Tip: Run a script after FAI install
Justin Cattle
j at ocado.com
Thu Jan 10 18:34:18 CET 2019
Systemd is pretty good at this.
Get FAI to install a unit file to run your thing, and add a unit option
like ConditionPathExists=/foo/bar or ConditionPathExists=!/foo/bar
Then make your thing touch or delete a flag file [ /foo/bar ] if
successfully run.
There you have it, a service/script that only runs once.
Cheers,
Just
On Thu, 10 Jan 2019 at 17:14, John G Heim <jheim at math.wisc.edu> wrote:
> Well, it's not really to the point. Maybe my example was bad but there
> are lots of other reasons one might want to run a script after the
> install is finished. Actually, the reason this came up is that I want
> the linux cli screen reader to run on the first boot and then get
> disabled. But I just added it to the things my fai setup does after the
> first reboot.
>
>
>
>
> On 1/10/19 6:55 AM, Brian Kroth wrote:
> > You can configure the nfsroot with your ldap configs so you can have
> > them available during fai. I used this (at another UW department) for
> > rescue consoles to support natural logins from admins.
> >
> > As far as the sudo config, why not just copy a sudoers (.d) snippet down
> > that references the user during fai/config management time? It can still
> > reference an ldap user without them being available yet. They don't need
> > to be in the local sudo group to privelege them. You can also add host
> > match restrictions if you want. It's quite customizable.
> >
> > On Thu, Jan 10, 2019, 00:29 Martin Krämer <mk.maddin at gmail.com
> > <mailto:mk.maddin at gmail.com>> wrote:
> >
> > Hi John,
> >
> > if you are using LDAP - why not permitting a LDAP group (which
> > already exists during install) and then configure sudo via LDAP?
> >
> > Thats how I solved it for my soho environment.
> >
> > See: https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html
> >
> > Kind Regards
> >
> > Martin
> >
> > On Wed, Jan 9, 2019, 22:06 John G Heim <jheim at math.wisc.edu
> > <mailto:jheim at math.wisc.edu> wrote:
> >
> > So I had this problem. I want to configure certain users to have
> > sudo on
> > the workstations I manage. Problem we do ldap authenticaition --
> > so the
> > users don't exist during the install. I can easily write an fai
> > script
> > to do an adduser but it doesn't work because the user doesn't
> exist
> > during the install. What I needed to do is to run a script once
> > after
> > the system reboots into the newly installed operating system. I
> > thought
> > about putting a script on there that would run at boot time and
> > delete
> > itself. But that's ugly and failure prone. But I came up with a
> > solution
> > that is much more reliable and flexible.
> >
> > 1. Create a crontab file to be copied to the target system
> > during the
> > install. For example, during my fai installs, I create a class
> > called
> > INSTALL. So I created a crontab file
> > /srv/fai/config/files/etc/crontab/INSTALL.
> >
> > Put a command like this in this file:
> >
> > @reboot root fai --class/dev/null=POSTINST softupdate
> >
> > 2. Add an fcopy command to one of your installation scripts to
> > copy the
> > crontab file:
> >
> > fcopy -Bi /etc/crontab
> >
> > 3. Create another, normal crontab file without the above line
> > and call
> > it POSTINST or whatever you called the class in the first
> > crontab. In
> > this example, it would be
> > /srv/fai/config/files/etc/crontab/POSTINST.
> >
> > 4. in your fai script space, create a directory called POSTINST
> >
> > mkdir /srv/fai/config/scripts/POSTINST
> >
> > 5. Put a script in there to install the normal crontab file
> >
> > fcopy -Bi /etc/crontab
> >
> > 6. Put scripts to do whatever else you want into that same
> > directory.
> > These scripts will be run just once when the system reboots
> > after the
> > original fai install. The target machine will look completely
> > normal and
> > there won't be any extra programs/scripts on it (unless you
> > count fai
> > itself).
> >
> > Verstehst du?
> >
> > --
> > --
> > John G. Heim; jheim at math.wisc.edu <mailto:jheim at math.wisc.edu>;
> > sip://jheim@sip.linphone.org <mailto:jheim at sip.linphone.org>
> >
>
--
Notice: This email is confidential and may contain copyright material of
members of the Ocado Group. Opinions and views expressed in this message
may not necessarily reflect the opinions and views of the members of the
Ocado Group.
If you are not the intended recipient, please notify us
immediately and delete all copies of this message. Please note that it is
your responsibility to scan this message for viruses.
Fetch and Sizzle
are trading names of Speciality Stores Limited and Fabled is a trading name
of Marie Claire Beauty Limited, both members of the Ocado Group.
References to the “Ocado Group” are to Ocado Group plc (registered in
England and Wales with number 7098618) and its subsidiary undertakings (as
that expression is defined in the Companies Act 2006) from time to time.
The registered office of Ocado Group plc is Buildings One & Two, Trident
Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20190110/31974f1d/attachment-0001.html>
More information about the linux-fai
mailing list