Using opsi to install Linux

This chapter describes how to install various Linux distributions on a computer without an existing operating system using opsi. Suitable client computers, whether physical or virtual, should meet the following requirements:

  • 2 GB of RAM; Ubuntu 22.04: at least 4 GB of RAM

  • Network card that supports network booting (PXE protocol capability for boot media loading via the network).

Check the settings in the BIOS. Netboot must be activated and be at the top of the boot options so that you can install Linux via opsi.

There are basically two different ways:

Netboot Products (Distribution Installer)

Let’s start with the installer provided by the distribution. Like with the unattended Windows installation, the Linux installer is equipped with an answer file, enabling a non-interactive installation process.

The distribution’s installer is not a standalone program that opsi directly executes. Rather, it comprises the distribution’s kernel and initrd.

The basic OS installation, including tasks like partitioning, LVM setup, and basic software installation, is managed by the installer after initiating the opsi Linux boot image. The method of supplying installation sources varies depending on the Linux distribution or the specific opsi netboot package:

  • Debian-based distributions (Debian, Ubuntu): These distributions acquire their installation sources over the network. The depot share only contains the netboot versions of the kernels and the related initrd files. These files, being relatively small, are included in the opsi package. There are, however, some exceptions:

    • Ubuntu 22.04: The ubuntu22-04 package expects an ISO image in the product’s iso subdirectory.

    • Linux Mint: Starting from version 4.2.0.2-1, the netboot packages expect an ISO image in the product’s iso subdirectory.

  • Distributions based on SUSE and Red Hat: Users provide the installation sources and store an ISO image on the depot share.

TIP: It’s advisable to install not just the operating system, but also the Linux Client Agent for effective management of the new client with opsi.

Installation Process

This is what the individual steps look like during installation with the distribution’s own installer and the opsi-Netboot product:

  1. Boot the opsi Linux boot image, which clears any existing partition tables and creates a small, temporary auxiliary partition.

  2. The opsi Linux boot image retrieves the distribution’s initrd and unpacks it on the temporary partition.

  3. The opsi Linux boot image fetches the generic answer file, patches it (personalizes it,) and moves it to the initrd directory.

  4. The opsi Linux boot image creates some helper scripts and configuration files (e.g. for installing the client agent) and moves them to the initrd directory.

  5. The modified initrd directory is repackaged.

  6. The opsi Linux boot image boots the distribution kernel with the patched initrd via kexec.

  7. The system now performs an unattended installation of the target system and, upon completion, installs the opsi-linux-client-agent.

This method has the following advantages:

  • The installation aligns precisely with the requirements of the distribution, which can be important for organizations with support contracts.

  • Integrating new releases into opsi is simpler and therefore faster.

  • Distributions based on SUSE and Red Hat, as well as Linux Mint and Ubuntu 22.04, are installed from sources located on the opsi server, offering a quicker and more reliable installation compared to using internet repositories.

Installation Media via WebDAV

For distributions based on SUSE and Red Hat, as well as for Linux Mint and Ubuntu 22.04, the official installation media need to be stored on the opsi depot server. Store this data in the iso or isocontent subdirectory of the respective netboot product located in /var/lib/opsi/depot:

  • iso: This directory is for an ISO image.

  • isocontent: This directory holds the contents of an ISO image (similar to the installfiles directory of a Windows netboot package).

To make the contents of an ISO image available, mount the image temporarily, copy the data and the two hidden files .treeinfo and .discinfo recursively, and then unmount the ISO. For instance, for the product sles15-3, the process would go as follows:

mount SLE-15-SP3-Full-x86_64-GM-Media1.iso /mnt
cp -r /mnt/* /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.treeinfo /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.discinfo /var/lib/opsi/depot/sles15-3/isocontent/
umount /mnt
The file .discinfo is not present on all distribution installation media and might be missing.

General Properties

If you select a Netboot product in the opsi-configed management interface, the properties of the product will be displayed in the right-hand pane:

Linux Netboot Product Properties (here: *debian12*)
Figure 1. Linux Netboot Product Properties (here: debian12)

The current Netboot products for Linux installations include the following properties:

  • architecture: Select the architecture for the system you want to install. This also influences the boot image used. (Default: 64bit)

  • askbeforeinst: Should the start of the installation have to be confirmed on the client? (Default: true)

  • console_keymap: Determines the keyboard layout, not under ubuntu22-04. (Default: en or depending on distribution)

  • language or locale: Select the language to be installed (locale). (Default: de DE or depending on distribution)

  • timezone: What’s the time zone of the Linux system? (Default: Europe/Berlin)

  • root_password: Sets the password for root. (Default: linux123)

  • user_name: This is the name of the non-privileged user without root rights. (Default: user)

  • user_password: Sets the password for the user account. (Default: linux123)

  • proxy: If required, enter the address of the proxy server here (http://<ip>:<port>).

