Problem with grml autoconfig
Hello everyone!
Maybe this is not the right way to ask general user question (wrong mail list or something) so I'm sorry if made any problems.
I have an urgent situation to make ad-hoc openvpn server from usb stick. Using grml for some time as a live cd and recovery tool I think this can be done with grml.
So I have openvpn folder with all the necesary stuff, I formatted usb stick in following way: 1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") /dev/sdb1 2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script /dev/sdb5
grml.sh script is chmod 755, so executable and readable by everyone.
basicaly the content of script is:
#!/bin/bash ip link set dev eth0 up ip addr add dev eth0 192.168.1.253/24 ip route add default via 192.168.1.254 #now I wont to copy the folder to rw fs in order to write status files and logs so cp -r /mnt/grmlcfg/openvpn /root/ cd /root/openvpn openvpn --config /root/openvpn/server.conf & echo 1 > /proc/sys/net/ipv4/ip_forward #and to start ssh server to access the box /etc/init.d/ssh start
The debug output says that GRMLCFG is detected and mounted to /mnt/grmlcfg as ro
When booting finished, nothing has happened, as the script had not been run.
Can anybody shed some light on this please?
Thank You.
On Monday, 2011-09-05 at 01:28:29 -0700, Bojan Sukalo wrote:
So I have openvpn folder with all the necesary stuff, I formatted usb stick in following way:
- 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") /dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script /dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The grml.sh must be in the root of the filesystem, AFAIK. At least that's what works for me(TM). I use about the same setup (except that I use a physical partition for GRMLCFG).
HTH, Lupe Christoph
Thank You.
That helped a lot.
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
Even if it does, will I abe able to change from grml to root without knowing the root pass.
What would be the solution here?
________________________________ From: Lupe Christoph lupe@lupe-christoph.de To: Bojan Sukalo shukalo83@yahoo.com Cc: "grml@mur.at" grml@mur.at Sent: Monday, September 5, 2011 11:26 AM Subject: Re: [Grml] Problem with grml autoconfig
On Monday, 2011-09-05 at 01:28:29 -0700, Bojan Sukalo wrote:
So I have openvpn folder with all the necesary stuff, I formatted usb stick in following way:
- 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") /dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script /dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The grml.sh must be in the root of the filesystem, AFAIK. At least that's what works for me(TM). I use about the same setup (except that I use a physical partition for GRMLCFG).
HTH, Lupe Christoph
On Monday, 2011-09-05 at 06:50:05 -0700, Bojan Sukalo wrote:
Thank You. That helped a lot.
You're welcome.
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather than a password. While you could overwrite /etc/passwd from grml.sh or config.tbz, I would not recommend to do that.
Here is what I do:
1) Create /root/.ssh/authorized_keys 2) Save these files and directories to /mnt/GRMLCFG/config.tbz: /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /root/.ssh 3) Log in with the key
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights, without a password. But with the default /etc/shadow, "su -" does not request a password.
If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage it. I write the file and directory names to /mnt/GRMLCFG/config.list and run this little script (/mnt/GRMLCFG/save-config) to refresh /mnt/GRMLCFG/config.tbz:
#!/bin/sh
tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list
HTH, Lupe Christoph
Thank You once more.
Thing with keys works like a charm.
I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
As for ssh:mysecret that was typo and ssh=mysecret doesn't do any good. Maybe it's a bug or I make mistake somewhere else along the way.
Also, to avoid these kind of problems it seems to me that configuration is somewhat misleading.
I'll quote from grml-autoconfig web page:
Without any additional boot parameters, the GCA at DCSDIR/config.tbz is automatically unpacked and DCSDIR/scrips/grml.sh is automatically executed on system startup
DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh
________________________________ From: Lupe Christoph lupe@lupe-christoph.de To: Bojan Sukalo shukalo83@yahoo.com Cc: "grml@mur.at" grml@mur.at Sent: Monday, September 5, 2011 4:17 PM Subject: Re: [Grml] Problem with grml autoconfig
On Monday, 2011-09-05 at 06:50:05 -0700, Bojan Sukalo wrote:
Thank You. That helped a lot.
You're welcome.
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather than a password. While you could overwrite /etc/passwd from grml.sh or config.tbz, I would not recommend to do that.
Here is what I do:
1) Create /root/.ssh/authorized_keys 2) Save these files and directories to /mnt/GRMLCFG/config.tbz: /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /root/.ssh 3) Log in with the key
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights, without a password. But with the default /etc/shadow, "su -" does not request a password.
If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage it. I write the file and directory names to /mnt/GRMLCFG/config.list and run this little script (/mnt/GRMLCFG/save-config) to refresh /mnt/GRMLCFG/config.tbz:
#!/bin/sh
tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list
HTH, Lupe Christoph
* Bojan Sukalo wrote [06.09.11 08:37]: Hi,
Thank You once more.
Thing with keys works like a charm.
I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
As for ssh:mysecret that was typo and ssh=mysecret doesn't do any good. Maybe it's a bug or I make mistake somewhere else along the way.
Just tested it and it works for me. Please note that the password is set for the user grml.
Also, to avoid these kind of problems it seems to me that configuration is somewhat misleading.
I'll quote from grml-autoconfig web page:
Without any additional boot parameters, the GCA at DCSDIR/config.tbz is automatically unpacked and DCSDIR/scrips/grml.sh is automatically executed on system startup
DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh
It seems to be a little bit more complicated. If you are not using the GRMLCFG label i think it should have worked. I think we can change that to check for DCSDIR/scripts/grml.sh first and if not existant DSCDIR/grml.sh second.
Ulrich
On Tuesday, 2011-09-06 at 09:01:45 +0200, Ulrich Dangel wrote:
It seems to be a little bit more complicated. If you are not using the GRMLCFG label i think it should have worked. I think we can change that to check for DCSDIR/scripts/grml.sh first and if not existant DSCDIR/grml.sh second.
May I suggest to print a warning if both exist, to avoid confusion? (Maybe the current code does this already, I haven't checked.)
Lupe Christoph
* Bojan Sukalo wrote [05.09.11 15:50]:
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
The bootoption is ssh=mysecret (not : but =)
Even if it does, will I abe able to change from grml to root without knowing the root pass.
Yes.
Ulrich
Teilnehmer (3)
-
Bojan Sukalo -
Lupe Christoph -
Ulrich Dangel