terom@23: PKVLM - Debian installer preseed-based bootstrapping. terom@23: terom@23: Performs unattended bare-metal installs of machines to a working state (i.e. such that Puppet can continue). terom@3: terom@19: Generates customized debian-installer ISO images which contain host-specific debconf preseed data, config files and scripts. terom@3: terom@23: Uses a customized isolinux.cfg to load the machine-specific preseed.cfg from /cdrom via kernel command line options, terom@23: terom@23: Also integrates with LVM/virt-install to create/install new libvirt-based machines on the local KVM host based on the customized media. terom@3: terom@19: Supports bootstrapping puppet (package + config (server, ssl certs)). terom@3: terom@23: ## Files terom@23: terom@23: The debian installer source image (i.e. what you download from debian.org) goes into: terom@23: terom@23: iso/debian-X.Y.Z-ARCH-netinst.iso terom@23: terom@23: XXX: hardcoded as `$INSTALLER_NAME` in pvklm-create terom@23: terom@23: The installer image is unpacked to: terom@23: terom@23: images/debian-X.Y.Z-ARCH terom@23: terom@23: From where it is copied to: terom@23: terom@23: image/debian-X.Y.Z-ARCH_HOSTNAME terom@23: terom@23: Then the preseed data is processed/copied/templated/etc from: terom@23: terom@23: preseed/... -> image/debian-X.Y.Z-ARCH_HOSTNAME/... terom@23: terom@23: (varies based on chosen options. This also configures scripts to be executed/files to be copied after install) terom@23: terom@23: And finally, the resulting customized host-specific ISO image is created at: terom@23: terom@23: iso/debian-X.Y.Z-ARCH_HOSTNAME.iso terom@23: terom@23: ## Operation terom@23: terom@23: Booting from the .iso loads the syslinux bootloader (isolinux/isolinux.bin, isolinux/boot.cat), which then looks for terom@23: terom@23: isolinux/isolinux.cfg terom@23: terom@23: Our isolinux.cfg (generated from preseed/isolinux.cfg) loads the kernel/initrd from /install[.amd], and supplies the terom@23: relevant kernel command-line arguments, which are processed by debian-installer: terom@23: terom@23: auto=true priority=critical preseed/file=${PRESEED_MOUNT}/${PRESEED_NAME} preseed/file/checksum=${PRESEED_CHECKSUM} -- ${INSTALL_BOOT_CONSOLE} quiet terom@23: terom@23: This loads our preseed.cfg (generated from preseed/preseed.cfg). The preseed.cfg then contains answers to all the d-i interactive terom@23: questions. The preseed.cfg takes care of automating the installer itself. terom@23: terom@23: The preseed.cfg contains many templated variables, which are subsituted for variables defined in pvklm-create at ISO-creation time. terom@23: terom@23: The preseed.cfg also loads additional preseed files (generated from preseed/*.cfg), e.g.: terom@23: terom@23: passwords.cfg - crypted passwords; not under version control terom@23: host.cfg - configure additional software installed on the host (exim) terom@23: terom@23: The preseed.cfg can also specify additional packages to install: terom@23: terom@23: $PRESEED_PACKAGES terom@23: terom@23: (defined within pkvlm-create) terom@23: terom@23: After the main installation process is complete, the installer can also execute arbitrary script commands from our preseed.cfg terom@23: We use this to copy over configuration files from "$IMAGE/preseed-files" inside the ISO (generated from various files terom@23: in preseed/files and preseed/.../files (e.g. puppet)) to the target system. These are used for more advanced customizations than the debconf terom@23: preseeding lets us do: terom@23: terom@23: - configure serial console (/etc/default/grub, update-grub, modify /etc/inittab) terom@23: - configure puppet (/etc/puppet/puppet.cfg, pre-install ssl certs to /etc/puppet/ssl) terom@23: terom@23: Once the installer is complete, it will reboot, and the newly installed/bootstrapped Debian Linux system will start up for the first time. terom@23: terom@23: If puppet was bootstrapped, the puppet agent will start its first run immediately (in the background via /etc/init.d/puppet, as normal). terom@23: terom@23: ## Usage terom@23: terom@23: Some things are hardcoded in preseed/* terom@23: Some things are hardcoded in pklvm-create (the shell script) terom@23: Some things can be specified via `foo=...` options on the command line: terom@23: terom@23: ./pkvlm-create [options] [name=[value] [...]] terom@23: ./pkvlm-create asdf domain=test.pvl puppet_master=puppet-testing.paivola.fi terom@23: terom@23: These options are defind in pkvlm-create. Not all variables in preseed/... are configureable via options. terom@23: terom@23: The only required argument is the machine's name. It is given as the first non-option argument. terom@23: terom@23: ## Puppet terom@23: terom@23: Supports configuring the host as a puppet agent. Pass a puppet=yes opt: terom@23: terom@23: ./pkvlm-create asdf puppet=yes terom@23: terom@23: The puppet server can be configured via `puppet_master=...`. It defaults to 'puppet' (i.e. match puppet's default behaviour to resolve a host called terom@23: 'puppet'). terom@23: terom@23: ### SSL terom@23: terom@23: Supports pre-installing Puppet's SSL certificates from: terom@23: terom@23: preseed/puppet/ssl terom@23: terom@23: If the puppetmaster's CA cert is present in preseed/puppet/ssl/certs/ca.pem, it is included in the preseed-files. terom@23: terom@23: You can also pre-generate a cert+pkey pair for the machine on the puppetmaster: terom@23: terom@23: puppet cert --generate ... terom@23: scp $ssldir/{certs,private_keys}/...pem ... terom@23: terom@23: These will be copied from "preseed/puppet/ssl/{certs,private_keys}/${FQDN}.pem" to the preseed-files, and the agent terom@23: will use them to connect to the puppetmaster. terom@23: