1 00:00:05,885 --> 00:00:12,871 Today, I talk about FAI.me, which is a build server for images. 2 00:00:14,947 --> 00:00:20,359 First, anybody that never heard anything about FAI? 3 00:00:21,781 --> 00:00:22,593 Ok 4 00:00:24,376 --> 00:00:27,468 I started this project in 1999. 5 00:00:29,297 --> 00:00:30,679 I'm not sure… 6 00:00:31,656 --> 00:00:35,883 No, I'm sure that during those times, the Debian installer did not have 7 00:00:35,883 --> 00:00:39,703 the preseeding stuff, so we needed something automatically. 8 00:00:42,751 --> 00:00:50,347 I installed the first cluster with FAI and I always do talks on FAI or 9 00:00:50,347 --> 00:00:54,211 today in the lightning talks, I talk a little bit about dracut, 10 00:00:54,211 --> 00:00:55,794 which is used in FAI. 11 00:00:56,964 --> 00:00:58,838 So, what was the motivation. 12 00:00:59,448 --> 00:01:02,780 A neighbour of mine, she came to me with 13 00:01:02,780 --> 00:01:08,109 "My Windows desktop is broken, can you reinstall it?" 14 00:01:08,395 --> 00:01:13,673 And in the end, I installed her Linux, and I was shortly thinking about 15 00:01:13,673 --> 00:01:18,223 "Should I use FAI for installing her desktop with Linux?" 16 00:01:18,995 --> 00:01:24,809 And in the end, I did not use it because FAI is too complicated, 17 00:01:24,809 --> 00:01:31,030 like the Debian installer, I guess it's not really that easy for beginners 18 00:01:31,030 --> 00:01:32,740 because there are a lot of questions 19 00:01:32,740 --> 00:01:34,973 but also FAI is not really for beginners. 20 00:01:35,785 --> 00:01:38,787 So this was the motivation about thinking about FAI. 21 00:01:40,255 --> 00:01:43,776 The target group was always advanced sysadmins 22 00:01:43,776 --> 00:01:49,313 but I thought maybe it's possible to make FAI usable also for people 23 00:01:49,313 --> 00:01:52,490 that are not that advanced sysadmins. 24 00:01:54,359 --> 00:01:58,790 The idea is that an installer should cover most installations. 25 00:01:59,075 --> 00:02:02,890 The Debian installer is really perfect because I think it covers 26 00:02:02,890 --> 00:02:07,114 all different kinds and strange environments 27 00:02:07,114 --> 00:02:14,146 You can do a lot of things, you can configure very strange combination of language, 28 00:02:14,146 --> 00:02:16,057 keyboard layout and so on 29 00:02:16,546 --> 00:02:23,068 but I was thinking about an installer that covers 90 or 95% of the installations 30 00:02:24,677 --> 00:02:32,092 A lot of special cases can be ignored and since the Debian installer has like 31 00:02:32,862 --> 00:02:38,345 more than 20 questions, I thought it would be much nicer if there were only 32 00:02:38,345 --> 00:02:46,155 3 to 5 questions and I looked at Linux Mint and Mageia installers, CentOS installer, 33 00:02:46,155 --> 00:02:50,181 and they all ask much less questions. 34 00:02:51,767 --> 00:02:57,408 In the Debian installer, we sometimes have also things that are asked 35 00:02:57,408 --> 00:03:01,512 during the installation, so not everything is asked at the very beginning. 36 00:03:02,079 --> 00:03:05,898 For example, the task selection, where you select your desktop, 37 00:03:05,898 --> 00:03:08,538 is done after the base installation. 38 00:03:08,904 --> 00:03:13,130 This was also very important, I would like to have something that 39 00:03:13,130 --> 00:03:15,366 asks everything at the very beginning. 40 00:03:16,584 --> 00:03:22,271 Then, maybe some tool could create a customized installation image 41 00:03:22,271 --> 00:03:27,149 and this installation image should run then completely unattended 42 00:03:27,149 --> 00:03:31,572 so you can get yourself a coffee and when you come back, your machine is ready. 43 00:03:32,792 --> 00:03:37,590 There are 3 things to customize installation image, 44 00:03:37,590 --> 00:03:43,440 you just put this image, you do not have to touch anything, and then it's ready. 45 00:03:43,603 --> 00:03:48,239 I thought "Oh yes, this is FAI, maybe FAI can do this." 46 00:03:50,028 --> 00:03:57,059 As I said, FAI is only, or was until now only a tool for experienced sysadmins 47 00:03:57,059 --> 00:04:02,297 and you have to adjust several config files, these are ASCII files 48 00:04:02,297 --> 00:04:08,677 but still you have to touch 5 to 10 config files to make a customization. 49 00:04:09,610 --> 00:04:12,698 So, how can I make FAI usable for beginners? 50 00:04:13,023 --> 00:04:15,294 That's the beginning of FAI.me. 51 00:04:17,647 --> 00:04:21,430 There's a web page, we'll show it in more detail later, 52 00:04:21,430 --> 00:04:26,831 where you can just click some things, and then you get a customized image. 53 00:04:28,815 --> 00:04:35,606 This image can be put onto a CD, DVD or USB stick, just with dd 54 00:04:35,606 --> 00:04:40,724 and the customization is just by using the web interface 55 00:04:40,724 --> 00:04:46,257 so there's no need for you to edit a text file, a config file inside FAI. 56 00:04:48,333 --> 00:04:53,454 I hope I covered most important things that you want to adjust 57 00:04:53,454 --> 00:04:55,852 or a little bit customize. 58 00:04:56,123 --> 00:04:59,733 You can add additional packages, I think that's the most important thing 59 00:04:59,733 --> 00:05:03,752 that people say "I want to have the normal Debian installation 60 00:05:03,752 --> 00:05:05,778 but with some additional packages." 61 00:05:06,836 --> 00:05:11,796 And you can select different distributions, so it's not only 62 00:05:11,796 --> 00:05:16,755 the installation image for the stable release, you can create 63 00:05:16,755 --> 00:05:19,190 3 variants of the installation. 64 00:05:21,553 --> 00:05:28,747 This is the web page and thanks to Juri, he did a great job 65 00:05:28,747 --> 00:05:34,316 during the first and second day, he added a new feature that we now have 66 00:05:34,316 --> 00:05:35,616 a toggle button. 