it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: it-team:fvs
Branches Tags
it-team:main
it-team:fvs
...
pull from: it-team:main
Branches Tags
it-team:main
it-team:fvs
Sign in to create a new pull request.

8 commits
fvs ... main

Author SHA1 Message Date
Raphael Dannecker
233e8e4ecf Improve documentation 2025-04-09 16:08:46 +02:00
Raphael Dannecker
3580a9141b Avoid the need to use ssh keys for ansible connections to localhost 2025-04-09 14:18:17 +02:00
Raphael Dannecker
39d2491e36 Use defaults for kde_desktop_pkg in inventory-sample 2025-04-09 08:38:18 +02:00
Raphael Dannecker
9f5ecfc4f1 Improve documentation about installation via pxe 2025-04-08 18:35:47 +02:00
Raphael Dannecker
0406669109 Add vaultpw to debian installer preseeding 2025-04-08 11:19:19 +02:00
Raphael Dannecker
4f69dc0dfe Merge fvs branch into main 2025-04-08 08:06:36 +02:00
Andreas B. Mundt
92bacc4dd3 Merge branch 'fvs' 2024-03-12 19:45:10 +01:00
andi
24fcf70e1d Initial commit 2024-03-12 17:53:49 +00:00
4 changed files with 92 additions and 24 deletions
Show stats Expand all files Collapse all files

20
doc/install_ontop.md
View file

@ -1,6 +1,12 @@
# Installation on existing client # Installation on existing client
An easy method to test the lmn-client is to run the playbook manual on a fresh installed client. A straightforward way to test the lmn-client is to manually run the playbook on a freshly installed client.
This can be done in the following ways:
On the client using ansible-pull
On the client by checking out the lmn-client repository and running the playbook locally
On a target device by checking out the lmn-client repository locally and executing the playbook against the target device
## Direct call via ansible-pull ## Direct call via ansible-pull
@ -9,10 +15,10 @@ With two simple commands you can install the lmn-client with default configurati
Steps: Steps:
* Install debian on client (via USB or PXE) * Install debian on client (via USB or PXE)
* Install additional packages: ansible * Install additional packages: ansible
`sudo apt install ansible` `sudo apt install ansible`
* Run Playbook * Run Playbook
`ansible-pull -i inventory.yml -l localhost, --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main lmn-client.yml` `sudo ansible-pull --verbose -i inventory-sample.yml -l localhost --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main lmn-client.yml`
## Checkout git and run ansible locally ## Checkout git and run ansible locally
@ -24,10 +30,12 @@ Steps:
* Install debian on client (via USB or PXE) * Install debian on client (via USB or PXE)
* Install additional packages: ansible, git * Install additional packages: ansible, git
`sudo apt install ansible git` `sudo apt install ansible git`
* Checkout Repository * Checkout Repository
`git clone https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git` `git clone https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git`
* Change into repository directory
`cd lmn-client`
* Create inventory * Create inventory
`cp inventory.yml inventory-myschool.yml` `cp inventory-sample.yml inventory-myschool.yml`
* Edit inventory-myschool.yml * Edit inventory-myschool.yml
e.g.: `nano inventory-myschool.yml` e.g.: `nano inventory-myschool.yml`
* Run Playbook * Run Playbook

