Tip: Run a script after FAI install
John G Heim
jheim at math.wisc.edu
Thu Jan 10 18:13:30 CET 2019
Well, it's not really to the point. Maybe my example was bad but there
are lots of other reasons one might want to run a script after the
install is finished. Actually, the reason this came up is that I want
the linux cli screen reader to run on the first boot and then get
disabled. But I just added it to the things my fai setup does after the
first reboot.
On 1/10/19 6:55 AM, Brian Kroth wrote:
> You can configure the nfsroot with your ldap configs so you can have
> them available during fai. I used this (at another UW department) for
> rescue consoles to support natural logins from admins.
>
> As far as the sudo config, why not just copy a sudoers (.d) snippet down
> that references the user during fai/config management time? It can still
> reference an ldap user without them being available yet. They don't need
> to be in the local sudo group to privelege them. You can also add host
> match restrictions if you want. It's quite customizable.
>
> On Thu, Jan 10, 2019, 00:29 Martin Krämer <mk.maddin at gmail.com
> <mailto:mk.maddin at gmail.com>> wrote:
>
> Hi John,
>
> if you are using LDAP - why not permitting a LDAP group (which
> already exists during install) and then configure sudo via LDAP?
>
> Thats how I solved it for my soho environment.
>
> See: https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html
>
> Kind Regards
>
> Martin
>
> On Wed, Jan 9, 2019, 22:06 John G Heim <jheim at math.wisc.edu
> <mailto:jheim at math.wisc.edu> wrote:
>
> So I had this problem. I want to configure certain users to have
> sudo on
> the workstations I manage. Problem we do ldap authenticaition --
> so the
> users don't exist during the install. I can easily write an fai
> script
> to do an adduser but it doesn't work because the user doesn't exist
> during the install. What I needed to do is to run a script once
> after
> the system reboots into the newly installed operating system. I
> thought
> about putting a script on there that would run at boot time and
> delete
> itself. But that's ugly and failure prone. But I came up with a
> solution
> that is much more reliable and flexible.
>
> 1. Create a crontab file to be copied to the target system
> during the
> install. For example, during my fai installs, I create a class
> called
> INSTALL. So I created a crontab file
> /srv/fai/config/files/etc/crontab/INSTALL.
>
> Put a command like this in this file:
>
> @reboot root fai --class/dev/null=POSTINST softupdate
>
> 2. Add an fcopy command to one of your installation scripts to
> copy the
> crontab file:
>
> fcopy -Bi /etc/crontab
>
> 3. Create another, normal crontab file without the above line
> and call
> it POSTINST or whatever you called the class in the first
> crontab. In
> this example, it would be
> /srv/fai/config/files/etc/crontab/POSTINST.
>
> 4. in your fai script space, create a directory called POSTINST
>
> mkdir /srv/fai/config/scripts/POSTINST
>
> 5. Put a script in there to install the normal crontab file
>
> fcopy -Bi /etc/crontab
>
> 6. Put scripts to do whatever else you want into that same
> directory.
> These scripts will be run just once when the system reboots
> after the
> original fai install. The target machine will look completely
> normal and
> there won't be any extra programs/scripts on it (unless you
> count fai
> itself).
>
> Verstehst du?
>
> --
> --
> John G. Heim; jheim at math.wisc.edu <mailto:jheim at math.wisc.edu>;
> sip://jheim@sip.linphone.org <mailto:jheim at sip.linphone.org>
>
More information about the linux-fai
mailing list