From 98396a15d836653e1602e2ffea930a3ce4504caf Mon Sep 17 00:00:00 2001 From: sus-admin Date: Thu, 29 May 2025 00:09:43 -0400 Subject: [PATCH 1/4] typo fixes in Ubuntu and openSUSE guides --- ...-05-Cobbler-v3.3.7-OpenSUSE-Deployment-Guide.md | 2 +- ...04-07-Cobbler-v3.3.7-Ubuntu-Deployment-Guide.md | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/_posts/2025/2025-02-05-Cobbler-v3.3.7-OpenSUSE-Deployment-Guide.md b/_posts/2025/2025-02-05-Cobbler-v3.3.7-OpenSUSE-Deployment-Guide.md index bc01b2d9..8902e987 100644 --- a/_posts/2025/2025-02-05-Cobbler-v3.3.7-OpenSUSE-Deployment-Guide.md +++ b/_posts/2025/2025-02-05-Cobbler-v3.3.7-OpenSUSE-Deployment-Guide.md @@ -101,7 +101,7 @@ Configure the Cobbler Profile to use the new autoinstall (`autoyast.xml`) templa cobbler profile edit --name SUSE-15.6-x86_64 --autoinstall suse-15.6-autoyast.xml ``` -Finally, create a new Cobbler System to automatically boot and install openSUSE Leap 15.6, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System, and then sync up Cobbler: +Finally, create a new Cobbler System to automatically boot and install openSUSE Leap 15.6, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP address of any other Cobbler System, and then sync up Cobbler: ```shell cobbler system add --name SUSE-15.6 --profile SUSE-15.6-x86_64 --netboot-enabled true --hostname SUSE-15-6 --interface eth0 --static true --mac-address "aa:bb:cc:dd:ee:ff" --ip-address 10.0.0.15 --gateway 10.0.0.1 --netmask 255.255.255.0 --name-servers "10.0.0.1 1.1.1.1 10.0.0.10" diff --git a/_posts/2025/2025-04-07-Cobbler-v3.3.7-Ubuntu-Deployment-Guide.md b/_posts/2025/2025-04-07-Cobbler-v3.3.7-Ubuntu-Deployment-Guide.md index c0bcd800..948f36cc 100644 --- a/_posts/2025/2025-04-07-Cobbler-v3.3.7-Ubuntu-Deployment-Guide.md +++ b/_posts/2025/2025-04-07-Cobbler-v3.3.7-Ubuntu-Deployment-Guide.md @@ -126,7 +126,7 @@ NAME="Ubuntu20-casper-x86_64" && cobbler distro edit --name $NAME --kernel-optio Since the PXE client will install the OS from the internet, create a new autoinstall (`cloud-init`) template from the file created above, changing the `apt` uri. ```shell -sed -z 's, uri: http://$http_server/cblr/links/$distro\n# uri: http://us.archive.ubuntu.com/ubuntu,# uri: http://$http_server/cblr/links/$distro\n uri: http://us.archive.ubuntu.com/ubuntu,' /var/lib/cobbler/templates/cloud-init_user-data | tee /var/lib/cobbler/templates/Ubuntu20_cloud-init_user-data +sed -z 's, uri: http://$http_server/cblr/links/$distro\n## uri: http://us.archive.ubuntu.com/ubuntu,## uri: http://$http_server/cblr/links/$distro\n uri: http://us.archive.ubuntu.com/ubuntu,' /var/lib/cobbler/templates/cloud-init_user-data | tee /var/lib/cobbler/templates/Ubuntu20_cloud-init_user-data ``` Then configure it as the autoinstallation template for the Ubuntu 20.04 Cobbler Profile @@ -135,7 +135,7 @@ Then configure it as the autoinstallation template for the Ubuntu 20.04 Cobbler cobbler profile edit --name Ubuntu20-casper-x86_64 --autoinstall Ubuntu20_cloud-init_user-data ``` -Create a new Cobbler System to install Ubuntu 20.04 automatically based on the system's (PXE client's) MAC address, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, and being sure not to use a duplicate MAC or IP addresse of any other Cobbler System: +Create a new Cobbler System to install Ubuntu 20.04 automatically based on the system's (PXE client's) MAC address, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, and being sure not to use a duplicate MAC or IP address of any other Cobbler System: ```shell NAME="Ubuntu20-auto" && cobbler system add --name $NAME --profile Ubuntu20-casper-x86_64 --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu20/ubuntu-20.04.6-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/system/$NAME" --mac-address "aa:bb:cc:dd:ee:ff" --static true --ip-address "10.0.0.20" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 10.0.0.10" --hostname "Ubuntu20" --netboot-enabled true && unset NAME @@ -169,11 +169,11 @@ cobbler import --name Ubuntu22 --path /mnt/Ubuntu mkdir -p /var/www/cobbler/pub/cloud-init/Ubuntu22 cp ~/Downloads/ubuntu-22.04.5-live-server-amd64.iso /var/www/cobbler/pub/cloud-init/Ubuntu22/. -cobbler distro edit --name Ubuntu22-casper-x86_64 --kernel-options 'root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu22/ubuntu-22.04.5-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/profile/Ubuntu22-casper-x86_64' +NAME="Ubuntu22-casper-x86_64" && cobbler distro edit --name $NAME --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu22/ubuntu-22.04.5-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/profile/$NAME" && unset NAME cobbler profile edit --name Ubuntu22-casper-x86_64 --autoinstall cloud-init_user-data -NAME="Ubuntu22-auto" && cobbler system add --name $NAME --profile Ubuntu22-casper-x86_64 --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu22/ubuntu-22.04.5-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/system/$NAME" --mac-address "aa:bb:cc:dd:ee:ff" --static true --ip-address "10.0.0.22" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 10.0.0.10" --hostname "Ubuntu22" --netboot-enabled true && NAME="" +NAME="Ubuntu22-auto" && cobbler system add --name $NAME --profile Ubuntu22-casper-x86_64 --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu22/ubuntu-22.04.5-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/system/$NAME" --mac-address "aa:bb:cc:dd:ee:ff" --static true --ip-address "10.0.0.22" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 10.0.0.10" --hostname "Ubuntu22" --netboot-enabled true && unset NAME cobbler sync ``` @@ -231,11 +231,11 @@ cobbler import --name Ubuntu24 --path /mnt/Ubuntu mkdir -p /var/www/cobbler/pub/cloud-init/Ubuntu24 cp ~/Downloads/ubuntu-24.04.1-live-server-amd64.iso /var/www/cobbler/pub/cloud-init/Ubuntu24/. -cobbler distro edit --name Ubuntu24-casper-x86_64 --kernel-options 'root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu24/ubuntu-24.04.1-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/profile/Ubuntu24-casper-x86_64' +NAME="Ubuntu24-casper-x86_64" && cobbler distro edit --name $NAME --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu24/ubuntu-24.04.1-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/profile/$NAME" && unset NAME cobbler profile edit --name Ubuntu24-casper-x86_64 --autoinstall cloud-init_user-data -NAME="Ubuntu24-auto" && cobbler system add --name $NAME --profile Ubuntu24-casper-x86_64 --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu24/ubuntu-24.04.1-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/system/$NAME" --mac-address "aa:bb:cc:dd:ee:ff" --static true --ip-address "10.0.0.24" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 10.0.0.10" --hostname "Ubuntu24" --netboot-enabled true && NAME="" +NAME="Ubuntu24-auto" && cobbler system add --name $NAME --profile Ubuntu24-casper-x86_64 --kernel-options "root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://10.0.0.10/cblr/pub/cloud-init/Ubuntu24/ubuntu-24.04.1-live-server-amd64.iso autoinstall cloud-config-url=http://10.0.0.10/cblr/svc/op/autoinstall/system/$NAME" --mac-address "aa:bb:cc:dd:ee:ff" --static true --ip-address "10.0.0.24" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 10.0.0.10" --hostname "Ubuntu24" --netboot-enabled true && unset NAME cobbler sync ``` @@ -278,6 +278,8 @@ cobbler sync 1. Additional references: + - (https://github.com/cobbler/cobbler/discussions/3573)[https://github.com/cobbler/cobbler/discussions/3573] + - [https://github.com/cobbler/cobbler/issues/2339](https://github.com/cobbler/cobbler/issues/2339) - [https://askubuntu.com/questions/1235723/automated-20-04-server-installation-using-pxe-and-live-server-image](https://askubuntu.com/questions/1235723/automated-20-04-server-installation-using-pxe-and-live-server-image) From d703910eac786b138afe1e887d903b5c2962f9fb Mon Sep 17 00:00:00 2001 From: sus-admin Date: Thu, 29 May 2025 00:10:59 -0400 Subject: [PATCH 2/4] moderate rewrite of Debian guide after isolating installer bug --- _includes/example-preseed-excerpt.txt | 42 ----- ...-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 155 ++++++------------ 2 files changed, 49 insertions(+), 148 deletions(-) delete mode 100644 _includes/example-preseed-excerpt.txt diff --git a/_includes/example-preseed-excerpt.txt b/_includes/example-preseed-excerpt.txt deleted file mode 100644 index 89e1f1cc..00000000 --- a/_includes/example-preseed-excerpt.txt +++ /dev/null @@ -1,42 +0,0 @@ -### Apt setup -# Choose, if you want to scan additional installation media -# (default: false). -d-i apt-setup/cdrom/set-first boolean false -# You can choose to install non-free firmware. -#d-i apt-setup/non-free-firmware boolean true -# You can choose to install non-free and contrib software. -#d-i apt-setup/non-free boolean true -#d-i apt-setup/contrib boolean true -# Uncomment the following line, if you don't want to have the sources.list -# entry for a DVD/BD installation image active in the installed system -# (entries for netinst or CD images will be disabled anyway, regardless of -# this setting). -#d-i apt-setup/disable-cdrom-entries boolean true -# Uncomment this if you don't want to use a network mirror. -#d-i apt-setup/use_mirror boolean false -# Select which update services to use; define the mirrors to be used. -# Values shown below are the normal defaults. -#d-i apt-setup/services-select multiselect security, updates -#d-i apt-setup/security_host string security.debian.org - -# Additional repositories, local[0-9] available -#d-i apt-setup/local0/repository string \ -# http://local.server/debian stable main -#d-i apt-setup/local0/comment string local server -# Enable deb-src lines -#d-i apt-setup/local0/source boolean true -# URL to the public key of the local repository; you must provide a key or -# apt will complain about the unauthenticated repository and so the -# sources.list line will be left commented out. -#d-i apt-setup/local0/key string http://local.server/key -# or one can provide it in-line by base64 encoding the contents of the -# key file (with `base64 -w0`) and specifying it thus: -#d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= -# The content of the key file is checked to see if it appears to be ASCII-armoured. -# If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. -# "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) - -# By default the installer requires that repositories be authenticated -# using a known gpg key. This setting can be used to disable that -# authentication. Warning: Insecure, not recommended. -#d-i debian-installer/allow_unauthenticated boolean true diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index c7bd2fd6..c491937d 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -5,7 +5,7 @@ author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. --- -This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.6 Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html). +This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.6 Beginner's guide](/blog/2024/Cobbler-v3.3.6-Beginners-Guide/). ## Table of Contents {:.no_toc} @@ -21,19 +21,15 @@ Starting where the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners- - Along the same lines as the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html) I prefer to locally host/mirror the base OS repo to alleviate public internet availability and bandwidth dependencies during network installations. -- using the `cobbler check` CLI command, the output recommends installing the **debmirror** package in order to manage Debian deployments and repos with Cobbler. Instead, we will simply import the Debian source installation media (.iso file), similarly to the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html), and use that as the local repo mirror to install over the network. +- This guide details 2 distinct approaches to deploying Debian with Cobbler - - This method is not the Cobbler official method, and Debian actually [recommends](https://www.debian.org/mirror/ftpmirror) using something like "apt-cacher-ng" or "squid proxy" + - The first method is *my* preferred approach since it's more similar to the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html) and generally has less requirements. - - The Main Debian repo for the latest release of Debian is about 100 GB at the time of writing, which is why this is *my* preferred method over using **debmirror**, as it only requires the data from a single Debian installer DVD (.iso file) + - This method does require a fairly complicated fix to a bug in the `debian-installer` source code, caused by the **unsigned** repo mirror (imported from the CD/DVD/ISO installation media) failing security verification (more info in the **Tips & Troubleshooting** section below). - - For completeness however, the **debmirror** method will be detailed towards the bottom of this guide, in the **Mirroring with debmirror** section. + - For completeness, the Cobbler-recommended method of using `debmirror` (seen in the output of the `cobbler check` CLI command) will be detailed towards the bottom of this guide, in the **Mirroring with debmirror** section. -- This guide provides a workaround to an issue that is encountered when installing Debian 11 & 12 over the network from a **local/private repo** where the PXE client (`debian-installer`) does not trust the installation source *(Since Debian developers DO NOT sign the software/repos packaged into official CD/DVD/ISO releases: [https://wiki.debian.org/SecureApt](https://wiki.debian.org/SecureApt) )*. - - - This appears to be a bug in the `debian-installer` (`d-i`); more info provided in the **Tips & Troubleshooting** section below. - - - This issue should not arise when mirroring an official Debian mirror