67 00:05:36,388 --> 00:05:39,522 Is it big enough or should I zoom in? 68 00:05:40,823 --> 00:05:41,633 Ok. 69 00:05:42,688 --> 00:05:49,963 So, we have a toggle button, what you see now is just the bare minimum of questions 70 00:05:49,963 --> 00:05:54,111 and we can toggle it to more advanced settings. 71 00:05:54,876 --> 00:06:00,225 You have to select or just leave this as it is, username, 72 00:06:00,225 --> 00:06:06,120 if you do not enter a password, a password will be generated and shown to you 73 00:06:06,120 --> 00:06:07,706 and sent by e-mail. 74 00:06:08,435 --> 00:06:11,445 I will now just type in the password. 75 00:06:11,932 --> 00:06:15,019 It's here in clear text, for me that's fine because 76 00:06:15,019 --> 00:06:21,430 there's also a comment that you should change the password after the installation 77 00:06:21,430 --> 00:06:27,337 and I do not like to enter passwords twice so you can see what you typed in 78 00:06:27,337 --> 00:06:33,311 and hopefully do not make any wrong mistakes. 79 00:06:33,636 --> 00:06:38,311 For example, we could select the Stretch distribution with backports, 80 00:06:38,311 --> 00:06:42,208 so we will get a 4.15 kernel with Stretch. 81 00:06:43,221 --> 00:06:47,687 There are some buttons we can say we want to have some Debian developer tools. 82 00:06:48,246 --> 00:06:54,145 This is what I defined in the FAI configuration, so just a list of packages. 83 00:06:55,041 --> 00:06:59,219 Here, you can enter you own packages. 84 00:07:01,301 --> 00:07:04,548 I will select the desktop. 85 00:07:04,832 --> 00:07:09,340 You can have an installation without any desktop, so a very small installation. 86 00:07:10,963 --> 00:07:16,042 I will select the XFCE desktop, but all the other desktops are here. 87 00:07:16,368 --> 00:07:21,935 The language, these are just task packages that are… 88 00:07:22,343 --> 00:07:26,532 I think Debian has much more task packages, I just searched which are 89 00:07:26,532 --> 00:07:35,516 the most common languages, and what I do if I say I want the spanish language, 90 00:07:35,516 --> 00:07:37,986 also the keyboard layout is spanish. 91 00:07:39,254 --> 00:07:43,239 I know there are different combinations and with local time, 92 00:07:43,239 --> 00:07:47,071 it's getting more difficult. 93 00:07:47,999 --> 00:07:53,121 This installation will install the clock with UTC, so if you want to set 94 00:07:53,121 --> 00:07:55,315 your time, you have to do this manually. 95 00:07:55,751 --> 00:07:59,951 I want to cover the most common installations. 96 00:08:02,389 --> 00:08:11,372 We select english US, the desktop and, as an example, the midnight commander 97 00:08:11,372 --> 00:08:12,746 and GIMP. 98 00:08:13,242 --> 00:08:21,050 I can add an email address so if it would take longer, 99 00:08:21,050 --> 00:08:26,333 for example if this service will have success and a lot of people are using it, 100 00:08:26,333 --> 00:08:30,992 you may wait for some minutes so your job will be finished. 101 00:08:31,774 --> 00:08:37,990 So here are the comments, how to reconfigure the keyboard or the timezone 102 00:08:37,990 --> 00:08:41,568 and then you just click "Create the installation image". 103 00:08:42,138 --> 00:08:49,333 Now, in the background, there's some job, a script, looking "Oh, there's a new job" 104 00:08:49,333 --> 00:08:54,117 and there's a summary of the configuration, of the web configuration. 105 00:08:55,504 --> 00:08:59,164 Down here you see these are the FAI classes, 106 00:08:59,164 --> 00:09:01,849 I will explain a little bit more about this. 107 00:09:02,092 --> 00:09:06,552 But with this information, FAI configuration is generated, 108 00:09:06,884 --> 00:09:10,179 that's what normally the experienced sysadmins have to create 109 00:09:10,909 --> 00:09:17,541 but here you just click on some buttons and it will be done for you. 110 00:09:21,889 --> 00:09:26,272 In the meantime, we have some more advanced features 111 00:09:26,272 --> 00:09:28,744 which I will also show you later. 112 00:09:29,036 --> 00:09:34,752 For example, this very simple installation just creates one partition 113 00:09:34,752 --> 00:09:39,923 but you can also select that you want to have a separate /home partition 114 00:09:39,923 --> 00:09:45,733 or using lvm just by selecting this on the web interface. 115 00:09:47,278 --> 00:09:55,123 You can also add your SSH public key for logging as root without a password 116 00:09:55,123 --> 00:10:00,649 or what's very nice, I found the new Ubuntu installer does this, 117 00:10:00,649 --> 00:10:05,277 you can give your github account and then there's a command which 118 00:10:05,277 --> 00:10:09,791 receives the public key from your github account and puts it 119 00:10:09,791 --> 00:10:12,959 into the root account so you can log in without password. 120 00:10:13,239 --> 00:10:14,778 I think that's very neat. 121 00:10:15,296 --> 00:10:22,037 And if you have a repository with your own packages, you could also add this and say 122 00:10:22,037 --> 00:10:26,508 "Please install those packages from my publicly available repository." 123 00:10:28,663 --> 00:10:29,994 Let's see. 124 00:10:30,479 --> 00:10:34,747 As we see, this job finished in 74 seconds. 125 00:10:35,891 --> 00:10:40,004 Now, this customised installation image is available for download. 126 00:10:40,658 --> 00:10:43,100 You can also download the log file. 127 00:10:43,548 --> 00:10:47,325 Since this is an installation image, I first have to create 128 00:10:47,325 --> 00:10:50,213 a partial package mirror. 129 00:10:51,960 --> 00:10:56,882 This is done by the command 'fai-mirror' and you can also read the log of 130 00:10:56,882 --> 00:11:04,569 this call of the fai-mirror, where a list of all you packages with all the dependencies 131 00:11:04,569 --> 00:11:06,155 are available. 