Hi there.
First i need to thanks all team,devs and enthousiats volounteers participating and helping this great project.
I managed to boot Ubuntu 20.04.3 via NFS/HTTPS with UEFI (BTRFS + apt-btrfs-snapshots) (LUKS OR NOT) with a fully automated preseed/postinstall.sh
Here are the files :
The menu :
kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd root=/dev/nfs boot=casper netboot=nfs nfsroot=${fog-ip}:/images/os/ubuntu/ locale=fr_FR.UTF-8 net.ifnames=0 biosdevname=0 ipv6.disable=1 keyboard-configuration/layoutcode=fr ip=dhcp rw hostname=DEPLOYX-ATD domain=ad.atdqm.tech automatic-ubiquity url=http://${fog-ip}/autoinstall/ubuntu/ubiseed_20_nvme.cfg debian-installer/allow_unauthenticated_ssl=true DEBCONF_DEBUG=5
boot || goto MENU
The Preseed
# Scripté par votre serviteur Val durant un apres-midi de printemps.
# version 0.8
# TODO
# REDUIR TEMPS GRUB
# AJOUTER COMMANDE PAM MKHOME
# Il s'agit d'automatiser une installation d' Uuntu 20.04.2 Desktop à destination des desktops et laptops du mouvement.
# Certaines informations manquent et des tests sont en cour.
# On pourrait utiliser Packer , Vagrant, Ansible , toussa mais pour le moment on fait un preseed assez simple sans jonction à l'AD mais avec les
# paquets qui vont bien.
# On pourrait aussi utiliser autoinstall du cloud-init en yaml mais c'est compatible uniquement avec la version server . Pourquoi ? je n'en ai absolument aucune idée.
# À terme nous prevoyons deux autres preseed apres des tests:
# Un pour des laptop (chiffrement luks) avec/sans jonction AD
# Un pour machines virtuelles avec jonction AD
# Enjoy !
# À partir du moment ou le preseed est lu on peut directement executer une commande
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
### Unattended Installation
d-i auto-install/enable boolean true
d-i debconf/priority select critical
# 1 - ### Localization
# Preseeding only locale sets language, country and locale.
# On setup la locale qui s'occupe de language, country and locale.
d-i debian-installer/locale string fr_FR.UTF-8
d-i localechooser/supported-locales multiselect fr_FR.UTF-8
# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select fr
# 2 - ### Network configuration
# On active la conf reseau bah oui on est en pxe les copains. Il faut que la plage IP et les DNS soient good !
d-i netcfg/enable boolean true
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select eth1
# À tricker au cas ou la conf auto ne passe pas.
# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
d-i netcfg/link_wait_timeout string 10
# En cas de DHCP molasson on definit un timeout (en secondes)
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true
# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually
# Static network configuration.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.42
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string DEPLOYX-ATD
#d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_domain string ad.atdqm.tech
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
# Cette directive est à adapter selon les experiences rencontrées avec le hardware du parc.
d-i hw-detect/load_firmware boolean false
### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme
# Use this instead if you prefer to use key-based authentication
#d-i network-console/authorized_keys_url http://host/authorized_keys
# 3 -### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
#d-i mirror/country string france
#d-i mirror/http/hostname string fr.archive.ubuntu.com
#d-i mirror/http/directory string /ubuntu
#d-i mirror/http/proxy string
### Lorsque notre apt -cacher-ng sera installé precisez l'addresse ici.
#d-i mirror/http/proxy string https://apt-cacher-ng:3184/
# Alternatively: by default, the installer uses CC.archive.ubuntu.com where
# CC is the ISO-3166-2 code for the selected country. You can preseed this
# so that it does so without asking.
# On utilise le depot par defaut en FR
d-i mirror/http/mirror select fr.archive.ubuntu.com
# Suite to install.
# TODO Incomprehensible que les dev d'ubuntu n'aient pas updaté cette valeur stretch pour la 20.04 ?
#d-i mirror/suite string focal
# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string focal
# Components to use for loading installer components (optional).
# On balance les depots universe et multiverse en plus pour que notre preseed sache ou aller taper.
d-i mirror/udeb/components multiselect main, restricted, universe, multiverse
# 5 - ### Account setup
### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo). The default is false; preseed this to true if you want to set
# a root password.
d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean true
# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3) hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]
# Nous specifions le local admin pour acces à l'interface graphique en cas de depannage sans A.D (SSSD)
# To create a normal user account.
d-i passwd/user-fullname string admin6
d-i passwd/username string admin6
d-i passwd/user-uid string 980
# Normal user's password, either in clear text
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure
# or encrypted using a crypt(3) hash.
#d-i passwd/user-password-crypted password [crypt(3) hash]
d-i passwd/user-password-crypted password $6$1SJtgvACAbAK$RbIwXeRozK7OWXxYvFiHYJphPoRtbbouXjM2XtTf0UZZyZcFx4boNg2B0BGZl0b8LqecuhnaXPX8apyRuxxmG/
# Create the first user with the specified UID instead of the default.
# On cree un user sous le GID 1000 afin qu'il n'apparaisse pas dans gdm.
#d-i passwd/user-uid string 888
# The installer will warn about weak passwords. If you are sure you know
# what you're doing and want to override it, uncomment this.
d-i user-setup/allow-password-weak boolean true
# The user account will be added to some standard initial groups. To
# override that, use this.
# On ajoute l'user à netdev et sudo juste comme ça pour le fun.
d-i passwd/user-default-groups string audio cdrom video netdev sudo users lpadmin
# Set to true if you want to encrypt the first user's home directory.
# TODO on test mais on y croit pas .
d-i user-setup/encrypt-home boolean false
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Paris
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
# TODO trouver le ntp qui va bien.
d-i clock-setup/ntp-server string server 0.fr.pool.ntp.org
### i386 specific disk storage
# Activate DASD disks
#d-i s390-dasd/dasd string 0.0.0200,0.0.0300,0.0.0400
# DASD configuration; by default dasdfmt (low-level format) if needed
#d-i s390-dasd/auto-format boolean true
#d-i s390-dasd/force-format boolean true
# zFCP activation and configuration
# d-i s390-zfcp/zfcp string 0.0.1b34:0x400870075678a1b2:0x201480c800000000, \
# 0.0.1b34:0x400870075679a1b2:0x201480c800000000
# 5 - Partitionnement
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
#d-i partman/early_command \
# string sgdisk -Z /dev/vda
## Partitioning example
# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
# Alternatives: custom, some_device, some_device_crypto, some_device_lvm.
#d-i partman-auto/init_automatically_partition select biggest_free
# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string regular
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
# Si il y a deja un lvm dans le cadre d'une reinstallation on vire les avertissements et on ecrase !
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
#d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
#d-i partman-lvm/confirm boolean true
#d-i partman-lvm/confirm_nooverwrite boolean true
# For LVM partitioning, you can select how much of the volume group to use
# for logical volumes.
#d-i partman-auto-lvm/guided_size string max
#d-i partman-auto-lvm/guided_size string 99%
#d-i partman-auto-lvm/guided_size string 50%
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
# Est-ce judicieux de separer le home ? Etant donné qu'on utilise le btrfs il gere lui-meme les subvolume donc pas besoin de multiplier les partitions btrfs.
# Nous ne separons pas le home
#d-i partman-auto/choose_recipe select atomic
# Or provide a recipe of your own...
# If you have a way to get a recipe file into the d-i environment, you can
# just point at it.
#d-i partman-auto/expert_recipe_file string /hd-media/recipe
# If not, you can put an entire recipe into the preconfiguration file in one
# (logical) line. This example creates a small /boot partition, suitable
# swap, and uses the rest of the space for the root partition:
d-i partman-auto/expert_recipe string \
boot-root :: \
512 50 512 fat32 \
$primary{ } $bootable{ } \
method{ efi } format{ } \
mountpoint{ /boot/efi } \
. \
500 10000 1000000000 btrfs \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
mountpoint{ / } \
. \
8192 80 9000 linux-swap \
method{ swap } format{ } \
.
# If you just want to change the default filesystem from ext3 to something
# else, you can do that without providing a full recipe.
# On choisit le systeme de fichier par default. Le btrfs c'est bien.
#d-i partman/default_filesystem string btrfs
# The full recipe format is documented in the file partman-auto-recipe.txt
# included in the 'debian-installer' package or available from D-I source
# repository. This also documents how to specify settings such as file
# system labels, volume group names and which physical devices to include
# in a volume group.
# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
# Encore des confirmations sur le partitionnement
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
## Partitioning using RAID
# The method should be set to "raid".
#d-i partman-auto/method string raid
# Specify the disks to be partitioned. They will all get the same layout,
# so this will only work if the disks are the same size.
d-i partman-auto/disk string /dev/nvme0n1
# included in the 'debian-installer' package or available from D-I source
# repository.
# This makes partman automatically partition without confirmation.
## Controlling how partitions are mounted
# The default is to mount by UUID, but you can also choose "traditional" to
# use traditional device names, or "label" to try filesystem labels before
# falling back to UUIDs.
#d-i partman/mount_style select uuid
### Base system installation
# Configure a path to the preconfigured base filesystem. This can be used to
# specify a path for the installer to retrieve the filesystem image that will
# be deployed to disk and used as a base system for the installation.
d-i live-installer/net-image string /install/filesystem.squashfs
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false
# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
#d-i base-installer/kernel/image string linux-generic
### Apt setup
# You can choose to install restricted and universe software, or to install
# software from the backports repository.
d-i apt-setup/restricted boolean true
d-i apt-setup/universe boolean true
d-i apt-setup/multiverse boolean true
d-i apt-setup/backports boolean true
# Uncomment this if you don't want to use a network mirror.
#d-i apt-setup/use_mirror boolean false
# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string security.ubuntu.com
d-i apt-setup/security_path string /ubuntu
# Additional repositories, local[0-9] available
#On va preciser notre apt-cacher -ng qui a la meme addresse que notre FOG 0.200
#d-i apt-setup/local0/repository string \
# http://local.server/ubuntu stretch main
#d-i apt-setup/local0/comment string local server
# Enable deb-src lines
#d-i apt-setup/local0/source boolean true
# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
#d-i apt-setup/local0/key string http://local.server/key
# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
#d-i debian-installer/allow_unauthenticated boolean true
# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386
### Package selection
#tasksel tasksel/first multiselect ubuntu-desktop
#tasksel tasksel/first multiselect lamp-server, print-server
#tasksel tasksel/first multiselect kubuntu-desktop
### On desactive totalement le module pkgsel/include car ces *** de dev d'ubiquity on viré ce module lorsqu'on installe en automatic ubiquity. Bien sur sans le documenter proprement.
# Shame on you bande de trous de balle !
# À la place on va utiliser ubiquity/success_command
# Individual additional packages to install
#d-i pkgsel/include string apt-btrfs-snapshot apt-listchanges apt-transport-https autorandr build-essential chrome-gnome-shell chromium-browser chrony curl debconf-utils gimp git gnome-shell-extensions gnome-terminal gnupg hdparm htop icc-profiles inkscape libxml2-utils libglib2.0-dev-bin libegl1-mesa libgl1-mesa-glx libxcb-xtest0 libgl1-mesa-glx libnss-sss libnss-winbind libpam-sss libxcb-dpms0 libxext6 lsb-release mpv netcat openssh-server pciutils python3.9 python3-distutils python3-distutils-extra realmd remmina samba scribus tmux ubuntu-desktop vim vlc wget x11-xserver-utils x2goclient
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
#d-i pkgsel/upgrade select full-upgrade
# Language pack selection
#d-i pkgsel/language-packs multiselect de, en, zh
#d-i pkgsel/language-packs select fr
# Policy for applying updates. May be "none" (no automatic updates),
# "unattended-upgrades" (install security updates automatically), or
# "landscape" (manage system with Landscape).
#d-i pkgsel/update-policy select unattended-upgrades
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
#popularity-contest popularity-contest/participate boolean false
# By default, the system's locate database will be updated after the
# installer has finished installing most packages. This may take a while, so
# if you don't want it, you can set this to "false" to turn it off.
#d-i pkgsel/updatedb boolean true
### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true
#ubiquity languagechooser/language-name string French
#ubiquity countrychooser/shortlist string FR
#ubiquity localechooser/supported-locales string fr_FR.UTF-8
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
#d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev string /dev/nvme0n1
# To install to the first device (assuming it is not a USB stick):
d-i grub-installer/bootdev string default
# Si l'installation ne fonctionne pas pour une raison ou pour une autre on lui demande de rebooter :
#ubiquity/failure_command string
#systemctl reboot;
#ubiquity ubiquity/success_command string
#string ip link set up dev enp5s0;
#dhclient enp5s0;
#apt-get update -y;
#in-target apt-get install -y apt-btrfs-snapshot apt-listchanges apt-transport-https autorandr build-essential chrome-gnome-shell chromium-browser chrony curl debconf-utils gimp git gnome-shell-extensions gnupg hdparm htop icc-profiles inkscape libxml2-utils libglib2.0-dev-bin libegl1-mesa libgl1-mesa-glx libxcb-xtest0 libgl1-mesa-glx libnss-sss libnss-winbind libpam-sss libxcb-dpms0 libxext6 lsb-release mpv netcat openssh-server pciutils python python3-distutils python3-distutils-extra realmd remmina samba scribus tmux unattended-upgrades vim vlc wgetx12-xserver-utils x2goclient;
#ubiquity ubiquity/success_command string
#'sed '2 a dhcp=dhclient2' /target/etc/NetworkManager/NetworkManager.conf';
#echo 'yeah';
#
#
# Alternatively, if you want to install to a location other than the mbr,
# uncomment and edit these lines:
#d-i grub-installer/only_debian boolean false
#d-i grub-installer/with_other_os boolean false
#d-i grub-installer/bootdev string (hd0,1)
# To install grub to multiple disks:
#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1)
# Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme
# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
d-i finish-install/keep-consoles boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# Custom command si lancé avec automatic-ubiquity
ubiquity ubiquity/success_command string \
mkdir -p /target/home/admin6/.ssh; \
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1BV32184AAIGcgTW5wqCc0o8b4qtKjXwoIP/5Zmu/lSmuA0nNZ4uOS' >> /target/home/admin6/.ssh/authorized_keys; \
chmod -R 700 /target/home/admin6/.ssh; \
chmod -R 600 /target/home/admin6/.ssh/authorized_keys; \
chown -R 1000:1000 /target/home/admin6/.ssh; \
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config; \
sed -i 's/#PermitRootLogin prohibit-password/#PermitRootLogin no/' /etc/ssh/sshd_config; \
#echo 'admin6 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/99_admin6; \
sed -i '3idhcp=dhclient' /target/etc/NetworkManager/NetworkManager.conf; \
sed -i 's/MaxAge=90/MaxAge=7/g' /target/etc/cron.weekly/apt-btrfs-snapshot; \
mkdir -p /target/root; \
wget --no-check-certificate -c 'https://192.168.1.200/fog/autoinstall/ubuntu/postinstall.sh' -P /target/root; \
chmod +x /target/root/postinstall.sh; \
echo '@reboot root bash /root/postinstall.sh >> /var/log/postinstall.log 2>&1' >> /target/etc/crontab;
#sed -i -e 's/dhcp=dhclient/#dhcp=dhclient/' /target/etc/NetworkManager/NetworkManager.conf \
#sed -i -e 's/dns=dnsmasq/#dns=dnsmasq/' /target/etc/NetworkManager/NetworkManager.conf ;\
#in-target apt install openssh-sftp-server;
# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
d-i cdrom-detect/eject boolean true
d-i debian-installer/splash boolean false
d-i debian-installer/exit/poweroff boolean true
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
# debconf-get-selections --installer > file
# debconf-get-selections >> file
#### Advanced options
### Running custom commands during the installation
## i386 Preseed Example
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
The quite simple postinstall.sh script :
#!/bin/bash
dhclient
echo "Waiting for Internet ..."
while ! timeout 0.2 ping -c 1 -n 9.9.9.9 &> /dev/null
do
printf "%c" "."
done
echo "OK"
# Instal The stuff
notify-send --expire-time=25 "Votre systeme applique son script de postinstallation"
apt update
apt install -y apt-btrfs-snapshot python3-distutils
apt install -y --allow-downgrades sssd-ad-common=2.2.3-3 sssd-ad=2.2.3-3 sssd-common=2.2.3-3 sssd-dbus=2.2.3-3 sssd-ipa=2.2.3-3 sssd-kcm=2.2.3-3 sssd-krb5-common=2.2.3-3 sssd-krb5=2.2.3-3 sssd-ldap=2.2.3-3 sssd-proxy=2.2.3-3 sssd-tools=2.2.3-3 sssd=2.2.3-3 libsss-idmap0=2.2.3-3 libipa-hbac0=2.2.3-3 libsss-idmap0=2.2.3-3 python3-sss=2.2.3-3
apt-mark hold sssd-ad-common=2.2.3-3 sssd-ad=2.2.3-3 sssd-common=2.2.3-3 sssd-dbus=2.2.3-3 sssd-ipa=2.2.3-3 sssd-kcm=2.2.3-3 sssd-krb5-common=2.2.3-3 sssd-krb5=2.2.3-3 sssd-ldap=2.2.3-3 sssd-proxy=2.2.3-3 sssd-tools=2.2.3-3 sssd=2.2.3-3 libsss-idmap0=2.2.3-3 libipa-hbac0=2.2.3-3 libsss-idmap0=2.2.3-3 python3-sss=2.2.3-3
apt install -y apt-listchanges apt-transport-https autorandr build-essential chrome-gnome-shell chromium-browser chrony curl debconf-utils gimp git glances gnome-shell-extensions gnupg hdparm htop icc-profiles inkscape libxml2-utils libglib2.0-dev-bin libegl1-mesa libgl1-mesa-glx libxcb-xtest0 libgl1-mesa-glx libnss-sss libnss-winbind libpam-sss libxcb-dpms0 libxext6 lsb-release mpv nautilus-nextcloud netcat nextcloud-desktop openssh-server pciutils python3.9 python3-distutils-extra realmd remmina samba scribus tmux vim vlc wget x11-xserver-utils x2goclient x2goserver
wget --no-check-certificate -c 'https://192.168.1.200/fog/autoinstall/ubuntu/99-wlan' -P /etc/NetworkManager/dispatcher.d
systemctl disable --now cups-browsed
notify-send -u critical "Votre systeme va redemarrer et sera pret Enjoy !"
apt install -y krb5-user samba cifs-utils smbclient adcli
# Remove from crontab
sed -i '$d' /etc/crontab
reboot
exit 0
It worked like a charm on Debian 10.11 with FOG 1.5.9
I tried the exact same configuration on Debian 11.2 with FOG 1.5.9.114
I got this error on the client :
and this in apache2 logs :
10.17.1.220:80 10.17.3.171 - - [07/Jan/2022:10:58:05 +0100] "GET /autoinstall/ubuntu/ubiseed_20_vm.cfg HTTP/1.1" 302 563 "-" "Wget/1.20.3 (linux-gnu)"
EDIT : Forgot to say i can DL the file from a client on the network with :
wget --no-check-certificate https://10.17.1.220:/autoinstall/ubuntu/ubiseed_20_vm.cfg
i got :
--2022-01-07 12:15:28-- https://10.17.1.220/autoinstall/ubuntu/ubiseed_20_vm.cfg
Connexion vers 10.17.1.220:443... connecté.
AVERTISSEMENT : impossible de vérifier l'attribut 10.17.1.220 du certificat, émis par «CN=FOG Server CA» :
Récupération d'un certificat auto-signé.
requête HTTP transmise, en attente de la réponse... 200 OK
Taille : 26567 (26K)
Enregistre : «ubiseed_20_vm.cfg»
Wich means it could’nt verify the self signed attribute but however result with a 200 OK .
I thought it can be some minor changes i need to do and looking for a clue or some good advice here.
Thanks fellows.
Have a nice day.