Installation of a new Linux PC via opsi (OS-Installation)

opsi Linux netboot products based on the distibution installer

  • Like with the unattended Windows installation, the Linux installer is equipped with an answer file to configure the unattended installation.

  • The installer of a distribution is not like with Windows an executable program, but is a combination of the distribution kernel and initrd implementation.

  • The system installation including partitioning, LVM, and all the basic software, are performed by the installers and not by the bootimage anymore.

  • For the Suse and RedHat like distributions, the installation sources have to be provided by you by introducing the DVD as an ISO-file on the depot share. This is comparable to the Windows installation, with the difference that the Windows installation files are stored in a different place and stored as the content of the DVD and not as an ISO file.

  • The installation of Linux Mint uses the content of the official installation media provided via an NFS share.

  • For the Debian like distributions, the installation sources are taken from the internet. Just the netboot versions of the distribution kernel with the associated initrd are placed on the depot share. These files are small, so they are included in the opsi package.
    Since opsi 4.0.7 it is also possible to provide for some netboot products a local http repository.

  • For further maintenance of the installation the opsi-linux-client-agent can be installed with the basic installation.

Description of the automated installation process:

  1. The opsi-linux-bootimage boots, deletes the partition table and creates a small temporary partition.

  2. The opsi-linux-bootimage fetches the initrd for the distribution and unpacks it on the temporary partition.

  3. The opsi-linux-bootimage fetches the generic answer file, patches it (personalisation) and moves it to the initrd directory.

  4. The opsi-linux-bootimage creates some helper scripts and configuration files (e.g. for installing the opsi-linux-client-agent) and moves them to the initrd directory.

  5. The opsi-linux-bootimage packs the patched initrd directory

  6. The opsi-linux-bootimage boots the distribution kernel with the patched initrd per kexec.

  7. The distribution kernel with the patched initrd performs the unattended installation of the target system and finally installs the opsi-linux-client-agent.

Advantages:

  • The installation is done as specified by the distributor, which is of special importance for providing support in the business context.

  • The opsi integration of new releases is easier and faster available.

  • For Suse, RedHat, Linux Mint like distributions and Ubuntu 22-04, the installation is done from the sources on the opsi-server, and therefore is faster and more stable than installing from the internet repositories.

Providing the installation media on the server via NFS

This affects SUSE like product prior to version 4.2.0.2-1, Redhat like distributions prior to version 4.2.0.3-1 and Linux Mint packages prior to version 4.2.0.2-1. Later on the new variant is explained.

For Suse. RedHat and Linux Mint like distributions, the installation media is provided by an additional nfs-share: opsi_nfs_share.

To configure this share, there must be a NFS server installed and configured on the opsi-server:

Since opsi v4.0.6 stable this is done by the special package opsi-linux-support. This package is not installed by default and must be installed manually once, e.g.

apt install opsi-linux-support

If a firewall is running on your system you need to configure it to accept TCP connections at port 80. Please consult the appropriate manual on how to do this.

The opsi-linux-support package performs the following tasks:

  • Installation of the applicable nfs-server package on the opsi-server. For Debian, Ubuntu, Suse this is the package: nfs-kernel-server. For Centos, Redhat it is the package nfs-utils.

  • The share opsi_nfs_share is created and exported:

    • Create directory:
      mkdir -p /var/lib/opsi/depot/opsi_nfs_share

    • Add the share entry to /etc/exports:
      /var/lib/opsi/depot/opsi_nfs_share *(ro,no_root_squash,insecure,async,subtree_check)

    • Activate the export:
      exportfs -r

    • Check the successful export:
      showmount -e localhost
      The output should be:
      Export list for localhost:
      /var/lib/opsi/depot/opsi_nfs_share *

  • The share opsi_nfs_share has the following directory structure:
    opsi_nfs_share/<productId>/<arch>/<dvd>.iso
    example:
    opsi_nfs_share/opensuse15-2/64/openSUSE-15.2-DVD-x86_64.iso
    The installation file must have an extension .iso, the name of the file does not matter. If there are several .iso files in the same directory, it is not specified which one to use.
    However the Linux Mint installation requires the installation media content, including hodden directories, to be copied into the specific opsi_nfs_share subdirectory.

