Custom Ubuntu ISO image for unattended and offline installation
The optimized delivery of our products requires the automation of installations and upgrades. In particular, the latest version of the nBox appliance is based on Ubuntu and requires automated and, possibly, offline installation and upgrade processes.
The aim of this article is to describe the procedure to create an Ubuntu ISO image, which provides the installation of additional deb packages without requiring internet connection (offline) and without user interaction (unattended).
The article is divided into three main sections:
- Unattended installation: Provide the configurations to create an automated installation procedure
- Custom and offline installation: Update the repository within the ISO image to include new deb packages
- Bootable ISO image creation
Requirements
- Operating system: Ubuntu (tested on 16.04LTS)
- Main Source Debian repository enabled (e.g., add the line
deb-src http://ubuntu.mirror.garr.it/mirrors/ubuntu-archive xenial main restricted universe multiverseto/etc/apt/source.list) - Dependencies:
apt install syslinux-utils rng-tools fakeroot squashfs-tools dpkg-dev - An Ubuntu 16.04 ISO image copied into
/opt/cdrom(e.g.,mount -o /path/to/iso /cdrom && rsync -av /cdrom/ /opt/cd-image)
Unattended installation
The unattended installation is based on a kickstart file that contains configuration information for the Ubuntu installation.
The following example will automatically configure an Ubuntu system with user root and password admin, and the disk partitioned with LVM (allowing partitions to be changed later on). If additional packages are required, you could add them in the %packages section, but then during the installation phase, internet connectivity will be required (see the next section for a complete offline installation).
#System language lang en_US #System keyboard keyboard us #System timezone timezone Europe/Rome #Root password rootpw admin #Initial user user --disabled preseed user-setup/allow-password-weak boolean true #Reboot after installation reboot #Use text mode install text #Install OS instead of upgrade install #Use CD-ROM installation media cdrom #System bootloader configuration bootloader --location=mbr #Clear the Master Boot Record zerombr yes #Partition clearing information clearpart --all --initlabel part pv.01 --size 1 --grow volgroup vg00 pv.01 logvol / --fstype=ext4 --name=lv_root --vgname=vg00 --grow --size=10000 --maxsize=30000 logvol /storage --fstype=ext4 --name=lv_storage --vgname=vg00 --grow --size=100 logvol swap --name=lv_swap --vgname=vg00 --grow --size=3968 --maxsize=3968 # hack around Ubuntu kickstart bugs preseed partman-lvm/confirm_nooverwrite boolean true preseed partman-auto-lvm/no_boot boolean true #System authorization information auth --useshadow --enablemd5 #Do not configure the X Window System skipx #A list of deb package can be added in this section. %packages
This example should be placed in the ISO image. We assume that the file is in /opt/cd-image/ks-nbox-ubuntu16.04-amd64.cfg.
To enable the configuration, the boot options in /opt/cd-image/isolinux/txt.cfg should be changed by adding the following lines:
label autoinstall menu label ^Automatically install Ubuntu kernel /install/vmlinuz append file=/cdrom/preseed/ubuntu-server.seed vga=788 initrd=/install/initrd.gz ks=cdrom:/ks-nbox-ubuntu16.04-amd64.cfg quiet
Custom and offline installation
This section describes how to add additional packages to the ISO image, so that an internet connection during installation is not necessary.
New packages must be added to the repository within the CD-ROM and must be re-indexed taking into consideration the Ubuntu repository structure. Moreover, the Ubuntu installation process verifies the repository keys by checking the GPG key against the public keys held in the package ubuntu-keyring. Thus the ubuntu-keyring package must include a custom key, which will be used to sign our new repository.
First, let’s generate the key:
gpg --gen-key Check the key just generated gpg --list-key
Then, integrate the newly generated key in the ubuntu-keyring package:
mkdir /opt/build cd /opt/build apt-get source ubuntu-keyring cd ubuntu-keyring-*/keyrings gpg --import < ubuntu-archive-keyring.gpg #find out which keys have beend imported and collect the ID of the keys (called IMPORTED-KEYS) and of the just created key (called YOUR-KEY) gpg --list-keys gpg --export IMPORTED-KEYS YOUR-KEY > ubuntu-archive-keyring.gpg cd /opt/build/ubuntu-keyring-* dpkg-buildpackage -rfakeroot -m"Your Name <a href="mailto:your.email@your.host">your.email@your.host</a>" -kYOUR-KEY cd /opt/build/ cp ubuntu-keyring*deb /opt/cd-image/pool/main/u/ubuntu-keyring
Now the keys must be imported into squashfs on the ISO image:
cd /opt/cd-image/install
#Write the manifest
chmod +w filesystem.manifest
chroot squashfs-root dpkg-query -W --showformat='${Package} ${Version}\n' > /opt/cd-image/install/filesystem.manifest
#Recreate the filesystem.squashfs
mksquashfs squashfs-root/ filesystem.squashfs
#Write the size
du -sx --block-size=1 ./squashfs-root/ | cut -f1 > /opt/cd-image/install/filesystem.size
#Remove old squashfs
rm -r squashfs-root/
#GPG sign and verification
#Note that you may want to specify your key with option -u YOURKEYID
gpg --digest-algo SHA256 --sign -bao filesystem.squashfs.gpg filesystem.squashfs
#Verify the correct signment
gpg --verify filesystem.squashfs.gpg filesystem.squashfs
The last step is to add the packages which are used during installation to the CD-ROM repository. Create a new folder to for the new packages:
cd /opt/cd-image mkdir -p pool/extras/ #you may want to add additional components (e.g., pool/devel/)
and then copy your deb packages into the pool folder you created (e.g., cp /Download/debs/*.deb /opt/cd-image/pool/extras/).
Now we need to re-index our repository within /cdrom. Download this script and copy it into /opt/cdrom/. Modify the script’s variables as follows:
GPG_NAMEshould be the just-generated key IDGPG_PATH_PWa path to a file containing the password for keyREPONAMEshould contain the components as an array e.g.,(main extras)ORIGINthe name of the company
Finally, run this script:
cd /opt/cdrom /bin/bash index.sh
ISO image creation
Create an ISO image ready to be written onto USB or CD-ROM:
IMAGE=custom.iso
BUILD=/opt/cd-image/
mkisofs -r -V "nBox Ubuntu InstallCD \
-cache-inodes \
-J -l -b isolinux/isolinux.bin \
-c isolinux/boot.cat -no-emul-boot \
-boot-load-size 4 -boot-info-table \
-o $IMAGE $BUILD
isohybrid custom.iso
Resources
- http://gyk.lt/ubuntu-16-04-desktop-unattended-installation/
- https://help.ubuntu.com/community/InstallCDCustomization#Generate_a_new_filesystem.squashfs_with_the_updated_ubuntu-archive-keyring.gpg
Michele Santuari
Author
Have you looked at FAI (Fully Automatic Installtion)? This can also produce fully unattended installation ISOs and is much more flexible than the kickstart and preseeding stuff. An example of an Ubuntu ISO can be found at
https://fai-project.org/fai-cd. We now also have a web service, for creating customized installation ISO, but this currently only supports Debian. But it should be possible to add Ubuntu support to it.
Thanks for the information. That project seems very interesting. We’ll consider it for future implementation.
Were some steps skipped between:
First, let’s generate the key:
gpg –gen-key
Check the key just generated
gpg –list-key
…and…
Then, integrate the newly generated key in the ubuntu-keyring package:
cd /opt/cd-image/install
unsquashfs filesystem.squashfs
cd squashfs-root/
cp /opt/build/ubuntu-keyring-*/keyrings/ubuntu-archive-keyring.gpg usr/share/keyrings/ubuntu-archive-keyring.gpg
cp /opt/build/ubuntu-keyring-*/keyrings/ubuntu-archive-keyring.gpg etc/apt/trusted.gpg
cp /opt/build/ubuntu-keyring-*/keyrings/ubuntu-archive-keyring.gpg var/lib/apt/keyrings/ubuntu-archive-keyring.gpg
I cannot seem to follow what you’re doing here, as the ‘gpg –gen-key’ doesn’t create any ubuntu-archive-keyring.gpg in /opt/build/.
Hi,
thanks for the comment.
I fixed the blog with some additional steps.
Best.