- Add spaces to dracut config (Closes:#43)

- Randomize mdadm systemd timer
- Add support for arm64 images
- Increase size for /boot to 1G
- Remove beta flag for Alma and Rocky
- Add missing base image for Proxmox 7

almalinux.sh

@@ -42,8 +42,8 @@ generate_new_ramdisk() {
     local dracutfile="$FOLD/hdd/etc/dracut.conf.d/99-$C_SHORT.conf"
     {
       echo "### $COMPANY - installimage"
-      echo 'add_dracutmodules+="lvm mdraid"'
-      echo 'add_drivers+="raid0 raid1 raid10 raid456"'
+      echo 'add_dracutmodules+=" lvm mdraid "'
+      echo 'add_drivers+=" raid0 raid1 raid10 raid456 "'
       #echo 'early_microcode="no"'
       echo 'hostonly="no"'
       echo 'hostonly_cmdline="no"'
@@ -98,6 +98,10 @@ generate_config_grub() {
     grub_cmdline_linux=${grub_cmdline_linux/nomodeset }
   fi
 
+  if [ "$SYSARCH" == "arm64" ]; then
+    grub_cmdline_linux+=' console=ttyAMA0 console=tty0'
+  fi
+
   sed -i "s/GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"$grub_cmdline_linux\"/" "$FOLD/hdd/etc/default/grub"
 
   rm -f "$FOLD/hdd/boot/grub2/grub.cfg"
@@ -137,6 +141,8 @@ write_grub() {
 # for purpose of e.g. debian-sys-maint mysql user password in debian/ubuntu LAMP
 #
 run_os_specific_functions() {
+  randomize_mdadm_array_check_time
+
   # selinux autorelabel if enabled
   egrep -q "SELINUX=enforcing" "$FOLD/hdd/etc/sysconfig/selinux" &&
     touch "$FOLD/hdd/.autorelabel"

archlinux.sh

@@ -261,7 +261,7 @@ generate_config_grub() {
 }
 
 run_os_specific_functions() {
-  :
+  randomize_mdadm_array_check_time
 }
 
 # vim: ai:ts=2:sw=2:et

centos.sh

@@ -42,8 +42,8 @@ generate_new_ramdisk() {
     local dracutfile="$FOLD/hdd/etc/dracut.conf.d/99-$C_SHORT.conf"
     {
       echo "### $COMPANY - installimage"
-      echo 'add_dracutmodules+="lvm mdraid"'
-      echo 'add_drivers+="raid0 raid1 raid10 raid456"'
+      echo 'add_dracutmodules+=" lvm mdraid "'
+      echo 'add_drivers+=" raid0 raid1 raid10 raid456 "'
       #echo 'early_microcode="no"'
       echo 'hostonly="no"'
       echo 'hostonly_cmdline="no"'
@@ -98,6 +98,10 @@ generate_config_grub() {
     grub_cmdline_linux=${grub_cmdline_linux/nomodeset }
   fi
 
+  if [ "$SYSARCH" == "arm64" ]; then
+    grub_cmdline_linux+=' console=ttyAMA0 console=tty0'
+  fi
+
   sed -i "s/GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"$grub_cmdline_linux\"/" "$FOLD/hdd/etc/default/grub"
 
   rm -f "$FOLD/hdd/boot/grub2/grub.cfg"
@@ -137,6 +141,7 @@ write_grub() {
 # for purpose of e.g. debian-sys-maint mysql user password in debian/ubuntu LAMP
 #
 run_os_specific_functions() {
+  randomize_mdadm_array_check_time
 
   execute_chroot_command "chkconfig iptables off"
   execute_chroot_command "chkconfig ip6tables off"

config.sh

@@ -49,9 +49,9 @@ export AUTH_DNS1="ns1.first-ns.de"
 export AUTH_DNS2="robotns2.second-ns.de"
 export AUTH_DNS3="robotns3.second-ns.com"
 
