ssh keys acceptation in log saving phase and interfaces selection for automated install
Hello, I found fai as very ggod solution for automatic installation of Debian Lenny. I encountered three problems that I was not able to resolve easily. 1) During the log saving phase, the installed machine tries to copy all logs by rcp (I suppose) which is only link for ssh, so it asks to confirm acceptation of keys which must be accepted by keyboard. I thought of distributing certificates during the installation, but it is such usual thing that there must be some better way how to resolve it. 2) On four network interface cards machine I have problem selecting the to boot on. The computer is Sun Fire X4170 and the problem is in two "features": a) only two interfaces can be selected to boot from (in BIOS) b) the interfaces selected for image download from TFTP is not the same it tries to mount NFS. So it can take the TFTP image from interface no 1, but then it tries to mount NFS on interface no 2. On the other hand I am not able to boot on interface no 2. My question is: is there some way how to configure which device shall be used during tftp phase or how the interfaces should be numbered after booting the downloaded vmlinuz/initrd? 3) The third thing is that the fai installation does not change in the end the status of the installed machine. So after successfull installation, it reboots and install again. I thought I used wrong switch on fai-.chboot but I have not found any clues in man page. Could anyone help with these issues? Thanks for any comments in advance. Lukas
Re: ssh keys acceptation in log saving phase and interfaces selection for automated install
> On Wed, 7 Oct 2009 13:33:32 +0200, Luká? Oliva > said: > 1) During the log saving phase, the installed machine tries to copy > all logs by rcp (I suppose) which is only link for ssh, so it asks to > confirm acceptation of keys which must be accepted by keyboard. I > thought of distributing certificates during the installation, but it > is such usual thing that there must be some better way how to resolve > it. > 3) The third thing is that the fai installation does not change in the > end the status of the installed machine. So after successfull > installation, it reboots and install again. I thought I used wrong > switch on fai-.chboot but I have not found any clues in man page. Those two issues are the cause of your wrong setting of FAI_LOGPROTO. But since you are using rsh, I gues you are using an old FAI version. The new version have ssh enabled by default (in fai.conf: FAI_LOGPROTO=ssh) Check your settings and call fai-setup again, which should setup the ssh keys, so your root account can save the log files onto your install server without asking for the passeord. -- regards Thomas
Re: ssh keys acceptation in log saving phase and interfaces selection for automated install
Hi, Luká? Oliva wrote on 2009-10-07 13:33:32 +0200 [ssh keys acceptation in log saving phase and interfaces selection for automated install]: > [...] > 1) During the log saving phase, the installed machine tries to copy > all logs by rcp (I suppose) which is only link for ssh, so it asks to > confirm acceptation of keys which must be accepted by keyboard. I > thought of distributing certificates during the installation, but it > is such usual thing that there must be some better way how to resolve > it. the public host key of the FAI server needs to be in either $NFSROOT/etc/ssh/ssh_known_hosts or $NFSROOT/root/.ssh/known_hosts. I believe that normally FAI (i.e. fai-setup) takes care of that. I've run into the same problem that you are experiencing, though I don't recall why (probably a change of the host key or the name of the FAI server machine without re-running fai-setup). The simple solution for adding the key to root's known_hosts is, on the FAI server, chroot $NFSROOT ssh $HOSTNAME (don't use 'localhost', use the name of the FAI server machine) and then type 'yes' to accept the key - you don't need to complete the login. There are probably simpler (i.e. more scriptable) ways (along the lines of 'cat /etc/ssh/ssh_host_[dr]sa_key.pub >> $NFSROOT/root/.ssh/known_hosts', except that that won't work; you'd need to change the format of the lines), but the 'ssh' above "works well for me". Tip: if you repeat the command, it shouldn't ask for confirmation the second time. > 2) On four network interface cards machine I have problem selecting > the to boot on. I believe that has been frequently discussed lately (though not by me). You might want to search the archives or the wiki (though I can only find a link to a non-existant wiki page in there ...). > 3) The third thing is that the fai installation does not change in the > end the status of the installed machine. That is because this is also done by 'ssh -l fai ...' (and presumably after saving the logs). Since you never get past there, it doesn't happen for you, but it will after you get non-interactive ssh working again. Regards, Holger