using the **debmirror** method, as recommended by Cobbler + - Debian actually [recommends](https://www.debian.org/mirror/ftpmirror) using something like "apt-cacher-ng" or "squid proxy" ## Cobbler Server Prep @@ -43,6 +39,18 @@ That said, continue at your own risk. ### Dependencies +While this section describes installing Debian from the local Cobbler server, the resulting system will use the public Debian mirrors for updates and installs going forward. Add a `cobbler repo` entry for those public Debian mirrors with your desired components to be referenced in the auto-install (these repos are only for metadata, they will not be mirrored or downloaded locally with the below settings) + +```shell +cobbler repo add --name bookworm-latest --keep-updated false --mirror-locally false --breed apt --arch x86_64 --mirror "http://deb.debian.org/debian" --apt-components="main non-free non-free-firmware contrib" --apt-dists=bookworm +cobbler repo add --name bookworm-updates --keep-updated false --mirror-locally false --breed apt --arch x86_64 --mirror "http://deb.debian.org/debian" --apt-components="main non-free non-free-firmware contrib" --apt-dists=bookworm-updates +cobbler repo add --name bookworm-security --keep-updated false --mirror-locally false --breed apt --arch x86_64 --mirror "http://security.debian.org/debian-security" --apt-components="main non-free non-free-firmware contrib" --apt-dists=bookworm-security + +cobbler repo add --name bullseye-latest --keep-updated false --mirror-locally false --breed apt --arch x86_64 --mirror "http://deb.debian.org/debian" --apt-components="main non-free non-free-firmware contrib" --apt-dists=bullseye +cobbler repo add --name bullseye-updates --keep-updated false --mirror-locally false --breed apt --arch x86_64 --mirror "http://deb.debian.org/debian" --apt-components="main non-free non-free-firmware contrib" --apt-dists=bullseye-updates +cobbler repo add --name bullseye-security --keep-updated false --mirror-locally false --breed apt --arch x86_64 --mirror "http://security.debian.org/debian-security" --apt-components="main non-free non-free-firmware contrib" --apt-dists=bullseye-security +``` + Download the latest releases of Debian Bookworm and Bullseye ```shell @@ -65,24 +73,6 @@ wget -O ~/Downloads/Debian11.11-firmware.gz https://cdimage.debian.org/cdimage/f > > Newer releases of the netboot `initrd.gz` and firmware images will not be compatible with previous releases of Debian, as they use different kernel and module versions. -Create a GPG key to sign the local Debian repo mirror, and then export the public key to the public HTTP share on the Cobbler server and restore the SELinux labels. - -```shell -gpg --full-gen-key --batch <(echo "Key-Type: 1"; \ - echo "Key-Length: 4096"; \ - echo "Subkey-Type: 1"; \ - echo "Subkey-Length: 4096"; \ - echo "Expire-Date: 0"; \ - echo "Name-Real: cobbler"; \ - echo "Name-Email: cobbler@fedora.local"; \ - echo "%no-protection"; ) - -gpg --output /var/www/cobbler/pub/cobbler.gpg.asc --armor --export cobbler -restorecon -R /var/www/cobbler/pub -``` - -> for simplicity, this GPG key will not be password protected. This is against cyber-security best practices and should only be implemented in a test environment. - ## Debian 12 Bookworm PXE Deployment mount the Debian 12 Bookworm installation media and import the distro into cobbler: @@ -93,14 +83,6 @@ mount -t iso9660 -o loop,ro ~/Downloads/debian-12.8.0-amd64-DVD-1.iso /mnt/Debia cobbler import --name Debian12.8 --path /mnt/Debian ``` -Navigate to the imported distro mirror and sign the repo: - -```shell -cd /var/www/cobbler/distro_mirror/Debian12.8/dists/bookworm -gpg -u cobbler -bao Release.gpg Release -gpg -u cobbler --clear-sign --output InRelease Release -``` - Concatenate the two `initrd.gz` images in the following order, then configure the new Cobbler Distro to use the combined image: ```shell @@ -114,64 +96,50 @@ Create a new "preseed" (autoinstall) template from the sample included with Cobb ```shell cp /var/lib/cobbler/templates/sample.seed /var/lib/cobbler/templates/bookworm-workaround.seed sed -i 's,# d-i debian-installer/allow_unauthenticated boolean true,d-i debian-installer/allow_unauthenticated boolean true,' /var/lib/cobbler/templates/bookworm-workaround.seed -sed -i 's,# d-i apt-setup/local0/key string http://local.server/key,d-i apt-setup/local0/repository string http://$http_server$install_source_directory\nd-i apt-setup/local0/key string http://$http_server/cblr/pub/cobbler.gpg.asc,' /var/lib/cobbler/templates/bookworm-workaround.seed ``` -> This is where the bug mentioned in the **Caveats** section above is introduced. The `apt-setup/local0/key` preseed value *should* allow us to provide the `debian-installer` with a GPG key to validate the installation source, but the installation always fails without the **workaround** detailed below. -> -> When the **workaround** is implemented, the installation completes successfully and the resulting system's installation log always has an entry like `Downloading local repository key failed`. -> -> Still, confugre it to retrieve the key over HTTP anyway, just in case. - Use the standard `preseed_early_default` Cobbler Script to create a new Cobbler Script which will implement the ***workaround*** to be run on the PXE client to circumvent the bug mentioned in the **Caveats** section above: ```shell grep -v '# End preseed_early_default' /var/lib/cobbler/scripts/preseed_early_default | tee /var/lib/cobbler/scripts/preseed_early_workaround -echo 'while true; do - [ -d /target/etc/apt/trusted.gpg.d ] && cd /target/etc/apt/trusted.gpg.d && fetch-url http://$http_server/cblr/pub/cobbler.gpg.asc cobbler.gpg.asc && exit; - echo nope; +echo 'while true; do + [ -f /usr/lib/base-installer/library.sh ] && sed -i '\''s/APT::Get::AllowUnauthenticated "true";/APT::Get::AllowUnauthenticated "true";\nAcquire::AllowInsecureRepositories "true";/'\'' /usr/lib/base-installer/library.sh && break; sleep 1; -done 2> /dev/null 1> /dev/null & -# End preseed_early_default' | tee -a /var/lib/cobbler/scripts/preseed_early_workaround +done 2> /dev/null 1> /dev/null &' | tee -a /var/lib/cobbler/scripts/preseed_early_workaround ``` -Create another preseed script (from the standard `preseed_late_default` Cobbler Script) to run in the post-installation stage which will grant sudo privileges to the "debian" user (created below) and reconfigure the installed system to use Debian's official APT sources instead of the local Cobbler server. +Create a new Cobbler snippet from `late_apt_repo_config` to *not* use the Cobbler server as an `apt` mirror *post-installation*. ```shell -grep -v '# End preseed_late_default' /var/lib/cobbler/scripts/preseed_late_default | tee /var/lib/cobbler/scripts/preseed_late_bookworm - -echo "sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin no,' /etc/ssh/sshd_config -usermod -aG sudo