UEFI boot dropping to startup.nsh prompt

[Laura Smith via linux-fai]

Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.

This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
I'm building a UEFI image for Debian Bookworkm, but when I load the qcow2 and 
attempt to boot it, it drops into a startup.nsh prompt as below.

I have tried building with grub-efi-amd64-signed instead of grub-efi-amd64, but 
that does not make any difference.

Any ideas how I can troubleshoot ?

Thanks !

UEFI Interactive Shell v2.2
EDK II
UEFI 2.70 (EDK II, 0x0001)
Mapping table
FSO: Alias (s) :HDOb: : BLK1:
PciRoot (0x0) /Pci (0x4,0x0) /HD 
(1,GPT,41F5FCD7-6BFF-49A0-B726-E168F937E46D,0x800,0x10)
BLKO: Alias (s) :
PciRoot (0x0) /Pci (0x4,0×0)
BLK2: Alias (s) :
PciRoot (0x0) /Pci (0x4,0x0) /HD (2,GPT 
,F6E9D048-1C74-4A2E-A196-6BFE311BEE82,0×100800,0x1C3800)
BLK3: Alias (s) :
PciRoot (0x0) /Pci (0x4,0x0) /HD (3,GPT 
,9F400A0A-EE84-4F72-BA36-431EEB828209,0x2C4000,0x113B800)
Press ESC in 1 seconds to skip startup.nsh or any other key to continue.Shell>--- End Message ---

Re: Adding options for qcow2 output ?

[Laura Smith via linux-fai]

Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.

This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
Hi Thoma

I see. Thank you, I'll try that.

Laura

On Tuesday, 9 April 2024 at 16:46, Thomas Lange  wrote:

> Hi Laura,
> 
> with fai-diskimage you can't add options for qcow2. But you can create
> a raw image and then manually convert it to qcow2 using any options
> you like. In the end fai-diskimage is also just creating a raw image
> and converts this to qcow2 using
> 
> qemu-img convert -f raw $rawname -O -c -o compression_type=zstd qcow2 
> $qcowname
> 
> > > > > > On Tue, 09 Apr 2024 15:14:07 +, Laura Smith via linux-fai 
> > > > > > linux-fai@uni-koeln.de said:
> 
> 
> 
> > Hi
> 
> > How do I set the "preallocation=off" qcow2 option on the output for 
> > fai-diskimage ?
> 
> 
> --
> viele Grüße Thomas
--- End Message ---

Adding options for qcow2 output ?

[Laura Smith via linux-fai]

Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.

This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
Hi

How do I set the "preallocation=off" qcow2 option on the output for 
fai-diskimage ?

Thanks

Laura
--- End Message ---

Re: FAI + SaltStack anybody?

[Laura Smith via linux-fai]

Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.

This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
Hi Diego

Its been a while since I worked with Salt, but IIRC it sounds like what is not 
"clicking" is that you need to fix the TOFU problem.

Looking back through my notes, it seems 
https://docs.saltproject.io/en/latest/topics/tutorials/multimaster_pki.html 
might be worth a read.

In particular, maybe "master_sign_pubkey: True" on the Salt master, 
"verify_master_pubkey_sign: True" on the minion, and the master pubkeys put in 
"/etc/salt/pki/minion/" on the minions.

Then on Salt master all you have to do is approve the new connections as they 
come online.

--- Original Message ---
On Thursday, October 5th, 2023 at 13:59, Diego Zuccato  
wrote:


> Hello all.
> 
> Does someone use FAI to install the base system that will be managed by
> Salt?
> I'm trying to integrate 'em but there's still something that doesn't
> "click"...
> 
> My current idea is to use Salt to orchestrate the install, but maybe
> it's better left to FAI? How can I "pass around" minion key so I don't
> have to manually re-approve the new key every time?
> The ideal scenario would be: target generates its keypair, sends the
> pubkey to FAI that "certifies" it's from the system being installed and
> passes it to Salt. Should I write a custom fai-monitor (that would be
> needed anyway to disable netboot once system is reinstalled)?
> 
> TIA.
> 
> --
> Diego Zuccato
> DIFA - Dip. di Fisica e Astronomia
> Servizi Informatici
> Alma Mater Studiorum - Università di Bologna
> V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
> tel.: +39 051 20 95786
--- End Message ---

usermod: group 'systemd-journal' does not exist (only with FAI script)

[Laura Smith via linux-fai]

Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.

This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
I am getting this completely nonsensical error message when attempting to build 
a Debian Bookworm disk image.

My FAI build script (/srv/fai/config/scripts/...) has the following:
if [ $CREATE_USER -eq 1 ]; then
$ROOTCMD adduser --comment "${USERN} - added with FAI" --shell /bin/bash 
--disabled-password $USERN
$ROOTCMD usermod -a -G sudo,adm,systemd-journal $USERN
$ROOTCMD chpasswd --encrypted <<< "${USERN}:${USERP}"
fi

This fails with error "usermod: group 'systemd-journal' does not exist".

But this makes zero sense.

1) The group clearly exists in Bookworm
cat /etc/group | fgrep system
systemd-journal:x:999:
systemd-network:x:998:
systemd-timesync:x:997:

2) If I run the same commands manually on a Bookworm system they run fine:
adduser --comment "test123" --shell /bin/false --disabled-password test123
Adding user `test123' ...
Adding new group `test123' (1001) ...
Adding new user `test123' (1001) with group `test123 (1001)' ...
Creating home directory `/home/test123' ...
Copying files from `/etc/skel' ...
Adding new user `test123' to supplemental / extra groups `users' ...
Adding user `test123' to group `users' ...
usermod -a -G sudo,adm,systemd-journal test123
echo $?
--- End Message ---

fai-mirror failing due to dependencies

[Laura Smith via linux-fai]

Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.

This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
For example:

fai-mirror  /srv/fai/mirror

Fails on grub-pc:


Package grub-pc is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  grub2-common grub-common

E: Package 'grub-pc' has no installation candidate
ERROR: 25600 25600
ERROR:  apt-get  -d-o Aptitude::Log=/dev/null   -o 
Aptitude::CmdLine::Ignore-Trust-Violations=yes  -o 
APT::Get::AllowUnauthenticated=true   -o 
Acquire::AllowInsecureRepositories=true   -o DPkg::force-conflicts::=yes
   -o Dir::State=/srv/fai/mirror/aptcache/var/lib/apt   -o 
Dir::Log=/srv/fai/mirror/aptcache/var/log/apt   -o 
Dir::State::extended_states=/srv/fai/mirror/aptcache/var/lib/apt/lists/extended_states
   -o Dir::State::status=/srv/fai/mirror/aptcache/statefile   -o 
Dir::Cache=/srv/fai/mirror/aptcache/var/cache/apt   -o 
Dir::State=/srv/fai/mirror/aptcache/var/cache/apt   -o 
Dir::Cache::Archives=/srv/fai/mirror/aptcache/var/cache/apt/archives   -o 
Dir::Etc=/srv/fai/mirror/aptcache/etc/apt/   -o 
Dir::State::Lists=/srv/fai/mirror/aptcache/var/lib/apt/lists/ -y --fix-missing 
install --no-install-recommends  grub-pc return code 100
8 errors during executing of install_packages
ERROR when downloading packages. Your mirror is broken. Use fai-mirror -v for 
details.
--- End Message ---