Monday, May 21, 2018

Unattended Ubuntu install using preseed update

In this blog http://badger-hill.blogspot.co.at/2014/04/unattended-ubuntu-install-using-preseed.html I wrote about usnig isomaster to modify an Ubuntu iso.

As this does not always work as expected - modifying the image does work, but using the image on an usb-stick does not, I will provide an update on how to accomplish that.

Download an official Ubuntu ISO image. And run the follownig commands:


# mkdir -p /media/ubuntu
# mount -o loop Ubuntu.iso /media/ubuntu

Now we copy the contents of the ISO to a new directory

# cd /media
# tar -cvf - ubuntu | cd (/var/tmp/ && tar -xf - )

In this directory (var/tmp/ubuntu) we can make all the necessary modifications we need.

# cd /var/tmp/ubuntu
# mkisofs -o ../remastered.iso -b isolinux/isolinux.bin -c isolinux/boot.cat 
-no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V UBUNTU .


The created ISO does not work yet. You still need to execute
# isohybrid /var/tmp/remastered.iso


Now you can use unetbootin or start up disk creator to burn the image.












Posted by



at





No comments:
  


































          

        

          

        

Monday, November 14, 2016


          

        









Why we use linux at school












There are many good reasons for using open source and linux at school. In this blog, I would like to give you some insight on why we chose linux.







Before we go into any details some facts about our school:



~ 800 students (5th grade to 12th grade / age 10 to 18)



~ 80 teachers



~ 120 workstations running ubuntu



6 workstations still running windows 7 (4 administration, 2 for video editing)









1. Maintenance



We used to have windows on all of our workstations. At that time maintenance effort was very high. Keeping the machines up to date - not only windows but also the installed programs. Keeping their images for deployment up to date was quite an effort, especially when you get new hardware.



With Linux we do not need any images any more. We just install from scratch - which also works on new hardware. Installation is automated, so that there a no manual steps involved. Updating a linux machine is easy: apt-get update && apt-get upgrade This also updates all the packages/programs installed.



On a windows machine you install the updates and then one also needs to check for updates on all the individual programs that were installed, as it still does not have an app store. Even if you have a WSUS server which “enables administrators to manage the distribution of updates and hotfixes released for Microsoft products” you probably want updates for firefox/flash/java …







2.) Computer viruses



So far we did not have any problems with computer viruses on any of our linux machines. I am aware that one reason for fewer viruses on linux is, that it is not that wide spread - it just helps :-) However there are also technical reasons. (See https://en.wikipedia.org/wiki/Linux_malware ).  On pretty much any teacher/student  windows machine, that I see, the user has administrator privileges - interesting concept :-). 



In addition we do not need any anti-virus software. In the pre linux era we did have anti virus software, which is also very resource intensive (disk I/O, cpu…) - especially on older machines.







3.) Licenses



We do not need to pay/update/maintain any licenses for our linux machines. So we could/would save money here. However this is not the main argument here - as the Austrian ministry of education pays for windows/office licenses. But if you have a windows only environment you will need a KMS server and it is very likely that you also have additional software for which you need to pay (Acronis, Symantec ghost/anti virus, Adobe creative suite…) Maintaining licenses is also time consuming.



Most important though, I can pass on any of the software we use to our students/teachers. Open Source software is available to anyone, independent of his/her financial background, which shoudl be an argument for schools.







4.) Privacy



Windows 10 and many other commercial software products are a privacy nightmare. Of course some of that stuff can be turned off - however this is time consuming and some of the settings are overwritten after updates. Open Source software is not spying on us. We want to create awareness for that and Linux and Open Source software make that more credible.







More details here:











5.) Community support



For commercial products you usually pay for support and to be eligible for a longer period of time you often have to pay a yearly fee. There are Open Source products that also offer commercial support. However the community support is more than good enough, to get answers to any of the questions that come up. It is fun to actively participate  in the free software community - give and take as a role model for students.







