#! /bin/bash

# $Id: make-fai-nfsroot 4211 2007-01-11 15:02:00Z lange $
#*********************************************************************
#
# make-fai-nfsroot -- create nfsroot directory and add additional packages
#
# This script is part of FAI (Fully Automatic Installation)
# (c) 2000-2007 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
#
#*********************************************************************
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
# 
# A copy of the GNU General Public License is available as
# `/usr/share/common-licences/GPL' in the Debian GNU/Linux distribution
# or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html.  You
# can also obtain it by writing to the Free Software Foundation, Inc.,
# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#*********************************************************************

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
usage() {

    cat <<-EOF
	Copyright (C) 1999-2006 Thomas Lange
	Report bugs to <fai@informatik.uni-koeln.de>.

	Usage: make-fai-nfsroot [OPTIONS]
  Create an NFSROOT for FAI.
	Read the man pages pages make-fai-nfsroot(8).
EOF
    exit 0
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
die() {

    echo "ERROR: $@"
    exit 99
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin

kfile="vmlinuz" # some architectures use different names
kernelname="$kfile-install"
merror="properly"
# option e currently does nothing
while getopts hervC:f:kKV: opt ; do
    case "$opt" in
        C) cfdir=$OPTARG ;;
        v) verbose=1 ; v=-v ;;
        V) kernelname=$OPTARG ;;
        r) recover=1 ;;
        f) die "Option -f is not supported any more. Use option -C instead" ;;
        k) kinstall=1 ;;
        K) kremove=1; kinstall=1 ;;
        h) usage ;;
	e) expert=1 ;;
        ?) exit 5 ;; # error in option parsing
    esac
done

if [ $(id -u) != "0" ]; then
    echo "Run this program as root."
    exit 9
fi

set -e

# use FAI_ETC_DIR from environment variable
if [ -n "$FAI_ETC_DIR" -a -z "$cfdir" ]; then
    echo "Using environment variable \$FAI_ETC_DIR."
fi
[ -z "$cfdir" ] && cfdir=${FAI_ETC_DIR:=/etc/fai}
cfdir=$(readlink -f $cfdir) # canonicalize path
if [ ! -d "$cfdir" ]; then
    echo "$cfdir is not a directory"
    exit 6
fi
[ "$verbose" ] && echo "Using configuration files from $cfdir"
. $cfdir/fai.conf

# read config file for this tool
if [ -f "$cfdir/make-fai-nfsroot.conf" ]; then
    . $cfdir/make-fai-nfsroot.conf
else
    echo "Can't read $cfdir/make-fai-nfsroot.conf"
    exit 8
fi

# IMO this may be removed, since all information should be included into sources.list
[ -n "$FAI_LOCAL_REPOSITORY" ] && die "The use of \$FAI_LOCAL_REPOSITORY is now deprecated. Please include this information into sources.list." 
[ -n "$packages" ] && die "The use of \$packages in make-fai-nfsroot.conf is now deprecated. Please include this information into $cfdir/NFSROOT."
[ -n "$NFSROOT_PACKAGES" ] && die "The use of \$NFSROOT_PACKAGES in make-fai-nfsroot.conf is now deprecated. Please include this information into $cfdir/NFSROOT."
[ -n "$FAI_SOURCES_LIST" ] && die "The use of \$FAI_SOURCES_LIST is deprecated. Please use sources.list now."

[ -z "$NFSROOT" ] && die "\$NFSROOT is not set. Please check your settings in $cfdir/fai.conf."
[ ! -d "$cfdir/apt" ] && die "$cfdir/apt/ does not exists. Can't continue."

ROOTCMD="chroot $NFSROOT"

RUNDIR=/var/run/fai/make-fai-nfsroot
[ ! -d $RUNDIR ] && mkdir -p $RUNDIR
export DEBIAN_FRONTEND=noninteractive
[ "$recover" ] || rm -rf $RUNDIR/*

trap 'echo "Aborting";umount_dirs' EXIT
trap "bad_exit" ERR
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
bad_exit() {

    merror="with errors"
    echo "An error occured during make-fai-nfsroot."
    echo "Please fix the error or try make-fai-nfsroot -v"
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
call_with_stamp() {

    local func=$1
    local stamp=$RUNDIR/$func
    # call subroutine
    [ "$recover" -a -f $stamp ] && return 0 
    "$@"
    > $stamp
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
call_verbose() {

    if [ "$verbose" ]; then
        "$@"
    else
        "$@" > /dev/null
    fi
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
install_kernel_nfsroot() {

    rm -rf $NFSROOT/boot/*-$KERNELVERSION $NFSROOT/lib/modules/$KERNELVERSION
    # since woody we can install the kernel using dpkg -i
    echo "do_boot_enable=no" > $NFSROOT/etc/kernel-img.conf
    dpkg -x $KERNELPACKAGE $NFSROOT
    echo "Kernel $KERNELVERSION installed into the nfsroot."
    chroot $NFSROOT depmod -qaF /boot/System.map-$KERNELVERSION $KERNELVERSION || true
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_ssh() {

