Installation automatisé de Debian 10

Prérequis

Il nous faut les deux paquets suivant :

  • xorriso : extraction de l'iso
  • genisoimage : création de l'iso personnalisé
apt update && apt -y install xorriso genisoimage

Download de l'image Debian

curl -LO# https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.8.0-amd64-netinst.iso

Extraction de l'ISO

xorriso -osirrox on -indev debian-10.8.0-amd64-netinst.iso -extract / isofiles/

Download du tamplate de pré configuration

curl -#L https://www.debian.org/releases/stable/example-preseed.txt -o preseed.cfg

Configuration du fichier de pré configuration

Les locales

#### Contents of the preconfiguration file (for buster)
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US

# The values can also be preseeded individually for greater flexibility.
#d-i debian-installer/language string en
#d-i debian-installer/country string NL
#d-i debian-installer/locale string en_GB.UTF-8
# Optionally specify additional locales to be generated.
d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8

# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select fr(latin9)
# d-i keyboard-configuration/toggle select No toggling

Le réseau

Dans mon cas, je laisse en mode DHCP pour IPv4 et IPv6 et le système va choisir de lui même son interface IP.

Il est possible d'attribuer des IP fixes.

### Network configuration
# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
#d-i netcfg/enable boolean false

# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto

# To pick a particular interface instead:
#d-i netcfg/choose_interface select eth1

# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
#d-i netcfg/link_wait_timeout string 10

# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60

# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true

# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually

# Static network configuration.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.42
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true
Nom d'hôtes et de domaine

d-i netcfg/get_hostname string Nom de la machine
d-i netcfg/get_domain string Votre.Domaine

Si le réseau est configuré en IPv6, le nom de la machine sera son adresse IP, pour y remédier, il faut forcer le nom sur cette ligne
d-i netcfg/hostname string Nom de la machine

# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string install
d-i netcfg/get_domain string lab.lan

# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
d-i netcfg/hostname string install
Wifi
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish
Ajout automatique de firmware non libre

Décommenté la ligne si vous désirez que Debian ce débrouille a chercher des drivers non libre.

# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true
Console réseau

En ce qui me concerne cela n'a pas d'intérêt

### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme

Configuration du miroir d'installation

Par défaut on est sur un serveur aux USA, j'ai configuré pour passer sur un miroir situé en France

### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.fr.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

# Suite to install.
#d-i mirror/suite string testing
# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string testing

Configuration utilisateurs

Dans mon cas, je ne configure que le compte root avec le mot hacher en sha-512 via la commande :

mkpasswd -m sha-512

Le résultat de la commande remplacera le champ : [crypt(3) hash]

### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo).
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false

# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3)  hash.
d-i passwd/root-password-crypted password (crypt(3) hash)

# To create a normal user account.
#d-i passwd/user-fullname string Debian User
#d-i passwd/username string debian
# Normal user's password, either in clear text
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure
# or encrypted using a crypt(3) hash.
#d-i passwd/user-password-crypted password [crypt(3) hash]
# Create the first user with the specified UID instead of the default.
#d-i passwd/user-uid string 1010

# The user account will be added to some standard initial groups. To
# override that, use this.
#d-i passwd/user-default-groups string audio cdrom video

Time zone

### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
# d-i clock-setup/utc boolean true

# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Paris

# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com

Partitionnement

### Partitionnement
# On force le partitionnement sur le premier disque
d-i partman-auto/disk string /dev/sda

# Je veux un partitionement sans raid ni LVM.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm:     use LVM to partition the disk
# - crypto:  use LVM within an encrypted partition
d-i partman-auto/method string regular

# Supressions des avertissement si une partion LVM existe
d-i partman-lvm/device_remove_lvm boolean true
# Pareil mais pour le RAID
d-i partman-md/device_remove_md boolean true
# Iil en va de même pour la confirmation de l'écriture des partitions lvm.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true

# On ne va créer que une seule partition
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
Table en GPT
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
partman-partitioning partman-partitioning/choose_label select gpt
# Validation de la configuration du partitionnement.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

# Forcer l'utilisation des UUID que les noms de périphériques
d-i partman/mount_style select uuid

 

Post installation

Pour mes besoins je dois installer l'agent zabbix.

# script post install 
d-i preseed/late_command string \
in-target wget https://repo.zabbix.com/zabbix/5.0/debian/pool/main/z/zabbix-release/zabbix-release_5.0-1+buster_all.deb; \
in-target dpkg -i zabbix-release_5.0-1+buster_all.deb; \
in-target apt update; \
in-target apt install -y zabbix-agent

Création de l'ISO personnalisé

Modification du boot loader

Cette modification permet de ne pas avoir le menu de sélection et de passer directement sur l'installation automatique

BIOS : isolinux

Modification du fichier isofiles/isolinux/isolinux.cfg en commentant ou enlevant la ligne default vesamenu.c32

UEFI : grub

Modification non faite, car je suis en vm

Ajout du fichier de pré configuration dans initrd

chmod +w -R isofiles/install.amd/
gunzip isofiles/install.amd/initrd.gz
echo preseed.cfg | cpio -H newc -o -A -F isofiles/install.amd/initrd gzip isofiles/install.amd/initrd
chmod -w -R isofiles/install.amd/

Génération du checksum MD5

cd isofiles/
chmod a+w md5sum.txt
md5sum `find -follow -type f` > md5sum.txt
chmod a-w md5sum.txt
cd ..