debian -sed -i 's,^,#,' /etc/apt/sources.list -echo 'deb http://deb.debian.org/debian bookworm main non-free-firmware non-free contrib' >> /etc/apt/sources.list -echo 'deb-src http://deb.debian.org/debian bookworm main non-free-firmware non-free contrib' >> /etc/apt/sources.list -echo 'deb http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free contrib' >> /etc/apt/sources.list -echo 'deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free contrib' >> /etc/apt/sources.list -echo 'deb http://deb.debian.org/debian bookworm-updates main non-free-firmware non-free contrib' >> /etc/apt/sources.list -echo 'deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware non-free contrib' >> /etc/apt/sources.list -# End preseed_late_default" | tee -a /var/lib/cobbler/scripts/preseed_late_bookworm +grep -v 'deb http://$http_server/cblr/links/$distro_name $os_version main' /var/lib/cobbler/snippets/late_apt_repo_config | tee /var/lib/cobbler/snippets/late_apt_repo_config-no_cobbler ``` -Modify the new preseed (autoinstall) template to install desired packages only, setup an additional user "debian", set the workaround script created above to run in the "early" installation stage, and the "preseed_late" script to run in the late stage, and more aggressively force the installation regardless of any existing installations. +Create another preseed script from the standard `preseed_late_default` which will use the above `late_apt_repo_config-no_cobbler` snippet. + +```shell +sed 's,late_apt_repo_config,late_apt_repo_config-no_cobbler' /var/lib/cobbler/scripts/preseed_late_default | tee /var/lib/cobbler/scripts/preseed_late_no-cobbler +``` + +Modify the new preseed (autoinstall) template to deselect any services *(which are not included with the installation ISO/DVD)*, install desired packages only, setup an additional user "debian" with `sudo` privileges, set the workaround script created above to run in the *early* installation stage and the new "preseed_late" script to run in the *late* stage, and more aggressively force the installation regardless of any existing installations. ```shell -sed -i 's,ntp ssh wget,wget curl openssh-server sudo vim\npopularity-contest popularity-contest/participate boolean false,' /var/lib/cobbler/templates/bookworm-workaround.seed sed -i 's,# d-i apt-setup/services-select multiselect security,d-i apt-setup/services-select multiselect,' /var/lib/cobbler/templates/bookworm-workaround.seed +sed -i 's,ntp ssh wget,wget curl openssh-server sudo vim\npopularity-contest popularity-contest/participate boolean false,' /var/lib/cobbler/templates/bookworm-workaround.seed sed -i 's,d-i partman-auto/method string lvm,d-i partman-efi/non_efi_system boolean true\nd-i partman-auto/method string lvm,' /var/lib/cobbler/templates/bookworm-workaround.seed sed -i 's,d-i grub-installer/bootdev string default,d-i grub-installer/bootdev string default\nd-i grub-installer/with_other_os boolean true\nd-i grub-installer/force-efi-extra-removable boolean false\nd-i grub-installer/enable_os_prober_otheros_yes boolean false\nd-i grub-installer/enable_os_prober_otheros_no boolean true,' /var/lib/cobbler/templates/bookworm-workaround.seed -sed -i 's,d-i passwd/make-user boolean false,d-i passwd/make-user boolean true\nd-i passwd/user-fullname string Debian Admin\nd-i passwd/username string debian\nd-i passwd/user-password-crypted password $default_password_crypted,' /var/lib/cobbler/templates/bookworm-workaround.seed +sed -i 's,d-i passwd/make-user boolean false,d-i passwd/make-user boolean true\nd-i passwd/user-fullname string Debian Admin\nd-i passwd/username string debian\nd-i passwd/user-password-crypted password $default_password_crypted\nd-i passwd/user-default-groups string sudo,' /var/lib/cobbler/templates/bookworm-workaround.seed sed -i 's,script=preseed_early_default,script=preseed_early_workaround,' /var/lib/cobbler/templates/bookworm-workaround.seed -sed -i 's,script=preseed_late_default,script=preseed_late_bookworm,' /var/lib/cobbler/templates/bookworm-workaround.seed +sed -i 's,script=preseed_late_default,script=preseed_late_no-cobbler,' /var/lib/cobbler/templates/bookworm-workaround.seed ``` -Configure the Cobbler Profile to use the new autoinstall (preseed) template: +Configure the Cobbler Profile to use the new autoinstall (preseed) template and assign the appropriate `cobbler repo` mirrors defined above: ```shell -cobbler profile edit --name Debian12.8-x86_64 --autoinstall 'bookworm-workaround.seed' +cobbler profile edit --name Debian12.8-x86_64 --autoinstall 'bookworm-workaround.seed' --repos "bookworm-latest bookworm-security bookworm-updates" ``` -Finally, create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System, then sync up Cobbler. +Finally, create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP address of any other Cobbler System, then sync up Cobbler. ```shell cobbler system add --name "Debian12.8" --profile Debian12.8-x86_64 --hostname "debian12-8" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8" @@ -189,16 +157,11 @@ Take similar steps as above, with the inclusion of the netboot "firmware" image mount -t iso9660 -o loop,ro ~/Downloads/debian-11.11.0-amd64-DVD-1.iso /mnt/Debian cobbler import --name=Debian11.11 --path=/mnt/Debian -cd /var/www/cobbler/distro_mirror/Debian11.11/dists/bullseye -gpg -u cobbler -bao Release.gpg Release -gpg -u cobbler --clear-sign --output InRelease Release - cat /var/www/cobbler/distro_mirror/Debian11.11/install.amd/initrd.gz ~/Downloads/Debian11.11-netboot.gz ~/Downloads/Debian11.11-firmware.gz > /var/www/cobbler/pub/Debian11.11-netboot.gz cobbler distro edit --name Debian11.11-x86_64 --initrd "/var/www/cobbler/pub/Debian11.11-netboot.gz" -sed 's,bookworm,bullseye,' /var/lib/cobbler/scripts/preseed_late_bookworm > /var/lib/cobbler/scripts/preseed_late_bullseye -grep -v "os_prober" /var/lib/cobbler/templates/bookworm-workaround.seed | sed 's,preseed_late_bookworm,preseed_late_bullseye,' > /var/lib/cobbler/templates/bullseye-workaround.seed -cobbler profile edit --name Debian11.11-x86_64 --autoinstall bullseye-workaround.seed +grep -v "os_prober" /var/lib/cobbler/templates/bookworm-workaround.seed > /var/lib/cobbler/templates/bullseye-workaround.seed +cobbler profile edit --name Debian11.11-x86_64 --autoinstall bullseye-workaround.seed --repos "bullseye-latest bullseye-security bullseye-updates" cobbler system add --name Debian11.11 --profile Debian11.11-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true @@ -213,7 +176,7 @@ This guide will only provide the steps to mirror the LATEST release of Debian *( similarly to the DVD/ISO method above, both the **netboot** and **DVD/ISO** `initrd.gz` images are still required in the same concatenated manner to properly install over the network, but they must both be downloaded separately of the `debmirror` process. -Since the official Debian repo will