    # nothing to do if no ssh is available in nfsroot
    [ -f $NFSROOT/usr/bin/ssh ] || return 0
    mkdir -p -m 700 $NFSROOT/root/.ssh
    if [ -n "$LOGUSER" ] ; then
        loguserhome=`eval "cd ~$LOGUSER 2>/dev/null && pwd;true"`
        [ -f $loguserhome/.ssh/known_hosts ] && cp $loguserhome/.ssh/known_hosts $NFSROOT/root/.ssh/known_hosts
        [ -d $loguserhome/.ssh ] && {
	    [ -f $loguserhome/.ssh/id_dsa ] &&
	       cp -p $loguserhome/.ssh/id_dsa* $NFSROOT/root/.ssh/
	    [ -f $loguserhome/.ssh/id_rsa ] &&
	       cp -p $loguserhome/.ssh/id_rsa* $NFSROOT/root/.ssh/
	}
    fi

    # enable root login
    perl -pi -e 's/PermitRootLogin no/PermitRootLogin yes/' $NFSROOT/etc/ssh/sshd_config
    if [ -f "$SSH_IDENTITY" ]; then
        cp $SSH_IDENTITY $NFSROOT/root/.ssh/authorized_keys
	chmod 0644 $NFSROOT/root/.ssh/authorized_keys
        echo You can log into install clients without password using $SSH_IDENTITY
    fi
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
copy_fai_files() {

    # copy to nfsroot
    echo "root:$FAI_ROOTPW" | $ROOTCMD chpasswd --encrypted
    cp -Rpv $cfdir/* $NFSROOT/etc/fai
    # append additional variables to fai.conf for the install clients
    [ -z "$FAI_CONFIG_SRC" ] && echo "FAI_CONFIG_SRC=nfs://`hostname`$FAI_CONFIGDIR" >> $NFSROOT/etc/fai/fai.conf

    # remove some files that should not be copied
    rm -f $NFSROOT/etc/fai/make-fai-nfsroot.conf
    [ -f $cfdir/.cvspass ] && cp -p $v $cfdir/.cvspass $NFSROOT/.cvspass
    $ROOTCMD shadowconfig on
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
call_debootstrap() {
    
    local dversion=$(dpkg -l debootstrap | grep debootstrap | cut -f7 -d' ')
    echo "Creating base system using debootstrap version $dversion"
    echo "Calling debootstrap $1 $NFSROOT $2"
    yes '' | LC_ALL=C call_verbose debootstrap $FAI_DEBOOTSTRAP_OPTS $1 $NFSROOT $2
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_all_host_entries() {

    local ips=$(ifconfig | grep -w inet | cut -d : -f 2 | cut -d ' ' -f 1 | grep -v 127.0.0.1)
    for eth in $ips; do
	getent hosts $eth >> etc/hosts || true
    done
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
create_base() {

    if [ "$FAI_DEBOOTSTRAP" ]; then
        call_with_stamp call_debootstrap $FAI_DEBOOTSTRAP
        $ROOTCMD apt-get clean
	rm -f $NFSROOT/etc/resolv.conf
        echo "Creating base.tgz"
        tar --one-file-system -C $NFSROOT -cf - --exclude var/tmp/base.tgz . | gzip > $NFSROOT/var/tmp/base.tgz
	touch $NFSROOT/.THIS_IS_THE_FAI_NFSROOT
    else
	die "\$FAI_DEBOOTSTRAP not defined."
    fi
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
create_nfsroot() {

    mkdir -p $NFSROOT/$FAI
    cd $NFSROOT || die "Can't cd to $NFSROOT"

    call_with_stamp create_base
    # save the list of all packages in the base.tgz
    $ROOTCMD dpkg --get-selections | egrep 'install$' | awk '{print $1}' > var/tmp/base-pkgs.lis

    if [ "$FAI_DEBMIRROR" ]; then
	[ "$verbose" ] && echo "Mounting $FAI_DEBMIRROR to $NFSROOT/$MNTPOINT."
        mkdir -p $NFSROOT/$MNTPOINT
        mount -o ro,noatime,rsize=8192 $FAI_DEBMIRROR $NFSROOT/$MNTPOINT || \
                die "Can't mount $FAI_DEBMIRROR to $NFSROOT/$MNTPOINT."
        fi