  • Copy the installation DVD to the opsi_nfs_share and execute:
    opsi-set-rights /var/lib/opsi/depot/opsi_nfs_share
    IMPORTANT: use the standard installation DVDs of the distribution. Modified installation DVDs might have a different structure and therefore cannot be used in this context.

  • If for any reasons the directory /var/lib/opsi/depot/opsi_nfs_share cannot be exported by the opsi-server per NFS (for instance because the depot share is already a NAS NFS share), so the NFS share to be used can be specified by a server config. Like clientconfig.opsi_nfs_share=172.16.166.1:/var/lib/opsi/depot/opsi_nfs_share

  • The product ubuntu22-04 a .iso file has to be placed in the iso directory within the package directory in the depot.

Providing the installation media on the server via opsiconfd WebDAV

This affects SUSE like product after to version 4.2.0.2-1, Redhat like distributions after to version 4.2.0.3-1 and Linux Mint packages after to version 4.2.0.2-1.

RedHat and SUSE like distributions along with Linux Mint and Ubunut 22-04 in the above mentioned versions do not use the NFS method anymore. Instead the opsiconfd WebDAV server is used to distribute the installation media. For this case each of those netboot packages contains a iso or isocontent subdirectory.

The iso subdirectory shall contain an ISO image of the specific distribution. On the other hand the isocontent directory shall contain the contents of an ISO image, including files starting with a dot.

Here is an example how to fill the isocontent directory.

mount SLE-15-SP3-Full-x86_64-GM-Media1.iso /mnt
cp -r /mnt/* /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.treeinfo /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.discinfo /var/lib/opsi/depot/sles15-3/isocontent/
umount /mnt

Please note: the file .discinfo is not present on all distribution installation media and might be missing.

Common properties of the Linux netboot products based on the distibution installer

The following properties are available with all v406 netboot products to configure the Linux installation:

  • askbeforeinst:
    Starting an installation has to be confirmed from the client console? (Default='true')

  • architecture:
    architecture selection, which affects the selection of bootimages and the installation architecture. (Default='64bit')

  • language or locale:
    Which language / locale is to be installed. (Default=distribution dependent / 'de')

  • console_keymap: (not present in ubuntu22-04!)
    keyboard layout to be installed. (Default=distribution dependent / 'de')

  • timezone:
    Timezone to be installed?. (Default='Europe/Berlin')

  • root_password:
    root password. (Default='linux123')

  • user_password:
    user password. (Default='linux123')

  • proxy:
    Proxystring (if required) as: 'http://<ip>:<port'
    (Default='')

  • install_opsi-client-agent:
    Install the Linux opsi-client-agent (co-funded project: a module file is required for activation. (Default='true')

  • setup_after_install:
    Which opsi products should be installed after the installation of the operating system (opsi products set to setup). (Default='')

The products debian10, debian11 and ubuntu18-04, ubuntu20-04, ubuntu22-04 and mint20-1, mint20-2, mint20-3, mint21

The basic OS installation files are taken from the distribution repositories.

This product has the productive state.

This product has the following additional properties, some are not present in the netboot package ubuntu22-04:

  • online_repository:
    distribution repository for the installation. (only for the Debian/Ubuntu family) (Default=distribution dependent)

  • encrypt_password: (not present in ubuntu22-04!)
    Password for disk encryption (only if encrypt_logical_volumes=true)
    Example: linux123 Default: linux123

  • partition_disk: (not present in ubuntu22-04!)
    Disk to use.: first or complete device path Examples: "first", "/dev/sda", "/dev/sdb"
    Default: first

  • partition_method:
    The method use for partitioning of the disk:
    regular: use the usual partition types for your architecture (direct in ubuntu22-04) / lvm: use LVM to partition the disk / crypto: use LVM within an encrypted partition (not present in ubuntu22-04!)
    Possible: "regular" or "direct", "lvm", "crypto"
    Default: lvm

  • partition_recipe: (not present in ubuntu22-04!)
    The kind of partitions that will be used:
    atomic: all files in one partition / home: separate /home partition / multi: separate /home, /usr, /var, and /tmp partitions
    Possible: "atomic", "home", "multi"
    Default: atomic

  • desktop_package:
    Desktop package to install (standard = no desktop) (only for the Debian/Ubuntu family) Possible: "standard", "ubuntu-desktop", "kubuntu-desktop", "lubuntu-desktop", "xubuntu-desktop", "ubuntu-gnome-desktop"
    Default: standard

