-
Not Synced
Today, I talk about FAI.me, which is a
build for images.
-
Not Synced
First, anybody that never heard anything
about FAI?
-
Not Synced
Ok
-
Not Synced
I started this project in 1999.
-
Not Synced
I'm not sure…
-
Not Synced
No, I'm sure that during those times, the
Debian installer did not have
-
Not Synced
the preseeding stuff, so we needed
something automatically.
-
Not Synced
I installed the first cluster with FAI and
I always do talks on FAI or
-
Not Synced
today in the lightning talks, I talk
a little bit about dracut,
-
Not Synced
which is used in FAI.
-
Not Synced
So, what was the motivation.
-
Not Synced
A neighbour of mine, she came to me with
-
Not Synced
"My Windows desktop is broken,
can you reinstall it?"
-
Not Synced
And in the end, I installed her Linux,
and I was shortly thinking about
-
Not Synced
"Should I use FAI for installing her
desktop with Linux?"
-
Not Synced
And in the end, I did not use it because
FAI is too complicated,
-
Not Synced
like the Debian installer, I guess it's
not really that easy for beginners
-
Not Synced
because there are a lot of questions
-
Not Synced
but also FAI is not really for beginners.
-
Not Synced
So this was the motivation about thinking
about FAI.
-
Not Synced
The target group was always advanced
sysadmins
-
Not Synced
but I thought maybe it's possible to make
FAI usable also for people
-
Not Synced
that are not that advanced sysadmins.
-
Not Synced
The idea is that an installer should cover
most installations.
-
Not Synced
The Debian installer is really perfect
because I think it covers
-
Not Synced
all different kinds and strange environments
-
Not Synced
You can do a lot of things, you can configure
very strange combination of language,
-
Not Synced
keyboard layout and so on
-
Not Synced
but I was thinking about an installer
that covers 90 or 95% of the installations
-
Not Synced
A lot of special cases can be ignored and
since the Debian installer has like
-
Not Synced
more than 20 questions, I thought it would
be much nicer if there were only
-
Not Synced
3 to 5 questions and I looked at Linux Mint
and Mageia installers, CentOS installer,
-
Not Synced
and they all ask much less questions.
-
Not Synced
In the Debian installer, we sometimes
have also things that are asked
-
Not Synced
during the installation, so not everything
is asked at the very beginning.
-
Not Synced
For example, the task selection, where you
select your desktop,
-
Not Synced
is done after the base installation.
-
Not Synced
This was also very important, I would like
to have something that
-
Not Synced
asks everything at the very beginning.
-
Not Synced
Then, maybe some tool could create
a customized installation image
-
Not Synced
and this installation image should run
then completely unattended
-
Not Synced
so you can get yourself a coffee and
when you come back, your machine is ready.
-
Not Synced
There are 3 things to customize installation
image,
-
Not Synced
you just put this image, you do not have
to touch anything, and then it's ready.
-
Not Synced
I thought "Oh yes, this is FAI, maybe
FAI can do this."
-
Not Synced
As I said, FAI is only, or was until now
only a tool for experienced sysadmins
-
Not Synced
and you have to adjust several config
files, these are ASCII files
-
Not Synced
but still you have to touch 5 to 10
config files to make a customization.
-
Not Synced
So, how can I make FAI usable for
beginners?
-
Not Synced
That's the beginning of FAI.me.
-
Not Synced
There's a web page, we'll show it
in more detail later,
-
Not Synced
where you can just click some things, and
then you get a customized image.
-
Not Synced
This image can be put onto a CD, DVD or
USB stick, just with dd
-
Not Synced
and the customization is just by using
the web interface
-
Not Synced
so there's no need for you to edit
a text file, a config file inside FAI.
-
Not Synced
I hope I covered most important thangs
that you want to adjust
-
Not Synced
or a little bit customize.
-
Not Synced
You can add additional packages, I think
that's the most important thing
-
Not Synced
that people say "I want to have the normal
Debian installation
-
Not Synced
but with some additional packages."
-
Not Synced
And you can select different different
distributions, so it's not only
-
Not Synced
the installation image for the stable
release, you can create
-
Not Synced
3 variants of the installation.
