WorkstationAutoinstallPreseed
Workstation Autoinstall Preseed
This is a full Preseed file that will install a Ubuntu Desktop. It's the actual preseed we use, with some specifics removed.
There are two additional scripts used for the final stages. You can find them here: Enterprise/WorkstationAutoinstallScripts
Here's how to integrate use Cobbler for installation over the network: Enterprise/Cobbler
Notes
- It's localised for Switzerland
- You need to adapt it and fill in some blanks
- It's designed so it doesn't ask any questions. It will wipe the entire disk.
- The disk is fully encrypted with a temporary password that is replaced in the final script
It is based on the official example-preseed
Explanation
The Setup is designed as a one-time setup. Without configuration management.
There are two scripts.
Script 1: Additional System Confguration:
This script is executed directly after installation, before shutdown. There I add some additional software and sources. If an nvidia-graphics card is detected, I install the proprietary driver (nvidia-current-updates), by default Ubuntu installs the open source nouveau driver and on first login asks for installation of additional drivers.
Skript 2: User-setup:
Script 2 is a interactive script which runs in a X screen where I use zenity for user Input. It is started by a custom upstart job which hooks in on "starting-dm" i.e. before lightdm (login-screen) is started. The script then launches the X Server, and a gnome-terminal on the X screen, which launches the same script again with "stage2" as parameter, that's the part with the graphical queries.
Disk Encryption:
The Preseed file sets a temporary password. And in the User Setup script, a Sys-Admin has to enter the default password, which is veryfied by the hash. Then the temporary password is replaced with the default admin password and the users password is added as an additional passphrase. Like that we have the same admin password on every machine (for emergency access or whatever).
Preseed File
# Preseeding only locale sets language, country and locale. d-i debian-installer/locale string de_CH.UTF-8 # The values can also be preseeded individually for greater flexibility. #d-i debian-installer/language string en #d-i debian-installer/country string CH #d-i debian-installer/locale string en_US.UTF-8 # Optionally specify additional locales to be generated. d-i localechooser/supported-locales multiselect de_CH.UTF-8, C.UTF-8, en_US.UTF-8 # Keyboard selection. # Disable automatic (interactive) keymap detection. d-i console-setup/ask_detect boolean false #d-i keyboard-configuration/modelcode string pc105 d-i keyboard-configuration/layoutcode string ch # To select a variant of the selected layout (if you leave this out, the # basic form of the layout will be used): #d-i keyboard-configuration/variantcode string dvorak # Disable network configuration entirely. This is useful for cdrom # installations on non-networked devices where the network questions, # warning and long timeouts are a nuisance. #d-i netcfg/enable boolean false # netcfg will choose an interface that has link if possible. This makes it # skip displaying a list if there is more than one interface. d-i netcfg/choose_interface select auto # To pick a particular interface instead: #d-i netcfg/choose_interface select eth1 # If you have a slow dhcp server and the installer times out waiting for # it, this might be useful. #d-i netcfg/dhcp_timeout string 60 # If you prefer to configure the network manually, uncomment this line and # the static network configuration below. #d-i netcfg/disable_autoconfig boolean true # If you want the preconfiguration file to work on systems both with and # without a dhcp server, uncomment these lines and the static network # configuration below. #d-i netcfg/dhcp_failed note #d-i netcfg/dhcp_options select Configure network manually # Static network configuration. #d-i netcfg/get_nameservers string 192.168.1.1 #d-i netcfg/get_ipaddress string 192.168.1.42 #d-i netcfg/get_netmask string 255.255.255.0 #d-i netcfg/get_gateway string 192.168.1.1 #d-i netcfg/confirm_static boolean true # Any hostname and domain names assigned from dhcp take precedence over # values set here. However, setting the values still prevents the questions # from being shown, even if values come from dhcp. d-i netcfg/get_hostname string host234 d-i