From c59c210a895f1740facafb431b55d0b3587e55f3 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Mon, 2 Dec 2024 22:28:22 -0500 Subject: [PATCH 01/13] add correction for undionly.kpxe link --- _posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md b/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md index 37d0109d..02b25755 100644 --- a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md +++ b/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md @@ -203,6 +203,10 @@ sed -i "s/pxe_just_once: true/pxe_just_once: false/" /etc/cobbler/settings.yaml sed -i "s/enable_ipxe: false/enable_ipxe: true/" /etc/cobbler/settings.yaml ``` +> Even if you do not enable iPXE above, it won't hurt to symlink the correct file that cobbler points to in the `/etc/cobbler/dhcp.template` file. +> +> `sudo ln -s /usr/share/ipxe/undionly.kpxe /var/lib/cobbler/loaders/undionly.kpxe` + Edit the subnet decaration in **/etc/cobbler/dhcp.tempate** to match the **enp0s8** interface: ```shell From b34d6779193ffa2152feb56f0782024f39f8531d Mon Sep 17 00:00:00 2001 From: sus-admin Date: Mon, 2 Dec 2024 23:07:07 -0500 Subject: [PATCH 02/13] correcting undionly.kpxe note --- _posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md b/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md index 02b25755..b17c99a2 100644 --- a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md +++ b/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md @@ -205,7 +205,9 @@ sed -i "s/enable_ipxe: false/enable_ipxe: true/" /etc/cobbler/settings.yaml > Even if you do not enable iPXE above, it won't hurt to symlink the correct file that cobbler points to in the `/etc/cobbler/dhcp.template` file. > -> `sudo ln -s /usr/share/ipxe/undionly.kpxe /var/lib/cobbler/loaders/undionly.kpxe` +> ```shell +> sudo ln -s /usr/share/ipxe/undionly.kpxe /var/lib/cobbler/loaders/undionly.kpxe +> ``` Edit the subnet decaration in **/etc/cobbler/dhcp.tempate** to match the **enp0s8** interface: From 20076646490baf41f15d93e0866b501466019c44 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Mon, 2 Dec 2024 23:29:08 -0500 Subject: [PATCH 03/13] correcting undionly.kpxe note --- _posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md b/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md index b17c99a2..1db040b6 100644 --- a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md +++ b/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md @@ -206,7 +206,7 @@ sed -i "s/enable_ipxe: false/enable_ipxe: true/" /etc/cobbler/settings.yaml > Even if you do not enable iPXE above, it won't hurt to symlink the correct file that cobbler points to in the `/etc/cobbler/dhcp.template` file. > > ```shell -> sudo ln -s /usr/share/ipxe/undionly.kpxe /var/lib/cobbler/loaders/undionly.kpxe +> ln -s /usr/share/ipxe/undionly.kpxe /var/lib/cobbler/loaders/undionly.kpxe > ``` Edit the subnet decaration in **/etc/cobbler/dhcp.tempate** to match the **enp0s8** interface: From 773c64b5aac05a7281a076847154d70d4b271a85 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Tue, 3 Dec 2024 00:01:19 -0500 Subject: [PATCH 04/13] Debian 3.3.6 Guide --- ...-Cobbler-v3.3.6-Debian-Deployment-Guide.md | 424 ++++++++++++++++++ 1 file changed, 424 insertions(+) create mode 100644 _posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md new file mode 100644 index 00000000..765887ce --- /dev/null +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md @@ -0,0 +1,424 @@ +--- +layout: post +title: Cobbler (v3.3.6) Debian Deployment Guide +author: Sus-Admin +summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. +tags: cobbler +--- + +This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.6 server as described in the [Cobbler v3.3.6 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md). + +## Table of Contents +{:.no_toc} + +1. TOC +{:toc} + +## Objective + +Starting where the [Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md) left off, further configure the Cobbler v3.3.6 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. + +### Caveats + +- using the `cobbler check` CLI command on the Cobbler server, you should notice that it recommends installing the **debmirror** package in order to manage Debian deployments and repos with Cobbler. Instead, we will simply import the Debian source installation media (.iso file), which will become available over HTTP, and use that as the local repo mirror to install over the network. + + - This method is not the Cobbler official method, and Debian actually [recommends](https://www.debian.org/mirror/ftpmirror) using something like "apt-cacher-ng" or "squid proxy" instead of "debmirror" + + - The Main Debian repo for the latest release of Debian is about 100 GB at the time of writing, which is why this is the preferred method over using **debmirror**, as it only requires the data from a single Debian installer DVD (.iso file) + + - For completeness however, the **debmirror** method will be detailed towards the bottom of this guide, in the **Mirroring with debmirror** section. + +- This guide provides a workaround to an issue that is encountered when installing Debian 11 & 12 over the network from a local/private repo where the PXE client (`debian-installer`) does not trust the installation source *(Since Debian developers DO NOT sign the software/repos packaged into official DVD/ISO releases: (https://wiki.debian.org/SecureApt)[https://wiki.debian.org/SecureApt] )*. + + - This appears to be a bug in the `debian-installer` (`d-i`); more info provided in the **Tips & Troubleshooting** section below. + + - This issue should not arise when mirroring an official Debian mirror using the **debmirror** method, as recommended by Cobbler + +## Cobbler Server Prep + +Debian maintainers advise that network booting Debian is [not for novice users](https://www.debian.org/distrib/netinst#netboot), and they're not wrong, but we're no amateurs. + +That said, continue at your own risk. + +### Dependencies + +Download the latest releases of Debian Bookworm and Bullseye + +```shell +cd ~/Downloads && wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.7.0-amd64-DVD-1.iso +cd ~/Downloads && wget https://cdimage.debian.org/mirror/cdimage/archive/11.11.0/amd64/iso-dvd/debian-11.11.0-amd64-DVD-1.iso +``` + +Additionally, all Debian releases at the time of writing require the "netboot" initial ramdisk (`initrd`) provided separately by the Debian maintainers in order to properly boot over the network. Furthermore, Debian 11 Bullseye and earlier require the "netboot firmware" image, which is an extension to the netboot `initrd` image containing drivers for non-free firmware, also provided by Debian. + +```shell +wget -O ~/Downloads/Debian12.7-netboot.gz https://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz + +wget -O ~/Downloads/Debian11.11-netboot.gz https://ftp.debian.org/debian/dists/bullseye/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz +wget -O ~/Downloads/Debian11.11-firmware.gz https://cdimage.debian.org/cdimage/firmware/bullseye/current/firmware.cpio.gz +``` + +> The netboot `initrd.gz` file above is not maintained in the same manner as the main Debian installation media; only the netboot `initrd.gz` image corresponding to the LATEST official release of Debian for any major version (bookworm, bullseye, etc...) will be available on the official [FTP site](https://ftp.debian.org/debian/dists/) above, and not the cdimage [repo](https://cdimage.debian.org/debian-cd/current) or [archive](https://cdimage.debian.org/cdimage/archive/) where the .iso images are acquired from (the images CAN be found on the Debian repo [snapshot archive](https://snapshot.debian.org/archive/debian/), but you'll have to correlate the date with the appropriate release). +> +> All previous releases of the netboot `firmware.cpio.gz` image ARE available on the official [cdimage archive](https://cdimage.debian.org/cdimage/firmware/bullseye/) at the time of writing. +> +> Newer releases of the netboot `initrd.gz` and firmware images will not be compatible with previous releases of Debian, as they use different kernel and module versions. + +Create a GPG key to sign the local Debian repo mirror, and then export the public key to the public HTTP share on the Cobbler server and restore the SELinux labels. + +```shell +gpg --full-gen-key --batch <(echo "Key-Type: 1"; \ + echo "Key-Length: 4096"; \ + echo "Subkey-Type: 1"; \ + echo "Subkey-Length: 4096"; \ + echo "Expire-Date: 0"; \ + echo "Name-Real: cobbler"; \ + echo "Name-Email: cobbler@fedora.local"; \ + echo "%no-protection"; ) + +gpg --output /var/www/cobbler/pub/cobbler.gpg.asc --armor --export cobbler +sudo restorecon -R /var/www/cobbler/pub +``` + +> for simplicity, this GPG key will not be password protected. This is against cyber-security best practices and should only be implemented in a test environment. + +## Debian 12 Bookworm PXE Deployment + +mount the Debian 12 Bookworm installation media and import the distro into cobbler: + +```shell +[ -e /mnt/Debian ] || mkdir /mnt/Debian +mount -t iso9660 -o loop,ro /home/fedora/Downloads/debian-12.7.0-amd64-DVD-1.iso /mnt/Debian +cobbler import --name Debian12.7 --path /mnt/Debian +``` + +Navigate to the imported distro mirror and sign the repo: + +```shell +cd /var/www/cobbler/distro_mirror/Debian12.7/dists/bookworm +gpg -u cobbler -bao Release.gpg Release +gpg -u cobbler --clear-sign --output InRelease Release +``` + +Concatenate the two `initrd.gz` images in the following order, then configure the new Cobbler Distro to use the combined image: + +```shell +cat /var/www/cobbler/distro_mirror/Debian12.7/install.amd/initrd.gz ~/Downloads/Debian12.7-netboot.gz > /var/www/cobbler/pub/Debian12.7-netboot.gz + +cobbler distro edit --name Debian12.7-x86_64 --initrd "/var/www/cobbler/pub/Debian12.7-netboot.gz" +``` + +Create a new "preseed" (autoinstall) template from the sample included with Cobbler, and make the necessary changes to install from an unofficial source. + +```shell +cp /var/lib/cobbler/templates/sample.seed /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,# d-i debian-installer/allow_unauthenticated boolean true,d-i debian-installer/allow_unauthenticated boolean true,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,# d-i apt-setup/local0/key string http://local.server/key,d-i apt-setup/local0/repository string http://$http_server$install_source_directory\nd-i apt-setup/local0/key string http://$http_server/cblr/pub/cobbler.gpg.asc,' /var/lib/cobbler/templates/bookworm-sample.seed +``` + +> This is where the bug mentioned in the **Caveats** section above is introduced. The `apt-setup/local0/key` preseed value *should* allow us to provide the `debian-installer` with a GPG key to use to validate the installation source. +> +> Still confugre it to retrieve the key over HTTP anyway, just in case. + +Create a file named `preseed_early_workaround` in the `/var/lib/cobbler/scripts` directory with the following contents which will run on the PXE client to circumvent the bug mentioned in the **Caveats** section above: + +```shell +#!/bin/sh +while true; do + [ -d /target/etc/apt/trusted.gpg.d ] && cd /target/etc/apt/trusted.gpg.d && fetch-url http://10.0.0.10/cblr/pub/cobbler.gpg.asc cobbler.gpg.asc && exit; + sleep 1; +done 2> /dev/null 1> /dev/null & +``` + +Optionally, create another preseed script (`/var/lib/cobbler/scripts/preseed_late_sudo_sources`) to run in the post-installation stage which will grant sudo privileges to the "debian" user (created below) and reconfigure the installed system to use Debian's official APT sources instead of our local Cobbler server. + +```shell +#!/bin/sh +sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin no,' /etc/ssh/sshd_config +usermod -aG sudo debian +sed -i 's,^,#,' /etc/apt/sources.list +echo 'deb http://deb.debian.org/debian bookworm main non-free-firmware non-free contrib' >> /etc/apt/sources.list +echo 'deb-src http://deb.debian.org/debian bookworm main non-free-firmware non-free contrib' >> /etc/apt/sources.list +echo 'deb http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free contrib' >> /etc/apt/sources.list +echo 'deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free contrib' >> /etc/apt/sources.list +echo 'deb http://deb.debian.org/debian bookworm-updates main non-free-firmware non-free contrib' >> /etc/apt/sources.list +echo 'deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware non-free contrib' >> /etc/apt/sources.list +``` + +Modify the new preseed (autoinstall) template to install desired packages only, setup an additional user "debian", set the workaround script created above to run in the "early" installation stage, and the "preseed_late" script to run in the late stage, if configured, and more aggressively force the installation regardless of any existing installations. + +```shell +sed -i 's,ntp ssh wget,wget curl openssh-server sudo vim\npopularity-contest popularity-contest/participate boolean false,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,# d-i apt-setup/services-select multiselect security,d-i apt-setup/services-select multiselect,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,d-i partman-auto/method string lvm,d-i partman-efi/non_efi_system boolean true\nd-i partman-auto/method string lvm,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,d-i grub-installer/bootdev string default,d-i grub-installer/bootdev string default\nd-i grub-installer/with_other_os boolean true\nd-i grub-installer/force-efi-extra-removable boolean false\nd-i grub-installer/enable_os_prober_otheros_yes boolean false\nd-i grub-installer/enable_os_prober_otheros_no boolean true,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,d-i passwd/make-user boolean false,d-i passwd/make-user boolean true\nd-i passwd/user-fullname string Debian Admin\nd-i passwd/username string debian\nd-i passwd/user-password-crypted password $default_password_crypted,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,script=preseed_early_default,script=preseed_early_workaround,' /var/lib/cobbler/templates/bookworm-sample.seed +sed -i 's,script=preseed_late_default,script=preseed_late_sudo_sources,' /var/lib/cobbler/templates/bookworm-sample.seed +``` + +Configure the Cobbler Profile to use the new autoinstall (preseed) template: + +```shell +cobbler profile edit --name Debian12.7-x86_64 --autoinstall 'bookworm-sample.seed' +``` + +Create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System. + +```shell +cobbler system add --name "Debian12.7" --profile Debian12.7-x86_64 --hostname "debian12-7" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8" +``` + +Finally, restart and sync up Cobbler: + +```shell +systemctl restart cobblerd && sleep 10 +cobbler sync +``` + +The **PXE Client** VM can now be powered on, and should automatically boot to PXE and install Debian 12.7 to the VM HDD using the "bookworm-sample.seed" preseed template created above. + +## Debian 11 Bullseye PXE Deployment + +Take similar steps as above, with the inclusion of the netboot "firmware" image file in the combined `initrd.gz` image file, and using the "bookworm-sample.seed" template created above as a starting point and trimming off a few unsupported preseed settings to import and automatically deploy Debian 11 Bullseye over PXE. + +```shell +[ -e /mnt/Debian ] || mkdir /mnt/Debian +mount -t iso9660 -o loop,ro /home/fedora/Downloads/debian-11.11.0-amd64-DVD-1.iso /mnt/Debian +cobbler import --name=Debian11.11 --path=/mnt/Debian + +cd /var/www/cobbler/distro_mirror/Debian11.11/dists/bullseye +gpg -u cobbler -bao Release.gpg Release +gpg -u cobbler --clear-sign --output InRelease Release + +cat /var/www/cobbler/distro_mirror/Debian11.11/install.amd/initrd.gz ~/Downloads/Debian11.11-netboot.gz ~/Downloads/Debian11.11-firmware.gz > /var/www/cobbler/pub/Debian11.11-netboot.gz +cobbler distro edit --name Debian11.11-x86_64 --initrd "/var/www/cobbler/pub/Debian11.11-netboot.gz" + +grep -v "os_prober" /var/lib/cobbler/templates/bookworm-sample.seed > /var/lib/cobbler/templates/bullseye-sample.seed +cobbler profile edit --name Debian11.11-x86_64 --autoinstall bullseye-sample.seed + +cobbler system add --name Debian11.11 --profile Debian11.11-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true + +systemctl restart cobblerd && sleep 10 +cobbler sync +``` + +## Mirroring with debmirror + +Mirroring the official Debian repos with the **debmirror** tool is fairly simple, but will require about 100GB of extra disk space on the Cobbler server. + +This guide will only provide the steps to mirror the LATEST release of Debian *(Bookworm 12.8 at the time of writing)* with `debmirror`. + +similarly to the DVD/ISO method above, both the **netboot** and **DVD/ISO** `initrd.gz` images are still required in the same concatenated manner to properly install over the network, but they must both be downloaded separately of the `debmirror` process. + +Since the official Debian repo will be mirrored, the source will be fully valid with trusted signatures, meaning the autoinstall (preseed) file for the PXE client will not need the APT security settings required in the DVD/ISO source method. + +Cobbler supports managing repos/sources via the debmirror command natively, which mean the `debmirror` package only needs to be installed and configured, then mirroring can be