From 7c68cf66a1e0c0144ac536f72cebebb72c60a7db Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 27 Jul 2022 20:44:07 +0300 Subject: docs: simplify tutorial Sponsored-by: author --- tutorial.md | 60 +++++++++++++++++++++--------------------------------------- 1 file changed, 21 insertions(+), 39 deletions(-) diff --git a/tutorial.md b/tutorial.md index 5e3d6ed..91d7f9f 100644 --- a/tutorial.md +++ b/tutorial.md @@ -33,25 +33,24 @@ The steps: dd if=v-i.img bs=1M oflag=direct status=progress of=/dev/sdx ~~~ -4. You will need to be able to log into the installer, once it's - running. You can do this by logging in as `root` without a password - on the virtual console, or you can use SSH. Note that SSH logins as - root _must_ use key authentication: passwords _do not work_. - - For SSH login you need to install your SSH public key into the - `authorized_keys` file. If you want that, use **one of** the - following two: - - - run a script to install it on the USB drive you've just written - the image to: +4. Configure the installer. Create a YAML file like the one below, but + with valued customized for you. You need one of + `authorized_keys_file` or `user_ca_pub_file`, the others are only + necessary to avoid the SSH prompt for a new host. + + ~~~yaml + user_ca_pub_file: ~liw/.ssh/ca/userca.pub + authorized_keys_file: ~liw/.ssh/id_personal.pub + host_key_file: host.key + host_cert_file: host.key-cert.pub + ~~~ - ~~~sh - sudo bash set-authorized-keys /dev/sdx path/to/your/key.pub - ~~~ + Then run `sudo ./configure-installer your-config.yaml /dev/sdx` (it + should be quite fast). - - create a second stick with a file system with the label - `v-i-config` and a file called `authorized_keys`, and have that - in a USB port when you boot from the v-i USB drive + Alternatively, create a second stick with a file system with the + label `v-i-config` and a file called `authorized_keys`, and have + that in another USB port when you boot from the v-i USB drive 5. Make sure everything has been written to the USB drive. Again, I prefer GNOME Disks for this, but from the command line: @@ -71,30 +70,13 @@ The steps: 8. Create a target specification file `foo-target.yaml`. The name can be anything, but it must be valid YAML. In the example below, there - are two NVMe drives. An extra logical volume is created. An extra - Ansible playbook is run against the target system. The given SSH - public key is installed into the `authorized_keys` file for the - `root` user on the target system. All drives will be encrypted - using LUKS, with the password "hunter2". + is one NVMe drive that will get the system installed. The primary + All drives will be encrypted using LUKS, with the password + "hunter2". ~~~yaml - luks: hunter2 drive: /dev/nvme0n1 - extra_drives: - - /dev/nvme1n1 - hostname: foo - extra_playbooks: - - foo-playbook.yml - ansible_vars: - user_pub: | - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems - user_ca_pubkey: | - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdSnGI91exKItWsZi0XFVQWluS0FUdd12FLjuQk1FxG liw User CA v1 - extra_lvs: - - name: vms - size: 1T - fstype: ext4 - mounted: /mnt/vms + luks: hunter2 ~~~ 9. Install. Add the `--verbose` option to `./v-i` if you want to know @@ -104,7 +86,7 @@ The steps: ~~~sh rm -f install.log - ./v-i foo-target.yaml + ./v-i --verbose foo-target.yaml ~~~ 10. Reboot into the installed system. -- cgit v1.2.1