The configuration fragments used in this appendix are also available as an example preconfiguration file from ../example-preseed.txt.
Note that this example is based on an installation for the Intel x86 architecture. If you are installing a different architecture, some of the examples (like keyboard selection and bootloader installation) may not be relevant and will need to be replaced by debconf settings appropriate for your architecture.
Details on how the different Debian Installer components actually work can be found in Section 6.3, “Using Individual Components”.
During a normal install the questions about localization are asked first,
so these values can only be preseeded via the initrd or kernel boot
parameter methods. Auto mode (Section B.2.3, “Auto mode”) includes
the setting of auto-install/enable=true
(normally via
the auto
preseed alias). This delays the asking of
the localisation questions, so that they can be preseeded by any method.
The locale can be used to specify both language and country and can be any
combination of a language supported by debian-installer
and a recognized country. If
the combination does not form a valid locale, the installer will automatically
select a locale that is valid for the selected language.
To specify the locale as a boot parameter, use
locale=
.
en_US
Although this method is very easy to use, it does not allow preseeding of all possible combinations of language, country and locale[22]. So alternatively the values can be preseeded individually. Language and country can also be specified as boot parameters.
# Preseeding only locale sets language, country and locale. d-i debian-installer/locale string en_US # The values can also be preseeded individually for greater flexibility. #d-i debian-installer/language string en #d-i debian-installer/country string NL #d-i debian-installer/locale string en_GB.UTF-8 # Optionally specify additional locales to be generated. #d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
Keyboard configuration consists of selecting a keymap and (for non-latin keymaps) a toggle key to switch between the non-latin keymap and the US keymap. Only basic keymap variants are available during installation. Advanced variants are available only in the installed system, through dpkg-reconfigure keyboard-configuration.
To specify the keymap as a boot parameter, use
console-setup/ask_detect=false
keyboard-configuration/xkb-keymap=
.
The keymap is an X layout name, as would be used in the
us
XkbLayout
option in
/etc/X11/xorg.conf
.
# Keyboard selection. # Disable automatic (interactive) keymap detection. d-i console-setup/ask_detect boolean false d-i keyboard-configuration/xkb-keymap select us # To select a variant of the selected layout: #d-i keyboard-configuration/xkb-keymap select us(dvorak) # d-i keyboard-configuration/toggle select No toggling
To skip keyboard configuration, preseed
keymap
with
SKIP
.
This will result in the kernel keymap remaining active.
Of course, preseeding the network configuration won't work if you're loading your preconfiguration file from the network. But it's great when you're booting from CD or USB stick. If you are loading preconfiguration files from the network, you can pass network config parameters by using kernel boot parameters.
If you need to pick a particular interface when netbooting before loading
a preconfiguration file from the network, use a boot parameter such as
interface=
.
eth1
Although preseeding the network configuration is normally not possible when using network preseeding (using “preseed/url”), you can use the following hack to work around that, for example if you'd like to set a static address for the network interface. The hack is to force the network configuration to run again after the preconfiguration file has been loaded by creating a “preseed/run” script containing the following commands:
kill-all-dhcp; netcfg
The following debconf variables are relevant for network configuration.
# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
#d-i netcfg/enable boolean false
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
# To pick a particular interface instead:
#d-i netcfg/choose_interface select eth1
# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
#d-i netcfg/link_wait_timeout string 10
# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true
# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually
# Static network configuration.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.42
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true
Please note that netcfg will automatically determine the
netmask if netcfg/get_netmask
is not preseeded. In
this case, the variable has to be marked as seen
for
automatic installations. Similarly, netcfg will choose
an appropriate address if netcfg/get_gateway
is not
set. As a special case, you can set
netcfg/get_gateway
to “none” to specify
that no gateway should be used.
# Use the following settings if you wish to make use of the network-console # component for remote installation over SSH. This only makes sense if you # intend to perform the remainder of the installation manually. #d-i anna/choose_modules string network-console #d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key #d-i network-console/password password r00tme #d-i network-console/password-again password r00tme # Use this instead if you prefer to use key-based authentication #d-i network-console/authorized_keys_url http://host/authorized_keys
Depending on the installation method you use, a mirror may be used to
download additional components of the installer, to install the base system,
and to set up the /etc/apt/sources.list
for the installed
system.
The parameter mirror/suite
determines the suite for
the installed system.
The parameter mirror/udeb/suite
determines the suite
for additional components for the installer. It is only useful to set this
if components are actually downloaded over the network and should match the
suite that was used to build the initrd for the installation method used for
the installation. Normally the installer will automatically use the correct
value and there should be no need to set this.
The parameter mirror/udeb/components
determines the
archive components from which additional installer components are fetched.
It is only useful to set this if components are actually downloaded over the
network. The default components are main and restricted.
# If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual d-i mirror/http/hostname string archive.ubuntu.com d-i mirror/http/directory string /ubuntu d-i mirror/http/proxy string # Alternatively: by default, the installer uses CC.archive.ubuntu.com where # CC is the ISO-3166-2 code for the selected country. You can preseed this # so that it does so without asking. #d-i mirror/http/mirror select CC.archive.ubuntu.com # Suite to install. #d-i mirror/suite string focal # Suite to use for loading installer components (optional). #d-i mirror/udeb/suite string focal # Components to use for loading installer components (optional). #d-i mirror/udeb/components multiselect main, restricted
The password for the root account and name and password for a first regular user's account can be preseeded. For the passwords you can use either clear text values or crypt(3) hashes.
Warning | |
---|---|
Be aware that preseeding passwords is not completely secure as everyone with access to the preconfiguration file will have the knowledge of these passwords. Storing hashed passwords is considered secure unless a weak hashing algorithm like DES or MD5 is used which allow for bruteforce attacks. Recommended password hashing algorithms are SHA-256 and SHA512. |
# Skip creation of a root account (normal user account will be able to # use sudo). The default is false; preseed this to true if you want to set # a root password. #d-i passwd/root-login boolean false # Alternatively, to skip creation of a normal user account. #d-i passwd/make-user boolean false # Root password, either in clear text #d-i passwd/root-password password r00tme #d-i passwd/root-password-again password r00tme # or encrypted using a crypt(3) hash. #d-i passwd/root-password-crypted password [crypt(3) hash] # To create a normal user account. #d-i passwd/user-fullname string Ubuntu User #d-i passwd/username string ubuntu # Normal user's password, either in clear text #d-i passwd/user-password password insecure #d-i passwd/user-password-again password insecure # or encrypted using a crypt(3) hash. #d-i passwd/user-password-crypted password [crypt(3) hash] # Create the first user with the specified UID instead of the default. #d-i passwd/user-uid string 1010 # The installer will warn about weak passwords. If you are sure you know # what you're doing and want to override it, uncomment this. #d-i user-setup/allow-password-weak boolean true # The user account will be added to some standard initial groups. To # override that, use this. #d-i passwd/user-default-groups string audio cdrom video # Set to true if you want to encrypt the first user's home directory. d-i user-setup/encrypt-home boolean false
The passwd/root-password-crypted
and
passwd/user-password-crypted
variables can also
be preseeded with “!” as their value. In that case, the
corresponding account is disabled. This may be convenient for the root
account, provided of course that an alternative method is set up to allow
administrative activities or root login (for instance by using SSH key
authentication or sudo).
The following command (available from the whois
package)
can be used to generate a SHA-512 based crypt(3) hash for a password:
mkpasswd -m sha-512
# Controls whether or not the hardware clock is set to UTC. d-i clock-setup/utc boolean true # You may set this to any valid setting for $TZ; see the contents of # /usr/share/zoneinfo/ for valid values. d-i time/zone string US/Eastern # Controls whether to use NTP to set the clock during the install d-i clock-setup/ntp boolean true # NTP server to use. The default is almost always fine here. #d-i clock-setup/ntp-server string ntp.example.com
The amd64 offers two unique kinds of disk storage - DASD and FCP (or zFCP).
