弄了一個無互動的自動裝 Debian 的步驟
緣由
在 P 社, 曾利用 ansible + cobbler 弄了自動重灌, 但想把它 改為 shell script 直接處理, 結果差不多被我弄出來, 完成度大概 90%
準備中
- 任何 Debian/ubuntu LiveCD iso 檔開機, 或是我自己做的客制化 LiveCD ISO 檔 (客制的, 下一篇再放出來)
- 準備要安裝的硬碟, 分割如下
- 只切一個 /
- 留夠用的 swap, 隨便算
Disklabel type: gpt
Disk identifier: xxxxx-oooo-yyyy
Device Start End Sectors Size Type
/dev/sda1 2048 4095 2048 1M BIOS boot
/dev/sda2 4096 29364223 29360128 14G Linux filesystem
/dev/sda3 29364224 31457246 2093023 1022M Linux swap
- 參考文件: https://www.debian.org/releases/stretch/amd64/apds03.html.en
步驟
- LiveCD 開機後
mkfs.xfs /dev/sda2
mkdir /mnt/debinst
mount /dev/sda2 /mnt/debinst
/usr/sbin/debootstrap --arch amd64 bullseye /mnt/debinst http://ftp.tw.debian.org/debian/
mount -t proc proc /mnt/debinst/proc
mount --bind /sys /mnt/debinst/sys
LANG=C.UTF-8 chroot /mnt/debinst /bin/bash
- chroot into /mnt/debinst
apt install makedev
cd /dev ; MAKEDEV generic
# config fstab, 以後再修更笨蛋的方法
root@debian-live:/etc# blkid /dev/sda2
/dev/sda2: UUID="bf085625-2d11-4a2c-994e-ca99ab30659b" BLOCK_SIZE="512" TYPE="xfs"
root@debian-live:/etc# blkid /dev/sda3
/dev/sda3: UUID="d0b7e806-de0c-4e24-8b26-ea909989cf65" TYPE="swap"
echo '# file system mount point type options dump pass
UUID="bf085625-2d11-4a2c-994e-ca99ab30659b" / xfs noatime 0 1
UUID="d0b7e806-de0c-4e24-8b26-ea909989cf65" none swap sw 0 0' > /etc/fstab
# timezone
ln -fs /usr/share/zoneinfo/Asia/Taipei /etc/localtime
# network
INT=`ip link | awk -F: '0 !~ "lo|vir|wl|^[^0-9]"{print2;getline}'`
echo "#
auto lo
iface lo inet loopback
auto INT
ifaceINT inet dhcp
source /etc/network/interfaces.d/*" > /etc/network/interfaces
echo '#
nameserver 8.8.8.8
nameserver 168.95.1.1' > /etc/resolv.conf
echo 'DebianHostName' > /etc/hostname
echo '#
127.0.0.1 localhost
127.0.1.1 DebianHostName
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters' > /etc/hosts
echo '#
deb http://ftp.tw.debian.org/debian/ bullseye main contrib non-free
deb-src http://ftp.tw.debian.org/debian/ bullseye main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
deb http://opensource.nchc.org.tw/debian/ bullseye-updates main contrib non-free
deb-src http://opensource.nchc.org.tw/debian/ bullseye-updates main contrib non-free' > /etc/apt/sources.list
apt update
apt install -y xfsprogs locales console-setup linux-image-amd64 grub-pc smartmontools vim sudo nload net-tools ssh
echo '#
LANG="en_US.UTF-8"
LANGUAGE="en_US:en"' > /etc/default/locale
echo '#
XKBMODEL="pc105"
XKBLAYOUT="us"
XKBVARIANT=""
XKBOPTIONS=""
BACKSPACE="guess"' > /etc/default/keyboard
cat << EOF > /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="nomodeset"
GRUB_CMDLINE_LINUX=""
GRUB_TERMINAL=console
GRUB_GFXMODE=640x480
GRUB_GFXPAYLOAD_LINUX=keep
EOF
grub-install /dev/sda
update-initramfs -u
update-grub
#sed -i 's;^\(root:\)\*:;\1:;' /etc/shadow
adduser --disabled-password --gecos "" firstuser
# 密碼部份, 需要再想一個更笨蛋的方法
sed -i 's;^\(firstuser:\)\*:;\1hash password:;' /etc/shadow
echo '#
firstuser ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/local
tasksel install standard
- 重開機, 退 LiveCD, 就能進入剛灌好的 Debian
- root 沒有密碼, single user mode 可能無法用, 要修爛掉時, 建議改用 PXE / LiveCD 進系統修
- 利用 firstuser 登入, 即可 sudo 取得 root permission
- 建議把 firstuser 密碼也拿掉, 改用 ssh public key 登入, 安全度會高很多
