1 Debian installer preseed-based bootstrapping. |
1 PKVLM - Debian installer preseed-based bootstrapping. |
|
2 |
|
3 Performs unattended bare-metal installs of machines to a working state (i.e. such that Puppet can continue). |
2 |
4 |
3 Generates customized debian-installer ISO images which contain host-specific debconf preseed data, config files and scripts. |
5 Generates customized debian-installer ISO images which contain host-specific debconf preseed data, config files and scripts. |
4 |
6 |
5 Also integrates with lvm/virt-install to create/install new libvirt-based machines based on the customized media. |
7 Uses a customized isolinux.cfg to load the machine-specific preseed.cfg from /cdrom via kernel command line options, |
|
8 |
|
9 Also integrates with LVM/virt-install to create/install new libvirt-based machines on the local KVM host based on the customized media. |
6 |
10 |
7 Supports bootstrapping puppet (package + config (server, ssl certs)). |
11 Supports bootstrapping puppet (package + config (server, ssl certs)). |
8 |
12 |
|
13 ## Files |
|
14 |
|
15 The debian installer source image (i.e. what you download from debian.org) goes into: |
|
16 |
|
17 iso/debian-X.Y.Z-ARCH-netinst.iso |
|
18 |
|
19 XXX: hardcoded as `$INSTALLER_NAME` in pvklm-create |
|
20 |
|
21 The installer image is unpacked to: |
|
22 |
|
23 images/debian-X.Y.Z-ARCH |
|
24 |
|
25 From where it is copied to: |
|
26 |
|
27 image/debian-X.Y.Z-ARCH_HOSTNAME |
|
28 |
|
29 Then the preseed data is processed/copied/templated/etc from: |
|
30 |
|
31 preseed/... -> image/debian-X.Y.Z-ARCH_HOSTNAME/... |
|
32 |
|
33 (varies based on chosen options. This also configures scripts to be executed/files to be copied after install) |
|
34 |
|
35 And finally, the resulting customized host-specific ISO image is created at: |
|
36 |
|
37 iso/debian-X.Y.Z-ARCH_HOSTNAME.iso |
|
38 |
|
39 ## Operation |
|
40 |
|
41 Booting from the .iso loads the syslinux bootloader (isolinux/isolinux.bin, isolinux/boot.cat), which then looks for |
|
42 |
|
43 isolinux/isolinux.cfg |
|
44 |
|
45 Our isolinux.cfg (generated from preseed/isolinux.cfg) loads the kernel/initrd from /install[.amd], and supplies the |
|
46 relevant kernel command-line arguments, which are processed by debian-installer: |
|
47 |
|
48 auto=true priority=critical preseed/file=${PRESEED_MOUNT}/${PRESEED_NAME} preseed/file/checksum=${PRESEED_CHECKSUM} -- ${INSTALL_BOOT_CONSOLE} quiet |
|
49 |
|
50 This loads our preseed.cfg (generated from preseed/preseed.cfg). The preseed.cfg then contains answers to all the d-i interactive |
|
51 questions. The preseed.cfg takes care of automating the installer itself. |
|
52 |
|
53 The preseed.cfg contains many templated variables, which are subsituted for variables defined in pvklm-create at ISO-creation time. |
|
54 |
|
55 The preseed.cfg also loads additional preseed files (generated from preseed/*.cfg), e.g.: |
|
56 |
|
57 passwords.cfg - crypted passwords; not under version control |
|
58 host.cfg - configure additional software installed on the host (exim) |
|
59 |
|
60 The preseed.cfg can also specify additional packages to install: |
|
61 |
|
62 $PRESEED_PACKAGES |
|
63 |
|
64 (defined within pkvlm-create) |
|
65 |
|
66 After the main installation process is complete, the installer can also execute arbitrary script commands from our preseed.cfg |
|
67 We use this to copy over configuration files from "$IMAGE/preseed-files" inside the ISO (generated from various files |
|
68 in preseed/files and preseed/.../files (e.g. puppet)) to the target system. These are used for more advanced customizations than the debconf |
|
69 preseeding lets us do: |
|
70 |
|
71 - configure serial console (/etc/default/grub, update-grub, modify /etc/inittab) |
|
72 - configure puppet (/etc/puppet/puppet.cfg, pre-install ssl certs to /etc/puppet/ssl) |
|
73 |
|
74 Once the installer is complete, it will reboot, and the newly installed/bootstrapped Debian Linux system will start up for the first time. |
|
75 |
|
76 If puppet was bootstrapped, the puppet agent will start its first run immediately (in the background via /etc/init.d/puppet, as normal). |
|
77 |
|
78 ## Usage |
|
79 |
|
80 Some things are hardcoded in preseed/* |
|
81 Some things are hardcoded in pklvm-create (the shell script) |
|
82 Some things can be specified via `foo=...` options on the command line: |
|
83 |
|
84 ./pkvlm-create [options] <name> [name=[value] [...]] |
|
85 ./pkvlm-create asdf domain=test.pvl puppet_master=puppet-testing.paivola.fi |
|
86 |
|
87 These options are defind in pkvlm-create. Not all variables in preseed/... are configureable via options. |
|
88 |
|
89 The only required argument is the machine's name. It is given as the first non-option argument. |
|
90 |
|
91 ## Puppet |
|
92 |
|
93 Supports configuring the host as a puppet agent. Pass a puppet=yes opt: |
|
94 |
|
95 ./pkvlm-create asdf puppet=yes |
|
96 |
|
97 The puppet server can be configured via `puppet_master=...`. It defaults to 'puppet' (i.e. match puppet's default behaviour to resolve a host called |
|
98 'puppet'). |
|
99 |
|
100 ### SSL |
|
101 |
|
102 Supports pre-installing Puppet's SSL certificates from: |
|
103 |
|
104 preseed/puppet/ssl |
|
105 |
|
106 If the puppetmaster's CA cert is present in preseed/puppet/ssl/certs/ca.pem, it is included in the preseed-files. |
|
107 |
|
108 You can also pre-generate a cert+pkey pair for the machine on the puppetmaster: |
|
109 |
|
110 puppet cert --generate ... |
|
111 scp $ssldir/{certs,private_keys}/...pem ... |
|
112 |
|
113 These will be copied from "preseed/puppet/ssl/{certs,private_keys}/${FQDN}.pem" to the preseed-files, and the agent |
|
114 will use them to connect to the puppetmaster. |
|
115 |