|
23
|
1 |
PKVLM - Debian installer preseed-based bootstrapping.
|
|
|
2 |
|
|
|
3 |
Performs unattended bare-metal installs of machines to a working state (i.e. such that Puppet can continue).
|
|
3
|
4 |
|
|
19
|
5 |
Generates customized debian-installer ISO images which contain host-specific debconf preseed data, config files and scripts.
|
|
3
|
6 |
|
|
23
|
7 |
Uses a customized isolinux.cfg to load the machine-specific preseed.cfg from /cdrom via kernel command line options,
|
|
|
8 |
|
|
|
9 |
Also integrates with LVM/virt-install to create/install new libvirt-based machines on the local KVM host based on the customized media.
|
|
3
|
10 |
|
|
19
|
11 |
Supports bootstrapping puppet (package + config (server, ssl certs)).
|
|
3
|
12 |
|
|
23
|
13 |
## Files
|
|
|
14 |
|
|
|
15 |
The debian installer source image (i.e. what you download from debian.org) goes into:
|
|
|
16 |
|
|
|
17 |
iso/debian-X.Y.Z-ARCH-netinst.iso
|
|
|
18 |
|
|
|
19 |
XXX: hardcoded as `$INSTALLER_NAME` in pvklm-create
|
|
|
20 |
|
|
|
21 |
The installer image is unpacked to:
|
|
|
22 |
|
|
|
23 |
images/debian-X.Y.Z-ARCH
|
|
|
24 |
|
|
|
25 |
From where it is copied to:
|
|
|
26 |
|
|
|
27 |
image/debian-X.Y.Z-ARCH_HOSTNAME
|
|
|
28 |
|
|
|
29 |
Then the preseed data is processed/copied/templated/etc from:
|
|
|
30 |
|
|
|
31 |
preseed/... -> image/debian-X.Y.Z-ARCH_HOSTNAME/...
|
|
|
32 |
|
|
|
33 |
(varies based on chosen options. This also configures scripts to be executed/files to be copied after install)
|
|
|
34 |
|
|
|
35 |
And finally, the resulting customized host-specific ISO image is created at:
|
|
|
36 |
|
|
|
37 |
iso/debian-X.Y.Z-ARCH_HOSTNAME.iso
|
|
|
38 |
|
|
|
39 |
## Operation
|
|
|
40 |
|
|
|
41 |
Booting from the .iso loads the syslinux bootloader (isolinux/isolinux.bin, isolinux/boot.cat), which then looks for
|
|
|
42 |
|
|
|
43 |
isolinux/isolinux.cfg
|
|
|
44 |
|
|
|
45 |
Our isolinux.cfg (generated from preseed/isolinux.cfg) loads the kernel/initrd from /install[.amd], and supplies the
|
|
|
46 |
relevant kernel command-line arguments, which are processed by debian-installer:
|
|
|
47 |
|
|
|
48 |
auto=true priority=critical preseed/file=${PRESEED_MOUNT}/${PRESEED_NAME} preseed/file/checksum=${PRESEED_CHECKSUM} -- ${INSTALL_BOOT_CONSOLE} quiet
|
|
|
49 |
|
|
|
50 |
This loads our preseed.cfg (generated from preseed/preseed.cfg). The preseed.cfg then contains answers to all the d-i interactive
|
|
|
51 |
questions. The preseed.cfg takes care of automating the installer itself.
|
|
|
52 |
|
|
|
53 |
The preseed.cfg contains many templated variables, which are subsituted for variables defined in pvklm-create at ISO-creation time.
|
|
|
54 |
|
|
|
55 |
The preseed.cfg also loads additional preseed files (generated from preseed/*.cfg), e.g.:
|
|
|
56 |
|
|
|
57 |
passwords.cfg - crypted passwords; not under version control
|
|
|
58 |
host.cfg - configure additional software installed on the host (exim)
|
|
|
59 |
|
|
|
60 |
The preseed.cfg can also specify additional packages to install:
|
|
|
61 |
|
|
|
62 |
$PRESEED_PACKAGES
|
|
|
63 |
|
|
|
64 |
(defined within pkvlm-create)
|
|
|
65 |
|
|
|
66 |
After the main installation process is complete, the installer can also execute arbitrary script commands from our preseed.cfg
|
|
|
67 |
We use this to copy over configuration files from "$IMAGE/preseed-files" inside the ISO (generated from various files
|
|
|
68 |
in preseed/files and preseed/.../files (e.g. puppet)) to the target system. These are used for more advanced customizations than the debconf
|
|
|
69 |
preseeding lets us do:
|
|
|
70 |
|
|
|
71 |
- configure serial console (/etc/default/grub, update-grub, modify /etc/inittab)
|
|
|
72 |
- configure puppet (/etc/puppet/puppet.cfg, pre-install ssl certs to /etc/puppet/ssl)
|
|
|
73 |
|
|
|
74 |
Once the installer is complete, it will reboot, and the newly installed/bootstrapped Debian Linux system will start up for the first time.
|
|
|
75 |
|
|
|
76 |
If puppet was bootstrapped, the puppet agent will start its first run immediately (in the background via /etc/init.d/puppet, as normal).
|
|
|
77 |
|
|
|
78 |
## Usage
|
|
|
79 |
|
|
|
80 |
Some things are hardcoded in preseed/*
|
|
|
81 |
Some things are hardcoded in pklvm-create (the shell script)
|
|
|
82 |
Some things can be specified via `foo=...` options on the command line:
|
|
|
83 |
|
|
|
84 |
./pkvlm-create [options] <name> [name=[value] [...]]
|
|
|
85 |
./pkvlm-create asdf domain=test.pvl puppet_master=puppet-testing.paivola.fi
|
|
|
86 |
|
|
|
87 |
These options are defind in pkvlm-create. Not all variables in preseed/... are configureable via options.
|
|
|
88 |
|
|
|
89 |
The only required argument is the machine's name. It is given as the first non-option argument.
|
|
|
90 |
|
|
|
91 |
## Puppet
|
|
|
92 |
|
|
|
93 |
Supports configuring the host as a puppet agent. Pass a puppet=yes opt:
|
|
|
94 |
|
|
|
95 |
./pkvlm-create asdf puppet=yes
|
|
|
96 |
|
|
|
97 |
The puppet server can be configured via `puppet_master=...`. It defaults to 'puppet' (i.e. match puppet's default behaviour to resolve a host called
|
|
|
98 |
'puppet').
|
|
|
99 |
|
|
|
100 |
### SSL
|
|
|
101 |
|
|
|
102 |
Supports pre-installing Puppet's SSL certificates from:
|
|
|
103 |
|
|
|
104 |
preseed/puppet/ssl
|
|
|
105 |
|
|
|
106 |
If the puppetmaster's CA cert is present in preseed/puppet/ssl/certs/ca.pem, it is included in the preseed-files.
|
|
|
107 |
|
|
|
108 |
You can also pre-generate a cert+pkey pair for the machine on the puppetmaster:
|
|
|
109 |
|
|
|
110 |
puppet cert --generate ...
|
|
|
111 |
scp $ssldir/{certs,private_keys}/...pem ...
|
|
|
112 |
|
|
|
113 |
These will be copied from "preseed/puppet/ssl/{certs,private_keys}/${FQDN}.pem" to the preseed-files, and the agent
|
|
|
114 |
will use them to connect to the puppetmaster.
|
|
|
115 |
|