Bonjour,
Je souhaiterais que tu me donniez, si possible, quelques tuyaux pour accélérer au maximum un déploiement de masse simultané sur un sous réseau. Quelle serait la procédure la plus effective pour déployer à partir d’une seule machine.
Merci
ps: sur un ancien sujet je viens de voir l’alternative du serveur pxe et j’y pensais justement: ca serait la solution la plus simple, non?
Bonjour,
Pour déployer quoi?
Une installation, une configuration, une application?
Si c’est une installation, un serveur PXE permet de ne pas avoir besoin de se déplacer avec un CD d’installation, celui-ci étant fournit par le serveur. Cela n’empèche pas de devoir automatiser l’installation pour gagner du temps (simple-cdd et/ou preseed).
Pour une configuration, Ansible est ton ami je pense.
Pour une application, cela va dépendre du type d’application concernée.
Je plussoie PXE + preseed (+ éventuellement Ansible pour peaufiner la configuration post-installation, je trouve que c’est plus puissant que le preseed, pour le peaufinage).
Si tu dois faire ça souvent, je peux te conseiller le projet FOG (serveur de déploiement open source avec des fonctionnalités sympa), ça peut te faire gagner du temps.
Alors, il faut voir le rapport recherche-temps gagné, mais, à mon travail, on a mis en place un preseed qui se déploie par PXE et qui installe une surcouche pour gérer l’installation et la configuration des paquets. C’est assez propre car tous les ordinateurs de l’association ont un fonctionnement absolument identique et sont interchangeables.
Mais bon, on parle de deux semaines de développement pour une installation sur 120 postes, le jeu en vaut largement la chandelle, essaie de voir pour ton usage si ça vaut le coup.
Je ne peux pas te filer les configuration ou la surcouche car sa conception est spécifiquement adaptée au système d’information de l’association, mais si tu veux de l’aide, je peux donner des indications.
le problème de Ansible c’est qu’il faut mettre en place une infrastructure assez lourde. Alors qu’avec preseed et du late_command tu peux déjà aller très loin.
Ansible c’est bien quand tes configuration changent souvent.
FOG c’est du clonage, donc même configuration matérielle que le clone sinon il y a des problèmes. j’ai testé à mon dernier taf. Une simple différence de carte son, video, voire même simplement réseau, et ça ne marche pas. alors qu’un PXE/preseed lui peux tout prendre en compte.
je plussoie almtesh 
Ah, j’oubliais, tu peux aussi faire différemment, tu peux aussi installer un PC aux petits ognons et, ensuite, en fait une copie avec clonezilla que tu déploies. Nous faisions ça à une époque car preseed n’était pas de notre niveau.
Ah, je l’utilisais aussi à mon ancien travail, on déployait des images windows sur des postes de 3 ou 4 modèles. Cela dit je ne m’occupais pas personnellement de la préparation des images, il y avait peut-être une opération pour rendre l’image plus générique et neutre au niveau matériel.
Merci pour vos suggestions mais auriez vous un tuto à jour concernant pxe + preseed car ce que je trouve date de 2012.
Merci encore
Sur PXE tu devrais trouver un tuto facilement car ça n’a pas beaucoup évolué depuis quelques années.
Pour preseed, c’est plus compliqué les documentations sont faible ou peu explicite.
Je travaille pas mal dessus ces derniers temps. Voici les liens que j’utilise:
il y a aussi l’utilisation de simple-cdd, qui consiste à faire ton propre cd/iso en partant d’une iso fournie par debian, à laquelle tu peux ajouter des fichiers (mais pas de répertoire) et surtout ajouter des package directement intégrés à l’iso, et de mettre des preseed (soit en automatique, soit par sélection). l’intérêt c’est que tu peux avoir autant de preseed que tu veux (ca marche par profil) et tu peux donc sélectionner le preseed que tu as besoin. C’est utile quand tu veux pouvoir installer une machine qui n’a pas accès à un repository apt.
Actuellement je peux installer Plusieurs types de machines, soit génériquement (n’importe quelle machine avec une configuration standard définie), soit spécifiquement (une machine physique spécifique, une conf pour machine physique standard, une conf pour machine virtuelle standard, une machine spécifique comme une box fai, un poste de travail, etc…) le tout avec une seule ISO.
je te donne un de mes preseed dans lequel il y a de la conf des claviers/locale, un partionnement avec LVM, de l’EFI, l’ajout de packages supplkémentaires, un late_command avec plusieurs commande in-target ou non, du script.
#_preseed_V1
#### Contents of the preconfiguration file (for buster)
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/fallbacklocale select fr_FR.UTF-8
d-i debian-installer/locale select fr_FR.UTF-8
# The values can also be preseeded individually for greater flexibility.
#d-i debian-installer/language string fr
#d-i debian-installer/country string FR
#d-i debian-installer/locale string fr_FR.UTF-8
# Optionally specify additional locales to be generated.
#d-i localechooser/supported-locales multiselect fr_FR.UTF-8
### Description: Language:
# Choose the language to be used for the installation process. The selected
# language will also be the default language for the installed system.
#d-i localechooser/languagelist select fr
# Possible choices: ${NAMES_EN}
#d-i localechooser/language-name string French
# Keyboard selection.
#d-i console-keymaps-at/keymap select fr-latin9
d-i keyboard-configuration/xkb-keymap select fr
# d-i keyboard-configuration/toggle select No toggling
#d-i console-setup/ask_detect boolean false
d-i console-keymaps-at/keymap select fr-latin9
d-i debian-installer/keymap string fr-latin9
### Description: Country of origin for the keyboard:
# The layout of keyboards varies per country, with some countries
# having multiple common layouts. Please select the country of origin
# for the keyboard of this computer.
#d-i keyboard-configuration/layout select fr_FR.UTF-8
# Possible choices: ${CHOICES}
### Description: For internal use (keyboard chosen by user)
#d-i debian-installer/keymap string fr
#d-i console-data/keymap/policy select keymap from arch list
#d-i console-data/keymap/family select azerty
#d-i console-data/keymap/template/layout select French
#d-i console-data/keymap/template/variant select With Euro (latin 9)
#d-i keyboard-configuration/model select PC générique 105 touches (internat.)
#d-i keyboard-configuration/layout select Français
### Network configuration
# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
#d-i netcfg/enable boolean false
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select enp0s3
# To pick a particular interface instead:
#d-i netcfg/choose_interface select eth1
# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
#d-i netcfg/link_wait_timeout string 10
# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true
# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually
# Static network configuration.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.18
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string myhost
d-i netcfg/get_domain string local.mydomain.tld
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
# Disable that annoying WEP key dialog.
#d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true
### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
#d-i mirror/http/hostname string ftp.fr.debian.org
d-i mirror/http/hostname string miroirs.local.mydomain.tld
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Suite to install.
#d-i mirror/suite string testing
# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string testing
### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo).
d-i passwd/root-login boolean true
# Alternatively, to skip creation of a normal user account.
#d-i passwd/make-user boolean false
# Root password, either in clear text
#d-i passwd/root-password password myrootpassword
#d-i passwd/root-password-again password myrootpassword
# or encrypted using a crypt(3) hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]
d-i passwd/root-password-crypted password $6$UTTH6tIRhRNhTtPE$AccCkpLuZoba/7p.gRSAv2WESYJjIxxRKi7ycoX7narXBC5tZ1
# To create a normal user account.
d-i passwd/user-fullname string My User Name
d-i passwd/username string myuser
# Normal user's password, either in clear text
#d-i passwd/user-password password myuserpassword
#d-i passwd/user-password-again password myuserpassword
# or encrypted using a crypt(3) hash.
d-i passwd/user-password-crypted password $6$phLrkvjv8QxeuClk$sw1UBA7xTDLCAcEjg9afebyqYTjhZAdZBTUkZ9nvvR6G4S5jhb.