# Activate DASD disks #d-i s390-dasd/dasd string 0.0.0200,0.0.0300,0.0.0400 # DASD configuration; by default dasdfmt (low-level format) if needed #d-i s390-dasd/auto-format boolean true #d-i s390-dasd/force-format boolean true # zFCP activation and configuration # d-i s390-zfcp/zfcp string 0.0.1b34:0x400870075678a1b2:0x201480c800000000, \ # 0.0.1b34:0x400870075679a1b2:0x201480c800000000
Using preseeding to partition the harddisk is limited to what is supported
by partman-auto
. You can choose to partition
either existing free space on a disk or a whole disk. The layout of the
disk can be determined by using a predefined recipe, a custom recipe from
a recipe file or a recipe included in the preconfiguration file.
Preseeding of advanced partition setups using RAID, LVM and encryption is supported, but not with the full flexibility possible when partitioning during a non-preseeded install.
The examples below only provide basic information on the use of recipes.
For detailed information see the files
partman-auto-recipe.txt
and
partman-auto-raid-recipe.txt
included in the
debian-installer
package.
Both files are also available from the
debian-installer
source
repository. Note that the supported functionality may change
between releases.
Warning | |
---|---|
The identification of disks is dependent on the order in which their drivers are loaded. If there are multiple disks in the system, make very sure the correct one will be selected before using preseeding. |
# If the system has free space you can choose to only partition that space. # This is only honoured if partman-auto/method (below) is not set. # Alternatives: custom, some_device, some_device_crypto, some_device_lvm. #d-i partman-auto/init_automatically_partition select biggest_free # Alternatively, you may specify a disk to partition. If the system has only # one disk the installer will default to using that, but otherwise the device # name must be given in traditional, non-devfs format (so e.g. /dev/sda # and not e.g. /dev/discs/disc0/disc). # For example, to use the first SCSI/SATA hard disk: #d-i partman-auto/disk string /dev/sda # In addition, you'll need to specify the method to use. # The presently available methods are: # - regular: use the usual partition types for your architecture # - lvm: use LVM to partition the disk # - crypto: use LVM within an encrypted partition d-i partman-auto/method string lvm # If one of the disks that are going to be automatically partitioned # contains an old LVM configuration, the user will normally receive a # warning. This can be preseeded away... d-i partman-lvm/device_remove_lvm boolean true # The same applies to pre-existing software RAID array: d-i partman-md/device_remove_md boolean true # And the same goes for the confirmation to write the lvm partitions. d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true # For LVM partitioning, you can select how much of the volume group to use # for logical volumes. #d-i partman-auto-lvm/guided_size string max #d-i partman-auto-lvm/guided_size string 10GB #d-i partman-auto-lvm/guided_size string 50% # You can choose one of the three predefined partitioning recipes: # - atomic: all files in one partition # - home: separate /home partition # - multi: separate /home, /var, and /tmp partitions d-i partman-auto/choose_recipe select atomic # Or provide a recipe of your own... # If you have a way to get a recipe file into the d-i environment, you can # just point at it. #d-i partman-auto/expert_recipe_file string /hd-media/recipe # If not, you can put an entire recipe into the preconfiguration file in one # (logical) line. This example creates a small /boot partition, suitable # swap, and uses the rest of the space for the root partition: #d-i partman-auto/expert_recipe string \ # boot-root :: \ # 40 50 100 ext3 \ # $primary{ } $bootable{ } \ # method{ format } format{ } \ # use_filesystem{ } filesystem{ ext3 } \ # mountpoint{ /boot } \ # . \ # 500 10000 1000000000 ext3 \ # method{ format } format{ } \ # use_filesystem{ } filesystem{ ext3 } \ # mountpoint{ / } \ # . \ # 64 512 300% linux-swap \ # method{ swap } format{ } \ # . # If you just want to change the default filesystem from ext3 to something # else, you can do that without providing a full recipe. #d-i partman/default_filesystem string ext4 # The full recipe format is documented in the file partman-auto-recipe.txt # included in the 'debian-installer' package or available from D-I source # repository. This also documents how to specify settings such as file # system labels, volume group names and which physical devices to include # in a volume group. # This makes partman automatically partition without confirmation, provided # that you told it what to do using one of the methods above. d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true
You can also use preseeding to set up partitions on software RAID arrays. Supported are RAID levels 0, 1, 5, 6 and 10, creating degraded arrays and specifying spare devices.
