 Okay, so now we will have 20 minutes talking questions by Andreas Mundt on automatic installation of Debian GNU Linux. Enjoy. Welcome. Good afternoon to my talk. Before I start, I just want to introduce myself. I was brought up as a physicist. I worked in this lab and spent some time on trapping irons. This is an Apollo trap, an iron trap, and you can trap single irons in this trap. It looks like that. That's that are two calcium irons and we use these irons as as quantum bits. Well, these are very basic experiments. After leaving your university, I spent some time at an optics company and worked in research and development for optical lithography in the EUV, ultraviolet range. So this is technology getting more and more now into real use. But then I switched to high school teaching and I'm working now since two years in Istanbul. On the picture, you can see Asia on the middle picture on the top and Europe in the middle. So that's where I am what I'm doing right now. From this background, I was always interested in small local area networks like you have in a school where you don't have a professional taking care about the system all day, but you have only a part-time SUS admin and it's interesting to manage these systems as efficient as possible. These are not highly sophisticated systems, but at least the better they are the better you can work with them. And so I try to improve Debian in this user case and this talk is also in this direction. All of you are in my talk. First, I will make a pretty short introduction about TFT, TXE network installations just to get an idea who has already used network installations. Okay, so about half of the audience, so I will go through this topic, but I'm not going to spend too much time on that. Then I will show a package in Debian. It's called DI-Netboot Assistant. I used this package and I improved it and added a couple of features and I think it's now pretty useful for these network installations and I will show you how this works and how you can make it work for you. Then I will come to more interesting topics. How can you customize this installation? I will show how you can make them run automatically and how you can combine the Debian installer with I would say modern configuration management systems and I have also a couple of examples which I use myself and which I try to get others involved with and maybe also submit improvements or that are examples others can build on. Okay, how does this TFT, TXE network installation work? You have a network, a local area network and you boot a machine. You can choose how to, what to do next when the machine, when you power on the machine, what is, what should the machine do? You can boot something from a USB stick or from a CD, but you always have the possibility to boot from the network. You can you can configure that in the BIOS or in the EFI and the machine then starts starts to connect to the network and ask for a boot server where it downloads something to run. Okay, this can be a kernel or whatever you want. This machine loads this binary and starts this binary and then you can run for example an installer. Today you have to take care that if you have different type of machines there are maybe legacy BIOS machines, then you need another executable. When you have EFI, then you need to send something else to the machine. You can configure this on the DHCP server and just to, for record, edit these to the slides maybe useful when you set up a system like that. Okay, what does now the DInetboot assistant package? It was created many years ago, 10, 15 years, at least I guess, by Franklin Peart and the idea was to simplify the preparation for files you need for TFTP netbooting. It helps you to download and extract files, the files needed and to it takes care of organizing them. And it prepares a top-level menu where when you boot up the machine you can choose different installers. As I said, I added a couple of features to this script and I just when I prepared this talk I went through the changelog and looked for of the most interesting things. For example, I added that you can can use also the package stepping installer images. And I added signature verification and I added the ability to use EFI and also before there was, you did not know when did I install this image and this has also been added as well. I implemented some auto package tests and a lot of improvements, bug fixes and the last thing I did was that I bought a little ARM system. I'm coming to that later and this is also now implemented in this DI-Netboot assistant. So let's see how this works. You run this command DI-Netboot install and then it first it complains that you have to tell the script what to install, but it already shows you a list of distributions and you see here many Debian releases, but also future releases, actual releases and old releases, but also some Ubuntu releases and if you now go on and install one of these images, here you can install several at the time, here stable and testing, then this is the script runs, it downloads the images you need, it checks the signature and it installs these images at your TFTP server. When you then connect the machine and put over network, you get a menu like this, it's not exactly, it's not only the not from this stable testing installation I showed before, here are some more installations and you see you can choose different distributions, different images and when you do that here is our few pictures, this is current release, stretch, this is then jessi, I guess, probably we see, here is an Ubuntu image and over there is the e-fi. It's not, it doesn't have the nice background yet, but I tested it on virtual machine as well as on a some other computers and it worked fine there. Okay so far we have not gained more than we have also with a USB, if we prepare a set of USB sticks for every release, for every distribution, we end up with more or less the same, but now we have an advantage we can customize this installation easily and I'm going to show you how this works. First we start with preceding and then I show you how to combine preceding with using configuration management system, Ansible, and I then later come to the examples. So how does this preceding work? When you run the installation, you have to answer a couple of questions and you can give the answers in advance to the installer and then these questions are not used, not asked anymore. Okay, so how do you hand over these answers to the installation? This can be done also from the can be done also by the TFTP server and you have to tell the installer to fetch these answers. This is done here in these lines you see you load a kernel, you load an initial RAM disk, but then you add some more parameters and you