accomplished/managed through Cobbler CLI commands. + + - The syntax for mirroring a Debian repo through the `debmirror` command will still be provided below for context in the **Manual debmirror** section below, but is not necessary in most cases to mirror Debian locally. + +### Setup debmirror + +Follow the instructions for supporting Debian deployments/repos given from the `cobbler check` command output (as well as installign Debian keyrings): + +```shell +yum install -y debmirror debian-keyring +sed -i "s/@arches/#@arches/g" /etc/debmirror.conf +sed -i "s/@dists/#@dists/g" /etc/debmirror.conf +systemctl restart cobblerd && sleep 5 +cobbler sync +cobbler check +``` + +### Manual debmirror + +Sometimes debmirror may fail to download a few files from the configured source, which can cause Cobbler to error out on the `reposync` task/command. + + - Usually re-issueing the `reposync` command (and in-turn, the `debmirror command) after such a failure will complete the download of the missing files. + +This manual `debmirror` method may be useful for troubleshooting + +```shell +debmirror -p -v --method http -a amd64 -h ftp.us.debian.org -d stable -s main,main/debian-installer,contrib,non-free,non-free-firmware --nosource --keyring="/usr/share/keyrings/debian-archive-keyring.gpg" ~/Debian12.8 +``` + +### Cobbler reposync and debmirror + +use the `cobbler repo` and `cobbler reposync` commands in order to mirror Debian lates repo locally: + +```shell +cobbler repo add --name Debian-latest --keep-updated true --mirror-locally true --breed apt --arch x86_64 --mirror "http://ftp.us.debian.org/debian" --apt-components=main,main/debian-installer,non-free-firmware --apt-dists=bookworm --yumopts '--keyring'='/usr/share/keyrings/debian-archive-keyring.gpg' +cobbler reposync +``` + +Configure a new preseed file for installation via the trusted, signed Debian repo: + +```shell +cp /var/lib/cobbler/templates/bookworm-sample.seed /var/lib/cobbler/templates/bookworm-latest.seed +sed -i 's,d-i apt-setup/local0/repository,#d-i apt-setup/local0/repository,' /var/lib/cobbler/templates/bookworm-latest.seed +sed -i 's,d-i apt-setup/local0/key,#d-i apt-setup/local0/key,' /var/lib/cobbler/templates/bookworm-latest.seed +sed -i 's,d-i debian-installer/allow_unauthenticated,#d-i debian-installer/allow_unauthenticated,' /var/lib/cobbler/templates/bookworm-latest.seed +sed -i 's,script=preseed_early_default,script=preseed_early_debmirror,' /var/lib/cobbler/templates/bookworm-latest.seed +cp /var/lib/cobbler/scripts/preseed_early_default /var/lib/cobbler/scripts/preseed_early_bookworm +echo -e '#!/bin/sh\nexit' | tee /var/lib/cobbler/scripts/preseed_early_bookworm +``` + +Download the kernel and 2 initrd files for Debiain latest/current (12.8) + +```shell +wget -O ~/Downloads/debian-stable-initrd.gz http://ftp.us.debian.org/debian/dists/stable/main/installer-amd64/current/images/cdrom/initrd.gz +wget -O ~/Downloads/debian-stable-netboot-initrd.gz http://ftp.us.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz +wget -O ~/Downloads/debian-stable-vmlinuz http://ftp.us.debian.org/debian/dists/stable/main/installer-amd64/current/images/cdrom/vmlinuz +mkdir /var/www/cobbler/pub/Debian12.8-netboot +cat /home/fedora/Downloads/debian-stable-initrd.gz /home/fedora/Downloads/debian-stable-netboot-initrd.gz > /var/www/cobbler/pub/Debian12.8-netboot/initrd.gz +cp ~/Downloads/debian-stable-vmlinuz /var/www/cobbler/pub/Debian12.8-netboot/vmlinuz +``` + +Add a Cobbler Distro and Profile for the new Debian repo, and the usual HTTP link: + +```shell +cobbler distro add --name Debian-latest --arch x86_64 --autoinstall-meta 'tree'='http://@@http_server@@/cblr/links/Debian-latest' --breed debian --os-version bookworm --initrd "/var/www/cobbler/pub/Debian12.8-netboot/initrd.gz" --kernel "/var/www/cobbler/pub/Debian12.8-netboot/vmlinuz" +cobbler profile add --name Debian-latest --distro Debian-latest --autoinstall bookworm-latest.seed +ln -s /var/www/cobbler/repo_mirror/Debian-latest /var/www/cobbler/links/Debian-latest +systemctl restart cobblerd && sleep 5 +cobbler sync +``` + +Now the **PXE Client** should be able to boot from a generic/random MAC address and load the new "Debian-latest" Cobbler Profile over GRUB + +> Cobbler Systems can now also be added similarly to above in the **Debian 12 Bookworm PXE Deployment** and **Debian 11 Bullseye PXE Deployment** sections above. +> +> ```shell +> cobbler system add --name Debian-Latest --profile Debian-latest --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true +> ``` + + +## Tips & Troubleshooting + +1. The [Cobbler 3.3.6 Beginner's Guide](/_posts/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. + +1. The `debian-installer` issue mentioned in the **Caveats** section above is primarily marked by a fatal error during the installation process and the log entry `GPG error` in `/var/log/syslog` on the installer system, or, if the workaround script was used, you can install the `debconf-utils` package on the resulting system and use the command `debconf-get-selections --installer | grep "Downloading"` for more info on the error. + + - The error prevents the installation from proceeding using the configured repo mirror, but the `debian-installer` remains running; press **ALT+F2** or **ALT+F3** on the PXE client keyboard to access a privileged shell to conduct some troubleshooting. + + - The issue stems from the below section of the preseed file, retrieved drectly from Debian's official [stable](https://www.debian.org/releases/stable/example-preseed.txt) and [bookworm](https://www.debian.org/releases/bookworm/example-preseed.txt) example preseed files. + + ```shell + ### Apt setup + # Choose, if you want to scan additional installation media + # (default: false). + d-i apt-setup/cdrom/set-first boolean false + # You can choose to install non-free firmware. + #d-i apt-setup/non-free-firmware boolean true + # You can choose to install non-free and contrib software. + #d-i apt-setup/non-free boolean true + #d-i apt-setup/contrib boolean true + # Uncomment the following line, if you don't want to have the sources.list + # entry for a DVD/BD installation image active in the installed system + # (entries for netinst or CD images will be disabled anyway, regardless of + # this setting). + #d-i apt-setup/disable-cdrom-entries boolean true + # Uncomment this if you don't want to use a network mirror. + #d-i apt-setup/use_mirror boolean false + # Select which update services to use; define the mirrors to be used. + # Values shown below are the normal defaults. + #d-i apt-setup/services-select multiselect security, updates + #d-i apt-setup/security_host string security.debian.org + + # Additional repositories, local[0-9] available + #d-i apt-setup/local0/repository string \ + # http://local.server/debian stable main + #d-i apt-setup/local0/comment string local server + # Enable deb-src lines + #d-i apt-setup/local0/source boolean true + # URL to the public key of the local repository; you must provide a key or + # apt will complain about the unauthenticated repository and so the + # sources.list line will be left commented out. + #d-i apt-setup/local0/key string http://local.server/key + # or one can provide it in-line by base64 encoding the contents of the + # key file (with `base64 -w0`) and specifying it thus: + #d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= + # The content of the key file is checked to see if it appears to be ASCII-armoured. + # If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. + # "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) + + # By default the installer requires that repositories be authenticated + # using a known gpg key. This setting can be used to disable that + # authentication. Warning: Insecure, not recommended. + #d-i debian-installer/allow_unauthenticated boolean true + ``` + + - As seen in the procdures above, `allow_unauthenticated` is set to true, which appears to only permit the installation to START when an untrusted repo mirror is found, but the mirror will be checked again before beginning the `apt-setup` phase, which `allow_unauthenticated` will not override. + + - This means that the `debian-installer` also requires the local APT mirror to be defined using the `d-i apt-setup/local0/repository` & `d-i apt-setup/local0/key` preseed options in order for the PXE client to retrieve the public GPG key for the repo mirror and use it to validate the mirror, which seems to be configured properly through the preseed from Cobbler, verified with the following commands on the `debian-installer` system (and obviously can be done, since the workaround provided in this guide does essentially the same thing): + + ```shell + debconf-get apt-setup/local0/repository + debconf-get apt-setup/local0/key + less /var/lib/preseed/log + cat /var/log/syslog | grep "GPG error" + cat /var/lib/cdebconf/templates.dat | grep apt-setup + cat /var/lib/cdebconf/questions.dat | grep apt-setup + ``` + + - Alternatively, the preseed comments note that you may provide the GPG key inline in the preseed file as a base64-encoded string with the format `d-i apt-setup/local0/key string base64://`, however I was not able to get this working either. + + - The snippet from Debian's official preseed sample above mentions "see generators/60local in apt-setup's source" and looking at some of that [source code](https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/60local?ref_type=heads), I tried to model the workaround script as closely to the source code as possible, which is why `fetch-url` is used to download the GPG key, instead of `wget` or `curl`. + + - This error consistenly occurs on Debian 11 & 12 installations. + +1. References + + - [https://forums.debian.net/viewtopic.php?t=157991](https://forums.debian.net/viewtopic.php?t=157991) + - [https://www.debian.org/distrib/netinst](https://www.debian.org/distrib/netinst) + - [https://www.debian.org/distrib/netinst#netboot](https://www.debian.org/distrib/netinst#netboot) + - [https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/MANIFEST](https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/MANIFEST) + - [https://wiki.debian.org/PXEBootInstall](https://wiki.debian.org/PXEBootInstall]) + - [https://wiki.debian.org/DebianInstaller](https://wiki.debian.org/DebianInstaller) + - [https://wiki.debian.org/DebianInstaller/NetbootFirmware](https://wiki.debian.org/DebianInstaller/NetbootFirmware) + - [https://wiki.debian.org/DebianInstaller/Preseed](https://wiki.debian.org/DebianInstaller/Preseed) + - [https://wiki.debian.org/DebianInstaller/NetbootAssistant](https://wiki.debian.org/DebianInstaller/NetbootAssistant) + - [https://www.debian.org/releases/stable/amd64/apbs03.en.html](https://www.debian.org/releases/stable/amd64/apbs03.en.html) + - [https://www.debian.org/releases/bookworm/amd64/apbs03.en.html](https://www.debian.org/releases/bookworm/amd64/apbs03.en.html) + - [https://www.debian.org/releases/bookworm/amd64/ch06s03.en.html](https://www.debian.org/releases/bookworm/amd64/ch06s03.en.html) + - [https://www.debian.org/releases/stable/amd64/ch05s04](https://www.debian.org/releases/stable/amd64/ch05s04) + - [https://www.debian.org/releases/stable/amd64/ch04s05](https://www.debian.org/releases/stable/amd64/ch04s05) + - [https://www.debian.org/releases/stable/amd64/ch04s02.en.html#where-files](https://www.debian.org/releases/stable/amd64/ch04s02.en.html#where-files) + - [https://wiki.debian.org/debconf](https://wiki.debian.org/debconf) + - [https://packages.debian.org/bookworm/debconf-utils](https://packages.debian.org/bookworm/debconf-utils) + - [https://wiki.debian.org/AutomatedInstallation](https://wiki.debian.org/AutomatedInstallation) + - [https://fai-project.org/FAIme/](https://fai-project.org/FAIme/) + - [https://www.debian.org/releases/stable/amd64/apbs04.en.html](https://www.debian.org/releases/stable/amd64/apbs04.en.html) + - [https://www.debian.org/releases/bookworm/amd64/apbs04.en.html](ttps://www.debian.org/releases/bookworm/amd64/apbs04.en.html) + - [https://www.debian.org/releases/bookworm/example-preseed.txt](https://www.debian.org/releases/bookworm/example-preseed.txt) + - [https://www.debian.org/releases/bullseye/example-preseed.txt](https://www.debian.org/releases/bullseye/example-preseed.txt) + - [https://www.debian.org/releases/stable/example-preseed.txt](https://www.debian.org/releases/stable/example-preseed.txt) + - [https://preseed.debian.net/debian-preseed/bookworm/amd64-main-full.txt](https://preseed.debian.net/debian-preseed/bookworm/amd64-main-full.txt) + - [https://snapshot.debian.org/archive/debian/](https://snapshot.debian.org/archive/debian/) + - [https://unix.stackexchange.com/questions/533539/switch-tabs-in-debian-installer-over-serial-console-with-putty](https://unix.stackexchange.com/questions/533539/switch-tabs-in-debian-installer-over-serial-console-with-putty) + - [https://cobbler.github.io/blog/2024/06/30/libvirt-ipxe.html](https://cobbler.github.io/blog/2024/06/30/libvirt-ipxe.html) + - [https://lists.debian.org/debian-boot/2016/07/msg00199.html](https://lists.debian.org/debian-boot/2016/07/msg00199.html) + - [https://wiki.debian.org/MacBook#Debian_installation](https://wiki.debian.org/MacBook#Debian_installation) + - [https://wiki.debian.org/DebianInstaller/ReleaseProcess](https://wiki.debian.org/DebianInstaller/ReleaseProcess) + - [https://wiki.debian.org/DebianInstaller/Debconf11Summary](https://wiki.debian.org/DebianInstaller/Debconf11Summary) + - [https://wiki.debian.org/Debian_Systems_Administration_for_non-Debian_SysAdmins?action=show&redirect=Debian_SystemAdministration_for_non-Debian_SysAdmins](https://wiki.debian.org/Debian_Systems_Administration_for_non-Debian_SysAdmins?action=show&redirect=Debian_SystemAdministration_for_non-Debian_SysAdmins) + - [https://ftp.debian.org/debian/](https://ftp.debian.org/debian/) + - [https://www.debian.org/mirror/ftpmirror](https://www.debian.org/mirror/ftpmirror) + - [https://www.debian.org/mirror/list](https://www.debian.org/mirror/list) + - [https://www.debian.org/mirror/list-full](https://www.debian.org/mirror/list-full) + - [https://www.debian.org/releases/](https://www.debian.org/releases/) + - [https://www.debian.org/distrib/archive](https://www.debian.org/distrib/archive) + - [https://help.ubuntu.com/community/Debmirror](https://help.ubuntu.com/community/Debmirror) + - [https://github.com/cobbler/cobbler/issues/2437](https://github.com/cobbler/cobbler/issues/2437) + - [https://wiki.debian.org/SecureApt](https://wiki.debian.org/SecureApt) + - [https://wiki.debian.org/DebianKeyring](https://wiki.debian.org/DebianKeyring) + - [https://ftp-master.debian.org/keys.html](https://ftp-master.debian.org/keys.html) + - [https://keyring.debian.org/](https://keyring.debian.org/) + - [https://db.debian.org/](https://db.debian.org/) + - [https://www.reddit.com/r/debian/comments/yusdca/how_do_i_find_the_correct_debian_public_key/](https://www.reddit.com/r/debian/comments/yusdca/how_do_i_find_the_correct_debian_public_key/) + - [https://www.debian.org/CD/verify](https://www.debian.org/CD/verify) + - [https://serverfault.com/questions/669809/sync-ubuntu-repository-with-cobbler-server-fails](https://serverfault.com/questions/669809/sync-ubuntu-repository-with-cobbler-server-fails) + - [https://forums.debian.net/viewtopic.php?t=112820](https://forums.debian.net/viewtopic.php?t=112820) + - [https://debian-handbook.info/browse/wheezy/sect.package-authentication.html](https://debian-handbook.info/browse/wheezy/sect.package-authentication.html) + - [https://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g](https://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g) + - [https://ubuntuforums.org/archive/index.php/t-2217665.html](https://ubuntuforums.org/archive/index.php/t-2217665.html) From 2df663ecabc7694d65545a7145462813f994fdb3 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Tue, 3 Dec 2024 00:28:41 -0500 Subject: [PATCH 05/13] finishing Debian Guide --- ...24-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md index 765887ce..b9203c98 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md @@ -3,7 +3,6 @@ layout: post title: Cobbler (v3.3.6) Debian Deployment Guide author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. -tags: cobbler --- This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.6 server as described in the [Cobbler v3.3.6 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md). @@ -20,15 +19,15 @@ Starting where the [Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners ### Caveats -- using the `cobbler check` CLI command on the Cobbler server, you should notice that it recommends installing the **debmirror** package in order to manage Debian deployments and repos with Cobbler. Instead, we will simply import the Debian source installation media (.iso file), which will become available over HTTP, and use that as the local repo mirror to install over the network. +- using the `cobbler check` CLI command, the output recommends installing the **debmirror** package in order to manage Debian deployments and repos with Cobbler. Instead, we will simply import the Debian source installation media (.iso file), which will become available over HTTP, and use that as the local repo mirror to install over the network. - This method is not the Cobbler