# Create the first user with the specified UID instead of the default.
#d-i passwd/user-uid string 1010
# The user account will be added to some standard initial groups. To
# override that, use this.
d-i passwd/user-default-groups string audio cdrom video sudo plugdev dip netdev
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Paris
# Controls whether to use NTP to set the clock during the install
#d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
d-i clock-setup/ntp-server string 192.168.1.25
### Partitioning
## Partitioning example
# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
#d-i partman-auto/init_automatically_partition select biggest_free
# Keep that one set to true so we end up with a UEFI enabled
# system. If set to false, /var/lib/partman/uefi_ignore will be touched
d-i partman-efi/non_efi_system boolean true
# enforce usage of GPT - a must have to use EFI!
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string lvm
# You can define the amount of space that will be used for the LVM volume
# group. It can either be a size with its unit (eg. 20 GB), a percentage of
# free space or the 'max' keyword.
d-i partman-auto-lvm/guided_size string max
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
#d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
#d-i partman-auto/choose_recipe select enedwaith
# Or provide a recipe of your own...
# If you have a way to get a recipe file into the d-i environment, you can
# just point at it.
#d-i partman-auto/expert_recipe_file string /hd-media/recipe
### Description: for internal use; can be preseeded
# Default filesystem used for new partitions
d-i partman/default_filesystem string ext4
# If not, you can put an entire recipe into the preconfiguration file in one
# (logical) line. This example creates a small /boot partition, suitable
# swap, and uses the rest of the space for the root partition:
#d-i partman-auto/expert_recipe string \
# boot-root :: \
# 40 50 100 ext3 \
# $primary{ } $bootable{ } \
# method{ format } format{ } \
# use_filesystem{ } filesystem{ ext3 } \
# mountpoint{ /boot } \
# . \
# 500 10000 1000000000 ext3 \
# method{ format } format{ } \
# use_filesystem{ } filesystem{ ext3 } \
# mountpoint{ / } \
# . \
# 64 512 300% linux-swap \
# method{ swap } format{ } \
# .
d-i partman-auto-lvm/new_vg_name string vg00
d-i partman-auto/expert_recipe string \
boot-root :: \
256 500 320 ext4 \
$primary{ } \
$bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ boot } \
mountpoint{ /boot } \
. \
538 538 1075 free \
$iflabel{ gpt } \
$reusemethod{ } \
method{ efi } \
format{ } \
. \
100% 2048 200% linux-swap \
lv_name{ swap } \
method{ swap } format{ } \
$lvmok{ } \
. \
10000 2260000 100000 ext4 \
lv_name{ root } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ root } \
mountpoint{ / } \
options/relatime{ relatime } \
options/errors{ errors=remount-ro } \
$lvmok{ } \
. \
4000 904000 250000 ext4 \
lv_name{ home } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ home } \
mountpoint{ /home } \
options/nodev{ nodev } \
options/relatime{ relatime } \
$lvmok{ } \
. \
10000 2260000 2500000 ext4 \
lv_name{ var } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ var } \
mountpoint{ /var } \
options/relatime{ relatime } \
$lvmok{ } \
. \
4000 904000 250000 ext4 \
lv_name{ var_log } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ log } \
mountpoint{ /var/log } \
options/nodev{ nodev } \
options/nosuid{ nosuid } \
options/noexec{ noexec } \
options/relatime{ relatime } \
$lvmok{ } \
. \
4000 904000 250000 ext4 \
lv_name{ var_log_audit } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ audit } \
mountpoint{ /var/log/audit } \
options/relatime{ relatime } \
$lvmok{ } \
. \
2000 452000 8000 ext4 \
lv_name{ var_tmp } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ vartmp } \
mountpoint{ /var/tmp } \
options/nodev{ nodev } \
options/nosuid{ nosuid } \
options/noexec{ noexec } \
options/relatime{ relatime } \
$lvmok{ } \
. \
2000 452000 8000 ext4 \
lv_name{ tmp } \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ tmp } \
mountpoint{ /tmp } \
options/nodev{ nodev } \
options/nosuid{ nosuid } \
options/noexec{ noexec } \
options/relatime{ relatime } \
$lvmok{ } \
. \
1 1 -1 ext4 \
lv_name{ todelete} \
method{ lvm } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ todelete } \
mountpoint{ /todelete } \
options/nodev{ nodev } \
options/nosuid{ nosuid } \
options/noexec{ noexec } \
options/relatime{ relatime } \
$lvmok{ } \
.
# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
### Description: Keep current partition layout and configure LVM?
# After the Logical Volume Manager is configured, no additional changes
# to the partitions in the disks containing physical volumes are
# allowed. Please decide if you are satisfied with the current
# partitioning scheme in these disks before continuing.
d-i partman-lvm/confirm_nochanges boolean false
## Controlling how partitions are mounted
# The default is to mount by UUID, but you can also choose "traditional" to
# use traditional device names, or "label" to try filesystem labels before
# falling back to UUIDs.
#d-i partman/mount_style select uuid
# You now have the option to scan additional CDs or DVDs for use by the
# package manager (apt). Normally these should be from the same set as the
# installation CD/DVD. If you do not have any additional CDs or DVDs
# available, this step can just be skipped.
# .
# If you wish to scan another CD or DVD, please insert it now.
d-i apt-setup/cdrom/set-first boolean false
### Description: for internal use; can be preseeded
# When set to true, apt-setup always disables cdrom entries from APT's
# configuration. Otherwise, it disables them only when a netinst image
# has been used.
# .
# This option can be preseeded for automated installations that should
# not reference the installation media in the target system.
d-i apt-setup/disable-cdrom-entries boolean true
### Base system installation
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false
# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
d-i base-installer/kernel/image string linux-image-amd64
### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# Uncomment this if you don't want to use a network mirror.
