[debian-lan-devel] Post Installation Issues

Thu Feb 12 09:40:29 UTC 2015

Hi,

On Wed, Feb 11, 2015 at 05:48:20PM -0800, Afif Elghraoui wrote:

> I meant to contact you regarding this issue, but my coworker beat me to
> it (he has been picking up the testing with DebianLAN, but I was
> involved in much of this part). I want to clarify some things he said,
> however. I'm sorry about our internal miscommunication. I'll be in
> contact from here on for this issue.
>
> On الأربعاء 11 شباط 2015 16:58, BMIRC System Administrator wrote:
>
> > I have a server machine setup and I am in process of installing
> > workstations to the system.
>
> This is on our jessie test setup (about which I contacted you earlier
> about the DNS resolution issues we had).
> > I am able to finish FAI process successfully for the workstation
> > through a network boot. However, I am running into couple issues after
> > the installation is done. The machine keeps doing network performing
> > so it repeats the installation process unless it is manually changed
> > to hard drive boot.
> There was something more I wanted to try that I think would solve this
> problem we had before bringing this up to you. After checking the FAI
> guide, I think we just needed to add "reboot" to the $FAI_FLAGS to
> trigger automatic reboot after installation and to boot directly to the
> second boot device. Right now, it prompts "Press enter to reboot" and
> then reboots into installation since network boot is the first boot device.

The default for Debian-LAN clients is to boot locally.  To install, I
enable the (BIOS) boot menu on the client (and then use something like
F12 to boot from the network). Then let FAI do the installation and boot
locally again to start the installed system.

However, this can be changed by using fai-chboot (-d / -e IIRC) on the
server to switch to localboot respectively pxeboot.

This can be done automatically too, but it opens some security
concerns, cf. [1] and the discussion in the thread.

It should also be possible to offer a pxe boot menu which allows you
to choose a FAI pxe installation but by default boots from the local
disk after some timeout.  It depands a bit on the situation what is
appropriate (students lab, number of hosts, accessibility, security
aspects, etc ...).

> > Also, there is no home directory for the user so it is not possible to
> > log in the first time. I need to manually create a user from the
> > server until I can log in.
> >
> This isn't quite the issue we're having. We've tried installing two
> workstations so far, and both of them required us to manually distribute
> the Kerberos ketabs after installation in order for home directories to
> be mounted (as described in the section "Distributing Kerberos keytabs
> to clients" in the DebianLAN wiki[1]). The absence of the home directory
> then prevents graphical user login. Do you know what might be preventing
> the automatic keytab distribution from working?

Ah, I had this issue here too.  I haven't explored it yet, but it
seems that for some reason the script [2] fails to work properly.  (In
some cases?)  The log /var/log/dhcpd-keytab.log should tell you what
happened.  This script is kind of an ugly hack.  It tries to copy the
keytab to the client, both during installation and after the first
boot of the installed machine.  As soon as the keytab has been copied
'somewhere', it is marked as 'tainted' so if someone triggers this
mechanism maliciously (by faking a MAC address), the sysadmin notifies
the prior use.  Depending on the situation, he can then take actions
(create a new keytab or re-use it manually).

I hope this helps.  If something is unclear, please do not hesitate to
ask.  Best regards,

    Andi

[1] https://lists.uni-koeln.de/pipermail/linux-fai/2012-February/009509.html
[2] https://anonscm.debian.org/cgit/collab-maint/debian-lan.git/tree/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A