我的书签
添加书签
移除书签B.4. 预置文件的内容(buster)
本附录使用的配置片段还放在预置例子文件 https://www.debian.org/releases/buster/example-preseed.txt 里面。
请注意,这里的例子是基于 Intel x86 架构的安装过程。如果您安装到其他架构,其中的一些例子(像键盘选择和 bootloader 安装)可能不恰当,需要用适合您架构的 debconf 设置替换。
有关不同 Debian 安装程序模块的工作细节,请参阅 第 6.3 节 “使用单独的组件”。
B.4.1. 本地化
During a normal install the questions about localization are asked first, so these values can only be preseeded via the initrd or kernel boot parameter methods. Auto mode (第 B.2.3 节 “auto 模式”) includes the setting of auto-install/enable=true (normally via the auto preseed alias). This delays the asking of the localisation questions, so that they can be preseeded by any method.
locale 用于指定语言和国家或者任何 debian-installer 支持的语言与地区的组合。如果组合起来的不是有效的 locale,安装程序会自动选择一个指定语言可用的 locale。要在引导参数上指定本地,比如使用 locale=*`en_US`*。
虽然这个方法很容易使用,但它无法预置所有的语言、国家和地方组合[22]。因此另一种方法是单独预置各值。语言和国家可以在引导参数里面指定。
# Preseeding only locale sets language, country and locale.d-i debian-installer/locale string en_US# The values can also be preseeded individually for greater flexibility.#d-i debian-installer/language string en#d-i debian-installer/country string NL#d-i debian-installer/locale string en_GB.UTF-8# Optionally specify additional locales to be generated.#d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
键盘配置包括选择的 keymap 和(对于非拉丁 keymap)切换键,该键用于非拉丁和 US keymap 来回切换。安装的时候只有几种基本的 keymap 可用。高级的要在安装好的系统下才能使用,使用 dpkg-reconfigure keyboard-configuration 配置。
# Keyboard selection.d-i keyboard-configuration/xkb-keymap select us# d-i keyboard-configuration/toggle select No toggling
使用 skip-config 可以跳过键盘预置 keymap。这将导致内核 keymap 保持活动。
B.4.2. 网络设置
显而易见,预置网络设置对于从网络加载预置文件无效。但对从 CD 和 U 盘引导很有帮助。如果您计划从网络加载预置文件,应该使用传递网络设置给内核引导参数的方式。
如果您需要网络引导从网络加载预置文件前指定网卡,请用这种引导参数 interface=*`eth1`*。
虽然使用网络预置(用 “preseed/url”)通常并不能配置网络,但是您可以使用下面的技巧实现。例如,为网卡设置静态地址。它使加载了预置文件以后网络预置再运行一次,这需要将下面的命令包含在 “preseed/run” 脚本里面:
kill-all-dhcp; netcfg
下面的 debconf 变量与网络配置相关。
# Disable network configuration entirely. This is useful for cdrom# installations on non-networked devices where the network questions,# warning and long timeouts are a nuisance.#d-i netcfg/enable boolean false# netcfg will choose an interface that has link if possible. This makes it# skip displaying a list if there is more than one interface.d-i netcfg/choose_interface select auto# To pick a particular interface instead:#d-i netcfg/choose_interface select eth1# To set a different link detection timeout (default is 3 seconds).# Values are interpreted as seconds.#d-i netcfg/link_wait_timeout string 10# If you have a slow dhcp server and the installer times out waiting for# it, this might be useful.#d-i netcfg/dhcp_timeout string 60#d-i netcfg/dhcpv6_timeout string 60# If you prefer to configure the network manually, uncomment this line and# the static network configuration below.#d-i netcfg/disable_autoconfig boolean true# If you want the preconfiguration file to work on systems both with and# without a dhcp server, uncomment these lines and the static network# configuration below.#d-i netcfg/dhcp_failed note#d-i netcfg/dhcp_options select Configure network manually# Static network configuration.## IPv4 example#d-i netcfg/get_ipaddress string 192.168.1.42#d-i netcfg/get_netmask string 255.255.255.0#d-i netcfg/get_gateway string 192.168.1.1#d-i netcfg/get_nameservers string 192.168.1.1#d-i netcfg/confirm_static boolean true## IPv6 example#d-i netcfg/get_ipaddress string fc00::2#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::#d-i netcfg/get_gateway string fc00::1#d-i netcfg/get_nameservers string fc00::1#d-i netcfg/confirm_static boolean true# Any hostname and domain names assigned from dhcp take precedence over# values set here. However, setting the values still prevents the questions# from being shown, even if values come from dhcp.d-i netcfg/get_hostname string unassigned-hostnamed-i netcfg/get_domain string unassigned-domain# If you want to force a hostname, regardless of what either the DHCP# server returns or what the reverse DNS entry for the IP is, uncomment# and adjust the following line.