-export DEFAULTPARTS="UEFI##PART swap swap SWAPSIZE##G\nPART /boot ext3 512M\nPART / ext4 all"
-export DEFAULTPARTS_BIG="UEFI##PART swap swap SWAPSIZE##G\nPART /boot ext3 512M\nPART / ext4 1024G\nPART /home ext4 all"
-export DEFAULTPARTS_LARGE="UEFI##PART swap swap SWAPSIZE##G\nPART /boot ext3 512M\nPART / ext4 2014G\nPART /home ext4 all"
+export DEFAULTPARTS="UEFI##PART swap swap SWAPSIZE##G\nPART /boot ext3 1024M\nPART / ext4 all"
+export DEFAULTPARTS_BIG="UEFI##PART swap swap SWAPSIZE##G\nPART /boot ext3 1024M\nPART / ext4 1024G\nPART /home ext4 all"
+export DEFAULTPARTS_LARGE="UEFI##PART swap swap SWAPSIZE##G\nPART /boot ext3 1024M\nPART / ext4 2014G\nPART /home ext4 all"
 export DEFAULTPARTS_VSERVER="PART / ext3 all"
 export DEFAULTPARTS_CLOUDSERVER="PART / ext4 all"
 export DEFAULTSWRAID="1"
@@ -74,13 +74,13 @@ export OSMENULIST=(
   "Arch Linux"    "(Official)"
 )
 if (($(find "$IMAGESPATH" -type f -iname '*centos*stream*' -printf '.' | wc -c) > 0)); then
-  export OSMENULIST+=("CentOS Stream" "(!!BETA, NO SUPPORT!!)")
+  export OSMENULIST+=("CentOS Stream" "(Official)")
 fi
 if (($(find "$IMAGESPATH" -type f -iname '*alma*' -printf '.' | wc -c) > 0)); then
-  export OSMENULIST+=("AlmaLinux"     "(!!BETA, NO SUPPORT!!)")
+  export OSMENULIST+=("AlmaLinux"     "(Official)")
 fi
 if (($(find "$IMAGESPATH" -type f -iname '*rocky*' -printf '.' | wc -c) > 0)); then
- export OSMENULIST+=("Rocky Linux"   "(!!BETA, NO SUPPORT!!)")
+ export OSMENULIST+=("Rocky Linux"   "(Official)")
 fi
 export OSMENULIST+=(
   "Other"         "(!!NO SUPPORT!!)"
@@ -91,6 +91,7 @@ export OSMENULIST+=(
 export PROXMOX4_BASE_IMAGE="Debian-811-jessie-64-minimal"
 export PROXMOX5_BASE_IMAGE="Debian-913-stretch-64-minimal"
 export PROXMOX6_BASE_IMAGE="Debian-1010-buster-64-minimal"
+export PROXMOX7_BASE_IMAGE="Debian-1101-bullseye-amd64-base"
 
 export CPANEL_INSTALLER_SRC=http://mirror.hetzner.com/tools/cpanelinc/cpanel
 

debian.sh

@@ -99,6 +99,10 @@ generate_config_grub() {
     grub_linux_default=${grub_linux_default/nomodeset }
   fi
 
+  if [ "$SYSARCH" == "arm64" ]; then
+    grub_linux_default+=' console=ttyAMA0 console=tty0'
+  fi
+
   sed -i "$grubdefconf" -e "s/^GRUB_HIDDEN_TIMEOUT=.*/GRUB_HIDDEN_TIMEOUT=5/" -e "s/^GRUB_HIDDEN_TIMEOUT_QUIET=.*/GRUB_HIDDEN_TIMEOUT_QUIET=false/"
   sed -i "$grubdefconf" -e "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"${grub_linux_default}\"/"
 
@@ -111,7 +115,7 @@ generate_config_grub() {
 
   execute_chroot_command "grub-mkconfig -o /boot/grub/grub.cfg 2>&1"
   if [ "$UEFI" -eq 1 ]; then
-    local efi_target="x86_64-efi"
+    local efi_target="${SYSARCH}-efi"
     local efi_dir="/boot/efi"
     local efi_grub_options="--no-floppy --no-nvram --removable"
     execute_chroot_command "grub-install --target=${efi_target} --efi-directory=${efi_dir} ${efi_grub_options} 2>&1"
@@ -152,7 +156,7 @@ delete_grub_device_map() {
 # for purpose of e.g. debian-sys-maint mysql user password in debian/ubuntu LAMP
 #
 run_os_specific_functions() {
-  randomize_mdadm_checkarray_cronjob_time
+  randomize_mdadm_array_check_time
 
   if hetzner_lamp_install; then
     setup_hetzner_lamp || return 1
@@ -164,21 +168,6 @@ run_os_specific_functions() {
   return 0
 }
 
-randomize_mdadm_checkarray_cronjob_time() {
-  local mdcron="$FOLD/hdd/etc/cron.d/mdadm"
-  if [ -f "$mdcron" ] && grep -q checkarray "$mdcron"; then
-    declare -i hour minute day
-    minute=$(((RANDOM % 59) + 1))
-    hour=$(((RANDOM % 4) + 1))
-    day=$(((RANDOM % 28) + 1))
-    debug "# Randomizing cronjob run time for mdadm checkarray: day $day @ $hour:$minute"
-
-    sed -i -e "s/^[* 0-9]*root/$minute $hour $day * * root/" -e "s/ &&.*]//" "$mdcron"
-  else
-    debug "# No /etc/cron.d/mdadm found to randomize cronjob run time"
-  fi
-}
-
 debian_grub_fix() {
   local mapper="$FOLD/hdd/dev/mapper"
   local tempfile="$FOLD/hdd/tmp/mapper.tmp"

functions.sh

@@ -59,12 +59,17 @@ ROOTHASH=""
 ERROREXIT="0"
 FINALIMAGEPATH=""
 
