Help with Unattended Linux Install
Posted by Full-Entertainer-606@reddit | linuxadmin | View on Reddit | 35 comments
I am working with some techs in our IT department to replace Windows web kiosk machines with Linux. I usually deal with virtual side of things. They, rightly, are concerned about deploying them at scale. I’m looking for a way to create a bootable USB that will deploy the OS and then run an Ansible playbook to finish the setup. Potentially this could be a 100 machines, so it has to be relatively straightforward or the IT manager will push us toward Chrome OS. Am I asking too much?
ArgH_Ger@reddit
There a quite a few ways to solve this. The best way to do this for a somewhat similar case was provide a "unattended install/config" on a webserver via a netboot image and a kernel parameter. So, if the remote system fails => plug in the usbstick and the rest will come over the net.
Have a look here:
https://fai-project.org/
and
https://help.ubuntu.com/community/KickstartCompatibility
and
https://cobbler.github.io/
Full-Entertainer-606@reddit (OP)
I like the FAI. Thanks.
Wise_Guitar2059@reddit
FAI is hard to maintain and troubleshoot. Look at Debian preseed.
davis-andrew@reddit
I'm curious at what troubles you've had with FAI that have made it hard to maintain? That hasn't been my experience at $dayjob
archontwo@reddit
There is also FOG
riglic@reddit
Couple of things come to mind. Ubuntu MAAS, if you want to keep them in check, if you only need to run it once, cloud-init, autoinstall is your friend. I completely autoinstall every linux server at work, without clicking a single time. Never used ansible though, but the docs says it's there. https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ansible
Full-Entertainer-606@reddit (OP)
I should mention that I plan on using a RHEL derivative. Ubuntu is great, but I am just more used to RHEL.
riglic@reddit
hmmm, I have not much experience with those. MAAS could deploy them to, but if you wanna stay in one lane, I can totally understand that. cloud-init should also work for them, as it is pretty widely supported. In a quick search, I couldn't find something like maas for them, but maybe satellite can achieve a part of what you need?
Good Luck with your Task!
Difficult-Value-3145@reddit
Idk if anyone else asked this but what os I feel like it matters Debian is kinda good for install scripts and all like look at parrots os conversion script that and with Debian the release schedule and everything is very stable so you'll know a date when breaking changes may pop up.
SimpleYellowShirt@reddit
cloud-init or kickstart depending on which distro. Thats if you dont use PXE.
Chewbakka-Wakka@reddit
This is the wrong approach.
You want to deploy this via network install. Options:
If UEFI, you can use HTTP or HTTPS boot (no possible security concerns) to deliver boot files. All you need therefore is DNS, DHCP and a web server process without needing TFTP like with a PXE boot arrangement.
Use PXEboot with TFTP server.
Use DHCP Relay, to relay packets where needed.
I would never consider USB booting for this use-case.
Ansible is not for this purpose. Kickstart profiles are.
Manadaman@reddit
I use iPXE to get around the whole dhcp and tftp stuff. Minimal boot iso. 3mb. Then grab stuff over http. Preseed for debian. Kickstart for RHEL and Fedora. Autoinstall for Ubuntu. This way no messing around with building complex isos. You kan trigger the tiny ipxe iso to have a menu. https://ipxe.org. Alpine and NixOS recommend ipxe btw.
Chewbakka-Wakka@reddit
Grub2 supports netbooting as well
Manadaman@reddit
Ohh and of course Ansible to harden and configure OS. Preseed/kickstart/autoinstall used for configuring disks, an ansible account and some other stuff.
Dizzybro@reddit
Are these running on your networks? You could set up a pxeboot server that runs a kickstart install
cyranix@reddit
I second this answer. PXE would be the easiest way to do this. If network isn't possible, you can still certainly configure USB installers, you probably don't even need ansible... Unattended install is easy enough, most distros are fairly straightforward about their installers and configurations, but if you need to run post-install configuration instructions, depending on complexity, you could probably stick a one time script in /etc/rc.d/ or just create a package that gets installed during installation that sets things up for you as necessary. Puppet or Ansible are fine too, just requires some kind of launch at the appropriate time.
Full-Entertainer-606@reddit (OP)
PXE is probably great, but it’s not an option.
Chewbakka-Wakka@reddit
Why not? This is what you need!
Full-Entertainer-606@reddit (OP)
Considered that but really don’t want to have pxeboot added to our network.
Chewbakka-Wakka@reddit
This is exactly what it was invented for!
archontwo@reddit
Why make life harder for yourself?
As an it admin you should already know all the MAC addresses in your network anyway, so it is a short leap to set up pxe boots. It can the download a ram disk which can format disks, run ansible, what ever you need.
Dizzybro@reddit
Why? Disable it if you want after? Why make life harder though?
Spidertaffy@reddit
I did this exact thing using iPXE on a USB stick. It used an embedded config for iPXE to point to a config I control and uses the MAC address to choose the right configuration file, and defaults to a generic installer. Then I use Ubuntu with user-data scripts to install the OS, and add some autostart stuff when it comes up to setup an overlayFS layer that disappears at reboot, and installs all the necessary dependencies, starts apps, including chrome and sends it to the right screens
guzzijason@reddit
We do it with a custom image that makes use of IPv6 SLAAC autoconf (so we don’t need to set up hundreds of DHCP relay agents across a wide-ranging network). New generic host boots, and fetches some personalization info (and static v4/v6 address info) from a central API, and also runs ansible-pull to do the rest of the config.
Granted, not exactly an off-the-shelf solution, but you may be able to accomplish a lot simply with SLAAC and ansible-pull.
If you don’t run IPv6, then nevermind because there is no IPv4 equivalent that I’m aware of without using DHCP.
Mohit951@reddit
Just mount the ISO, download the required software rpms in the folder of the ISO, create a kickstart with post install script in it, repack the ISO using xorriso, isohybrid it to make it bootable, try installing!
trippedonatater@reddit
I'm curious why you're opposed to the ChromeOS option.
I've done something similar before for SLES and RHEL by editing the installer menu options to default to a kickstart/autoyast file that I placed into the disk image along with the edited installer menu.
Tibuski@reddit
Debian preseed and setup script as I am used to this distribution.
BUT
I would take the opportunity to have a look at NixOS which could be a good candidate for this use case.
HPCmonkey@reddit
If you are using a paid distro like SLES or RHEL, then they likely have a "fleet management" framework for exactly this sort of use case. Wide scale role based remote configuration, monitoring, and life cycle management.
smitty_longmont@reddit
Agree on Debian preseed and setup script. I use the preseed to copy a service file and a series of scripts to the target device. At next boot the service calls my scripts for configuration. One of those scripts setups up ansible pull and a timer service. The script adds the needed ssh keys for GitLab and pulls the config. The timer helps control any drift by running the ansible pull on a regular frequency. I do all of this from a bootable USB.
sudonem@reddit
Lots of ways to skin this cat, and It depends on the flavor of Linux you plan to base the config on, but my first thought would be kickstart with Ansible-pull pre-configured to pull from a repo that you’ve already set up.
SurfRedLin@reddit
Debian preeseed with a script afterwards to install and run ansible. We do it lime this and by now have made over 60 machines. Works well. If u download the ansible file you can more easily change them...
albionandrew@reddit
Same hardware ? If so clonezilla .
stoltzld@reddit
Even if the hardware isn't the same, just use a partition size that's not bigger than the smallest partition.
Full-Entertainer-606@reddit (OP)
Might be. Might not be.
kazik1ziuta@reddit
If you plan on deploying rhel like systems i would suggest using osbuild https://osbuild.org/docs/user-guide/introduction/