#d-i netcfg/hostname string somehost# Disable that annoying WEP key dialog.d-i netcfg/wireless_wep string# The wacky dhcp hostname that some ISPs use as a password of sorts.#d-i netcfg/dhcp_hostname string radish# If non-free firmware is needed for the network or other hardware, you can# configure the installer to always try to load it, without prompting. Or# change to false to disable asking.#d-i hw-detect/load_firmware boolean true
请注意,如果 netcfg/get_netmask 没有预置,netcfg 将自动侦测掩码。这种情况下,为了自动安装,变量需要标记为 seen。同样,如果 netcfg/get_gateway 没有设置,netcfg 将自动选择一个合适的地址。特殊情况下,您可以设置 netcfg/get_gateway 为 “none” 确定不使用网关。
B.4.3. 网络控制台
# Use the following settings if you wish to make use of the network-console# component for remote installation over SSH. This only makes sense if you# intend to perform the remainder of the installation manually.#d-i anna/choose_modules string network-console#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key#d-i network-console/password password r00tme#d-i network-console/password-again password r00tme
B.4.4. 镜像设置
根据您使用的安装方式,镜像可用于下载安装程序的额外组件、安装基本系统以及为所安装的系统建立 /etc/apt/sources.list。
参数 mirror/suite 决定了安装好的系统使用的套件。
参数 mirror/udeb/suite 决定安装程序使用的额外组件的套件。它只在组件通过网络下载并与安装时使用的 initrd 建立套件相匹配时才有效。通常安装程序会自动安装并使用正确的值而毋需手动设置。
# If you select ftp, the mirror/country string does not need to be set.#d-i mirror/protocol string ftpd-i mirror/country string manuald-i mirror/http/hostname string http.us.debian.orgd-i mirror/http/directory string /debiand-i mirror/http/proxy string# Suite to install.#d-i mirror/suite string testing# Suite to use for loading installer components (optional).#d-i mirror/udeb/suite string testing
B.4.5. 帐号设置
The password for the root account and name and password for a first regular user’s account can be preseeded. For the passwords you can use either clear text values or crypt(3) hashes.
![[警告]](/static/images/loading.gif) | 警告 |
|---|---|
Be aware that preseeding passwords is not completely secure as everyone with access to the preconfiguration file will have the knowledge of these passwords. Storing hashed passwords is considered secure unless a weak hashing algorithm like DES or MD5 is used which allow for bruteforce attacks. Recommended password hashing algorithms are SHA-256 and SHA512. |
# Skip creation of a root account (normal user account will be able to# use sudo).#d-i passwd/root-login boolean false# Alternatively, to skip creation of a normal user account.#d-i passwd/make-user boolean false# Root password, either in clear text#d-i passwd/root-password password r00tme#d-i passwd/root-password-again password r00tme# or encrypted using a crypt(3) hash.#d-i passwd/root-password-crypted password [crypt(3) hash]# To create a normal user account.#d-i passwd/user-fullname string Debian User#d-i passwd/username string debian# Normal user's password, either in clear text#d-i passwd/user-password password insecure#d-i passwd/user-password-again password insecure# or encrypted using a crypt(3) hash.#d-i passwd/user-password-crypted password [crypt(3) hash]# Create the first user with the specified UID instead of the default.#d-i passwd/user-uid string 1010# The user account will be added to some standard initial groups. To# override that, use this.#d-i passwd/user-default-groups string audio cdrom video
passwd/root-password-crypted 和 passwd/user-password-crypted 值可以使用 “!” 作为他们的预置值。这种情况下,对应的帐号关闭。它常用于 root 帐号,用其他替代方法允许管理或 root 登录(例如使用 SSH key 认证或 sudo)。
The following command (available from the whois package) can be used to generate a SHA-512 based crypt(3) hash for a password:
mkpasswd -m sha-512
B.4.6. 时钟与时区设置
# Controls whether or not the hardware clock is set to UTC.d-i clock-setup/utc boolean true# You may set this to any valid setting for $TZ; see the contents of# /usr/share/zoneinfo/ for valid values.d-i time/zone string US/Eastern# Controls whether to use NTP to set the clock during the installd-i clock-setup/ntp boolean true# NTP server to use. The default is almost always fine here.#d-i clock-setup/ntp-server string ntp.example.com
B.4.7. 分区
使用预置进行硬盘分区受限于 partman-auto 提供的支持。您可以选择使用磁盘上已有的空闲分区或者整个磁盘。磁盘的布局将取决于所使用的预定义方案,用户自定义的方案文件或预置文件包含的方案。
已经支持包括 RAID、LVM 和加密高级分区设置的预置,但对于非预置安装的分区仍然弹性不足。
下面的例子仅提供了使用方案的最基本信息。详细的内容清参考文件 partman-auto-recipe.txt 和 partman-auto-raid-recipe.txt,它们含在 debian-installer 软件包里。这两个文件也可以从 debian-installer source repository获取。注意不同发布版支持的功能会有所改变。
| 警告 |
|---|---|
磁盘的标识基于对应驱动加载的次序。如果系统里面有多个磁盘,要确定预置使用了正确的那一个。 |
B.4.7.1. 分区示例
# If the system has free space you can choose to only partition that space.# This is only honoured if partman-auto/method (below) is not set.#d-i partman-auto/init_automatically_partition select biggest_free# Alternatively, you may specify a disk to partition. If the system has only# one disk the installer will default to using that, but otherwise the device# name must be given in traditional, non-devfs format (so e.g. /dev/sda# and not e.g. /dev/discs/disc0/disc).# For example, to use the first SCSI/SATA hard disk:#d-i partman-auto/disk string /dev/sda# In addition, you'll need to specify the method to use.# The presently available methods are:# - regular: use the usual partition types for your architecture# - lvm: use LVM to partition the disk# - crypto: use LVM within an encrypted partitiond-i partman-auto/method string lvm# You can define the amount of space that will be used for the LVM volume# group. It can either be a size with its unit (eg. 20 GB), a percentage of# free space or the 'max' keyword.d-i partman-auto-lvm/guided_size string max# If one of the disks that are going to be automatically partitioned# contains an old LVM configuration, the user will normally receive a# warning. This can be preseeded away...d-i partman-lvm/device_remove_lvm boolean true# The same applies to pre-existing software RAID array:d-i partman-md/device_remove_md boolean true# And the same goes for the confirmation to write the lvm partitions.d-i partman-lvm/confirm boolean trued-i partman-lvm/confirm_nooverwrite boolean true# You can choose one of the three predefined partitioning recipes:# - atomic: all files in one partition# - home: separate /home partition# - multi: separate /home, /var, and /tmp partitionsd-i partman-auto/choose_recipe select atomic# Or provide a recipe of your own...# If you have a way to get a recipe file into the d-i environment, you can# just point at it.#d-i partman-auto/expert_recipe_file string /hd-media/recipe# If not, you can put an entire recipe into the preconfiguration file in one# (logical) line. This example creates a small /boot partition, suitable# swap, and uses the rest of the space for the root partition:#d-i partman-auto/expert_recipe string \# boot-root :: \# 40 50 100 ext3 \# $primary{ } $bootable{ } \# method{ format } format{ } \# use_filesystem{ } filesystem{ ext3 } \# mountpoint{ /boot } \# . \# 500 10000 1000000000 ext3 \# method{ format } format{ } \# use_filesystem{ } filesystem{ ext3 } \# mountpoint{ / } \# . \# 64 512 300% linux-swap \# method{ swap } format{ } \# .# The full recipe format is documented in the file partman-auto-recipe.txt# included in the 'debian-installer' package or available from D-I source# repository. This also documents how to specify settings such as file# system labels, volume group names and which physical devices to include# in a volume group.# This makes partman automatically partition without confirmation, provided# that you told it what to do using one of the methods above.d-i partman-partitioning/confirm_write_new_label boolean trued-i partman/choose_partition select finishd-i partman/confirm boolean trued-i partman/confirm_nooverwrite boolean true# When disk encryption is enabled, skip wiping the partitions beforehand.#d-i partman-auto-crypto/erase_disks boolean false
B.4.7.2. 使用 RAID 分区
您可以使用预置来建立软 RAID 阵列。支持 RAID 等级 0、1、5、6 和 10,建立降级阵列(degraded arrays)和指定额外设备。
如果是使用 RAID 1,您可以预置 grub 安装所有的阵列中的设备; 参见 第 B.4.11 节 “安装 bootloader”。
