1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
# Install Debian on a bare metal system with v-i
You need:
- a USB drive, at least 4 GB
- a PC that supports UEFI
- backups: _all drives_ in the PC will be wiped from data
The steps:
1. Download the installer image from
<https://files.liw.fi/v-i/v-i.img.xz>. You can use `curl` or `wget`
or your web browser. Use **one of** the following commands:
~~~sh
curl https://files.liw.fi/v-i/v-i.img.xz > v-i.img.xz
wget -c https://files.liw.fi/v-i/v-i.img.xz
~~~
2. Unpack the image.
~~~sh
unxz v-i.img.xz
~~~
3. Insert USB drive and write the image to the stick. I prefer GNOME
Disks for this, but dd will work. Look up the device of the USB
stick: run `sudo dmsg -T` and look for relevant kernel message, or
use GNOME Disks, or something else. Replace the actual device for
`sdx` below, then run the following command:
~~~sh
dd if=v-i.img bs=1M oflag=direct status=progress of=/dev/sdx
~~~
4. Configure the installer. Create a YAML file like the one below, but
with valued customized for you. You need one of
`authorized_keys_file` or `user_ca_pub_file`, the others are only
necessary to avoid the SSH prompt for a new host.
~~~yaml
user_ca_pub_file: ~liw/.ssh/ca/userca.pub
authorized_keys_file: ~liw/.ssh/id_personal.pub
host_key_file: host.key
host_cert_file: host.key-cert.pub
~~~
Then run `sudo ./configure-installer your-config.yaml /dev/sdx` (it
should be quite fast).
Alternatively, create a second stick with a file system with the
label `v-i-config` and a file called `authorized_keys`, and have
that in another USB port when you boot from the v-i USB drive
5. Make sure everything has been written to the USB drive. Again, I
prefer GNOME Disks for this, but from the command line:
~~~sh
sync
eject /dev/sdx
~~~
6. Move the USB drive to the target machine and boot off the drive.
How this happens varies from machine to machine. On my Thinkpad, I
press F12 at the POST screen and then choose the right drive from
the boot menu.
7. Wait for the system to boot. Log in as root, either from the
virtual console (no password), or via SSH.
8. Create a target specification file `foo-target.yaml`. The name can
be anything, but it must be valid YAML. In the example below, there
is one NVMe drive that will get the system installed. The primary
All drives will be encrypted using LUKS, with the password
"hunter2".
~~~yaml
drive: /dev/nvme0n1
luks: hunter2
~~~
9. Install. Add the `--verbose` option to `./v-i` if you want to know
what's happening. The first time you run this on a given v-i USB
drive, it takes a while: it runs `vmdebootstrap` and that is just
slow. However, the output is cached, so further runs are faster.
~~~sh
rm -f install.log
./v-i --verbose foo-target.yaml
~~~
10. Reboot into the installed system.
11. Finish configuring the system in whatever way you like to do that.
You can log into it via SSH as root. I use Ansible.
Remember to change the LUKS password for each drive.
12. Optional: Let me know how it went.
|