132 00:11:06,400 --> 00:11:12,941 So you see, these are the list of packages and later they are downloaded 133 00:11:12,941 --> 00:11:21,402 and in the end, it says it created a mirror of 1G of packages 134 00:11:21,402 --> 00:11:24,328 and since I have a local mirror, it's very fast. 135 00:11:24,979 --> 00:11:31,113 This is the one part on the installation image partial mirror with all the packages 136 00:11:31,113 --> 00:11:36,427 and the other is that the config space which you can also download. 137 00:11:36,973 --> 00:11:41,353 So this is the config space that was really created for you 138 00:11:41,353 --> 00:11:43,627 by clicking the web interface. 139 00:11:44,025 --> 00:11:47,977 If you want to do more things with FAI, you can set up your own FAI server 140 00:11:47,977 --> 00:11:50,047 and use this configuration space. 141 00:11:51,596 --> 00:11:56,921 And, that's also very new, the two commands that are used for creating this ISO image 142 00:11:56,921 --> 00:11:59,562 are now also listed there. 143 00:12:00,010 --> 00:12:04,723 First, create the partial mirror and then create the installation image. 144 00:12:06,355 --> 00:12:10,988 Ok, copy link location… 145 00:12:11,804 --> 00:12:14,446 Let's see how good the network is here. 146 00:12:20,096 --> 00:12:21,638 [Q] It's a rather large image. 147 00:12:22,167 --> 00:12:28,789 Yeah, because it includes all the packages and with Xfce, LibreOffice and so on 148 00:12:29,114 --> 00:12:32,931 and the installation environment is maybe about 200MB. 149 00:12:33,413 --> 00:12:38,053 That's not much bigger than the Debian installer that you need to download. 150 00:12:39,193 --> 00:12:42,851 So, 2, 1, done. 151 00:12:47,731 --> 00:12:56,278 I have a little wrapper which calls a fresh kvm machine 152 00:12:56,278 --> 00:13:01,115 with an empty disk and boots this ISO image 153 00:13:01,115 --> 00:13:05,914 and then we will see how this installation runs. 154 00:13:07,990 --> 00:13:10,257 So this is dracut booting the image 155 00:13:11,200 --> 00:13:17,289 and now you see there are already some parted commands executed 156 00:13:17,289 --> 00:13:21,955 and now the packages are installed and everything runs on 157 00:13:21,955 --> 00:13:24,313 and in the end some customization script. 158 00:13:24,880 --> 00:13:29,392 We use only shell scripts for doing some customizations 159 00:13:29,392 --> 00:13:33,250 and you see the files are downloaded from /media/mirror 160 00:13:33,250 --> 00:13:35,893 so this is local on the ISO image. 161 00:13:36,422 --> 00:13:40,336 It would also be possible to create an image without the packages 162 00:13:40,336 --> 00:13:45,452 and then give another sources.list file so the packages would be downloaded 163 00:13:45,452 --> 00:13:51,585 from the internet but this default in the FAI service, 164 00:13:51,585 --> 00:13:54,632 we put everything onto the ISO image. 165 00:13:58,213 --> 00:14:01,140 I guess it will run for 4 minutes. 166 00:14:03,418 --> 00:14:07,310 [Q] ??? 167 00:14:08,332 --> 00:14:09,305 Yeah. 168 00:14:14,019 --> 00:14:16,575 What I will show you now is… 169 00:14:17,019 --> 00:14:21,083 So, this was the simple one, now I toggle this web page and 170 00:14:21,083 --> 00:14:25,594 you will see that there are some more questions you may answer, 171 00:14:25,594 --> 00:14:29,415 for example you can give a root password. 172 00:14:29,740 --> 00:14:32,869 If you leave this empty, sudo will be configured. 173 00:14:33,633 --> 00:14:39,418 Here you can upload the SSH key or give your Github account, 174 00:14:39,418 --> 00:14:41,373 that would be Mrfai for me. 175 00:14:42,554 --> 00:14:46,290 With the partitioning schemes, we have one partition 176 00:14:46,290 --> 00:14:52,508 or one partition and /home separated or these two versions with LVM. 177 00:14:53,157 --> 00:14:59,376 FAI itself can do much more, we could do soft raid set ups, cryptsetup 178 00:14:59,376 --> 00:15:03,802 but here I want to cover the most common installation, so very simple 179 00:15:03,802 --> 00:15:06,888 we have only 4 things that you can choose. 180 00:15:08,188 --> 00:15:10,671 [Q] For encryption? 181 00:15:11,037 --> 00:15:11,802 [A] Yes. 182 00:15:15,757 --> 00:15:19,009 So, this was the partitioning things. 183 00:15:19,374 --> 00:15:25,270 This is the new feature where you can add an URL for your local package repository 184 00:15:25,270 --> 00:15:30,723 and the rest is the same, you can add packages you like, your email address 185 00:15:30,723 --> 00:15:33,366 and then also create an installation image. 186 00:15:36,378 --> 00:15:44,434 I normally set… By default, I include the nonfree linux firmware. 187 00:15:45,408 --> 00:15:51,824 This is because my target audience is an end user and I want to make it 188 00:15:51,824 --> 00:15:56,087 very comfortable for them, so yeah, they can just install it 189 00:15:56,087 --> 00:15:58,083 and do not have these problems. 190 00:15:58,411 --> 00:16:02,431 And since this is not on an official debian.org web site, 191 00:16:02,431 --> 00:16:07,634 I can do this with this default. 192 00:16:11,373 --> 00:16:14,020 Let's see, the installation is still running. 193 00:16:17,277 --> 00:16:19,847 So, advanced features. 194 00:16:21,340 --> 00:16:23,618 The next thing after this installation, 195 00:16:23,618 --> 00:16:26,584 I will show you how to create cloud images. 196 00:16:27,115 --> 00:16:31,582 Currently, we create an installation image, 197 00:16:31,582 --> 00:16:34,590 when you boot it, the installation is run fully automatically. 198 00:16:35,160 --> 00:16:42,761 The other type of service FAI.me gives to you is that it creates a raw image 199 00:16:42,761 --> 00:16:47,798 or some other formats as you see here, qcow2 and whatever 200 00:16:47,798 --> 00:16:51,491 which you can just boot and the installation is already done. 201 00:16:53,857 --> 00:16:58,330 But first, see if the installation finish. 