official method, and Debian actually [recommends](https://www.debian.org/mirror/ftpmirror) using something like "apt-cacher-ng" or "squid proxy" instead of "debmirror" - - The Main Debian repo for the latest release of Debian is about 100 GB at the time of writing, which is why this is the preferred method over using **debmirror**, as it only requires the data from a single Debian installer DVD (.iso file) + - The Main Debian repo for the latest release of Debian is about 100 GB at the time of writing, which is why this is *my* preferred method over using **debmirror**, as it only requires the data from a single Debian installer DVD (.iso file) - For completeness however, the **debmirror** method will be detailed towards the bottom of this guide, in the **Mirroring with debmirror** section. -- This guide provides a workaround to an issue that is encountered when installing Debian 11 & 12 over the network from a local/private repo where the PXE client (`debian-installer`) does not trust the installation source *(Since Debian developers DO NOT sign the software/repos packaged into official DVD/ISO releases: (https://wiki.debian.org/SecureApt)[https://wiki.debian.org/SecureApt] )*. +- This guide provides a workaround to an issue that is encountered when installing Debian 11 & 12 over the network from a local/private repo where the PXE client (`debian-installer`) does not trust the installation source *(Since Debian developers DO NOT sign the software/repos packaged into official DVD/ISO releases: [https://wiki.debian.org/SecureApt](https://wiki.debian.org/SecureApt) )*. - This appears to be a bug in the `debian-installer` (`d-i`); more info provided in the **Tips & Troubleshooting** section below. @@ -213,9 +212,9 @@ similarly to the DVD/ISO method above, both the **netboot** and **DVD/ISO** `ini Since the official Debian repo will be mirrored, the source will be fully valid with trusted signatures, meaning the autoinstall (preseed) file for the PXE client will not need the APT security settings required in the DVD/ISO source method. -Cobbler supports managing repos/sources via the debmirror command natively, which mean the `debmirror` package only needs to be installed and configured, then mirroring can be accomplished/managed through Cobbler CLI commands. +Cobbler supports managing repos/sources via the debmirror command natively, which means the `debmirror` package only needs to be installed and configured, then mirroring can be accomplished/managed through Cobbler CLI commands. - - The syntax for mirroring a Debian repo through the `debmirror` command will still be provided below for context in the **Manual debmirror** section below, but is not necessary in most cases to mirror Debian locally. + - The syntax for mirroring a Debian repo through the `debmirror` command will still be provided below for context in the **Manual debmirror** section, but is not necessary in most cases to mirror Debian locally. ### Setup debmirror From f7078480152004f56493c4e3572d38f6e8e931a0 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Tue, 3 Dec 2024 09:02:10 -0500 Subject: [PATCH 06/13] finishing Debian guide --- ...-Cobbler-v3.3.6-Debian-Deployment-Guide.md | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md index b9203c98..7af5b402 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md @@ -3,6 +3,7 @@ layout: post title: Cobbler (v3.3.6) Debian Deployment Guide author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. +tags: cobbler --- This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.6 server as described in the [Cobbler v3.3.6 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md). @@ -21,13 +22,13 @@ Starting where the [Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners - using the `cobbler check` CLI command, the output recommends installing the **debmirror** package in order to manage Debian deployments and repos with Cobbler. Instead, we will simply import the Debian source installation media (.iso file), which will become available over HTTP, and use that as the local repo mirror to install over the network. - - This method is not the Cobbler official method, and Debian actually [recommends](https://www.debian.org/mirror/ftpmirror) using something like "apt-cacher-ng" or "squid proxy" instead of "debmirror" + - This method is not the Cobbler official method, and Debian actually [recommends](https://www.debian.org/mirror/ftpmirror) using something like "apt-cacher-ng" or "squid proxy" - The Main Debian repo for the latest release of Debian is about 100 GB at the time of writing, which is why this is *my* preferred method over using **debmirror**, as it only requires the data from a single Debian installer DVD (.iso file) - For completeness however, the **debmirror** method will be detailed towards the bottom of this guide, in the **Mirroring with debmirror** section. -- This guide provides a workaround to an issue that is encountered when installing Debian 11 & 12 over the network from a local/private repo where the PXE client (`debian-installer`) does not trust the installation source *(Since Debian developers DO NOT sign the software/repos packaged into official DVD/ISO releases: [https://wiki.debian.org/SecureApt](https://wiki.debian.org/SecureApt) )*. +- This guide provides a workaround to an issue that is encountered when installing Debian 11 & 12 over the network from a local/private repo where the PXE client (`debian-installer`) does not trust the installation source *(Since Debian developers DO NOT sign the software/repos packaged into official CD/DVD/ISO releases: [https://wiki.debian.org/SecureApt](https://wiki.debian.org/SecureApt) )*. - This appears to be a bug in the `debian-installer` (`d-i`); more info provided in the **Tips & Troubleshooting** section below. @@ -44,14 +45,14 @@ That said, continue at your own risk. Download the latest releases of Debian Bookworm and Bullseye ```shell -cd ~/Downloads && wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.7.0-amd64-DVD-1.iso +cd ~/Downloads && wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.8.0-amd64-DVD-1.iso cd ~/Downloads && wget https://cdimage.debian.org/mirror/cdimage/archive/11.11.0/amd64/iso-dvd/debian-11.11.0-amd64-DVD-1.iso ``` Additionally, all Debian releases at the time of writing require the "netboot" initial ramdisk (`initrd`) provided separately by the Debian maintainers in order to properly boot over the network. Furthermore, Debian 11 Bullseye and earlier require the "netboot firmware" image, which is an extension to the netboot `initrd` image containing drivers for non-free firmware, also provided by Debian. ```shell -wget -O ~/Downloads/Debian12.7-netboot.gz https://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz +wget -O ~/Downloads/Debian12.8-netboot.gz https://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz wget -O ~/Downloads/Debian11.11-netboot.gz https://ftp.debian.org/debian/dists/bullseye/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz wget -O ~/Downloads/Debian11.11-firmware.gz https://cdimage.debian.org/cdimage/firmware/bullseye/current/firmware.cpio.gz @@ -87,14 +88,14 @@ mount the Debian 12 Bookworm installation media and import the distro into cobbl ```shell [ -e /mnt/Debian ] || mkdir /mnt/Debian -mount -t iso9660 -o loop,ro /home/fedora/Downloads/debian-12.7.0-amd64-DVD-1.iso /mnt/Debian -cobbler import --name Debian12.7 --path /mnt/Debian +mount -t iso9660 -o loop,ro /home/fedora/Downloads/debian-12.8.0-amd64-DVD-1.iso /mnt/Debian +cobbler import --name Debian12.8 --path /mnt/Debian ``` Navigate to the imported distro mirror and sign the repo: ```shell -cd /var/www/cobbler/distro_mirror/Debian12.7/dists/bookworm +cd /var/www/cobbler/distro_mirror/Debian12.8/dists/bookworm gpg -u cobbler -bao Release.gpg Release gpg -u cobbler --clear-sign --output InRelease Release ``` @@ -102,9 +103,9 @@ gpg -u cobbler --clear-sign --output InRelease Release Concatenate the two `initrd.gz` images in the following order, then configure the new Cobbler Distro to use the combined image: ```shell -cat /var/www/cobbler/distro_mirror/Debian12.7/install.amd/initrd.gz ~/Downloads/Debian12.7-netboot.gz > /var/www/cobbler/pub/Debian12.7-netboot.gz +cat /var/www/cobbler/distro_mirror/Debian12.8/install.amd/initrd.gz ~/Downloads/Debian12.8-netboot.gz > /var/www/cobbler/pub/Debian12.8-netboot.gz -cobbler distro edit --name Debian12.7-x86_64 --initrd "/var/www/cobbler/pub/Debian12.7-netboot.gz" +cobbler distro edit --name Debian12.8-x86_64 --initrd "/var/www/cobbler/pub/Debian12.8-netboot.gz" ``` Create a new "preseed" (autoinstall) template from the sample included with Cobbler, and make the