Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images) (http://www.linux-archive.org/debian-development/557091-support-installing-unconfigured-systems-vm-images-debian-live-images-preinstalled-mobile-tablet-images.html)

Samuel Thibault 07-26-2011 10:33 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
Daniel Baumann, le Tue 26 Jul 2011 12:30:29 +0200, a crit :
> On 07/26/2011 12:23 PM, Moritz Mhlenhoff wrote:
> > I would suggest a package such as "debian-oem-prep", which
> > contains an init script, which tests a file such a
> > /etc/wipe-all-traces-on-next-boot. If that files exists, all
> > sensitive host data like existing SSH hosts is being removed,
> > and debconf being fired up to configure a new host and domain
> > name.
>
> this is re-inventing the wheel; the stuff should not be generated in the
> first place by the package, and the best way to decide which stuff
> shouldn't be generated is to have the maintainer of the package care
> about this in the very same package (see my other mail).

Well, isn't it simply about not configuring a few packages?

Such as: the maintainer writes in control whether his package should be
configured at install time or first-boot time. And this field is only
used by OEM installers.

That way, most packages are already configured, and the few packages we
don't want to configure aren't.

Samuel


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110726103354.GI8388@const">http://lists.debian.org/20110726103354.GI8388@const

Daniel Baumann 07-26-2011 10:41 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On 07/26/2011 12:33 PM, Samuel Thibault wrote:
> Well, isn't it simply about not configuring a few packages?

no; see openssh-server.postinst, in the discussed use-case you want to
run everything in there except the creation of the host keys.

the only left problem to work out is to define a way so that upon start,
if enabled (which would be by default to yes upon boot), those packages
that have not configured their "private" stuff yet, to run their
postinsts again (to execute only those commands that create it, see my
other mail before).

--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4E2E99E7.8050307@progress-technologies.net">http://lists.debian.org/4E2E99E7.8050307@progress-technologies.net

Ivan Shmakov 07-27-2011 03:41 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
>>>>> Daniel Baumann <daniel.baumann@progress-technologies.net> writes:
>>>>> On 07/26/2011 12:33 PM, Samuel Thibault wrote:

>> Well, isn't it simply about not configuring a few packages?

> no; see openssh-server.postinst, in the discussed use-case you want
> to run everything in there except the creation of the host keys.

> the only left problem to work out is to define a way so that upon
> start, if enabled (which would be by default to yes upon boot), those
> packages that have not configured their "private" stuff yet, to run
> their postinsts again (to execute only those commands that create it,
> see my other mail before).

Given how a usual .postinst script is written, its repeated
execution isn't expected to do any harm.

AIUI, the .postinst scripts may be re-executed with
dpkg-reconfigure(8). The --all option may be handy, as well as
the --frontend=noninteractive and --unseen-only ones.

--
FSF associate member #7257


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 86y5zkpezw.fsf@gray.siamics.net">http://lists.debian.org/86y5zkpezw.fsf@gray.siamics.net

The Fungi 07-27-2011 04:12 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On Wed, Jul 27, 2011 at 10:41:07AM +0700, Ivan Shmakov wrote:
> AIUI, the .postinst scripts may be re-executed with
> dpkg-reconfigure(8).
[...]

In fact, for years I've relied on precisely this behavior to
regenerate SSH host keys when cloning machines (virtual or
physical)...

sudo rm /etc/ssh/*_key* && sudo dpkg-reconfigure openssh-server

--
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi@yuggoth.org); FINGER(fungi@yuggoth.org);
MUD(kinrui@katarsis.mudpy.org:6669); IRC(fungi@irc.yuggoth.org#ccl);
ICQ(114362511); YAHOO(crawlingchaoslabs); AIM(dreadazathoth); }


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110727041243.GA1336@yuggoth.org">http://lists.debian.org/20110727041243.GA1336@yuggoth.org

Daniel Baumann 07-28-2011 08:19 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On 07/27/2011 05:41 AM, Ivan Shmakov wrote:
> Given how a usual .postinst script is written, its repeated
> execution isn't expected to do any harm.

for the -live case, this just bloads boottime unnecessarily long (which
is why live-config doesn't do that).

--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4E311B83.6060908@progress-technologies.net">http://lists.debian.org/4E311B83.6060908@progress-technologies.net

Philip Hands 07-28-2011 02:36 PM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On Wed, 27 Jul 2011 04:12:44 +0000, The Fungi <fungi@yuggoth.org> wrote:
> On Wed, Jul 27, 2011 at 10:41:07AM +0700, Ivan Shmakov wrote:
> > AIUI, the .postinst scripts may be re-executed with
> > dpkg-reconfigure(8).
> [...]
>
> In fact, for years I've relied on precisely this behavior to
> regenerate SSH host keys when cloning machines (virtual or
> physical)...
>
> sudo rm /etc/ssh/*_key* && sudo dpkg-reconfigure openssh-server

For a while I've thought that it would be good to have a way of
provoking such packages to reset themselves -- that way one might do
something like:

dpkg-reconfigure --set-state-to-pristine

and that would then find packages that had things like keys to throw
away, by running something like the postinst with perhaps a 'reset'
option.