202 00:17:00,066 --> 00:17:01,538 Ah! Ok. 203 00:17:02,027 --> 00:17:07,878 These are now the shell scripts that are executed for the customization 204 00:17:07,878 --> 00:17:13,810 of like /etc/messages of today, /etc/network/interfaces is written 205 00:17:13,810 --> 00:17:15,394 and so on. 206 00:17:15,759 --> 00:17:21,528 You see the installation took 236s, it says there are some errors 207 00:17:21,528 --> 00:17:24,219 but that's not really true. 208 00:17:24,786 --> 00:17:29,182 And it stops here, but we can also disable this, this is only for showing 209 00:17:29,182 --> 00:17:31,414 everything went well 210 00:17:31,414 --> 00:17:34,628 and now we just reboot the machine. 211 00:17:37,351 --> 00:17:39,259 You see the grub. 212 00:17:46,696 --> 00:17:49,503 Ok, Xfce desktop. 213 00:17:51,049 --> 00:17:55,597 debian was the user with password FAI. 214 00:18:00,025 --> 00:18:08,474 We have "uname -a", this is 4.16, the backports kernel was installed there. 215 00:18:08,474 --> 00:18:13,955 We have only one partition, no LVM 216 00:18:13,955 --> 00:18:21,094 and I told it to install gimp which is not installed by default. 217 00:18:21,414 --> 00:18:24,436 Gimp is there, so this is nice. 218 00:18:24,954 --> 00:18:27,160 And the midnight commander is also there. 219 00:18:30,529 --> 00:18:34,310 And now we just throw this machine. Gone. 220 00:18:35,734 --> 00:18:43,061 What's very nice with this wrapper script, it creates the local disk 221 00:18:43,061 --> 00:18:47,529 of the virtual machine in /tmp which is a RAM disk and I love RAM, 222 00:18:47,854 --> 00:18:50,051 it's so nice and fast. 223 00:18:50,983 --> 00:18:55,578 So, this was installation image and now we look at the cloud image. 224 00:18:56,877 --> 00:19:01,183 First, you can say how big should your disk image be. 225 00:19:04,120 --> 00:19:10,328 Here, I say 8GB, you will see it's not an 8GB image 226 00:19:10,328 --> 00:19:12,810 that you have to download later. 227 00:19:13,218 --> 00:19:17,651 By default, I use zstd compression. 228 00:19:18,424 --> 00:19:21,514 Anyone who does not know this compression? 229 00:19:22,495 --> 00:19:27,543 This is very fast, very new, created by Facebook if I'm correct. 230 00:19:29,159 --> 00:19:37,583 It's for very big files and what you should never use is gzip with sparse images. 231 00:19:38,394 --> 00:19:41,643 The disk image is sparse and gzip cannot handle this 232 00:19:41,643 --> 00:19:45,710 so if you compress it and uncompress it it will be very large 233 00:19:45,710 --> 00:19:52,579 and all the other, xz, zstd, can handle sparse files very nicely. 234 00:19:54,000 --> 00:20:02,125 So, the hostname is set, the root password, username with a password. 235 00:20:02,524 --> 00:20:04,526 Now we want to install Buster. 236 00:20:07,087 --> 00:20:08,957 Maybe with no… 237 00:20:12,007 --> 00:20:15,385 Oh, we also do the Xfce desktop. 238 00:20:16,443 --> 00:20:20,097 Any packages you'd like to have in this cloud image. 239 00:20:21,108 --> 00:20:24,687 "desktop" and "cloud" image does not make that much sense, maybe. 240 00:20:26,717 --> 00:20:30,780 Emacs25, ok. 241 00:20:32,888 --> 00:20:36,679 And now "Create disk image". 242 00:20:37,451 --> 00:20:42,127 This will take a little bit longer because we are doing the installation 243 00:20:42,127 --> 00:20:45,417 inside a file image. 244 00:20:46,350 --> 00:20:52,252 But no problem, I can tell you what other ideas I have. 245 00:20:52,823 --> 00:21:01,591 So, currently we have the installation and the cloud or virtual machine images for amd64 246 00:21:01,591 --> 00:21:08,462 FAI itself can also do cross-architecture images so it would be some work 247 00:21:08,462 --> 00:21:14,191 to extend the web page to say "Please create an arm64 image" 248 00:21:14,191 --> 00:21:21,998 It would be very nice to have predefined configs for raspberry pi or 249 00:21:21,998 --> 00:21:24,110 all the very different boards 250 00:21:24,556 --> 00:21:26,785 but that would also be possible. 251 00:21:28,577 --> 00:21:33,041 I guess the next thing I will implement is other distributions 252 00:21:33,041 --> 00:21:35,852 because I know people are always asking it. 253 00:21:36,299 --> 00:21:38,414 Not you but the Ubuntu guys. 254 00:21:39,798 --> 00:21:44,925 Yesterday I did the first test with Ubuntu bionic, the LTS release 255 00:21:44,925 --> 00:21:47,325 and FAI just works out of the box with it. 256 00:21:47,854 --> 00:21:53,867 So what I have to do is to integrate it in these FAI.me processing scripts. 257 00:21:55,405 --> 00:22:00,323 Ready-to-go cloud images for the big cloud providers. 258 00:22:02,643 --> 00:22:06,438 That's only a different FAI config space that I have to use. 259 00:22:06,884 --> 00:22:11,070 Currently, for example, in what I call cloud images, I do not install 260 00:22:11,070 --> 00:22:12,693 the package cloud image. 261 00:22:13,912 --> 00:22:16,674 That's needed for all the ones. 262 00:22:17,842 --> 00:22:24,865 I'm also working in the Debian cloud team and this team decided 2 years ago 263 00:22:24,865 --> 00:22:29,873 that the tool chain in the future for the official Debian package will be FAI. 264 00:22:31,052 --> 00:22:36,937 Amazon is already using it, so if you boot or if you use a Debian cloud image 265 00:22:36,937 --> 00:22:41,284 in Amazon, Noah Meyerhans did this and he's using the FAI tool chain for it. 266 00:22:41,975 --> 00:22:48,562 Google is not yet using it because there was a very small problem 267 00:22:48,562 --> 00:22:51,737 in a config file we had one space too much 268 00:22:51,737 --> 00:22:55,273 which caused grub to hang forever 269 00:22:55,273 --> 00:23:00,657 and that was the reason why they decided for Stretch to use their own tool chain. 270 00:23:01,041 --> 00:23:06,125 But the things are working so we have the config space also for Google. 271 00:23:07,293 --> 00:23:12,264 And also for Azure, some people from Credativ did this. 272 00:23:14,911 --> 00:23:18,482 The Debian cloud team already has the FAI configuration for 273 00:23:18,482 --> 00:23:23,521 the big tool providers, cloud providers. 