netcfg/get_domain string example.com # Disable that annoying WEP key dialog. d-i netcfg/wireless_wep string # The wacky dhcp hostname that some ISPs use as a password of sorts. #d-i netcfg/dhcp_hostname string radish # If non-free firmware is needed for the network or other hardware, you can # configure the installer to always try to load it, without prompting. Or # change to false to disable asking. #d-i hw-detect/load_firmware boolean true # Use the following settings if you wish to make use of the network-console # component for remote installation over SSH. This only makes sense if you # intend to perform the remainder of the installation manually. #d-i anna/choose_modules string network-console #d-i network-console/password password r00tme #d-i network-console/password-again password r00tme # If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual d-i mirror/http/hostname string archive.ubuntu.com d-i mirror/http/directory string /ubuntu d-i mirror/http/proxy string # Alternatively: by default, the installer uses CC.archive.ubuntu.com where # CC is the ISO-3166-2 code for the selected country. You can preseed this # so that it does so without asking. d-i mirror/http/mirror select ch.archive.ubuntu.com # Suite to install. #d-i mirror/suite string squeeze # Suite to use for loading installer components (optional). #d-i mirror/udeb/suite string squeeze # Components to use for loading installer components (optional). #d-i mirror/udeb/components multiselect main, restricted # Controls whether or not the hardware clock is set to UTC. d-i clock-setup/utc boolean true # You may set this to any valid setting for $TZ; see the contents of # /usr/share/zoneinfo/ for valid values. d-i time/zone string Europe/Zurich # Controls whether to use NTP to set the clock during the install d-i clock-setup/ntp boolean true # NTP server to use. The default is almost always fine here. #d-i clock-setup/ntp-server string ntp.example.com # snippet 'ubuntu_partition' # If the system has free space you can choose to only partition that space. # This is only honoured if partman-auto/method (below) is not set. # Alternatives: custom, some_device, some_device_crypto, some_device_lvm. #d-i partman-auto/init_automatically_partition select biggest_free # Alternatively, you may specify a disk to partition. If the system has only # one disk the installer will default to using that, but otherwise the device # name must be given in traditional, non-devfs format (so e.g. /dev/hda or # /dev/sda, and not e.g. /dev/discs/disc0/disc). # For example, to use the first SCSI/SATA hard disk: #d-i partman-auto/disk string /dev/sda # In addition, you'll need to specify the method to use. # The presently available methods are: # - regular: use the usual partition types for your architecture # - lvm: use LVM to partition the disk # - crypto: use LVM within an encrypted partition # d-i partman-auto/method string lvm # crypto with preseeded passphrase d-i partman-auto/method string crypto d-i partman-crypto/passphrase password temporarypassword d-i partman-crypto/passphrase-again password temporarypassword # If one of the disks that are going to be automatically partitioned # contains an old LVM configuration, the user will normally receive a # warning. This can be preseeded away... d-i partman-lvm/device_remove_lvm boolean true # The same applies to pre-existing software RAID array: d-i partman-md/device_remove_md boolean true # And the same goes for the confirmation to write the lvm partitions. d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true #NOTE: This was missing in the example preseed # For LVM partitioning, you can select how much of the volume group to use # for logical volumes. d-i partman-auto-lvm/guided_size string max #d-i partman-auto-lvm/guided_size string 10GB #d-i partman-auto-lvm/guided_size string 50% d-i partman-auto-lvm/new_vg_name string vg-workstation # You can choose one of the three predefined partitioning recipes: # - atomic: all files in one partition # - home: separate /home partition # - multi: separate /home, /usr, /var, and /tmp partitions d-i partman-auto/choose_recipe select custom-lvm # Or provide a recipe of your own... # If you have a way to get a recipe file into the d-i environment, you can # just point at it. #d-i partman-auto/expert_recipe_file string /hd-media/recipe # If not, you can put an entire recipe