If this was done in a flexible way, allowing behaviour to be modified
via debconf questions, or similar, it should be able to handle the cases
where you have a live CD, or have cloned a machine's disk, and want to
change it's name and keys and mailname etc.

It occurs to me that one might want to use this to allow someone to move
a disk to a new machine without that resulting in your ethernet being
renamed from eth0 to eth1 (but perhaps that's getting out of scope for
this).

Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/
|-| HANDS.COM Ltd. http://www.uk.debian.org/
|(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND

Daniel Baumann 07-28-2011 02:52 PM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On 07/28/2011 04:36 PM, Philip Hands wrote:
> For a while I've thought that it would be good to have a way of
> provoking such packages to reset themselves

absolutely, see the other thread on devel from before:
http://lists.debian.org/debian-devel/2011/07/msg00698.html

--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4E3177AF.4000709@progress-technologies.net">http://lists.debian.org/4E3177AF.4000709@progress-technologies.net

Hector Oron 08-13-2011 10:51 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
Hello,

Getting late to discussion, apologies for that.

2011/7/26 Jonas Smedegaard <dr@jones.dk>:
> On 11-07-26 at 12:03pm, Paul Wise wrote:

>> We were thinking that it might be nice to add support to
>> openssh-server for installing the package, not generating the host
>> keys and then generating them on first boot. debconf pre-seeding could
>> be one way to do that, but it would be quite specific and a more
>> general solution might be desirable.
>>
>> So, I was wondering if anyone has any ideas on this topic?

> Uhm, I did have an idea for this, but have forgotten it again now.
>
> Cc'ing Hector who might recall our discussion on this exact issue a few
> weeks ago...

Indeed, openssh keys as well as udev fpostinst creates
/etc/udev/rules.d/70-persistent-net.rules which hardcodes MAC
addresses. Maybe some other packages are as well affected.

Jonas and I discussed this problem and we had some random ideas. We
discussed on allowing preinst and postinst in two stages, one stage
being a 'generic' way and the other a 'unique' way.

So basically preinst/postinst would only run generic part when image
is generated and the unique part would be executed once the image
boots in the final device.

Best regards,
--
*Héctor Orón *-.. . -... .. .- -. * -.. . ...- . .-.. --- .--. . .-.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAODfWeFPxw_VZRc�4R7Z2=UqJvFs=JuCZExFQLvFSj-NyPw@mail.gmail.com

Ben Hutchings 08-13-2011 01:55 PM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On Sat, 2011-08-13 at 12:51 +0200, Hector Oron wrote:
> Hello,
>
> Getting late to discussion, apologies for that.
>
> 2011/7/26 Jonas Smedegaard <dr@jones.dk>:
> > On 11-07-26 at 12:03pm, Paul Wise wrote:
>
> >> We were thinking that it might be nice to add support to
> >> openssh-server for installing the package, not generating the host
> >> keys and then generating them on first boot. debconf pre-seeding could
> >> be one way to do that, but it would be quite specific and a more
> >> general solution might be desirable.
> >>
> >> So, I was wondering if anyone has any ideas on this topic?
>
> > Uhm, I did have an idea for this, but have forgotten it again now.
> >
> > Cc'ing Hector who might recall our discussion on this exact issue a few
> > weeks ago...
>
> Indeed, openssh keys as well as udev fpostinst creates
> /etc/udev/rules.d/70-persistent-net.rules which hardcodes MAC
> addresses. Maybe some other packages are as well affected.
[...]

There is a new network device naming scheme that uses physical location
(slot number or firmware-provided port number) to name PCI network
devices. So far this is implemented in Fedora 15 and RHEL 6.1 (!). I
assume this would generate consistent device names for network devices
in VMs if the configurations differ only by MAC address.

Marco, do you have any plans for using this scheme as an option or as
the default?

Ben.

Colin Watson 08-13-2011 04:15 PM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On Sat, Aug 13, 2011 at 02:55:51PM +0100, Ben Hutchings wrote:
> There is a new network device naming scheme that uses physical location
> (slot number or firmware-provided port number) to name PCI network
> devices. So far this is implemented in Fedora 15 and RHEL 6.1 (!). I
> assume this would generate consistent device names for network devices
> in VMs if the configurations differ only by MAC address.
>
> Marco, do you have any plans for using this scheme as an option or as
> the default?

This is implemented in the biosdevname package, which I think we should
get into Debian. I got it into Ubuntu a while back, but have been
neglecting to sync up Debian. Alex, what's the progress of your ITP
(#617820)? Would you like to work together based on my Ubuntu package
(https://launchpad.net/ubuntu/+source/biosdevname), which in turn was
somewhat based on the packaging provided by upstream?

--
Colin Watson [cjwatson@debian.org]


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110813161559.GC32525@riva.dynamic.greenend.org.u k">http://lists.debian.org/20110813161559.GC32525@riva.dynamic.greenend.org.u k


All times are GMT. The time now is 04:25 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.