-
Not Synced
This is the web page and thanks to Juri,
he did a great job
-
Not Synced
during the first and second day, he added
a new feature that we now have
-
Not Synced
a toggle button.
-
Not Synced
Is it big enough or should I zoom in?
-
Not Synced
Ok.
-
Not Synced
So, we have a toggle button, what you see
now is just the bare minimum or questions
-
Not Synced
and we can toggle it to more advanced
settings.
-
Not Synced
You have to select or just leave this as
it is, username,
-
Not Synced
if you do not enter a password, a password
will be generated and shown to you
-
Not Synced
and sent by e-mail.
-
Not Synced
I will now just type in the password.
-
Not Synced
It's here in clear text, for me that's fine
because
-
Not Synced
there's also a comment that you should
change the password after the installation
-
Not Synced
and I do not like to enter passwords twice
so you can see what you typed in
-
Not Synced
and hopefully do not make any wrong
mistakes.
-
Not Synced
For example, we could select the Stretch
distribution with backports,
-
Not Synced
so we will get a 4.15 kernel with Stretch.
-
Not Synced
There are some buttons we can say we want
to have some Debian developer tools.
-
Not Synced
This is what I defined in the FAI
configuration, so just a list of packages.
-
Not Synced
Here, you can enter you own packages.
-
Not Synced
I will select the desktop.
-
Not Synced
You can have an installation without any
desktop, so a very small installation.
-
Not Synced
I will select the XFCE desktop, but all
the other desktops are here.
-
Not Synced
The language, these are just task packages
that are…
-
Not Synced
I think Debian has much more task packages,
I just searched which are
-
Not Synced
the most common languages, and what I do
if I say I want the spanish language,
-
Not Synced
also the keyboard layout is spanish.
-
Not Synced
I know there are different combinations
and with local time,
-
Not Synced
it's getting more difficult.
-
Not Synced
This installation will install the clock
with UTC, so if you want to set
-
Not Synced
your time, you have to do this manually.
-
Not Synced
I want to cover the most common installations.
-
Not Synced
We select english US, the desktop and,
as an example, the midnight commander
-
Not Synced
and GIMP.
-
Not Synced
I can add an email address so if it would
take longer,
-
Not Synced
for example if this service will have
success and a lot of people are using it,
-
Not Synced
you may wait for some minutes so your job
will be finished.
-
Not Synced
So here are the comments, how to reconfigure
the keyboard or the timezone
-
Not Synced
and then you just click "Create
the installation image".
-
Not Synced
Now, in the background, there's some job,
a script, looking "Oh, there's a new job"
-
Not Synced
and there's a summary of the configuration,
of the web configuration.
-
Not Synced
Down here you see these are the
FAI classes,
-
Not Synced
I will explain a little bit more about this.
-
Not Synced
But with this information, FAI configuration
is generated,
-
Not Synced
that's what normally the experienced
sysadmins have to create
-
Not Synced
but here you just click on some buttons
and it will be done for you.
-
Not Synced
In the meantime, we have some more
advanced features
-
Not Synced
which I will also show you later.
-
Not Synced
For example, this very simple installation
just creates one partition
-
Not Synced
but you can also select that you want
to have a separate /home partition
-
Not Synced
or using lvm just by selecting this
on the web interface.
-
Not Synced
You can also add your SSH public key
for logging as root without a password
-
Not Synced
or what's very nice, I found the new
Ubuntu installer does this,
-
Not Synced
you can give your github account and
then there's a comment which
-
Not Synced
receives the public key from your
github account and puts it
-
Not Synced
into the root account so you can log in
without password.
-
Not Synced
I think that's very neat.
-
Not Synced
And if you have a repository with your own
packages, you could also add this and say
-
Not Synced
"Please install those packages from
my publicly available repository."
-
Not Synced
Let's see.
-
Not Synced
As we see, this job finished in 74 seconds.
-
Not Synced
Now, this customised installation image
is available for download.
-
Not Synced
You can also download the log file.
-
Not Synced
Since this is an installation image,
I first have to create
-
Not Synced
a partial package mirror.
-
Not Synced
This is done by the command 'fai-mirror'
and you can also read the log of
-
Not Synced
this call of the fai-mirror, where a list
of all you packages with all the dependencies
-
Not Synced
are available.