be mirrored, the source will be fully valid with trusted signatures, meaning the autoinstall (preseed) file for the PXE client will not need the APT security settings required in the DVD/ISO source method. +Since the official Debian repo will be mirrored, the source will be fully valid with trusted signatures, meaning the autoinstall (preseed) file for the PXE client will not need the **workaround** portion. Cobbler supports managing repos/sources via the debmirror command natively, which means the `debmirror` package only needs to be installed and configured, then mirroring can be accomplished/managed through Cobbler CLI commands. @@ -252,12 +215,12 @@ cobbler repo add --name Debian-latest --keep-updated true --mirror-locally true cobbler reposync ``` +### PXE deploy via local debmirror repo + Configure a new preseed file for installation via the trusted, signed Debian repo: ```shell cp /var/lib/cobbler/templates/bookworm-workaround.seed /var/lib/cobbler/templates/bookworm-latest.seed -sed -i 's,d-i apt-setup/local0/repository,#d-i apt-setup/local0/repository,' /var/lib/cobbler/templates/bookworm-latest.seed -sed -i 's,d-i apt-setup/local0/key,#d-i apt-setup/local0/key,' /var/lib/cobbler/templates/bookworm-latest.seed sed -i 's,d-i debian-installer/allow_unauthenticated,#d-i debian-installer/allow_unauthenticated,' /var/lib/cobbler/templates/bookworm-latest.seed sed -i 's,script=preseed_early_workaround,script=preseed_early_default,' /var/lib/cobbler/templates/bookworm-latest.seed ``` @@ -273,11 +236,11 @@ cat ~/Downloads/debian-stable-initrd.gz ~/Downloads/debian-stable-netboot-initrd cp ~/Downloads/debian-stable-vmlinuz /var/www/cobbler/pub/Debian12.8-netboot/vmlinuz ``` -Add a Cobbler Distro and Profile for the new Debian repo, and the usual HTTP link: +Add a Cobbler Distro and Profile (including the metadata-only `cobbler repo` mirrors created in the **Prerequisites** section above) for the new Debian repo, and the usual HTTP link: ```shell cobbler distro add --name Debian-latest --arch x86_64 --autoinstall-meta 'tree'='http://@@http_server@@/cblr/links/Debian-latest' --breed debian --os-version bookworm --initrd "/var/www/cobbler/pub/Debian12.8-netboot/initrd.gz" --kernel "/var/www/cobbler/pub/Debian12.8-netboot/vmlinuz" -cobbler profile add --name Debian-latest --distro Debian-latest --autoinstall bookworm-latest.seed +cobbler profile add --name Debian-latest --distro Debian-latest --autoinstall bookworm-latest.seed --repos "bookworm-latest bookworm-security bookworm-updates" ln -s /var/www/cobbler/repo_mirror/Debian-latest /var/www/cobbler/links/Debian-latest cobbler sync ``` @@ -295,36 +258,17 @@ Now the **PXE Client** should be able to boot from a generic/random MAC address 1. The [Cobbler 3.3.6 Beginner's Guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. -1. The `debian-installer` issue mentioned in the **Caveats** section above is primarily marked by a fatal error during the installation process and the log entry `GPG error` in `/var/log/syslog` on the installer system, or, if the workaround script was used, you can install the `debconf-utils` package on the resulting system and use the command `debconf-get-selections --installer | grep "Downloading"` for more info on the error. - - - The error prevents the installation from proceeding using the configured repo mirror, but the `debian-installer` remains running; press **ALT+F2** or **ALT+F3** on the PXE client keyboard to access a privileged shell to conduct some troubleshooting. - - - The issue stems from the below section of the preseed file, retrieved drectly from Debian's official [stable](https://www.debian.org/releases/stable/example-preseed.txt) and [bookworm](https://www.debian.org/releases/bookworm/example-preseed.txt) example preseed files. - -{% capture file %}```shell -{% include example-preseed-excerpt.txt path="_includes/example-preseed-excerpt.txt" %}```{% endcapture %} -{% assign lines = file | newline_to_br | strip_newlines | split: "
" %} -{% for line in lines %}{{ line | prepend: " " }} -{% endfor %} +1. Going the route of importing the DVD ISO file for debian PXE deployments will leave those PXE clients with less available packages to install during OS installation compared to a full mirror, but I prefer to keep the OS deployments minimal anyway. - - As seen in the procedures above, `allow_unauthenticated` is set to true, which appears to only permit the installation to START when an untrusted repo mirror is found, but the mirror will be checked again before beginning the `apt-setup` phase, which `allow_unauthenticated` will not override. +1. The issue mentioned in the **Caveats** section above is due to the `base-installer` [source code](https://salsa.debian.org/installer-team/base-installer/-/blob/1.213/library.sh?ref_type=tags) neglecting to add the `Acquire::AllowInsecureRepositories "true";` line in to the `00AllowUnauthenticated` file on the target system (created depending on the value of preseed optoin `debian-installer/allow_unauthenticated`) as mentioned in the [apt-secure manpage](https://manpages.debian.org/bookworm/apt/apt-secure.8.en.html). - - This means that the `debian-installer` also requires the local APT mirror to be defined using the `d-i apt-setup/local0/repository` & `d-i apt-setup/local0/key` preseed options in order for the PXE client to retrieve the public GPG key for the repo mirror and use it to validate the mirror, which seems to be configured properly through the preseed from Cobbler, verified with the following commands on the `debian-installer` system (and obviously can be done, since the workaround provided in this guide does essentially the same thing): + - The installation will fail on a "cannot find a suitable kernel package" error. - ```shell - debconf-get apt-setup/local0/repository - debconf-get apt-setup/local0/key - less /var/lib/preseed/log - cat /var/log/syslog | grep "GPG error" - cat /var/lib/cdebconf/templates.dat | grep apt-setup - cat /var/lib/cdebconf/questions.dat | grep apt-setup - ``` - - - Alternatively, the preseed comments note that you may provide the GPG key inline in the preseed file as a base64-encoded string with the format `d-i apt-setup/local0/key string base64://`, however I was not able to get this working either. + - This error consistenly occurs on Debian 11 & 12 installations. - - The snippet from Debian's official preseed sample above mentions "see generators/60local in apt-setup's source" and looking at some of that [source code](https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/60local?ref_type=heads), I tried to model the workaround script as closely to the source code as possible, which is why `fetch-url` is used to download the GPG key, instead of `wget` or `curl`. + - A bug has been filed with the Debian Bug Tracking System for this. - - This error consistenly occurs on Debian 11 & 12 