====== Debian - Automatic Installation ======
===== Foreword of sorts =====
As a pretty much any mainstream GNU/Linux distribution, even Debian allows you to automate
system installation. You can either use Preseed or a custom built ramdisk and use debootstrap
directly.
When I told my friend I'm looking into preseeding Debian he was like: //What's wrong with debootstrap?//
The answer is there is nothing wrong with deboostrap and custom built ramdisk except it's a bit of work.
So why not to use Preseeding if it can do the job?
No doubt each approach has its pros and cons. I'm positive custom build ramdisk and deboostrap
will be faster than installer. Also, you can add tools you need, eg. tools for HW RAID, but you
can do a bit of scripting(and magic) as well, eg. assemble HW RAID prior to installation. Ramdisk can be used for
rescue and debugging. As a con I see maintenance - you have to create it, script(automate) it and keep it up-to-date.
Preseeding has pretty much the same capabilities. It allows you to install base Debian which is, in my opinion,
all you need and fine-tune the rest with Ansible/Chef/Puppet/or-alike after installation; install additional
packages; support for LVM and Linux SW RAID; run additional commands; what have you. I'd almost forget you
can use Preseed for installation from USB/DVD/CD as well! And it's all maintained for you.
Now, here are some cons which, despite solveable, are a bit annoying.
==== Cons of Debian Preseeding ====
=== Things don't always work out-of-the-box ===
For example I didn't have much of success with network console. It just kept segfaulting on me at "random" points.
You might want to use different kernel, although replacing kernel should be the least warry and quite easy.
Something can be or get broken or there is going to be some sort of regression.
=== More than one Preseed configuration might be necessary ===
This might be due to the differences in hardware configuration. The thing is, you must specify target drive in case
there is more than one drive present. And I'm sure this isn't uncommon case. However, this can be solved by simple
CGI/script preseed generator which will return correct Preseed configuration file, eg. based on hostname.
=== Missing tools ===
I believe you could easilly add whatever you want and pretty much modify netboot ramdisk in way you like.
=== MD5 sum of Preseed config must be kept up to date ===
Yes, this is particularly annoying one. You can solve it in two ways. Don't use MD5 sum, however then you can't be sure
about integrity of preseed file you've just downloaded. Or just integrate it into your script you have for updating TFTP
boot configuration. I don't really think this is a hard one to do.
=== Can't be used for rescue and/or debugging ===
I'm not entirely sure this is true. I also think with a bit of work and modification it very well could be.
===== Conclusion of sorts =====
I find Debian Preseeding to be enough. It does basic Debian installation which is all I need, because after installation
is finished, I hand it over to Ansible/Chef/Puppet/whatever to fine tune system for specific task. I don't mind the time it takes
to install Debian via Installer, although I will look into custom built ramdisk sooner or later. More out of
curiosity rather than actual need, I guess. As I mentioned, not every time things work out-of-the-box. However,
the same can be said about everything and it's something you have to accept and be aware of - always.
===== Customized ramdisk and debootstrap =====
FIXME
I've seen this being done and used. However, it seems like a ton of work for my use case.
Also, I can see some cons as well like a constant maintenance and keeping stuff up to date.
Of course there are pros like having customized tool-set, "one" universal ramdisk for installation
and debugging, I guess more variability/freedom.
Here comes an idea I haven't exploited. Take Debian's netboot ramdisk, uncompress it, modify it in
a way it boots into shell instead of installer, add stuff you need want, remove stuff you don't need,
pack it, run with it.
===== Preseeding =====
==== Requirements ====
* TFTP, DHCP, web server
* [[linux:debian:apt-mirror|local Debian mirror]] can be handy, but isn't mandatory
* time
* patience
==== Example of preseed file ====
I've removed pretty much all comments. What's below is my preseed file.
Please, see example preseed files/documentation for explanation, hints
and, actually, more.