If you are using RAID 1, you can preseed grub to install to all devices used in the array; see Section B.4.12, “Boot loader installation”.
Warning | |
---|---|
This type of automated partitioning is easy to get wrong. It is also
functionality that receives relatively little testing from the developers
of |
# The method should be set to "raid". #d-i partman-auto/method string raid # Specify the disks to be partitioned. They will all get the same layout, # so this will only work if the disks are the same size. #d-i partman-auto/disk string /dev/sda /dev/sdb # Next you need to specify the physical partitions that will be used. #d-i partman-auto/expert_recipe string \ # multiraid :: \ # 1000 5000 4000 raid \ # $primary{ } method{ raid } \ # . \ # 64 512 300% raid \ # method{ raid } \ # . \ # 500 10000 1000000000 raid \ # method{ raid } \ # . # Last you need to specify how the previously defined partitions will be # used in the RAID setup. Remember to use the correct partition numbers # for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported; # devices are separated using "#". # Parameters are: # <raidtype> <devcount> <sparecount> <fstype> <mountpoint> \ # <devices> <sparedevices> #d-i partman-auto-raid/recipe string \ # 1 2 0 ext3 / \ # /dev/sda1#/dev/sdb1 \ # . \ # 1 2 0 swap - \ # /dev/sda5#/dev/sdb5 \ # . \ # 0 2 0 ext3 /home \ # /dev/sda6#/dev/sdb6 \ # . # For additional information see the file partman-auto-raid-recipe.txt # included in the 'debian-installer' package or available from D-I source # repository. # This makes partman automatically partition without confirmation. d-i partman-md/confirm boolean true d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true
Normally, filesystems are mounted using a universally unique identifier (UUID) as a key; this allows them to be mounted properly even if their device name changes. UUIDs are long and difficult to read, so, if you prefer, the installer can mount filesystems based on the traditional device names, or based on a label you assign. If you ask the installer to mount by label, any filesystems without a label will be mounted using a UUID instead.
Devices with stable names, such as LVM logical volumes, will continue to use their traditional names rather than UUIDs.
Warning | |
---|---|
Traditional device names may change based on the order in which the kernel discovers devices at boot, which may cause the wrong filesystem to be mounted. Similarly, labels are likely to clash if you plug in a new disk or a USB drive, and if that happens your system's behaviour when started will be random. |
# The default is to mount by UUID, but you can also choose "traditional" to # use traditional device names, or "label" to try filesystem labels before # falling back to UUIDs. #d-i partman/mount_style select uuid
There is actually not very much that can be preseeded for this stage of the installation. The only questions asked concern the installation of the kernel and the location of the base pre-configured filesystem for the installation.
# Configure a path to the preconfigured base filesystem. This can be used to # specify a path for the installer to retrieve the filesystem image that will # be deployed to disk and used as a base system for the installation. #d-i live-installer/net-image string /install/filesystem.squashfs # Configure APT to not install recommended packages by default. Use of this # option can result in an incomplete system and should only be used by very # experienced users. #d-i base-installer/install-recommends boolean false # The kernel image (meta) package to be installed; "none" can be used if no # kernel is to be installed. #d-i base-installer/kernel/image string linux-generic
Setup of the /etc/apt/sources.list
and basic configuration
options is fully automated based on your installation method and answers to
earlier questions. You can optionally add other (local) repositories.
