setup-storage - preserving LUKS partitions possible?
Hello, I have the following disk config: disk_config disk1 disklabel:msdos bootable:1 align-at:1 fstabkey:uuid preserve_lazy:6 primary /boot 1024 ext4 rw logical - 30720 - - logical - 4- - - disk_config lvm vg vg1 disk1.5 vg1-root / 23552 ext4 rw,errors=remount-ro vg1-swap - 4096 - - vg1-tmp - 1024 - - vg1-varlog /var/log 2048 ext4 rw disk_config cryptsetup tmp - /dev/vg1/tmp ext2 - swap - /dev/vg1/swap swap - luks /media/daten disk1.6 ext4 acl createopts="-L Daten" When reinstalling, setup-storage tells me that it will preserve /dev/sda6, but nevertheless LUKS-formats it again and creates a new filesystem. Apparently, "preserve" options are not available for cryptsetup blocks, at least according to the manpage. Is there any way to accomplish this? Thanks, Andreas
Re: Secure deploy of keys
Hello, I would be very interested if you find any solutions. By design, the FAI config space has to be somewhere where it is accessible without access control (anonymous NFS or whatever), and everything within it obviously has to be readable. I guess you will need to find other solutions. As for the SSH keys, I am currently trying to publish SSH keys in DNS so clients can verify them. Haven't tested yet what happens when the client already has a (different) key in its known_hosts file, though. Bye, Andreas Am 13.12.22 um 14:47 schrieb Diego Zuccato: > Hello all. > > What's the recommended way to deploy (or re-deploy) security-sensitive > objects (just to say one: private ssh key to avoid client warnings when > redeploying a server)? > > TIA
Weird generated hostname
Hello, I watched some weird behaviour of FAI today. It occurs when the IP address is assigned by DHCP and no hostname is supplied on the kernel command line. I remember that FAI used to generate hostnames like '192-168-10-123' in that case. Now it is '127-0-0-1/8 192-168-10-123'. Yes, including the slash and the space. This leads to problems e.g. with apt-key; it wants to generate a temporary directory like '/etc/apt/trusted.gpg./.. Since the hostname contains a slash and a space, this fails and subsequently the whole installation fails. I cannot tell when exactly this changed; usually our existing hosts have hostnames assigend with DHCP, only sometimes we install new machines without assigning a hostname first. Bye, Andreas
Re: dracut error during nfsroot update
Are you sure this works on upgrade, too? I called it with fai-make-nfsroot -k -N -p -P -v Bye, Andreas Am 19.06.20 um 09:29 schrieb Thomas Lange: > That shouldn't be necessary. fai-make-nfsroot should install dracut-live > and dracut-squash automatically.
Re: dracut error during nfsroot update
Hello, no I did not know that. But we were using FAI 5.9.4, dracut within the nfsroot was 050+35-4. What helped was manually installing dracut-live in the nfsroot. Now everything works. Bye, Andreas Am 18.06.20 um 12:54 schrieb Thomas Lange: > Have you read this? > https://lists.uni-koeln.de/pipermail/linux-fai/2020-April/012479.html > > >>>>>> On Tue, 16 Jun 2020 09:31:46 +0200, Andreas Heinlein >>>>>> said: > > Hello, > > when trying to upgrade the nfsroot, we get > > >> dracut: Generating /boot/initrd.img-4.19.0-9-amd64 > >> dracut: dracut module 'livenet' cannot be found or installed. > >> dpkg: error processing package dracut (--configure): > >> subprocess installed post-installation script returned error exit > >> status 1 >
dracut error during nfsroot update
Hello, when trying to upgrade the nfsroot, we get > dracut: Generating /boot/initrd.img-4.19.0-9-amd64 > dracut: dracut module 'livenet' cannot be found or installed. > dpkg: error processing package dracut (--configure): > subprocess installed post-installation script returned error exit > status 1 The nfsroot is based on Debian 10. I have found a similar problem on this list from 2017 (https://lists.uni-koeln.de/pipermail/linux-fai/2017-June/011735.html). The solution then was to include curl in the nfsroot. Curl is installed in our nfsroot, we are using the NFSROOT list shipped with the current version. Any ideas how to find out what is missing? Thanks, Andreas
Re: Upgrade error in nfsroot
Hello, I have to correct myself: upgrading the nfsroot worked, but the NFS root is not functional now. When booting, it says "cannot execute /etc/init.d/rcS". Indeed, /etc/init.d/rcS does not exist. Is rcS supposed to be a real file or a link somewhere? Thanks, Andreas Am 26.02.20 um 08:31 schrieb Andreas Heinlein: > Hello, > > when upgrading FAI inside the nfsroot with 'fai-make-nfsroot -v -k -N', I got: > > Preparing to unpack .../15-fai-nfsroot_5.9.2_all.deb ... > dpkg-divert: error: 'diversion of /etc/init.d/rcS to /etc/init.d/rcS.orig by > fai-nfsroot' clashes with 'diversion of /etc/init.d/rcS to > /etc/init.d/rcS.distrib by fai-nfsroot' > dpkg: error processing archive > /tmp/apt-dpkg-install-hXzBfK/15-fai-nfsroot_5.9.2_all.deb (--unpack): > new fai-nfsroot package pre-installation script subprocess returned error > exit status 2 > > when upgrading FAI from 5.9.1 to 5.9.2 > > I had to manually chroot to the nfsroot and remove the diversion, then it > worked. Maybe this should be included in the preinst script. > > Bye, > > Andreas > >
Upgrade error in nfsroot
Hello, when upgrading FAI inside the nfsroot with 'fai-make-nfsroot -v -k -N', I got: Preparing to unpack .../15-fai-nfsroot_5.9.2_all.deb ... dpkg-divert: error: 'diversion of /etc/init.d/rcS to /etc/init.d/rcS.orig by fai-nfsroot' clashes with 'diversion of /etc/init.d/rcS to /etc/init.d/rcS.distrib by fai-nfsroot' dpkg: error processing archive /tmp/apt-dpkg-install-hXzBfK/15-fai-nfsroot_5.9.2_all.deb (--unpack): new fai-nfsroot package pre-installation script subprocess returned error exit status 2 when upgrading FAI from 5.9.1 to 5.9.2 I had to manually chroot to the nfsroot and remove the diversion, then it worked. Maybe this should be included in the preinst script. Bye, Andreas
Re: fai-sed exit code
Am 13.01.20 um 13:04 schrieb Thomas Lange: > I can add such an option, which I already have with fcopy. > I a shell script, you can use this code to always get exit 0 from a command. > > fai-sed .. || true That is true, but this means that no error will get caught, not even syntax errors, file not found etc. Andreas
Re: fai-sed exit code
Am 10.01.20 um 16:02 schrieb Thomas Lange: > I want to distinguish if fai-sed has nothing to change or changed the > file. Therefore in one the cases it has to return and exit code != 0. > > Do you have any better idea? If you want to do this, no, I have no better idea. You would have to exit any script using fai-sed with "exit 0" at the end, or the fai master process will treat the script as failed. Maybe you could add a "-q" switch to fai-sed that will turn off that behaviour for those who don't need it? Andreas
fai-cd 5.9 grub-mkstandalone error
Hi, I just tried the fai-cd command from FAI 5.9. After creating the squashfs, I get: grub-mkstandalone: error: cannot make temporary directory: No such file or directory. I can see that /tmp/grub.cfg exists in the nfsroot. From what I saw in fai-cd, the next step would be: chroot $NFSROOT grub-mkstandalone \ --format=x86_64-efi \ --output=/tmp/bootx64.efi \ --locales="" --fonts="" \ "boot/grub/grub.cfg=/tmp/grub.cfg" If I run that command directly from the shell, it works and creates /tmp/bootx64.efi in the NFSROOT. Any idea what might be causing this? Thanks, Andreas
fai-sed exit code
Hello, can you explain the purpose of fai-sed exiting with '1' if the file was changed? By default, this would mean a script *fails* with this exit code if a file was actually changed. Would also be nice to update the example scripts to use fai-sed instead of sed. Thanks, Andreas
Re: FAI and Debian Buster (was Re: New ISO images available)
Hello, indeed, 5.8.4 fixes both problems. Should have tried that first; sorry for the inconvenience. Andreas Am 02.04.19 um 09:57 schrieb Thomas Lange: >>>>>> On Tue, 2 Apr 2019 08:28:18 +0200, Andreas Heinlein >>>>>> said: > > I don't really need ISO images, but if someone has been successful on > > installing buster with FAI, I'd be happy to hear. > I've done several buster installations for a client using buster. > > > I am currently in the first testing stages, and I am having some trouble > > with grub and lvm2. It seems there are some new problems related to > > installing within a chroot. Problem is 1) that update-grub hangs forever > > and 2) lvm2 postinst hangs with error messages like "WARNING: Device > > /dev/sda1 not initialized in udev database even after waiting 1000 > > microseconds." > > > The first seems to be related to os-prober, the latter seems due to some > > changes in lvm2. I found posts on Arch Linux forums that suggest that > > you need /run/lvm available within the chroot, but it looks like it > > already is when installing with FAI. > This is already fixed in FAI 5.8.4. > I'm not sure if it also fixed the first one. > > From the changelog: > * updatebase: mount /run/udev into /target, Closes: #925247 >
FAI and Debian Buster (was Re: New ISO images available)
Am 28.03.19 um 15:52 schrieb Thomas Lange: > What about your interest in having ISO images using buster? I like to > get some feedback if you prefere stable releases or also want to have > ISO for Debian testing. I don't really need ISO images, but if someone has been successful on installing buster with FAI, I'd be happy to hear. I am currently in the first testing stages, and I am having some trouble with grub and lvm2. It seems there are some new problems related to installing within a chroot. Problem is 1) that update-grub hangs forever and 2) lvm2 postinst hangs with error messages like "WARNING: Device /dev/sda1 not initialized in udev database even after waiting 1000 microseconds." The first seems to be related to os-prober, the latter seems due to some changes in lvm2. I found posts on Arch Linux forums that suggest that you need /run/lvm available within the chroot, but it looks like it already is when installing with FAI. References: https://bbs.archlinux.org/viewtopic.php?id=242594 https://unix.stackexchange.com/questions/105389/arch-grub-asking-for-run-lvm-lvmetad-socket-on-a-non-lvm-disk Thanks, Andreas
Re: Questions regarding PACKAGES remove
Am 21.03.19 um 18:40 schrieb Thomas Lange: > Hi Andreas, > > I wonder why you get this error, because apt-get says it does not even > know this package. If I like to remove a package that's in the > database I get this output > > veedel[~]# apt-get purge moon-buggy > Reading package lists... Done > Building dependency tree > Reading state information... Done > Package 'moon-buggy' is not installed, so not removed > 0 upgraded, 0 newly installed, 0 to remove and 16 not upgraded. > > Maybe you may have removed some sources.list entries, so apt-get > complains about unknown packages. Hello, your are right, the root of the problem is that these packages have been removed completely from debian stable. These are XUL style firefox extensions which are not supported in recent firefox versions anymore. So the debian maintainers obviously decided, instead of providing a dummy transitional package, to completely remove them. I have never before seen a package being removed from stable... So now it looks like they never existed, even though machines installed earlier still have them installed. But this is, hopefully, a special case that will not happen again, so I will solve this by using a script instead. This is not a bug in FAI. Thank you for your help. Andreas
Questions regarding PACKAGES remove
Hello, I now have my first use of "PACKAGES remove" in the FAI configuration, and I have come across two smaller problems: 1. The behaviour is not "idempotent", i.e. I get an error when the packages to remove are already removed. This is the case quite often since we use FAI also for softupdates, and I want to keep the "PACKAGES remove" section for some time until I am sure that all clients have run the softupdate at least once. I get this in fai.log: install_packages: executing chroot /target apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew --purge remove xul-ext-adblock-plus xul-ext-adblock-plus-element-hiding-helper xul-ext-noscript Reading package lists... Building dependency tree... Reading state information... E: Unable to locate package xul-ext-adblock-plus E: Unable to locate package xul-ext-adblock-plus-element-hiding-helper E: Unable to locate package xul-ext-noscript ERROR: 25600 25600 ERROR: chroot /target apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew --purge remove xul-ext-adblock-plus xul-ext-adblock-plus-element-hiding-helper xul-ext-noscript return code 100 This doesn't seem to be much of a problem now, but I don't know what happens if only one of the packages in question is already removed and the others are not. More important is that it results in a non-empty error.log and thus a seemingly unsuccessful installation in general. 2. fai-mirror complains that it doesn't know how to deal with "PACKAGES remove". It doesn't include these packages either, so it is harmless but may be easily correctable. Bye, Andreas
Re: Network interface names
Am 12.10.2018 um 17:09 schrieb Steffen Grunewald: > Hi, > > I've learned that I may "fix" the device interface names using a rules file > in /etc/udev/rules.d, to avoid susprises after the installation. > While adding some special parameters to the kernel command line didn't work, > udev does its job reliably outside of FAI. > What I still haven't found is which magic FAI uses to avoid the renaming > to "predictable network interface names" (a term that's completely misleading > to me as I'm unable to predict the network names if I'm given a brand-new > machine). Thomas, can you shed some light on this? > My plan is to read the (old-style) interface names assigned by FAI, then > create a $target/etc/udev/rules.d/70-persistent-net.rules file from that > information. Is there a hidden trap? When is it best to write that file? > > Thanks, > Steffen Hello, probably not exactly what you were asking, but you can turn off "predictable network interface names" by adding "net.ifnames=0" to the kernel command line, e.g. in /etc/default/grub (add it to GRUB_CMDLINE_LINUX_DEFAULT). Bye, Andreas
Re: Compatibility when installing APT keys
Am 21.05.2018 um 11:27 schrieb Thomas Lange: > I would like to hear more opinions from others about the solution b) > which seems to be ok for me. As I also came across this problem: yes, I think this is a good solution. Besides that, Derek's solution is quite beautiful. From the gnupg manpage: "--dearmor Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor. This is a GnuPG extension to OpenPGP and in general not very useful." It seems he has just proven the manpage wrong ;-) Bye, Andreas
Re: GRUB EFI blues - Debian 9/FAI 5.3.6
Am 18.04.2018 um 10:14 schrieb tt-...@kky.ttu.ee: > > I can second to that. I installed a SuperMicro X10SLM-F based server > last month and did not find any option in the BIOS to PXE-boot FAI > into UEFI mode. Ended up using disklabel:gpt-bios and GRUB_PC. I did > not try to boot off an USB stick, so it is worth investigating if an > option exists for booting that in UEFI mode. > > > > From my experiments I was left with the impression that it is not easy > (or even possible) to “cross-install” UEFI-boot-capable disk if the > system was booted into legacy (BIOS) mode. If someone has found a way > to do it, I would also appreciate suggestions. > > > > Regards, > > Toomas > > > > *From:*linux-fai *On Behalf Of > *Andreas Heinlein > *Sent:* Wednesday, April 18, 2018 9:56 AM > *To:* linux-fai@uni-koeln.de > *Subject:* Re: GRUB EFI blues - Debian 9/FAI 5.3.6 > > > > Am 18.04.2018 um 00:28 schrieb Bob Apodaca: > > I think the first issue is FAI is setting the GRUB_PC class > instead of the GRUB_EFI class and I'm not sure why. > > I am pretty sure this depends on how the installation was started. > That means you will have to boot your FAI installation using UEFI as > well. This can be a bit tricky if you want to install from network - I > also tried setting up PXE with UEFI some time ago and failed. > Bye, > Andreas > I am pretty sure it is not possible to set up grub-efi correctly when booted in legacy mode. While it is possible to detect that we are actually running an EFI-capable machine (dmidecode or lshw can detect that), we cannot access the efi variables under /sys/efi since the firmware doesn't expose them to the host when running under CSM aka "Legacy mode". Booting from USB with UEFI is possible, in fact I have such a USB device here somewhere. But I need to remember what I did, it was not (yet) completed in FAI at that time. I remember I wanted to make some patches available, but never found the time. This is almost a year ago now. What you basically need is a small FAT partition preferrably of type 'ef' (EFI Boot Partition) on the USB drive, which contains a grub efi image as EFI/BOOT/BOOTX64.EFI. That image can be created with grub-mkimage and needs to include at least all modules for reading the "main" partition and the grub.cfg on it. That will be mostly ext filesystem and msdos partition table, I think. That image should also include an embedded config file with a one-liner like configfile (hd0,msdos1) if the main partition is the second on the USB drive. I will try to find this again and post it here. Bye, Andreas
Re: GRUB EFI blues - Debian 9/FAI 5.3.6
Am 18.04.2018 um 00:28 schrieb Bob Apodaca: > > I think the first issue is FAI is setting the GRUB_PC class instead of > the GRUB_EFI class and I'm not sure why. > I am pretty sure this depends on how the installation was started. That means you will have to boot your FAI installation using UEFI as well. This can be a bit tricky if you want to install from network - I also tried setting up PXE with UEFI some time ago and failed. Bye, Andreas
Additional repository keys
Hello, it seems I missed some change in the behaviour of adding apt keys. I have several apt keys in the config space in packages/.asc. The fai-guide says these are being added via apt-key add, and I remember it was that way in the past. Today I noticed with FAI 5.6, that these files seem to be copied over to /etc/apt/trusted.gpg.d instead. This works with Debian 9, but does not with Debian 8. The apt version in Debian 8 requires the keys to be in binary format and have the extension .gpg. I still need to be able to install jessie clients with a stretch nfsroot, though. Would it be possible to patch FAI to copy over .gpg files as well? Thanks, Andreas
Re: setup-storage fails on blank disk
Am 03.01.2018 um 17:28 schrieb Holger Parplies: > Hi, > > Andreas Heinlein wrote on 2018-01-03 13:53:40 +0100 [setup-storage fails on > blank disk]: >> [...] >> I have encountered a problem with setup-storage which occurs only when >> the disk is blank, i.e. wiped with nwipe/dban or brand new. It then >> fails on creating the LVM; running 'pvcreate' returns 'cannot open >> /dev/sda5 exclusively'. > this is probably unrelated, but is there any reason to put the LVM PV inside > a "logical" volume? DOS extended partitions seem to be the worst hack ever > invented to get around a limitation in a bad design, yet they repeatedly > and apparently unnecessarily pop up in quoted disk_configs: > >> [...] >> This is your disk_config file: >> # generic disk configuration for one small disk >> # disk size from 500Mb up to what you can buy today >> # >> # [extra options] >> >> disk_config disk1 disklabel:msdos bootable:1 preserve_lazy:6 align-at:1M >> fstabkey:uuid >> primary /boot 300 ext4rw createopts="-O >> ^64bit,^metadata_csum" >> logical - 29500-3 - - >> logical /media/daten 1024- ext4acl createopts="-O >> ^64bit,^metadata_csum -L Daten" > I count three partitions, which would work perfectly with primary partitions > (furthermore, you are using LVM to have an arbitrary number of named and > dynamic "volumes" (i.e. partitions) anyway, so if you needed more, LVM would > be the superior mechanism; of course, your specific requirements may vary). > Ok, you are preserving a logical partition, so in this particular case you'd > actually need to stick with logical partitions, but the partition in question > is ext4, not FAT-based, so it doesn't appear to be a legacy Windoze issue. > > My point: am I missing something, and there is some obscure benefit of putting > an LVM container within an extended-partition-container (such as hiding it > from something), or is it simply a common misconception that you for some > reason cannot or should not put an LVM PV (or even several individual native > Linux partitions - such as /, /var and /tmp) into primary partitions - > assuming you only need upto four of them (and, obviously, assuming you are > still using MSDOS partition tables)? > > Or, differently: for a *blank disk*, you obviously won't be preserving sda6, > and you probably aren't referencing it by partition number ("fstabkey:uuid"), > so does using 'primary' instead of 'logical' for all three partitions change > anything concerning the error you are experiencing? > > Hope that helps someone (perhaps me ;-) ... > > Regards, > Holger Hello, yes, you are right - in some way, this *is* a legacy windows issue that has developed over time. In fact, the preserved partition once was a FAT partition as long as we had dualboot installations on these machines. We finally removed the dualboot two or three years ago and chose to format this partition ext4 instead. Why we didn't move to primary partitions or put it within the LVM at that time - I don't know. On the other hand, up to now we had no problems with that, so no urge to change anything. If you think it might help, I could try changing this. Bye, Andreas
