diff --git a/inventory.yml b/inventory.yml index 7a64f28..39edc7d 100644 --- a/inventory.yml +++ b/inventory.yml @@ -3,7 +3,8 @@ all: server: ansible_host: home.bauer.tech ansible_port: 22187 - + server2: + children: iot: hosts: diff --git a/roles/server-basic-environment/tasks/main.yml b/roles/server-basic-environment/tasks/main.yml new file mode 100644 index 0000000..e3dbb49 --- /dev/null +++ b/roles/server-basic-environment/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: Do apt update/upgrade + apt: upgrade=yes update_cache=yes cache_valid_time=300 +- name: Apt install download & unzip packages + apt: + name: + - wget + - zip + - htop + - xz-utils + - python3 + - python3-venv + - python3-wheel + - git + - iotop +- name: Download and install mbenv + ansible.builtin.unarchive: + src: "https://owncloud.bauer.tech/s/vMu7X4mRl2vComu/download?path=%2F&files=mbenv.tar.xz" + remote_src: yes + dest: "/home/core/" diff --git a/roles/server-debian-docker/tasks/main.yml b/roles/server-debian-docker/tasks/main.yml new file mode 100644 index 0000000..76a890a --- /dev/null +++ b/roles/server-debian-docker/tasks/main.yml @@ -0,0 +1,38 @@ +--- + +- name: Install required system packages + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - python3-pip + - virtualenv + - python3-setuptools + state: latest + update_cache: true + +- name: Add Docker GPG apt Key + apt_key: + url: https://download.docker.com/linux/debian/gpg + state: present + +- name: Add Docker Repository + apt_repository: + repo: deb https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable + state: present + +- name: Update apt and install docker-ce + apt: + name: + - docker-ce + - docker-compose-plugin + state: latest + update_cache: true + +- name: Add core to docker group + ansible.builtin.user: + name: core + groups: docker + append: true \ No newline at end of file diff --git a/roles/server-exthdd-mount/files/99-automounts.rules b/roles/server-exthdd-mount/files/99-automounts.rules new file mode 100644 index 0000000..425dece --- /dev/null +++ b/roles/server-exthdd-mount/files/99-automounts.rules @@ -0,0 +1,2 @@ +ACTION=="add", SUBSYSTEM=="block", ENV{DEVLINKS}=="*/dev/disk/by-label/MartinsPassport4*", ENV{SYSTEMD_WANTS}="media-passport4.mount" +ACTION=="add", SUBSYSTEM=="block", ENV{DEVLINKS}=="*/dev/disk/by-label/MartinsPassport5*", ENV{SYSTEMD_WANTS}="media-passport5.mount" \ No newline at end of file diff --git a/roles/server-exthdd-mount/files/media-passport4.mount b/roles/server-exthdd-mount/files/media-passport4.mount new file mode 100644 index 0000000..429276d --- /dev/null +++ b/roles/server-exthdd-mount/files/media-passport4.mount @@ -0,0 +1,12 @@ +[Unit] +Description=Mount /dev/disk/by-label/MartinsPassport4 at /media/passport4 +Before=local-fs.target + +[Mount] +What=/dev/disk/by-label/MartinsPassport4 +Where=/media/passport4 +Type=btrfs +Options=noauto,nofail + +[Install] +WantedBy=local-fs.target \ No newline at end of file diff --git a/roles/server-exthdd-mount/files/media-passport5.mount b/roles/server-exthdd-mount/files/media-passport5.mount new file mode 100644 index 