  • setup_after_install: Enter a list of opsi products which should be set to setup after the OS installation.

  • install_opsi-client-agent: Installs the Linux client agent at the same time. (Default: true)

The Linux client agent is currently a paid extension. This means that you need an activation file to unlock it. You will receive this file after you have purchased the extension. For evaluation purposes, we’re happy to provide you with a temporary license free of charge. Please contact us via email.

Debian, Ubuntu, and Linux Mint

The following netboot products are currently available for Debian, Ubuntu, and Linux Mint: debian, debian12, debian11, debian10, ubuntu, ubuntu22-04, ubuntu20-04, mint21-2, mint21-1, mint21, mint20-3, mint20-2, and mint20-1 (see opsi Client: supported Linux Distributions).

These distributions generally use network-based installation sources. However, there are exceptions: the ubuntu22-04 and Linux Mint netboot products also require an ISO image in their respective iso subdirectory.

With Ubuntu 22.04’s installer, not all the previously mentioned properties are available in the netboot product.

For Debian-based distributions, the netboot products include some additional properties:

  • online_repository: This is the distribution’s repository for the installation.

  • encrypt_password: (not under ubuntu22-04) Enter a password for the hard disk encryption here; prerequisite: encrypt_logical_volumes=true. (Default: linux123)

  • installation method: This is the installation method; it only works with the UEFI extension. (Default: kexec) Possible values:

    • reboot: A small partition is created and the installer is started from this partition after a reboot.

    • kexec: The opsi Linux boot image starts the installer directly via kexec; there is no reboot.

  • partition_disk: (not under ubuntu22-04) Enter the hard disk to be used, either first or the complete device name, e.g. /dev/sda, /dev/sdb, etc. (default: first). (Default: first)

  • preseed: This is the auto-installation file to be used; it is located in the product directory in the custom folder. On ubuntu22-04, this is autoinstall; other possible values are auto, raid.cfg, raid.yml, etc. (Default: auto)

  • partition_method: Select the method for partitioning the hard disk. (Default: lvm) Possible values are:

    • regular: Standard partitioning (on ubuntu22-04: direct)

    • lvm: Set up LVM system (Logical Volume Manager)

    • crypto: Create LVM in an encrypted partition (not under ubuntu22-04)

  • partition_recipe: Selects a partitioning scheme (not under ubuntu22-04). (Default: atomic) Possible values are:

    • atomic: All data in a single partition

    • home: Separate partition for the home directories (/home)

    • multi: Divide disk into several partitions: /home, /usr, /var, and /tmp

  • desktop_package: Decide on a desktop environment (Debian/Ubuntu only). Possible values: standard, ubuntu-desktop, kubuntu-desktop, lubuntu-desktop, xubuntu-desktop, ubuntu-gnome-desktop (default: standard)

  • language_packs: (not under ubuntu22-04) Install additional languages. Possible values: ar, bg, bg, by, cf, de, dk, en, es, et, fa, fi, fr, gr, il, it, kg, kk, lt, mk, nl, no, pl, ro, ru, sg, sr, ua, uk, us, wo (Default: de)

Univention Corporate Server (UCS)

We also offer a netboot product ucs50 for Univention Corporate Server (UCS) 5.0 (see opsi Client: supported Linux Distributions).

The basic installation process retrieves packages from the official UCS repositories. Our netboot product allows for the installation of various UCS server variants:

  • Primary Directory (Domain Controller Master)

  • Replica Directory Node (Domain Controller Slave)

  • Backup Directory Node (Domain Controller Backup)

  • Managed Node (Member Server)

To transform a UCS system into an opsi server, consider installing the l-opsi-server product.