  • language_packs:
    Possible: "ar", "bg", "by", "cf", "de", "dk", "en", "es", "et", "fa", "fi", "fr", "gr", "il", "it", "kg", "kk", "lt", "mk", "nl", "no", "pl", "ro", "ru", "sg","sr", "ua", "uk", "us", "wo"
    Default: de

  • installation_method:
    Offers a possibility to bypass the kexec in case it fails. The alternate method installs a minimal installation on the local disk and reboot from it. This property currently works with debian10, ubuntu18-04 and ubuntu20-04 in UEFI. Possible: "kexec", "reboot"
    Default: kexec

The product ucs44

The basic OS installation files are taken from the the official UCS repositories.

This product has a productive state. With this product one can install a master, slave, backup and even a memberserver. It is recommended to use the l-opsi-server localboot product to make an opsi server out of the UCS machine. Memberserver are supported when an opsi server is installed through l-opsi-server. This localboot products makes special adjustments to the server, so it can deploy clients like other UCS roles.

This product has the same properties as described above for debianX or ubuntuX and the following additional ucs specific properties:

  • dns_domain:
    The DNS domain name: Example: example.com Default: ucs.test

  • ldap_base:
    The ldap base. Example: dc=example,dc=com Default: dc=ucs,dc=test

  • ucs_code_name:
    The code name of the ucs version that is provided in the repository.
    Example: ucs414 Default: ucs414

  • organisation:
    The name of the organisation that will be used for the ucs installation.
    Example: uib gmbh Default: uib gmbh

  • windomain:
    The name of the Samba/Windows domain.
    Example: MYDOMAIN Default: MYDOMAIN

  • external_nameserver:
    Which nameserver is included to the ucs installation ?
    Example: 10.11.12.13 Default: auto = the name server given by dhcp

  • ucs_master_ip:
    What is the IP Number of the UCS Domain Controller (needed for other roles to join) ?
    Example: 10.10.10.10 Default: 10.10.10.10

  • ucs_master_admin_password:
    What is the password of the user Administrator of the UCS Domain Controller (needed for other roles to join) ?
    Example: linux123 Default: linux123

  • ucs_role:
    Which UCS role should be installed ?
    Possible: "domaincontroller_master", "domaincontroller_backup", "domaincontroller_slave", "memberserver", "base"
    Default: domaincontroller_master

The products sles12sp3, sles12sp4, sles12sp5, sles15-1, sles15-2, sles15-3, sles15-4

This product has the following additional properties:

name: productkey
multivalue: False
editable: True
description: email:regcode-sles for suse_register. Is only used if the  host parameter  `license-management.use` is set to  false . If it set to  True  the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences.
values: ["", "myemail@example.com:xxxxxxxxxxxxxx"]
default: [""]

name: suse_register
description: set to false, if you don't want to register your system online, if you set this to false you have to give local repositories
default: True

name: local_repositories
multivalue: True
editable: True
description: list of local repositories to use. Syntax: "repository description", example entry: "http://sles.example.com/suse/repo NameForRepo"
values: [""]
default: [""]

name: install_unattended
description: If false then do interactive installation
default: True
Source of installation

To download the installation DVD you need an account on SUSE. Prior to version 4.2.0.2-1: Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/sles15-3/64/ After version 4.2.0.2-1 Copy the ISO image content to /var/lib/opsi/depot/sles15-3/isocontent/ Please don’t forget to execute opsi-set-rights.

Videos (time lapse)

The following video shows an installation.
It is made with one frame per second and because of that, the installation that you see it is much more faster than a normal installation.

The products redhat8, redhat9 and alma8, alma9 and rocky8, rocky9

This product has the following additional properties:

name: install_unattended
description: If false then do interactive installation
default: True

name: selinux_mode
multivalue: False
editable: False
description: In which mode should SELinux run ?
values: ["enforcing", "permissive", "disabled"]
default: ["permissive"]

name: partition_method
multivalue: False
editable: False
description: plain: Regular partitions with no LVM or Btrfs. / lvm: The LVM partitioning scheme. / btrfs: The Btrfs partitioning scheme. / thinp: The LVM Thin Provisioning partitioning scheme.
values: ["plain", "lvm", "btrfs", "thinp"]
default: ["lvm"]

name: productkey
multivalue: False
editable: True
description: email:regcode for subscription_register. Is only used if the  host parameter  `license-management.use` is set to  false . If it set to  True  the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences.
values: ["", "myemail@example.com:xxxxxxxxxxxxxx"]
default: [""]

name: subscription_register
description: set to false, if you don't want to register your system online, you need to set this to false and you have to introduce your local repository
default: True
Source of installation AlmaLinux

Download the installation DVD here, e.g. from here. Prior to version 4.2.0.3-1 Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/alma8/64/ After version 4.2.0.3-1 Copy the ISO image content to /var/lib/opsi/depot/alma8/isocontent/ Please don’t forget to execute opsi-set-rights.