| 警告 |
|---|---|
这种自动分区方式很容易出错。 |
# The method should be set to "raid".#d-i partman-auto/method string raid# Specify the disks to be partitioned. They will all get the same layout,# so this will only work if the disks are the same size.#d-i partman-auto/disk string /dev/sda /dev/sdb# Next you need to specify the physical partitions that will be used.#d-i partman-auto/expert_recipe string \# multiraid :: \# 1000 5000 4000 raid \# $primary{ } method{ raid } \# . \# 64 512 300% raid \# method{ raid } \# . \# 500 10000 1000000000 raid \# method{ raid } \# .# Last you need to specify how the previously defined partitions will be# used in the RAID setup. Remember to use the correct partition numbers# for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported;# devices are separated using "#".# Parameters are:# <raidtype> <devcount> <sparecount> <fstype> <mountpoint> \# <devices> <sparedevices>#d-i partman-auto-raid/recipe string \# 1 2 0 ext3 / \# /dev/sda1#/dev/sdb1 \# . \# 1 2 0 swap - \# /dev/sda5#/dev/sdb5 \# . \# 0 2 0 ext3 /home \# /dev/sda6#/dev/sdb6 \# .# For additional information see the file partman-auto-raid-recipe.txt# included in the 'debian-installer' package or available from D-I source# repository.# This makes partman automatically partition without confirmation.d-i partman-md/confirm boolean trued-i partman-partitioning/confirm_write_new_label boolean trued-i partman/choose_partition select finishd-i partman/confirm boolean trued-i partman/confirm_nooverwrite boolean true
B.4.7.3. 分区挂载控制
文件系统一般使用 UUID 作为关键字挂载; 这使得在设备名变更的情况下仍然可以正常挂载。UUID 本身很长不容易阅读,因此,安装程序也可以依照您的意愿使用传统设备名或者指定标签(label)挂载文件系统。假如安装程序使用标签方式,那些没有标签的文件系统仍然使用 UUID 方式挂载。
具有固定名称的设备,比如 LVM 逻辑卷,将继续使用它们自己的名字而不是 UUID 方式挂载。
| 警告 |
|---|---|
传统设备名会根据内核在引导时发现的次序进行调整,这将导致挂载错误的文件系统。与此类似,假如您插入一个新磁盘或 USB 设备,标签也可能有冲突发生。这样系统启动后会出现一些随机的情况。 |
# The default is to mount by UUID, but you can also choose "traditional" to# use traditional device names, or "label" to try filesystem labels before# falling back to UUIDs.#d-i partman/mount_style select uuid
B.4.8. 基本系统安装
本阶段的安装并没有多少东西需要预置。仅有一个与内核安装相关的问题。
# Configure APT to not install recommended packages by default. Use of this# option can result in an incomplete system and should only be used by very# experienced users.#d-i base-installer/install-recommends boolean false# The kernel image (meta) package to be installed; "none" can be used if no# kernel is to be installed.#d-i base-installer/kernel/image string linux-image-686
B.4.9. 设置 apt
设置 /etc/apt/sources.list 和其他的基本配置选项,将自动地基于您使用的安装方式以及前面问题的回答。您也可以选择性地安装其他(或本地)的仓库。
# You can choose to install non-free and contrib software.#d-i apt-setup/non-free boolean true#d-i apt-setup/contrib boolean true# Uncomment this if you don't want to use a network mirror.#d-i apt-setup/use_mirror boolean false# Select which update services to use; define the mirrors to be used.# Values shown below are the normal defaults.#d-i apt-setup/services-select multiselect security, updates#d-i apt-setup/security_host string security.debian.org# Additional repositories, local[0-9] available#d-i apt-setup/local0/repository string \# http://local.server/debian stable main#d-i apt-setup/local0/comment string local server# Enable deb-src lines#d-i apt-setup/local0/source boolean true# URL to the public key of the local repository; you must provide a key or# apt will complain about the unauthenticated repository and so the# sources.list line will be left commented out#d-i apt-setup/local0/key string http://local.server/key# By default the installer requires that repositories be authenticated# using a known gpg key. This setting can be used to disable that# authentication. Warning: Insecure, not recommended.#d-i debian-installer/allow_unauthenticated boolean true# Uncomment this to add multiarch configuration for i386#d-i apt-setup/multiarch string i386
B.4.10. 选择软件包
您可以选择安装存在的任务的组合。本文编撰时已有的任务包括:
standard(standard tools)desktop(graphical desktop)gnome-desktop(Gnome desktop)xfce-desktop(XFCE desktop)kde-desktop(KDE Plasma desktop)cinnamon-desktop(Cinnamon desktop)mate-desktop(MATE desktop)lxde-desktop(LXDE desktop)web-server(web server)print-server(print server)ssh-server(SSH server)
您可以不选任务,并用其他方法安装一系列软件包。我们推荐选上 standard 任务。
如果您打算安装一些安装任务之外的独立软件包,可以使用参数 pkgsel/include。该参数的值可以是用逗号或空格分开的软件包列表,便于在内核命令行上使用。
#tasksel tasksel/first multiselect standard, web-server, kde-desktop# Individual additional packages to install#d-i pkgsel/include string openssh-server build-essential# Whether to upgrade packages after debootstrap.# Allowed values: none, safe-upgrade, full-upgrade#d-i pkgsel/upgrade select none# Some versions of the installer can report back on what software you have# installed, and what software you use. The default is not to report back,# but sending reports helps the project determine what software is most# popular and include it on CDs.#popularity-contest popularity-contest/participate boolean false
B.4.11. 安装 bootloader
# Grub is the default boot loader (for x86). If you want lilo installed# instead, uncomment this:#d-i grub-installer/skip boolean true# To also skip installing lilo, and install no bootloader, uncomment this# too:#d-i lilo-installer/skip boolean true# This is fairly safe to set, it makes grub install automatically to the MBR# if no other operating system is detected on the machine.d-i grub-installer/only_debian boolean true# This one makes grub-installer install to the MBR if it also finds some other# OS, which is less safe as it might not be able to boot that other OS.d-i grub-installer/with_other_os boolean true# Due notably to potential USB sticks, the location of the MBR can not be# determined safely in general, so this needs to be specified:#d-i grub-installer/bootdev string /dev/sda# To install to the first device (assuming it is not a USB stick):#d-i grub-installer/bootdev string default# Alternatively, if you want to install to a location other than the mbr,# uncomment and edit these lines:#d-i grub-installer/only_debian boolean false#d-i grub-installer/with_other_os boolean false#d-i grub-installer/bootdev string (hd0,1)# To install grub to multiple disks:#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1)# Optional password for grub, either in clear text#d-i grub-installer/password password r00tme#d-i grub-installer/password-again password r00tme# or encrypted using an MD5 hash, see grub-md5-crypt(8).#d-i grub-installer/password-crypted password [MD5 hash]# Use the following option to add additional boot parameters for the# installed system (if supported by the bootloader installer).# Note: options passed to the installer will be added automatically.#d-i debian-installer/add-kernel-opts string nousb
grub 使用的密码 MD5 值可以使用 grub-md5-crypt 生成,或者使用 第 B.4.5 节 “帐号设置” 例子中的命令。
B.4.12. 完成安装
# During installations from serial console, the regular virtual consoles# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next# line to prevent this.#d-i finish-install/keep-consoles boolean true# Avoid that last message about the install being complete.d-i finish-install/reboot_in_progress note# This will prevent the installer from ejecting the CD during the reboot,# which is useful in some situations.#d-i cdrom-detect/eject boolean false# This is how to make the installer shutdown when finished, but not# reboot into the installed system.#d-i debian-installer/exit/halt boolean true# This will power off the machine instead of just halting it.#d-i debian-installer/exit/poweroff boolean true
B.4.13. 预置其他的软件包
# Depending on what software you choose to install, or if things go wrong# during the installation process, it's possible that other questions may# be asked. You can preseed those too, of course. To get a list of every# possible question that could be asked during an install, do an# installation, and then run these commands:# debconf-get-selections --installer > file# debconf-get-selections >> file
[22] 比如预置 locale 为 en_NL 在安装后的系统中默认的 locale 将是 en_US.UTF-8。如果想使用 en_GB.UTF-8,该值应该分别进行预置。
