Differences between revisions 123 and 125 (spanning 2 versions)
Revision 123 as of 2019-09-04 19:52:35
Size: 14307
Editor: nodiscc
Comment: rm broken link, add link to FDE example preseed
Revision 125 as of 2019-09-11 01:42:37
Size: 14376
Editor: PaulWise
Comment: fix up the linuxjournal link
Deletions are marked like this. Additions are marked like this.
Line 58: Line 58:
Copy any relevant values from the output of these commands, and add itt to your custom {{{preseed.cfg}}} file. Do not work off a {{{debconf-get-selections}}} ({{{--installer}}}) generated {{{preseed.cfg}}} but get the values from it and modify the example preseed file with them. Copy any relevant values from the output of these commands, and add it to your custom {{{preseed.cfg}}} file. Do not work off a {{{debconf-get-selections}}} ({{{--installer}}}) generated {{{preseed.cfg}}} but get the values from it and modify the example preseed file with them.
Line 254: Line 254:
 * LinuxJournal's [[preseed file]] to automate Full Disk Encryption using [[LVM#Encrypted_LVM|Encrypted LVM]]  * [[https://www.linuxjournal.com/content/preseeding-full-disk-encryption|LinuxJournal's preseed guide]] to automate Full Disk Encryption using [[LVM#Encrypted_LVM|Encrypted LVM]]

Translation(s): English - Français


https://www.debian.org/releases/stable/amd64/apb.en.html - Debian GNU/Linux installation guide - Appendix B. Automating the installation using preseeding

Preseeding d-i

Preseeding provides a way to set answers to questions asked during the installation process, without having to manually enter the answers while the installation is running. This makes it possible to fully automate most types of installation and even offers some features not available during normal installations.

Most of the questions asked by DebianInstaller can be preseeded by setting the answers in the debconf database. The Installation Guide includes an extensive appendix dedicated to preseeding. For concrete preseed files look below. Feel free to add any information that is not covered in the manual to the notes below.

Preseeding methods

As mentioned in the official installation guide, there are several ways to feed the preseed file to the installer.

Adding the preseed file to the installer's initrd.gz

Installation can be fully automated by adding a preseed file to the installer ISO's initrd.gz. This method is described in detail in this wiki article. The downside of this method is that net installer has to be generated whenever a preseed file is modified.

Autoloading the preseeding file from a webserver via DHCP

If you have control over the DHCP server on your network, this method allows fully automated installations; as demonstrated and documented at Hands-off.

Loading the preseeding file from a webserver

Most install methods you can interrupt early on and add a URL to a preseed file, for an almost fully automated installations. Here exemplified with the graphical installer:

  • When the graphical installer boot menu appears, press ESC

  • (Type "help" if you want view generic help)
  • Type "auto url=http://webserver/path/preseed.cfg", replacing the URL with the address to your preseed configuration file

The "auto" command launches the installation in the automated mode, where the configuration of hostname, locale and keymap are postponed so that they can be answered from the preseed file loaded from the network. You could use "install url=..." but you'd have to answer these questions manually, regardless of what you have in the preseed config. If a server path isn't specified the path 'd-i/<codename>/preseed.cfg' will be tried, for example d-i/stretch/preseed.cfg. Note that network configuration options (netcfg/*) cannot be applied via a network-loaded preseed.cfg file, as the network must be configured before the preseed file can be fetched. If network configuration options must be declared, needed options have be passed as kernel options (eg netcfg/choose_interface=eth0).

Note that if the preseed config is loaded over https the install environment may not recognise the certificates presented by the webserver. You can add the option "debian-installer/allow_unauthenticated_ssl=true" to bypass certificate checks.

Default preseed files

When creating a preseed file, you should start from a known good, default preseed file:

If you use a preseed file for an older, newer or otherwise different OS, you will most likely be prompted for answers at some point, even if you thought you automated everything.

Custom preseed files

Some packages use debconf questions/dialogs or default values to create configuration at installation time. You can preseed answers for any debconf item in the following way:

  • Install the debconf-utils package

  • Get current debconf settings for DebianInstaller: debconf-get-selections --installer

  • Get current debconf settings for installed packages: debconf-get-selections

Copy any relevant values from the output of these commands, and add it to your custom preseed.cfg file. Do not work off a debconf-get-selections (--installer) generated preseed.cfg but get the values from it and modify the example preseed file with them.

You can check that the preseed file syntax is valid with debconf-get-selections -c preseed.cfg

Preseeding and the installer's debconf templates

As part of its construction the Debian Installer uses udeb files. These files are similar to normal .debs and have a control section which may contain a file called templates which, amongst other things, contains questions which can be asked during the installation. The answers to these questions can, in many cases, be preseeded. Not all udebs have a templates file.

If you have a .udeb its templates file can be extracted using apt-extracttemplates, which is in the apt-utils package. The command

apt-extracttemplates -t $PWD file.udeb

produces two files in the same directory as file.udeb. With ls -l you should see something like

file.config.S7Fsld
file.template.4tyDFV

The terminating string is a random one and the second file is the one of interest. This contains the information necessary to preseed answers to questions asked by the installer.

Processing templates files

Let's assume you have all the available udeb files for your chosen suite (stable, testing or unstable) and are in the directory containing them. The templates files from them will be extracted by

UDEBS=*.udeb
mkdir $PWD/templates

for i in $UDEBS
do
   apt-extracttemplates -t $PWD $i
   rm *.config* 2>/dev/null
done

This is a script to obtain all English language information from a selection of templates and put it in a single file after changing to the templates directory:

FILES=*.template*

for f in $FILES
do
# Have titled sections for data from each template file.
TITLE=$(echo $f |cut -d"." -f1)
echo -e "\n\n\n********** $TITLE **********" >> preseed.all

# Extract data from templates and do a bit of tidying up.
sed '/^Indices-.*\.UTF/d' $f        \
| sed '/^Choices-.*\.UTF-8/d'       \
| awk '/^Template:/,/-.*\.UTF-8:/'  \
| awk '!/-.*\.UTF-8:/'              \
| sed '/^Template:/{x;p;x;}'        \
>> preseed.all
done

Most of the non-question data can be eliminated with

FILES=*.template*

for f in $FILES
do
# Have titled sections for data from each template file.
TITLE=$(echo $f |cut -d"." -f1)
echo -e "\n\n\n********** $TITLE **********" >> preseed.all

# Extract data from templates and remove text, error, title 
# and note data types.
sed '/^Indices-.*\.UTF-8/d' $f                          \
| sed '/^Choices-.*\.UTF-8/d'                           \
| awk '/^Template:/,/-.*\.UTF-8:/'                      \
| awk '!/-.*\.UTF-8:/'                                  \
| sed '/^Template:/{x;p;x;}'                            \
| sed ':a $!N;s/\nType: text/ Type: text/;ta P;D'       \
| sed '/Type: text/,/^$/d'                              \
| sed ':a $!N;s/\nType: error/ Type: error/;ta P;D'     \
| sed '/Type: error/,/^$/d'                             \
| sed ':a $!N;s/\nType: title/ Type: title/;ta P;D'     \
| sed '/Type: title/,/^$/d'                             \
| sed ':a $!N;s/\nType: note/ Type: note/;ta P;D'       \
| sed '/Type: note/,/^$/d'                              \
>> preseed.all
done

Obtaining udeb files from a Debian archive

For a small handful of files it is probably convenient to download them from Debian website's Packages page (View package lists). However, it is worthwhile considering using apt-get and an archive in /etc/apt/sources.list. A suitable entry is:

deb http://httpredir.debian.org/debian stable main/debian-installer

Then

apt-get update
apt-get install <udeb_package_name>

With the previous entry as the only one in sources.list a list of available udebs can be written to a file using

apt-cache dumpavail | grep ^Package: | cut -d" " -f2 > udebpkgs

and the contents of udebpkgs downloaded with

for pkg in $(cat udebpkgs) ; do apt-get download $pkg ; done

Post-processing with apt-extracttemplates and a script is undertaken as described in a previous section.

Obtaining udeb files from a Debian ISO

Without root privileges extraction of all the udebs used in an ISO can do done with

bsdtar -C <DESTINATION> -xf <ISO> --strip-components 4 --exclude '*.deb' /pool/main

Post-processing with apt-extracttemplates and a script is carried out as described earlier.

Obtaining deb files from a Debian ISO

Without root privileges extraction of all the debs used in an ISO can do done with

bsdtar -C <DESTINATION> -xf <ISO> --strip-components 4 --exclude '*.udeb' /pool/main

Change to <DESTINATION> and run the next script to extract the templates from the debs:

DEBS=*.deb
mkdir $PWD/templates

for i in $DEBS
do
   apt-extracttemplates -t $PWD $i
   rm *.config* 2>/dev/null
done

Then process them with a script.

The popularity-contest and tasksel templates are likely to find a use in preseeding choices used during the installation. For the eventual rebooted system and new installation the console-setup, exim4-config and keyboard-configuration templates could form part of the preseeding strategy.

All templates from all .deb files

Packages with a dependency on debconf would be expected to have a templates file. After removing the pipe symbol and duplicate entries

DEBS=$(apt-cache rdepends debconf | tr -d'| ' | uniq | grep -v ReverseDepends)

will hold a list of such debs and

apt-get download $DEBS

will put them on your machine to be processed.

The rebooted system could have some non-installer packages already downloaded and configured with a late_command.

Examples

Post here any links you have to example preseed files. Note that using any of these files directly is not wise, as a malicious person could probably come up with values for a preseed file that makes d-i misbehave. Also, the files are downloaded over http, so are vulnerable to man-in-the-middle spoof attacks. The best way to use any preseed file is to copy it to your own local web server or media, and look it over before using it.

Notes

  • Be aware there is only one space in preseed files between subkey and value on "owner key/subkey value" lines.

  • Do not reboot in the base-config/late_command command, the installation process will start again at the start of the 2nd stage.

  • Preseeding has changed significantly in etch, preseed files for sarge will need to be updated or re-done. The largest change is the removal of base-config, which means that base-config/late_command and base-config/early_command are no longer available.

  • To install additional packages in etch, you can preseed preseed/early_command to run "apt-install package".

  • Look in debconf-devel(7) in the debconf-doc package for more docs about d-i and debian-installer preseed questions.
  • If your preseed value is being ignored and whilst using DEBCONF_DEBUG=5 to watch the debconf output you see "FSET blah false" it just means that a piece of code really wants that question to be seen, and such questions are not normally preseedable - the only way to avoid them is to avoid the situation that gives rise to that question being asked.

CategoryPackageManagement