stable, so you need the two sections (sarge et stable) in order to have all the packages. Phil Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez la version beta.
Re: Install ext3fs with FAI
Hi, Here is a patch to setup_harddisk that enable the use of ext3 easily : If you don't specify the type of partition, you'll have auto in the fstab. In the disk_config, just add the -j option after the semi-colon to format with ext3. Add ext3 if you want the keyword ext3 be in fstab in place of auto. If you don't put the -j flag, you'll have ext2 partitions, but you'll need to give the ext2 option to have the ext2 keyword in fstab in place of auto. -- Philippe Biondi biondi@ cartel-securite.fr Cartel Sécurité Security Consultant/RD http://www.cartel-securite.fr Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --- ../../sbin/setup_harddisks Fri Jan 11 17:27:41 2002 +++ setup_harddisks Wed Jan 23 21:30:06 2002 @@ -436,7 +436,7 @@ die ERROR: unable to preserve partitions of size 0.\n$line\n ; } else { # If not preserve we must know the filesystemtype - ($options !~ /\b(ext2|swap|dosfat16|winfat32|reiser)\b/i ) ($options .= ext2); + ($options !~ /\b(ext2|ext3|auto|swap|dosfat16|winfat32|reiser)\b/i +) ($options .= auto); } if($size =~ /^(\d*)(\-?)(\d*)$/){ $Min = $1; @@ -463,7 +463,7 @@ # fstaboptions $MPfstaboptions{$mountpoint} = $fstaboptions; # extra options - ($options =~ /\bext2\b/i) ($MPID{$mountpoint} = 83); # Linux native + ($options =~ /\b(ext[23]|auto)\b/i) ($MPID{$mountpoint} = 83); # +Linux native ($options =~ /\bswap\b/i) ($MPID{$mountpoint} = 82); # Linux swap ($options =~ /\bdosfat16\b/i) ($MPID{$mountpoint} = 6); # DOS FAT 16bit (=32MB, will be changed later) ($options =~ /\bwinfat32\b/i) ($MPID{$mountpoint} = b); # Win 95 FAT 32 @@ -770,8 +770,8 @@ next; } # Linux Extended 2 file system - if ($MPOptions{$mountpoint} =~ /\bext2\b/i) { - print Make Extended 2 Filesystem:\n; + if ($MPOptions{$mountpoint} =~ /\b(ext[23]|auto)\b/i) { + print Make Extended 2/3 Filesystem:\n; $command = mke2fs $mke2fs_options; ($MPOptions{$mountpoint} =~ /(\-c)\b/i) ($command .= $1); ($MPOptions{$mountpoint} =~ /(\-i\s*\d+)\b/) ($command .= $1); @@ -811,8 +811,10 @@ #file sys mount point type options dump pass EOM # 1. / -$type = ext2; +$type = auto; ($MPOptions{'/'} =~ /\b(reiser)\b/i) ($type = reiserfs); +($MPOptions{'/'} =~ /\b(ext3)\b/i) ($type = ext3); +($MPOptions{'/'} =~ /\b(ext2)\b/i) ($type = ext2); $FileSystemTab .= BuildfstabLine(/dev/$MountpointPart{'/'},/,$type,$MPfstaboptions{'/'},0,1); # 2. swap partitions foreach $mountpoint (%PartMountpoint){ @@ -826,9 +828,11 @@ foreach $mountpoint (sort %PartMountpoint){ next if ( ($mountpoint !~ /^\//) || ($mountpoint eq /)); $device = $MountpointPart{$mountpoint}; - $type = ext2; + $type = auto; ($MPOptions{$mountpoint} =~ /\b(dosfat16|winfat32)\b/i) ($type = vfat); ($MPOptions{$mountpoint} =~ /\b(reiser)\b/i) ($type = reiserfs); + ($MPOptions{$mountpoint} =~ /\b(ext3)\b/i) ($type = ext3); + ($MPOptions{$mountpoint} =~ /\b(ext2)\b/i) ($type = ext2); $FileSystemTab .= BuildfstabLine(/dev/$device,$mountpoint,$type,$MPfstaboptions{$mountpoint},0,2); } # write it
packages that start a daemon
Hi, Is there any way to prevent a package (as apache, or ssh) to start the daemon it has just installed ? -- Philippe Biondi biondi@ cartel-securite.fr Cartel Sécurité Security Consultant/RD http://www.cartel-securite.fr Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
[PATCH] more that one scripts for the same class
Hi, I wanted to use a shell script and a cfengine script for the same class. Moreover I needed to control the execution order of them. This patch will do the following, when it's time to execute scripts in /fai/script : for each class, if there is a script with the same name, it is executed, as usual. But now, if there is a directory with this name, fai will execute each S??