installations. + - Debian developers do NOT sign the software/repos packaged into official CD/DVD/ISO releases: [https://wiki.debian.org/SecureApt](https://wiki.debian.org/SecureApt) 1. References @@ -381,4 +325,3 @@ Now the **PXE Client** should be able to boot from a generic/random MAC address - [https://debian-handbook.info/browse/wheezy/sect.package-authentication.html](https://debian-handbook.info/browse/wheezy/sect.package-authentication.html) - [https://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g](https://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g) - [https://ubuntuforums.org/archive/index.php/t-2217665.html](https://ubuntuforums.org/archive/index.php/t-2217665.html) - From fdd2b718fcd44764d6cd264a3b35c31a3fcfb627 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Thu, 29 May 2025 00:40:28 -0400 Subject: [PATCH 3/4] moderate update to Windows guide --- ...Cobbler-v3.3.7-Windows-Deployment-Guide.md | 107 +++++++++++------- 1 file changed, 63 insertions(+), 44 deletions(-) diff --git a/_posts/2025/2025-04-14-Cobbler-v3.3.7-Windows-Deployment-Guide.md b/_posts/2025/2025-04-14-Cobbler-v3.3.7-Windows-Deployment-Guide.md index 0314842e..28b48736 100644 --- a/_posts/2025/2025-04-14-Cobbler-v3.3.7-Windows-Deployment-Guide.md +++ b/_posts/2025/2025-04-14-Cobbler-v3.3.7-Windows-Deployment-Guide.md @@ -5,7 +5,7 @@ author: Sus-Admin summary: Deploying Microsoft Windows 10 & 11 via PXE network boot. --- -This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html). +This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.6 Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html). ## Table of Contents {:.no_toc} @@ -19,15 +19,11 @@ Starting where the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners- ### Caveats -1. **IMPORTANT:** Issues were encountered running the PXE client as a VirtualBox VM with UEFI firmware, so instead it is recommended to run the PXE client on physical *(bare metal)* hardware or as a [VMWare Workstation/Fusion](https://blogs.vmware.com/workstation/2024/05/vmware-workstation-pro-now-available-free-for-personal-use.html) VM for UEFI installations. +1. **IMPORTANT:** There was a frequent issue on PXE clients using VirtualBox EFI firmware. For this reason, it is recommended to run both Cobbler server and PXE client as either bare metal systems or [VMWare Workstation/Fusion](https://blogs.vmware.com/workstation/2024/05/vmware-workstation-pro-now-available-free-for-personal-use.html) or [HyperV](https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-overview) VMs for UEFI installations. - - More info on the issues encountered in the **Tips & Troubleshooting** section below. + - You may experience different results depending on your hardware and Windows or VirtualBox versions and settings; more info in the **Tips & Troubleshooting** section below - - If running the PXE client as a VMWare VM it is recommended to also run the Cobbler Server under the same VMWare host or another bare metal machine, using the same specs/settings as described in the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html). - - - Your experience may differ depending on your hardware and Windows and VirtualBox software versions and settings. - -1. This guide assumes you have already acquired the Windows 10 and 11 64-bit ISO installation files by using the [Windows 10](https://www.microsoft.com/en-us/software-download/windows10) and [Windows 11](https://www.microsoft.com/en-us/software-download/windows11) Media Creation Tool, which requires an existing Windows 10 or 11 system to create *(like the VirtualBox Host described in the [Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html))* +1. This guide assumes you have already acquired the Windows 10 and 11 64-bit ISO installation files by using the [Windows 10](https://www.microsoft.com/en-us/software-download/windows10) and [Windows 11](https://www.microsoft.com/en-us/software-download/windows11) Media Creation Tool - Also on the Windows 11 download page linked above is the minumum system requirements for installing Windows 11, which include UEFI Secure Boot and TPM support, making a *supported* installation to a VM an advanced topic beyond the scope of this guide. @@ -77,7 +73,7 @@ Edit the `/etc/samba/smb.conf` file to match the below text-block > More info on this service and configuration in the **Tips & Troubleshooting** section below -Enable and start the smb service +Enable and start the SMB service ```shell systemctl enable --now smb @@ -138,7 +134,7 @@ mount -o ro,loop ~/Downloads/Win10_22H2_English_x64.iso /mnt/Windows10 cobbler import --name Win10 --path /mnt/Windows10 ``` -**If the PXE client will use legacy-BIOS firmware** *(MBR partition scheme)* instead of UEFI, toggle `uefi` to `false` in the Cobbler Profile autoinstallation metadata: +***Optional:*** If the PXE client will use legacy-BIOS firmware instead of UEFI, toggle `uefi` to `false` in the Cobbler Profile autoinstallation metadata: ```shell cobbler profile edit --name Win10-x86_64 --autoinstall-meta 'uefi'='false' --in-place @@ -146,22 +142,20 @@ cobbler profile edit --name Win10-x86_64 --autoinstall-meta 'uefi'='false' --in- > More info in Cobbler's [official docs](https://cobbler.readthedocs.io/en/v3.3.7/user-guide/wingen.html). -Finally, create a new Cobbler System to PXE boot and automatically install Windows 10 Pro, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System, then sync up Cobbler. +Finally, create a new Cobbler System to PXE boot and automatically install Windows 10 Pro, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC address of any other Cobbler System, then sync up Cobbler. ```shell cobbler system add --name Win10 --profile Win10-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --enable-ipxe true cobbler sync ``` -The **PXE Client** VM can now be powered on, and should automatically boot to PXE and install Windows 10 to the VM HDD using the "autounattended.xml" answerfile template. +The **PXE Client** VM can now be powered on, and should automatically boot to PXE and install Windows 10 to the VM HDD using the "autounattended.xml" answerfile. -- See the **Tips & Troubleshooting** section below for a fix for an issue encountered on the PXE client during the `start-net.cmd` script on both VirualBox and VMWare VMs +- See the Tips & Troubleshooting section below for a fix for an issue encountered on the PXE client during the start-net.cmd script on both VirualBox and VMWare VMs ## Windows 11 PXE Deployment -First use the following commands to edit the `startnet.template` file in order to bypass Windows 11 hardware requirements for the PXE client. - -- note that `unix2dos` will properly terminate the lines of text individually. +***Optional:*** If installing Windows 11 on unsupported hardware, use the following commands to edit the `startnet.template` file in order to bypass hardware requirements for the PXE client. ```shell CMD1=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassSecureBootCheck /t REG_DWORD /d 1 /f' | unix2dos) @@ -170,7 +164,7 @@ CMD3=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassRAMCheck /t REG_DWO CMD4=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassCPUCheck /t REG_DWORD /d 1 /f' | unix2dos) CMD5=$(echo 'reg add HKLM\\SYSTEM\\Setup\\LabConfig /v BypassStorageCheck /t REG_DWORD /d 1 /f' | unix2dos) CMD6=$(echo '\$distro_share\\sources\\setup.exe \$unattended' | unix2dos) -sudo sed -i -E "s,^#else.?$,#else if \$os_version == \"11\"\n${CMD1}\n${CMD2}\n${CMD3}\n${CMD4}\n${CMD5}\n${CMD6}\n#else," /etc/cobbler/windows/startnet.template +sed -i -E "s,^#else.?$,#else if \$os_version == \"11\"\n${CMD1}\n${CMD2}\n${CMD3}\n${CMD4}\n${CMD5}\n${CMD6}\n#else," /etc/cobbler/windows/startnet.template ``` Now, take similar steps as with Windows 10 to import and automatically deploy Windows 11 Pro over PXE. @@ -185,58 +179,85 @@ cobbler sync The **PXE Client** VM can now be powered on, and should automatically boot to PXE and install Windows 11 to the VM HDD using the "autounattended.xml" answerfile template. -- See the **Tips & Troubleshooting** section below for a fix for an issue encountered on the PXE client during the `start-net.cmd` script on both VirualBox and VMWare VMs +- See the Tips & Troubleshooting section below for a fix for an issue encountered on the PXE client during the start-net.cmd script on both VirualBox and VMWare VMs ## Tips & Troubleshooting -1. The [Cobbler 3.3.6 Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. +1. The [Cobbler 3.3.6 Beginner's Guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html) **Tips & Troubleshooting** section contains some basic recommendations and limitations of Cobbler which will not be repeated here. + +1. It's important to understand how Cobbler manages Windows distros and deployments *by default*, as there are certain implicit limitations not present with other distros. + + - Cobbler has 3 main templates for Windows distro management, all located in `/etc/cobbler/windows` directory (instead of the usual `/var/lib/cobbler/templates` and `/var/lib/cobbler/scripts` directories), which effectively limit Windows deployments to `cobbler profile` level customizations + + - `startnet.template`: Generates "startnet.cmd" which gets archived/compressed into the WinPE image (loaded from PXE) in order to start Windows `setup.exe` on the PXE client with the associated Answerfile + + - `answerfile.template`: Generates "autounattended.xml" answerfile with **profile** attributes to be retrieved over SMB by PXE clients for unattended installations. + + - `post_ins_cmd.template`: Generates "post_install.cmd" which is used in the Answerfile to retrieve the `autoinstall` file (post-install script) defined for the **profile** + + - By default, the autoinstall file (post-install script) `/var/lib/cobbler/templates/win.ks` has no effect. + + - The `autoinstall-meta` parameters *(used to specify the boot files and how to download them, answerfile and post_install templates for unattended installations, as well as set firmware/partitioning mode)* can be configured at the `cobbler system` (or `profile`) level and given unique names to generate different files for use by diffrent profiles or systems, but neither the `answerfile.template` or `post_inst_cmd.template` files are system-level aware, they only consist of **profile-level** settings. + + - Only MAC address and other DHCP-related options will be used for *Windows* `cobbler system` items, in addition to the above `autoinstall-meta` parameters, which have limited functionality for Systems. + + - Windows is limited in the [ways to provide an Answerfile](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview#implicit-answer-file-search-order), it cannot be specified in boot/kernel parameters like many linux distros + + - This is all only *default* behavior in cobbler, and it would be possible to program additional logic into the `startnet.cmd` or `post_install.cmd` scripts, for instance, to retrieve a diffent answerfile or post-install script based on the hostname (configurable through DHCP) or MAC address. However, that would come with additional limitations and requirements beyond the scope of this guide. 1. **VirtualBox Issues** - - Specifially, the `ipxe-x86_64.efi` bootloader would fail to "initialize devices" and even though using the `ipxe-snponly-x86_64.efi` bootloader instead would load properly, the PXE client VM would *usually* just hang when downloading on of the WinPE files (i.e. `wimboot`, `boot.sdi`, `bootmgr.exe`, `bcd`, `winpe.wim`) + - Specifially, the `ipxe-x86_64.efi` bootloader would fail to "initialize devices" and even though using the `ipxe-snponly-x86_64.efi` bootloader would load properly, the PXE client VM would *usually* just hang when downloading one of the WinPE files (i.e. `wimboot`, `boot.sdi`, `bootmgr.exe`, `bcd`, `winpe.wim`) - - Tried several troubleshooting steps and could not get a consisten fix: + - Tried several troubleshooting steps and could not get a consistent fix: - Tried different virtual network adapters. - - Using the "Paravirtualized Network (virtio-net)" adapter did resove this issue with the iPXE boot process and load into the WinPE/wimboot image successfully, but then did not detect any network adapters and failed to begin Window Setup, and further troubleshooting would be beyond the scope of this guide. + - Using the "Paravirtualized Network (virtio-net)" adapter did resove this issue with the iPXE boot process and load into the WinPE/wimboot image successfully, but then did not detect any network adapters and failed to begin Windows Setup; further troubleshooting would be beyond the scope of this guide. + + - Tried running PXE client on another host PC with different VirtualBox version - Tried installing the appropriate VirtualBox Extensions for my version of VB. - - Disabled Memory Isolation in Windows Security on VirtualBox Host. + - Disabled Memory Isolation in Windows Security (and other security options) on VirtualBox Host. - Tried with and without "Virtual Machine Platform" and "Windows Hypervisor Platform" Windows Features installed/enabled. + + - Tried compiling latest and previous versions of ipxe.efi (snp, intel, realtek, etc...) bootloader from source - - Found no relevant entries/errors in VirtualBox VM logs and nothing abnormal in Cobbler server logs (HTTP, TFTP, DHCP). + - Found no relevant entries/errors in VirtualBox VM logs *(debug logs enabled)* or Windows Event Viewer and nothing abnormal in Cobbler server logs (HTTP, TFTP, DHCP). - - A live Windows OS installation can be converted from MBR (legacy-BIOS) to GPT (UEFI) via powershell commands, which can be used as a workaround for compatibility with VirtualBox VM UEFI firmware + - A live Windows 10 installation can be easily converted from MBR (legacy-BIOS) to GPT (UEFI) via powershell commands, which can be used as a workaround for compatibility with VirtualBox UEFI firmware + + - source: [mbr2gpt](https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10). - - source: [https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10](https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10). 