setup-storage fails on blank disk
Hello, I have encountered a problem with setup-storage which occurs only when the disk is blank, i.e. wiped with nwipe/dban or brand new. It then fails on creating the LVM; running 'pvcreate' returns 'cannot open /dev/sda5 exclusively'. I have attached the fai.log with all the details. When I reboot the machine, which now has a partition table in place, everything works fine. Same for reinstalling machines which were already installed with earlier versions of FAI. I can't exactly tell which FAI version we had in use when we last set up a brand new machine - might be 5.3, might be even earlier, so the error may already exist for a while. Thanks, Andreas - Fully Automatic Installation - FAI 5.5 (c) 1999-2017 Thomas Lange - Calling task_confdir Kernel currently running: Linux 4.9.0-4-amd64 x86_64 GNU/Linux Kernel parameters: BOOT_IMAGE=vmlinuz-4.9.0-4-amd64 initrd=initrd.img-4.9.0-4-amd64 ip=dhcp root=/srv/fai/nfsroot rootovl FAI_FLAGS=verbose,createvt,sshd FAI_ACTION=install quiet FAI_CONFIG_SRC=nfs://***/srv/fai/config Reading /tmp/fai/boot.log FAI_FLAGS: verbose createvt sshd Setting SERVER=***. Value extracted from FAI_CONFIG_SRC. Can't connect to monserver on *** port 4711. Monitoring disabled. FAI_CONFIG_SRC is set to nfs://***/srv/fai/config Configuration space ***:/srv/fai/config mounted to /var/lib/fai/config Source hook: setup.DEFAULT.sh setup.DEFAULT.sh OK. Calling task_setup FAI_FLAGS: verbose createvt sshd 3 Jan 13:08:06 ntpdate[991]: step time server *** offset -0.064882 sec Press ctrl-c to interrupt FAI and to get a shell Starting FAI execution - 20180103_130806 Calling task_defclass fai-class: Defining classes. Executing /var/lib/fai/config/class/01-classes. 01-classes OK. Executing /var/lib/fai/config/class/10-base-classes. 10-base-classes OK. Executing /var/lib/fai/config/class/20-hwdetect.sh. Loading kernel module mptspi Loading kernel module dm-mod Loading kernel module md-mod Loading kernel module aes Loading kernel module dm-crypt 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:5e:c0:3e brd ff:ff:ff:ff:ff:ff inet 172.16.9.236/24 brd 172.16.9.255 scope global eth0 inet6 fe80::a00:27ff:fe5e:c03e/64 scope link New disklist: sda 20-hwdetect.sh OK. Executing /var/lib/fai/config/class/40-parse-profiles.sh. 40-parse-profiles.sh OK. Executing /var/lib/fai/config/class/41-warning.sh. 41-warning.shOK. Executing /var/lib/fai/config/class/50-host-classes. 50-host-classes OK. Executing /var/lib/fai/config/class/58-hardware. 58-hardware OK. Executing /var/lib/fai/config/class/60-misc. 60-misc OK. List of all classes: DEFAULT LINUX AMD64 DHCPC PRECISE PRECISE_HOMI GERMAN FAICLIENT GRUB_PC ... LAST Calling task_defvar Executing PRECISE.var ++ FAI_ALLOW_UNSIGNED=1 ++ CONSOLEFONT= ++ KEYMAP=us-latin1 ++ UTC=yes ++ TIMEZONE=Europe/Berlin ++ ROOTPW=X ++ MODULESLIST='usbkbd ehci-hcd ohci-hcd uhci-hcd usbhid psmouse fuse' ++ SUDO_FORCE_REMOVE=yes ++ MAXPACKAGES=1 ++ UCF_FORCE_CONFFOLD=1 Executing GERMAN.var ++ KEYMAP=de-latin1-nodeadkeys Defining variables from additional.var ++ disklist='sda ' Loading keymap(s) de-latin1-nodeadkeys ...done. Calling task_action FAI_ACTION: install Performing FAI installation. All data may be overwritten! Calling task_install Calling task_partition Starting setup-storage 2.1 Using config file: /var/lib/fai/config/disk_config/PRECISE Parted could not read a disk label (new disk?) Executing: parted -s /dev/sda mklabel msdos WARNING: Failed to connect to lvmetad. Falling back to device scanning. Creating directory "/run/lock/lvm" No volume groups found. Executing: parted -s /dev/sda mklabel msdos Executing: parted -s /dev/sda mkpart primary "ext3" 1048576B 315621375B Executing: parted -s /dev/sda set 1 boot on Executing: parted -s /dev/sda mkpart extended "" 315621376B 42949672959B Executing: parted -s /dev/sda mkpart logical "" 316669952B 31380733951B Executing: parted -s /dev/sda mkpart logical "ext3" 31381782528B 42949672959B Executing: mkfs.ext4 -O ^64bit,^metadata_csum /dev/sda1 Executing: mkfs.ext4 -O ^64bit,^metadata_csum -L Daten /dev/sda6 Executing: parted -s /dev/sda set 5 lvm on Executing: pvcreate -ff -y /dev/sda5 (STDERR) WARNING: Failed to connect to lvmetad. Falling back to device scanning. (STDERR) Can't open /dev/sda5 exclusively. Mounted filesystem? Command had non-zero exit code This is your disk_config file: # generic disk configuration for one small disk # disk size from 500Mb up to what you can buy today # # [extra options] disk_config disk1 disklabel:msdos bootable:1 preserve_lazy:6 align-at:1M fstabkey:uuid primary /boot 300 ext4 rw createopts="-O ^64bit,^metadata_csum" logical - 29500-3 - - logical
Re: Multiple debian editions on debian stretch server
Am 16.08.2017 um 22:20 schrieb Thomas Lange: >> On Wed, 16 Aug 2017 17:07:02 -0300, "Fco Z." said: > > I am in the process of upgrading old servers (hardware). Currently the > server > > is with debian jessie and the hosts also with debian jessie. > > > If I install debian stretch as a server, can I still install debian > jessie on > > the hosts? Or I keep on debian jessie for server.All this thinking to > future > > upgrade for hosts to debian stretch. > You can upgrade the server to stretch, but you should make a backup > of the nfsroot used for jessie installations. You can then have two > nfsroots, one for the stretch one for the jessie installation. > A jessie installation may also run from an stretch nfsroot, but it may > cause some problems. So using the old nfsroot for your jessie > installations is the best way to do it. And then build a new stretch > nfsroot using the new FAI version for your stretch installations. > We have switched from Ubuntu 12.04 LTS this year to Debian jessie. Both installs ran fine at the same time from a jessie nfsroot. I am currently testing stretch on the clients, and this too uses the same jessie nfsroot. So yes, your approach is probably the safest, but it may not be necessary at all. Andreas
Re: Bug#868267: fai-client: fetch-basefile breaks for hostnames with hyphens
Am 26.07.2017 um 15:51 schrieb Thomas Lange: >> On Thu, 13 Jul 2017 17:41:56 -0400, Arcady Genkin >> said: > > guessing that the hyphen in the host name is causing the problem (the > hostname > > is "eddie-vm.teach.cs.toronto.edu" which defines a FAI class of the > same name). > Hi Arcady, > > the problem is, that FAI class names should not contain a hyphen. IIRC > this was done because cfengine classes also do not allow hyphens, but > underscore. > > One solution would be to substitute the hyphen in the hostname into a > underscore, which is allowed in FAI classes. > > I fear we will break more things if we allow hyphens in class names. > > Any comments on this from the mailing list (CC)? I have a large number of hosts here with hyphens in their hostname, and they all install with FAI just fine. I am even using the implicit host-name classes for some hosts, but admittedly not with cfengine. But there are cfengine scripts with other class names that run just fine on these hosts. If there really is a potential problem, converting hyphen to underscore in implicit classes derived from hostnames is probably the best idea. Underscores are not allowed in hostnames, so there can be no collision with another host named 'eddie_vm'. I could live with that. Andreas
Re: FAI and invoke-rc.d: policy-rc.d denied execution of restart
Am 05.07.2017 um 23:24 schrieb Nat Sincheler: > In doing an FAI build of stretch we are seeing several messages of the > form > > Running in chroot, ignoring request. > invoke-rc.d: policy-rc.d denied execution of restart. > > > For example: > > ... > Setting up libmagic1:amd64 (1:5.30-1) ... > Setting up rsync (3.1.2-1) ... > Running in chroot, ignoring request. > invoke-rc.d: policy-rc.d denied execution of restart. > Created symlink > /etc/systemd/system/multi-user.target.wants/rsync.service → > /lib/systemd/system/rsync.service. > Setting up tmpreaper (1.6.13+nmu1+b2) ... > ... > > > > What does this error message mean? Can it be safely ignored? > > This is the desired behavior in this case. This means that invoke-rc.d is *not* restarting services after installation/update, even though some installation script requested, because we are installing within a chroot instead of the "real" system. Bye, Andreas
Re: Fwd: Adding Macs with FAI
Am 16.06.2017 um 22:33 schrieb BMIRC System Administrator: > Hello, > > We are trying to create an FAI CD with FAI 5 that can boot in EFI > mode, however from our research, it does not appear that FAI supports > EFI booting. We are trying to install a Mac machine with FAI so that > we can add this machine to our cluster and since the Macs don't > support PXE, we are trying to make an FAI CD that is EFI bootable. > > Has anyone successfuly made an FAI CD that can boot in EFI mode or had > success adding a Mac OS client with FAI through other means? > > Thanks I created an EFI compatible FAI-CD last week... I just wanted to test it a little before publishing the necessary changes here. So far it works for me with both 64bit and 32bit EFI firmwares. It does not support secure boot, though. I had problems with the grub menu in EFI mode, however. For some weird reason the menu was all black, i.e. invisible, except for the currently highlighted line. The same grub.cfg works with GRUB-PC as usual. There are also some changes necessary to the installation; some are already prepared in the current FAI version but they're not complete. I will try to find some time next week to do that, at least I can share the necessary changes here. Bye, Andreas
Re: creating asc key files
Am 12.04.2017 um 22:07 schrieb Thomas Lange: > IIRC, I did it using this command > > gpg -a --export --export-options export-clean la...@debian.org > my.asc > > Maye use export-minimal instead of export-clean This will export the key from your personal keyring; the OP wants to export from apt's keyring. So it should be: gpg -a --keyring /etc/apt/trusted.gpg --export --export-options export-clean la...@debian.org > my.asc Bye, Andreas
Re: script to execute after reboot
Am 14.03.2017 um 15:21 schrieb John G Heim: > What I do is to run an fai softupdate via a line in cron upon reboot. > > @REBOOT root fai --class=POSTINSTALL softupdate > > Kind of nice to do an FAI softupdate after every reboot -- especially > the 1st one after the initial install. Over the years, I've moved more > and more stuff into the post install softupdate. This has 2 benefits. > First, the initial install takes only 5 to 10 minutes. Secondly, I can > almost do a normal install from a CD and do the softupdate and get the > same results as if I did a fai install in the first place. > So essentially what I am suggesting is that you run your script after > every reboot, not just the first one. It can be very convenient to > have a script that is run after each reboot. Personally, I update that > script via an fai softupdate. In other words, the softupdate is > updating the next softupdate. That can get tricky. Make a mistake and > the softupdates come to a screeching halt. Then you have to figure out > some way to copy a repaired script to all your fai machines. I did > that once or twice early on but now I haven't messed it up in years. > > > > > On 03/14/2017 07:49 AM, jan.dre...@bertelsmann.de wrote: >> Hi, >> >> I have a script with some commands that should be executed on first >> reboot after installation only. Now I could put a call to it into >> rc.local and delete it afterwards, but I’m sure I have seen a more >> elegant solution directly with FAI. Could someone point my nose to >> the right direction? >> >> Thanks in advance, >> Jan Dreyer >> I have written a startup job for systemd to run scripts in a directory /etc/runonce.d and then delete the script. It is not very sophisticated yet, namely it deletes the job no matter whether it exited successfully or not. I can post it tomorrow, when I'm back at work. I also run softupdates, but I prefer to run them at shutdown instead of startup. Running at startup has the advantage that the machine is always up-to-date (except for kernel updates), including machines which haven't been powered on for weeks or even months. But it has the disadvantage of blocking the users' work, something which I absolutely hate about the way Win* implements its updates. BTW, this (running jobs once at startup) is something I have been missing in Linux all these years. Sadly enough, Windows can just do that. I wish that 'at @reboot...' would work, but it doesn't :-( Bye, Andreas
Re: fai-mirror, fai-cd and backports
Am 18.11.2014 um 11:02 schrieb Thomas Lange: >>>>>> On Tue, 18 Nov 2014 09:30:01 +0100, Andreas Heinlein >>>>>> said: > > If I add 'hplip/precise-backports' to the packages file, this works for > > the normal installation, but it does not for the CDs. The reason is that > > fai-mirror creates a new repository named 'cskoeln', so FAI/apt cannot > > find the 'precise-backports' repo when running from CD. > > > Any ideas how to solve this cleanly? > No. Currently fai-mirror can not keep the information about the > repositories where it downloaded the packages. It builds a complete new > package repository structur. Is there a tool that can do it better? > I found a solution with a slight modification to fai-mirror. Patch is attached. I added a '-P' option to fai-mirror which allows to copy a specified APT preferences file to $aptcache/etc/apt/preferences before creating the mirror. If I add this to a file 'aptpref' Package: hplip Pin: release a=precise-backports Pin-Priority: 500 and call fai-mirror with ... -P aptpref ..., then the mirror ends up with hplip_3.13.9... which is from precise-backports. This is enough for me, don't know if someone else finds this useful. Bye, Andreas --- fai-mirror.orig 2014-09-29 14:46:03.0 + +++ fai-mirror 2014-11-18 11:24:00.471899682 + @@ -186,7 +186,7 @@ verbose=0 add=1 qflag=-qq -while getopts "a:Bvhx:pc:C:m:" opt ; do +while getopts "a:Bvhx:pc:C:m:P:" opt ; do case "$opt" in a) arch=$OPTARG ;; B) add=0 ;; @@ -197,6 +197,7 @@ m) MAXPACKAGES="$OPTARG";; p) preserve=1;; v) verbose=1; vflag=-v; qflag='';; +P) aptpref="$OPTARG";; ?) die 1 "Unknown option";; esac done @@ -250,6 +251,9 @@ # TODO: use -p to preserve sources.list sed -e 's/file:/copy:/' $cfdir/apt/sources.list >> $aptcache/etc/apt/sources.list +if [ -f "$aptpref" ]; then +cp "$aptpref" $aptcache/etc/apt/preferences +fi echo "Getting package information" apt-get $qflag $aptoptions update >/dev/null
fai-mirror, fai-cd and backports
Hello, we are currently using FAI to install Ubuntu 12.04 on our clients, using a Debian Wheezy server with FAI 4.2.5. We are also using fai-cd to create installation media for some offsite machines. We need to take some specific packages from the backports repository, namely hplip. If I add 'hplip/precise-backports' to the packages file, this works for the normal installation, but it does not for the CDs. The reason is that fai-mirror creates a new repository named 'cskoeln', so FAI/apt cannot find the 'precise-backports' repo when running from CD. I could use apt-pinning instead by creating a respective file in ${target}/etc/apt/preferences.d right before task_instsoft. This would, however, make it neccessary to make fai-mirror use the same pinning when creating the mirror. I have not found a way of doing that short of directly editing the script, which I would rather not do. Any ideas how to solve this cleanly? Thanks, Andreas
Re: fai-mirror and conflicting packages
Am 21.06.2014 02:56, schrieb Holger Parplies: > > actually, I've done that. It's a quick and dirty hack, uncommented and without > any guarantees, but it seems to have worked for me at some point in time ;-), > so feel free to try it if you like (and please tell me if something doesn't > work). Reads 'dpkg --get-selections' type output from stdin and writes to > stdout (including package count lines, so you'll have to delete those ;-). > I just saw that I write a different format to stdout (only one package per > line, without the 'install' required on stdin). > > Regards, > Holger Thank you very much, it seems quite useful. Two things I found until now: 1.) The script needs to be run with english/C locale. I ran it with de_DE and got no reduced list because the script looks for the term "Depends" in the cache array while it actually is "Hängt ab" under a german locale. 2.) The script does not deal with circular dependencies and removes all packages within that circle from the list. Example: the package 'ldap-auth-client' is a meta-package for LDAP authentication. It depends on libpam-ldap and libnss-ldap, which both depend on ldap-auth-config, which in turn depends on ldap-auth-client again. So your tool removes all of these packages from the list. I think there is no easy solution for this, but I can live with it. Your tool reduced the list from 1531 packages to 361, which helps a lot. Thanks again, Andreas
Re: fai-mirror and conflicting packages
Hello, I am trying a new run with a ramdisk right now. But it doesn't look much faster :-( The most time is spent in each aptitude call while doing > Reading package lists... Done > Building dependency tree > Reading state information... Done > Reading extended state information > Initializing package states... Done > Writing extended state information... Done before and after each run. I haven't timed it exactly, but it seems like 3 seconds for an aptitude call which actually doesn't download anything. And yes, this machine IS slow, it's a low-cost Pentium DualCore Box. I guess the main problem here is our packages list, it was created by manually installing a master system and taking the output from 'dpkg --get-selections'. This means every dependency package is included explicitly in the package list. So for the 1.500 packages which the system contains, fai-mirror now does 1.500 aptitude calls, most of them do not download anything because the package has already been downloaded as a dependency before. Perhaps you have an idea how to do this better than manually seeking through the list and try to find out the really needed packages? Thanks, Andreas
Re: Error in setup-storage in FAI 4.1
Am 20.06.2014 10:42, schrieb Thomas Neumann: > On Thursday 19 June 2014 13:14:47 Andreas Heinlein wrote: >> Before your patches, we always reached the wipefs bug (missing '/dev' in >> device name). Now, on the second run, we get: > Strange. I took your provided disk_config, configured a test and got this > result: I ran several tests again, but still have this problem. I found out it has nothing to do with preserving; we're using nearly the same disk_config for our networked clients, which mount /home via NFS instead (i.e. remove the vg1-home line and the preserve-lazy entry from my disk_config). These show the same error. > my software versions: > > # cat /etc/debian_version > 7.5 > > # uname -r > 3.2.0-4-amd64 > > # vgdisplay --version > LVM version: 2.02.95(2) (2012-03-06) > Library version: 1.02.74 (2012-03-06) > Driver version: 4.22.0 > > # dpkg -l fai-setup-storage | tail -n 1 > ii fai-setup-storage4.0.8~deb7u1 all > automatically prepare storage devices > Almost the same here. We're usually using kernel 3.12-0.bpo.1-486, but I installed 3.2.0-4-686-pae as well and got the same result. I wondered about the version of fai-setup-storage - didn't you say your patch was built against version 4.2? Anyway, I installed 4.0.8~deb7u1 and patched it and still got the same error. Were you using Linux::LVM with Roland's patch our your replacement? Bye, Andreas
fai-mirror and conflicting packages
Hello, does anyone know of a faster way to get conflicting packages in a partial mirror created with fai-mirror, than using MAXPACKAGES=1? I need to include both 'grub-pc' and 'grub-efi-amd64' in the mirror. Downloading everything with MAXPACKAGES=1 downloads ca. 1500 packages in one swoop in about 20 minutes, but leaves out grub-efi-amd64 because of the conflict. Downloading with MAXPACKAGES=1 should allow this, but takes ages (I stopped after 4 hours). Thanks, Andreas
Re: Error in setup-storage in FAI 4.1
Am 19.06.2014 23:17, schrieb Thomas Neumann: >> We (Kerim and I) are currently working on getting liblinux-lvm-perl >> patched upstream. If this does not work, we will prepare a new Debian >> version of this library. > > I strongly recommend to drop Linux::LVM completely, because the required > functionality is very easily reimplemented: > I appreciate the idea of dropping Linux::LVM, your approach appears easier to me. Has anyone ever thought about not parsing vgdisplay output at all and using liblvm instead? There seems to be little documentation about it, but it looks to me like the "clean" way to do this. Unfortunately, there seems to be no perl interface to it, so someone needed to write it. Bye, Andreas
Re: Error in setup-storage in FAI 4.1
Am 18.06.2014 16:59, schrieb Thomas Neumann: > Patch is attached, it was built against the 4.2 package. I haven't checked > what happens if you try anything funny. May need some additional adjustments > (e.g. for preserving volumes). Definitely needs some adjustments for preserving volumes. For me, that's the whole point of trying to get setup-storage to work with LVM - as long as I do not need to preserve anything, I can always do a 'dd if=/dev/zero of=/dev/sda bs=1M count=10' in a hook for task_partition. We're using a wheezy chroot here at the moment, with LVM 2.02.95-8, liblinux-lvm-perl 0.17-1 plus the patch from Roland Dieterich (won't work without it) and FAI 4.2 plus your patches. Before your patches, we always reached the wipefs bug (missing '/dev' in device name). Now, on the second run, we get: Preserved partition /dev/sda5 does not end at a cylinder boundary, parted may fail to restore the partition! /dev/sda5 will be preserved /dev/sda2 will be resized vg1/home will be preserved Cannot satisfy pre-depends for true: vgchange_a_n_VG_vg1,self_cleared_/dev/vg1//dev/vg1/home,self_cleared_/dev/vg1//dev/vg1/root,self_cleared_/dev/vg1//dev/vg1/swap,self_cleared_/dev/vg1//dev/vg1/tmp,self_cleared_/dev/vg1//dev/vg1/varlog -- system left untouched Error in task partition. Code: 710 Traceback: task_error task_partition task task_install task task_action task main Our disk_config: disk_config disk1 disklabel:msdos bootable:1 align-at:1 fstabkey:uuid primary /boot 250-300 ext4rw logical - 15000- - - disk_config lvm preserve_lazy:vg1-home vg vg1 disk1.5 vg1-root/ 8192-12000ext4 rw,errors=remount-ro vg1-swapswap 1024-2048 swap rw vg1-tmp /tmp 500-1024 ext4 rw,nosuid vg1-varlog /var/log 500-1024 ext4 rw vg1-home/home 1024- ext4 rw I can only guess from the error message that there is a '/dev/vg1/' prepended twice to the LV names. Maybe this is easy to fix, but I am not very familiar with perl. Bye, Andreas
Error in setup-storage in FAI 4.1
> >>>>>/ On Mon, 26 May 2014 11:00:29 +0200, Andreas Heinlein >>>>>gmx.com <https://lists.uni-koeln.de/mailman/listinfo/linux-fai>> said: > / > > Use liblinux-lvm-perl 0.17-1 (from the FAI repos, apparently with > > Thomas' patch removed again): > Can you please give more details about this. Which patch was removed? > Is it removed in the Debian version or in upstream? I would like to > include all changes in upstream. Maybe we have to contact them again. > >From the Debian changelog of liblinux-lvm-perl 0.17-1: liblinux-lvm-perl (0.17-1) unstable; urgency=low * Team upload. * Imported Upstream version 0.17 * Drop vgdisplay-output.patch patch * Bump Standards-Version to 3.9.5 -- Salvatore Bonaccorso Thu, 07 Nov 2013 19:26:41 +0100 liblinux-lvm-perl (0.16-2) unstable; urgency=low * Team upload [ Salvatore Bonaccorso ] * Change Vcs-Git to canonical URI (git://anonscm.debian.org) * Change search.cpan.org based URIs to metacpan.org based URIs [ Axel Beckert ] * debian/copyright: migrate pre-1.0 format to 1.0 using "cme fix dpkg- copyright" [ Damyan Ivanov ] * apply patch from Thomas Lange adapting to vgdisplay output change with Linux 3.x. Closes: #717684. * Standards-Version: 3.9.4 (no changes needed) -- Damyan Ivanov Wed, 16 Oct 2013 07:29:46 +0300 So, it obviously was removed in debian and not in upstream. Bye, Andreas
Re: Error in setup-storage in FAI 4.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, I'd like to ask again if there has been any progress with getting setup-storage to work with LVM again? Following my bug report (#740929) from March, there has been a response but so far I found no solution which works for me. To summarize again: we need to be able to run setup-storage on a previously installed machine with an existing LVM. We need to be able to keep a LV of this LVM so we cannot just wipe everything out beforehand. What I have tried so far: Use liblinux-lvm-perl 0.16-2 (which includes a patch from Thomas Lange): now setup-storage chokes on 'wipefs -a vg1/swap', which I think should have read 'wipefs -a /dev/vg1/swap'. Use liblinux-lvm-perl 0.17-1 (from the FAI repos, apparently with Thomas' patch removed again): gives the same 'Use of uninitialized value $lvn in hash element at /usr/share/perl5/LVM.pm line 300.' which I described before. Use liblinux-lvm-perl 0.17-1 with a patch from Roland Dieterich applied (https://rt.cpan.org/Public/Bug/Display.html?id=94991): Gives the wipefs bug again. There are a number of reports around these problems, each referencing one another, but I lost my way somewhere through this... Is there any real solution for this? Thanks, Andreas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlODAp8ACgkQThbQnGmVB2881AD+JyjI8vlQCHOF3sRCpDzKTNnc Qs0MP42dpyk0oxl7rOgA/3m+BKO1LWZLBoox3qVe/B4SZcJgr3/4Gcep1MvUZ1n6 =F0Xt -END PGP SIGNATURE-
Re: Error in setup-storage in FAI 4.1
Hello, yes, I am using liblinux-lvm-perl 0.17-1, which comes from the FAI repos. But I don't quite get the point of the bug report, it describes a different problem which apparently does not occur in Ubuntu precise (which is what I am installing, if that matters). ROOT_PARTITION ends up being set to ROOT_PARTITION=${ROOT_PARTITION:-/dev/vg1/root} Anyway, the reports says it is fixed in 4.0.8, so it should be fixed in 4.1, right? I agree that this also seems to be a parsing problem, from what I understand after looking at LVM.pm, the variable $lvn is supposed to contain a Logical Volume Name, which it apparently does not at the point where the error occurs. I tried with kernels 3.2.0-4-686-pae (from wheezy) and 3.12-0.bpo.1-486 (from wheezy-backports), made no difference. I tried again with liblinux-lvm-perl 0.16-1, which then gives a different error. It is Cannot satisfy pre-depends for true: vgchange_a_n_VG_vg1,pv_sigs_removed_vg1,self_cleared_root,self_cleared_swap,self_cleared_tmp,self_cleared_varlog -- system left untouched Would be glad to help here. Thanks, Andreas
Error in setup-storage in FAI 4.1
Hello, yesterday I finally started migrating from FAI 3.4.8 and a squeeze chroot to FAI 4.1 with a wheezy chroot (Server itself is still squeeze for several reasons). I could successfully perform an initial install of a test client (using a blank disk), but a second run (i.e. without 'initial' and with the previous partitions and data on disk) gave: ... Creating directory "/etc/lvm/backup" Creating volume group backup "/etc/lvm/backup/vg1" (seqno 5). Use of uninitialized value $lvn in hash element at /usr/share/perl5/LVM.pm line 300. Exiting subroutine via next at /usr/share/perl5/Linux/LVM.pm line 301. Exiting subroutine via next at /usr/share/perl5/Linux/LVM.pm line 301. Exiting subroutine via next at /usr/share/perl5/Linux/LVM.pm line 301. Label not found for "next LVINF" at /usr/share/perl5/Linux/LVM.pm line 301 Error in task partition. Code: 710 Traceback: task_error task_partition task task_install task task_action task main ... The disk_config used is: disk_config disk1 disklabel:msdos bootable:1 align-at:1 fstabkey:uuid primary /boot 300 ext4rw logical - 1024- - - disk_config lvm vg vg1 disk1.5 vg1-root / 8192-12000 ext4 rw,errors=remount-ro vg1-swap swap 1024-2048 swap rw vg1-tmp /tmp 500-1024ext4 rw,nosuid vg1-varlog /var/log 500-1024 ext4 rw Any ideas? Thanks, Andreas
Problem with fai-mirror and Ubuntu 12.04
Hello, I am trying to build a FAI CD using fai-cd, which has previously worked with Ubuntu 10.04 just fine. Now I'm trying the same using Ubuntu 12.04, and I came across two problems: 1.) There is a bug in apt-move which causes it to break with /usr/bin/apt-move: 1230: /usr/bin/apt-move: cannot open /tmp/MOVE_kWk6SA/make_pkg_files-fifo2: Interrupted system call" The bug is documented as Debian bug #639770, but currently unresolved. I decided to build the CD on Ubuntu 10.04 instead. 2.) Using Ubuntu 10.04, creating the local repo for Ubuntu 12.04 clients with apt-move works, but fai-mirror fails in the next step with: /usr/bin/fai-mirror: line 312: $pfile: ambiguous redirect /usr/bin/fai-mirror: line 313: $pfilegz: ambiguous redirect I found out this is because there are multiple 'Package' files under $mirrordir/dists, namely $mirrordir/dists/precise/binary-i386/main/Packages, $mirrordir/dists/precise/binary-i386/universe/Packages and $mirrordir/dists/precise/binary-i386/non-free/Packages. The latter two contain only one package each, sword-language-pack-en in universe and w32-codecs (from the medibuntu repository) in non-free. I guess this is because these packages contain hard-coded Sections 'universe/text' resp. 'non-free/graphics' in their control file. How could this be solved? I could probably ditch sword-language-pack-en, but I definitely need w32codecs. I am (still) using FAI 3.4.8 and waiting for the docs to get updated to FAI 4... Thanks, Andreas
fcopy: Copy newer files only
Hello, is there any way to make fcopy compare files only based on metadata (namely mtime)? The reason is we are using fcopy to copy several huge files (VirtualBox Disk Images) in softupdate mode, which of course takes ages every time a softupdate is run, even though the file has not changed. I read about the -P option in the manpage but don't understand how it works. Could someone give me an explanation? Thanks, Andreas
Re: FAI and OPSI ?
