27. 06. 2018 Michele Santuari Unified Monitoring

Custom Ubuntu ISO image for unattended and offline installation

The optimized delivery of our products requires the automation of installations and upgrades.  In particular, the latest version of the nBox appliance is based on Ubuntu and requires automated and, possibly, offline installation and upgrade processes.

The aim of this article is to describe the procedure to create an Ubuntu ISO image, which provides the installation of additional deb packages without requiring internet connection (offline) and without user interaction (unattended).

The article is divided into three main sections:

  1. Unattended installation:  Provide the configurations to create an automated installation procedure
  2. Custom and offline installation:  Update the repository within the ISO image to include new deb packages
  3. Bootable ISO image creation

Requirements

  • Operating system: Ubuntu (tested on 16.04LTS)
  • Main Source Debian repository enabled (e.g., add the line deb-src http://ubuntu.mirror.garr.it/mirrors/ubuntu-archive xenial main restricted universe multiverse to /etc/apt/source.list)
  • Dependencies: apt install syslinux-utils rng-tools fakeroot squashfs-tools dpkg-dev
  • An Ubuntu 16.04 ISO image copied into /opt/cdrom (e.g., mount -o /path/to/iso /cdrom && rsync -av /cdrom/ /opt/cd-image)

Unattended installation

The unattended installation is based on a kickstart file that contains configuration information for the Ubuntu installation.

The following example will automatically configure an Ubuntu system with user root and password admin, and the disk partitioned with LVM (allowing partitions to be changed later on).  If additional packages are required, you could add them in the %packages section, but then during the installation phase, internet connectivity will be required (see the next section for a complete offline installation).

#System language
lang en_US
#System keyboard
keyboard us
#System timezone
timezone Europe/Rome
#Root password
rootpw admin
#Initial user
user --disabled
preseed user-setup/allow-password-weak boolean true
#Reboot after installation
reboot
#Use text mode install
text
#Install OS instead of upgrade
install
#Use CD-ROM installation media
cdrom
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
clearpart --all --initlabel
part pv.01 --size 1 --grow
volgroup vg00 pv.01
logvol / --fstype=ext4 --name=lv_root --vgname=vg00 --grow --size=10000 --maxsize=30000
logvol /storage --fstype=ext4 --name=lv_storage --vgname=vg00 --grow --size=100
logvol swap --name=lv_swap --vgname=vg00 --grow --size=3968 --maxsize=3968

# hack around Ubuntu kickstart bugs
preseed partman-lvm/confirm_nooverwrite boolean true
preseed partman-auto-lvm/no_boot boolean true

#System authorization information
auth --useshadow --enablemd5
#Do not configure the X Window System
skipx

#A list of deb package can be added in this section.
%packages

This example should be placed in the ISO image. We assume that the file is in /opt/cd-image/ks-nbox-ubuntu16.04-amd64.cfg.

To enable the configuration, the boot options in /opt/cd-image/isolinux/txt.cfg should be changed by adding the following lines:

 label autoinstall menu label ^Automatically install Ubuntu kernel /install/vmlinuz append file=/cdrom/preseed/ubuntu-server.seed vga=788 initrd=/install/initrd.gz ks=cdrom:/ks-nbox-ubuntu16.04-amd64.cfg quiet 

Custom and offline installation

This section describes how to add additional packages to the ISO image, so that an internet connection during installation is not necessary.

New packages must be added to the repository within the CD-ROM and must be re-indexed taking into consideration the Ubuntu repository structure.  Moreover, the Ubuntu installation process verifies the repository keys by checking the GPG key against the public keys held in the package ubuntu-keyring.  Thus the ubuntu-keyring package must include a custom key, which will be used to sign our new repository.

First, let’s generate the key:

 gpg --gen-key 
 Check the key just generated gpg --list-key

Then, integrate the newly generated key in the ubuntu-keyring package:

mkdir /opt/build
cd /opt/build
apt-get source ubuntu-keyring
cd ubuntu-keyring-*/keyrings
gpg --import < ubuntu-archive-keyring.gpg

#find out which keys have beend imported and collect the ID of the keys (called IMPORTED-KEYS) and of the just created key (called YOUR-KEY)
gpg --list-keys 
gpg --export IMPORTED-KEYS YOUR-KEY > ubuntu-archive-keyring.gpg
cd /opt/build/ubuntu-keyring-*
dpkg-buildpackage -rfakeroot -m"Your Name <a href="mailto:your.email@your.host">your.email@your.host</a>" -kYOUR-KEY
cd /opt/build/
cp ubuntu-keyring*deb /opt/cd-image/pool/main/u/ubuntu-keyring

