X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@lists.alpinelinux.org
Received: from smtp231.iad.emailsrvr.com (smtp231.iad.emailsrvr.com [207.97.245.231])
	by lists.alpinelinux.org (Postfix) with ESMTP id F0BD33617A26
	for <alpine-devel@lists.alpinelinux.org>; Sat, 14 Aug 2010 03:12:02 +0000 (UTC)
Received: from relay13.relay.iad.mlsrvr.com (localhost [127.0.0.1])
	by relay13.relay.iad.mlsrvr.com (SMTP Server) with ESMTP id A52871D59B4
	for <alpine-devel@lists.alpinelinux.org>; Fri, 13 Aug 2010 23:12:01 -0400 (EDT)
Received: from dynamic12.wm-web.iad.mlsrvr.com (dynamic12.wm-web.iad.mlsrvr.com [192.168.2.219])
	by relay13.relay.iad.mlsrvr.com (SMTP Server) with ESMTP id 9F9B21CD0FF
	for <alpine-devel@lists.alpinelinux.org>; Fri, 13 Aug 2010 23:12:01 -0400 (EDT)
Received: from darkregion.net (localhost [127.0.0.1])
	by dynamic12.wm-web.iad.mlsrvr.com (Postfix) with ESMTP id 920632168082
	for <alpine-devel@lists.alpinelinux.org>; Fri, 13 Aug 2010 23:12:01 -0400 (EDT)
Received: by apps.rackspace.com
    (Authenticated sender: mcs@darkregion.net, from: mcs@darkregion.net) 
    with HTTP; Fri, 13 Aug 2010 22:12:01 -0500 (CDT)
Date: Fri, 13 Aug 2010 22:12:01 -0500 (CDT)
Subject: [alpine-devel] Unattended Installation Ideas for 2.1
From: "Matt Smith" <mcs@darkregion.net>
To: alpine-devel@lists.alpinelinux.org
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1281755521.596919457@192.168.2.231>
X-Mailer: webmail8

Hello,=0A=0AOn the topic of implementing an unattended installation, here's=
 what I've come=0Aup with, in part by Natanael Copa.=0A=0AThe concept work-=
flow at the moment, goes something like this:=0A=0A1. The user will obtain =
"alpine-iso" via git.=0A=0A2. A new ISO configuration will be created, e.g.=
:=0A=0A =C2=A0 ~/alpine-iso$ cp alpine.conf.mk alpine-unattended.conf.mk=0A=
 =C2=A0 ~/alpine-iso$ cp alpine.packages alpine-unattended.packages=0A =C2=
=A0 ~/alpine-iso$ sed -ri "s/^(ALPINE_NAME[ \t]+:=3D alpine)/\1-unattended/=
" alpine-unattended.conf.mk=0A =C2=A0 ~/alpine-iso$ echo "UNATTENDED_DIR :=
=3D unattended" >> alpine-unattended.conf.mk=0A =C2=A0 ~/alpine-iso$ echo "=
UNATTENDED_SCRIPT :=3D main.sh" >> alpine-unattended.conf.mk=0A=0A =C2=A0 T=
he above unattended files could also be included by default in alpine-iso.=
=0A=0A3. At a minimum, UNATTENDED_DIR and UNATTENDED_SCRIPT would be create=
d.=0A =C2=A0 This could be as simple as the following:=0A =C2=A0 ~/alpine-i=
so$ mkdir unattended && cd unattended=0A =C2=A0 ~/alpine-iso/unattended$ to=
uch main.sh && chmod +x main.sh=0A =C2=A0 ~/alpine-iso/unattended$ echo -en=
 "#!/bin/sh\n\=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0/sbin/setup-disk --accept-defaults\n" > main.sh=0A=0A =C2=A0 Complex and=
 simple examples (such as the above) could also be included in=0A =C2=A0 al=
pine-iso.=0A=0A4. Build the ISO:=0A =C2=A0 ~/alpine-iso/unattended$ cd ..=
=0A =C2=A0 ~/alpine-iso$ make PROFILE=3Dalpine-unattended iso=0A=0A5. Burn =
and use.=0A=0AHere are some extra notes and recommendations:=0A=0A=3D> I re=
commend that we make the system "free-form," allowing for much=0A =C2=A0 fl=
exibility. =C2=A0I like this idea for two reasons:=0A =C2=A0 =C2=A0 1) The =
implementation will be simple.=0A =C2=A0 =C2=A0 2) It will be relatively st=
raight-forward for the user; they will do=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0eve=
rything they would normally do from the installation's "LiveCD"=0A =C2=A0 =
=C2=A0 =C2=A0 =C2=A0environment, as well as, e.g., configuring the installe=
d system for=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0networking with an IP address an=