necessary changes to install from an unofficial source. @@ -159,13 +160,13 @@ sed -i 's,script=preseed_late_default,script=preseed_late_sudo_sources,' /var/li Configure the Cobbler Profile to use the new autoinstall (preseed) template: ```shell -cobbler profile edit --name Debian12.7-x86_64 --autoinstall 'bookworm-sample.seed' +cobbler profile edit --name Debian12.8-x86_64 --autoinstall 'bookworm-sample.seed' ``` Create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System. ```shell -cobbler system add --name "Debian12.7" --profile Debian12.7-x86_64 --hostname "debian12-7" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8" +cobbler system add --name "Debian12.8" --profile Debian12.8-x86_64 --hostname "debian12-8" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8" ``` Finally, restart and sync up Cobbler: @@ -175,7 +176,7 @@ systemctl restart cobblerd && sleep 10 cobbler sync ``` -The **PXE Client** VM can now be powered on, and should automatically boot to PXE and install Debian 12.7 to the VM HDD using the "bookworm-sample.seed" preseed template created above. +The **PXE Client** VM can now be powered on, and should automatically boot to PXE and install Debian 12.8 to the VM HDD using the "bookworm-sample.seed" preseed template created above. ## Debian 11 Bullseye PXE Deployment @@ -214,7 +215,7 @@ Since the official Debian repo will be mirrored, the source will be fully valid Cobbler supports managing repos/sources via the debmirror command natively, which means the `debmirror` package only needs to be installed and configured, then mirroring can be accomplished/managed through Cobbler CLI commands. - - The syntax for mirroring a Debian repo through the `debmirror` command will still be provided below for context in the **Manual debmirror** section, but is not necessary in most cases to mirror Debian locally. +- The syntax for mirroring a Debian repo through the `debmirror` command will still be provided below for context in the **Manual debmirror** section, but is not necessary in most cases to mirror Debian locally. ### Setup debmirror @@ -233,7 +234,7 @@ cobbler check Sometimes debmirror may fail to download a few files from the configured source, which can cause Cobbler to error out on the `reposync` task/command. - - Usually re-issueing the `reposync` command (and in-turn, the `debmirror command) after such a failure will complete the download of the missing files. +- Usually re-issueing the `reposync` command (and in-turn, the `debmirror` command) after such a failure will complete the download of the missing files. This manual `debmirror` method may be useful for troubleshooting @@ -257,9 +258,9 @@ cp /var/lib/cobbler/templates/bookworm-sample.seed /var/lib/cobbler/templates/bo sed -i 's,d-i apt-setup/local0/repository,#d-i apt-setup/local0/repository,' /var/lib/cobbler/templates/bookworm-latest.seed sed -i 's,d-i apt-setup/local0/key,#d-i apt-setup/local0/key,' /var/lib/cobbler/templates/bookworm-latest.seed sed -i 's,d-i debian-installer/allow_unauthenticated,#d-i debian-installer/allow_unauthenticated,' /var/lib/cobbler/templates/bookworm-latest.seed -sed -i 's,script=preseed_early_default,script=preseed_early_debmirror,' /var/lib/cobbler/templates/bookworm-latest.seed -cp /var/lib/cobbler/scripts/preseed_early_default /var/lib/cobbler/scripts/preseed_early_bookworm -echo -e '#!/bin/sh\nexit' | tee /var/lib/cobbler/scripts/preseed_early_bookworm +sed -i 's,script=preseed_early_workaround,script=preseed_early_skip,' /var/lib/cobbler/templates/bookworm-latest.seed +cp /var/lib/cobbler/scripts/preseed_early_workaround /var/lib/cobbler/scripts/preseed_early_skip +echo -e '#!/bin/sh\nexit' | tee /var/lib/cobbler/scripts/preseed_early_skip ``` Download the kernel and 2 initrd files for Debiain latest/current (12.8) From 2e737e3769b68687ad0e505f019e7d73253fa83c Mon Sep 17 00:00:00 2001 From: sus-admin Date: Tue, 3 Dec 2024 09:04:54 -0500 Subject: [PATCH 07/13] final Debian Guide fixes --- _posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md | 1 - 1 file changed, 1 deletion(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md index 7af5b402..180a7e16 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md @@ -3,7 +3,6 @@ layout: post title: Cobbler (v3.3.6) Debian Deployment Guide author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. -tags: cobbler --- This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.6 server as described in the [Cobbler v3.3.6 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md). From da8f1f21580c4d47b8ea457695407750856b2680 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Fri, 6 Dec 2024 07:45:52 -0500 Subject: [PATCH 08/13] updated guides for Cobbler v3.3.7 --- ...4-11-12-Cobbler-v3.3.7-Beginners-Guide.md} | 22 +++++++++--------- ...Cobbler-v3.3.7-Debian-Deployment-Guide.md} | 8 +++---- ...pg => Cobbler-3.3.7-Beginners_Logical.jpg} | Bin ...g => Cobbler-3.3.7-Beginners_Physical.jpg} | Bin 4 files changed, 15 insertions(+), 15 deletions(-) rename _posts/2024/{2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md => 2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md} (97%) rename _posts/2024/{2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md => 2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md} (98%) rename images/{Cobbler-3.3.6-Beginners_Logical.jpg => Cobbler-3.3.7-Beginners_Logical.jpg} (100%) rename images/{Cobbler-3.3.6-Beginners_Physical.jpg => Cobbler-3.3.7-Beginners_Physical.jpg} (100%) diff --git a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md b/_posts/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md similarity index 97% rename from _posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md rename to _posts/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md index 1db040b6..a8e26635 100644 --- a/_posts/2024/2024-11-12-Cobbler-v3.3.6-Beginners-Guide.md +++ b/_posts/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md @@ -1,8 +1,8 @@ --- layout: post -title: Cobbler v3.3.6 Beginner's Guide +title: Cobbler v3.3.7 Beginner's Guide author: Sus-Admin -summary: Getting started with Cobbler v3.3.6; basic installation, setup and automated PXE client provisioning +summary: Getting started with Cobbler v3.3.7; basic installation, setup and automated PXE client provisioning --- This guide is intended to accompany and extend the official Cobbler [Installation](https://cobbler.readthedocs.io/en/v3.3.6/installation-guide.html) and [Quick Start](https://cobbler.readthedocs.io/en/v3.3.6/quickstart-guide.html) guides. @@ -17,7 +17,7 @@ Cobbler is an open-source, system deployment and provisioning software which can ## Objective -Starting with a fresh installation of Fedora 34 Server (or Workstation - [Fedora download archive](https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/34/Server/x86_64/iso/)), this guide will detail preparing the system for Cobbler v3.3.6 installation from source, including prerequisite/dependency installations and network setup, and then provide all necessary steps to install and configure Cobbler to automatically provision another LAN host with Fedora 34 or 37 Server through PXE network boot. +Starting with a fresh installation of Fedora 34 Server (or Workstation - [Fedora download archive](https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/34/Server/x86_64/iso/)), this guide will detail preparing the system for Cobbler v3.3.7 installation from source, including prerequisite/dependency installations and network setup, and then provide all necessary steps to install and configure Cobbler to automatically provision another LAN host with Fedora 34 or 37 Server through PXE network boot. ## Environment @@ -58,14 +58,14 @@ This guide assumes that both the **Cobbler Server** and **PXE Clinet(s)** are ru

Physical Network Diagram

- {% include figure.liquid loading="eager" path="images/Cobbler-3.3.6-Beginners_Physical.jpg" class="img-fluid rounded z-depth-1" zoomable=true %} + {% include figure.liquid loading="eager" path="images/Cobbler-3.3.7-Beginners_Physical.jpg" class="img-fluid rounded z-depth-1" zoomable=true %}
The Cobbler server and PXE client(s) are not shown here, as they are VMs, not physical workstations.

Logical Network Diagram

- {% include figure.liquid loading="eager" path="images/Cobbler-3.3.6-Beginners_Logical.jpg" class="img-fluid rounded z-depth-1" zoomable=true %} + {% include figure.liquid loading="eager" path="images/Cobbler-3.3.7-Beginners_Logical.jpg" class="img-fluid rounded z-depth-1" zoomable=true %}
The VirtualBox host (my Windows 10 laptop) is only shown for completeness, it is not used in the procedures other than the VM settings described above.