274 00:23:24,821 --> 00:23:30,955 We could also think on a more generic FAI installation image. 275 00:23:31,889 --> 00:23:37,337 It's an image that you would boot up and then enter your job id of the web page 276 00:23:37,337 --> 00:23:39,778 and then the configuration would be downloaded 277 00:23:39,778 --> 00:23:42,945 and the packages would be just received from the internet. 278 00:23:43,637 --> 00:23:45,144 That was one… 279 00:23:45,511 --> 00:23:49,697 So, the image would be much smaller because the packages do not need to be 280 00:23:49,697 --> 00:23:52,865 on the installation image. 281 00:23:54,690 --> 00:23:57,859 It's also possible to create live images with FAI. 282 00:23:58,590 --> 00:24:00,136 It is a little bit more… 283 00:24:01,272 --> 00:24:06,558 Currently, you need some manual work but that should be also possible 284 00:24:06,558 --> 00:24:11,157 to use FAI for creating live image and then also to provide this 285 00:24:11,157 --> 00:24:13,802 on the FAI.me web service. 286 00:24:14,574 --> 00:24:17,738 If you want to customize much more inside the image, you just say 287 00:24:17,738 --> 00:24:21,882 "Oh, I have some Ansible scripts that I want to execute at the very end" 288 00:24:22,070 --> 00:24:26,967 then I say "Ok, this is just a starting point, use the FAI.me service 289 00:24:26,967 --> 00:24:31,844 and if you're happy with the FAI tools, then set up your own FAI server, 290 00:24:31,844 --> 00:24:37,856 create your own configuration space and then you can do all the crazy things." 291 00:24:39,773 --> 00:24:42,335 So, how does FAI.me work internally. 292 00:24:43,148 --> 00:24:47,861 We have a web server where there are some CGI scripts and 293 00:24:47,861 --> 00:24:53,548 this is not the build server, so on the web server, you click "Submit" 294 00:24:53,548 --> 00:25:02,054 "Create my image", all the input is validated so you cannot make nasty things 295 00:25:02,054 --> 00:25:08,682 and then the CGI writes or creates a subdirectory and puts 2 files in it, 296 00:25:08,916 --> 00:25:10,301 a config and a meta file 297 00:25:11,561 --> 00:25:14,937 and writes a status "waiting for processing". 298 00:25:15,344 --> 00:25:19,451 Then, the other server, the build server reads this config and 299 00:25:19,451 --> 00:25:25,057 this is just an NFS mounted directory, and sees 300 00:25:25,057 --> 00:25:27,169 "Oh there's a new job I have to process". 301 00:25:30,147 --> 00:25:33,615 In this processing script we pass for some errors. 302 00:25:34,304 --> 00:25:39,624 What's happening very often that people type in a package that's not available 303 00:25:39,624 --> 00:25:45,239 and this will be detected and then a new version of the web page will pop up and say 304 00:25:45,239 --> 00:25:48,692 "Oh, when creating the package mirror, there was an error 305 00:25:48,692 --> 00:25:50,929 because this package was not known." 306 00:25:52,882 --> 00:25:54,062 Sometimes I have to… 307 00:25:54,508 --> 00:25:57,645 Every night, I create new nfsroots for Buster. 308 00:25:59,105 --> 00:26:03,172 If there are security updates, I have to create new nfsroots 309 00:26:03,172 --> 00:26:05,073 for Stretch and backports. 310 00:26:05,598 --> 00:26:10,079 I have some cleanup, so if a lot of jobs are created, 311 00:26:10,079 --> 00:26:12,758 the images are on the disk after, 312 00:26:12,758 --> 00:26:17,270 normally I say after one day I just remove the images 313 00:26:17,270 --> 00:26:20,567 so you have one day to download the images. 314 00:26:22,761 --> 00:26:25,763 There's 3 different configurations 315 00:26:25,763 --> 00:26:28,894 /etc/fai-stretch, /etc/buster, /etc/fai-stretch-bpo (backports) 316 00:26:29,129 --> 00:26:30,846 We need for the installation image 317 00:26:30,846 --> 00:26:36,336 We need a different nfsroot, but the config space that is shared 318 00:26:36,336 --> 00:26:38,283 about all configurations, 319 00:26:38,283 --> 00:26:41,209 so it doesn't matter if I install 320 00:26:41,209 --> 00:26:46,293 Stretch or Stretch backports or Buster, 321 00:26:46,293 --> 00:26:49,583 I can use the same FAI configuration. 322 00:26:49,949 --> 00:26:53,520 Also, for building the cloud images, I use the same FAI configuration. 323 00:26:56,327 --> 00:27:04,656 A new job is detected, then a copy of the configuration space will be made 324 00:27:04,656 --> 00:27:07,913 and it will be customized a little bit. 325 00:27:08,352 --> 00:27:10,430 So there are a very very few changes, 326 00:27:10,430 --> 00:27:16,686 for example I have to put the SSH key into your customized configuration space 327 00:27:16,686 --> 00:27:20,626 or the list of packages or the user and root password. 328 00:27:21,475 --> 00:27:25,697 Then we have two things, if we want to create the installation image, 329 00:27:25,697 --> 00:27:31,148 I first have to create the partial package mirror and then create the installation image 330 00:27:31,148 --> 00:27:35,700 For the cloud images, we do not need the nfsroot, we just need 331 00:27:35,700 --> 00:27:38,914 the configuration space which is customized a little bit 332 00:27:38,914 --> 00:27:41,543 and then we can just create the disk image 333 00:27:41,543 --> 00:27:46,590 so there's one step less compared to creating the installation ISO. 334 00:27:47,765 --> 00:27:51,507 The status on the web page will be updated, log files written 335 00:27:51,507 --> 00:27:55,375 and if the user said "Please send me an email if my job is ready", 336 00:27:55,375 --> 00:27:57,736 this will also be sent to the user. 337 99:59:59,999 --> 99:59:59,999 The we have the ISO or the disk image and this will be copied back 338 99:59:59,999 --> 99:59:59,999 to the web server where the user can then download it. 339 99:59:59,999 --> 99:59:59,999 And since I have a lot of RAM in this machine, 340 99:59:59,999 --> 99:59:59,999 everything is run in RAM, very very nice. 341 99:59:59,999 --> 99:59:59,999 As I said, we need an nfsroot, a configuration space and FAI classes. 342 99:59:59,999 --> 99:59:59,999 This is a very central component in FAI 343 99:59:59,999 --> 99:59:59,999 and this is just a list of names. 344 99:59:59,999 --> 99:59:59,999 So in HOME_LVM, this is the class name, the FAI class we describe 345 99:59:59,999 --> 99:59:59,999 and I think this is that example: 346 99:59:59,999 --> 99:59:59,999 HOME_LVM describes how to partition the local hard disk. 347 99:59:59,999 --> 99:59:59,999 This is our very flexible tool where we can do LVM, cryptsetups, 348 99:59:59,999 --> 99:59:59,999 software RAIDs and so on. 349 99:59:59,999 --> 99:59:59,999 But for the FAI.me service, I just created 4 different types of partitioning 350 99:59:59,999 --> 99:59:59,999 and this is the HOME_LVM example. 351 99:59:59,999 --> 99:59:59,999 So we have a list of classes and, as I said, 352 99:59:59,999 --> 99:59:59,999 just two commands for the installation image with a list of classes 353 99:59:59,999 --> 99:59:59,999 and for the cloud image, I have to say how big should the disk image be, 354 99:59:59,999 --> 99:59:59,999 the list of classes and what's the target file that should be created. 355 99:59:59,999 --> 99:59:59,999 Let's see if this is ready. 356 99:59:59,999 --> 99:59:59,999 Yes, it's ready. 357 99:59:59,999 --> 99:59:59,999 So… 358 99:59:59,999 --> 99:59:59,999 It's 1.1GB. 359 99:59:59,999 --> 99:59:59,999 Is this really the… oh yeah, raw. 360 99:59:59,999 --> 99:59:59,999 No problem, let's download it, it should be fast. 361 99:59:59,999 --> 99:59:59,999 This is the normal architecture if you use FAI in a client/server set up. 362 99:59:59,999 --> 99:59:59,999 You should just look on the left side where you see 363 99:59:59,999 --> 99:59:59,999 you need the config space, an nfsroot and a mirror 364 99:59:59,999 --> 99:59:59,999 and these parts will put onto the CD. 365 99:59:59,999 --> 99:59:59,999 If you ??? network installation thing, 366 99:59:59,999 --> 99:59:59,999 this is of things get from the server to the client. 367 99:59:59,999 --> 99:59:59,999 For the software installation, we have another subdirectory called package_config 368 99:59:59,999 --> 99:59:59,999 and there you also see several files where the file name is a FAI class. 369 99:59:59,999 --> 99:59:59,999 Since in the FAI.me service every client belongs to the class DEBIAN, 370 99:59:59,999 --> 99:59:59,999 it will install the packages that are listed on the ??? 371 99:59:59,999 --> 99:59:59,999 and here we have an other class, NONFREE 372 99:59:59,999 --> 99:59:59,999 These packages are only installed if you also said 373 99:59:59,999 --> 99:59:59,999 "Please install the nonfree packages" 374 99:59:59,999 --> 99:59:59,999 and this is mapped to a FAI class called NONFREE. 375 99:59:59,999 --> 99:59:59,999 And there's an other class for AMD64 and so on. 376 99:59:59,999 --> 99:59:59,999 Some references. 377 99:59:59,999 --> 99:59:59,999 In the past, it looked more like this when I said 378 99:59:59,999 --> 99:59:59,999 "Oh, who's using FAI?" and during the last month I collected some logos 379 99:59:59,999 --> 99:59:59,999 just because it's much nicer. 380 99:59:59,999 --> 99:59:59,999 Let's see if the download was ready. 381 99:59:59,999 --> 99:59:59,999 We unzstd the FAI.me image, faime-013Z image 382 99:59:59,999 --> 99:59:59,999 On the web site, I said I want to have a 8GB partition, 383 99:59:59,999 --> 99:59:59,999 so now let's see how big it is. 384 99:59:59,999 --> 99:59:59,999 The file is 8, but since it's a sparse file it's only 3.5GB 385 99:59:59,999 --> 99:59:59,999 and the compressed was 1.1GB. 386 99:59:59,999 --> 99:59:59,999 Now I use my wrapper 387 99:59:59,999 --> 99:59:59,999 and I say "Boot from disk" and this is the FAI.me raw image, disk image 388 99:59:59,999 --> 99:59:59,999 that should be booted up. 389 99:59:59,999 --> 99:59:59,999 That's it. 390 99:59:59,999 --> 99:59:59,999 debian/fai 391 99:59:59,999 --> 99:59:59,999 Let's see if emacs is installed, yes. 392 99:59:59,999 --> 99:59:59,999 Gimp is already there, hopefully, and the blue midnight commander. 393 99:59:59,999 --> 99:59:59,999 Let's see. 394 99:59:59,999 --> 99:59:59,999 Questions. 395 99:59:59,999 --> 99:59:59,999 [Q] I'm using the preseed file for the debian-installer, 396 99:59:59,999 --> 99:59:59,999 do you have a conversion between your syntax and your configuration files 397 99:59:59,999 --> 99:59:59,999 and the preseed file or maybe can you add a download button for the preseed file 398 99:59:59,999 --> 99:59:59,999 to your web site because I think it's rather nice to have it displayed 399 99:59:59,999 --> 99:59:59,999 in web site first. 400 99:59:59,999 --> 99:59:59,999 [A] I'm not using the debian-installer. 401 99:59:59,999 --> 99:59:59,999 I use preseeding, yes, the debconf preseeding for the normal packages 402 99:59:59,999 --> 99:59:59,999 you can do this also in FAI and it's the same format 403 99:59:59,999 --> 99:59:59,999 you get with debconf-get-selections. 404 99:59:59,999 --> 99:59:59,999 And what you get is you can download your own FAI config space 405 99:59:59,999 --> 99:59:59,999 and this includes all information you need to set up, 406 99:59:59,999 --> 99:59:59,999 to do this mirror FAI CD or the FAI disk image command. 407 99:59:59,999 --> 99:59:59,999 But you cannot convert this config into a d-i preseeding or vice versa, 408 99:59:59,999 --> 99:59:59,999 that's not possible. 409 99:59:59,999 --> 99:59:59,999 Because for example, for the partitioning part I do not like to create 410 99:59:59,999 --> 99:59:59,999 from my disk config partman preseeding file. 411 99:59:59,999 --> 99:59:59,999 You can pay me a lot of money, I will never do this. 412 99:59:59,999 --> 99:59:59,999 You know that the partman preseeding is very ugly and very heavy. 