I'm trying to preseed debian 11 netinstall fully automated. I read many of the documentation here :
Here is my boot line (from a grub.cfg)
set default="autoinstall"
set timeout=3
menuentry "Debian 11 Fully Automated UEFI LVM LUKS BTRFS Remote Decrypt DEBUG TTY4" --id autoinstall {
set background_color=black
linux /debian-installer/amd64/linux auto=true url=tftp://192.168.1.100/preseed/debseed11_crypt.cfg net.ifnames=0 biosdevname=0 ipv6.disable=1 language=en locale=en_US.UTF-8 keymap=fr vga=788 noprompt DEBCONF_DEBUG=5 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
Here is my preseed file :
#### Preseed preconfiguration file (for Debian buster)
### Partman early command
### Kernal parameter
#d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 hostname=unassigned-hostname domain=unassigned-domain
#d-i debconf/priority critical
#d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 console=ttyS0,19200n8
Localization
d-i debian-installer/locale string en_US
d-i debian-installer/language string en
d-i debian-installer/country string US
#d-i debian-installer/locale string en_US.UTF-8 fr_FR.UTF-8
d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8
Keyboard selection
d-i keyboard-configuration/xkb-keymap select fr
Network configuration
Netcfg choisira une interface connectée si possible. Cela empêchera
# d'afficher une liste s'il y a plusieurs interfaces.
d-i netcfg/choose_interface select auto
#d-i netcfg/choose_interface select eth0
d-i netcfg/use_dhcp string true
d-i netcfg/link_wait_timeout string 10
d-i netcfg/dhcp_timeout string 60
#d-i netcfg/disable_autoconfig boolean true
d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select auto
#Configure network manually
IPv4 Static network configuration
#d-i netcfg/get_ipaddress string 192.168.1.120
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
Set a hostname
#d-i netcfg/get_hostname string zhurong
#d-i netcfg/get_domain string planet.mars
Force a hostname
#d-i netcfg/hostname string zhurong.planet.mars
Disable that annoying WEP key dialog
d-i netcfg/wireless_wep string
d-i netcfg/get_hostname unassigned-hostname
d-i netcfg/get_domain unassigned-domain
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain seen true
Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string httpredir.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
Account setup
Skip creation of a normal user account
d-i passwd/make-user boolean false
Set root password
or encrypted using a crypt(3) hash.
d-i passwd/root-password-crypted password $6$47Cx5oMpkh66eYNI$LV76xupgkvZ3rHJCq1NgXKzp3bBDv6g0FmMiSvmUp1jqaIkTEz5F6eA.SRhBzyPReVQEnzZWwFWSdKGBBn.tE1
Clock and time zone setup
Set hardware clock to UTC
d-i clock-setup/utc boolean true
Set timezone
d-i time/zone string Europe/Paris
Use NTP clock during installation
d-i clock-setup/ntp boolean true
Partitioning
LVM LUKS method
Inhibit partman to fill the disk with random data
d-i partman-auto-crypto/erase_disks boolean false
#d-i partman/early_command \
string dd if=/dev/zero of=/dev/sda bs=512 count=1
d-i partman-auto/method string crypto
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto-lvm/new_vg_name string debian
d-i partman-auto/disk string /dev/vda
d-i partman-auto/choose_recipe select boot-crypto
d-i partman-crypto/passphrase password aaabbbccc
d-i partman-crypto/passphrase-again password aaabbbccc
d-i partman-auto/expert_recipe string
boot-crypto ::
1024 1024 1024 ext4
$primary{ } $bootable{ }
method{ format } format{ }
use_filesystem{ } filesystem{ ext4 }
mountpoint{ /boot }
.
8192 8192 8192 linux-swap
$lvmok{ } lv_name{ swap }
in_vg { debian }
method{ swap } format{ }
.