d OpenSSH. =C2=A0All in an automated,=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0non-pro=
mpting fashion.=0A=3D> The UNATTENDED_SCRIPT should be executed at the end =
of the ISO's boot=0A =C2=A0 process, allowing the user to do everything fro=
m custom partitioning to=0A =C2=A0 networking.=0A=3D> The UNATTENDED_SCRIPT=
 can source other shell scripts (like any other shell=0A =C2=A0 script), fo=
r use of common functions. =C2=A0(One handy function would be the one=0A =
=C2=A0 I've created already that makes it easy to execute lengthy commands =
via=0A =C2=A0 chroot.)=0A=3D> The UNATTENDED_SCRIPT can call other scripts =
(like any other shell script),=0A =C2=A0 perhaps based on certain condition=
s (e.g., if it's DHCP IP is x.x.x.x,=0A =C2=A0 set the hostname accordingly=
, and add specific packages for this system).=0A=3D> When these scripts are=
 absorbed into the initrd created by the 'make'=0A =C2=A0 process, file per=
missions should be retained. =C2=A0Granted, we will need to=0A =C2=A0 "chow=
n -R root:root alpine-iso/unattended" before it's inclusion, this gives=0A =
=C2=A0 the user the possibility of "disabling" scripts simply by removing t=
he=0A =C2=A0 execute permission from a script.=0A=3D> We should add some so=
rt of universal "accept the defaults" option to the=0A =C2=A0 /sbin/setup-*=
 scripts (e.g. setup-disk), such as "--accept-defaults."=0A =C2=A0 (I've al=
ready got a basic version of setup-disk that does this.)=0A=3D> The process=
 responsible for eventually executing the user's main script=0A =C2=A0 shou=
ld first warn the user about what's going to happen and sleep for at least=
=0A =C2=A0 30 seconds or more, giving the user a chance to cancel the unatt=
ended setup,=0A =C2=A0 thus lessening the chance for accidental loss of dat=
a, should such a CD/ISO=0A =C2=A0 be booted on a production system.=0A=3D> =
When the unattended install is complete, we could either "halt" or "reboot.=
"=0A =C2=A0 Assuming the CD/ISO will still be present after doing an automa=
tic reboot, =0A =C2=A0 we would need to do some sort of check to see if a p=
rior unattended install=0A =C2=A0 has completed. =C2=A0If it has, proceed t=
o booting the MBR of the first HDD, or,=0A =C2=A0 if the user knows in adva=
nce what to boot, perhaps that could be added as an=0A =C2=A0 option to the=
 .conf.mk file.=0A =C2=A0 =3D> For example:=0A =C2=A0 =C2=A0 =C2=A0ON_FINIS=
H=3D(halt|reboot) =C2=A0# Maybe even make this a user-configurable script=
=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # instead.=0A =C2=A0 =C2=A0 =C2=A0ON_REB=
OOT_BOOT=3Dsda=0A=3D> Also, I don't recommend updating the busybox passwd a=
pplet to accept passwords=0A =C2=A0 via an option or stdin for installing p=
asswords to the installed system, as=0A =C2=A0 this could be a security ris=
k if the CD/ISO was leaked. =C2=A0Instead, shadow=0A =C2=A0 password hashes=
 should be used and the {ROOT}/etc/shadow file updated directly.=0A =C2=A0 =
Perhaps the most secure way to generate a hash is to create a local dummy u=
ser,=0A =C2=A0 run passwd and extract the hash. =C2=A0We could also modify =
passwd to allow us to=0A   locally generate a hash and echo it to stdout fo=
r inclusion in our scripts.=0A=0ALater on, I think we should look into PXE =
booting with PXELINUX, with and/or=0Awithout unattended support. =C2=A0Perh=
aps that part should be branched into a new=0Aproject, "alpine-pxe," or mak=
e it a Makefile target ("make PROFILE=3Dalpine pxe"),=0Aand rename "alpine-=
iso" to "alpine-image" or something similar.=0A=0ALet me know what your tho=
ughts are.=0A=0A-- Matt Smith



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---