0000000..2b15121 --- /dev/null +++ b/roles/server-exthdd-mount/files/media-passport5.mount @@ -0,0 +1,12 @@ +[Unit] +Description=Mount /dev/disk/by-label/MartinsPassport5 at /media/passport5 +Before=local-fs.target + +[Mount] +What=/dev/disk/by-label/MartinsPassport5 +Where=/media/passport5 +Type=btrfs +Options=noauto,nofail + +[Install] +WantedBy=local-fs.target \ No newline at end of file diff --git a/roles/server-exthdd-mount/tasks/main.yml b/roles/server-exthdd-mount/tasks/main.yml new file mode 100644 index 0000000..2ffef8d --- /dev/null +++ b/roles/server-exthdd-mount/tasks/main.yml @@ -0,0 +1,14 @@ +--- + +- name: Automount passport4 systemd file + copy: src=media-passport4.mount dest=/etc/systemd/system +- name: Automount passport5 systemd file + copy: src=media-passport5.mount dest=/etc/systemd/system +- name: Create udev rules + copy: src=99-automounts.rules dest=/etc/udev/rules.d +- name: Systemd reread configs + ansible.builtin.systemd: + daemon_reload: true +- name: Reload udev + ansible.builtin.command: + cmd: "udevadm control --reload" \ No newline at end of file diff --git a/roles/server-link-aggregation/files/interfaces b/roles/server-link-aggregation/files/interfaces new file mode 100644 index 0000000..0139a79 --- /dev/null +++ b/roles/server-link-aggregation/files/interfaces @@ -0,0 +1,20 @@ +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +## The primary network interface +#allow-hotplug enp2s0 +#iface enp2s0 inet dhcp +## This is an autoconfigured IPv6 interface +#iface enp2s0 inet6 auto + +auto bond0 + +iface bond0 inet dhcp + bond-slaves enp3s0 enp4s0 enp5s0 + bond-mode 802.3ad + bond-lacp-rate 1 + bond-miimon 100 + bond-xmit-hash-policy layer3+4 diff --git a/roles/server-link-aggregation/tasks/main.yml b/roles/server-link-aggregation/tasks/main.yml new file mode 100644 index 0000000..2e9ee24 --- /dev/null +++ b/roles/server-link-aggregation/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Apt install download & unzip packages + apt: + name: + - ifenslave +- name: Interface file + copy: src=interfaces dest=/etc/network/interfaces \ No newline at end of file diff --git a/roles/server-nfs/tasks/main.yml b/roles/server-nfs/tasks/main.yml new file mode 100644 index 0000000..499bac1 --- /dev/null +++ b/roles/server-nfs/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- name: Apt install NFS server + apt: + name: nfs-kernel-server + update_cache: yes +- name: Ensure correct entry in /etc/exports + lineinfile: + path: /etc/exports + state: present + line: "{{ item }}" + with_items: + - '/data/main 192.168.178.0/255.255.255.0(rw,async,no_subtree_check)' +- name: Restart nfs-kernel-server.service + ansible.builtin.systemd: + daemon_reload: yes + state: started + name: nfs-kernel-server.service + + diff --git a/server.yml b/server.yml new file mode 100644 index 0000000..055a8cc --- /dev/null +++ b/server.yml @@ -0,0 +1,9 @@ + +- hosts: server + roles: + - server-basic-environment + - server-debian-docker + - server-exthdd-mount + - server-nfs + - server-link-aggregation + diff --git a/server/readme.md b/server/readme.md deleted file mode 100644 index c5f6472..0000000 --- a/server/readme.md +++ /dev/null @@ -1,6 +0,0 @@ - -Select Boot device -================== - -Bios accessible using [F2] - diff --git a/server/scripts/docker-images/influxdb.run b/server/scripts/docker-images/influxdb.run deleted file mode 100644 index 6ebbde0..0000000 --- a/server/scripts/docker-images/influxdb.run +++ /dev/null @@ -1 +0,0 @@ -docker run -d --restart=always --name home_influx -p 8086:8086 -v /volumes/influxdb_data/:/var/lib/influxdb influxdb diff --git a/server/scripts/docker-images/tagspace/Dockerfile b/server/scripts/docker-images/tagspace/Dockerfile deleted file mode 100644 index a628679..0000000 --- a/server/scripts/docker-images/tagspace/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM ubuntu -MAINTAINER "Martin Bauer" - -ENV DEBIAN_FRONTEND noninteractive - -RUN apt-get update -RUN apt-get upgrade -y && apt-get install -y nginx - -ADD tagspaces /var/www/ - -RUN echo "daemon off;" >> /etc/nginx/nginx.conf -RUN rm /etc/nginx/sites-enabled/* -ADD nginx.conf /etc/nginx/conf.d/tagspaces.conf - -CMD nginx - - diff --git a/server/scripts/docker-images/tagspace/nginx.conf b/server/scripts/docker-images/tagspace/nginx.conf deleted file mode 100644 index 58b10d5..0000000 --- a/server/scripts/docker-images/tagspace/nginx.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - server_name ""; - root /var/www/; - - location / { - index index.html; - } -} - diff --git a/server/scripts/files_to_backup.txt b/server/scripts/files_to_backup.txt deleted file mode 100644 index 15b2160..0000000 --- a/server/scripts/files_to_backup.txt +++ /dev/null @@ -1,6 +0,0 @@ -/root/scripts -/etc/nginx/sites-enabled/reverse-proxy -/etc/letsencrypt/ -/etc/samba/smb.conf -/etc/environment - diff --git a/server/scripts/make_btrfs_snapshots.sh b/server/scripts/make_btrfs_snapshots.sh deleted file mode 100755 index 41a19a1..0000000 --- a/server/scripts/make_btrfs_snapshots.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -BASE=/media/passport4/ -TARGET=/media/passport4/snapshots - -DATE=`date +%F` - -btrfs subvolume snapshot -r $BASE/main_data $TARGET/main_data/$DATE -btrfs subvolume snapshot -r $BASE/films_and_software $TARGET/films_and_software/$DATE -btrfs subvolume snapshot -r $BASE/docker_volume_backup $TARGET/docker_volume_backup/$DATE - diff --git a/server/scripts/renew_certificates.sh b/server/scripts/renew_certificates.sh deleted file mode 100755 index c516783..0000000 --- a/server/scripts/renew_certificates.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -# certificate obtained with -#letsencrypt certonly --standalone -d home.bauer.tech - -service nginx stop -sleep 30 -letsencrypt renew -service nginx start diff --git a/server/scripts/restart_home_dbs.sh b/server/scripts/restart_home_dbs.sh deleted file mode 100755 index 9aa544a..0000000 --- a/server/scripts/restart_home_dbs.