#d-i apt-setup/use_mirror boolean false
# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
d-i apt-setup/services-select multiselect security, updates, release updates, backports
d-i apt-setup/security_host string debsecure.net.enedwaith.org
d-i apt-setup/security_path string /debian-security
### Description: Enable source repositories in APT?
# By default source repositories are listed in /etc/apt/sources.list (with
# appropriate "deb-src" lines) so that "apt-get source" works. However, if
# you don't need this feature, you can disable those entries and save some
# bandwidth during "apt-get update" operations.
d-i apt-setup/enable-source-repositories boolean true
# Additional repositories, local[0-9] available
#d-i apt-setup/local0/repository string \
# http://local.server/debian stable main
#d-i apt-setup/local0/comment string local server
# Enable deb-src lines
#d-i apt-setup/local0/source boolean true
# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
#d-i apt-setup/local0/key string http://local.server/key
# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
#d-i debian-installer/allow_unauthenticated boolean true
# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386
### Description: Drivers to include in the initrd:
# The primary function of an initrd is to allow the kernel to mount the
# root file system. It therefore needs to contain all drivers and supporting
# programs required to do that.
# .
# A generic initrd is much larger than a targeted one and may even be so
# large that some boot loaders are unable to load it but has the advantage that
# it can be used to boot the target system on almost any hardware. With the
# smaller targeted initrd there is a very small chance that not all needed
# drivers are included.
d-i base-installer/initramfs-tools/driver-policy select include all available drivers
# Possible choices: generic: include all available drivers, targeted: only include drivers needed for this system
### Package selection
#d-i tasksel/first multiselect standard, ssh-server
#d-i tasksel/remove multiselect desktop, gnome-desktop, xfce-desktop, kde-desktop, cinnamon-desktop, mate-desktop, lxde-desktop, lxqt-desktop, web-server, print-server, laptop
tasksel tasksel/first multiselect standard
tasksel tasksel/remove multiselect desktop, print-server
#d-i tasksel/tasks multiselect none
#d-i tasksel/desktop multiselect none
# Pour la configuration de wireshark
d-i wireshark-common/install-setuid boolean false
# Pour la configuration de console-data
d-i console-data/keymap/policy select keymap from arch list
d-i console-data/keymap/family select azerty
d-i console-data/keymap/template/layout select French
d-i openssh-server/permit-root-login boolean false
# d-i console-data/keymap/template/variant select
# Suppress Strongswan Runlevel changes Note prompt
d-i strongswan/runlevel_changes note
d-i strongswan-starter/runlevel_changes note
# Individual additional packages to install
d-i pkgsel/include string apt \
aide aide-common apparmor-profiles apparmor-profiles-extra apparmor-utils \
apt-show-versions apt-transport-https audispd-plugins auditd \
bsd-mailx chafa cifs-utils console-common console-data cracklib-runtime curl \
dateutils dirmngr dselect elinks elinks-data elinks-doc \
exim4-base exim4-config exim4-daemon-light exuberant-ctags fakeroot \
fontconfig-config fonts-dejavu-core fonts-droid-fallback fonts-noto-mono \
ghostscript gnupg gnupg2 gnupg-l10n gnupg-utils gpg gpg-agent gpgconf gpgsm \
gpg-wks-client gpg-wks-server gpm grc gsfonts htop imagemagick-6-common ipcalc-ng \
jq keyutils libpam-pwquality links lshw lynx lynx-common \
mlocate neofetch net-tools nmap nmap-common openssh-server patch \
perl-openssl-defaults:amd64 pinentry-curses poppler-data prelude-utils psmisc \
pwgen python3-apparmor python3-libapparmor rsync shorewall shorewall-init shorewall6 \
sudo syslinux-utils tcpdump tree tshark ulogd2 unzip vim vim-doc vim-runtime \
whois wireshark-common wireshark-doc apt-file \
libauthen-pam-perl libio-pty-perl libnet-ssleay-perl libsocket6-perl \
libauthen-libwrap-perl isc-dhcp-server bind9-doc bind9 \
geoip-bin geoip-database-extra geoipupdate ntpdate libnetaddr-ip-perl \
libio-interface-perl ntp ntp-doc libnet-interface-perl chkboot chkrootkit \
openvpn openvpn-systemd-resolved bashtop iptraf-ng nethogs iotop bmon