Am 07.02.2012 20:53, schrieb Sven Schumacher: Hello, Anyone out there having experience with integrating FAI within OPSI (www.opsi.org)? Any suggestions for that? I already have a running opsi-environment but want to get Dual-Boot Systems. So FAI shouldn't touch the Windows boot partition only shrink the 2nd partition when I Boot via pxe the fai-installation - but I would like to be able to install via FAI Linux-only systems,too. What would you suggest? Will it be possible to append a bootoption to the kernel of fai install to change the class from DUALBOOT to SINGLEBOOT ? or is there a better way to do that? Thanks for any tipps Sven We are using FAI to install dualboot machines, even though we're not using OPSI but Unattended to install windows on them. But for the FAI part, this doesn't matter. We do just like you suggested, append a class named "DUALBOOT" to these machines, which will then use a different disk layout and preserve the first primary partition. We are using fixed class assignments to hostnames (vi $FAI_CONFIG_SRC/class/50-host-classes) instead of kernel boot options. If you want to detect an existing windows installation and create classes automatically, you can take a look at os-prober. os-prober (at least in Debian/Ubuntu) also automatically takes care of creating the necessary GRUB entry on the machines to boot windows, if present. We do not shrink partitions, however, so I cannot help you with that. Since we're not storing any user data on local disks, todays disk sizes are way bigger than we need, so we just install each OS on a 40-80GB partition and leave the rest empty for future use. Bye, Andreas
Re: FAI-CD to usb stick from Windows
Am 18.12.2011 14:16, schrieb david touzeau: Dear I there a procedure/way from Microsoft Windows user to transform a ISO generated by fai-cd to an usb stick without using linux ? Not sure which bootloader fai-cd uses. If it's Syslinux/Isolinux, you should be able to convert the ISO to a hybrid image. There's a version of isohybrid for windows linked here: http://chakra-project.org/bbs/viewtopic.php?pid=16306#p16306 If it's GRUB, however, I'm pretty lost. There is grub4dos, it should be possible to write the ISO to a thumb drive (or copy the ISOs contents) and get grub to boot that, but I don't know how. Bye, Andreas
Re: Package alternatives?
Am 25.05.2011 09:10, schrieb Henning Sprang: > > Hi, > if you build the B packages yourself, let them provide the name of A. > I didnt do packaging a while but it is possible that package a provides b. > > Not sure how to achieve the right priority, though. > Maybe let the new repository have higher priority in apt pinning? > > Like I wrote, this also will not work. Any "Provides:" or "Replaces:" field will help satisfying dependencies, but it will not make apt(itude) install your package instead of A automatically - not even with Priority >1000 in apt-pinning AFAIK. Debian achieves this using transitional dummy packages, and I am pretty sure there is no other way (apart from doing things manually in a script, of course). Andreas
Re: Package alternatives?
Am 25.05.2011 09:02, schrieb Steffen Grunewald: > We're in the process of replacing some packages ("A") by specially built > ones ("B"), which will be named slightly differently, to avoid confusion. > For FAI this means that we want to > "install package B if it already exists, otherwise use A". > How can this be achieved? > > Cheers, > Steffen > We do that by using a repository of our own. To make sure packages from your own repository are preferred over "official" ones from other repos, you can use apt-pinning. Using different names makes things more difficult, however, since your packages would not replace the official ones automatically, not even when using a "Replaces:" field in the custom package. You would have to create at least empty transitional packages in the repo to make aptitude install your custom packages instead. We chose to keep the names, also to avoid breaking any dependencies, and give a meaningful version number instead (i.e. offical package "1.4-1", our package "1.4-1.special1"). Andreas
Re: Weird fai-mirror problems
Am 13.05.2011 01:34, schrieb Michael Tautschnig: > Hi Andreas, > > Not that I could help too much with fai-mirror, but ... > > [...] >> result. Only deleting aptcache and .apt-move as well and recreating the >> mirror from scratch helped. >> > [...] > > does this actually mean that (1) you updated an existing mirror and (2) the > problem did not occur again? If so, was there maybe some problem in the > initial > build of the mirror, while not necessarily so in the second run? No, the other way round. Create a mirror from scratch - works. Try to update it - does not work anymore. Tried several times, with different classes and from different "masters", same result every time. > Well, and AFAIK > there is no support for updating an existing mirror. There's only a feature > request for that one: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=61766 Sad to hear that. I'll be re-creating the mirror from scratch every time now. Thanks for your help. Andreas
Weird fai-mirror problems
Hello, I have problems with fai-mirror not generating a correct "Packages" file. I noticed that e.g. ubuntu-restricted-extras was not installed on the target machines because they could not find a package by that name. A look into the directory created by fai-mirror showed that .../pool/u/ubuntu-restricted-extras_...deb existed, but there was no entry in .../dists/lucid/main/binary-i386/Packages. I deleted pool and dists from the mirror directory and ran fai-mirror again, with the same result. Only deleting aptcache and .apt-move as well and recreating the mirror from scratch helped. I also noticed that before, there were also directories .../dists/lucid/universe/binary-i386 and .../dists/lucid/non-free/binary-i386; they did not exist anymore when the mirror was rebuilt correctly. Any ideas where to look? Thanks, Andreas
Updating /var/log/fai/localhost
Hello, we are using FAI for installation as well as for softupdates. Sometimes, we need to change hostnames after installation. I noticed that, after changing hostnames and running a softupdate, /var/log/fai/localhost still points to /var/log/fai/old-hostname. We need /var/log/fai/localhost/last-softupdate to work for various scripts, so I'd like to find a way to change it. I found a line in /usr/lib/fai/fai-savelog: ln -snf $HOSTNAME $logbase/localhost but that does not do the trick. Any ideas? BTW: The scripts I am working on will run a softupdate on shutdown when triggered on the server. Will post it when done, if you're interested.
Re: fai softupdate and cron
Am 01.12.2010 15:09, schrieb Michael Tautschnig: >> Hi, >> >> I want after installation the clients have 'fai -N softupdtate' in their >> cron entry. What to do? >> > Use fcopy to copy a crontab file or edit the crontab file in one of your > scripts. That said, I'm not sure whether doing unsupervised updates is > generally > a good idea. I once had broken DNS server packages hose my entire system via > updates of all DNS servers running in parallel. Sure, untested updates is a > no-go in critical systems anyway. > > Best regards, > Michael > You might consider using some kind of "release lock" like wo do. We are using NFS mounts for /home, and I have created a little init script which will run on shutdown (Runlevel 0) and check if /home/fai-update-timestamp is newer than the folder which /var/log/fai/localhost/last-softupdate points to, and run a softupdate only if it is. This way, I can test updates and "release" them to the clients by "touch /home/fai-update-timestamp" on the server. I can post the init script if you like. Bye, Andreas
Re: gpg errors
Am 10.11.2010 09:59, schrieb Thomas Lange: >>>>>> On Wed, 10 Nov 2010 09:47:00 +0100, Andreas Heinlein >>>>>> said: >>>>>> > > installed any kernels in the nfsroot. It just means the script tries to > > copy kernels from the nfsroot to your tftp-dir and cannot find one. > > Actually, even that is no real failure, as you could as well provide the > > kernel and initrd by some other means. > Sure, this _is_ a real failure. If you have no kernel inside the > nfsroot, also won't have the kernel modules inside the nfsroot. Thus, > even if you boot a kernel it cannot load its modules and will likely > fail to continue with the installation. > > Oh, yes, I forgot about the modules... Thanks!