into the preconfiguration file in one # (logical) line. This example creates a small /boot partition, suitable # swap, and uses the rest of the space for the root partition: d-i partman-auto/expert_recipe string \ custom-lvm :: \ 250 250 250 ext4 $primary{ } $bootable{ } \ mountpoint{ /boot } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ ext4 } \ . \ 10240 20480 40960 ext4 $lvmok{ } \ mountpoint{ / } \ lv_name{ root } \ in_vg { vg-workstation } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ ext4 } \ . \ 10240 40960 1000000 ext4 $lvmok{ } \ mountpoint{ /home } \ lv_name{ home } \ in_vg { vg-workstation } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ ext4 } \ . \ 4096 8192 200% linux-swap $lvmok{ } \ lv_name{ swap } \ in_vg { vg-workstation } \ method{ swap } \ format{ } \ . # If you just want to change the default filesystem from ext3 to something # else, you can do that without providing a full recipe. d-i partman/default_filesystem string ext4 # The full recipe format is documented in the file partman-auto-recipe.txt # included in the 'debian-installer' package or available from D-I source # repository. This also documents how to specify settings such as file # system labels, volume group names and which physical devices to include # in a volume group. # This makes partman automatically partition without confirmation, provided # that you told it what to do using one of the methods above. d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true # The default is to mount by UUID, but you can also choose "traditional" to # use traditional device names, or "label" to try filesystem labels before # falling back to UUIDs. #d-i partman/mount_style select uuid # snippet 'ubuntu_base' # Configure APT to not install recommended packages by default. Use of this # option can result in an incomplete system and should only be used by very # experienced users. #d-i base-installer/install-recommends boolean false # The kernel image (meta) package to be installed; "none" can be used if no # kernel is to be installed. #d-i base-installer/kernel/image string linux-generic # Skip creation of a root account (normal user account will be able to # use sudo). The default is false; preseed this to true if you want to set # a root password. d-i passwd/root-login boolean true # Alternatively, to skip creation of a normal user account. d-i passwd/make-user boolean false # Root password, either in clear text #d-i passwd/root-password password r00tme #d-i passwd/root-password-again password r00tme # or encrypted using an MD5 hash. #d-i passwd/root-password-crypted password [MD5 hash] # any pw hash will work as stored in /etc/shadow d-i passwd/root-password-crypted password #add hash # To create a normal user account. #d-i passwd/user-fullname string Ubuntu User #d-i passwd/username string ubuntu # Normal user's password, either in clear text #d-i passwd/user-password password insecure #d-i passwd/user-password-again password insecure # or encrypted using an MD5 hash. #d-i passwd/user-password-crypted password [MD5 hash] # Create the first user with the specified UID instead of the default. #d-i passwd/user-uid string 1010 # The installer will warn about weak passwords. If you are sure you know # what you're doing and want to override it, uncomment this. #d-i user-setup/allow-password-weak boolean true # The user account will be added to some standard initial groups. To # override that, use this. #d-i passwd/user-default-groups string audio cdrom video # Set to true if you want to encrypt the first user's home directory. d-i user-setup/encrypt-home boolean false # Policy for applying updates. May be "none" (no automatic updates), # "unattended-upgrades" (install security updates automatically), or # "landscape" (manage system with Landscape). d-i pkgsel/update-policy select none # Some versions of the installer can report back on what software you have # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most # popular and include it on CDs. popularity-contest popularity-contest/participate boolean false # By default, the system's locate database will be updated after the # installer has finished installing most packages. This may take a while, so # if you don't want it, you can set this to "false" to turn it off. d-i pkgsel/updatedb boolean true # With a few exceptions for unusual partitioning setups, GRUB 