using nfsroot-hooks

John G Heim jheim at math.wisc.edu
Wed Sep 30 15:42:19 CEST 2015 

On 09/30/2015 04:41 AM, Thomas Lange wrote:
>>>>>> On Tue, 29 Sep 2015 08:28:13 -0500, John G Heim <jheim at math.wisc.edu> said:
>
>      > Anybody got some good example scripts for using w/i nfsroot-hooks? Some
>      > things I want to do:
> Hi John,
>
> hooks for fai-make-nfsroot are no that flexible as in a normal FAI
> installation. There are only two placed, where fai-make-nfsroot calls
> hooks. Both are after all packages are already installed into the
> nfsroot. So, it will not help if you want to add apt keys before
> installing more packages. Except of you install those packages in your
> hook but not using /etc/fai/NFSROOT.


Well, it's not a huge thing but my problem is that you get error 
messages during a fai install if you're installing packages from an 
unofficial archive (like fai itself) unless you install the apt key.

I discovered that if you want to install packages from an unofficial 
repository during a normal fai install, you can get the sources file 
into your nfsroot by createing a sources.list.d subdir within 
/etc/fai/apt. So make a subdir /etc/fai/apt/sources.list.d and put them 
in there. The packages from those repositories will be available during 
a fai install but there will be error messages in fai.log about there 
being no key. I don't remember the exact wording of the error message 
but I think we've probably all seen it a gazillion times. The error 
messages don't prevent you from installing the packages though.

Actually, after I posted my question, I solved this particular problem. 
 From an example on the fai wiki page about installing ubuntu, I saw 
that $ROOTCMD works. So you can say something like this in an 
nfsroot-hooks script:

$ROOTCMDwget http://fai-project.org/download/074BCDE4.asc -q -O - | 
apt-key add -

So that would make it possible to install the fai-client package from 
the fai repository w/o generating that annoying error message in your 
fai.log.

> If you want to restore ssh from a previous nfsroot creation, there's
> the option -p. It only restores the $NFSROOT/root/.ssh directory, not
> the host keys inside the nfsroot.
>

Again it's not that big of a deal.  It mostly comes up only in building 
& testing your fai setup. Every time you rebuild your nfsroot, you have 
to delete the old key from your known_hosts file.

I kind of solved this problem too although it's kind of sloppy. I put 
this in an nfsroot-hooks script:

cp /etc/ssh/ssh_host_*  /srv/fai/nfsroot/live/filesystem.dir/etc/ssh/

That copies the ssh keys from the fai server to the nfsroot. So unless 
you build a new fai server, the ssh keys on the nfsroot won't change.

I now have 4 nfsroot-hooks scripts to do the following:

1. Set the locale on the nfsroot. (This was stolen from the regular fai 
hooks example. IIRC, it works unmodified as an nfsroot hook.)
2. Download/install apt keys for fai, macauley, and dropbox.
3. Copy ssh keys from fai host to nfsroot.
4. Install upstart-sysv. (Copied straight from fai wiki.)

I think the main reason I prefer hooks is that they essentially act as 
documentation of everything you have to do to build the nfsroot.

More information about the linux-fai mailing list