1. **start-net.cmd issue** - The `smb` linux service used to host the installation files for the PXE client on the Cobbler server would be unresponsive during some installations, primarily when running the `startnet.cmd` script on the PXE client to start Windows Setup, which caused the installation to stall and error-out occasionally. - - After reading through the manpage (`man smb.conf`) and trying several different configurations the problem persisted; make the following edit to the `startnet.template` file to account for this occasional unresponsiveness/lag from the SMB server when booting into setup by first probing the SMB share until it responds. + - After reading through the manpage (`man smb.conf`) and trying several different configurations the problem persisted + + - Make the following edit to the `startnet.template` file to account for this occasional unresponsiveness/lag from the SMB server by first enumerating the SMB share until it responds. - ```shell - CMD=$(echo 'dir \$distros_dir || GOTO wno20' | unix2dos) - sed -i "s,net use z:,${CMD}\nnet use z:," /etc/cobbler/windows/startnet.template - ``` + ```shell + CMD=$(echo 'dir \$distros_dir || GOTO wno20' | unix2dos) + sed -i "s,net use z:,${CMD}\nnet use z:," /etc/cobbler/windows/startnet.template + ``` 1. References - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview?view=windows-11](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview?view=windows-11) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup?view=windows-11](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup?view=windows-11) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup) - [https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/](https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/) - [https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/answer-files-overview](https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/answer-files-overview) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs?view=windows-11](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs?view=windows-11) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs?view=windows-11](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs?view=windows-11) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) - [https://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-sample-unattend-xml-file](https://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-sample-unattend-xml-file) @@ -244,11 +265,11 @@ The **PXE Client** VM can now be powered on, and should automatically boot to PX - [https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/customize-oobe-in-windows-11](https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/customize-oobe-in-windows-11) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-oobexml?view=windows-11&preserve-view=true](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-oobexml?view=windows-11&preserve-view=true) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-oobexml](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-oobexml) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/oobexml-settings?view=windows-11](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/oobexml-settings?view=windows-11) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/oobexml-settings](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/oobexml-settings) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/how-oobexml-works?view=windows-11](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/how-oobexml-works?view=windows-11) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/how-oobexml-works](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/how-oobexml-works) - [https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts](https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts) @@ -260,7 +281,7 @@ The **PXE Client** VM can now be powered on, and should automatically boot to PX - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs?view=windows-10](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs?view=windows-10) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) - [https://learn.microsoft.com/en-us/windows/deployment/configure-a-pxe-server-to-load-windows-pe](https://learn.microsoft.com/en-us/windows/deployment/configure-a-pxe-server-to-load-windows-pe) @@ -270,10 +291,8 @@ The **PXE Client** VM can now be powered on, and should automatically boot to PX - [https://cobbler.readthedocs.io/en/latest/code-autodoc/cobbler.modules.html#module-cobbler.modules.sync_post_wingen](https://cobbler.readthedocs.io/en/latest/code-autodoc/cobbler.modules.html#module-cobbler.modules.sync_post_wingen) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-intro?view=windows-10](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-intro?view=windows-10) - - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup?view=windows-10](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup?view=windows-10) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-intro](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-intro) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview?view=windows-10#implicit-answer-file-search-order](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview?view=windows-10#implicit-answer-file-search-order) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup) - - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options?view=windows-10](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options?view=windows-10) + - [https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options) From 2f1cc3cff88fd2a7526534efa4b93c2f9ab1ea41 Mon Sep 17 00:00:00 2001 From: sus-admin Date: Thu, 29 May 2025 12:09:56 -0400 Subject: [PATCH 4/4] fixed 1 bad link in updated Debian guide --- .../2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md index c491937d..c95ada7a 100644 --- a/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md +++ b/_posts/2024/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md @@ -5,7 +5,7 @@ author: Sus-Admin summary: Deploying Debian Bullseye and Bookworm (11 & 12) via PXE network boot. --- -This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.6 Beginner's guide](/blog/2024/Cobbler-v3.3.6-Beginners-Guide/). +This guide assumes that you have a Fedora 34 server or workstation system configured to run Cobbler v3.3.7 similarly to the [Cobbler v3.3.6 Beginner's guide](/blog/2024/11/12/Cobbler-v3.3.6-Beginners-Guide.html) ## Table of Contents {:.no_toc}