@@ -78,7 +78,7 @@ This guide assumes that both the **Cobbler Server** and **PXE Clinet(s)** are ru ## Fedora Server Basics -As stated above, this document outlines the procedures necessary to install and configure Cobbler v3.3.6 on a Fedora 34 host server for local network installations/provisioning through PXE. Additionally, necessary adjustments will be made for security through **selinux** and **firewalld** on the Cobbler server. As such, it is recommended to keep things simple and **limit the number of additional applications installed** to the Cobbler server to **minimize unexpected firewall and selinux complications.** +As stated above, this document outlines the procedures necessary to install and configure Cobbler v3.3.7 on a Fedora 34 host server for local network installations/provisioning through PXE. Additionally, necessary adjustments will be made for security through **selinux** and **firewalld** on the Cobbler server. As such, it is recommended to keep things simple and **limit the number of additional applications installed** to the Cobbler server to **minimize unexpected firewall and selinux complications.** ### Updating @@ -143,14 +143,14 @@ yum install make git python3-devel python3-sphinx python3-coverage openssl httpd > Cobbler is also available through the YUM repos, using `yum install cobbler` -Download **cobbler v3.3.6** source code from the official GitHub repo +Download **cobbler v3.3.7** source code from the official GitHub repo ```shell -wget -P ~/Downloads/. https://github.com/cobbler/cobbler/archive/refs/tags/v3.3.6.zip +wget -P ~/Downloads/. https://github.com/cobbler/cobbler/archive/refs/tags/v3.3.7.zip mkdir -p /usr/src/cobbler cd /usr/src/cobbler -unzip -d . ~/Downloads/v3.3.6 +unzip -d . ~/Downloads/v3.3.7 ``` Install the runtime dependencies and enable system services *(systemd will probably report some errors...)* @@ -171,7 +171,7 @@ yum install grub2-pc grub2-pc-modules grub2-efi-x64-modules grub2-efi-aa64-modul Install Cobbler ```shell -cd /usr/src/cobbler/cobbler-3.3.6 +cd /usr/src/cobbler/cobbler-3.3.7 make install systemctl restart httpd ``` @@ -449,7 +449,7 @@ systemctl restart tftp httpd 1. Cobbler's [official docs](https://cobbler.readthedocs.io/en/v3.3.6/installation-guide.html#id2) advise that installing and running Cobbler in a virtual environment is not possible, but I have had no issues related to virtualization. -1. Some dependencies are missing from the official [Cobbler docs](https://cobbler.readthedocs.io/en/v3.3.6/installation-guide.html#packages). Have a look at the [dockerfile](https://github.com/cobbler/cobbler/blob/v3.3.6/docker/rpms/Fedora_34/Fedora34.dockerfile) located in cobbler's source code for a more complete list. +1. Some dependencies are missing from the official [Cobbler docs](https://cobbler.readthedocs.io/en/v3.3.6/installation-guide.html#packages). Have a look at the [dockerfile](https://github.com/cobbler/cobbler/blob/v3.3.7/docker/rpms/Fedora_34/Fedora34.dockerfile) located in cobbler's source code for a more complete list. 1. It's always a good idea to manually install the desired distro (Fedora 34 or 37 Server in the case of this guide) to the desired hardware (VirtualBox VM in this case) before attempting a network installation, to validate compatability. diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md similarity index 98% rename from _posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md rename to _posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index 180a7e16..fb6beee5 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.6-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -1,11 +1,11 @@ --- layout: post -title: Cobbler (v3.3.6) Debian Deployment Guide +title: Cobbler (v3.3.7) Debian Deployment Guide author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. --- -This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.6 server as described in the [Cobbler v3.3.6 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md). +This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.7 server as described in the [Cobbler v3.3.7 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.7-Beginners-Guide.md). ## Table of Contents {:.no_toc} @@ -15,7 +15,7 @@ This guide assumes that you have a Fedora 34 server or workstation configured to ## Objective -Starting where the [Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md) left off, further configure the Cobbler v3.3.6 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. +Starting where the [Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.7-Beginners-Guide.md) left off, further configure the Cobbler v3.3.7 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. ### Caveats @@ -294,7 +294,7 @@ Now the **PXE Client** should be able to boot from a generic/random MAC address ## Tips & Troubleshooting -1. The [Cobbler 3.3.6 Beginner's Guide](/_posts/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. +1. The [Cobbler 3.3.7 Beginner's Guide](/_posts/2024-10-16-Cobbler-v3.3.7-Beginners-Guide.md) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. 1. The `debian-installer` issue mentioned in the **Caveats** section above is primarily marked by a fatal error during the installation process and the log entry `GPG error` in `/var/log/syslog` on the installer system, or, if the workaround script was used, you can install the `debconf-utils` package on the resulting system and use the command `debconf-get-selections --installer | grep "Downloading"` for more info on the error. diff --git a/images/Cobbler-3.3.6-Beginners_Logical.jpg b/images/Cobbler-3.3.7-Beginners_Logical.jpg similarity index 100% rename from images/Cobbler-3.3.6-Beginners_Logical.jpg rename to images/Cobbler-3.3.7-Beginners_Logical.jpg diff --git a/images/Cobbler-3.3.6-Beginners_Physical.jpg b/images/Cobbler-3.3.7-Beginners_Physical.jpg similarity index 100% rename from images/Cobbler-3.3.6-Beginners_Physical.jpg rename to images/Cobbler-3.3.7-Beginners_Physical.jpg From 236773707d05f7b06fcac189b599e96277472a17 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Mon, 9 Dec 2024 19:42:10 -0500 Subject: [PATCH 09/13] correcting sync instructions --- .../2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index fb6beee5..393c51a7 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -166,12 +166,6 @@ Create a new Cobbler System to PXE boot and automatically install Debian 12 Book ```shell cobbler system add --name "Debian12.8" --profile Debian12.8-x86_64 --hostname "debian12-8" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8" -``` - -Finally, restart and sync up Cobbler: - -```shell -systemctl restart cobblerd && sleep 10 cobbler sync ``` @@ -198,7 +192,6 @@ cobbler profile edit --name Debian11.11-x86_64 --autoinstall bullseye-sample.see cobbler system add --name Debian11.11 --profile Debian11.11-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true -systemctl restart cobblerd && sleep 10 cobbler sync ``` @@ -224,7 +217,6 @@ Follow the instructions for supporting Debian deployments/repos given from the ` yum install -y debmirror debian-keyring sed -i "s/@arches/#@arches/g" /etc/debmirror.conf sed -i "s/@dists/#@dists/g" /etc/debmirror.conf -systemctl restart cobblerd && sleep 5 cobbler sync cobbler check ``` @@ -279,7 +271,6 @@ Add a Cobbler Distro and Profile for the new Debian repo, and the usual HTTP lin cobbler distro add --name Debian-latest --arch x86_64 --autoinstall-meta 'tree'='http://@@http_server@@/cblr/links/Debian-latest' --breed debian --os-version bookworm --initrd "/var/www/cobbler/pub/Debian12.8-netboot/initrd.gz" --kernel "/var/www/cobbler/pub/Debian12.8-netboot/vmlinuz" cobbler profile add --name Debian-latest --distro Debian-latest --autoinstall bookworm-latest.seed ln -s /var/www/cobbler/repo_mirror/Debian-latest /var/www/cobbler/links/Debian-latest -systemctl restart cobblerd && sleep 5 cobbler sync ``` From faacf41c64d9e4444852e5164f2140c3019a7d6c Mon Sep 17 00:00:00 2001 From: sus-admin Date: Mon, 9 Dec 2024 19:49:37 -0500 Subject: [PATCH 10/13] fix typo --- .../2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index 393c51a7..c93d69fd 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -162,7 +162,7 @@ Configure the Cobbler Profile to use the new autoinstall (preseed) template: cobbler profile edit --name Debian12.8-x86_64 --autoinstall 'bookworm-sample.seed' ``` -Create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System. +Finally, create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System, then sync up Cobbler. ```shell cobbler system add --name "Debian12.8" --profile Debian12.8-x86_64 --hostname "debian12-8" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8" From 10b835b6f975a183fedeb3450dfd80ae28fd2204 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Mon, 9 Dec 2024 21:39:23 -0500 Subject: [PATCH 11/13] fixed excerpt from official debian preseed file in "Tips & Troubleshooting" section - changed to file "include" instead of plaintext markdown --- _includes/example-preseed-excerpt.txt | 42 ++++++++++++++++ ...