corrected Debian Guide

sus-admin · sus-admin · commit 7783aaccedd0 · 2024-12-09T21:27:21.000-05:00
diff --git a/_includes/example-preseed-excerpt.txt b/_includes/example-preseed-excerpt.txt
@@ -0,0 +1,42 @@
+### Apt setup
+# Choose, if you want to scan additional installation media
+# (default: false).
+d-i apt-setup/cdrom/set-first boolean false
+# You can choose to install non-free firmware.
+#d-i apt-setup/non-free-firmware boolean true
+# You can choose to install non-free and contrib software.
+#d-i apt-setup/non-free boolean true
+#d-i apt-setup/contrib boolean true
+# Uncomment the following line, if you don't want to have the sources.list
+# entry for a DVD/BD installation image active in the installed system
+# (entries for netinst or CD images will be disabled anyway, regardless of
+# this setting).
+#d-i apt-setup/disable-cdrom-entries boolean true
+# Uncomment this if you don't want to use a network mirror.
+#d-i apt-setup/use_mirror boolean false
+# Select which update services to use; define the mirrors to be used.
+# Values shown below are the normal defaults.
+#d-i apt-setup/services-select multiselect security, updates
+#d-i apt-setup/security_host string security.debian.org
+
+# Additional repositories, local[0-9] available
+#d-i apt-setup/local0/repository string \
+#       http://local.server/debian stable main
+#d-i apt-setup/local0/comment string local server
+# Enable deb-src lines
+#d-i apt-setup/local0/source boolean true
+# URL to the public key of the local repository; you must provide a key or
+# apt will complain about the unauthenticated repository and so the
+# sources.list line will be left commented out.
+#d-i apt-setup/local0/key string http://local.server/key
+# or one can provide it in-line by base64 encoding the contents of the
+# key file (with `base64 -w0`) and specifying it thus:
+#d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo=
+# The content of the key file is checked to see if it appears to be ASCII-armoured.
+# If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension.
+# "keybox database" format is currently not supported. (see generators/60local in apt-setup's source)
+
+# By default the installer requires that repositories be authenticated
+# using a known gpg key. This setting can be used to disable that
+# authentication. Warning: Insecure, not recommended.
+#d-i debian-installer/allow_unauthenticated boolean true
diff --git a/_posts/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md
@@ -163,16 +163,10 @@ Configure the Cobbler Profile to use the new autoinstall (preseed) template:
 cobbler profile edit --name Debian12.8-x86_64 --autoinstall 'bookworm-sample.seed'
 ```
 
-Create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System.
+Finally, create a new Cobbler System to PXE boot and automatically install Debian 12 Bookworm, replacing the *"aa:bb:cc:dd:ee:ff"* with the MAC address of your PXE client, being sure not to use a duplicate MAC or IP addresse of any other Cobbler System, then sync up Cobbler.
 
 ```shell
 cobbler system add --name "Debian12.8" --profile Debian12.8-x86_64 --hostname "debian12-8" --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true --ip-address "10.0.0.12" --netmask "255.255.255.0" --gateway "10.0.0.1" --name-servers "10.0.0.1 1.1.1.1 8.8.8.8"
-```
-
-Finally, restart and sync up Cobbler:
-
-```shell
-systemctl restart cobblerd && sleep 10
 cobbler sync
 ```
 
@@ -199,7 +193,6 @@ cobbler profile edit --name Debian11.11-x86_64 --autoinstall bullseye-sample.see
 
 cobbler system add --name Debian11.11 --profile Debian11.11-x86_64 --mac-address "aa:bb:cc:dd:ee:ff" --netboot-enabled true
 
-systemctl restart cobblerd && sleep 10
 cobbler sync
 ```
 