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select safe-upgrade
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
popularity-contest popularity-contest/participate boolean false
### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
#d-i grub-installer/with_other_os boolean tru
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
d-i grub-installer/bootdev string /dev/sda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev string default
# Alternatively, if you want to install to a location other than the mbr,
# uncomment and edit these lines:
#d-i grub-installer/only_debian boolean false
#d-i grub-installer/with_other_os boolean false
#d-i grub-installer/bootdev string (hd0,1)
# To install grub to multiple disks:
#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1)
# Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme
# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
#d-i finish-install/keep-consoles boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
#d-i cdrom-detect/eject boolean false
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
# debconf-get-selections --installer > file
# debconf-get-selections >> file
#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
#d-i preseed/late_command string in-target /cdrom/scripts/update-fstab.sh
d-i preseed/late_command string \
cp -pR /cdrom/scripts /target/root; \
cp -pR /cdrom/conffiles /target/root; \
in-target bash -c 'apt -q -y -t buster-backports install systemd libnss-resolve linux-image-5.9.0-0.bpo.2-rt-amd64-unsigned linux-image-5.9.0-0.bpo.2-rt-amd64-dbg'; \
in-target bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y -q strongswan libstrongswan-extra-plugins libcharon-extra-plugins'; \
in-target bash -c 'perl /root/scripts/update-interfaces.pl /root/conffiles/nas /root/conffiles/nas/fw-model gw'; \
in-target bash -c '/root/scripts/update-initial-setup.sh nas';
# in-target bash /root/scripts/update-systems.sh; \
# in-target bash /root/scripts/update-cron.sh; \
# in-target apt-get -y autoremove;
# /target/usr/bin/bash /cdrom/scripts/update-conffiles.sh > /target/root/update-conffiles.log 2>&1; \
# in-target bash /root/scripts/update-firewall.sh > /root/update-firewall.log 2>&1; \
# in-target bash /root/scripts/update-cron.sh > /root/update-cron.log 2>&1; \
# in-target bash /root/scripts/update-systems.sh > /root/update-systems.log 2>&1; \
# in-target rm -fr /root/scripts > /root/rm.log 2>&1; \
# in-target bash -c 'update-grub2' > /root/intarget.log 2>&1; \
# in-target bash -c 'aideinit' > /root/aideinit.log 2>&1; \
# in-target bash -c 'shorewall compile' > /root/shorewall.log 2>&1; \
# in-target bash -c 'find /var/log -type f -exec chmod g-wx,o-rwx "{}" + -o -type d -exec chmod g-w,o-rwx "{}" +';
Merci encore je suis entrain de regarder tout ca.
J’avais fait ce tuto sur le forum Ubuntu mais depuis je suis sur debian et normalement il fonctionne (j’ai utilisé la même méthode pour mettre en place mon serveur sur debian) :
Il ne parle pas du pressed par contre, il ne parle que de la partie demarrage réseau
Merci nicolas lien très utile comme les autres
Pour info, le pressed que j’utilise :
d-i debian-installer/locale string fr_FR
d-i keyboard-configuration/xkb-keymap select fr(latin9)
d-i netcfg/choose_interface select auto
d-i netcfg/wireless_wep string
d-i mirror/country string manual
#Serveur CacheAPT
#d-i mirror/http/hostname string http://10.3.3.232:9999
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i passwd/root-password password mdp
d-i passwd/root-password-again password mdp
d-i passwd/user-fullname string sysadmin
d-i passwd/username string sysadmin
d-i passwd/user-password password mdp
d-i passwd/user-password-again password mdp
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Paris
d-i clock-setup/ntp boolean true
d-i apt-setup/use_mirror boolean false
d-i apt-setup/no_mirror boolean true
d-i apt-setup/services-select multiselect security, updates
#Serveur APT
#d-i apt-setup/security_host string 10.3.3.232:9999
#tasksel tasksel/first multiselect standard, ssh-server
d-i pkgsel/upgrade select full-upgrade
popularity-contest popularity-contest/participate boolean false
d-i finish-install/reboot_in_progress noteTu n’as pas de partman dans ton preseed?
Non je préfère effectuer cette étape manuellement