6.) Simple Self-healing workstations



All of our linux workstations are self-healing. So when students/teachers log in they can change anything they have permission for - of course they do not have administrator privileges. When they log out/shutdown or reboot the machine all the changes made are reverted. All this comes for free with overlayfs (See https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt). There are (expensive) commercial alternatives for Windows (e.g HDGuard) however they are by far not as convenient as overlayfs. 







7.) Software that makes linux so great:



Of course the package manager, which makes it easy to update not only the os, but all the installed software. Installing new software is easy as well



Clusterssh: ClusterSSH is a tool for making the same change on multiple machines at 
the same time.

SSH/Bash/scripting possibilities: ssh to connect to any machine; ssh tunnels and X11 forwarding, to automate stuff…(See https://en.wikibooks.org/wiki/Bash_Shell_Scripting)



These are our main reasons, on why we are preferring linux over microsoft windows. 







Interessting reads on this topic:

https://www.gnu.org/education/edu-schools.en.html

http://s-seitz.de/wp-content/uploads/2016/07/Open-Source-und-Schule.pdf

https://opensource.com/education/14/9/teachers-linux-open-source-education

https://opensource.com/education/13/7/linux-westcliff-high-school
















Posted by



at





No comments:
  


































          

        

          

        

Tuesday, April 8, 2014


          

        









Using ClusterSSH to simultaneously perform tasks on several machines










Quite frequently I need to do the same configuration steps on several machines. This can get really cumbersome if you do one machine after the other. However there is a cool tool, which let's you execute the commands on several machines simulataneously - ClusterSSH.



On Debian/Ubuntu you can install it using



# apt-get install clusterssh



Now you can either create a cluster file, which helps to administrate the same machines on different occasions, or you just run



# cssh username@machine1 username@machine2



to work on two machines simultaneously.



Additional infos can be found here
















Posted by



at





No comments:
  










































Unattended Ubuntu install using preseed










In this post, I will describe the process of creating a desktop iso for unattended installation. I have tried this with 12.04 as well as with a daily build for 14.04. 32 or 64bit does not matter.



So first of all download a desktop image of Ubuntu.

Meanwhile install isomaster



# apt-get install isomaster



Start isomaster and open the downloaded desktop image. In the bottom window open the "isolinux" folder. Edit the "txt.cfg" file, that is in that folder. Insert or update the following lines:



default autoinstall

label autoinstall

  menu label ^Autoinstall1

  kernel /casper/vmlinuz.efi

  append  url=http://YOUR-URL-TO-PRESEEDFILE automatic-ubiquity \ locale=de_DE.UTF-8 boot=casper initrd=/casper/initrd.lz quiet \ splash noprompt auto=true --







The interesting part here is the url parameter. With a url you are more flexible, than adding the preseed file onto the iso image. In other words, you can change your pressed file, without the need of creating a new iso image.







Now save the txt.cfg file and then the iso file. By the way, if you do not want to create a new iso file, you could actually edit the menu entry at boot time by pressing tab.







The next step is to create the preseed file. Most of it is self-explanatory, like keymap, timezone,...



The password part is interesting, because you can also add an encrypted password using an md5 hash.



(echo -n "password" | md5sum)







The toughest part, was the partitioning section. My script creates a root partition (~30 GB), a swap partition (1 GB) and a data partition (~30 GB). However so far my experience is, that the last partition usually takes up the drive's remaining disk space. So my data partition could be much larger. Yes for my purposes, i do not need a home partition!



The three numbers on the expert_recipe string 28000 10 28000 mean:



28000: minimum size of the partition in megabytes



10: the priority that this partition gets it’s maximum size fulfilled (with lower numbers having a higher priority)



28000: maximum size of the partition in megabytes







Save the file and make it available on the intranet/web, so that your script can be found on boot time. It might help to use the IP-address instead of a domain name. 







Last interesting thing here is, the success_command string, which allows additional scripts to run after the main cd installation has finished.







By the way, to find out what can be preseeded you can use





# debconf-get-selections --installer > file

# debconf-get-selections >> file







Here is my file:









d-i debian-installer/locale string de_DE.UTF-8







d-i console-setup/ask_detect boolean false



d-i keyboard-configuration/modelcode string pc105



d-i keyboard-configuration/layoutcode string de



d-i keyboard-configuration/xkb-keymap select  de



d-i keyboard-configuration/layout string German



d-i keyboard-configuration/variant string German



d-i netcfg/choose_interface select auto







d-i clock-setup/utc boolean true



d-i time/zone string Europe/Berlin



d-i clock-setup/ntp boolean true



d-i clock-setup/ntp-server string 0.at.pool.ntp.org 







d-i partman-auto/method string regular



d-i partman-auto/expert_recipe string regularvnode :: 28000 10 28000 ext4 \ $primary{ } $bootable{ } method{ format } format{ } use_filesystem{ } \



filesystem{ ext4 } mountpoint{ / } .  1024 100 1024 linux-swap $primary{ } \ method{ swap } format{ } . 28000 50 28000 ext4 $primary{ } method{ format } \ format{ } use_filesystem{ } filesystem{ ext4 } mountpoint{ /data } .







d-i partman/confirm_write_new_label boolean trued-i partman/choose_partition select finish



d-i partman/confirm boolean true



d-i partman/confirm_nooverwrite boolean true







d-i passwd/root-login boolean true



d-i passwd/root-password-crypted password 5f4dcc3b5aa765d61d8327deb882cf99







d-i passwd/user-fullname string admin



d-i passwd/username string admin



d-i passwd/user-password-crypted password 5f4dcc3b5aa765d61d8327deb882cf99



d-i user-setup/encrypt-home boolean false







d-i apt-setup/restricted boolean true



d-i apt-setup/universe boolean true



tasksel tasksel/first multiselect ubuntu-desktop







d-i pkgsel/include string openssh-server



d-i pkgsel/language-packs multiselect de







d-i grub-installer/only_debian boolean true







d-i grub-installer/with_other_os boolean true







d-i finish-install/reboot_in_progress note







xserver-xorg xserver-xorg/autodetect_monitor boolean true







#d-i ubiquity/summary string empty



ubiquity    ubiquity/summary        note



ubiquity    ubiquity/reboot    boolean    true











# This command is run just before the install finishes, but when there is



# still a usable /target directory. You can chroot to /target and use it



# directly, or use the apt-install and in-target commands to easily install



# packages and run commands in the target system.



# ubiquity ubiquity/success_command string wget 





ubiquity ubiquity/success_command string wget http://URL/preseed/postinst.sh \



-O /root/postinst.sh; in-target /bin/bash /root/postinst.sh





Further reading:

http://cptyesterday.wordpress.com/2012/06/17/notes-on-using-expert_recipe-in-debianubuntu-preseed-files/

https://help.ubuntu.com/lts/installation-guide/i386/appendix-preseed.html

http://www.debian.org/releases/stable/i386/apb.html.en
















Posted by



at





No comments:
  


































          

        

          

        

Thursday, March 6, 2014


          

        









Setting up an DHCP server - network boot part three










You can use any dhcp server to get pxe booting to run. We are using isc-dhcp-server, which is part of debian. Dnsmasq, which also is a dns server, would be an alternative.



So let's install the server


# apt-get install isc-dhcp-server



It's configuration file is  /etc/dhcp/dhcpd.conf.


default-lease-time 600;
max-lease-time 7200;
allow booting;

# in this example, we serve DHCP requests from 192.168.0.(5 to 253)
# and we have a router at 192.168.0.1
subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.5 192.168.0.253;
  option broadcast-address 192.168.0.255;
  option routers 192.168.0.1;             
  option domain-name-servers 192.168.0.1; 
  filename "pxelinux.0"; 
  next-server 192.168.0.3;  #make sure, that this is the ip address of 
                            # your tftp server
}




After you have configured your dhcp server, you need to restart it.




