Debian
預置 debian 11 完全無人值守(擺脫問題)
我正在嘗試完全自動化地預置 debian 11 netinstall。我在這裡閱讀了許多文件:
這是我的引導行(來自 grub.cfg)
set default="autoinstall" set timeout=3 menuentry "Debian 11 Fully Automated UEFI LVM LUKS BTRFS Remote Decrypt DEBUG TTY4" --id autoinstall { set background_color=black linux /debian-installer/amd64/linux auto=true url=tftp://192.168.1.100/preseed/debseed11_crypt.cfg net.ifnames=0 biosdevname=0 ipv6.disable=1 language=en locale=en_US.UTF-8 keymap=fr vga=788 noprompt DEBCONF_DEBUG=5 --- quiet initrd /debian-installer/amd64/initrd.gz }
這是我的預置文件:
#### Preseed preconfiguration file (for Debian buster) ### Partman early command ### Kernal parameter #d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 hostname=unassigned-hostname domain=unassigned-domain #d-i debconf/priority critical #d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 console=ttyS0,19200n8 ### Localization d-i debian-installer/locale string en_US d-i debian-installer/language string en d-i debian-installer/country string US #d-i debian-installer/locale string en_US.UTF-8 fr_FR.UTF-8 d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8 ### Keyboard selection d-i keyboard-configuration/xkb-keymap select fr ### Network configuration # Netcfg choisira une interface connectée si possible. Cela empêchera # # d'afficher une liste s'il y a plusieurs interfaces. d-i netcfg/choose_interface select auto #d-i netcfg/choose_interface select eth0 d-i netcfg/use_dhcp string true d-i netcfg/link_wait_timeout string 10 d-i netcfg/dhcp_timeout string 60 #d-i netcfg/disable_autoconfig boolean true d-i netcfg/dhcp_failed note #d-i netcfg/dhcp_options select auto #Configure network manually # IPv4 Static network configuration #d-i netcfg/get_ipaddress string 192.168.1.120 #d-i netcfg/get_netmask string 255.255.255.0 #d-i netcfg/get_gateway string 192.168.1.1 #d-i netcfg/get_nameservers string 192.168.1.1 #d-i netcfg/confirm_static boolean true # Set a hostname #d-i netcfg/get_hostname string zhurong #d-i netcfg/get_domain string planet.mars # Force a hostname #d-i netcfg/hostname string zhurong.planet.mars # Disable that annoying WEP key dialog d-i netcfg/wireless_wep string d-i netcfg/get_hostname unassigned-hostname d-i netcfg/get_domain unassigned-domain d-i netcfg/get_hostname seen true d-i netcfg/get_domain seen true ### Mirror settings d-i mirror/country string manual d-i mirror/http/hostname string httpredir.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string ### Account setup # Skip creation of a normal user account d-i passwd/make-user boolean false # Set root password # or encrypted using a crypt(3) hash. d-i passwd/root-password-crypted password $6$47Cx5oMpkh66eYNI$LV76xupgkvZ3rHJCq1NgXKzp3bBDv6g0FmMiSvmUp1jqaIkTEz5F6eA.SRhBzyPReVQEnzZWwFWSdKGBBn.tE1 ### Clock and time zone setup # Set hardware clock to UTC d-i clock-setup/utc boolean true # Set timezone d-i time/zone string Europe/Paris # Use NTP clock during installation d-i clock-setup/ntp boolean true ### Partitioning # LVM LUKS method # Inhibit partman to fill the disk with random data d-i partman-auto-crypto/erase_disks boolean false #d-i partman/early_command \ # string dd if=/dev/zero of=/dev/sda bs=512 count=1 d-i partman-auto/method string crypto d-i partman-lvm/device_remove_lvm boolean true d-i partman-md/device_remove_md boolean true d-i partman-lvm/confirm boolean true d-i partman-auto-lvm/guided_size string max d-i partman-auto-lvm/new_vg_name string debian d-i partman-auto/disk string /dev/vda d-i partman-auto/choose_recipe select boot-crypto d-i partman-crypto/passphrase password aaabbbccc d-i partman-crypto/passphrase-again password aaabbbccc d-i partman-auto/expert_recipe string \ boot-crypto :: \ 1024 1024 1024 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ . \ 8192 8192 8192 linux-swap \ $lvmok{ } lv_name{ swap } \ in_vg { debian } \ method{ swap } format{ } \ . \ 80896 80896 1000000 btrfs \ $lvmok{ } lv_name{ root } \ in_vg { debian } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ mountpoint{ / } \ . \ #d-i partman-basicfilesystems/no_mount_point boolean false d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true d-i partman-md/confirm boolean true d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true ### Apt setup d-i apt-setup/cdrom/set-first boolean false d-i apt-setup/cdrom/set-next boolean false d-i apt-setup/cdrom/set-failed boolean false d-i apt-setup/services-select multiselect security, updates d-i apt-setup/security_host string security.debian.org ### Package selection tasksel tasksel/first multiselect standard # Individual additional packages to install d-i pkgsel/include string openssh-server vim tmux tcpdump dropbear-initramfs cryptsetup-initramfs python3.9 d-i pkgsel/upgrade select full-upgrade d-i pkgsel/update-policy select none d-i pkgsel/updatedb boolean true popularity-contest popularity-contest/participate boolean false ### GRUB STUFF d-i grub-installer/only_debian boolean true d-i grub-installer/bootdev string default # Note: options passed to the installer will be added automatically. #d-i debian-installer/add-kernel-opts string nousb # Optional password for grub, either in clear text # #d-i grub-installer/password password r00tme # #d-i grub-installer/password-again password r00tme # # or encrypted using an MD5 hash, see grub-md5-crypt(8). # #d-i grub-installer/password-crypted password [MD5 hash] # # # Use the following option to add additional boot parameters for the # # installed system (if supported by the bootloader installer). # # Note: options passed to the installer will be added automatically. # #d-i debian-installer/add-kernel-opts string nousb # # ### Finishing up the installation # # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note d-i preseed/late_command string \ mkdir -p -m 700 /target/root/.ssh; \ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS" > /target/root/.ssh/authorized_keys; \ in-target chown --recursive root:root /root/.ssh; \ in-target chmod 0644 /root/.ssh/authorized_keys; \ in-target update-alternatives --set editor /usr/bin/vim.basic; \ in-target passwd --expire root; \ in-target echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS' > /etc/dropbear-initramfs/authorized_keys; \ in-target sed -i '/*PasswordAuthentication*/c\PasswordAuthentication no' /etc/ssh/sshd_config; \ in-target sed -i '/*PasswordAuthentication*/c\PasswordAuthentication no' /etc/ssh/sshd_config; \ in-target systemctl enable --now sshd; \ in-target sed -i '/*DROPBEAR_OPTIONS=*/c\DROPBEAR_OPTIONS="-I 300 -j -k -p 22 -s -c /bin/cryptroot-unlock "' /etc/dropbear-initramfs/config; \ in-target sed -i '/*IP=*/c\IP="dhcp"' /etc/initramfs-tools/initramfs.conf; \ in-target update-initramfs -u; #
目前我得到 debien 安裝程序要求我:
- 主機名
- 域名
我只是想擺脫這些問題。這是我嘗試過的:
- 我嘗試在 pxe 伺服器上的命令行核心選項中使用 priority=critical。
- 我將我的 dhcpd 伺服器配置為管理此特定主機的主機名域名。
host curiosity { hardware ethernet 12:34:45:12:34:56; fixed-address 192.168.1.90; option host-name "curiosity"; option domain-name "planet.mars"; }
我知道我可以設置主機名/域變數,一切都會好起來的,但我想製作一個非常通用的預置來部署在多個伺服器上。
一些幫助或線索將不勝感激。
提前謝謝你。
編輯:已解決:
順便說一句,第一個 preseed 並不完美。如果有人對此感興趣,那就更好了。
它通過 ssh DEBUG TTY4 實現全自動 Debian 11 UEFI LUKS BTRFS 遠端解密
