From 15df63ab57dc92d59c03799c6aa30e2e93681c7b Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 22 Jul 2023 09:26:57 +0300 Subject: chore: remove logging that was added for debugging It's too verbose to be useful. Sponsored-by: author --- configure-installer | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/configure-installer b/configure-installer index b11cc6e..2e97354 100755 --- a/configure-installer +++ b/configure-installer @@ -71,40 +71,24 @@ class Config: return self.config.get("wifi_name"), self.config.get("wifi_password") def _get_from_file_or_cmd(self, prefix, msg, hostname): - log("_get: A") filename = self.config.get(f"{prefix}_file") - log("_get: B") if filename is not None: - log("_get: C") log(f"reading {msg} from {filename}") - log("_get: D") return cat(filename) - log("_get: E") cmd = self.config.get(f"{prefix}_cmd") - log("_get: F") if hostname is not None: - log("_get: G") cmd = hostname.join(cmd.split("$HOST")) - log("_get: H") if cmd is not None: - log("_get: I") user = self.config.get("cmd_as_user") - log("_get: J") if user is not None: - log("_get: K") log(f"reading {msg} from command (as {user}): {cmd}") - log("_get: L") return run(cmd, user=user) else: - log("_get: M") log(f"reading {msg} from command: {cmd}") - log("_get: N") return run(cmd) - log("_get: O") log(f"can't read {msg}") - log("_get: Z") return None @@ -119,26 +103,15 @@ def unmount(path): def run(cmd, user=None): - log(f"run: A - user={user!r}") if user is not None: - log("run: B") argv = ["sudo", "-u", user, "--", "/bin/bash", "-c", cmd] - log("run: C") log(f"argv: {argv}") - log("run: D") p = subprocess.run(argv, capture_output=True) - log("run: E") else: - log("run: F") - log(f"cmd={cmd!r}") p = subprocess.run(cmd, shell=True, capture_output=True) - log("run: G") if p.returncode != 0: - log("run: H") sys.stderr.write(p.stderr.decode()) - log("run: J") sys.exit(1) - log("run: Z") return p.stdout.decode() -- cgit v1.2.1 From cd22b0d033a96188ef494ee3c8784659cd7ba62e Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 22 Jul 2023 09:46:47 +0300 Subject: feat(write-and-config.sh): require user to specify path to image Sponsored-by: author --- write-and-config.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/write-and-config.sh b/write-and-config.sh index fca1b5e..1d293d3 100755 --- a/write-and-config.sh +++ b/write-and-config.sh @@ -4,6 +4,7 @@ set -euo pipefail config="$1" dev="$2" +img="$3" if ! blkid "$dev" >/dev/null; then echo "$dev is not a block device" 1>&2 @@ -12,8 +13,8 @@ fi echo "Unmounting everything in $dev" umount -fv "$dev"* || true -echo "Write installer.img to $dev" -dd if=installer.img bs=1M oflag=direct status=progress of="$dev" +echo "Write $img to $dev" +dd if="$img" bs=1M oflag=direct status=progress of="$dev" sync for fs in "$dev"?; do -- cgit v1.2.1 From 65132fa24573261b503a2d5e896aa395b96aaf17 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 22 Jul 2023 10:28:15 +0300 Subject: feat: allow removing root password This allows user to log in from console. SSH is configured to not allow login with password in any case. Sponsored-by: author --- std.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/std.yml b/std.yml index 93928be..a335b02 100644 --- a/std.yml +++ b/std.yml @@ -14,6 +14,12 @@ - name: "lock root password" shell: | passwd -l root + when: passwordless_root is not defined or not passwordless_root + + - name: "remove root password" + shell: | + sed -i '/^root:[^:]*:/s//root::/' /etc/passwd + when: passwordless_root - name: "create ~root/.ssh" when: user_pub is defined @@ -134,3 +140,5 @@ user_keyboard_model: pc105 user_keyboard_layout: fi user_console_codeset: Lat15 + + passwordless_root: false -- cgit v1.2.1 From f263507380683745162a332bfcea2769c3064dca Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 22 Jul 2023 11:12:33 +0300 Subject: feat: log generated spec file Helps debugging. Sponsored-by: author --- v-i | 2 ++ 1 file changed, 2 insertions(+) diff --git a/v-i b/v-i index 9f34eea..76a7946 100755 --- a/v-i +++ b/v-i @@ -558,6 +558,8 @@ def main(): timings.reached("clean up storage") vmdb = vmdb_spec(system, ansible_vars, args.std_yml) + x = yaml.safe_dump(vmdb, indent=4) + log(f"vmdb spec:\n{x}") tmp = tempfile.mkdtemp() specfile = os.path.join(tmp, "spec.yaml") if args.very_verbose: -- cgit v1.2.1 From 6919ca10528e0afecd1ef1958928947e7f6f77ee Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 22 Jul 2023 12:17:50 +0300 Subject: docs: configure how to use wifi in installer Sponsored-by: author --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index 8976822..3e94a8e 100644 --- a/README.md +++ b/README.md @@ -337,6 +337,36 @@ No. Use whatever you like once you've installed a system with **v-i** and booted it. **v-i** itself uses Ansible, because that was easy for the author to use. +## Can I use wifi? + +The installer image has all the wifi firmware packages in Debian and +`iwd` installed, but does not automatically connect to a wifi network. +To connect: + +~~~sh +iwctl station wlan0 get-networks +iwctl stations wlan0 connect Valkama +~~~ + +The first command lists available networks. The second one connects to +a specific one. WPA2 with pre-shared keys (passwords) is supported. + +`iwctl` and `iwd` remember the network you've connected to, and will +connect to one automatically in the future after booting. + +To avoid having to connect manually even once, you can add the +following lines to the `configure-installer` (or `write-config.sh`) +configuration file: + +~~~yaml +wifi_name: Valkama +wifi_password: notopen +~~~ + +The installed system is plain Debian, and you can configure it to +support wifi as you would any other Debian system. The `v-i` installer +does not copy over the wifi credentials to the installed system. + ### I'd like to use v-i, but I need changes If you can make the changes yourself, go ahead: this is free and open -- cgit v1.2.1 From ef8043eae57a33bd59ced7b30b13460197932bf7 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 22 Jul 2023 12:47:09 +0300 Subject: docs(tutorial.md): simplify and update Sponsored-by: author --- tutorial.md | 84 ++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/tutorial.md b/tutorial.md index 91d7f9f..74b966a 100644 --- a/tutorial.md +++ b/tutorial.md @@ -17,42 +17,44 @@ The steps: wget -c https://files.liw.fi/v-i/v-i.img.xz ~~~ -2. Unpack the image. +2. Unpack the downloaded image. ~~~sh unxz v-i.img.xz ~~~ + + This will use a few gigabytes of disk apace. -3. Insert USB drive and write the image to the stick. I prefer GNOME - Disks for this, but dd will work. Look up the device of the USB - stick: run `sudo dmsg -T` and look for relevant kernel message, or - use GNOME Disks, or something else. Replace the actual device for - `sdx` below, then run the following command: - - ~~~sh - dd if=v-i.img bs=1M oflag=direct status=progress of=/dev/sdx - ~~~ - -4. Configure the installer. Create a YAML file like the one below, but - with valued customized for you. You need one of - `authorized_keys_file` or `user_ca_pub_file`, the others are only - necessary to avoid the SSH prompt for a new host. +3. Write a configuration file for the installer, to allow logging in + via SSH to the running installer. If you don't intend to do that, + you can just create an empty file. Otherwise, create a YAML file + like the one below, but with values customized for you. You need + one of `authorized_keys_file` or `user_ca_pub_file`. ~~~yaml user_ca_pub_file: ~liw/.ssh/ca/userca.pub authorized_keys_file: ~liw/.ssh/id_personal.pub - host_key_file: host.key - host_cert_file: host.key-cert.pub ~~~ + + Either of these two lines configures the installer SSH to allow you + to log in as `root` using SSH. Password logins are not allowed for + SSH. You can also log in via the console, as `root`, without a + password. - Then run `sudo ./configure-installer your-config.yaml /dev/sdx` (it - should be quite fast). +4. Insert USB drive and find out the device allocated it. I prefer GNOME + Disks for this, but you can also look up the device of the USB + stick: run `sudo dmsg -T`. The device name is usually `/dev/sdx` + for some value of x. + +5. Write the installer image to the USB drive, and configure it. + + ~~~sh + sudo ./write-and-config.sh config.yaml /dev/sdx v-i.img + ~~~ - Alternatively, create a second stick with a file system with the - label `v-i-config` and a file called `authorized_keys`, and have - that in another USB port when you boot from the v-i USB drive + This will take a few minutes. -5. Make sure everything has been written to the USB drive. Again, I +6. Make sure everything has been written to the USB drive. Again, I prefer GNOME Disks for this, but from the command line: ~~~sh @@ -60,40 +62,42 @@ The steps: eject /dev/sdx ~~~ -6. Move the USB drive to the target machine and boot off the drive. - How this happens varies from machine to machine. On my Thinkpad, I - press F12 at the POST screen and then choose the right drive from - the boot menu. +7. Move the USB drive to the target machine and boot off the drive. + How this happens varies from machine to machine. On my Thinkpad + X220, I press F12 at the POST screen and then choose the right + drive from the boot menu. -7. Wait for the system to boot. Log in as root, either from the +8. Wait for the system to boot. Log in as root, either from the virtual console (no password), or via SSH. -8. Create a target specification file `foo-target.yaml`. The name can +9. Create a target specification file `foo-target.yaml`. The name can be anything, but it must be valid YAML. In the example below, there - is one NVMe drive that will get the system installed. The primary - All drives will be encrypted using LUKS, with the password - "hunter2". + is one NVMe drive that will get the system installed. All drives + will be encrypted using LUKS, with the password "hunter2". ~~~yaml drive: /dev/nvme0n1 luks: hunter2 ~~~ -9. Install. Add the `--verbose` option to `./v-i` if you want to know - what's happening. The first time you run this on a given v-i USB - drive, it takes a while: it runs `vmdebootstrap` and that is just - slow. However, the output is cached, so further runs are faster. +10. Install. Add the `--verbose` option to `./v-i` if you want to know + what's happening. The first time you run this on a given v-i USB + drive, it takes a while: it runs `vmdebootstrap` and that is just + slow. However, the output is cached, so further runs are faster. ~~~sh rm -f install.log ./v-i --verbose foo-target.yaml ~~~ + + This will take few minutes the first time, assuming a fast + Internet connection. Further runs go faster. -10. Reboot into the installed system. +11. Reboot into the installed system. -11. Finish configuring the system in whatever way you like to do that. - You can log into it via SSH as root. I use Ansible. +12. Finish configuring the system in whatever way you like to do that. + I use Ansible. Remember to change the LUKS password for each drive. -12. Optional: Let me know how it went. +13. Optional: Let me know how it went. -- cgit v1.2.1