@@ -225,7 +218,6 @@ Follow the instructions for supporting Debian deployments/repos given from the `
 yum install -y debmirror debian-keyring
 sed -i "s/@arches/#@arches/g" /etc/debmirror.conf
 sed -i "s/@dists/#@dists/g" /etc/debmirror.conf
-systemctl restart cobblerd && sleep 5
 cobbler sync
 cobbler check
 ```
@@ -280,7 +272,6 @@ Add a Cobbler Distro and Profile for the new Debian repo, and the usual HTTP lin
 cobbler distro add --name Debian-latest --arch x86_64 --autoinstall-meta 'tree'='http://@@http_server@@/cblr/links/Debian-latest' --breed debian --os-version bookworm --initrd "/var/www/cobbler/pub/Debian12.8-netboot/initrd.gz" --kernel "/var/www/cobbler/pub/Debian12.8-netboot/vmlinuz"
 cobbler profile add --name Debian-latest --distro Debian-latest --autoinstall bookworm-latest.seed
 ln -s /var/www/cobbler/repo_mirror/Debian-latest /var/www/cobbler/links/Debian-latest
-systemctl restart cobblerd && sleep 5
 cobbler sync
 ```
 
@@ -303,52 +294,11 @@ Now the **PXE Client** should be able to boot from a generic/random MAC address
 
     - The issue stems from the below section of the preseed file, retrieved drectly from Debian's official [stable](https://www.debian.org/releases/stable/example-preseed.txt) and [bookworm](https://www.debian.org/releases/bookworm/example-preseed.txt) example preseed files.
 
-        ```shell
-        ### Apt setup
-        # Choose, if you want to scan additional installation media
-        # (default: false).
-        d-i apt-setup/cdrom/set-first boolean false
-        # You can choose to install non-free firmware.
-        #d-i apt-setup/non-free-firmware boolean true
-        # You can choose to install non-free and contrib software.
-        #d-i apt-setup/non-free boolean true
-        #d-i apt-setup/contrib boolean true
-        # Uncomment the following line, if you don't want to have the sources.list
-        # entry for a DVD/BD installation image active in the installed system
-        # (entries for netinst or CD images will be disabled anyway, regardless of
-        # this setting).
-        #d-i apt-setup/disable-cdrom-entries boolean true
-        # Uncomment this if you don't want to use a network mirror.
-        #d-i apt-setup/use_mirror boolean false
-        # Select which update services to use; define the mirrors to be used.
-        # Values shown below are the normal defaults.
-        #d-i apt-setup/services-select multiselect security, updates
-        #d-i apt-setup/security_host string security.debian.org
-        
-        # Additional repositories, local[0-9] available
-        #d-i apt-setup/local0/repository string \
-        #       http://local.server/debian stable main
-        #d-i apt-setup/local0/comment string local server
-        # Enable deb-src lines
-        #d-i apt-setup/local0/source boolean true
-        # URL to the public key of the local repository; you must provide a key or
-        # apt will complain about the unauthenticated repository and so the
-        # sources.list line will be left commented out.
-        #d-i apt-setup/local0/key string http://local.server/key
-        # or one can provide it in-line by base64 encoding the contents of the
-        # key file (with `base64 -w0`) and specifying it thus:
-        #d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo=
-        # The content of the key file is checked to see if it appears to be ASCII-armoured.
-        # If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension.
-        # "keybox database" format is currently not supported. (see generators/60local in apt-setup's source)
-        
-        # By default the installer requires that repositories be authenticated
-        # using a known gpg key. This setting can be used to disable that
-        # authentication. Warning: Insecure, not recommended.
-        #d-i debian-installer/allow_unauthenticated boolean true
-        ```
-
-    - As seen in the procdures above, `allow_unauthenticated` is set to true, which appears to only permit the installation to START when an untrusted repo mirror is found, but the mirror will be checked again before beginning the `apt-setup` phase, which `allow_unauthenticated` will not override.
+<pre>{% include example-preseed-excerpt.txt path="_includes/example-preseed-excerpt.txt" %}</pre>
+
+1. (continued)
+
+    - As seen in the procedures above, `allow_unauthenticated` is set to true, which appears to only permit the installation to START when an untrusted repo mirror is found, but the mirror will be checked again before beginning the `apt-setup` phase, which `allow_unauthenticated` will not override.
 
         - This means that the `debian-installer` also requires the local APT mirror to be defined using the `d-i apt-setup/local0/repository` & `d-i apt-setup/local0/key` preseed options in order for the PXE client to retrieve the public GPG key for the repo mirror and use it to validate the mirror, which seems to be configured properly through the preseed from Cobbler, verified with the following commands on the `debian-installer` system (and obviously can be done, since the workaround provided in this guide does essentially the same thing):
 