-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 50 ++----------------- 2 files changed, 46 insertions(+), 46 deletions(-) create mode 100644 _includes/example-preseed-excerpt.txt diff --git a/_includes/example-preseed-excerpt.txt b/_includes/example-preseed-excerpt.txt new file mode 100644 index 00000000..89e1f1cc --- /dev/null +++ b/_includes/example-preseed-excerpt.txt @@ -0,0 +1,42 @@ +### Apt setup +# Choose, if you want to scan additional installation media +# (default: false). +d-i apt-setup/cdrom/set-first boolean false +# You can choose to install non-free firmware. +#d-i apt-setup/non-free-firmware boolean true +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true +# Uncomment the following line, if you don't want to have the sources.list +# entry for a DVD/BD installation image active in the installed system +# (entries for netinst or CD images will be disabled anyway, regardless of +# this setting). +#d-i apt-setup/disable-cdrom-entries boolean true +# Uncomment this if you don't want to use a network mirror. +#d-i apt-setup/use_mirror boolean false +# Select which update services to use; define the mirrors to be used. +# Values shown below are the normal defaults. +#d-i apt-setup/services-select multiselect security, updates +#d-i apt-setup/security_host string security.debian.org + +# Additional repositories, local[0-9] available +#d-i apt-setup/local0/repository string \ +# http://local.server/debian stable main +#d-i apt-setup/local0/comment string local server +# Enable deb-src lines +#d-i apt-setup/local0/source boolean true +# URL to the public key of the local repository; you must provide a key or +# apt will complain about the unauthenticated repository and so the +# sources.list line will be left commented out. +#d-i apt-setup/local0/key string http://local.server/key +# or one can provide it in-line by base64 encoding the contents of the +# key file (with `base64 -w0`) and specifying it thus: +#d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= +# The content of the key file is checked to see if it appears to be ASCII-armoured. +# If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. +# "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +#d-i debian-installer/allow_unauthenticated boolean true diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index c93d69fd..5a9bc18a 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -293,52 +293,10 @@ Now the **PXE Client** should be able to boot from a generic/random MAC address - The issue stems from the below section of the preseed file, retrieved drectly from Debian's official [stable](https://www.debian.org/releases/stable/example-preseed.txt) and [bookworm](https://www.debian.org/releases/bookworm/example-preseed.txt) example preseed files. - ```shell - ### Apt setup - # Choose, if you want to scan additional installation media - # (default: false). - d-i apt-setup/cdrom/set-first boolean false - # You can choose to install non-free firmware. - #d-i apt-setup/non-free-firmware boolean true - # You can choose to install non-free and contrib software. - #d-i apt-setup/non-free boolean true - #d-i apt-setup/contrib boolean true - # Uncomment the following line, if you don't want to have the sources.list - # entry for a DVD/BD installation image active in the installed system - # (entries for netinst or CD images will be disabled anyway, regardless of - # this setting). - #d-i apt-setup/disable-cdrom-entries boolean true - # Uncomment this if you don't want to use a network mirror. - #d-i apt-setup/use_mirror boolean false - # Select which update services to use; define the mirrors to be used. - # Values shown below are the normal defaults. - #d-i apt-setup/services-select multiselect security, updates - #d-i apt-setup/security_host string security.debian.org - - # Additional repositories, local[0-9] available - #d-i apt-setup/local0/repository string \ - # http://local.server/debian stable main - #d-i apt-setup/local0/comment string local server - # Enable deb-src lines - #d-i apt-setup/local0/source boolean true - # URL to the public key of the local repository; you must provide a key or - # apt will complain about the unauthenticated repository and so the - # sources.list line will be left commented out. - #d-i apt-setup/local0/key string http://local.server/key - # or one can provide it in-line by base64 encoding the contents of the - # key file (with `base64 -w0`) and specifying it thus: - #d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= - # The content of the key file is checked to see if it appears to be ASCII-armoured. - # If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. - # "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) - - # By default the installer requires that repositories be authenticated - # using a known gpg key. This setting can be used to disable that - # authentication. Warning: Insecure, not recommended. - #d-i debian-installer/allow_unauthenticated boolean true - ``` - - - As seen in the procdures above, `allow_unauthenticated` is set to true, which appears to only permit the installation to START when an untrusted repo mirror is found, but the mirror will be checked again before beginning the `apt-setup` phase, which `allow_unauthenticated` will not override. +
{% include example-preseed-excerpt.txt path="_includes/example-preseed-excerpt.txt" %}
+ +1. *(continued)* + - As seen in the procedures above, `allow_unauthenticated` is set to true, which appears to only permit the installation to START when an untrusted repo mirror is found, but the mirror will be checked again before beginning the `apt-setup` phase, which `allow_unauthenticated` will not override. - This means that the `debian-installer` also requires the local APT mirror to be defined using the `d-i apt-setup/local0/repository` & `d-i apt-setup/local0/key` preseed options in order for the PXE client to retrieve the public GPG key for the repo mirror and use it to validate the mirror, which seems to be configured properly through the preseed from Cobbler, verified with the following commands on the `debian-installer` system (and obviously can be done, since the workaround provided in this guide does essentially the same thing): From 18bc3bc850615420e46e78811153ed78056431b4 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Wed, 11 Dec 2024 18:15:07 -0500 Subject: [PATCH 12/13] fixed some links --- .../2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index 5a9bc18a..421fc9d4 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -5,7 +5,7 @@ author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. --- -This guide assumes that you have a Fedora 34 server or workstation configured to run Cobbler v3.3.7 server as described in the [Cobbler v3.3.7 Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.7-Beginners-Guide.md). +This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.7 Beginner's guide](/_post/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md). ## Table of Contents {:.no_toc} @@ -15,7 +15,7 @@ This guide assumes that you have a Fedora 34 server or workstation configured to ## Objective -Starting where the [Beginner's guide](/_post/2024-10-16-Cobbler-v3.3.7-Beginners-Guide.md) left off, further configure the Cobbler v3.3.7 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. +Starting where the [Beginner's guide](/_post/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md) left off, further configure the Cobbler v3.3.7 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. ### Caveats @@ -285,7 +285,7 @@ Now the **PXE Client** should be able to boot from a generic/random MAC address ## Tips & Troubleshooting -1. The [Cobbler 3.3.7 Beginner's Guide](/_posts/2024-10-16-Cobbler-v3.3.7-Beginners-Guide.md) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. +1. The [Cobbler 3.3.7 Beginner's Guide](/_posts/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. 1. The `debian-installer` issue mentioned in the **Caveats** section above is primarily marked by a fatal error during the installation process and the log entry `GPG error` in `/var/log/syslog` on the installer system, or, if the workaround script was used, you can install the `debconf-utils` package on the resulting system and use the command `debconf-get-selections --installer | grep "Downloading"` for more info on the error. From de696b627066c1b8a22f70743b4e330d9bf17089 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Wed, 11 Dec 2024 18:30:40 -0500 Subject: [PATCH 13/13] another link fix (I'm dumb) --- .../2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index 421fc9d4..01589b61 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -5,7 +5,7 @@ author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. --- -This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.7 Beginner's guide](/_post/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md). +This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.7 Beginner's guide](/_posts/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md). ## Table of Contents {:.no_toc} @@ -15,7 +15,7 @@ This guide assumes that you have a Fedora 34 server or workstation system config ## Objective -Starting where the [Beginner's guide](/_post/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md) left off, further configure the Cobbler v3.3.7 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. +Starting where the [Beginner's guide](/_posts/2024/2024-11-12-Cobbler-v3.3.7-Beginners-Guide.md) left off, further configure the Cobbler v3.3.7 server to deploy the latest release of Debian 11 Bullseye and Debian 12 Bookworm via PXE network boot, using the same system and network environment. This guide assumes that you still have `selinux` and `firewalld` configured and enabled as described in the Beginner's guide. ### Caveats