76
doc/install_pxe.md
View file

@ -2,15 +2,28 @@
* **Using DigitalSouveraeneSchule repository and LinuxMuster.Net tftp** * **Using DigitalSouveraeneSchule repository and LinuxMuster.Net tftp**
Simplest solution. Playbook and default inventory from DigitalSouveraeneSchule codeberg repository. Simplest solution. Playbook and default inventory from DigitalSouveraeneSchule codeberg repository.
Linux kernel and initial Ramdisk from debian repository. Linux kernel and initial Ramdisk from debian repository.
Client must have access to the internet (noproxy group).
* **Using your own repository and LinuxMuster.Net tftp** * **Using your own repository and LinuxMuster.Net tftp**
Here you can use your own inventory and make many custom settings. Here you can use your own inventory and make many custom settings.
Linux kernel and initial Ramdisk from debian repository. Linux kernel and initial Ramdisk from debian repository.
Client must have access to the internet (noproxy group).
* **Using your own repository and livebox tftp** * **Using your own repository and livebox tftp**
Additional kernel and Ramdisk from your own infrastrukture. Additional kernel and Ramdisk from your own infrastrukture.
Client does not need direct internet access.
## Using codeberg repository and LinuxMuster.Net tftp ## Using codeberg repository and LinuxMuster.Net tftp
### Requirements / firewall settings
The computer on which the linuxclient is to be installed must have access to the Internet (add host to noproxy group)
The following resources are downloaded from the internet:
* The repository is provided by codeberg.org
* the Linux kernel, the initial ramdisk and the installation files are loaded from debian.org.
* mscorefonts from Microsoft
### Modification LinuxMuster.Net server ### Modification LinuxMuster.Net server
Create grub config for device group `lmnclient` on your schools server: Create grub config for device group `lmnclient` on your schools server:
@ -25,9 +38,12 @@ set default=1
menuentry 'Installer Debian bookworm (amd64) + preseed + ansible inventory' { menuentry 'Installer Debian bookworm (amd64) + preseed + ansible inventory' {
echo -n "Enter domain join password: " echo -n "Enter domain join password: "
read adpw read adpw
set vaultpw="dummy"
# echo -n "Enter vault password"
# read vaultpw
linux (http,ftp.debian.org)/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux auto=true priority=high \ linux (http,ftp.debian.org)/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux auto=true priority=high \
url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client/raw/branch/fvs/misc/preseed.cfg interface=auto \ url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client/raw/branch/main/misc/preseed.cfg interface=auto \
playbook=lmn-client.yml adpw="${adpw}" --- playbook=lmn-client.yml adpw="${adpw}" vaultpw="${vaultpw}" ---
initrd (http,ftp.debian.org)/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz initrd (http,ftp.debian.org)/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz
} }
``` ```
@ -47,4 +63,52 @@ classroom;mypc01;lmnclient;F2:81:6B:C9:E3:EF;10.0.5.51;;;;classroom-studentcompu
* confirm `hostname` and `domain` (you will be asked in network setup) * confirm `hostname` and `domain` (you will be asked in network setup)
* ... Get a cup of coffee ... wait until reboot ... login (Logging in may take a few minutes after installation) * ... Get a cup of coffee ... wait until reboot ... login (Logging in may take a few minutes after installation)
## Using your own livebox server
## Using your own repository and LinuxMuster.Net tftp
If you fork the lmn-client repository, you can customize the preseeding and inventory to your needs.
Use the instructions in the previous section and customize the repository in `/srv/linbo/boot/grub/lmnclient.cfg`.
It makes sense to encrypt your inventory via `ansible-vault`.
When using encrypted inventories you have to provide the vault password by commenting in the two lines in the `/srv/linbo/boot/grub/lmnclient.cfg`.
## Using your own repository and livebox tftp
The next improvement will be to use your own livebox with following functionalities:
* Providing linux kernel and initial ramdisk for installer
* Can be used as cache for debian packages (aptcacher)
* Can provide mscorefonts and libdvdcss (multimedia codecs)
* Can be used to boot live systems (netboot) via pxe
### Installing the livebox server
* Install debian VM and configure network
* Install additional packages: ansible
`sudo apt install ansible`
* Run livebox playbook
`ansible-pull -i localhost, --url=https://salsa.debian.org/andi/debian-lan-ansible.git -C master livebox.yml`
* Set DNS entry for your new livebox server
### Modification LinuxMuster.Net server
The file `/srv/linbo/boot/grub/lmnclient.cfg` might look like this:
```
# ### NOT managed by linuxmuster.net ###
# edit to your needs
set default=1
menuentry 'Installer Debian bookworm (amd64) + preseed + ansible inventory' {
echo -n "Enter domain join password: "
read adpw
set vaultpw="dummy"
# echo -n "Enter vault password"
# read vaultpw
linux (http,livebox.example.com)/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/linux auto=true priority=high \
url=https://codeberg.org/MySchool/lmn-client/raw/branch/main/misc/preseed-myschool.cfg interface=auto \
playbook=lmn-client.yml adpw="${adpw}" vaultpw="${vaultpw}" ---
initrd (http,livebox.example.com)/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/initrd.gz
}
```

7
inventory-sample.yml
View file

@ -2,10 +2,9 @@
all: all:
vars: vars:
domain: "{{ ansible_domain }}" domain: "{{ ansible_domain }}"
security_defaultuser_login_disable: false
kde_desktop_pkg:
- akonadi-backend-sqlite
# Comment out on productive systems when ssh key is provided
security_defaultuser_login_disable: false
## Proxy configuration (see: doc/localproxy.md) ## Proxy configuration (see: doc/localproxy.md)
# localproxy: true # localproxy: true
@ -59,7 +58,6 @@ all:
# - vim # - vim
# - mc # - mc
# - tmux # - tmux
# - debconf-utils
## WLAN configuration (see: doc/vpn.md): ## WLAN configuration (see: doc/vpn.md):
## ##
@ -105,6 +103,7 @@ all:
hosts: hosts:
localhost: localhost:
ansible_connection: local
laptops: laptops:
children: children:

13
misc/preseed.cfg
View file

@ -50,13 +50,11 @@ d-i apt-setup/contrib boolean true
d-i mirror/country string manual d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian d-i mirror/http/directory string /debian
#d-i mirror/http/proxy string http://10.167.0.253:3142/ #d-i mirror/http/proxy string http://aptcache.pn.steinbeis.schule:3142/
#d-i mirror/http/proxy string http://192.168.1.17:3142/ d-i mirror/http/proxy string
#d-i mirror/http/proxy string http://aptcache.steinbeisschule-reutlingen.de:3142/
d-i mirror/http/proxy string http://aptcache.pn.steinbeis.schule:3142/
# NTP server to use: # NTP server to use:
d-i clock-setup/ntp-server string server.pn.steinbeis.schule #d-i clock-setup/ntp-server string server.pn.steinbeis.schule
### Backports: ### Backports:
#apt-setup-udeb apt-setup/services-select multiselect security, updates, backports #apt-setup-udeb apt-setup/services-select multiselect security, updates, backports
@ -129,10 +127,9 @@ d-i preseed/late_command string \
in-target mount -v -t tmpfs tmpfs /dev/shm ; \ in-target mount -v -t tmpfs tmpfs /dev/shm ; \
echo "$vaultpw" > /target/dev/shm/vaultpw ; \ echo "$vaultpw" > /target/dev/shm/vaultpw ; \
in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \ in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
-l localhost \ --vault-password-file /dev/shm/vaultpw -l localhost \
-i inventory-sample.yml --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C fvs $playbook ; \ -i inventory-sample.yml --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main $playbook ; \
fi fi
## --vault-password-file /dev/shm/vaultpw -l localhost \
# #
## When installing in combination with ansible-pull, ## When installing in combination with ansible-pull,
## export your ansible playbook like: ## export your ansible playbook like: