[automated-distro-installer] / debian-preseed

#!/bin/bash

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

usage() {
    cat <<EOF
Usage: ${0##*/} OPTIONS

Given a tftproot, setup a preseed in it.

-c            Disable ssh network console. ssh user = installer. pw = test.
-d            Do debian ubuntu 14.04, default is jessie.
-g GRUB_DISK  Default is sda. Not used in interactive partitioning.
-h|--help     Print this help
-i TFTP_IP    Ip of tftp server. this is required.
-p            Stop for interactive partitioning.
-t DIR        Tftp root. Default is current dir.
-u USER       Username for the os install. Default is ${SUDO_USER:-$USER}

EOF
    exit $1
}

interactive_partition=false
user=${SUDO_USER:-$USER}
distro=debian-jessie
net_console=false
grub_disk=sda
while [[ $1 == -* ]]; do
    case $1 in
        -c) net_console=false; shift ;;
        -d) distro=ubuntu-14.04; shift ;;
        -g) grub_disk=$2; shift 2 ;;
        -i) ip=$2; shift 2 ;;
        -p) interactive_partition=true; shift ;;
        -t) cd $2; shift 2;;
        -u) user=$2; shift 2;;
        --) shift; break ;;
        -*|-h|--help) usage ;;
    esac
done


shopt -s extglob
rm -rf !(netboot.tar.gz)
preseed=example-preseed.txt
neboot_path=main/installer-amd64/current/images/netboot/netboot.tar.gz
case $distro in
    ubuntu-14.04)
        wget -q https://help.ubuntu.com/lts/installation-guide/$preseed
        wget -qN http://archive.ubuntu.com/ubuntu/dists/trusty/$neboot_path
        sed -ri --follow-symlinks 's!^tasksel tasksel/first multiselect .*!#\0!' $preseed
        echo 'tasksel tasksel/first multiselect ubuntu-server, openssh-server' >>$preseed
        ;;
    debian-jessie)
        wget -q https://www.debian.org/releases/jessie/$preseed
        wget -qN http://ftp.nl.debian.org/debian/dists/jessie/$neboot_path
        cat >>$preseed <<'EOF'
tasksel tasksel/first multiselect ssh-server
EOF
        if ! $interactive_partition; then
            cat >>$preseed <<EOF
d-i grub-installer/bootdev string /dev/$grub_disk
EOF
        fi
        ;;
esac
tar xzf netboot.tar.gz


# if you set priority=critical, you can avoid a few of these questions. but
# then you need to set the hostname in dhcp options
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755848
# questions you can avoid setting in boot parameters:
# console-setup/ask_detect=false keyboard-configuration/layoutcode=us
# hostname=$hostname
# also, it asks about partition size. I don't know the preseeded answer,
# as it just says "2.0 TB" in get-selections. I would need to figure out
# how to accept the default.
#
# you can also see what got configured on a system with this command:
# sudo apt-get install debconf-utils
# debconf-get-selections --installer
#

# keymap=us is only needed for debian.
pxe_cfg=${distro%-*}-installer/amd64/boot-screens/txt.cfg
sed="sed -ri --follow-symlinks"
$sed "s#^[[:space:]]*append[[:space:]]#\0auto priority=critical locale=en_US.UTF-8  netcfg/choose_interface=auto url=tftp://$ip/example-preseed.txt keymap=us#" $pxe_cfg
# various google results say timeout x will result in doing the default thing,
# but that doesn't happen. no idea why. Maybe it needed to be part of the label.
echo 'totaltimeout 1' | tee -a $pxe_cfg

if $interactive_partition; then
    $sed 's/^d-i[[:space:]]partman.*/#\0/' $preseed
    # at least in ubuntu, this does automatic selection of boot device,
    # and on a server where we setup raid, it choose sda, and failed
    # and the whole installation could not be salvaged.
    $sed 's/^d-i[[:space:]]grub-installer.*/#\0/' $preseed
fi

$sed "s#(^d-i time/zone string US/).*#\1Pacific#" $preseed
$sed '/^xserver-xorg/,/[^\\$]/ s/.*/#\0/' $preseed
# we set the locale in kernel args. maybe we don't need to. this overrides it.
$sed 's!^d-i[[:space:]]debian-installer/locale[[:space:]].*!#\0!' $preseed

# for secure pass, set the shadow option with mkpasswd -s -m sha-512 < passfile

# the example config says this option shoudl work, but it doesn't. tried it with http too,
# and tried naming it authorized_keys.
#d-i network-console/authorized_keys_url tftp://tftp@10.0.0.107/id_rsa.pub

if $net_console; then
    cat >> $preseed  <<EOF
d-i anna/choose_modules string network-console
# this doesn't work. todo: ask debian about it
#d-i network-console/authorized_keys_url http://10.0.0.2/authorized_keys
d-i network-console/password password test
d-i network-console/password-again password test
EOF
fi

cat >> $preseed  <<EOF
d-i hw-detect/load_firmware boolean true
d-i partman/default_filesystem string ext4
d-i passwd/user-fullname string $user
d-i passwd/username string $user
# cleartext password for testing.
d-i passwd/user-password password $user
d-i passwd/user-password-again password $user
d-i passwd/root-password password $user
d-i passwd/root-password-again password $user
d-i pkgsel/update-policy select unattended-upgrades
d-i preseed/late_command string \
in-target sed -i 's/^%sudo.*$/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' /etc/sudoers; \
in-target mkdir -p /home/$user/.ssh; \
in-target /bin/sh -c "echo '$(cat ~/.ssh/id_rsa.pub)'  >> /home/$user/.ssh/authorized_keys"; \
in-target chown -R $user:$user /home/$user; \
in-target chmod -R go-rwx /home/$user/.ssh/authorized_keys; \
in-target cp -r /home/$user/.ssh /root; \
in-target usermod -a -G sudo $user;
EOF