Commit 5448bee6 authored by Dennis Baurichter's avatar Dennis Baurichter
Browse files

Install ipxe image via package

The ipxe EFI netboot image is available in an Arch Linux package since
2021-03-15. Thus it's no longer necessary to keep ipxe/arch_netboot.efi
in this repository. This also enables easy automatic updating of the
image if a new one is released upstream, making the ipxe-update role
obsolete.
parent a55e2e08
......@@ -3,7 +3,6 @@
set -eo pipefail
readonly ansible='https://git.cs.uni-paderborn.de/rbfsmi/rbfsmi-ansible.git'
readonly ansible_raw='https://git.cs.uni-paderborn.de/rbfsmi/rbfsmi-ansible/-/raw/master/'
readonly default_dev='/dev/sda'
packages="base base-devel linux btrfs-progs git ansible"
......@@ -372,6 +371,10 @@ if [ -n "$raid_action" ]; then
packages="$packages lvm2 mdadm xfsprogs"
fi
if [ "$bios" == false -a "$nodhcp" == false ]; then
packages="$packages ipxe"
fi
pacstrap /mnt $packages
echo '=> setting hostname'
......@@ -457,9 +460,23 @@ if [ "$bios" == false ]; then
if [ "$nodhcp" == false ]; then
echo '=> installing arch linux netboot'
mkdir /mnt/boot/ipxe
curl -O --output-dir /mnt/boot/ipxe "$ansible_raw"/ipxe/arch_netboot.efi
mkdir -p /mnt/boot/ipxe /mnt/etc/pacman.d/hooks
# copy file from ipxe package
cp --preserve=timestamps /mnt/usr/share/ipxe/x86_64/ipxe-arch.efi /mnt/boot/ipxe/arch_netboot.efi
efibootmgr -d "${devices[0]}" -p 1 -c -L "Arch Linux Netboot" -l /ipxe/arch_netboot.efi
cat > /mnt/etc/pacman.d/hooks/ipxe-arch-netboot.hook <<EOF
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = ipxe
[Action]
Description = Copy ipxe Arch netboot image to /boot/ipxe/
When = PostTransaction
Exec = /usr/bin/cp --preserve=timestamps /usr/share/ipxe/x86_64/ipxe-arch.efi /boot/ipxe/arch_netboot.efi
EOF
fi
fi
......
......@@ -284,11 +284,6 @@
- ttf-dejavu
- swaylock
- name: update ipxe archlinux netboot
hosts: workstation pocket-coffee
roles:
- role: ipxe-update
# Since setting up a new, fresh synapse server isn't the goal of this project, the initial database
# setup isn't implemented here. When setting up a new server, apply the playbook, run the documented
# setup steps (https://github.com/matrix-org/synapse/blob/master/docs/postgres.md#set-up-database),
......@@ -332,3 +327,11 @@
roles:
- role: klausurtool
# CLEANUP section
# remove leftovers from old roles
- name: cleanup old ipxe-update role
hosts: workstation pocket-coffee
roles:
- role: ipxe-update
ipxe_update:
timer: |
OnCalendar=*-*-* 2:00:00
RandomizedDelaySec=3m
---
- name: copy ipxe update script
template:
dest: /usr/local/bin
src: 'ipxe-update'
mode: a+x
- name: update ipxe units
template:
dest: /etc/systemd/system
src: "{{ item }}"
loop:
- ipxe-update.service
- ipxe-update.timer
- name: enable update ipxe timer
- name: stop old ipxe-update timer
service:
name: ipxe-update.timer
state: started
enabled: yes
state: stopped
enabled: no
daemon_reload: yes
# ignore missing unit
ignore_errors: yes
- name: remove old ipxe-update files
file:
path: "{{ item }}"
state: absent
loop:
- "/usr/local/bin/ipxe-update"
- "/etc/systemd/system/ipxe-update.service"
- "/etc/systemd/system/ipxe-update.timer"
#!/bin/bash -e
if [ "$EUID" -ne 0 ]; then
echo "This script requires root privileges. It is used within the ipxe-update ansible role."
exit 2
fi
line="$(curl --no-progress-meter 'https://www.archlinux.org/releng/netboot/' | grep 'ipxe\.efi.*x86_64 UEFI executable')"
file="$(grep -Po 'href="\K[^"]+/ipxe\.[^"]+\.efi(?=")' <<< "$line")"
filename="$(grep -o '[^/]*$' <<< "$file")"
sig="$(grep -Po 'href="\K[^"]+/ipxe\.efi\.[^"]+\.sig(?=")' <<< "$line")"
signame="$(grep -o '[^/]*$' <<< "$sig")"
if [ -d /boot/ipxe ]; then
if [ -f /boot/ipxe/arch_netboot.efi -a -f /boot/ipxe/".ver-$filename.txt" ]; then
echo 'iPXE EFI file up to date. Exiting.'
exit 0
else
tmpdir="$(mktemp -d --tmpdir update-ipxe.XXXXXXXX.d)"
trap 'rm -r "$tmpdir"/' EXIT
if curl --no-progress-meter --output-dir "$tmpdir" -O "https://www.archlinux.org/$file" && \
curl --no-progress-meter --output-dir "$tmpdir" -O "https://www.archlinux.org/$sig"; then
if gpg --no-default-keyring --keyring /etc/pacman.d/gnupg/pubring.gpg --verify "$tmpdir/$signame" "$tmpdir/$filename"; then
rm -f /boot/ipxe/.ver-*.txt
touch /boot/ipxe/.ver-"$filename.txt"
mv "$tmpdir/$filename" /boot/ipxe/arch_netboot.efi
else
echo 'Signature check failed! Abort.' >&2
exit 1
fi
else
echo 'Could not download efi and/or signature file. Abort.' >&2
exit 1
fi
fi
else
echo 'This host has no ipxe netboot configured. Abort.' >&2
exit 1
fi
{{ ansible_managed|comment }}
[Unit]
Description=update ipxe efi file for archlinux netboot
[Service]
ExecStart=/usr/local/bin/ipxe-update
TimeoutStopSec=180
{{ ansible_managed|comment }}
[Unit]
Description=daily ipxe-update script startup
[Timer]
{{ ipxe_update.timer }}
Unit=ipxe-update.service
[Install]
WantedBy=multi-user.target
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment