 Good morning everyone. The next talk will be about up install your neighborhood and it will be held by Andreas Montt. Enjoy. Okay, thank you. Good morning from my side. After Metdocs nice talk about frame of the emerging countries all over the world. I want to take you now next to your home to your neighborhood. Your neighborhood is now sitting in the new queue waiting for FTP master's approval. No, just kidding. But maybe your neighborhood is sitting in a pub in a local pub like it is every two weeks in my village I live and we started some new Linux meeting there some workshop help desk so you can go there everybody's invited to drop by help get help just to chat and of course you bring can bring your laptop or computer and Have it installed learn how to install that in how to use it. So in the beginning, this is simple Everybody knows this. I don't think I have to spend much time on it you fetch the installer media you run the installation you put the system and Usually you have to do some manual configuration user has some preferences and so on we started then with Kind of a special event so called we called it install party and we make these posters all over the village more or less and made some advertising and Invited everybody on a Saturday afternoon to do this in a bit of a bigger scale and The question was how are we going to do that running around with CDs with USB sticks and so on seems to make troubles So we thought about a better idea. How is this done in enterprises? It's done with a proxy technologies with a net boot installer and we thought about Setting up such on such a small box and we called it install books What does it look like a friend of mine found this? nice interest your great PC in his in the basement of his company and the nice thing is it has two network interfaces and you can install debian on it and that was our Hardware we tried to put that install mechanism on Of course, it's not needed to have this hardware. You can do the same with a virtual machine on every laptop Slightly more complicated because usually you don't have to Ethernet interfaces, but you can use but you can use the VLAN interface and it Works the same in the end more or less Okay, what does this install box need? I? Already set the hardware It's desirable to have these two network interface cards and you need about 10 gigabytes of disk space and then We need to configure the network. We need a we want to Connect to the pubs network. Usually you get a DHCP a network the dynamic address from the From the outside more or less and then we have our internal network where we are going to set up our own addressing then we use big reboot net install and We want to install 64-bit and Sometimes people show up with really old laptops old hardware. So we will also need some 38-bit installer and As services really need to set up the HCP as I said DNS a trivial FTP service and a package cache something we also want because The bandwidth is rather limited So I will now quickly go through How this can be set up I Wrote this down extensively to really copy and paste it and set up this machine for your own But I now will only quickly rush over it okay, first you start with a standard Jesse installation maybe at an SSH server to log in on to the machine and In the beginning you have automatic after the installation One network slot will be already configured to use DHCP. We will use that for the outer network and Well first step is always a good idea install ETC keeper to Make sure you don't lose anything when you're doing all this Then we add the second we configure the second interface for our static At this static configuration And we install DNS mask. It's a Simple for these simple use case. It's a nice thing We don't need to configure much We just have to tell it in first step what the DHCP range is we want to supply to machines in the local area network So then where do we get the net boot images from there is a package Which is called DI net boot assistant and you just install this package create a TFTP boot directory and then you can With these two commands the I net boot assistant installed Jesse and the same with arch I 386 386 you can make these net boot images ready and We just have to look how to To we just have to tell our DNS mask to serve these images at the right time so we Put the path in there in the DNS mask configuration enable the TFTP server and Well, tell him where to find PXE Binary and we then start we start the service and if we check What we need and what we already have we will find that the HCP IP address Works with DNS resolution PXE install a boot works, but we don't have Web access yet, and we don't have a package case catch cash so far Okay, how to do that there are different ways I did it with sure wall because I used it in another setup. It's a fire wall Frontend I would say What do we have to do there just install sure well switch it on we want IP forwarding and Then we just use the two interface example configuration we just have to copy it in the to the configuration and Modified slightly We want the Local net to access also these install books And we want From from everywhere we want to be able to log in via SSH just to simplify maintenance So after that we will have also web of says But no package cash so far so we install squid and This is now some more modifications are needed to Make sure that the packages are archived. I Won't go into details there But after we've done that it's by the way taken from a package Squid that proxy this configuration We Have set up the package cases cash as well now we want to make one other modification. We want to have a transparent cash, we don't want to configure the The proxy on the On the computers that are going to be installed because then the people go home and This proxy isn't it's not there anymore and It doesn't work as expected. So we want that all traffic is going to the outside is To port 80 is going to be redirected to our package cash and this is done with these few lines of Configuration and then we can check that in the access lock and we see after having downloaded the package it's cashed and it's just Resolved from the cash if it's required again Okay So far we're done all our all the stuff we wanted to implement is working and We can PXC boot a client we get these Ugly menu I would say We can then choose an installer get the usual Debian installer menu and this is slightly improved system where we have some monitoring for the Squid boxy you see the green fields are all hits of the cash or of the memory and only very little packages or The package lists or something which Is is is downloaded from From From the internet, but most of the stuff is from the cash Okay, so far this is the simple setup and now we want to improve it even more and I Want to show a technique which is well known for many years, but it's quite Can be quite confusing or it's not easy to use it's very powerful But also a bit complex and I just want to show what we did in our case What is preceding Well preceding means when you do the installation you're asked a lot of question questions and Preceding means that you answer the questions in advance. So how is it done? You need to prepare a pre-configuration file There is an example provided by on the link below You need to make it Available there are several ways how you can do that HTTP TFTP and even some more and you have to tell the installer where and how to fetch this image This this preceding file Okay, how are we going to do that? We use the TFTP