* script inside this directory, following the order of ??. -- Philippe Biondi biondi@ cartel-securite.fr Cartel Sécurité Security Consultant/RD http://www.cartel-securite.fr Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --- subroutines~Mon Jan 21 23:46:12 2002 +++ subroutines Mon Jan 21 23:47:21 2002 @@ -572,17 +572,11 @@ fi } # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -task_configure() { - -# execute scripts; cfengine, shell, perl and expect scripts are known types -cd /fai/scripts - -local class filetype shelldebug - -for class in $classes ; do -if [ -x $class -a -f $class ]; then -filetype=`file $class` +do_script() { +local file +file=$1 +filetype=`file $file` shelldebug= case $filetype in *Bourne shell script*) @@ -594,34 +588,56 @@ case $filetype in *Bourne shell script*|*Bourne-Again shell script*) - echo Executing $shelldebug shell: $class - echo = shell: $class = /tmp/shell.log 21 - $shelldebug ./$class /tmp/shell.log 21 + echo Executing $shelldebug shell: $file + echo = shell: $file = /tmp/shell.log 21 + $shelldebug ./$file /tmp/shell.log 21 ;; *cfengine script*) - echo Executing cfengine: $class - echo = cfengine: $class = /tmp/cfengine.log 21 - ./$class --no-lock -v -f $class -D${cfclasses} /tmp/cfengine.log 21 + echo Executing cfengine: $file + echo = cfengine: $file = /tmp/cfengine.log 21 + ./$file --no-lock -v -f $file -D${cfclasses} /tmp/cfengine.log 21 ;; *perl script*) - echo Executing perl: $class - echo = perl: $class = /tmp/perl.log 21 - ./$class /tmp/perl.log 21 + echo Executing perl: $file + echo = perl: $file = /tmp/perl.log 21 + ./$file /tmp/perl.log 21 ;; *expect script*) - echo Executing expect: $class - echo = expect: $class = /tmp/expect.log 21 - ./$class /tmp/expect.log 21 + echo Executing expect: $file + echo = expect: $file = /tmp/expect.log 21 + ./$file /tmp/expect.log 21 ;; - *) echo File $class has unsupported type $filetype. ;; + *) echo File $file has unsupported type $filetype. ;; esac +} + +task_configure() { + +# execute scripts; cfengine, shell, perl and expect scripts are known types +cd /fai/scripts + +local class filetype shelldebug + +for class in $classes ; do +if [ -x $class -a -f $class ]; then + do_script $class +elif [ -d $class ]; then +[ $verbose ] echo Executing scripts of $class +cd $class +for f in `ls S[0-9]*` ; do +if [ -x $f -a -f $f ]; then + do_script $f +fi +done +cd .. fi done } + # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - task_finish() {
Re: Censoring configuration files
On 22 Jan 2002, Ronan KERYELL wrote: A meta-problem about using tools such as cfengine, FAI, JumpStart,... : many people ask me my configuration files but they contain of course many passwords, PPP accounts, etc. :-( So I'm looking for a good way to automate the publication of my config file AND censoring sensitive information... Any idea for an elegant way ? To add some mark-up in config files ? But not always safe for the application ? To add an abstract description of each file describing what to overide ? Insert your good idea here :-) What about a script that we'll call getpasswd that will look in a password base (that will be as secure as the config files..). They could be either plain text or crypted, as needed. Possible implementation : ---8[getpasswd]--- #! /bin/bash BASE=/tmp/pwdbase awk /^$1[ \t]/ {print \$2} $BASE ---8-- ---8[pwdbase]- rootmd5 4e8492ec9f7136f948fe129f5d6430ac rootdes 17/Ep09Pgb6ZA ap password ---8-- So that the config files only contain things like that : PASSWD=`getpasswd ap` Moreover, if one passwd must be given in more than one place, you only need to modify it at this centralised place to change it evrywhere. And if theidentifiers are clear enough, this is a good point for config files to be published. (I hope the weather is good in Brest :)) -- Philippe Biondi biondi@ cartel-securite.fr Cartel Sécurité Security Consultant/RD http://www.cartel-securite.fr Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Re: [PATCH] more that one scripts for the same class
Hi! On Tue, 22 Jan 2002, Jens Ruehmkorf wrote: that's the way we do it for nais since two years. Have a look at http://cvs.sf.net/cgi-bin/viewcvs.cgi/nais/nais/install/init.d/execute_scripts.sh to see how we did that (because the aim is the same). How do this is related to fai ? -- Philippe Biondi biondi@ cartel-securite.fr Cartel Sécurité Security Consultant/RD http://www.cartel-securite.fr Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
[PATCH] patch to speed up bootpc queries