Source of installation RedHat

To download the installation DVD you need an account on RedHat. Prior to version 4.2.0.3-1 Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/redhat8/64/ After version 4.2.0.3-1 Copy the ISO image content to /var/lib/opsi/depot/redhat8/isocontent/ Please don’t forget to execute opsi-set-rights.

Source of installation RockyLinux

Download the installation DVD here, e.g. from here. Prior to version 4.2.0.3-1 Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/rocky8/64/ After version 4.2.0.3-1 Copy the ISO image content to /var/lib/opsi/depot/rocky8/isocontent/ Please don’t forget to execute opsi-set-rights.

Videos (time lapse)

The following video shows an installation.
It is made with one frame per second and because of that, the installation that you see it is much more faster than a normal installation.

Linux netboot products with generic installer

Without distribution installer

Basic OS installation per netboot

To install Linux on a client, at the beginning the standard opsi-linux-bootimage boots per netboot. It is the same image as the one used for the Windows installation.
The bootimage automatically performs the partitioning and formatting of the hard disc (/ and swap). Next the installation of the basic Linux Operating System is performed (including network and ssh, but without X11). The installation process itself is quite different for the individual distributions, but has in common, that the installation is performed directly from the original distribution packages.

The opsi-client-agent for Linux can be installed, which enables the automated installation and configuration of further software packages.

The opsi-client-agent for Linux is available as a co-funded opsi extension module, the required opsi netboot products for Linux installation are available as free Open Source modules.

Because the base installation is done from the Standard opsi-linux-bootimage, there are some distribution dependent differences, that have to be installed and configured after the first reboot of the installed system. This is for example the SELinux installation of the 'RedHat like' or the keyboard configuration of the 'Debian like' systems. These after boot installations and patches are done by the standard localboot

Common properties of Linux netboot products (generic installer)

The following properties for controlling the Linux installation are available with all netboot products:

  • askbeforeinst:
    confirm start of the new installation on the client? (default='true')

  • architecture:
    architecture selection - affects the selection of the bootimage and the installation architecture. (default='64bit')

  • system_partition_size:
    size of the system partition - the size may be given as percent of the hard disk size or as absolute size (G=Gigabyte). If you choose another value than 100%, the remaining rest will be used as data_partition. (default='100%')

  • swap_partition_size: +size of the swap partition. (default='2000M')

  • data_partition_create:
    create a data partition if there is some space left. (true/false) (default='true')

  • language:
    language / locale to be installed (default='de')

  • timezone:
    time zone to be configured (default='Europe/Berlin')

  • root_password:
    root password (default='linux123')

  • user_password:
    user password (default='linux123')

  • online_repository:
    repository to use for installation - repository of the Linux distribution to be used for installation (not for SLES) (default = distribution dependent)

  • proxy :
    proxystring (if required) as: 'http://<ip>:<port>'
    (default='')

  • additional_packages:
    additional packages to install. Packages names separated by blanks. (default='')

  • install_opsi-client-agent:
    install the Linux opsi-client-agent (cofunding project: has to be activated by the /etc/opsi/modules) (default='false')

  • release:
    (Debian and Ubuntu only)
    which release of the distribution is to be installed? (default = distribution dependent)

  • setup_after_install:
    opsi product(s) to be installed after the OS installation is done (opsi products to be set to 'setup') (default='l-os-postinst')

Ubuntu

The basic installation is performed per debootstrap directly from the network.

This product has the status 'productive'.

It is UEFI/GPT compatible.

Debian

The basic installation is performed per debootstrap directly from the network.

This product has the status 'productive'.

It is UEFI/GPT compatible.

For this product applicable opsi-server packets are available, that can be installed by setting 'install_opsi_server=true'.