forked from obel1x/fedora-OEMDRV
Anaconda provisioning: Many fixes, first working autoinstall
This commit is contained in:
@@ -21,7 +21,7 @@
|
||||
# - Make it check for what to do each time so that it can be called every startup
|
||||
# - Make it callable from anakondas kickstart post- script to setup system at first run
|
||||
# (kickstart post-script must be non-interactive, while first start with systemd can have a service bounf to tty for getting user-input too)
|
||||
# - Detect System Environement and make User-Logon- Setup Start after first Logon
|
||||
# - Detect System Environment and make User-Logon- Setup Start after first Logon
|
||||
# Supported: Cinnamon, KDE
|
||||
# - Not needed: Import Firefox-Cert from IPA automatically at first run to system -> Somehow this is not needed any more, firefox will work from scratch!
|
||||
|
||||
@@ -32,26 +32,28 @@
|
||||
|
||||
# TODO write a doc!
|
||||
|
||||
#Load Sytem Settings
|
||||
#Load Sytem Settings - MUST BE SOURCED, otherwise Variables will not be available
|
||||
source $(dirname "$0")/setup_system.inc.sh
|
||||
|
||||
# TODO
|
||||
# Install System settings to installed system
|
||||
# read system settings from that file
|
||||
|
||||
##Step 1 - Install at System boot
|
||||
# Setup needed boot- service
|
||||
firstrun_prepare()
|
||||
{
|
||||
#Checking Service
|
||||
if [[ -z ${FIRSTRUN_SERVICENAME} ]]; then
|
||||
echo "Error in Config, no Servicename found. Please check your Environment for FIRSTRUN_SERVICENAME."
|
||||
env
|
||||
exit 1
|
||||
fi
|
||||
FIRSTRUN_SERVICESTATUS=$( systemctl is-enabled ${FIRSTRUN_SERVICENAME} )
|
||||
echo "Current Service Status of ${FIRSTRUN_SERVICENAME} is ${FIRSTRUN_SERVICESTATUS}"
|
||||
if [ ${FIRSTRUN_SERVICESTATUS} != "enabled" ]; then
|
||||
if [ "${FIRSTRUN_SERVICESTATUS}." != "enabled." ]; then
|
||||
echo "Installing Service at ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}"
|
||||
( cat <<EOF | sudo tee ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
|
||||
[Unit]
|
||||
Description=First time setup of this PC
|
||||
After=NetworkManager-wait-online.service
|
||||
Before=sssd.service
|
||||
Before=systemd-user-sessions.service nss-user-lookup.target
|
||||
Wants=nss-user-lookup.target
|
||||
ConditionKernelCommandLine=!inst.nofirstrun
|
||||
|
||||
[Service]
|
||||
@@ -65,7 +67,7 @@ ExecStart=/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run
|
||||
#ExecStart=-/sbin/agetty --noclear -n -l "/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run" %I 38400
|
||||
# user interaction in tty8
|
||||
StandardInput=tty
|
||||
TTYPath=/dev/tty8
|
||||
TTYPath=/dev/tty2
|
||||
TTYReset=yes
|
||||
TTYVHangup=yes
|
||||
|
||||
@@ -88,7 +90,10 @@ firstrun_remove()
|
||||
#Do updates
|
||||
upgrade_interactive()
|
||||
{
|
||||
check_root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "ERROR: Not running as root, cannot continue."
|
||||
return 1
|
||||
fi
|
||||
dnf upgrade --refresh
|
||||
#Check if restart is needed
|
||||
dnf needs-restarting
|
||||
@@ -109,29 +114,36 @@ fi
|
||||
}
|
||||
|
||||
#Software needed and additional stuff
|
||||
# Moved all to syc_client_software.sh to make it more interactive
|
||||
install_sw()
|
||||
{
|
||||
check_root
|
||||
dnf install -y mc htop ipa-client thunderbird pykickstart gocryptfs mediawriter
|
||||
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
|
||||
|
||||
#Set default Umask 0077
|
||||
sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6}
|
||||
( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "ERROR: Not running as root, cannot continue."
|
||||
return 1
|
||||
fi
|
||||
#Set default Umask 0077
|
||||
sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6}
|
||||
( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null
|
||||
#Append OEMDRV mount to SYSCONFIGPATH in fstab
|
||||
echo "LABEL=OEMDRV ${SYSCONFIGPATH} btrfs noatime,nodiratime,nofail 0 0" >> /etc/fstab
|
||||
}
|
||||
|
||||
ipa_register_host()
|
||||
{
|
||||
#Integrate this PC into Domain
|
||||
chvt 8
|
||||
chvt 2
|
||||
#Check if IPA is already Configured
|
||||
echo "Checking for existing IPA- Setup."
|
||||
if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then
|
||||
echo "IPA is already installed, skipping setup."
|
||||
chvt 1
|
||||
return 0
|
||||
fi
|
||||
echo "IPA not jet installed, doing Setup."
|
||||
check_root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "ERROR: Not running as root, cannot continue."
|
||||
return 1
|
||||
fi
|
||||
#Serialnr of this device
|
||||
echo "This PC is called ${FQDN} and will join Domain ${DOMAIN}"
|
||||
#Always set determined hostname - see setup_system.conf
|
||||
@@ -147,22 +159,41 @@ echo -n "Please Enter your Domain- Userid: "
|
||||
read IPAUSERID
|
||||
echo -n "Please Enter your Domain- Password: "
|
||||
read -s IPAPASSWD
|
||||
INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} --hostname=${FQDN} -w ${IPAPASSWD}"
|
||||
echo ${INSTCMD}
|
||||
echo ""
|
||||
INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} -w ${IPAPASSWD}"
|
||||
echo "${INSTCMD/${IPAPASSWD}/*PASSWD*}"
|
||||
${INSTCMD}
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Some Error. Please check what went wrong and redo."
|
||||
return 1
|
||||
fi
|
||||
echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, restart SSSD- Service and check the Logs."
|
||||
echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, check the Logs at /var/sssd."
|
||||
echo ""
|
||||
echo "ADVISE: for the First Logon, you may use Console (Using e.g. CONTROL+ALT+F3) - as maybe you will be prompted for Changing your Password there"
|
||||
echo "which may not work on graphical logon. After that works, use CONTROL+ALT+F2 (or F7) to get back to the graphical logon."
|
||||
echo ""
|
||||
read -n 1 -s -r -p "Press any key to continue."
|
||||
chvt 1
|
||||
echo ""
|
||||
}
|
||||
|
||||
prepare_skel()
|
||||
{
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "ERROR: Not running as root, cannot continue."
|
||||
return 1
|
||||
fi
|
||||
#Copy and extrakt Skel-Archive
|
||||
#Include: Autostart for Getting WEB-DAV-Token if not there
|
||||
#+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token
|
||||
# https://nextcloud.obel1x.de/settings/user/security
|
||||
#
|
||||
#File was created with from Draft-Folder and then transferred to NC
|
||||
#tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup
|
||||
#
|
||||
./setup_skel.sh
|
||||
}
|
||||
|
||||
test_tty()
|
||||
{
|
||||
#Use TTY3 and show it
|
||||
@@ -175,23 +206,10 @@ test_tty()
|
||||
echo "========== END ========"
|
||||
}
|
||||
|
||||
prepare_skel()
|
||||
{
|
||||
check_root
|
||||
#Copy and extrakt Skel-Archive
|
||||
#Include: Autostart for Getting WEB-DAV-Token if not there
|
||||
#+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token
|
||||
# https://nextcloud.obel1x.de/settings/user/security
|
||||
#
|
||||
#File was created with from Draft-Folder and then transferred to NC
|
||||
#tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup
|
||||
#
|
||||
./setup_skel.sh
|
||||
}
|
||||
|
||||
### MAIN
|
||||
case $1 in
|
||||
'install')
|
||||
# Executed after base installation (anaconda post script)
|
||||
echo "Mode: Install"
|
||||
install_sw
|
||||
prepare_skel
|
||||
@@ -204,7 +222,6 @@ case $1 in
|
||||
firstrun_remove
|
||||
;;
|
||||
'firstrun_run')
|
||||
# test_tty
|
||||
ipa_register_host
|
||||
echo "========== END FIRSTRUN-SERVICE ========"
|
||||
;;
|
||||
|
||||
Reference in New Issue
Block a user