Re: gpg errors
Am 10.11.2010 11:15, schrieb Martin Konrad: > Hi, > >>> It seems the keys are not available if I chroot to the NFSROOT. >>> >> Correct. These keys need to be in $NFSROOT/etc/apt/trusted.gpg >> > Are they added automatically to this file? > > chroot $NFSROOT apt-key list > > does not report any keys of third party repositories. Do I need to use a hook > to add those keys to the NFSROOT? > > Martin > > Well, since I do not add new repositories very often, and use the same ones from my server and the to-be-installed-clients, I just do 'cp /etc/apt/trusted.gpg /srv/fai/nfsroot/live/filesystem.dir/etc/apt/' on the server whenever I add a new repository and its key. Andreas
Re: gpg errors
Am 09.11.2010 21:45, schrieb Martin Konrad: > It seems the keys are not available if I chroot to the NFSROOT. Correct. These keys need to be in $NFSROOT/etc/apt/trusted.gpg > Maybe that's > why the script failes? > Like Thomas said, no? From what you wrote, it looks like yo haven't installed any kernels in the nfsroot. It just means the script tries to copy kernels from the nfsroot to your tftp-dir and cannot find one. Actually, even that is no real failure, as you could as well provide the kernel and initrd by some other means. Bye, Andreas
Re: task_updatebase and force-confold
Am 29.10.2010 12:55, schrieb Michael Tautschnig: >> Am 26.10.2010 14:39, schrieb Michael Tautschnig: >> Hello, thanks for the advice. I did both manually, i.e. edit ucf.conf and create /etc/apt/apt.conf.d/90fai with DPkg-Options "--force-confdef" and "--force-confold", then ran "fai -v -N softupdate". I verified the DPKG configuration with apt-config. fai-client still asks this question and softupdate stops. Do you know of any further places where to look? >>> [...] >>> >>> Ok, thanks a lot for checking; could you post a relevant excerpt of your >>> logs? >>> Might make things a bit more precise... >>> >>> Thanks a lot, >>> Michael >>> >>> >>> >> Hello, >> >> I have attached fai.log and variables.log. >> DEBIAN_FRONTEND=noninteractive ist set. >> >> > Well, I still think that the ucf configuration is not appropriate. Could you > try > > export UCF_FORCE_CONFFOLD=1 > > in one of your class/*.var files being appropriate for this client? > > Thanks a lot, > Michael > > That seemed to work, at least on the test machine. Should work elsewhere, too; I will post if not. Thank you very much, Andreas
Re: task_updatebase and force-confold
Hello, thanks for the advice. I did both manually, i.e. edit ucf.conf and create /etc/apt/apt.conf.d/90fai with DPkg-Options "--force-confdef" and "--force-confold", then ran "fai -v -N softupdate". I verified the DPKG configuration with apt-config. fai-client still asks this question and softupdate stops. Do you know of any further places where to look? Thanks, Andreas Am 25.10.2010 16:36, schrieb Michael Tautschnig: >> Hello, >> >> can someone tell me how aptitude is called in task_updatebase? I cannot >> find it in the logs. I have the feeling it is *not* called with >> "--force-confdef --force-confold", like during task_instsoft? The reason >> I'm asking is that I was trying to update a machine with softupdate, >> which was running fai-client 3.3.5. During task_updatebase, aptitude >> asks whether to keep the old config or install the new one, and >> softupdate stops there. >> >> This is bad, since we are usually running softupdates unattended during >> shutdown. What would be the quickest fix for this? >> >> > Could you please take a look at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=313397 > and see whether this helps to solve your problem? It does for me, at least. > But > apparently I failed to convince other people that this is fix is necessary. > > Thanks a lot, > Michael > >
task_updatebase and force-confold
Hello, can someone tell me how aptitude is called in task_updatebase? I cannot find it in the logs. I have the feeling it is *not* called with "--force-confdef --force-confold", like during task_instsoft? The reason I'm asking is that I was trying to update a machine with softupdate, which was running fai-client 3.3.5. During task_updatebase, aptitude asks whether to keep the old config or install the new one, and softupdate stops there. This is bad, since we are usually running softupdates unattended during shutdown. What would be the quickest fix for this? Thanks, Andreas
Recursive fcopy and permissions
Hello, short question: fcopy -Bir -m root,root,0777 only applies the permissions to files, but not to directories, right? I agree this makes sense because "fcopy -Bir -m root,root,0666" would make the directories unusable if it did. But this should be documented more clearly in the man page, even better there could be a switch for directory permissions, too. Bye, Andreas
Re: FAI 3.4.4
Am 18.10.2010 12:40, schrieb Thomas Lange: > I just pushed FAI 3.4.4 into the squeeze repository at fai-project.org. > > Add this line to your sources.list files: > > deb http://fai-project.org/download squeeze koeln > > Could you tell me why the squeeze repository does not contain any linux-image-...-grml anymore, like the lenny repository did? Official squeeze kernel will stay 2.6.32, AFAIK, so I manually downloaded and installed linux-image-2.6.35-grml from deb.grml.org and installed it into the NFSROOT, and finally got one of our new machines to boot. Would be nice if you could include that again. Bye, Andreas
Re: setup-storage and encrypted LVM
Am 18.06.2010 11:58, schrieb Michael Tautschnig: >> Hello, >> >> I'd like to (almost) fully encrypt a system using LUKS and LVM. That is, >> one small unencrypted /boot and a large partition, which is encrypted >> with luks, which in turn is the physical volume for the LVM containg >> several LVs. My disk config looks like this: >> >> disk_config disk1 disklabel_msdos bootable:1 >> primary /boot 300 ext3 - >> logical - 1024- - - >> >> disk_config cryptsetup >> luks - /dev/sda5 - - >> >> disk_config lvm >> vg vg1 *missing* >> vg1-root / 10240 ext4 rw,errors=remount-ro >> vg1-swap swap 2048 swap defaults >> vg1-tmp /tmp 1024 ext3 defaults >> vg1-home /home 1024- ext4 defaults >> >> What am I supposed to put as *missing*? In other words, how do I >> reference the encrypted LUKS partition? >> >> > The way this is *supposed* to work, if I remember it correctly, is that you > just > use /dev/sda5 and setup-storage will take care of the renaming thing > internally. > Now there may be points where I this is not done properly, so please expect > bugs; if you do come across such issues it would be great if you could let me > know and send along a debug log. > > Thanks a lot, > Michael > > Hello, after quite some time I have to come back to this again. Indeed this seems to work halfway through, but not quite right yet. I have attached fai.log up to the point where it fails. Apparently setup-storage is creating an unencrypted LVM and filesystems on it first and then creates the crypt'ed volume; instead of the other way round. Can you have a look at this? Thanks, Andreas fai.log.gz Description: GNU Zip compressed data
Re: setup-storage and preserving partitions
Am 16.06.2010 10:23, schrieb Thomas Lange: >>>>>> On Wed, 16 Jun 2010 09:39:23 +0200, Andreas Heinlein >>>>>> said: >>>>>> > > disk_config disk1 disklabel:msdos bootable:1 preserve_reinstall:7 > > primary10240/ext4rw,errors=remount-ro > > logical2048swapswap- > > logical1024/tmpext3defaults > > logical1024-/media/datenext4acl > > > Preserving works when installing without "initial", but when installing > > a new machine with "initial" Flag given, setup-storage still complains > > that /dev/sda7 cannot be preserved because it does not exist, instead of > > creating it. > Please give us some parts of the log files. Without log files, > debugging is very difficult. > > Hello, I think I found the problem - I tried to redefine FAI_FLAGS using a hook, and append "initial" if no partition sda7 with ext4 filesystem can be found. That way I would not have to deal with changing boot setup for new clients, and I would really like to keep it that way Appending to FAI_FLAGS seems to work, I get echo $FAI_FLAGS verbose sshd createvt reboot initial on the console after setup-storage dies, but variables.log says FAI_FLAGS='verbose sshd createvt reboot' If I append "initial" to FAI_FLAGS on the boot command line, everything works and variables.log says FAI_FLAGS='verbose sshd createvt reboot initial' The hook I am using is called partition.MYCLASS.source. I am appending a log of a run where it did not work. Thanks, Andreas install-20100616_114813.tar.bz2 Description: application/bzip
Re: setup-storage and preserving partitions
Am 16.06.2010 10:23, schrieb Thomas Lange: >>>>>> >>>>>> On Wed, 16 Jun 2010 09:39:23 +0200, Andreas Heinlein >>>>>> >>>>>> said: >>>>>> >>>>>> >>>>>> > > > disk_config disk1 disklabel:msdos bootable:1 preserve_reinstall:7 > > > primary10240/ext4rw,errors=remount-ro > > > logical2048swapswap- > > > logical1024/tmpext3defaults > > > logical1024-/media/datenext4acl > > > > > Preserving works when installing without "initial", but when > > installing > > > a new machine with "initial" Flag given, setup-storage still complains > > > that /dev/sda7 cannot be preserved because it does not exist, instead > > of > > > creating it. > > Please give us some parts of the log files. Without log files, > > debugging is very difficult. > > > > > Hello, I think I found the problem - I tried to redefine FAI_FLAGS using a hook, and append "initial" if no partition sda7 with ext4 filesystem can be found. That way I would not have to deal with changing boot setup for new clients, and I would really like to keep it that way Appending to FAI_FLAGS seems to work, I get echo $FAI_FLAGS verbose sshd createvt reboot initial on the console after setup-storage dies, but variables.log says FAI_FLAGS='verbose sshd createvt reboot' If I append "initial" to FAI_FLAGS on the boot command line, everything works and variables.log says FAI_FLAGS='verbose sshd createvt reboot initial' The hook I am using is called partition.MYCLASS.source. I am appending a log of a run where it did not work. Thanks, Andreas install-20100616_114813.tar.bz2 Description: application/bzip
setup-storage and preserving partitions
Hello, I am still having problems understanding preserving partitions with setup-storage. I'd like to preserve a partition upon reinstall, and create it during initial install. Disk config looks like this: disk_config disk1 disklabel:msdos bootable:1 preserve_reinstall:7 primary10240/ext4rw,errors=remount-ro logical2048swapswap- logical1024/tmpext3defaults logical1024-/media/datenext4acl Preserving works when installing without "initial", but when installing a new machine with "initial" Flag given, setup-storage still complains that /dev/sda7 cannot be preserved because it does not exist, instead of creating it. Thanks, Andreas
setup-storage and encrypted LVM