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - - -echo "-------- InfluxDB ------------" -docker pull influxdb -docker rm -f home_influx -docker run -d --restart=always --name home_influx -p 8086:8086 -v /volumes/influxdb_data/:/var/lib/influxdb influxdb - -echo "------- MongoDB ------------" -docker pull mongo:4 -docker rm -f homemongo -docker run --restart=always --name homemongo -p 27017:27017 -v /volumes/mongo/:/data/db -d mongo:4 - -echo "------ Grafana -------------" -docker pull grafana/grafana -docker rm -f grafana -docker run --restart=always -d --name=grafana -p 3000:3000 -v /volumes/grafana:/var/lib/grafana grafana/grafana diff --git a/server/scripts/restart_owncloud.sh b/server/scripts/restart_owncloud.sh deleted file mode 100755 index 5db07c8..0000000 --- a/server/scripts/restart_owncloud.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -docker pull owncloud -docker rm -f owncloud -docker run -d --restart=always --name=owncloud -v /volumes/owncloud/apps:/var/www/html/apps -v /volumes/owncloud/config:/var/www/html/config -v /volumes/owncloud/data:/var/www/html/data -p 5555:80 owncloud - diff --git a/server/scripts/restart_smarthome.sh b/server/scripts/restart_smarthome.sh deleted file mode 100755 index e01da22..0000000 --- a/server/scripts/restart_smarthome.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm -f mypysmarthome -docker run -d --restart=always --privileged -v /dev/serial/by-id/usb-busware.de_CUL868-if00:/dev/ttyACM0 -p 0.0.0.0:51826:51826 -p 0.0.0.0:7072:7072 -p 0.0.0.0:6720:6720 -p 0.0.0.0:2222:2222 -p 0.0.0.0:8080:8080 --net=host --name=mypysmarthome pysmarthome diff --git a/server/scripts/restart_squeezeserver.sh b/server/scripts/restart_squeezeserver.sh deleted file mode 100755 index 0dce5bd..0000000 --- a/server/scripts/restart_squeezeserver.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# To build -# cd /root/scripts/docker-images/squeezeserver -# docker build -t squeezeserver791 . - -docker rm -f squeezeserver -docker run -d --name squeezeserver --restart=always -p 9090:9090 -p 9000:9000 -p 3483:3483 -p 3483:3483/udp -v /volumes/squeezeserver/state/:/mnt/state -v /volumes/squeezeserver/music/:/home/martin/Musik -v /volumes/squeezeserver/playlists/:/home/martin/Playlists squeezeserver791 diff --git a/server/scripts/restart_squid_proxy.sh b/server/scripts/restart_squid_proxy.sh deleted file mode 100755 index 46da145..0000000 --- a/server/scripts/restart_squid_proxy.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -docker pull sameersbn/squid -docker rm -f squid -docker run --name squid -d --restart=always --publish 3128:3128 --volume /volumes/squid:/var/spool/squid --volume /root/scripts/squid.conf:/etc/squid/squid.conf sameersbn/squid - diff --git a/server/scripts/rsync_to_disk.sh b/server/scripts/rsync_to_disk.sh deleted file mode 100755 index c542bc0..0000000 --- a/server/scripts/rsync_to_disk.