413 99:59:59,999 --> 99:59:59,999 For other things, yes, selection of, for example, the selection of the language 414 99:59:59,999 --> 99:59:59,999 These are the normal preseeding we use. 415 99:59:59,999 --> 99:59:59,999 And the list of packages, task selec… 416 99:59:59,999 --> 99:59:59,999 I think it's much easier to do this in the FAI configuration than to create 417 99:59:59,999 --> 99:59:59,999 a debian-installer preseeding. 418 99:59:59,999 --> 99:59:59,999 And why use d-i if this works for you? 419 99:59:59,999 --> 99:59:59,999 [Q] d-i works as well for me. 420 99:59:59,999 --> 99:59:59,999 [A] Yes, then fine, use it. 421 99:59:59,999 --> 99:59:59,999 [Q] Hi Thomas. Thank you very much for this new feature in the FAI project, 422 99:59:59,999 --> 99:59:59,999 it's very nice and I found very great that you have the output of the commands 423 99:59:59,999 --> 99:59:59,999 that you used to create the ISO image or the cloud file. 424 99:59:59,999 --> 99:59:59,999 A question that I have is, in which servers are located the files that we create, 425 99:59:59,999 --> 99:59:59,999 the ISO or the cloud. 426 99:59:59,999 --> 99:59:59,999 Is it a server that you own host or… 427 99:59:59,999 --> 99:59:59,999 [A] Trust me. 428 99:59:59,999 --> 99:59:59,999 Currently, 429 99:59:59,999 --> 99:59:59,999 both the web server and the FAI.me processing build server are run 430 99:59:59,999 --> 99:59:59,999 on two machines at the university where I work as a system administrator 431 99:59:59,999 --> 99:59:59,999 so that's also where we have a very fast connection. 432 99:59:59,999 --> 99:59:59,999 The CGI script and shell script that is processing these jobs is currently 433 99:59:59,999 --> 99:59:59,999 not open source. 434 99:59:59,999 --> 99:59:59,999 There are plans to do this, I'm not sure when. 435 99:59:59,999 --> 99:59:59,999 If you want to reproduce the things, you have the config file and you can download 436 99:59:59,999 --> 99:59:59,999 the FAI software and use these one or two commands to reproduce it. 437 99:59:59,999 --> 99:59:59,999 Some people said "Oh, very nice service, I would like to set up in my company". 438 99:59:59,999 --> 99:59:59,999 Then please yes, contact me and… 439 99:59:59,999 --> 99:59:59,999 Currently there are no concrete plans to make these background scripts open source 440 99:59:59,999 --> 99:59:59,999 but it will be in some future. 441 99:59:59,999 --> 99:59:59,999 But currently, you have to trust me as you also have to trust the package maintainers 442 99:59:59,999 --> 99:59:59,999 that will be installed there. 443 99:59:59,999 --> 99:59:59,999 But you can verify it or say "I do not trust Thomas but I will just grab 444 99:59:59,999 --> 99:59:59,999 the FAI config space and this on my own". 445 99:59:59,999 --> 99:59:59,999 [Q] Thank you. 446 99:59:59,999 --> 99:59:59,999 [Q] There's a question from the internet. 447 99:59:59,999 --> 99:59:59,999 Why not use a proper job queuing system like grid engine or similar? 448 99:59:59,999 --> 99:59:59,999 [A] I'm using grid engine at work for different things. 449 99:59:59,999 --> 99:59:59,999 It started as a very simple project, so in the end it's just a loop which 450 99:59:59,999 --> 99:59:59,999 checks if there's new jobs on that. 451 99:59:59,999 --> 99:59:59,999 Currently, I do not process jobs in parallel, currently there's no need for it 452 99:59:59,999 --> 99:59:59,999 If this project will be very successful, yeah, I have to use a queuing system. 453 99:59:59,999 --> 99:59:59,999 It's, yeah, a very simple script. 454 99:59:59,999 --> 99:59:59,999 But it would be also possible with a proper queuing system. 455 99:59:59,999 --> 99:59:59,999 More questions? 456 99:59:59,999 --> 99:59:59,999 [Q] I have a bunch of questions. 457 99:59:59,999 --> 99:59:59,999 First, what is it that you use for partitioning? 458 99:59:59,999 --> 99:59:59,999 [A] I'm using a poll script that we wrote several years ago in FAI 459 99:59:59,999 --> 99:59:59,999 and we defined this config file, this package config 460 99:59:59,999 --> 99:59:59,999 and the Perl script parses this script and then executes the parted and mkfs command 461 99:59:59,999 --> 99:59:59,999 which you can see in the log files, so if you want to see what does FAI do 462 99:59:59,999 --> 99:59:59,999 after parsing this, which commands are executed, you see everything 463 99:59:59,999 --> 99:59:59,999 on the log files. 464 99:59:59,999 --> 99:59:59,999 [Q] Right, but so you turn this text into partitioning… 465 99:59:59,999 --> 99:59:59,999 [A] commands, yeah. 466 99:59:59,999 --> 99:59:59,999 [Q] But the text looks like this, like with the spaces and everything. 467 99:59:59,999 --> 99:59:59,999 [A] You can use more or less spaces or do you like, 468 99:59:59,999 --> 99:59:59,999 should I convert it to XML? 469 99:59:59,999 --> 99:59:59,999 [Q] Ok, then my next question is 470 99:59:59,999 --> 99:59:59,999 what are you using the nfsroot for when you're generating the images? 471 99:59:59,999 --> 99:59:59,999 [A] The nfsroot is used only for the installation image. 472 99:59:59,999 --> 99:59:59,999 When I do the installation, I need to boot the machine as a diskless client, 473 99:59:59,999 --> 99:59:59,999 so it's just what the debian-installer into RAM, 474 99:59:59,999 --> 99:59:59,999 you need a running Linux system. 475 99:59:59,999 --> 99:59:59,999 This is our nfsroot, on the installation image. 476 99:59:59,999 --> 99:59:59,999 When you boot installation image, this nfsroot with all the commands we need 477 99:59:59,999 --> 99:59:59,999 are started without using the local disk and then we can do 478 99:59:59,999 --> 99:59:59,999 everything on the disk, /root and /target and so on. 479 99:59:59,999 --> 99:59:59,999 The nfsroot is the system that is running during the installation. 480 99:59:59,999 --> 99:59:59,999 [Q] Ok, but there's no need for this to be nfs, it could be a 481 99:59:59,999 --> 99:59:59,999 [A] It's called nfsroot. 