In addition to the server roles just mentioned, the ucs50 product also allows the installation of clients via a member server, with some unique aspects to consider. Beyond the properties outlined in the section Debian, Ubuntu, and Linux Mint, the ucs50 product includes these specific UCS-related properties:

  • dns_domain: This is the DNS domain name, e.g. example.com. (Default: ucs.test)

  • ldap_base: Configuration of the LDAP base name, e.g. dc=example,dc=com. (Default: dc=ucs,dc=test)

  • ucs_code_name: This is the code name of the UCS version that is provided in the online repository. (Default: ucs501)

  • organization: This is the name of the organization as it is used in the UCS installation. (Default: uib gmbh)

  • windomain: Enter the name of the Samba/Windows domain. (Default: MYDOMAIN)

  • external_nameserver: Enter an external nameserver, either an IP address (e.g. 10.11.12.13) or auto (DHCP server is responsible). (Default: auto)

  • ucs_master_ip: This is the IP address of the primary directory (domain controller master); it is used by the other roles when joining. (Default: 10.10.10.10)

  • ucs_master_admin_password: Enter the administrator password of the UCS domain controller; it is used by the other roles when joining. (Default: linux123)

  • ucs_role: Defines the role of the UCS server, uses the old names. (Default: domaincontroller_master) Possible values are:

    • domaincontroller_master: Primary Directory (Domain Controller master)

    • domaincontroller_backup: Backup Directory Node (Domain Controller Backup)

    • domaincontroller_slave: Replica Directory Node (Domain Controller Slave)

    • memberserver: Managed Node (Member Server)

SLES and openSUSE

The following netboot products are currently available for SUSE Linux Enterprise Server (SLES) and openSUSE Leap: sles15sp5, sles15sp4, sles15sp3, sles15sp2, sles15sp1, sles12sp5, sles12sp4, sles12sp3, opensusel15-5, and opensusel15-4 (see opsi Client: supported Linux Distributions).

The SLES and openSUSE Netboot products have the following additional properties:

name: productkey
multivalue: False
editable: True
description: email:regcode-sles for suse_register. Is only used if the  host parameter  `license-management.use` is set to  false . If it set to  True  the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences.
values: ["", "myemail@example.com:xxxxxxxxxxxxxx"]
default: [""]

name: suse_register
description: set to false, if you don't want to register your system online, if you set this to false you have to give local repositories
default: True

name: local_repositories
multivalue: True
editable: True
description: list of local repositories to use. Syntax: "repository description", example entry: "http://sles.example.com/suse/repo NameForRepo"
values: [""]
default: [""]

name: install_unattended
description: If false then do interactive installation
default: True

For these systems, you have to store an ISO image on the depot share. Begin by downloading the installation media, then mount and copy its contents into the isocontent directory—for instance, /var/lib/opsi/depot/sles15-3/isocontent/ (as detailed in section Installation Media via WebDAV). After that, execute the command opsi-set-rights.

To download SUSE Linux Enterprise Server (SLES), you must have an account with the manufacturer.

RHEL, AlmaLinux, Rocky Linux, and Oracle Linux

Currently, the following netboot products are available for Red Hat Enterprise Linux (RHEL), AlmaLinux, Rocky Linux, and Oracle Linux: rhel9, rhel8, alma9, alma8, rocky9, rocky8, oraclelinux9, and oraclelinux8 (see opsi Client: supported Linux Distributions).

These netboot products have the following additional properties:

name: install_unattended
description: If false then do interactive installation
default: True

name: selinux_mode
multivalue: False
editable: False
description: In which mode should SELinux run ?
values: ["enforcing", "permissive", "disabled"]
default: ["permissive"]

name: partition_method
multivalue: False
editable: False
description: plain: Regular partitions with no LVM or Btrfs. / lvm: The LVM partitioning scheme. / btrfs: The Btrfs partitioning scheme. / thinp: The LVM Thin Provisioning partitioning scheme.
values: ["plain", "lvm", "btrfs", "thinp"]
default: ["lvm"]

name: productkey
multivalue: False
editable: True
description: email:regcode for subscription_register. Is only used if the  host parameter  `license-management.use` is set to  false . If it set to  True  the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences.
values: ["", "myemail@example.com:xxxxxxxxxxxxxx"]
default: [""]

name: subscription_register
description: set to false, if you don't want to register your system online, if you set this to false you have to give local repositories
default: True

AlmaLinux

Download the required ISO image, e.g. from https://repo.almalinux.org/almalinux/. Next, mount the downloaded image and transfer its contents to the isocontent directory, e.g. to /var/lib/opsi/depot/alma8/isocontent/. Then execute the command opsi-set-rights.

Red Hat Linux Enterprise

Download the required ISO image, e.g. from https://developers.redhat.com/products/rhel/download. Next, mount the downloaded image and transfer its contents to the isocontent directory, e.g. to /var/lib/opsi/depot/redhat8/isocontent/. Then execute the command opsi-set-rights.