# You can choose to install restricted and universe software, or to install # software from the backports repository. #d-i apt-setup/restricted boolean true #d-i apt-setup/universe boolean true #d-i apt-setup/backports boolean true # Uncomment this if you don't want to use a network mirror. #d-i apt-setup/use_mirror boolean false # Select which update services to use; define the mirrors to be used. # Values shown below are the normal defaults. #d-i apt-setup/services-select multiselect security #d-i apt-setup/security_host string security.ubuntu.com #d-i apt-setup/security_path string /ubuntu # Additional repositories, local[0-9] available #d-i apt-setup/local0/repository string \ # http://local.server/ubuntu focal main #d-i apt-setup/local0/comment string local server # Enable deb-src lines #d-i apt-setup/local0/source boolean true # URL to the public key of the local repository; you must provide a key or # apt will complain about the unauthenticated repository and so the # sources.list line will be left commented out #d-i apt-setup/local0/key string http://local.server/key # By default the installer requires that repositories be authenticated # using a known gpg key. This setting can be used to disable that # authentication. Warning: Insecure, not recommended. #d-i debian-installer/allow_unauthenticated boolean true # Uncomment this to add multiarch configuration for i386 #d-i apt-setup/multiarch string i386
You can choose to install any combination of tasks that are available. Available tasks as of this writing include:
standard
(standard tools)
ubuntu-desktop
kubuntu-desktop
edubuntu-desktop
lubuntu-desktop
ubuntu-gnome-desktop
xubuntu-desktop
ubuntu-mate-desktop
lamp-server
print-server
(print server)
You can also choose to install no tasks, and force the installation of a
set of packages in some other way. We recommend always including the
standard
task.
If you want to install some individual packages in addition to packages
installed by tasks, you can use the parameter
pkgsel/include
. The value of this parameter can be
a list of packages separated by either commas or spaces, which allows it
to be used easily on the kernel command line as well. By default,
recommended packages will not be installed; to change this, preseed
pkgsel/install-recommends
to true.
To install a different set of language packs, you can use the parameter
pkgsel/language-packs
. The value of this parameter
should be a list of ISO-639 language codes. If not set, the language packs
matching the language selected in the installer will be installed.
tasksel tasksel/first multiselect ubuntu-desktop #tasksel tasksel/first multiselect lamp-server, print-server #tasksel tasksel/first multiselect kubuntu-desktop # Individual additional packages to install #d-i pkgsel/include string openssh-server build-essential # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade #d-i pkgsel/upgrade select none # Language pack selection #d-i pkgsel/language-packs multiselect de, en, zh # Policy for applying updates. May be "none" (no automatic updates), # "unattended-upgrades" (install security updates automatically), or # "landscape" (manage system with Landscape). #d-i pkgsel/update-policy select none # Some versions of the installer can report back on what software you have # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most # popular and include it on CDs. #popularity-contest popularity-contest/participate boolean false # By default, the system's locate database will be updated after the # installer has finished installing most packages. This may take a while, so # if you don't want it, you can set this to "false" to turn it off. #d-i pkgsel/updatedb boolean true
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev string /dev/sda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev string default
# Alternatively, if you want to install to a location other than the mbr,
# uncomment and edit these lines:
#d-i grub-installer/only_debian boolean false
#d-i grub-installer/with_other_os boolean false
#d-i grub-installer/bootdev string (hd0,1)
# To install grub to multiple disks:
#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1)
# Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme
# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
An MD5 hash for a password for grub
can be generated
using grub-md5-crypt, or using the command from the
example in Section B.4.5, “Account setup”.
# During installations from serial console, the regular virtual consoles # (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next # line to prevent this. #d-i finish-install/keep-consoles boolean true # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note # This will prevent the installer from ejecting the CD during the reboot, # which is useful in some situations. #d-i cdrom-detect/eject boolean false # This is how to make the installer shutdown when finished, but not # reboot into the installed system. #d-i debian-installer/exit/halt boolean true # This will power off the machine instead of just halting it. #d-i debian-installer/exit/poweroff boolean true
# Depending on what software you choose to install, or if things go wrong # during the installation process, it's possible that other questions may # be asked. You can preseed those too, of course. To get a list of every # possible question that could be asked during an install, do an # installation, and then run these commands: # debconf-get-selections --installer > file # debconf-get-selections >> file
[22]
Preseeding locale
to en_NL
would
for example result in en_US.UTF-8
as default locale for
the installed system. If e.g. en_GB.UTF-8
is preferred
instead, the values will need to be preseeded individually.