FAI Ubuntu
Inhaltsverzeichnis
Installatio
FAI Komponenten
- Fai Pakete instalieren
aptitude install fai-quickstart
- NFS Export freigeabe eintragen
vi /etc/exports /srv/fai/config 172.27.0.0/16(async,ro,no_subtree_check,no_root_squash)
- make-fai-nfsroot.conf anpassen
vi /etc/fai/make-fai-nfsroot.conf NFSROOT=/srv/fai/nfsroot TFTPROOT=/srv/tftp/fai FAI_CONFIGDIR=/srv/fai/config FAI_DEBOOTSTRAP="trusty http://gb.archive.ubuntu.com/ubuntu" FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' FAI_DEBOOTSTRAP_OPTS="--exclude=info,dhcp-client --include=aptitude,grub-pc"
- Fai sources.list anpassen
vi /etc/fai/apt/sources.list deb http://archive.ubuntu.com/ubuntu trusty main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu trusty-security main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse
- Zu installierenden Kernel eintragen
vi /srv/fai/config/package_config/DEFAULT PACKAGES aptitude linux-image-generic memtest86+
Server Dienste
TFTP anpassen
vi /etc/default/tftpd-hpa TFTP_USERNAME="tftp" TFTP_DIRECTORY="/srv/tftp" # IPv6 deaktivieren und IPv4 eintragen # #TFTP_ADDRESS="[::]:69" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure"
DHCP anpassen
vi /etc/dhcp/dhcpd.conf deny unknown-clients; option dhcp-max-message-size 2048; use-host-decl-names on; subnet 172.27.0.0 netmask 255.255.0.0 { # Network Settings option routers 172.27.0.254; option domain-name "blb-intranet.de"; option domain-name-servers 172.27.100.20; #option time-servers faiserver; #option ntp-servers faiserver; server-name fai-ubuntu; # PXE boot Server next-server 172.27.1.10; filename "pxelinux.0"; } host demohost {hardware ethernet b8:ca:3a:be:17:74;fixed-address 172.27.11.251;}
approx Paketproxy
- Doku
- Installtion
aptitude install approx
- Konfiguration (Zeile hinzufügen)
vi /etc/approx/approx.conf ubuntu http://de.archive.ubuntu.com/ubuntu ubuntu-security http://security.ubuntu.com/ubuntu * Client konfigurieren vi /etc/apt/sources.list deb http://172.27.1.10:9999/ubuntu trusty main universe restricted multiverse deb-src http://localhost:9999/ubuntu trusty main universe restricted multiverse deb http://172.27.1.10:9999/ubuntu trusty-security universe main multiverse restricted deb http://172.27.1.10:9999/ubuntu trusty-updates universe main multiverse restricted
Allgemeine Anpassungen
Optionale Änderungen kennzeichne ich mit -OPTIONAL-
Disk Config
Bevor man die Installation mit dem Client Demohost testet, sollte man ein Blick in die disk_config von FAIBASE schauen. Ich hatte nur deshalb Fehler, weil hier die Festplattengröße zu klein war.
# Beispiel Config für FAIBASE disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid primary / 5000-50000 ext3 rw,noatime,errors=remount-ro logical swap 2000-4000 swap rw logical /var 6000-13000 ext3 rw,noatime createopts="-L var -m 5" tuneopts="-c 0 -i 0"
Grub -optional-
In der Datei /etc/default/grub habe ich folgende Anpassungen vorgenommen:
- Anzeige beim Booten einschalten
# GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" GRUB_CMDLINE_LINUX_DEFAULT="splash"
update-grub
Grub wird nicht in base.tgz installiert
- Lösung
vi make-fai-nfsroot.conf FAI_DEBOOTSTRAP_OPTS="--exclude=info,dhcp-client --include=aptitude,grub-pc"
Faimond -optional-
Sollte der Client keine Daten an den Faimomd übertragen, sollte die Auflösung des Hostname auf dem Client überprüft werden. Wenn nötig eine DNS Eintrag oder einen Eintrag in die /etc/hosts des Client vornehmen
Die Client Logs werden nicht auf dem FAI-Server gespeichert
- vipw und User FAI eine Shell zuweiden
- Fai User Passwort vergeben
passwd fai
- Dateirechte setzen
chown fai.nogroup -R /var/log/fai
- Die Keys erzeugen und in die nfsroot unter /root/.ssh/ speichern.