You need an account with the manufacturer to download Red Hat Linux Enterprise (RHEL).

Rocky Linux

Download the required ISO image, e.g. from https://rockylinux.org/download/. Next, mount the downloaded image and transfer its contents to the isocontent directory, e.g. to /var/lib/opsi/depot/rocky8/isocontent/. Then execute the command opsi-set-rights.

Oracle Linux

Download the required ISO image, e.g. from https://yum.oracle.com/oracle-linux-isos.html. Next, mount the downloaded image and transfer its contents to the isocontent directory, e.g. to /var/lib/opsi/depot/oraclelinux9. Then execute the command opsi-set-rights.

Netboot Products (Generic Installer)

The installation process diverges from the typical installation routines of the distributions themselves. Initially, the process starts with booting the opsi Linux boot image through netboot. This boot image is the same one used for installing Windows computers. Included in the boot image is a partitioning tool, which prepares the hard disk of the new client. It creates a root partition (/) and a swap partition (/swap), and then formats these partitions. Following this, the basic system gets installed, which includes network configuration and SSH, but excludes a graphical user interface.

The installation of the basic system varies among different distributions. However, a common aspect across all of them is the use of original distribution packages for the installation.

If you like, you can install the client agent after the OS installation. It then takes care of installing and configuring additional software.

After the first boot of the Linux computer, you may need to configure additional components depending on the distribution you are using. For instance, on Red Hat-based systems, you might configure the SELinux security architecture, while on Debian-based distributions, setting up the keyboard layout could be necessary. These specific configurations are handled by the localboot product l-os-postinst.

General Properties

The following properties control the Linux installations in all netboot products:

  • architecture: Which architecture do you want to install on the system? This also influences the boot image used. (Default: 64bit)

  • askbeforeinst: Should the start of the installation have to be confirmed on the client? (Default: true)

  • system_partition_size: What’s the size of the system partition? You can specify the size as a percentage or as an absolute value (G = GByte). If you specify less than 100%, the remainder is used as a data partition (property data_partion_create must be true). (Default: 100%)

  • swap_partition_size: Specify the size of the swap partition. (Default: 2000M)

  • data_partition_create: If true, any remaining free hard disk space is used to create a data partition. (Default: true)

  • data_partition_preserve: Should an existing data partition be preserved? (Default: never) Possible values are:

    • always: Abort installation if it is not possible to preserve an existing partition with the label data with the specified partitioning data.

    • if_possible: If a partition with the label data is found and it is not possible to obtain this partition with the specified partitioning data, the partition is deleted.

    • never: The entire partition table is always rewritten.

  • language: Select the language to be installed (default: en)

  • console_keymap: Select the keyboard layout. (Default: de or depending on distribution)

  • timezone: What’s the time zone of the new Linux system? (Default: Europe/Berlin)

  • root_password: Sets the password for root. (Default: linux123)

  • user_password: Sets the password for the user account. (Default: linux123)

  • online_repository: Which distribution repository should be used for the installation? (not for SLES) (Default: depending on the distribution)

  • proxy: If required, enter the address of the proxy server here (http://<ip>:<port>). (Default: empty)

  • additional_packages: Which additional packages should be installed? Enter the packages as a list separated by spaces. (Default: empty)

  • wget_and_execute: Enter the URL of a file that is to be downloaded and executed after the installation is complete. (Default: empty)

  • install_opsi-client-agent: Installs the Linux client agent at the same time. (Default: true)

  • release: (only Debian and Ubuntu) Which release of the distribution should be installed? (Default: depending on the distribution)

  • setup_after_install: Enter a list of opsi products that should be set to setup after the OS installation. (Default: l-os-postinst)

Debian and Ubuntu

The basic system for Debian-based distributions is installed directly from the Internet using debootstrap.

debootstrap is a tool for installing a Debian base system into a subdirectory of another system already in operation. This process doesn’t need any installation media or ISO images, but it does require access to a Debian repository.

  • The product is designated as having productive status.

  • It is compatible with UEFI/GPT.

  • There are corresponding opsi server packages available for this product. These can be installed by setting the property install_opsi_server=true.

Proxy for Debian Packages

To optimize bandwidth usage, consider employing a proxy with caching capabilities, such as Apt-Cacher NG. This is particularly advantageous for caching Debian packages. It’s ideal in environments where numerous computers retrieve packages from the same sources, like Debian or Ubuntu. Once a package is fetched from the Internet, it gets cached locally. Should another computer require the same package, it can access it directly from this cache, negating the need for a repeated download from the Internet.