    # hoaks some packages
    # liloconfig, dump and raidtool2 needs these files
    echo "# UNCONFIGURED FSTAB FOR BASE SYSTEM" > etc/fstab
    > etc/raidtab
    mkdir -p lib/modules/$KERNELVERSION           # dirty trick to hoax lvm
    >  lib/modules/$KERNELVERSION/modules.dep  # dirty trick to hoax lvm
    echo 'NTPSERVERS=""' > etc/default/ntp-servers

    [ -d $NFSROOT/var/state ] || mkdir $NFSROOT/var/state
    cp -a $cfdir/apt $NFSROOT/etc

    ainsl -as $NFSROOT/etc/hosts "127.0.0.1 localhost"
    ainsl     $NFSROOT/etc/hosts "$NFSROOT_ETC_HOSTS"
    add_all_host_entries

    # we need these option before installing the first package. So we
    # can't put this into fai-nfsroot /etc/apt/apt.conf.d/90fai
    cat <<EOF >$NFSROOT/etc/apt/apt.conf.d/10fai
APT::Get::AllowUnauthenticated "true";
Aptitude::CmdLine::Ignore-Trust-Violations yes;
EOF
    echo "Upgrading $NFSROOT"
    LC_ALL=C call_verbose call_with_stamp upgrade_nfsroot  
    LC_ALL=C call_with_stamp add_packages_nfsroot
    call_with_stamp copy_fai_files

    # set timezone in nfsroot
    timezone=$(readlink /etc/localtime | sed 's%^/usr/share/zoneinfo/%%')
    echo $timezone > etc/timezone 
    rm -f etc/localtime && ln -sf /usr/share/zoneinfo/$timezone etc/localtime

    # make little changes to nfsroot, because nfsroot is
    # read only for the install clients 
    rm etc/mtab dev/MAKEDEV
    ln -s /proc/mounts etc/mtab
    [ -d "var/lib/discover" ] || mkdir var/lib/discover
    [ -d "var/discover" ] || mkdir var/discover
    mkdir etc/sysconfig tmp/etc
    cp -p /etc/resolv.conf tmp/etc # so we have DNS after chroot $NFSROOT on the install server
    ln -sf /tmp/etc/resolv.conf etc/resolv.conf
    ln -s /usr/sbin/fai etc/init.d/rcS
    # for nis
    [ -d var/yp ] && ln -s /tmp/binding var/yp/binding

    # definition for loopback device
    echo "iface lo inet loopback" > etc/network/interfaces

    echo "*.* /tmp/fai/syslog.log" > etc/syslog.conf
    cat >> root/.profile <<-EOF
        PATH=/usr/local/sbin:/usr/local/bin:/usr/lib/fai:/bin:/sbin:/usr/bin:/usr/sbin:
        export PATH
	. /usr/lib/fai/subroutines
	. /usr/lib/fai/subroutines-linux
	set -a
        . /tmp/fai/variables.log 2>/dev/null
EOF

    call_verbose call_with_stamp setup_ssh

    cat >$NFSROOT/etc/rc2.d/S01fai_abort <<-EOF
        #!/bin/sh
        echo FAI: installation aborted.
        echo reboot with: faireboot
        echo or after a logout
        sh
        cd /
        umount -ar
        reboot -dfi
EOF
    chmod a+rx $NFSROOT/etc/rc2.d/S01fai_abort

}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
upgrade_nfsroot() {

    if [ -f /etc/resolv.conf ]; then
	cp -p $v /etc/resolv.conf $NFSROOT/etc/resolv.conf-installserver
	cp -p $v /etc/resolv.conf $NFSROOT/etc/resolv.conf # this is needed during make-fai-nfsroot
    fi
    $ROOTCMD apt-get update
    $ROOTCMD apt-get -fy install fai-nfsroot
    $ROOTCMD apt-get check
    rm -rf $NFSROOT/etc/apm
    mount -t proc /proc $NFSROOT/proc

    fdivert /sbin/start-stop-daemon /sbin/discover-modprobe
    cp -p /sbin/fai-start-stop-daemon $NFSROOT/sbin
    cp -p /sbin/fai-start-stop-daemon $NFSROOT/sbin/start-stop-daemon
    $ROOTCMD apt-get -y dist-upgrade
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_packages_nfsroot() {

    local iarch=$(dpkg --print-installation-architecture|tr /a-z/ /A-Z/)
    export FAI_ROOT=$NFSROOT
    export classes="NFSROOT $iarch"
    install_packages -l -p$cfdir > $NFSROOT/var/tmp/packages.nfsroot
    echo "Adding additional packages to $NFSROOT:"
    cat $NFSROOT/var/tmp/packages.nfsroot
    call_verbose install_packages $v -p$cfdir
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
umount_dirs() {

    [ -f $NFSROOT/usr/sbin/dpkg-divert ] && 
       LC_ALL=C $ROOTCMD dpkg-divert --rename --remove /sbin/discover-modprobe
    cd /
    [ -d $NFSROOT/proc/self ] && umount $NFSROOT/proc 
    [ -d $NFSROOT/proc/self ] && umount $NFSROOT/dev/pts
    if [ "$FAI_DEBMIRROR" ]; then
        test -d $NFSROOT/$MNTPOINT && umount $NFSROOT/$MNTPOINT || true
    fi
    # show directories still mounted on nfsroot
    mount | grep " on $NFSROOT " || true
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
get_kernel_version() {

    local package=$1

    KERNELVERSION=`dpkg --info $package | grep ' Package: '`
    KERNELVERSION=${KERNELVERSION/*-image-/}
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_bootp(){

    if [ -x "`which mkelf-linux`" ]; then
	mkelf-linux --ip=any --output=/srv/tftp/fai/installimage \
	  $NFSROOT/boot/$kfile-$KERNELVERSION 
    else
        echo "Command mkelf-linux not found. Can not set up BOOTP booting. Please install the package mknbi and rerun fai-setup."
	return
    fi

    # imggen is free software from 3com - use ver1.00: 1.01 produces "Image too Big" errors.
    # it converts netboot images to images which are bootable by 3com network cards
    if [ -x "`which imggen`" ]; then
	imggen -a /srv/tftp/fai/installimage /srv/tftp/fai/installimage_3com
    fi
    echo "BOOTP environment prepared."
}

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
setup_dhcp(){

    # pxe and dhcp environment
    local pxebin=/usr/lib/syslinux/pxelinux.0
    cp -p $NFSROOT/boot/$kfile-$KERNELVERSION /srv/tftp/fai/$kernelname
    echo "Kernel $KERNELVERSION copied to /srv/tftp/fai/$kernelname"
    [ -f $pxebin ] && cp $pxebin /srv/tftp/fai
    [ -d /srv/tftp/fai/pxelinux.cfg ] || mkdir -p /srv/tftp/fai/pxelinux.cfg
    echo "DHCP environment prepared. If you want to use it, you have to enable the dhcpd and the tftp-hpa daemon."
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
fdivert() {

    local item
    for item in "$@"; do
	LC_ALL=C $ROOTCMD dpkg-divert --quiet --add --rename $item
    done
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
kernel_install() {

# Install the kernel package
if [ -f $KERNELPACKAGE ]; then
    # determine kernel version
    get_kernel_version $KERNELPACKAGE

    # create tftp boot images
    call_with_stamp install_kernel_nfsroot

    # setup for DHCP, BOOTP or both
    [ "x$FAI_BOOT" = "x" ] && FAI_BOOT="dhcp bootp"
    
    for bootopt in $FAI_BOOT; do
    	case $bootopt in
    		dhcp|DHCP)      
			call_with_stamp setup_dhcp ;;
    		bootp|BOOTP)      
			call_with_stamp setup_bootp ;;
		*)
			echo "Unknown boot option" ;;
    	esac
    done
else
    merror="with errors"
    echo "Error. Kernel package $KERNELPACKAGE not found."
    echo "No install kernel installed in /srv/tftp/fai."
    echo "No kernel modules available in nfsroot."
fi
}
# - - - - - - - - - - - - - - - - - - - - - - - - - -
# main routine

[ -z "$KERNELPACKAGE" ] && die "\$KERNELPACKAGE is not set. Aborting."

# remove all kernels from nfsroot
[ -n "$kremove" ] && {
    echo "Removing all kernels from NFSROOT."
    rm -f $NFSROOT/boot/{System.map,vmlinuz,config,patches}*
    rm -rf $NFSROOT/lib/modules/2.*
}

# just install a new kernel to the nfsroot
[ -n "$kinstall" ] && {
    trap "true" EXIT
    echo "Installing new kernel into the nfsroot."
    kernel_install
    echo "New kernel from" $KERNELPACKAGE "installed into the nfsroot."
    exit
}

echo "Creating FAI nfsroot in $NFSROOT."
echo "By default it needs more than 250 MBytes disk space."
echo "This may take a long time."

# Kill the directory if not in recover mode
if [ -d $NFSROOT/$FAI -a ! "$recover" ]
then
    echo $NFSROOT already exists. Removing $NFSROOT
    umount $NFSROOT/dev/pts 1>/dev/null 2>&1 || true
    rm -rf $NFSROOT/.??* $NFSROOT/*
    # also remove files $NFSROOT/.? but not . and ..
    find $NFSROOT -xdev -maxdepth 1 ! -type d | xargs -r rm -f
fi

# Create a new nfsroot
if [ ! -x "`which debootstrap`" ]; then
    die "Can't find debootstrap command. Aborting."
fi
call_with_stamp create_nfsroot

kernel_install

umount_dirs
trap "true" EXIT
echo "make-fai-nfsroot finished $merror."
exit 0