Hi, When rcS_fai tries to get bootp parameters, it does a query on every interface the machine has. This can take a lot of time for nothing. the following patch tries the defaut interface first, and break the loop after the first successfull query. (use the attached file to avoid copy-paste diff problems) -8-- --- /usr/lib/fai/nfsroot/usr/share/fai/subroutines~ Fri Nov 16 17:56:16 2001 +++ /usr/lib/fai/nfsroot/usr/share/fai/subroutines Thu Jan 3 16:00:23 2002 @@ -228,11 +228,14 @@ local device local bootlog=/tmp/bootp.log +# test the default interface first! +testdev=`route -n | awk '/^0.0.0.0/ { print $8}'` $netdevices # define all bootpc information as variables -for device in $netdevices; do +for device in $testdev; do echo Sending BOOTP request using device $device echo * --- network device $device --- $bootlog bootpc --dev $device --timeoutwait $timeout --returniffail $bootlog 21 + if [ $? -eq 0 ]; then break; fi done [ -n $verbose -a -f $bootlog ] echo Reading $bootlog -8-- -- Philippe Biondi pbi@ cartel-info.fr Cartel Informatique Security Consultant/RD http://www.cartel-info.fr Phone: +33 1 44 06 97 94Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --- /usr/lib/fai/nfsroot/usr/share/fai/subroutines~ Fri Nov 16 17:56:16 2001 +++ /usr/lib/fai/nfsroot/usr/share/fai/subroutines Thu Jan 3 16:00:23 2002 @@ -228,11 +228,14 @@ local device local bootlog=/tmp/bootp.log +# test the default interface first! +testdev=`route -n | awk '/^0.0.0.0/ { print $8}'` $netdevices # define all bootpc information as variables -for device in $netdevices; do +for device in $testdev; do echo Sending BOOTP request using device $device echo * --- network device $device --- $bootlog bootpc --dev $device --timeoutwait $timeout --returniffail $bootlog 21 + if [ $? -eq 0 ]; then break; fi done [ -n $verbose -a -f $bootlog ] echo Reading $bootlog
Re: [PATCH] patch to speed up bootpc queries
On Thu, 3 Jan 2002, Thomas Lange wrote: On Thu, 3 Jan 2002 16:11:23 +0100 (CET), Phil [EMAIL PROTECTED] said: Hi, When rcS_fai tries to get bootp parameters, it does a query on every interface the machine has. This can take a lot of time for nothing. This could be made much simpler. If the variable $netdevices is defined, then only this list of interfaces is used and not all available ethernet devices. Define this variable in /etc/fai.conf (the next fai version will use /etc/fai/fai.conf) and rebuild the nfsroot or copy trhis file to $NFSROOT/etc/fai.conf. Here's an example /etc/fai.conf: netdevices=eth0 This is not so easy as you can't be sure about which interface will become eth0 or eth1. For example, the machine I'm using has a dual eepro100. I've pluged the wire on LAN1 and it became eth1 (and LAN2 is eth0). So if I want to carry on using LAN1, I must put netdevices=eth1. But I won't be able to install machines with only one NIC. Moreover, I don't see why every NIC in $netdevices should query a bootp server. One answered query should be enough. I agree we should test if the query is correctly answerd (ie with T17? options) to stop asking bootp servers. I also agree that, with my patch, you can query twice on the same NIC. Am I broken ? ;) -- Philippe Biondi pbi@ cartel-info.fr Cartel Informatique Security Consultant/RD http://www.cartel-info.fr Phone: +33 1 44 06 97 94Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Re: [PATCH] patch to speed up bootpc queries
On Thu, 3 Jan 2002, Geert Stappers wrote: Moreover, I don't see why every NIC in $netdevices should query a bootp server. One answered query should be enough. Even a single NIC computer does three(3) BOOTP-requests: - BootROM where to get my kernel-image request - Kernel where to get my NFS root request - FAI where is the FAI info request I was only talking about the last item. On a multi NIC computer, FAI has to check every netdevice, because the BOOTP server could anywhere. Why should FAI keep on doing requests on other interfaces when it gets a reply on one ? -- Philippe Biondi pbi@ cartel-info.fr Cartel Informatique Security Consultant/RD http://www.cartel-info.fr Phone: +33 1 44 06 97 94Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Problems creating a woody nfsroot