80896 80896 1000000 btrfs
$lvmok{ } lv_name{ root }
in_vg { debian }
method{ format } format{ }
use_filesystem{ } filesystem{ btrfs }
mountpoint{ / }
. \
#d-i partman-basicfilesystems/no_mount_point boolean false
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
Apt setup
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false
d-i apt-setup/cdrom/set-failed boolean false
d-i apt-setup/services-select multiselect security, updates
d-i apt-setup/security_host string security.debian.org
Package selection
tasksel tasksel/first multiselect standard
Individual additional packages to install
d-i pkgsel/include string openssh-server vim tmux tcpdump dropbear-initramfs cryptsetup-initramfs python3.9
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/update-policy select none
d-i pkgsel/updatedb boolean true
popularity-contest popularity-contest/participate boolean false
GRUB STUFF
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme
# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
### Finishing up the installation
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
d-i preseed/late_command string
mkdir -p -m 700 /target/root/.ssh;
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS" > /target/root/.ssh/authorized_keys;
in-target chown --recursive root:root /root/.ssh;
in-target chmod 0644 /root/.ssh/authorized_keys;
in-target update-alternatives --set editor /usr/bin/vim.basic;
in-target passwd --expire root;
in-target echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS' > /etc/dropbear-initramfs/authorized_keys;
in-target sed -i '/PasswordAuthentication/c\PasswordAuthentication no' /etc/ssh/sshd_config;
in-target sed -i '/PasswordAuthentication/c\PasswordAuthentication no' /etc/ssh/sshd_config;
in-target systemctl enable --now sshd;
in-target sed -i '/DROPBEAR_OPTIONS=/c\DROPBEAR_OPTIONS="-I 300 -j -k -p 22 -s -c /bin/cryptroot-unlock "' /etc/dropbear-initramfs/config;
in-target sed -i '/IP=/c\IP="dhcp"' /etc/initramfs-tools/initramfs.conf;
in-target update-initramfs -u;
For the moment i got the debien installer asking me for :
- hostname
- domain name
I'm just trying to get rid of those questions. Here is what i tried :
- I tried to play with priority=critical in command line kernel options on pxe server.
- i configured my dhcpd sever to manage hostname domain name of this specific hosts.
host curiosity {
hardware ethernet 12:34:45:12:34:56;
fixed-address 192.168.1.90;
option host-name "curiosity";
option domain-name "planet.mars";
}
I know i can setup the hostname/domain variables and all it will be alright but i want to make a very universal preseed to deploy on multiple servers.
Some help or clues would be very appreciated.
In advance thank you.
EDIT : Resolved :
By the way the first preseed was not perfect. If someone's interested here is a better one.
It does Fully automated Debian 11 UEFI LUKS BTRFS Remote Decrypt via ssh DEBUG TTY4
#### Preseed preconfiguration file (for Debian bullseye)
Debian 11 Fully Automated UEFI LVM LUKS BTRFS Remote Decrypt via ssh DEBUG # TTY4
Partman early command
Kernel parameter
#d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 hostname=unassigned-hostname domain=unassigned-domain
#d-i debconf/priority critical
#d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 console=ttyS0,19200n8
Localization
d-i debian-installer/locale string en_US
d-i debian-installer/language string en
d-i debian-installer/country string US
#d-i debian-installer/locale string en_US.UTF-8 fr_FR.UTF-8
d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8
Keyboard selection
d-i keyboard-configuration/xkb-keymap select fr
Network configuration
Netcfg choisira une interface connectée si possible. Cela empêchera
# d'afficher une liste s'il y a plusieurs interfaces.
d-i netcfg/choose_interface select auto
#d-i netcfg/choose_interface select eth0
d-i netcfg/use_dhcp string true
d-i netcfg/link_wait_timeout string 10
d-i netcfg/dhcp_timeout string 60
#d-i netcfg/disable_autoconfig boolean true
d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select auto
#Configure network manually
IPv4 Static network configuration
#d-i netcfg/get_ipaddress string 192.168.1.120
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
Set a hostname
#d-i netcfg/get_hostname string zhurong
#d-i netcfg/get_domain string planet.mars
Force a hostname
#d-i netcfg/hostname string zhurong.planet.mars
Disable that annoying WEP key dialog
d-i netcfg/wireless_wep string
#d-i netcfg/get_hostname=install
d-i netcfg/get_hostname unassigned-hostname
d-i netcfg/get_domain unassigned-domain
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain seen true
Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string httpredir.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
Account setup
Skip creation of a normal user account
d-i passwd/make-user boolean false
Set root password
or encrypted using a crypt(3) hash.