server of the DNS mask So we don't need to install anything else. We just Create a location there in the TFTP server route and put there our in our precede configuration and Some cosmetics we want to Resolve the install box with the name install box. So we put the name into the ETC hosts That's where DNS masks looks for In the first in the first attempt looks for names To resolve names Okay, then the precede file We use that one I have to say we we don't want to do anything automatically we want also to some kind of educate The people to show them that it's not complicated to do an installation and so that they at home Can do an installation on their own, but we set a few things which we Think for our case are quite useful. So we don't Want the root account we switch that off took the question Usually unfortunately we need some non-free firmware So we switch that on we choose a mirror which is next to the village And we use KDE because we think that's Kind of What people expect or what they are used to when they come from the Windows world A Few extra packages At block plus is useful and as I said some firmware and we switch on time service Okay, how do we tell the installer to use that file? We have to add some node in the in the boot boot line And with this setup I show here. It's as simple as URL equals TFTP double points double point slash slash inbox so when we now install with that boot line we find in the lock Lines like precede successfully loaded precede file and then you know are anything works as it should can also Grab few if you missed that The moment where this line is created you can also use grab precede while lock sys lock And then you also end up with this line. So this is a nice check because if you try it Try it here and there then Sometimes takes a bit until it works as you think it should Okay, a few further notes and You can Specify these pre-configuration files also by the by the DHCP server you can also Answer questions already within the boot parameters You can set a debug parameter which is useful when you try this Ah Default values can be modified as well and there is a boot parameter automated install which Helps when you want to proceed questions that are asked even before the Network is set up. So it it shifts the configuration of the net network to an early stage so That In the extreme all questions can be answered by preceding. Okay, if you want to do an completely automatic installation You need to answer all questions asked and You can put a extra line to the net boot the I net boot assistant menu. I I Showed it's shown here in the middle You add auto equals true priority critical and you tell Again the location where it finds the Proceed file and then you rebuild the menu and after that you have another entry here in the in the boot menu which is booted after a timeout and then this entry is booted and Installation goes through and the machine is ready Okay, there are some limitations We see this this preceding in my opinion is fine for more or less standard installations You can do really you can do in the end you can do anything, but it's a question of how How to handle a complexity And Yeah, it's it's kind of fragile sometimes things are changed and Yeah, you have limited logging logging capabilities. It's all there, but it's Sometimes tedious to figure it out and to find what you need and It also takes a lot of time to try again and a try again until you succeed So if you want to do more complex things then Usually you would probably use something like puppet chef Ansible CF engine or five Two years ago I gave a talk about the Debian line which tries to solve this problem. It's a small project inside Debian which Has the goal to set up A local area network within Debian As simple as possible and if you're interested in that I recommend to go back and Watch the video Slides are also online. I will skip this now completely, but I left the slides in here Kind of refurbished slides just to if you may look this up later you have a complete line, but now I switch To the summary and conclusions. I hope hope I gave you an idea how to set such an install box How to configure DNS mask the iNetboot assistant or wall and squid with a few lines of configuration? I Hope I could give you an idea about How to use preceding to get rid of boring questions and As I said for more complex installations take a look at fire and Debian land Here are some Links where you can find further information more information. I think the experts about preceding our the Auditorium as well sitting here in the front. So if you have really special questions Maybe I can't answer them, but we will find someone who can and I want to say thank you and Maybe there are some questions non-technical question about the publicity and telling in a Pup that you're doing the install party Could you tell me tell us more about this how it went some tricks what you learned news and don'ts mostly did non-technical stuff You mean how we how we did a bit more about install party And telling it to people outside of the usual technical area. How did you get in contact with them? Okay, I think this is very much Depends on where you live. So I I ended up in a rather small village which which Don't doesn't have any really Much geeks, but I found a few neighbors Which are interested and I we started do it to do some Using Debian and they got interested and there is a This this puppet does a lot of it's very open to cultural things and it's You can there are concerts from time to time and it's really they have a Repair workshop once in a month where you can bring old Old kitchen gear and they try to repair it and so on and There we started with this idea and we asked the guy from the pub if he would be interested to serve as a Location for such a venue and he was interested and that's how we get started and then we created this And this this advertising and ask friends and neighbors and so on and it's really in a small scale and it's probably Different from how you would do it in a in a larger town because it's more anonymous in In this in this in this town But the other one I've shown you oops Oops Can I do that the other one was on it in a small on a small conference in It was called tubics near tubing in Maybe I can show you that and we just recycled the This this banner so it was a we offered this it has a Along the conference. It was one day's conference and we offered that To do installations and we prepared that one any more questions yep So one question about Security, I mean when you're on a local network like this there might not be a Malicious intent, but if you are in a more office environment Or in a virtualization environment, maybe there are Someone trying to intercept your initial boot to a is there any protection against this like signing or Providing a hash of the pre-seed file or something like this or could you talk some about security aspects? At the moment, there are no security No No methods against these attacks implemented at all So this is really for a small scale where where you more or less know the people or you you you can look what they are doing and these are people that You are happy when they Try something else than their windows and it's not the kind of Geeky Hacker hacker space as we have it here. So it's really something completely different. So I think the The probability that someone tries to hack the system is rather low Okay, I'm around for the whole week. So if someone wants to know more or Has questions whatever Just contact me