Hi, It seems that fai-setup has some hardcoded potato-related pathes : # fai-setup Adding system user fai... Adding new user fai (103) with group nogroup. Creating home directory /home/fai. Generating public/private rsa1 key pair. Your identification has been saved in /home/fai/.ssh/identity. Your public key has been saved in /home/fai/.ssh/identity.pub. The key fingerprint is: d6:38:7f:d2:18:9d:14:f8:c5:ba:02:d1:32:2e:8d:5b fai@ /home/fai/.ssh/authorized_keys created. User account fai set up. Creating FAI nfsroot can take a long time and will need more than 130MB disk space in /usr/lib/fai/nfsroot. [...] (installing nfsroot with debootstrap) cp: cannot create regular file `usr/lib/perl5/Debian/Fai.pm': No such file or directory Moreover, I'm not sure of my fai.conf : -8- FAI_ARCH=`dpkg --print-installation-architecture` ftpserver=ftp.uk.debian.org debdist=woody # distribution: potato, woody, sid FAI_DEBOOTSTRAP=$debdist http://$ftpserver/debian; FAI_SOURCES_LIST=deb http://$ftpserver/debian $debdist main contrib non-free deb http://$ftpserver/debian $debdist/non-US main contrib non-free NFSROOT_PACKAGES=ssh expect portmap libdetect0 discover reiserfsprogs dpkg-dev FAI_ROOTPW=56hNVqht51tzc SSH_IDENTITY=/home/pbi/.ssh/id_dsa.pub UTC=yes KERNELPACKAGE=/usr/lib/fai/kernel/kernel-image-2.2.19_BOOTP1_i386.deb KERNELVERSION=2.2.19 LOGUSER=fai FAI_REMOTESH=ssh FAI_REMOTECP=scp NFSROOT=/usr/lib/fai/nfsroot FAI_CONFIGDIR=/usr/share/fai -8- Btw, the default value for FAI_CONFIGDIR is /usr/local/share/fai. Doesn't that sound weird for a package ? -- Philippe Biondi pbi@ cartel-info.fr Cartel Informatique Security Consultant/RD http://www.cartel-info.fr Phone: +33 1 44 06 97 94Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Re: Problems with bootp and self-compiled kernels
On Mon, 17 Dec 2001, Thomas Lange wrote: Btw, I tried to apt-get source fai-kernel. the I option is used in tar and it should be -j : FAI 2.2.3 is for potato, where the tar command needs -I, in woody a new tar version needs -j. So it seems you using a mix of potato and woody packages. FAI 2.2.3 is the version distributed for woody and sid. -- Philippe Biondi pbi@ cartel-info.fr Cartel Informatique Security Consultant/RD http://www.cartel-info.fr Phone: +33 1 44 06 97 94Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Problems with bootp and self-compiled kernels
Hi all! I wanted to add aic7xxx support in the boot kernel (I don't know if it should have been loaded automatically as a module, but it did not do so) but I was not able to boot because the kernel did not send any bootp requests. To be sure I did not misconfigure my kernel, I took a fresh vanilla 2.2.19, copied /usr/lib/fai/nfsroot/boot/config-2.2.19 to .config, made menuconfig to create config.h and compiled this kernel, which I put in place of the old one in /usr/lib/fai/nfsroot/boot/. Then I make-fai-floppy. But the result is the same. (an extract of the .config : [...] # # Networking options # CONFIG_PACKET=m CONFIG_NETLINK=y # CONFIG_RTNETLINK is not set CONFIG_NETLINK_DEV=m # CONFIG_FIREWALL is not set CONFIG_FILTER=y CONFIG_UNIX=m CONFIG_INET=y CONFIG_IP_MULTICAST=y # CONFIG_IP_ADVANCED_ROUTER is not set CONFIG_IP_PNP=y # CONFIG_IP_PNP_DHCP is not set CONFIG_IP_PNP_BOOTP=y # CONFIG_IP_PNP_RARP is not set # CONFIG_IP_ROUTER is not set # CONFIG_NET_IPIP is not set CONFIG_NET_IPGRE=m # CONFIG_NET_IPGRE_BROADCAST is not set # CONFIG_IP_MROUTE is not set # CONFIG_IP_ALIAS is not set # CONFIG_SYN_COOKIES is not set CONFIG_INET_RARP=m CONFIG_SKB_LARGE=y CONFIG_IPV6=m # CONFIG_IPV6_EUI64 is not set [...] ) Any Idea ? Btw, I tried to apt-get source fai-kernel. the I option is used in tar and it should be -j : [...] tar Ixf /usr/src/kernel-source-2.2.19.tar.bz2 tar: Warning: the -I option is not supported; perhaps you meant -j or -T? Try `tar --help' for more information. make: *** [unpack-stamp] Error 2 for iinfo, here it is : deneb:/tmp/fai-kernels-1.1.3$ find -type f | xargs grep tar Ixf ./debian/rules: tar Ixf /usr/src/$(kname).tar.bz2 Thanks. -- Philippe Biondi pbi@ cartel-info.fr Cartel Informatique Security Consultant/RD http://www.cartel-info.fr Phone: +33 1 44 06 97 94Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2