Création de l'ISO

chmod a+w isofiles/isolinux/isolinux.bin
genisoimage -r -J -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o debian-10-unattended.iso isofiles

https://youtu.be/7oC0d8cGBGQ

<iframe width="560" height="315" src="https://www.youtube.com/embed/7oC0d8cGBGQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

Mon fichier de configuration

### Localization
# Configurer la locale permet aussi de configurer
# la langue et le pays de l'OS
d-i debian-installer/locale string fr_FR.UTF-8

# Choix du clavier
# keymap est un alias de keyboard-configuration/xkb-keymap
d-i keymap select fr(latin9)
# On désactive la sélection fine de la configuration du clavier
#d-i keyboard-configuration/toggle select No toggling

### Configuration Réseau
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto

# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60

# Décomanté pour configurer manuellement le réseau
#d-i netcfg/disable_autoconfig boolean true

# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually

# Configuration statique du réseau.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.42
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true

# Le nom d'hote et de domaine définit par le DHCP sont prioritaire.
d-i netcfg/get_hostname string install
d-i netcfg/get_domain string lab.lan

# Pour forcer le nom de l'hote
d-i netcfg/hostname string install

# Décommanter dans le cas d'utilisation de firware non reconnu automatiquent
#d-i hw-detect/load_firmware boolean true

### Configuration du mirroir d'instalation
# Décommanter la ligne suivante si mirroir en FTP
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.fr.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

### Configuration du compte root
# On saute la création d'un compte utilisateur normal.
d-i passwd/make-user boolean false

# Mot de passe root sera chiffré en achachage SHA-512
# Pour créer le hash  utiliser la commande : mkpasswd -m sha-512
# Valeur optenue a indiquer à la place de [crypt(3) hash]
d-i passwd/root-password-crypted password [crypt(3) hash]

### Configuration de l'horloge et du fuseau horaire
# Contrôle si l'horloge matérielle est réglée sur UTC ou non..
#d-i clock-setup/utc boolean true

# Définition de la zone géographique.
d-i time/zone string Europe/Paris

# Contrôle l'utilisation du protocole NTP pour régler l'horloge pendant l'installation.
d-i clock-setup/ntp boolean true
# Serveur NTP à utiliser. La valeur par défaut convient presque toujours.
#d-i clock-setup/ntp-server string ntp.example.com

### Partitionnement
# On force le partitionnement sur le premier disque
d-i partman-auto/disk string /dev/sda

# Je veux un partitionement sans raid ni LVM.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm:     use LVM to partition the disk
# - crypto:  use LVM within an encrypted partition
d-i partman-auto/method string regular

# Supressions des avertissement si une partion LVM existe
d-i partman-lvm/device_remove_lvm boolean true
# Pareil mais pour le RAID
d-i partman-md/device_remove_md boolean true
# Iil en va de même pour la confirmation de l'écriture des partitions lvm.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true

# On ne va créer que une seule partition
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic

# Table de partition au format GPT
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
partman-partitioning partman-partitioning/choose_label select gpt

# Validation de la configuration du partitionnement.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

# Forcer l'utilisation des UUID que les noms de périphériques
d-i partman/mount_style select uuid

### Base system installation
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false

# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
#d-i base-installer/kernel/image string linux-image-686
d-i base-installer/kernel/image string linux-image-cloud-amd64

### Apt setup
# On pousse l'utilisation des dépots non-free & contrib.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# Uncomment this if you don't want to use a network mirror.
#d-i apt-setup/use_mirror boolean false
# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
#d-i apt-setup/services-select multiselect security, updates
#d-i apt-setup/security_host string security.debian.org

# Avoid CD/DVD scan
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false
d-i apt-setup/cdrom/set-failed boolean false

### Package selection
#tasksel tasksel/first multiselect standard, web-server, kde-desktop
tasksel tasksel/first multiselect standard

# Instalation de packets suplémentaires
d-i pkgsel/include string openssh-server sudo curl git python3-pip unzip unattended-upgrades apt-listchanges
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
#d-i pkgsel/upgrade select none

# Ne pas participer aux stats d'utilisation des packets.
popularity-contest popularity-contest/participate boolean false

### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true


# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true

# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true

# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev  string /dev/sda
# To install to the first device (assuming it is not a USB stick):
d-i grub-installer/bootdev  string default

# Alternatively, if you want to install to a location other than the mbr,
# uncomment and edit these lines:
#d-i grub-installer/only_debian boolean false
#d-i grub-installer/with_other_os boolean false
#d-i grub-installer/bootdev  string (hd0,1)
# To install grub to multiple disks:
#d-i grub-installer/bootdev  string (hd0,1) (hd1,1) (hd2,1)

# Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme
# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]

# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb

### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
#d-i finish-install/keep-consoles boolean true

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
#d-i cdrom-detect/eject boolean false

# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true

### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
#   debconf-get-selections --installer > file
#   debconf-get-selections >> file


#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.

# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
#       string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh

# script post install
d-i preseed/late_command string \
in-target wget https://repo.zabbix.com/zabbix/5.0/debian/pool/main/z/zabbix-release/zabbix-release_5.0-1+buster_all.deb; \
in-target dpkg -i zabbix-release_5.0-1+buster_all.deb; \
in-target rm -f zabbix-release_5.0-1+buster_all.deb; \
in-target apt update; \
in-target apt install -y zabbix-agent

Sources

https://wiki.debian.org/fr/DebianInstaller/Preseed

https://www.debian.org/releases/stable/amd64/apbs04.fr.html

https://wikitech.wikimedia.org/wiki/PartMan

 

 


Revision #7
Created Mon, Mar 22, 2021 6:32 PM by Nidouille
Updated Tue, Mar 30, 2021 1:30 PM by Nidouille