### l18n, i18n, keyboard
d-i debian-installer/locale string en_US
d-i debian-installer/language string en
d-i debian-installer/country string CZ
# keymap is an alias for keyboard-configuration/xkb-keymap
d-i keymap select us
### Network configuration
# netcfg will choose an interface that has link if possible.
d-i netcfg/choose_interface select auto
# In case of a slow dhcp server
d-i netcfg/dhcp_timeout string 60
# despite defined here, it must be preseeded via cmd line as well
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/wireless_wep string
# load non-free firmware without asking
d-i hw-detect/load_firmware boolean true
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
d-i mirror/protocol string http
d-i mirror/country string cz
d-i mirror/http/hostname string test-deb-01.vm.zeratul.czf
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
### Account setup
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false
# Root password, either in clear text
d-i passwd/root-password password toor
d-i passwd/root-password-again password toor
### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string UTC
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server ntp.vm.zeratul.czf
### Partitioning
# this must be set in case you have more than one HDD present
d-i partman-auto/disk string /dev/vda
# possible values: regular, lvm, crypto
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# possible values - atomic, home, multi
d-i partman-auto/choose_recipe select atomic
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Package selection
tasksel tasksel/first multiselect standard
# Individual additional packages to install
d-i pkgsel/include string openssh-server
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select none
popularity-contest popularity-contest/participate boolean false
### GRUB
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
### Finishing up the installation
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# don't eject CD as there isn't any
d-i cdrom-detect/eject boolean false
# Setup SSH keys for root; the last command to be run before reboot
d-i preseed/late_command string wget http://test-deb-01.vm.zeratul.czf/preseed/set-ssh-keys.sh; sh set-ssh-keys.sh;
==== Example of parameters passed to kernel ====
LABEL Debian64-7.1.0-netinstall
MENU LABEL Debian64 7.1.0 Wheezy PreSeed NetInst
KERNEL kernel/debian64-7.1.0-netinstall
APPEND initrd=img/debian64-7.1.0-wheezy-initrd.img \
auto \
url=http://test-deb-01.vm.zeratul.czf/preseed/preseed.cfg \
preseed-md5=299d7a67793464e7e1e013a79660b64e \
fb=false \
locale=en_US \
language=en \
country=CZ \
keymap=us \
interface=auto \
netcfg/dhcp_timeout=60 \
netcfg/get_hostname=unassigned-hostname \
netcfg/get_domain=unassigned-domain
Now, that's a quite a lot, isn't it? I hear you. This is because preseed file won't be retrieved until
network configuration is done. At least I guessed so. And this also was a bit of unpleasant surprise to
me. May be I've missed something, but I'd try to retrieve preseed file before installer starts up.
However, Debian's preseed doesn't work this way and thus it seems to be necessary to supply all, well
some of these, options.
* **auto** - turns on automatic installation
* **url** - URL to preseed file
* **preseed-md5** - MD5 checksum of preseed file
* **fb** - whether installer should use Frame Buffer or not
* **locale**, **language**, **country**, **keymap** - to beat i18n, l18n questions
* **interface** - choose the first interface with link up(perhaps not necessary and on by default)
* **netcfg/dhcp_timeout** - just for sure
* **netcfg/get_hostname**, **netcfg/get_domain** - despite set from DHCP, installer kept asking for confirmation unless defaults were passed as kernel param
Turning off Frame Buffer(''fb'') in installer is usefull when eg. ''curses'' is used instead of ''SDL'' to display VGA output.
However, turning Frame Buffer off means graphics in installer will go wonky from time to time even when running in SDL window.
==== How to configure network-console, how can it be used? ====
### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
d-i anna/choose_modules string network-console
d-i network-console/authorized_keys_url string http://test-deb-01.vm.zeratul.czf/preseed/authorized_keys
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme
This happens before APT repository is configured. You're presented with instructions and I believe as long
as you don't click //Continue// installer will wait indefinitely. Then you can login via SSH as user
''installer'' and either continue installation(I believe Preseed will be used), you can continue installation
manually, or switch into shell.
Note, however, network-console has segfaulted(Wheezy 7.1) on my on several occasions. The first was when
I attempted to get into shell and second when I've clicked //Continue// in installer and tried to log-in
via SSH when installation proceeded.
==== When is ''early_command'' being executed? ====
Before APT repository is configured.
==== When is ''late_command'' being executed? ====
Just before machine is about to be rebooted. However ''/target'' is still mounted.
==== When things go wrong - unusual/additional questions asked ====
It may, and probably will over the time, happen you'll be asked some unusual question during installation.
What you should do depends whether system boots after installation is finished. I've encountered quite weird
problem with GRUB when I downloaded Jessie(at the time of this writing under development) netboot instead of
Wheezy 7.1 and I wasn't able to get the system working in the sane ammount of time. No biggie; only to demonstrate
it can happen - something gets changed or doesn't work out. I've used working configuration of Wheezy 7.0 to confirm
there is nothing wrong with Preseed file.
Falling back to the last known working configuration is one option. However, if system boots after installation
is finished, you can run the following command and "guess" what question(s) you were asked and add responses to
your preseed file. No worries, there are comments to ease the search. Don't forget to update checksum of preseed file!
# debconf-get-selections --installer > di-selections.txt
===== Links =====
* [[http://d-i.alioth.debian.org/manual/en.amd64/apb.html|Main "AI via preseeding" documentation]]
* [[http://www.debian.org/releases/wheezy/example-preseed.txt|Example preseed file from Wheezy]]
* [[http://www.debian.org/releases/lenny/example-preseed.txt|Example preseed file from Lenny]]