su - fai ssh-keygen -t dsa ssh-keygen -t rsa exit
- Danach die beiden Keys in die /var/log/fai/.ssh/authorized_keys kopieren
cd /var/log/fai/.ssh/ cp id_dsa.pub id_rsa.pub /srv/fai/nfsroot/live/filesystem.dir/root/.ssh/ cat /var/log/fai/.ssh/id_rsa.pub >> /var/log/fai/.ssh/authorized_keys cat /var/log/fai/.ssh/id_dsa.pub >> /var/log/fai/.ssh/authorized_keys
- Nun noch den Key des Servers in die /srv/fai/nfsroot/live/filesystem.dir/root/.ssh/known_hosts eintragen
Diesen Key habe ich erzeugt, in dem ich mich vom FAI-Server auf den Fai-Server als Root per ssh eingelogt habe.
Danach steht der Key in der /root/.ssh/known_host und kann in die known_host im NFSROOT/root/.ssh/known_host kopiert werden
ssh fai-ubuntu cat /root/.ssh/known_hosts >> /srv/fai/nfsroot/live/filesystem.dir/root/.ssh/known_hosts
Nun sollte der Passswortfrei Zugang, für Clients die gerade installiert werden, frei sein.
FAI-Server - SSH Zugang zu CLients
Passwortfreier Zugang zu den Clients, wenn sie instaliert werden
cat /root/.ssh/id_dsa.pub >> /srv/fai/nfsroot/live/filesystem.dir/root/.ssh/authorized_keys cat /root/.ssh/id_rsa.pub >> /srv/fai/nfsroot/live/filesystem.dir/root/.ssh/authorized_keys
Client Anpassungen
Deutsche Tastatur in der Console
- vi /srv/fai/config/debconf/GERMAN
locales locales/default_environment_locale select de_DE.UTF-8 locales locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8 xserver-xorg xserver-xorg/config/inputdevice/keyboard/layout string de xserver-xorg xserver-xorg/config/inputdevice/keyboard/model string pc105 xserver-xorg xserver-xorg/config/inputdevice/keyboard/options string lv3:ralt_switch xserver-xorg xserver-xorg/autodetect_monitor boolean false xserver-xorg xserver-xorg/autodetect_keyboard boolean true xserver-xorg xserver-xorg/autodetect_mouse boolean true xserver-xorg xserver-xorg/autodetect_video_card boolean true console-setup console-setup/variant select Germany console-setup console-setup/charmap select UTF-8 console-setup console-setup/layoutcode string de console-setup console-setup/compose select No compose key console-setup console-setup/fontsize-text select 16 console-setup console-setup/optionscode string lv3:ralt_switch console-setup console-setup/layout select Germany console-setup console-setup/detected note console-setup console-setup/variantcode string console-setup console-setup/codesetcode string Lat15 console-setup console-setup/modelcode string pc105 console-setup console-setup/ask_detect boolean false console-setup console-setup/altgr select Right Alt console-setup console-setup/ttys string /dev/tty[1-6] console-setup console-setup/model select Generic 105-key (Intl) PC console-setup console-setup/fontsize-fb select 16 console-setup console-setup/switch select No temporary switch console-setup console-setup/codeset select # Latin1 and Latin5 - western Europe and Turkic languages console-setup console-setup/toggle select No toggling console-setup console-setup/fontface select VGA console-setup console-setup/fontsize string 16
- vi /srv/fai/config/package_config/GERMAN
PACKAGES aptitude language-pack-de PACKAGES aptitude GNOME iceweasel-l10n-de icedove-l10n-de
- vi /srv/fai/config/scripts/GERMAN
#!/bin/bash fcopy /etc/default/keyboard fcopy /etc/default/console-setup fcopy /etc/default/locale $ROOTCMD dpkg-reconfigure -f noninteractive console-setup
- vi files/etc/default/keyboard/GERMAN
XKBMODEL="pc105" XKBLAYOUT="de" XKBVARIANT="" XKBOPTIONS=""
- vi files/etc/default/console-setup/GERMAN
VERBOSE_OUTPUT=no ACTIVE_CONSOLES="/dev/tty[1-2]" CHARMAP="UTF-8" CODESET="Lat15" FONTFACE="VGA" FONTSIZE="16" XKBMODEL="pc105" XKBLAYOUT="de" XKBVARIANT="" XKBOPTIONS="" BOOTTIME_KMAP_MD5=""
- vi files/etc/default/locale
LANG="de_DE.UTF-8"