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -SRC=/volumes -DST=/media/passport4/docker_volume_backup/ - -echo "Owncloud Backup" -rsync -azW --delete $SRC/owncloud $DST - -echo "Squeezebox Music Backup" -rsync -azW --delete $SRC/squeezeserver $DST - -echo "MongoDB Homeautomation Backup" -rsync -azW --delete $SRC/mongo $DST - -echo "InfluxDB Homeautomation Backup" -rsync -azW --delete $SRC/influxdb_data $DST - -echo "WWW" -rsync -azW --delete $SRC/www $DST - -echo "Other files" -rsync -arW --delete --files-from=/root/scripts/files_to_backup.txt / $DST/other diff --git a/server/scripts/squid.conf b/server/scripts/squid.conf deleted file mode 100644 index 7dcb82f..0000000 --- a/server/scripts/squid.conf +++ /dev/null @@ -1,49 +0,0 @@ -# ----------------- Default from https://gist.github.com/hpcorona/5065634 ---------- - -#Recommended minimum configuration: -acl manager proto cache_object -acl localhost src 127.0.0.1/32 -acl to_localhost dst 127.0.0.0/8 -acl localnet src 0.0.0.0/8 192.168.178.0/24 -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http - -acl CONNECT method CONNECT - -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports - -icp_access deny all -htcp_access deny all - -http_port 3128 -hierarchy_stoplist cgi-bin ? - - -#Suggested default: -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern . 0 20% 4320 -# Leave coredumps in the first cache dir -coredump_dir /var/spool/squid3 - -# Allow all machines to all sites -http_access allow all - - -# ------------ Custom stuff -------------------------------- -cache_mem 512 MB # RAM usage -cache_dir aufs /var/spool/squid 200000 16 256 # 200 GB cache -maximum_object_size 5120 MB # dont store objects larger than 5 GB - diff --git a/server_flatcar/ct-v0.9.3-x86_64-unknown-linux-gnu b/server_flatcar/ct-v0.9.3-x86_64-unknown-linux-gnu deleted file mode 100755 index 799c634..0000000 Binary files a/server_flatcar/ct-v0.9.3-x86_64-unknown-linux-gnu and /dev/null differ diff --git a/server_flatcar/flatcar-install b/server_flatcar_deprecated_2023_08/flatcar-install similarity index 91% rename from server_flatcar/flatcar-install rename to server_flatcar_deprecated_2023_08/flatcar-install index d79ea53..56e34a2 100755 --- a/server_flatcar/flatcar-install +++ b/server_flatcar_deprecated_2023_08/flatcar-install @@ -74,7 +74,7 @@ CHANNEL_ID=${GROUP:-stable} BOARD=$(default_board) OEM_ID= -for f in /usr/share/oem/oem-release /etc/oem-release; do +for f in /oem/oem-release /usr/share/oem/oem-release /etc/oem-release; do if [[ -e $f ]]; then # Pull in OEM information too, but prefixing variables with OEM_ eval "$(sed -e 's/^/OEM_/' $f)" @@ -421,8 +421,43 @@ uvyCrat1qt4F8aKqao8sXbopH7QvDBpqGqgMGLkoPheOXypBvnvoYKL7tOoF4XJL AFM9PKGECoegwC0Mla15amgkfViUWdCsDy8UsSlPfBdvHdJrhChuPDwZV9GztZjj NdYVRi1OaxZP24IN7o40VFxvMh12E3HaideLi5MzZxxkXhr8m485b2hgvkuNUjoD nvFn8rZe8axx9FFhpg7/JvCAik3IxRbusM3WDqmFuBGK33phfD5wAKIWrBwT3iMU -4GnMNmKOMrYCE/edg4eOPFj+wjWw8ZGD8XrnHVI0k8fGOoLvAm/x -=xU/g +4GnMNmKOMrYCE/edg4eOPFj+wjWw8ZGD8XrnHVI0k8fGOoLvAm/xuQINBGQHFqQB +EACucSUehSi8KixdOc9pYVWBCoqu5V2NlrjbpVVpmPB118fLPaZV4MSB/AnHssWw +XDeO9zWyyLYstN78D/dWcX8Al74JFtBAM0lfgnqE5na8JZYrEivdsjQUO3Cf250G +yXJwpK+CXpAtH6qVrO595exknHKKTv2dfV51UxDXXzYhLznnYHZoTnzpMKUSwqwP +ywdwDVkalpXfFxP43w+gSuX7uOAI/hhX/iRE0drVDy85422FZnncNdigO6JjARn7 +CAoYDcb4K1+zn9WcwzWqV4+yhYDt+yf+o+TLhyF9BarG8cQ1tE4RfaDMZuXp0iKL +itX01mFb0sQ2ZF0YBhQdGaBj/AcfE4e7Sacz9gC93Xd3FaVt0zgsTxMt3Z0dMzAw +9lf7i/aPFFJQLoAZtuYU4hb3S4CG0+l3WPTdW5U276bV5WrTyvibfpNs8mctH4lB +I4jhSkqoPwZ+8gts3XT336P3F2Z/i3cbLmfjbSeAUYRV5BdkozbuWfO6JrZq/BId +KEUMlVi99CJD1fREyMXnr3aROdw7jKhtW5x59Act/ZXB9jixJ5EdxMe5aLeYKNSm +L8I4TXG4DEvbPu/HCHNMlDRoga1CCmVaUEhuJwQaH4PhhlX9M69Bmz42NS8A0Fol +JkiCsCQTQjyzvgXb1Pa0WKUVjPkQIGEUAaQdAGcns9svJQARAQABiQRyBBgBCAAm +FiEE+Iz+3v8ppbTZUjhk4l2a7QWTs0oFAmQHFqQCGwIFCQPCZwACQAkQ4l2a7QWT +s0rBdCAEGQEIAB0WIQTpQm2LZ+Nd9Ha9BIGF98iGiDficQUCZAcWpAAKCRCF98iG +iDficV5MEAClR4UiibpFIYRsbdtPQC/RUIRPbx8naJ8o9h3RqnQKQPgIPkJUS8d9 +vVHQlQ8rhzrzWctOMWHgDRDEojLjXwyYSHRBawJN39D/Fs+D6Nrg9gFkdBmrU2My ++Xia2Wgb+R2qUTnl8sP+d8k8zUC8UoZIX2ksK5yzw3Zwozg6X5Bd70zIru1RJtQd +9ZFDb/PVobWGbqS+saGEDi0Wa7YrmRRA+kQtvMIywX5LFJ5/bSqH3BsJduwmCnJH +84WcxYW6Ntbta7MsnmrDEwfKwmu6d0XgL0mUaOGlt7UoECckZLU/VWh+V9hhSjPi +Dp1IX3ucfmWfsEokN1ePMnl1LWbew7yF5WsNl0/BLVczx99uoYZ6FeW3cy+8PT3q +5Tuc7kjV9oQddJcS+slmlpyuXGH+vXa8WvSDWxPHat1tPhh2QEMGbVFeCw9XhwLu +98YC+Hc2BImD9FfL46GMXPmiBJ5S9qqJjb2lGB+Y4lnbus8DavpudumgO2b3p4CH +eWQYCZY993gcZIiI1/9YMXtXABZ034XoennSq1gzoAxmWGoEk9E/ZNcDLhigW2UN +D8w/mfBKD729NhGSBlL8LmAxwHe61fnL2Z+yTjVvWfsgMXSsn1U0QYkjgE6rzqDY +1w29Iduo1QLvcXQj+fVvu0O5zYPeRYV+RHG+l65KmB8Tjomq6FW2tsInD/92KSGF +0TIk0rOjJA8Zy7Eers21QsTScUrfI3hntzcPpMZzWRBWuyXqf/4350lRTki3hMSx +YB/eJlwehTmUAkC9E3oUE36PJqpp2mzC2cP68CIOdUtkdOVqzkfeZ54LlaJxgo5y +BuC9AqUH5OfVNjZps3yygYv2ahIPBMR8JNduUiTAuvXbIENVy58q6/rZjHcKRp8b +MUX6uWJrIXO5aSAIEljx9DbQoxSbmNJPiriuSKHbhrNPpI4xRlO9gTbaEC0ELKGC +qw0lA1it1XvbZtP4CHcfJ0hyGvy9yvDH2poMgjkhu7OZdN1qBsBRHIIED/Ijy+tz +nq7rQvmaDqZavlQbYREHdrjB/sS10Sblfu9h+vIwSx05UwSNGWNiDrvkQDPbVnTh +R32zsNAlq+f0CEmsgbYPrE/lFwfFS49F2Kmma92qcDiK76Audz/dqz6xPvYQCqra +a6Sa/uYr9aiaLsZTJ7nQ904KUE+Zwk7gcO32Bl7UO3NvkWlvSqOWGS/75WUgbrD6 +RARo6Xv6c8/OxgizzkboGBrdqqpmbG9PGi+gMrxShYtmZYcpD+dB91oKMC5q2lu6 +IGrEVlky2zd7KvrIE3YMETdYL0Eec/H0Jwuxnp9sr7GkBSUns0IczEK/En/NLcBm +TkvXzMghTKTbYL9TjbK/CLzOR+5XXCHxXgDGLg== +=VZfW -----END PGP PUBLIC KEY BLOCK----- " @@ -533,17 +568,19 @@ if [[ -n "${DRY_RUN}" ]]; then exit 0 fi -function is_modified() [[ -e "${WORKDIR}/disk_modified" ]] +function is_modified() { + [[ -e "${WORKDIR}/disk_modified" ]] +} _disk_status= -function wait_for_disk() { +function get_disk_status() { [ -n "${_disk_status}" ] || - read -rt 7200 _disk_status <> "${WORKDIR}/disk_modified" + read -rt 0.1 _disk_status <> "${WORKDIR}/disk_modified" # Use a timeout of 100ms to behave like a non-blocking read + echo "${_disk_status}" } function write_to_disk() { mkfifo -m 0600 "${WORKDIR}/disk_modified" - trap '(exec 2>/dev/null ; echo done > "${WORKDIR}/disk_modified") &' RETURN # We are at the point of no return, so wipe disk labels missed below. # In particular, ZFS writes labels in the last half-MiB of the disk. @@ -562,6 +599,8 @@ function write_to_disk() { done [ -z "$try" ] || exit 1 udevadm settle + # Communicate success through FIFO when the caller can't act on the return code + (exec 2>/dev/null ; echo "done" > "${WORKDIR}/disk_modified") & } function install_from_file() { @@ -667,9 +706,16 @@ function install_from_url() { [ ${EEND[2]} -ne 0 ] && echo "${EEND[2]}: GPG signature verification failed for ${IMAGE_NAME}" >&2 exit 1 fi 3> >(write_to_disk) + wait + if [ "$(get_disk_status)" != "done" ]; then + echo "write_to_disk: Failed