Opened 5 months ago

Last modified 8 days ago

#31239 assigned enhancement

automate installs

Reported by: anarcat Owned by: anarcat
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by anarcat)

right now, installing machines is mostly a manual, or semi-manual process: we install debian, preferably with crypto, and then do stuff on top.

some of it is done by hand, some is done in puppet.

we should have a standardized install process that gives us a reproducable, identical install across platforms. then Puppet is what customizes the machine on top of that.

this ticket aims at documenting what we already have and where we could possibly go. this is one of the question we answered "no" on in the "ops questionnaire" in #30881. see also the automated upgrade part in #31957.

Child Tickets

#32283defectnewtpafix up /etc/aliases with puppet

Change History (5)

comment:1 Changed 5 months ago by anarcat

right now the "installers" are shell scripts and snippets in tsa-misc. there's a tor-install-hetzner monolithic script that has been used to install virtual machines, and other scripts that are "chunks" of things that can be done on new servers (partitionning, LDAP entry, luks setup).

the process is documented in new-machine.

comment:2 Changed 5 months ago by anarcat

possible tools to research further:

  • cobbler - takes care of PXE and boot, delegates to kickstart the autoinstall, more relevant to RPM-based distros
  • terraform - config management for the cloud kind of thing, supports Hetzner Cloud, but not Hetzner Robot or Ganeti
  • FAI - built by a debian developer, used to build live images since buster, might require complex setup (e.g. an NFS server), setup-storage(8) might be reusable on its own
  • list of debian setup tools, see also AutomatedInstallation
  • himblock has some interesting post-install configure bits in Python, along with pyparted bridges
  • livewrapper is also one of those installers, in a way

Unfortuantely, I ruled out the official debian-installer because of the complexity of the preseeding system and partman.

Last edited 9 days ago by anarcat (previous) (diff)

comment:3 Changed 6 weeks ago by anarcat

Owner: changed from tpa to anarcat
Status: newassigned

i want to tackle this. i think we're pretty close with the ganeti stuff and the half-assed installer I wrote, but i would maybe like to make a spec on how to phase out and replace, or improve the latter. maybe our installer could be formally released as a standalone thing, if only to get feedback from the community and provoke some discussion and maybe something better. right now, Debian is still working on the debian-installer distribution (for servers) and calamares (for desktop), none of which are a good fit for our environment.

as far as VMs are concerned, the non-ganeti installers should be progressively phased out as we migrate everything into ganeti cluster(s), so that is probably a non-issue. there was a bug with the ganeti installer (#31781) but that should (eventually) be fixed upstream or in puppet.

comment:4 Changed 11 days ago by anarcat

Description: modified (diff)

link to the auto upgrade and questionnaire bits.

comment:5 Changed 8 days ago by anarcat

i had a nice chat with Thomas Lange who confirmed a few things about FAI:

  • it requires a server (fai-server to be more precise)
  • it needs control over the boot environment (custom ISO or PXE + NFS)
  • it does *not* use the debian-installer, instead the base system is installed through tar files which have the same content as a debootstrap call
  • preseeding works by running dpkg-reconfigure on the packages part of the tar file
  • custom FAI-enabled boot images are available from but you can also create your own
  • setup-storage can be used without an installer
Note: See TracTickets for help on using tickets.