-SYSMFC=$(dmidecode -s system-manufacturer 2>/dev/null | tail -n1)
-SYSTYPE=$(dmidecode -s system-product-name 2>/dev/null | tail -n1)
+SYSMFC="$(dmidecode -s system-manufacturer 2>/dev/null | tail -n1)"
+SYSTYPE="$(dmidecode -s system-product-name 2>/dev/null | tail -n1)"
 debug "# SYSTYPE: $SYSTYPE"
 debug "# SYSMFC:  $SYSMFC"
-MBTYPE=$(dmidecode -s baseboard-product-name 2>/dev/null | tail -n1)
-SYSARCH=$(uname -m)
+MBTYPE="$(dmidecode -s baseboard-product-name 2>/dev/null | tail -n1)"
+
+SYSARCH="$(uname -m)"
+
+if [ "$SYSARCH" == "aarch64" ]; then
+  SYSARCH="arm64"
+fi
 
 if [ -d "/sys/firmware/efi" ]; then
   UEFI=1
@@ -96,9 +101,9 @@ generate_menu() {
   if [ "$1" = "Other" ]; then
     RAWLIST=""
     RAWLIST=$(find "$IMAGESPATH"/ -maxdepth 1 -type f -name "CoreOS*" -a -not -name "*.sig" -printf '%f\n')
-    RAWLIST="$RAWLIST Proxmox-Virtualization-Environment-on-Debian-Jessie"
-    RAWLIST="$RAWLIST Proxmox-Virtualization-Environment-on-Debian-Stretch"
+    RAWLIST="$RAWLIST Proxmox-Virtualization-Environment-on-Debian-Bullseye"
     RAWLIST="$RAWLIST Proxmox-Virtualization-Environment-on-Debian-Buster"
+    RAWLIST="$RAWLIST Proxmox-Virtualization-Environment-on-Debian-Stretch"
     RAWLIST="$RAWLIST $(find "$IMAGESPATH/" -maxdepth 1 -type f -iname '*beta*' -a -not -name '*.sig' -printf '%f\n')"
   elif [ "$1" = "Old images" ]; then
     # skip CPANEL images and signatures files from list
@@ -128,11 +133,23 @@ generate_menu() {
   # ensure rawlist is newline separated
   RAWLIST="$(echo "$RAWLIST" | xargs | tr ' ' "\n")"
 
-  # check if 32-bit rescue is activated and disable 64-bit images then
-  if [ "$(uname -m)" != "x86_64" ]; then
-    RAWLIST="$(echo "$RAWLIST" | grep -v "\-64\-[a-zA-Z]")"
-    RAWLIST="$(echo "$RAWLIST" | grep -v "\-amd64\-[a-zA-Z]")"
-  fi
+  # filter images based on $SYSARCH
+  case "$SYSARCH" in
+    x86_64)
+      RAWLIST="$(echo "$RAWLIST" | grep -v -E "\-(32|i386)\-[a-zA-Z]")"
+      RAWLIST="$(echo "$RAWLIST" | grep -v -E "\-arm64\-[a-zA-Z]")"
+      ;;
+    i386)
+      RAWLIST="$(echo "$RAWLIST" | grep -E "\-(32|i386)\-[a-zA-Z]")"
+      ;;
+    arm64)
+      RAWLIST="$(echo "$RAWLIST" | grep "\-arm64\-[a-zA-Z]")"
+      ;;
+    *)
+      echo "unknown arch $SYSARCH - exiting"
+      exit 1
+      ;;
+  esac
 
   case "${1,,}" in
     *)
@@ -168,9 +185,9 @@ generate_menu() {
   case $IMAGENAME in
     Proxmox-Virtualization-Environment*)
       case "$IMAGENAME" in
-        Proxmox-Virtualization-Environment-on-Debian-Jessie) export PROXMOX_VERSION="4" ;;
-        Proxmox-Virtualization-Environment-on-Debian-Stretch) export PROXMOX_VERSION="5" ;;
+        Proxmox-Virtualization-Environment-on-Debian-Bullseye) export PROXMOX_VERSION="7" ;;
         Proxmox-Virtualization-Environment-on-Debian-Buster) export PROXMOX_VERSION="6" ;;
+        Proxmox-Virtualization-Environment-on-Debian-Stretch) export PROXMOX_VERSION="5" ;;
       esac
       cp "$SCRIPTPATH/post-install/proxmox$PROXMOX_VERSION" /post-install
       chmod 0755 /post-install
@@ -2772,7 +2789,13 @@ extract_image() {
 