Hello, I'd like to (almost) fully encrypt a system using LUKS and LVM. That is, one small unencrypted /boot and a large partition, which is encrypted with luks, which in turn is the physical volume for the LVM containg several LVs. My disk config looks like this: disk_config disk1 disklabel_msdos bootable:1 primary /boot 300 ext3 - logical - 1024- - - disk_config cryptsetup luks - /dev/sda5 - - disk_config lvm vg vg1 *missing* vg1-root / 10240 ext4 rw,errors=remount-ro vg1-swap swap 2048 swap defaults vg1-tmp /tmp 1024 ext3 defaults vg1-home /home 1024- ext4 defaults What am I supposed to put as *missing*? In other words, how do I reference the encrypted LUKS partition? Thanks, Andreas
German locale in NFSROOT
Hello, I need a german locale environment in the NFSROOT, I think. I have some scripts which set gconf values on the clients using $ROOTCMD gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.defaults.xml /foo/bar... Some of the values are strings containing german umlauts. This works fine under the running system, but fails when FAI runs the script during installation ("Invalid byte sequence in conversion input"). So I guess I need the german locale within the NFSROOT. How do I do this? Thanks, Andreas
Re: setup-storage + grub2
Am 16.04.2010 11:00, schrieb Mathieu Alorent: > Le jeudi 15 avril 2010 à 15:42 +0200, Michael Tautschnig a écrit : > > Use of uninitialized value $fs in substitution (s///) > >> at /usr/share/fai/setup-storage//Volumes.pm line 257. >> >> Could you please retry using version 3.4~beta1+experimental8? I hope >> to have >> fixed those issues. >> > Errors have disappeared with 3.4~beta1+experimental8 ! :) > > Thanks for your work ! > > Hello, just wanted to throw in that I started migrating our FAI-install of karmic to lucid yesterday, and I first installed a test machine with grub1, which we kept with karmic. Then I manually installed grub2 afterwards and had no problems. fdisk says the first partition starts at sector 63. We are using FAI 3.3.5 and a lenny nfsroot. Bye, Andreas
Installing a Samba Domain Member
Hello, I need to set up some clients using FAI which will become members of a Samba controlled Windows Domain. I have managed to do it, following "Samba by example", but there are two questions remaining how to do it with FAI: 1. After installation, I need to run "%ROOTCMD net rpc join -U root%rootpassword" and "%ROOTCMD smbpasswd -W ldap-admin-password". This works, but currently the passwords are in cleartext within the scripts. Since the FAI configspace is on NFS, with root squashing enabled, I cannot chmod these scripts 0700, since "root" on the client will read the scripts as "nobody". What would be the best way to pass these passwords? 2. I also need to run "wbinfo --set-auth-user=root%rootpassword" on the client. Apart from above problem, wbinfo expects a running winbindd running on the "real" system, i.e. not from the live NFS root. I currently run this manually after installation. How could I do this using FAI? Thanks, Andreas
Re: setup-storage does not create crypttab
Michael Tautschnig schrieb: >> Michael Tautschnig schrieb: >> I have defined encrypted swap and tmp like this disk_config lvm vg vg1 disk1.6 vg1-swap swap:encrypt2048swapsw vg1-tmp/tmp:encrypt1024ext2rw ... This works during setup, two device-mapper devices crypt_dev_vg1_tmp and crypt_dev_vg1_swap are created and written to fstab, but no crypttab is generated. I am doing this now with a script, but from taking a look at setup-storage source it looks like it shoud create a correct crypttab, right? >>> Indeed it should, yes :-) Hmm, are you using the experimental FAI version or >>> 3.2.20 or something? Looking at my experimental patch named >>> setup-storage_full-crypto-support the comment induces that it might not >>> work on >>> LVM devices without this patch :-) That means: >>> >>> - Are you using the experimental builds or the stable release? >>> - Would you be willing to test the experimental version in this case? >>> - If so, I'd happily merge that patch into mainline as I just left it in the >>> experimental branch because it had not seen sufficient testing. >>> >>> Thanks a lot, >>> Michael >>> >>> >> I am using the stable packages (3.2.20) from the lenny repository. I >> would give the experimental version a try. >> > pi> > > You can download/install them by adding the experimental/koeln repository as > described on the wiki page: > > http://faiwiki.debian.net/index.php/Main_Page#getting_FAI > > Best, > Michael > I tried today with 3.2.23beta4, and it did not work :-( What I see is a crypttab which is in /tmp/fai/crypttab during install and later saved to the log folder, but this one does not get copied to the target. Moreover, this crypttab refers to a keyfile in /tmp, like this: crypt_dev_vg1_tmp /dev/mapper/vg1-tmp /tmp/fai/crypt_dev_vg1_tmp luks But what I want is crypt_dev_vg1_tmp /dev/mapper/vg1-tmp /dev/urandom tmp That's what setup-storage is supposed to do, right? (At least if using the :randinit option) Additionally, I forgot to mention in my first post that I need to load the device mapper modules including dm_crypt manually using a partition.DEFAULT hook. Without that, no LVM (even without encryption) will work, complaining about lack of device-mapper support. Bye, Andreas
Re: setup-storage does not create crypttab
Michael Tautschnig schrieb: >> I have defined encrypted swap and tmp like this >> >> disk_config lvm >> vg vg1 disk1.6 >> vg1-swap swap:encrypt2048swapsw >> vg1-tmp /tmp:encrypt1024ext2rw >> ... >> >> This works during setup, two device-mapper devices crypt_dev_vg1_tmp and >> crypt_dev_vg1_swap are created and written to fstab, but no crypttab is >> generated. I am doing this now with a script, but from taking a look at >> setup-storage source it looks like it shoud create a correct crypttab, right? >> >> > > Indeed it should, yes :-) Hmm, are you using the experimental FAI version or > 3.2.20 or something? Looking at my experimental patch named > setup-storage_full-crypto-support the comment induces that it might not work > on > LVM devices without this patch :-) That means: > > - Are you using the experimental builds or the stable release? > - Would you be willing to test the experimental version in this case? > - If so, I'd happily merge that patch into mainline as I just left it in the > experimental branch because it had not seen sufficient testing. > > Thanks a lot, > Michael > I am using the stable packages (3.2.20) from the lenny repository. I would give the experimental version a try. Bye, Andreas
setup-storage does not create crypttab
I have defined encrypted swap and tmp like this disk_config lvm vg vg1 disk1.6 vg1-swapswap:encrypt2048swapsw vg1-tmp /tmp:encrypt1024ext2rw ... This works during setup, two device-mapper devices crypt_dev_vg1_tmp and crypt_dev_vg1_swap are created and written to fstab, but no crypttab is generated. I am doing this now with a script, but from taking a look at setup-storage source it looks like it shoud create a correct crypttab, right? Andreas
Re: setup-storage: ext4
Andreas Heinlein schrieb: > Hello, > > another question regarding setup-storage: apparently it does not (yet) > work with ext4. I tried to create a ext4 partition, but the > corresponding "parted mkpart ext4" exits with 1. Looks like parted > cannot deal with "ext4" as filesystem type. As I understand, it should > as well be possible to just call parted with ext3 as filesystem type and > still run mkfs.ext4 later on. This would need a patch for setup-storage, > though. > > Is there a way around this using hooks? > > Bye, > Andreas > Forget about this one, I updated the nfsroot and installed kernel 2.6.30-1-486 from lenny-backports and it works now. Andreas
setup-storage: ext4
Hello, another question regarding setup-storage: apparently it does not (yet) work with ext4. I tried to create a ext4 partition, but the corresponding "parted mkpart ext4" exits with 1. Looks like parted cannot deal with "ext4" as filesystem type. As I understand, it should as well be possible to just call parted with ext3 as filesystem type and still run mkfs.ext4 later on. This would need a patch for setup-storage, though. Is there a way around this using hooks? Bye, Andreas
Re: setup-storage: resizing ntfs
Michael Tautschnig schrieb: >> Hello, >> >> I have a question about resizing with setup-storage in general and >> specifically regarding ntfs. We currently have Windows-only machines >> with 12GB sda1 (primary, C:, NTFS) and the rest sda2 (primary, D:, >> NTFS). We'd like to keep sda1 as it is and, if possible, resize sda2 to >> make room for a new sda3 which will contain the FAI/Linux installation. >> >> I currently have: >> disk_config disk1 preserve_always:1,2 disklabel:msdos bootable:1 >> primary - 0 - - >> primary /windows 10240-81920:resize ntfs - >> primary / 20480 ext3 rw >> >> I tried experimenting with resize in the disk_config line and/or the >> partition; I have installed ntfsprogs into the nfsroot, but I cannot get >> it to work. Specifically, setup-storage tells it is retaining sda1, but >> then always tells me the disk is too small. Is this at all possible? >> >> > > You must remove 2 from preserve_always and replace "ntfs" with - in your > /windows line, then it should work. > > Best, > Michael > > PS.: NTFS may cause several other problems as well - you've got a backup, > don't > you? I am using a test machine, no data to lose ;-) Your solution works, but only with fixed sizes. The next step would be to have a variable size. What I want is to shrink the existing sda2 just enough to make room for the (fixed size) root partition (+swap, I forgot in the above listing). Unfortunately, this primary /windows 10240-81920:resize ntfs - does not work, setup-storage complains about "not enough space" when using this on a 60GB hard drive. It tells me it requires something like (sda1 + 81920 + 20480). Looks like it is trying to always use the maximum size. Omitting the upper limit does not work, either. Only this works: primary /windows 10240:resize ntfs - If this is a limitation of setup storage, would there be a way using a hook? Thanks, Andreas
setup-storage: resizing ntfs
Hello, I have a question about resizing with setup-storage in general and specifically regarding ntfs. We currently have Windows-only machines with 12GB sda1 (primary, C:, NTFS) and the rest sda2 (primary, D:, NTFS). We'd like to keep sda1 as it is and, if possible, resize sda2 to make room for a new sda3 which will contain the FAI/Linux installation. I currently have: disk_config disk1 preserve_always:1,2 disklabel:msdos bootable:1 primary - 0 - - primary /windows 10240-81920:resize ntfs - primary / 20480 ext3 rw I tried experimenting with resize in the disk_config line and/or the partition; I have installed ntfsprogs into the nfsroot, but I cannot get it to work. Specifically, setup-storage tells it is retaining sda1, but then always tells me the disk is too small. Is this at all possible? Thanks, Andreas
Purging unlisted packages
Hello, I have a question regarding "take-over" of clients not initially installed with FAI. Is it possible to purge any packages *not* listed in package_config during softupdate? I have read that one should not just remove a package from the list that was previously installed, but instead prepend it with a '-' sign. But what if you do not know exactly which packages were previously installed and want to just remove any installed but unlisted package? Thank you, Andreas