Now the keys must be imported into squashfs on the ISO image:

cd /opt/cd-image/install
#Write the manifest
chmod +w filesystem.manifest
chroot squashfs-root dpkg-query -W --showformat='${Package} ${Version}\n' &gt; /opt/cd-image/install/filesystem.manifest
#Recreate the filesystem.squashfs
mksquashfs squashfs-root/ filesystem.squashfs
#Write the size
du -sx --block-size=1 ./squashfs-root/ | cut -f1 &gt; /opt/cd-image/install/filesystem.size
#Remove old squashfs
rm -r squashfs-root/
#GPG sign and verification
#Note that you may want to specify your key with option -u YOURKEYID
gpg --digest-algo SHA256 --sign -bao filesystem.squashfs.gpg filesystem.squashfs
#Verify the correct signment
gpg --verify filesystem.squashfs.gpg filesystem.squashfs

The last step is to add the packages which are used during installation to the CD-ROM repository.  Create a new folder to for the new packages:

cd /opt/cd-image
mkdir -p pool/extras/
#you may want to add additional components (e.g., pool/devel/)

and then copy your deb packages into the pool folder you created (e.g., cp /Download/debs/*.deb /opt/cd-image/pool/extras/).
Now we need to re-index our repository within /cdrom.  Download this script and copy it into /opt/cdrom/.  Modify the script’s variables as follows:

  • GPG_NAME should be the just-generated key ID
  • GPG_PATH_PW a path to a file containing the password for key
  • REPONAME should contain the components as an array e.g., (main extras)
  • ORIGIN the name of the company

Finally, run this script:

cd /opt/cdrom
/bin/bash index.sh

ISO image creation

Create an ISO image ready to be written onto USB or CD-ROM:

IMAGE=custom.iso
BUILD=/opt/cd-image/

mkisofs -r -V "nBox Ubuntu InstallCD \
            -cache-inodes \
            -J -l -b isolinux/isolinux.bin \
            -c isolinux/boot.cat -no-emul-boot \
            -boot-load-size 4 -boot-info-table \
            -o $IMAGE $BUILD
isohybrid custom.iso

Resources

Michele Santuari

Michele Santuari

Software Architect at Wuerth Phoenix
Hi, my name is Michele Santuari and I am a Telecommunication engineer felt in love with OpenFlow, the first attempt of centralized network management, provisioning, and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages. Now, I am into Agile methodologies and crazy development process management.

Author

Michele Santuari

Hi, my name is Michele Santuari and I am a Telecommunication engineer felt in love with OpenFlow, the first attempt of centralized network management, provisioning, and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages. Now, I am into Agile methodologies and crazy development process management.

4 Replies to “Custom Ubuntu ISO image for unattended and offline installation”

  1. Thomas Lange says:

    Have you looked at FAI (Fully Automatic Installtion)? This can also produce fully unattended installation ISOs and is much more flexible than the kickstart and preseeding stuff. An example of an Ubuntu ISO can be found at
    https://fai-project.org/fai-cd. We now also have a web service, for creating customized installation ISO, but this currently only supports Debian. But it should be possible to add Ubuntu support to it.

    1. Michele Santuari says:

      Thanks for the information. That project seems very interesting. We’ll consider it for future implementation.

  2. Adam Woodman says:

    Were some steps skipped between:

    First, let’s generate the key:
    gpg –gen-key
    Check the key just generated
    gpg –list-key

    …and…

    Then, integrate the newly generated key in the ubuntu-keyring package:
    cd /opt/cd-image/install
    unsquashfs filesystem.squashfs
    cd squashfs-root/
    cp /opt/build/ubuntu-keyring-*/keyrings/ubuntu-archive-keyring.gpg usr/share/keyrings/ubuntu-archive-keyring.gpg
    cp /opt/build/ubuntu-keyring-*/keyrings/ubuntu-archive-keyring.gpg etc/apt/trusted.gpg
    cp /opt/build/ubuntu-keyring-*/keyrings/ubuntu-archive-keyring.gpg var/lib/apt/keyrings/ubuntu-archive-keyring.gpg

    I cannot seem to follow what you’re doing here, as the ‘gpg –gen-key’ doesn’t create any ubuntu-archive-keyring.gpg in /opt/build/.

    1. Michele Santuari says:

      Hi,
      thanks for the comment.
      I fixed the blog with some additional steps.
      Best.

Leave a Reply to Thomas Lange Cancel reply

Your email address will not be published. Required fields are marked *

Archive