| B.4. 预置文件的内容(bullseye) | ||
|---|---|---|
 |
附录 B. 使用预置自动进行安装 | 
|
| B.4. 预置文件的内容(bullseye) | ||
|---|---|---|
|
|
附录 B. 使用预置自动进行安装 |
|
本附录使用的配置片段还放在预置例子文件 https://d-i.debian.org/manual/example-preseed.txt 里面。
请注意,这里的例子是基于 Intel x86 架构的安装过程。如果您安装到其他架构,其中的一些例子(像键盘选择和 bootloader 安装)可能不恰当,需要用适合您架构的 debconf 设置替换。
有关不同 Debian 安装程序模块的工作细节,请参阅 第 6.3 节 “使用单独的组件”。
During a normal install the questions about localization are asked first, so these values can only be preseeded via the initrd or kernel boot parameter methods. Auto mode (第 B.2.3 节 “auto 模式”) includes the setting of auto-install/enable=true (normally via the auto preseed alias). This delays the asking of the localisation questions, so that they can be preseeded by any method.
locale 用于指定语言和国家或者任何 debian-installer 支持的语言与地区的组合。如果组合起来的不是有效的 locale,安装程序会自动选择一个指定语言可用的 locale。要在引导参数上指定本地,比如使用 locale=。 en_US
虽然这个方法很容易使用,但它无法预置所有的语言、国家和地方组合[18]。因此另一种方法是单独预置各值。语言和国家可以在引导参数里面指定。
# Preseeding only locale sets language, country and locale. d-i debian-installer/locale string en_US # The values can also be preseeded individually for greater flexibility. #d-i debian-installer/language string en #d-i debian-installer/country string NL #d-i debian-installer/locale string en_GB.UTF-8 # Optionally specify additional locales to be generated. #d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
键盘配置包括选择的 keymap 和(对于非拉丁 keymap)切换键,该键用于非拉丁和 US keymap 来回切换。安装的时候只有几种基本的 keymap 可用。高级的要在安装好的系统下才能使用,使用 dpkg-reconfigure keyboard-configuration 配置。
# Keyboard selection. d-i keyboard-configuration/xkb-keymap select us # d-i keyboard-configuration/toggle select No toggling
使用 skip-config 可以跳过键盘预置 keymap。这将导致内核 keymap 保持活动。
Of course, preseeding the network configuration won't work if you're loading your preconfiguration file from the network. But it's great when you're booting from optical disc or USB stick. If you are loading preconfiguration files from the network, you can pass network config parameters by using kernel boot parameters.
如果您需要网络引导从网络加载预置文件前指定网卡,请用这种引导参数 interface=。 eth1
虽然使用网络预置(用 “preseed/url”)通常并不能配置网络,但是您可以使用下面的技巧实现。例如,为网卡设置静态地址。它使加载了预置文件以后网络预置再运行一次,这需要将下面的命令包含在 “preseed/run” 脚本里面:
kill-all-dhcp; netcfg
下面的 debconf 变量与网络配置相关。
# Disable network configuration entirely. This is useful for cdrom # installations on non-networked devices where the network questions, # warning and long timeouts are a nuisance. #d-i netcfg/enable boolean false # netcfg will choose an interface that has link if possible. This makes it # skip displaying a list if there is more than one interface. d-i netcfg/choose_interface select auto # To pick a particular interface instead: #d-i netcfg/choose_interface select eth1 # To set a different link detection timeout (default is 3 seconds). # Values are interpreted as seconds. #d-i netcfg/link_wait_timeout string 10 # If you have a slow dhcp server and the installer times out waiting for # it, this might be useful. #d-i netcfg/dhcp_timeout string 60 #d-i netcfg/dhcpv6_timeout string 60 # If you prefer to configure the network manually, uncomment this line and # the static network configuration below. #d-i netcfg/disable_autoconfig boolean true # If you want the preconfiguration file to work on systems both with and # without a dhcp server, uncomment these lines and the static network # configuration below. #d-i netcfg/dhcp_failed note #d-i netcfg/dhcp_options select Configure network manually # Static network configuration. # # IPv4 example #d-i netcfg/get_ipaddress string 192.168.1.42 #d-i netcfg/get_netmask string 255.255.255.0 #d-i netcfg/get_gateway string 192.168.1.1 #d-i netcfg/get_nameservers string 192.168.1.1 #d-i netcfg/confirm_static boolean true # # IPv6 example #d-i netcfg/get_ipaddress string fc00::2 #d-i netcfg/get_netmask string ffff:ffff:ffff:ffff:: #d-i netcfg/get_gateway string fc00::1 #d-i netcfg/get_nameservers string fc00::1 #d-i netcfg/confirm_static boolean true # Any hostname and domain names assigned from dhcp take precedence over # values set here. However, setting the values still prevents the questions # from being shown, even if values come from dhcp. d-i netcfg/get_hostname string unassigned-hostname d-i netcfg/get_domain string unassigned-domain # If you want to force a hostname, regardless of what either the DHCP # server returns or what the reverse DNS entry for the IP is, uncomment # and adjust the following line. #d-i netcfg/hostname string somehost # Disable that annoying WEP key dialog. d-i netcfg/wireless_wep string # The wacky dhcp hostname that some ISPs use as a password of sorts. #d-i netcfg/dhcp_hostname string radish # If non-free firmware is needed for the network or other hardware, you can # configure the installer to always try to load it, without prompting. Or # change to false to disable asking. #d-i hw-detect/load_firmware boolean true
请注意,如果 netcfg/get_netmask 没有预置,netcfg 将自动侦测掩码。这种情况下,为了自动安装,变量需要标记为 seen。同样,如果 netcfg/get_gateway 没有设置,netcfg 将自动选择一个合适的地址。特殊情况下,您可以设置 netcfg/get_gateway 为 “none” 确定不使用网关。
# Use the following settings if you wish to make use of the network-console # component for remote installation over SSH. This only makes sense if you # intend to perform the remainder of the installation manually. #d-i anna/choose_modules string network-console #d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key #d-i network-console/password password r00tme #d-i network-console/password-again password r00tme
根据您使用的安装方式,镜像可用于下载安装程序的额外组件、安装基本系统以及为所安装的系统建立 /etc/apt/sources.list。
参数 mirror/suite 决定了安装好的系统使用的套件。
参数 mirror/udeb/suite 决定安装程序使用的额外组件的套件。它只在组件通过网络下载并与安装时使用的 initrd 建立套件相匹配时才有效。通常安装程序会自动安装并使用正确的值而毋需手动设置。
# If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual d-i mirror/http/hostname string http.us.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string # Suite to install. #d-i mirror/suite string testing # Suite to use for loading installer components (optional). #d-i mirror/udeb/suite string testing
The password for the root account and name and password for a first regular user's account can be preseeded. For the passwords you can use either clear text values or crypt(3) hashes.
![[警告]](images/warning.png) |
警告 |
|---|---|
Be aware that preseeding passwords is not completely secure as everyone with access to the preconfiguration file will have the knowledge of these passwords. Storing hashed passwords is considered secure unless a weak hashing algorithm like DES or MD5 is used which allow for bruteforce attacks. Recommended password hashing algorithms are SHA-256 and SHA512. |
# Skip creation of a root account (normal user account will be able to # use sudo). #d-i passwd/root-login boolean false # Alternatively, to skip creation of a normal user account. #d-i passwd/make-user boolean false # Root password, either in clear text #d-i passwd/root-password password r00tme #d-i passwd/root-password-again password r00tme # or encrypted using a crypt(3) hash. #d-i passwd/root-password-crypted password [crypt(3) hash] # To create a normal user account. #d-i passwd/user-fullname string Debian User #d-i passwd/username string debian # Normal user's password, either in clear text #d-i passwd/user-password password insecure #d-i passwd/user-password-again password insecure # or encrypted using a crypt(3) hash. #d-i passwd/user-password-crypted password [crypt(3) hash] # Create the first user with the specified UID instead of the default. #d-i passwd/user-uid string 1010 # The user account will be added to some standard initial groups. To # override that, use this. #d-i passwd/user-default-groups string audio cdrom video
passwd/root-password-crypted 和 passwd/user-password-crypted 值可以使用 “!” 作为他们的预置值。这种情况下,对应的帐号关闭。它常用于 root 帐号,用其他替代方法允许管理或 root 登录(例如使用 SSH key 认证或 sudo)。
The following command (available from the whois package) can be used to generate a SHA-512 based crypt(3) hash for a password:
mkpasswd -m sha-512
# Controls whether or not the hardware clock is set to UTC. d-i clock-setup/utc boolean true # You may set this to any valid setting for $TZ; see the contents of # /usr/share/zoneinfo/ for valid values. d-i time/zone string US/Eastern # Controls whether to use NTP to set the clock during the install d-i clock-setup/ntp boolean true # NTP server to use. The default is almost always fine here. #d-i clock-setup/ntp-server string ntp.example.com
使用预置进行硬盘分区受限于 partman-auto 提供的支持。您可以选择使用磁盘上已有的空闲分区或者整个磁盘。磁盘的布局将取决于所使用的预定义方案,用户自定义的方案文件或预置文件包含的方案。
已经支持包括 RAID、LVM 和加密高级分区设置的预置,但对于非预置安装的分区仍然弹性不足。
下面的例子仅提供了使用方案的最基本信息。详细的内容清参考文件 partman-auto-recipe.txt 和 partman-auto-raid-recipe.txt,它们含在 debian-installer 软件包里。这两个文件也可以从 debian-installer source repository获取。注意不同发布版支持的功能会有所改变。
|
警告 |
|---|---|
磁盘的标识基于对应驱动加载的次序。如果系统里面有多个磁盘,要确定预置使用了正确的那一个。 |
# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
#d-i partman-auto/init_automatically_partition select biggest_free
# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string lvm
# You can define the amount of space that will be used for the LVM volume
# group. It can either be a size with its unit (eg. 20 GB), a percentage of
# free space or the 'max' keyword.
d-i partman-auto-lvm/guided_size string max
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# Or provide a recipe of your own...
# If you have a way to get a recipe file into the d-i environment, you can
# just point at it.
#d-i partman-auto/expert_recipe_file string /hd-media/recipe
# If not, you can put an entire recipe into the preconfiguration file in one
# (logical) line. This example creates a small /boot partition, suitable
# swap, and uses the rest of the space for the root partition:
#d-i partman-auto/expert_recipe string \
# boot-root :: \
# 40 50 100 ext3 \
# $primary{ } $bootable{ } \
# method{ format } format{ } \
# use_filesystem{ } filesystem{ ext3 } \
# mountpoint{ /boot } \
# . \
# 500 10000 1000000000 ext3 \
# method{ format } format{ } \
# use_filesystem{ } filesystem{ ext3 } \
# mountpoint{ / } \
# . \
# 64 512 300% linux-swap \
# method{ swap } format{ } \
# .
# The full recipe format is documented in the file partman-auto-recipe.txt
# included in the 'debian-installer' package or available from D-I source
# repository. This also documents how to specify settings such as file
# system labels, volume group names and which physical devices to include
# in a volume group.
# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# When disk encryption is enabled, skip wiping the partitions beforehand.
#d-i partman-auto-crypto/erase_disks boolean false
您可以使用预置来建立软 RAID 阵列。支持 RAID 等级 0、1、5、6 和 10,建立降级阵列(degraded arrays)和指定额外设备。
|
警告 |
|---|---|
这种自动分区方式很容易出错。 |
# The method should be set to "raid".
#d-i partman-auto/method string raid
# Specify the disks to be partitioned. They will all get the same layout,
# so this will only work if the disks are the same size.
#d-i partman-auto/disk string /dev/sda /dev/sdb
# Next you need to specify the physical partitions that will be used.
#d-i partman-auto/expert_recipe string \
# multiraid :: \
# 1000 5000 4000 raid \
# $primary{ } method{ raid } \
# . \
# 64 512 300% raid \
# method{ raid } \
# . \
# 500 10000 1000000000 raid \
# method{ raid } \
# .
# Last you need to specify how the previously defined partitions will be
# used in the RAID setup. Remember to use the correct partition numbers
# for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported;
# devices are separated using "#".
# Parameters are:
# <raidtype> <devcount> <sparecount> <fstype> <mountpoint> \
# <devices> <sparedevices>
#d-i partman-auto-raid/recipe string \
# 1 2 0 ext3 / \
# /dev/sda1#/dev/sdb1 \
# . \
# 1 2 0 swap - \
# /dev/sda5#/dev/sdb5 \
# . \
# 0 2 0 ext3 /home \
# /dev/sda6#/dev/sdb6 \
# .
# For additional information see the file partman-auto-raid-recipe.txt
# included in the 'debian-installer' package or available from D-I source
# repository.
# This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
文件系统一般使用 UUID 作为关键字挂载; 这使得在设备名变更的情况下仍然可以正常挂载。UUID 本身很长不容易阅读,因此,安装程序也可以依照您的意愿使用传统设备名或者指定标签(label)挂载文件系统。假如安装程序使用标签方式,那些没有标签的文件系统仍然使用 UUID 方式挂载。
具有固定名称的设备,比如 LVM 逻辑卷,将继续使用它们自己的名字而不是 UUID 方式挂载。
|
警告 |
|---|---|
传统设备名会根据内核在引导时发现的次序进行调整,这将导致挂载错误的文件系统。与此类似,假如您插入一个新磁盘或 USB 设备,标签也可能有冲突发生。这样系统启动后会出现一些随机的情况。 |
# The default is to mount by UUID, but you can also choose "traditional" to # use traditional device names, or "label" to try filesystem labels before # falling back to UUIDs. #d-i partman/mount_style select uuid
本阶段的安装并没有多少东西需要预置。仅有一个与内核安装相关的问题。
# Configure APT to not install recommended packages by default. Use of this # option can result in an incomplete system and should only be used by very # experienced users. #d-i base-installer/install-recommends boolean false # The kernel image (meta) package to be installed; "none" can be used if no # kernel is to be installed. #d-i base-installer/kernel/image string linux-image-686
设置 /etc/apt/sources.list 和其他的基本配置选项,将自动地基于您使用的安装方式以及前面问题的回答。您也可以选择性地安装其他(或本地)的仓库。
# You can choose to install non-free and contrib software. #d-i apt-setup/non-free boolean true #d-i apt-setup/contrib boolean true # Uncomment this if you don't want to use a network mirror. #d-i apt-setup/use_mirror boolean false # Select which update services to use; define the mirrors to be used. # Values shown below are the normal defaults. #d-i apt-setup/services-select multiselect security, updates #d-i apt-setup/security_host string security.debian.org # Additional repositories, local[0-9] available #d-i apt-setup/local0/repository string \ # http://local.server/debian stable main #d-i apt-setup/local0/comment string local server # Enable deb-src lines #d-i apt-setup/local0/source boolean true # URL to the public key of the local repository; you must provide a key or # apt will complain about the unauthenticated repository and so the # sources.list line will be left commented out. #d-i apt-setup/local0/key string http://local.server/key # If the provided key file ends in ".asc" the key file needs to be an # ASCII-armoured PGP key, if it ends in ".gpg" it needs to use the # "GPG key public keyring" format, the "keybox database" format is # currently not supported. # By default the installer requires that repositories be authenticated # using a known gpg key. This setting can be used to disable that # authentication. Warning: Insecure, not recommended. #d-i debian-installer/allow_unauthenticated boolean true # Uncomment this to add multiarch configuration for i386 #d-i apt-setup/multiarch string i386
您可以选择安装存在的任务的组合。本文编撰时已有的任务包括:
standard (standard tools)
desktop (graphical desktop)
gnome-desktop (Gnome desktop)
xfce-desktop (XFCE desktop)
kde-desktop (KDE Plasma desktop)
cinnamon-desktop (Cinnamon desktop)
mate-desktop (MATE desktop)
lxde-desktop (LXDE desktop)
web-server (web server)
ssh-server (SSH server)
您可以不选任务,并用其他方法安装一系列软件包。我们推荐选上 standard 任务。
如果您打算安装一些安装任务之外的独立软件包,可以使用参数 pkgsel/include。该参数的值可以是用逗号或空格分开的软件包列表,便于在内核命令行上使用。
#tasksel tasksel/first multiselect standard, web-server, kde-desktop # Individual additional packages to install #d-i pkgsel/include string openssh-server build-essential # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade #d-i pkgsel/upgrade select none # Some versions of the installer can report back on what software you have # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most # popular and should be included on the first CD/DVD. #popularity-contest popularity-contest/participate boolean false
# During installations from serial console, the regular virtual consoles # (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next # line to prevent this. #d-i finish-install/keep-consoles boolean true # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note # This will prevent the installer from ejecting the CD during the reboot, # which is useful in some situations. #d-i cdrom-detect/eject boolean false # This is how to make the installer shutdown when finished, but not # reboot into the installed system. #d-i debian-installer/exit/halt boolean true # This will power off the machine instead of just halting it. #d-i debian-installer/exit/poweroff boolean true
# Depending on what software you choose to install, or if things go wrong # during the installation process, it's possible that other questions may # be asked. You can preseed those too, of course. To get a list of every # possible question that could be asked during an install, do an # installation, and then run these commands: # debconf-get-selections --installer > file # debconf-get-selections >> file
|
|
 |
|
| B.3. 创建预置文件 |  |
B.5. 高级选项 |