482 99:59:59,999 --> 99:59:59,999 This is very common that people call it nfsroot 483 99:59:59,999 --> 99:59:59,999 and if you have this network installation thing, it's really an nfsroot. 484 99:59:59,999 --> 99:59:59,999 But you're right. 485 99:59:59,999 --> 99:59:59,999 On the installation ISO, it's not nfs, it's just a local file system, yes. 486 99:59:59,999 --> 99:59:59,999 [Q] Alright. So, I think it's my last comment. 487 99:59:59,999 --> 99:59:59,999 You have the ISO from which you install and when you install from the ISO 488 99:59:59,999 --> 99:59:59,999 you're installing then packages on the machine, and then you have the image 489 99:59:59,999 --> 99:59:59,999 which is like a disk image that has the packages already installed, 490 99:59:59,999 --> 99:59:59,999 so you skip the installing step. 491 99:59:59,999 --> 99:59:59,999 Have you thought about having an intermediate thing 492 99:59:59,999 --> 99:59:59,999 where you download an image that already has the packages installed? 493 99:59:59,999 --> 99:59:59,999 [A] That's also possible. 494 99:59:59,999 --> 99:59:59,999 When you do an installation, before you can change root in the new system 495 99:59:59,999 --> 99:59:59,999 for adding packages, you have to call debootstrap. 496 99:59:59,999 --> 99:59:59,999 What we do, we call debootstrap once and create a tar file out of it. 497 99:59:59,999 --> 99:59:59,999 This is our minimal… in the former days it was the floppy disk, 498 99:59:59,999 --> 99:59:59,999 our base tar.gz file, 499 99:59:59,999 --> 99:59:59,999 so you could exchange the minimal tar file with whatever tar file you have. 500 99:59:59,999 --> 99:59:59,999 That's for example what we do if we install Ubuntu. 501 99:59:59,999 --> 99:59:59,999 We boot the installation system which is a Debian system 502 99:59:59,999 --> 99:59:59,999 and then create the local filesystem and extract an Ubuntu base image 503 99:59:59,999 --> 99:59:59,999 and then we can change root into the Ubunto or the same for CentOS and so on 504 99:59:59,999 --> 99:59:59,999 then we can change root into the other Linux system and add packages there. 505 99:59:59,999 --> 99:59:59,999 If you have already a bigger image with some more packages added there, 506 99:59:59,999 --> 99:59:59,999 it's very easy to say "Do not extract the Debian Stretch image 507 99:59:59,999 --> 99:59:59,999 but use my image which also includes other tools." 508 99:59:59,999 --> 99:59:59,999 And if you are fine with that, you can just extract the tar file. 509 99:59:59,999 --> 99:59:59,999 [Q] Ok. Any more questions? 510 99:59:59,999 --> 99:59:59,999 [Q] The heading is in german. 511 99:59:59,999 --> 99:59:59,999 [A] What? 512 99:59:59,999 --> 99:59:59,999 [Q] The heading is in german. 513 99:59:59,999 --> 99:59:59,999 [A] Oh, because it's a copy of my german slides. 514 99:59:59,999 --> 99:59:59,999 Thank you for this. 515 99:59:59,999 --> 99:59:59,999 And, what's also missing. 516 99:59:59,999 --> 99:59:59,999 The web page, where you can select german or other languages, 517 99:59:59,999 --> 99:59:59,999 it would be nice if people are interested to help translate them 518 99:59:59,999 --> 99:59:59,999 so that it's more easy for people that do not speak english 519 99:59:59,999 --> 99:59:59,999 to use the website and create their own installation image with their language. 520 99:59:59,999 --> 99:59:59,999 [Q] Someone on the stream said that the fai.me web site is not yours 521 99:59:59,999 --> 99:59:59,999 and it's a hack thing, it's a scam, you go there and get hacked. 522 99:59:59,999 --> 99:59:59,999 Do you have any plans to try to buy the domain because it's pretty confusing. 523 99:59:59,999 --> 99:59:59,999 The first thing I would have done by seeing that talk would have been 524 99:59:59,999 --> 99:59:59,999 to go to fai.me. 525 99:59:59,999 --> 99:59:59,999 [A] Yeah, I was thinking about which name I should choose. 526 99:59:59,999 --> 99:59:59,999 I didn't check which web domains are free and in then end I thought 527 99:59:59,999 --> 99:59:59,999 "Do I like to have a different domain name for the service?" 528 99:59:59,999 --> 99:59:59,999 But since it's only a part of the FAI project, I thought, 529 99:59:59,999 --> 99:59:59,999 and technically it was also easier just to host it under a subdirectory 530 99:59:59,999 --> 99:59:59,999 and yeah, if people now grab the fai.me domain and do other things with it, yeah. 531 99:59:59,999 --> 99:59:59,999 I think one question would be to use a debian.net or maybe debian.org domain 532 99:59:59,999 --> 99:59:59,999 because people trust much more. 533 99:59:59,999 --> 99:59:59,999 I get a lot of comments "Oh this would be very nice if this would be hosted 534 99:59:59,999 --> 99:59:59,999 on a Debian machine" 535 99:59:59,999 --> 99:59:59,999 but this would be much more complicated because the DSA team 536 99:59:59,999 --> 99:59:59,999 has much more restriction what to execute on their machines. 537 99:59:59,999 --> 99:59:59,999 currently, we need root access because we mount some things 538 99:59:59,999 --> 99:59:59,999 and DSA would not give root access on any Debian machine. 539 99:59:59,999 --> 99:59:59,999 That's the same problem we have in the Debian cloud team 540 99:59:59,999 --> 99:59:59,999 where we want to create the official images for the cloud providers 541 99:59:59,999 --> 99:59:59,999 where the Debian cloud team will also not have root access 542 99:59:59,999 --> 99:59:59,999 and so there's much more work to get empty virtual machines 543 99:59:59,999 --> 99:59:59,999 starting up, putting data into it, creating the images, 544 99:59:59,999 --> 99:59:59,999 receiving them from inside the image. 545 99:59:59,999 --> 99:59:59,999 And since on those machines I have root access, that's much easier for me. 546 99:59:59,999 --> 99:59:59,999 We are out of time, so thank you Thomas. 547 99:59:59,999 --> 99:59:59,999 [Applause]