2 is now the # default. If you need GRUB Legacy for some particular reason, then # uncomment this: #d-i grub-installer/grub2_instead_of_grub_legacy boolean false # This is fairly safe to set, it makes grub install automatically to the MBR # if no other operating system is detected on the machine. d-i grub-installer/only_debian boolean true # This one makes grub-installer install to the MBR if it also finds some other # OS, which is less safe as it might not be able to boot that other OS. d-i grub-installer/with_other_os boolean true # Alternatively, if you want to install to a location other than the mbr, # uncomment and edit these lines: #d-i grub-installer/only_debian boolean false #d-i grub-installer/with_other_os boolean false #d-i grub-installer/bootdev string (hd0,0) # To install grub to multiple disks: #d-i grub-installer/bootdev string (hd0,0) (hd1,0) (hd2,0) # Optional password for grub, either in clear text #d-i grub-installer/password password r00tme #d-i grub-installer/password-again password r00tme # or encrypted using an MD5 hash, see grub-md5-crypt(8). #d-i grub-installer/password-crypted password [MD5 hash] # Use the following option to add additional boot parameters for the # installed system (if supported by the bootloader installer). # Note: options passed to the installer will be added automatically. #d-i debian-installer/add-kernel-opts string nousb # snippet 'ubuntu_package' # You can choose to install restricted and universe software, or to install # software from the backports repository. d-i apt-setup/restricted boolean true d-i apt-setup/universe boolean true d-i apt-setup/multiverse boolean true d-i apt-setup/partner boolean true d-i apt-setup/extras boolean true d-i apt-setup/non-free boolean true d-i apt-setup/backports boolean false # Uncomment this if you don't want to use a network mirror. #d-i apt-setup/use_mirror boolean false # Select which update services to use; define the mirrors to be used. # Values shown below are the normal defaults. #d-i apt-setup/services-select multiselect security #d-i apt-setup/security_host string security.ubuntu.com #d-i apt-setup/security_path string /ubuntu # Additional repositories, local[0-9] available #d-i apt-setup/local0/repository string \ # http://local.server/ubuntu squeeze main #d-i apt-setup/local0/comment string local server # Enable deb-src lines #d-i apt-setup/local0/source boolean true # URL to the public key of the local repository; you must provide a key or # apt will complain about the unauthenticated repository and so the # sources.list line will be left commented out #d-i apt-setup/local0/key string http://local.server/key # Add custom repository d-i apt-setup/local0/repository string \ http://apt.example.ch/ precise-example main d-i apt-setup/local0/key string http://apt.example.ch/example-apt.gpg # By default the installer requires that repositories be authenticated # using a known gpg key. This setting can be used to disable that # authentication. Warning: Insecure, not recommended. #d-i debian-installer/allow_unauthenticated boolean true # Accept Microsoft Fonts EULA ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula boolean true # don't set adobe reader as default acroread-common acroread-common/default-viewer boolean false # Setuid bit for davfs2, allow davfs mounts by users. davfs2 davfs2/suid_file boolean true tasksel tasksel/first multiselect ubuntu-desktop, virt-host #tasksel tasksel/first multiselect lamp-server, print-server #tasksel tasksel/first multiselect kubuntu-desktop # Individual additional packages to install d-i pkgsel/include string openssh-server \ language-pack-de \ language-pack-gnome-de \ language-pack-en \ language-pack-gnome-en \ wngerman \ wogerman \ wamerican \ wbritish \ wswiss \ firefox-locale-de \ thunderbird-locale-de \ libreoffice \ libreoffice-l10n-de \ libreoffice-help-de \ hyphen-de \ hyphen-en-us \ mythes-de-ch \ mythes-de \ mythes-en-us \ hunspell-de-de \ hunspell-de-ch \ hunspell-en-us \ poppler-data \ myspell-en-gb \ acroread \ apt-file \ autofs \ build-essential \ byobu \ chromium-browser \ cifs-utils \ console-common \ davfs2 \ eclipse \ eclipse-egit \ enigmail \ filezilla \ gedit-plugins \ git \ gitg \ gnupg \ gnupg-agent \ gpm \ htop \ inkscape \ libcrack2 \ libreoffice-presenter-console \ lightning-extension \ meld \ nautilus-compare \ nautilus-filename-repairer \ nautilus-image-converter \ nautilus-open-terminal \ network-manager-openvpn \ network-manager-openvpn-gnome \ nmap \ regexxer \ rdesktop \ retext \ ruby \ shutter \ skype \ synaptic \ terminator \ traceroute \ ubuntu-restricted-extras \ vim \ virt-manager \ vlc \ wine \ wireshark \ zenity # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade d-i pkgsel/upgrade select full-upgrade # Language pack selection d-i pkgsel/language-packs multiselect de, en pkgsel/ignore-incomplete-language-support boolean true # Policy for applying updates. May be "none" (no automatic updates), # "unattended-upgrades" (install security updates automatically), or # "landscape" (manage system with Landscape). d-i pkgsel/update-policy select none # Some versions of the installer can report back on what software you have # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most # popular and include it on CDs. popularity-contest popularity-contest/participate boolean false # By default, the system's locate database will be updated after the # installer has finished installing most packages. This may take a while, so # if you don't want it, you can set this to "false" to turn it off. d-i pkgsel/updatedb boolean true # During installations from serial console, the regular virtual consoles # (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next # line to prevent this. #d-i finish-install/keep-consoles boolean true # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note # This will prevent the installer from ejecting the CD during the reboot, # which is useful in some situations. #d-i cdrom-detect/eject boolean false # This is how to make the installer shutdown when finished, but not # reboot into the installed system. #d-i debian-installer/exit/halt boolean true # This will power off the machine instead of just halting it. d-i debian-installer/exit/poweroff boolean true # X can detect the right driver for some cards, but if you're preseeding, # you override whatever it chooses. Still, vesa will work most places. #xserver-xorg xserver-xorg/config/device/driver select vesa # A caveat with mouse autodetection is that if it fails, X will retry it # over and over. So if it's preseeded to be done, there is a possibility of # an infinite loop if the mouse is not autodetected. #xserver-xorg xserver-xorg/autodetect_mouse boolean true # Monitor autodetection is recommended. xserver-xorg xserver-xorg/autodetect_monitor boolean true # Uncomment if you have an LCD display. #xserver-xorg xserver-xorg/config/monitor/lcd boolean true # X has three configuration paths for the monitor. Here's how to preseed # the "medium" path, which is always available. The "simple" path may not # be available, and the "advanced" path asks too many questions. xserver-xorg xserver-xorg/config/monitor/selection-method \ select medium xserver-xorg xserver-xorg/config/monitor/mode-list \ select 1024x768 @ 60 Hz # Depending on what software you choose to install, or if things go wrong # during the installation process, it's possible that other questions may # be asked. You can preseed those too, of course. To get a list of every # possible question that could be asked during an install, do an # installation, and then run these commands: # debconf-get-selections --installer > file # debconf-get-selections >> file # d-i preseeding is inherently not secure. Nothing in the installer checks # for attempts at buffer overflows or other exploits of the values of a # preconfiguration file like this one. Only use preconfiguration files from # trusted locations! To drive that home, and because it's generally useful, # here's a way to run any shell command you'd like inside the installer, # automatically. d-i preseed/late_command string \ in-target wget -O /root/desktop-bootstrap.sh "http://example.com/ubuntu-desktop-bootstrap.sh"; \ in-target chmod +x /root/desktop-bootstrap.sh; \ in-target /root/desktop-bootstrap.sh; \ cp /var/log/syslog /target/root/log/install-syslog; # No boot splash screen. #d-i debian-installer/splash boolean false # Install the debconf oem-config frontend (if in OEM mode). #d-i oem-config-udeb/frontend string debconf # Add the network and tasks oem-config steps by default. #oem-config oem-config/steps multiselect language, keyboard, user, network, tasks
Enterprise/WorkstationAutoinstallPreseed (last edited 2013-06-07 21:45:39 by 80-219-107-54)