  # /etc/init.d/isc-dhcp-server restart



Now we are ready for booting any machine over the network. We set up a TFTP server, an NFS server and a DHCP server. That's all it takes.



By the way I usually use VirtualBox to try and test network booting.



Further reading:

http://www.debian-administration.org/articles/478

https://help.ubuntu.com/community/PXEInstallMultiDistro

https://help.ubuntu.com/community/DisklessUbuntuHowto












Posted by



at





No comments:
  


































          

        

          

        

Tuesday, March 4, 2014


          

        









Setting up an NFS server - network boot part two










NFS is used to share files/directories among networked computers. First let's install NFS.




apt-get install nfs-kernel-server 


 

Next we will create a directory that holds our cd images. Of course NFS can be used for other things - e.g. holding user data centrally. 

We will just provide some iso images and make them available for network boot.



mkdir ~/netbootimages



I put several different live cd images into that folder (e.g. ubuntu, clonezilla, and others)

In addition to where my net boot images are located, we need to create an nfs share.



mkdir -a /srv/boot/isoimages



Next we create a directory for each cd image on the tftp server share



mkdir -p "/var/lib/tftpboot/isoimage/MYISO"



Then we mount the iso into that share



mount -t iso9660 -o loop ~/netbootimages/MYISO.iso "/var/lib/tftpboot/isoimage/MYISO"



And we need to also make the image available on the nfs share. We use mount bind/rebind for that, so we have all the files there just once.



mount --rbind /var/lib/tftpboot/isoimages/MYISO /srv/boot/isoimages/MYISO





Next we need to export the files

exportfs -i -o async,no_root_squash,no_subtree_check,ro 0.0.0.0/0.0.0.0:/srv/boot/isoimages/MYISO







PXE boot also needs three boot files: the boot-strap (pxelinux.0), the menu (menu.c32), and the menu text configuration (pxelinux.cfg/default). So let's copy/create them:



cp /usr/lib/syslinux/pxelinux.0 "/var/lib/tftpboot/"

cp /usr/lib/syslinux/menu.c32 "/var/lib/tftpboot/"

mkdir -p "/var/lib/tftpboot/pxelinux.cfg"







In the folder pxelinux.cfg I created a default file, which looks like this





default menu.c32

prompt 0

timeout 300

ONTIMEOUT local



MENU TITLE Main Menu



LABEL local

        MENU LABEL Boot local hard drive

        LOCALBOOT 0



LABEL Ubuntu12.04.4  

    kernel isoimages/12.04.4-64/casper/vmlinuz.efi

    append boot=casper netboot=nfs nfsroot=NFS_SERVER_IP:/srv/boot/isoimages/12.04.4-64 initrd=isoimages/12.04.4-64/casper/initrd.lz 







Further reading:

https://wiki.ubuntu.com/LiveCDNetboot

http://tjworld.net/wiki/Linux/Ubuntu/NetbootPxeLiveCDMultipleReleases

http://www.howtogeek.com/61263/how-to-network-boot-pxe-the-ubuntu-livecd/





We are almost done. Last thing is, we need to configure a dhcp server, to serve the pxelinux.0 file. This will be part of one of the next blog entries.









Posted by



at





No comments:
  


































          

        

          

        

Friday, February 14, 2014


          

        









Setting up a TFTP server - network boot part one










A TFTP server is usefull for PXE booting (network boot). It can be installed using



apt-get install tftpd-hpa 




After installation we need to configure it. Modify the file /etc/default/tftpd-hpa accordingly. Mine looks like this:



# /etc/default/tftpd-hpa
RUN_DAEMON="yes"
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"





Last step is to restart the tftp service 



sudo service tftpd-hpa restart





In a later blog entry we will put files to /var/lib/tftpboot so that we can boot over network. For that to work, additional software and configurations are necessary. To be conintued... 









Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)