writing image to disk" >&2 + exit 1 + fi } -function write_cloudinit() if [[ -n "${CLOUDINIT}${COPY_NET}" ]]; then +function write_cloudinit() { + if [[ -n "${CLOUDINIT}${COPY_NET}" ]]; then + ( # The ROOT partition should be #9 but make no assumptions here! # Also don't mount by label directly in case other devices conflict. local ROOT_DEV=$(blkid -t "LABEL=ROOT" -o device "${DEVICE}"*) @@ -679,7 +725,7 @@ function write_cloudinit() if [[ -n "${CLOUDINIT}${COPY_NET}" ]]; then "btrfs") mount -t btrfs -o subvol=root "${ROOT_DEV}" "${WORKDIR}/rootfs" ;; *) mount "${ROOT_DEV}" "${WORKDIR}/rootfs" ;; esac - trap 'umount "${WORKDIR}/rootfs"' RETURN + trap 'umount "${WORKDIR}/rootfs"' EXIT if [[ -n "${CLOUDINIT}" ]]; then echo "Installing cloud-config..." @@ -692,20 +738,26 @@ function write_cloudinit() if [[ -n "${CLOUDINIT}${COPY_NET}" ]]; then # Copy the entire directory, do not overwrite anything that might exist there, keep permissions, and copy the resolve.conf link as a file. cp --recursive --no-clobber --preserve --dereference /run/systemd/network/* "${WORKDIR}/rootfs/etc/systemd/network" fi -fi + ) + fi +} -function write_ignition() if [[ -n "${IGNITION}" ]]; then +function write_ignition() { + if [[ -n "${IGNITION}" ]]; then + ( # The OEM partition should be #6 but make no assumptions here! # Also don't mount by label directly in case other devices conflict. local OEM_DEV=$(blkid -t "LABEL=OEM" -o device "${DEVICE}"*) mkdir -p "${WORKDIR}/oemfs" mount "${OEM_DEV}" "${WORKDIR}/oemfs" || { btrfstune -f -u "${OEM_DEV}" ; mount "${OEM_DEV}" "${WORKDIR}/oemfs" ; } - trap 'umount "${WORKDIR}/oemfs"' RETURN + trap 'umount "${WORKDIR}/oemfs"' EXIT echo "Installing Ignition config ${IGNITION}..." cp "${IGNITION}" "${WORKDIR}/oemfs/config.ign" -fi + ) + fi +} function create_uefi() { ensure_tool "efibootmgr" @@ -728,7 +780,6 @@ else else install_from_url fi - wait_for_disk write_cloudinit write_ignition if [[ -n "${CREATE_UEFI}" ]]; then diff --git a/server_flatcar_deprecated_2023_08/howto.md b/server_flatcar_deprecated_2023_08/howto.md new file mode 100644 index 0000000..72e80dc --- /dev/null +++ b/server_flatcar_deprecated_2023_08/howto.md @@ -0,0 +1,17 @@ +yaml -> json +./ct-v0.9.3-x86_64-unknown-linux-gnu --in-file server_new.yaml > server_new.json + + +connect hard drive to running system and then install +sudo ./flatcar-install -d /dev/sdb -C stable -i server_new.json + + +- this failed, during gpg verification, then re-downloaded new version from github -> worked + + +couldn't use flatcar on new machine because it didn't boot with: + moklistrt: not found + I played around in bios settings, disabled secure boot etc.. didn't help + went for debian instead + + diff --git a/server_flatcar/server.json b/server_flatcar_deprecated_2023_08/server.json similarity index 100% rename from server_flatcar/server.json rename to server_flatcar_deprecated_2023_08/server.json diff --git a/server_flatcar/server.yaml b/server_flatcar_deprecated_2023_08/server.yaml similarity index 100% rename from server_flatcar/server.yaml rename to server_flatcar_deprecated_2023_08/server.yaml