     # extract ESP content first, so we can still use bsdtar later
     if [ "$UEFI" -eq 1 ]; then
-      tar "${tar_options[@]}" $COMPRESSION -f "$EXTRACTFROM" -C "$FOLD/hdd/" boot/efi 2>&1 | debugoutput ; EXITCODE=$?
+      if tar -tvf "$EXTRACTFROM" boot &> /dev/null; then
+         local boot=boot
+      else
+        local boot=./boot
+      fi
+
+      tar "${tar_options[@]}" $COMPRESSION -f "$EXTRACTFROM" -C "$FOLD/hdd/" "$boot/efi" 2>&1 | debugoutput ; EXITCODE=$?
       tar_options+=(--exclude 'boot/efi')
       bsdtar_options+=(--exclude '^boot/efi')
     fi

mysql.functions.sh

@@ -3,7 +3,7 @@
 #
 # mysql functions
 #
-# (c) 2016-2018, Hetzner Online GmbH
+# (c) 2016-2021, Hetzner Online GmbH
 #
 
 mysql_running() { execute_command_wo_debug mysqladmin ping &> /dev/null; }
@@ -52,7 +52,7 @@ set_mysql_password() {
   local user="$1"
   local password="$2"
   if mysql_version_ge 5.7.6; then
-    if ! [[ "$(query_mysql "SELECT plugin FROM mysql.user WHERE user = '${user//\'/\\\'}';")" =~ ^mysql_native_password$|^unix_socket$ ]]; then
+    if ! [[ "$(query_mysql "SELECT plugin FROM mysql.user WHERE user = '${user//\'/\\\'}';")" =~ ^mysql_native_password$|^unix_socket$|^auth_socket$ ]]; then
       local password_field='password'
     else
       local password_field='authentication_string'
@@ -77,8 +77,21 @@ reset_mysql_root_password() {
   stop_mysql || return 1
   execute_command_wo_debug mkdir -p /var/run/mysqld || return 1
   execute_command_wo_debug chown mysql:mysql /var/run/mysqld || return 1
+
+  # work around INSTALL PLUGIN ERROR 1030 (HY000) at line 1: Got error 1 from storage engine
   execute_command_wo_debug 'mysqld_safe --skip-grant-tables &> /dev/null &'
   until mysql_running; do :; done
+  local add_args
+  if [[ "$(query_mysql "SELECT plugin FROM mysql.user WHERE user = 'root';")" =~ ^auth_socket$ ]]; then
+    if ! query_mysql 'SHOW PLUGINS' | grep -q '^auth_socket[[:space:]]'; then
+      add_args+=' --plugin-load-add=auth_socket.so'
+    fi
+  fi
+  execute_command_wo_debug mysqladmin shutdown &> /dev/null || return 1
+  while mysql_running; do :; done
+
+  execute_command_wo_debug "mysqld_safe --skip-grant-tables $add_args &> /dev/null &"
+  until mysql_running; do :; done
   set_mysql_password root "$new_root_password" || return 1
   {
     echo '[client]'

network_config.functions.sh

@@ -297,7 +297,7 @@ gen_ifcfg_script_centos() {
   # Without NetworkManager IPV6_DEFAULTDEV is required
   [[ "$IAM" == 'centos' ]] && ((IMG_VERSION >= 80)) && ((IMG_VERSION != 610)) && ! is_cpanel_install && return
   [[ "$IAM" == 'rockylinux' ]] && return
-  [[ "$IAM" == 'almalinux' ]] && return
+  [[ "$IAM" == 'almalinux' ]] && ! is_cpanel_install && return
   echo "IPV6_DEFAULTDEV=$predicted_network_interface_name"
 }
 
@@ -920,6 +920,11 @@ v4_first() {
   has_no_public_ip || has_no_ipv6
 }
 
+ip_addr_last_octet() {
+  local ip_addr="$1"
+  [[ "$ip_addr" =~ [.:]([^.:]*)$ ]] && echo "${BASH_REMATCH[1]}"
+}
+
 randomized_nsaddrs() {
   local v6_nsaddrs=($(shuf -e "${DNSRESOLVER_V6[@]}"))
   local v4_nsaddrs=($(shuf -e "${DNSRESOLVER[@]}"))
@@ -932,10 +937,26 @@ randomized_nsaddrs() {
     second_pool=("${v6_nsaddrs[@]}")
   fi
 
+  local spread_by_last_octet=()
+  local nsaddr
+  local i=${#second_pool[@]}
+  for addr in "${first_pool[@]}"; do
+    ((i == 0)) && break
+
+    for ((j=0; j<${#second_pool[@]}; j++)); do
+      nsaddr="${second_pool[$j]}"
+      [[ "$(ip_addr_last_octet "$addr")" == "$(ip_addr_last_octet "$nsaddr")" ]] && continue
+
+      spread_by_last_octet+=("$nsaddr")
+      i=$((i - 1))
+    done
+  done
+  second_pool=("${spread_by_last_octet[@]}")
+
   local nsaddrs=()
   local maxns=4
   local i=-1
-  local nsaddr
+  nsaddr=
   until (( ${#nsaddrs[@]} == $maxns || (${#first_pool[@]} == 0 && ${#second_pool[@]} == 0) )); do
     i=$((i + 1))
 

randomization.functions.sh

@@ -98,4 +98,30 @@ install_remove_password_txt_hint() {
   chmod 755 "$FOLD/hdd/usr/local/bin/remove_password_txt_hint"
 }
 
+randomize_mdadm_array_check_time() {
+  local mdcron; mdcron="$FOLD/hdd/etc/cron.d/mdadm"
+  local mdtimer; mdtimer="$FOLD/hdd/lib/systemd/system/mdcheck_start.timer"
+  declare -i hour minute day
+  hour=$(((RANDOM % 4) + 1))
+  minute=$(((RANDOM % 59) + 1))
+  day=$(((RANDOM % 28) + 1))
+  if [ -f "$mdcron" ] && grep -q checkarray "$mdcron"; then
+    debug "# Randomizing cronjob run time for mdadm checkarray: day $day @ $hour:$minute"
+    sed -i -e "s/^[* 0-9]*root/$minute $hour $day * * root/" -e "s/ &&.*]//" \
+      "$mdcron"
+  elif [ -f "$mdtimer" ]; then
+    debug "# Randomizing systemd timer for mdadm checkarray: day $day @ $hour:$minute"
+    local cfgdir; cfgdir="$FOLD/hdd/etc/systemd/system/mdcheck_start.timer.d"
+    mkdir -p "$cfgdir"
+    local cfg_override; cfg_override="$cfgdir/$C_SHORT.conf"
+    {
+      echo "[Timer]"
+      echo "OnCalendar="
+      printf "OnCalendar=*-*-%02d %02d:%02d:00" "$day" "$hour" "$minute"
+    } > "$cfg_override"
+  else
+    debug "# No /etc/cron.d/mdadm or /lib/systemd/system/mdcheck_start.timer found to randomize mdadm checkarray run time"
+  fi
+}
+
 # vim: ai:ts=2:sw=2:et

rockylinux.sh

@@ -42,8 +42,8 @@ generate_new_ramdisk() {
     local dracutfile="$FOLD/hdd/etc/dracut.conf.d/99-$C_SHORT.conf"
     {
       echo "### $COMPANY - installimage"
-      echo 'add_dracutmodules+="lvm mdraid"'
-      echo 'add_drivers+="raid0 raid1 raid10 raid456"'
+      echo 'add_dracutmodules+=" lvm mdraid "'
+      echo 'add_drivers+=" raid0 raid1 raid10 raid456 "'
       #echo 'early_microcode="no"'
       echo 'hostonly="no"'
       echo 'hostonly_cmdline="no"'
@@ -98,6 +98,10 @@ generate_config_grub() {
     grub_cmdline_linux=${grub_cmdline_linux/nomodeset }
   fi
 
+  if [ "$SYSARCH" == "arm64" ]; then
+    grub_cmdline_linux+=' console=ttyAMA0 console=tty0'
+  fi
+
   sed -i "s/GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"$grub_cmdline_linux\"/" "$FOLD/hdd/etc/default/grub"
 
   rm -f "$FOLD/hdd/boot/grub2/grub.cfg"
@@ -137,6 +141,8 @@ write_grub() {
 # for purpose of e.g. debian-sys-maint mysql user password in debian/ubuntu LAMP
 #
 run_os_specific_functions() {
+  randomize_mdadm_array_check_time
+
   # selinux autorelabel if enabled
   egrep -q "SELINUX=enforcing" "$FOLD/hdd/etc/sysconfig/selinux" &&
     touch "$FOLD/hdd/.autorelabel"