d-i passwd/root-password-crypted password $6$47Cx5oMpkh999YNI$XG76xupgkvZ3rHJCq1NgXKzp3bBfIuj0FmMiSvmUp1jqaIkTEz5F6eA.SRhBzyPReVQEnzZWwFWSdYGCBn.tE1
Clock and time zone setup
Set hardware clock to UTC
d-i clock-setup/utc boolean true
Set timezone
d-i time/zone string Europe/Paris
Use NTP clock during installation
d-i clock-setup/ntp boolean true
Partitioning
LVM LUKS method
Inhibit partman to fill the disk with random data
d-i partman-auto-crypto/erase_disks boolean false
#d-i partman/early_command \
string dd if=/dev/zero of=/dev/sda bs=512 count=1
Force UEFI booting ('BIOS compatibility' will be lost). Default: false.
d-i partman-efi/non_efi_system boolean false
Ensure the partition table is GPT - this is required for EFI
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman-auto/method string crypto
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto-lvm/new_vg_name string debian
d-i partman-auto/disk string /dev/sda
d-i partman-auto/choose_recipe select boot-crypto
d-i partman-crypto/passphrase password aabbcc
d-i partman-crypto/passphrase-again password aabbcc
d-i partman-auto/expert_recipe string
boot-crypto ::
512 50 512 fat32
$primary{ } $bootable{ }
method{ efi } format{ }
mountpoint{ /boot/efi }
.
1024 1024 1024 ext4
$primary{ } $bootable{ }
method{ format } format{ }
use_filesystem{ } filesystem{ ext4 }
mountpoint{ /boot }
.
8192 8192 8192 linux-swap
$lvmok{ } lv_name{ swap }
in_vg { debian }
method{ swap } format{ }
.
80896 80896 1000000 btrfs
$lvmok{ } lv_name{ root }
in_vg { debian }
method{ format } format{ }
use_filesystem{ } filesystem{ btrfs }
mountpoint{ / }
. \
#d-i partman-basicfilesystems/no_mount_point boolean false
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
Apt setup
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false
d-i apt-setup/cdrom/set-failed boolean false
d-i apt-setup/services-select multiselect security, updates
d-i apt-setup/security_host string security.debian.org
Package selection
tasksel tasksel/first multiselect standard
Individual additional packages to install
d-i pkgsel/include string openssh-server vim tmux tcpdump dropbear-initramfs cryptsetup-initramfs python3.9
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/update-policy select none
d-i pkgsel/updatedb boolean true
popularity-contest popularity-contest/participate boolean false
GRUB STUFF
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme
# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
### Finishing up the installation
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
d-i preseed/late_command string
mkdir -p -m 700 /target/root/.ssh;
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS" > /target/root/.ssh/authorized_keys;
in-target chown --recursive root:root /root/.ssh;
in-target chmod 0644 /root/.ssh/authorized_keys;
in-target update-alternatives --set editor /usr/bin/vim.basic; \
d-i preseed/late_command string
mkdir -p -m 700 /target/root/.ssh;
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS" > /target/root/.ssh/authorized_keys;
in-target chown --recursive root:root /root/.ssh;
in-target chmod 0644 /root/.ssh/authorized_keys;
in-target update-alternatives --set editor /usr/bin/vim.basic;
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS' > /target/etc/dropbear-initramfs/authorized_keys;
echo 'PasswordAuthentication no' >> /target/etc/ssh/sshd_config.d/setup;
echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config.d/setup;
echo 'auto eno1' >> /target/etc/network/interfaces;
sed -i 's/eth0/eno1/g' /target/etc/network/interfaces;
in-target systemctl enable --now sshd;
echo 'DROPBEAR_OPTIONS="-I 300 -j -k -p 22 -s -c /bin/cryptroot-unlock"' >> /target/etc/dropbear-initramfs/config;
echo 'IP="dhcp"' >> /target/etc/initramfs-tools/initramfs.conf;
in-target update-initramfs -u;
in-target passwd --expire root; \
RESOLVED !