#### Preseed preconfiguration file (for Debian bullseye) # Debian 11 Fully Automated UEFI LVM LUKS BTRFS Remote Decrypt via ssh DEBUG # TTY4 ### Partman early command ### Kernel parameter #d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 hostname=unassigned-hostname domain=unassigned-domain #d-i debconf/priority critical #d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 console=ttyS0,19200n8 ### Localization d-i debian-installer/locale string en_US d-i debian-installer/language string en d-i debian-installer/country string US #d-i debian-installer/locale string en_US.UTF-8 fr_FR.UTF-8 d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8 ### Keyboard selection d-i keyboard-configuration/xkb-keymap select fr ### Network configuration # Netcfg choisira une interface connectée si possible. Cela empêchera # # d'afficher une liste s'il y a plusieurs interfaces. d-i netcfg/choose_interface select auto #d-i netcfg/choose_interface select eth0 d-i netcfg/use_dhcp string true d-i netcfg/link_wait_timeout string 10 d-i netcfg/dhcp_timeout string 60 #d-i netcfg/disable_autoconfig boolean true d-i netcfg/dhcp_failed note #d-i netcfg/dhcp_options select auto #Configure network manually # IPv4 Static network configuration #d-i netcfg/get_ipaddress string 192.168.1.120 #d-i netcfg/get_netmask string 255.255.255.0 #d-i netcfg/get_gateway string 192.168.1.1 #d-i netcfg/get_nameservers string 192.168.1.1 #d-i netcfg/confirm_static boolean true # Set a hostname #d-i netcfg/get_hostname string zhurong #d-i netcfg/get_domain string planet.mars # Force a hostname #d-i netcfg/hostname string zhurong.planet.mars # Disable that annoying WEP key dialog d-i netcfg/wireless_wep string #d-i netcfg/get_hostname=install d-i netcfg/get_hostname unassigned-hostname d-i netcfg/get_domain unassigned-domain d-i netcfg/get_hostname seen true d-i netcfg/get_domain seen true ### Mirror settings d-i mirror/country string manual d-i mirror/http/hostname string httpredir.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string ### Account setup # Skip creation of a normal user account d-i passwd/make-user boolean false # Set root password # or encrypted using a crypt(3) hash. d-i passwd/root-password-crypted password $6$47Cx5oMpkh999YNI$XG76xupgkvZ3rHJCq1NgXKzp3bBfIuj0FmMiSvmUp1jqaIkTEz5F6eA.SRhBzyPReVQEnzZWwFWSdYGCBn.tE1 ### Clock and time zone setup # Set hardware clock to UTC d-i clock-setup/utc boolean true # Set timezone d-i time/zone string Europe/Paris # Use NTP clock during installation d-i clock-setup/ntp boolean true ### Partitioning # LVM LUKS method # Inhibit partman to fill the disk with random data d-i partman-auto-crypto/erase_disks boolean false #d-i partman/early_command \ # string dd if=/dev/zero of=/dev/sda bs=512 count=1 # Force UEFI booting ('BIOS compatibility' will be lost). Default: false. d-i partman-efi/non_efi_system boolean false # Ensure the partition table is GPT - this is required for EFI d-i partman-partitioning/choose_label string gpt d-i partman-partitioning/default_label string gpt d-i partman-auto/method string crypto d-i partman-lvm/device_remove_lvm boolean true d-i partman-md/device_remove_md boolean true d-i partman-lvm/confirm boolean true d-i partman-auto-lvm/guided_size string max d-i partman-auto-lvm/new_vg_name string debian d-i partman-auto/disk string /dev/sda d-i partman-auto/choose_recipe select boot-crypto d-i partman-crypto/passphrase password aabbcc d-i partman-crypto/passphrase-again password aabbcc d-i partman-auto/expert_recipe string \ boot-crypto :: \ 512 50 512 fat32 \ $primary{ } $bootable{ } \ method{ efi } format{ } \ mountpoint{ /boot/efi } \ . \ 1024 1024 1024 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ . \ 8192 8192 8192 linux-swap \ $lvmok{ } lv_name{ swap } \ in_vg { debian } \ method{ swap } format{ } \ . \ 80896 80896 1000000 btrfs \ $lvmok{ } lv_name{ root } \ in_vg { debian } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ mountpoint{ / } \ . \ #d-i partman-basicfilesystems/no_mount_point boolean false d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true d-i partman-md/confirm boolean true d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true ### Apt setup d-i apt-setup/cdrom/set-first boolean false d-i apt-setup/cdrom/set-next boolean false d-i apt-setup/cdrom/set-failed boolean false d-i apt-setup/services-select multiselect security, updates d-i apt-setup/security_host string security.debian.org ### Package selection tasksel tasksel/first multiselect standard # Individual additional packages to install d-i pkgsel/include string openssh-server vim tmux tcpdump dropbear-initramfs cryptsetup-initramfs python3.9 d-i pkgsel/upgrade select full-upgrade d-i pkgsel/update-policy select none d-i pkgsel/updatedb boolean true popularity-contest popularity-contest/participate boolean false ### GRUB STUFF d-i grub-installer/only_debian boolean true d-i grub-installer/bootdev string default # Note: options passed to the installer will be added automatically. #d-i debian-installer/add-kernel-opts string nousb # Optional password for grub, either in clear text # #d-i grub-installer/password password r00tme # #d-i grub-installer/password-again password r00tme # # or encrypted using an MD5 hash, see grub-md5-crypt(8). # #d-i grub-installer/password-crypted password [MD5 hash] # # # Use the following option to add additional boot parameters for the # # installed system (if supported by the bootloader installer). # # Note: options passed to the installer will be added automatically. # #d-i debian-installer/add-kernel-opts string nousb # # ### Finishing up the installation # # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note d-i preseed/late_command string \ mkdir -p -m 700 /target/root/.ssh; \ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS" > /target/root/.ssh/authorized_keys; \ in-target chown --recursive root:root /root/.ssh; \ in-target chmod 0644 /root/.ssh/authorized_keys; \ in-target update-alternatives --set editor /usr/bin/vim.basic; \ d-i preseed/late_command string \ mkdir -p -m 700 /target/root/.ssh; \ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS" > /target/root/.ssh/authorized_keys; \ in-target chown --recursive root:root /root/.ssh; \ in-target chmod 0644 /root/.ssh/authorized_keys; \ in-target update-alternatives --set editor /usr/bin/vim.basic; \ echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEe3gF//znGIzq30frI6O9qDn5eM6uqEZZlx7mR5SiS' > /target/etc/dropbear-initramfs/authorized_keys; \ echo 'PasswordAuthentication no' >> /target/etc/ssh/sshd_config.d/setup; \ echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config.d/setup; \ echo 'auto eno1' >> /target/etc/network/interfaces; \ sed -i 's/eth0/eno1/g' /target/etc/network/interfaces; \ in-target systemctl enable --now sshd; \ echo 'DROPBEAR_OPTIONS="-I 300 -j -k -p 22 -s -c /bin/cryptroot-unlock"' >> /target/etc/dropbear-initramfs/config; \ echo 'IP="dhcp"' >> /target/etc/initramfs-tools/initramfs.conf; \ in-target update-initramfs -u; # in-target passwd --expire root; \
解決 !
我找到了一種方法!感謝這篇關於相反問題的文章
我剛剛在 grub.cfg 的引導行中添加了兩個參數
netcfg/get_hostname=install netcfg/get_domain=install
它現在是完全自動化的,不問任何問題。