add a URL which tells the installer to fetch these answers. Okay, and if you do that an example preceding precede file is given in this package so it shouldn't be too complicated to modify that to adapt that and you get something running pretty soon, then your installation runs completely automatically. Usually you want to modify a bit, your language, the partitioning, and if you want to later log into the machine, you might want to add an SSH public key so that the machine is accessible. We will use that now. How can we now do more complicated configurations? So far we started with just preceding the questions asked during the installation, but usually there are more configurations. Doing this by preceding is sometimes possible, sometimes you have to do complicated stuff and it's difficult to test this to develop on that and it's better to only set up the system to a minimal state so that you can then, after that, log in with SSH and then do all the other configuration. That's how a lot of people do it in the normal, during the normal day. And I got the idea to use not do these two-step approach, to do the installation to a minimal level, then put the machine again to running Debian's minimal system and then do some configuration management. But combine this and run at the end of the installation, already the Ansible configuration management system. Okay, so that you, in one shot, you set up the system to a final state and if you later want to modify something, you can modify the same, the same configuration, a space you use during installation and modify this running, this already running machine. Okay, how does this work? There is a command in Ansible. It's called Ansible pull and it pulls in a playbook and executes this playbook. So the idea was to use this Ansible pull at the end of the Debian installation and do the Ansible work and then the machine is set up completely. So what you have to do, you have to provide your configuration. This can be done by using a Git repository, like shown in the top box. And then you have to modify your precede file that at the end of the installation the necessary commands are right. This is provided in this package as well as an example. It can be adjusted and modified if you need to do it, but at least you have something that is tested and should work out of the box. If not, file a back then something has changed. So I tried this for some Ansible playbooks and I published these Ansible playbooks and I invite everybody to also provide examples if these are necessary, if these are useful examples for a general case like examples that everybody can use so that this really helps people to kind of collaborate in these small local area networks where you have machines but no sysadmin who works all the time and sets this up professionally. And yeah, you could in principle you could even use these Ansible configurations directly from Salsa, but of course most of the time it's useful to make your clone and provide your own. Get server so that you can have your local modifications included. So what did I prepare so far? I prepared a configuration for and so-called, I always call it installbox. This is exactly the machine I describe here which creates a machine. You can like switch between internet and your local area network with a DHCP server, a package cache, a TFTP server and they've been the DI Netboot assistant package and which can then be used to install your local area network. Then I needed something in the school I work. They don't have the students don't have login names. They just use the computers and you need like a public computer everybody can use which comes up always in the same state and which doesn't save data and yeah, I think it's known as a Kiosk computer and I set something up like that with default users automatically logged in and it has a temporary home directory which is cleaned after when the machine is rebooted and I used this set for the school I work and then for my family, my brother, I call it Cloudbox, a small computer using little energy with Damian on it. He puts in his in his home and he has a dynamic DNS name and we have some cloud software there so that he has his own cloud in his in his cellar and these are examples you might want to modify them, but I think it might be give you an idea about how things can be done and maybe you have additional ideas and you want to improve on that. Okay, latest developments. I ordered one of these quite popular armboards and when playing around I more or less accidentally I connected it to a TFTP server and when booting up I saw suddenly my PXE menu being loaded by this by this arm box and I thought what I thought this this doesn't work with arm, but then I find that then I found that the U-boot has some subset of PXE menu commands implemented and I did some research on that and managed to also support this architecture at least as far as I could test it with my board. Here you see a snipplet from the from the lock where you see the machine is connecting and it downloads a menu file and then you on the computer screen of this little arm computer you get a menu and you can choose which distribution to load as with the normal architectures and then it fetches the initial RAM disk, the kernel and also the DTB and this worked fine and maybe if you have other boards we can also extend this further and then finally I had a computer which all this didn't work because there was a graphics card or a network card which needed proprietary firmware and I had manually to add this firmware to the initial RAM disk in the wiki you find this documentation and I thought would be great to implement it also in DI-Netboot assistant and the last days I sat down and yes now it's the day before yesterday I uploaded a new package which has dis-implemented and you can now just with the command DI-Netboot assistant firmware toggle stable then the firmware is added to this stable distribution and you can by running this again you can again switch switch to the initial RAM disk without the proprietary firmware Okay, that was what I wanted to show you to give you an idea to maybe give you an get you also starting with this DI-Netboot assistant and I'm open for questions or suggestions suggestions or comments Do you have support for IPXE? To be honest, I don't know Then I don't then I don't have I tested it on the machines available to me so if someone else someone has other Machines are other architectures. We have to find a way on check if we can implement that Okay, if there are no questions you can always get in contact. I'm around on conference and Thank you very much and also I have I Published this talk of course and you can find on the links you can find all the stuff I talked about Thank you