Kickstart
Debian & Ubuntu
In Debian and Ubuntu this is called Preseed and is documented in the Installation Guide.[1][2]
The most difficult part was to find out how to pass the preseed file to the installer[3]. To use a preseed file on a remote web server, the following boot options got it going:[4]
auto=true priority=critical url=http://www.example.org/path/to/preseed.cfg
Notes:
- We use
auto=true
to get the automatic configuration actually going[5]
- We use
priority=critical
to skip non-essential question
- After a host has been (manually) installed, a preseed file can be generated with debconf-get-selections:
debconf-get-selections --installer > preseed.cfg
debconf-get-selections >> preseed.cfg
We also need a server or netboot image as desktop images tend to ignore any auto-configuration parameters.[4]
The configuration file for both distributions is similar but differ in the details.
- example-preseed.txt for Debian systems
- example-preseed.txt for Ubuntu systems
Both are heavily documented, except for the partition management part (d-i partman
)[6][7]. To validate the preseeed file:
$ debconf-set-selections -c preseed.cfg debconf: DbDriver "passwords" warning: could not open /var/cache/debconf/passwords.dat: Permission denied
For some reason we need to make a debconf
file readable and try again:
sudo setfacl -m g:staff:r /var/cache/debconf/passwords.dat debconf-set-selections -c preseed.cfg
Example
d-i debian-installer/locale string en_US.UTF-8 d-i console-setup/ask_detect boolean false d-i keyboard-configuration/layoutcode string us d-i keyboard-configuration/xkb-keymap select us # DHCP # Note: to (temporarily) disable IPv6, add ipv6.disable=1 to the boot parameters. d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string foobar d-i netcfg/get_domain string example.net # Disable network autoconfiguration # d-i netcfg/disable_autoconfig boolean true # Continue with failed autoconfiguration # d-i netcfg/dhcp_failed note # d-i netcfg/dhcp_options select Configure network manually # Static # d-i netcfg/get_ipaddress string 192.168.56.30 # d-i netcfg/get_netmask string 255.255.255.0 # d-i netcfg/get_gateway string 192.168.56.1 # d-i netcfg/get_nameservers string 192.168.0.1 # d-i netcfg/confirm_static boolean true # d-i netcfg/hostname string debian # Debian # d-i mirror/http/hostname string http.us.debian.org # d-i mirror/http/directory string /debian # Ubuntu # d-i mirror/http/mirror select us.archive.ubuntu.com # d-i mirror/http/directory string /ubuntu # For Ubuntu: # d-i apt-setup/restricted boolean false # d-i apt-setup/universe boolean true # d-i apt-setup/backports boolean false # APT-Proxy # d-i mirror/http/proxy string http://10.0.0.3:3142 d-i clock-setup/utc boolean true d-i time/zone string PST8PDT d-i clock-setup/ntp boolean true # Partition Setup d-i partman-auto/disk string /dev/sda d-i partman-auto/method string regular # The partition setup is documented in partman-auto-recipe.txt, sort of. # In this case, our root disk is 4 GB in size and we will create two # partitions - one for the rootfs and a small one for swap space. d-i partman-auto/expert_recipe string \ root-swap :: \ 1024 8192 -1 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ 128 512 192 linux-swap \ $primary{ } \ method{ swap } format{ } \ . # GRUB d-i grub-installer/only_debian boolean true d-i grub-installer/bootdev string default d-i base-installer/install-recommends boolean false d-i base-installer/kernel/image string linux-image-amd64 d-i passwd/root-login boolean root d-i passwd/make-user boolean true # Passwords can be given in plain text: # d-i passwd/root-password password s3cr3t # d-i passwd/root-password-again password s3cr3t # Passwords can be given as its hashed version too. In modern distribututions this would be # a SHA-512 hash with a salt and we can use mkpasswd[8][9] or Python to generate[10][11] a password: # # > salt=$(pwgen -s 16 1) # > salt=$(openssl rand -hex 8) # If pwgen(1) is not installed # > mkpasswd -m sha-512 -S $salt s3cr3t # > python -c "import crypt; print(crypt.crypt('s3cr3t', \"\$6\$${salt}\"))" # d-i passwd/user-password-crypted password $6$y1MlUGqYXToNxClF$c9Bq9LgD[...] d-i user-setup/allow-password-weak boolean true d-i passwd/user-default-groups string sudo d-i user-setup/encrypt-home boolean false d-i passwd/user-fullname string dummy d-i passwd/username string dummy # d-i passwd/user-password password s3cr3t # d-i passwd/user-password-again password s3cr3t d-i passwd/user-password-crypted password $6$fe396b37668fe187$dndgEbrlcUukR5RNxaXpcV9VPWM1fieuKWdKyF3qYNo9zhQvdzWAv0IqwKOQFgI8qgY9wfeWXKqXgPWE07fGt/ d-i user-setup/allow-password-weak boolean true d-i passwd/user-default-groups string sudo d-i user-setup/encrypt-home boolean false # Install some basic packages # Note: if one of these packages cannot be found/installed, the installer will stop! d-i pkgsel/include string acl apt-file apt-listchanges atop attr autossh bc bzip2 ca-certificates chrony cryptsetup curl deborphan devscripts debsums ecryptfs-utils git-core haveged s-nail htop iftop iotop irqbalance ksh less libpam-tmpdir lsof mlocate moreutils netcat-openbsd openssh-server openvpn p7zip-full pbzip2 pigz pv pwgen pxz rsync screen sharutils smartmontools ssmtp strace subversion sudo sysstat thermald vim vnstat whois zsh d-i pkgsel/update-policy select none # tasksel tasksel/first multiselect ssh-server # Post Exec d-i preseed/late_command string cd /target/root && wget -O- https://raw.githubusercontent.com/ckujau/dotfiles/master/install-dot.sh | sh d-i finish-install/reboot_in_progress note
Fedora
In Fedora this is called Pykickstart (formerly Kickstart) and is documented in the manual[12]. To create a kickstart file with a GUI, we could use system-config-kickstart
- of course we'd need a running Fedora instance first:
sudo dnf install system-config-kickstart xorg-x11-xauth libcanberra-gtk2 PackageKit-gtk3-module dejavu-lgc-sans-fonts
xorg-x11-xauth
is needed so that X11 forwarding will work properly.libcanberra-gtk2
is needed to prevent theFailed to load module "canberra-gtk-module"
message.PackageKit-gtk3-module
is needed to prevent theFailed to load module "pk-gtk-module"
message.dejavu-lgc-sans-fonts
is needed, otherwise thesystem-config-kickstart
window may not be readable.
Example
With that in place, we can start system-config-kickstart
as a normal user now. After configuration[13], we should have something like this[14] in place:
# Install OS instead of upgrade install # Keyboard layouts keyboard us # System language lang en_US.UTF-8 # System timezone timezone Europe/Berlin --isUtc # Use text mode install text # Use CDROM installation media cdrom # System authorization information auth --enableshadow --passalgo=sha512 # Root password rootpw --plaintext root # Create a user account user --name=dummy --password='dummy' --plaintext # SELinux configuration selinux --enforcing # Do not configure the X Window System skipx # Firewall configuration firewall --enabled --port=ssh # Enable/disable services services --enabled=sshd --disabled=NetworkManager # Network information network --bootproto=dhcp --device=link --ipv6=auto --activate # network --hostname=foo.example.org # System bootloader configuration bootloader --location=mbr --boot-drive=sda # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel --drives=sda # Disk partitioning information ignoredisk --only-use=sda part / --asprimary --fstype="ext4" --size=1 --grow part swap --asprimary --fstype="swap" --size=128 # Repos url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch" repo --name=fedora --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch" repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch" %packages @core bash-completion bc bzip2 chrony curl deltarpm iftop iotop nc6 pv rsync strace tar tcpdump wget # yum-plugin-changelog # yum-plugin-fastestmirror # yum-plugin-remove-with-leaves # yum-utils -plymouth-core-libs -polkit %end %post --log=/root/ks-post.log chkconfig network on %end # Halt after installation halt
Put the resulting file on a nearby webserver and boot[15] a Fedora installation with:
inst.ks=https://www.example.org/kickstart/ks.cfg
Links
- minimal-spin Kickstart files
- cobbler Boot server configurator (SUSE)
- Arch Linux: AIF and kickstart (automated installation over network)?
References
- ↑ Debian GNU/Linux Installation Guide: Appendix B. Automating the installation using preseeding
- ↑ Ubuntu Installation Guide: Appendix B. Automating the installation using preseeding
- ↑ Ubuntu Server Quick Install, No Questions Asked!
- ↑ 4.0 4.1 How to get HTTP preseed to work correctly on Ubuntu 10.04 LTS (Lucid)?
- ↑ Using preseeding: Auto mode
- ↑ Wikitech: PartMan
- ↑ Understanding partman-auto/expert_recipe
- ↑ Debian #116260 - whois: Why does it include mkpasswd?
- ↑ whois package contains unrelated binary 'mkpasswd'
- ↑ Kickstart Documentation: Kickstart Commands in Fedora
- ↑ What hash algorithms can I use in preseed's passwd/user-password-crypted entry?
- ↑ Installation Guide: Automating the Installation with Kickstart
- ↑ Installation Guide: Kickstart Syntax Reference
- ↑ kickstart file for my personal workstations
- ↑ Installation Guide: Kickstart Boot Options