-
Not Synced
So you see, these are the list of packages
and later they are downloaded
-
Not Synced
and in the end, it says it created a mirror
of 1G of packages
-
Not Synced
and since I have a local mirror,
it's very fast.
-
Not Synced
This is the one part on the installation
image partial mirror with all the packages
-
Not Synced
and the other is that the config space
which you can also download.
-
Not Synced
So this is the config space that was
really created for you
-
Not Synced
by clicking the web interface.
-
Not Synced
If you want to do more things with FAI,
you can set up your own FAI server
-
Not Synced
and use this configuration space.
-
Not Synced
And, that's also very new, the two commands
that are used for creating this ISO image
-
Not Synced
are now also listed there.
-
Not Synced
First, create the partial mirror and then
create the installation image.
-
Not Synced
Ok, copy link location…
-
Not Synced
Let's see how good the network is here.
-
Not Synced
[Q] It's a rather large image.
-
Not Synced
Yeah, because it includes all the packages
and with Xfce, LibreOffice and so on
-
Not Synced
and the installation environment is maybe
about 200MB.
-
Not Synced
That's not much bigger than the Debian
installer that you need to download.
-
Not Synced
So, 2, 1, done.
-
Not Synced
I have a little wrapper which calls
a fresh kvm machine
-
Not Synced
with an empty disk and boots this ISO image
-
Not Synced
and then we will see how this installation
runs.
-
Not Synced
So this is dracut booting the image
-
Not Synced
and now you see there are already
some parted commands executed
-
Not Synced
and now the packages are installed
and everything runs on
-
Not Synced
and in the end some customization
script.
-
Not Synced
We use only shell scripts for doing
some customizations
-
Not Synced
and you see the files are downloaded
from /media/mirror
-
Not Synced
so this is local on the ISO image.
-
Not Synced
It would also be possible to create
an image without the packages
-
Not Synced
and then give another sources.list file
so the packages would be downloaded
-
Not Synced
from the internet but this default
in the FAI service,
-
Not Synced
we put everything onto the ISO image.
-
Not Synced
I guess it will run for 4 minutes.
-
Not Synced
[Q] ???
-
Not Synced
Yeah.
-
Not Synced
What I will show you now is…
-
Not Synced
So, this was the simple one, now I toggle
this web page and
-
Not Synced
you will see that there are some more
questions you may answer,
-
Not Synced
for example you can give a root password.
-
Not Synced
If you leave this empty, sudo will be
configured.
-
Not Synced
Here you can upload the SSH key or give
you Github account,
-
Not Synced
that would be Mrfai for me.
-
Not Synced
With the partitioning schemes, we have
one partition
-
Not Synced
or one partition and /home separated
or these two versions with LVM.
-
Not Synced
FAI itself can do much more, we could do
soft raid set ups, cryptsetup
-
Not Synced
but here I want to cover the most common
installation, so very simple
-
Not Synced
we have only 4 things that you can choose.
-
Not Synced
[Q] For encryption?
-
Not Synced
[A] Yes.
-
Not Synced
So, this was the partitioning things.
-
Not Synced
This is the new feature where you can add
an URL for your local package repository
-
Not Synced
and the rest is the same, you can add
packages you like, your email address
-
Not Synced
and then also create an installation image.
-
Not Synced
I normally set by default, I include
the nonfree linux firmware.
-
Not Synced
This is because my target audience is
an end user and I want to make it
-
Not Synced
very comfortable for them, so yeah,
they can just install it
-
Not Synced
and do not have these problems.
-
Not Synced
And since this is not on an officiel
debian.org web site,
-
Not Synced
I can do this with this default.
-
Not Synced
Let's see, the installation is still running.
-
Not Synced
So, advanced features.
-
Not Synced
The next thing after this installation,
-
Not Synced
I will show you how to create cloud
images.
-
Not Synced
Currently, we create an installation image,
-
Not Synced
when you boot it, the installation is run
fully automatically.
-
Not Synced
The other type of service FAI.me gives
to you is that it creates a raw image
-
Not Synced
or some other formats as you see here,
qcow2 and whatever
-
Not Synced
which you can just boot and
the installation is already done.
-
Not Synced
But first, see if the installation finish.
-
Not Synced
Ah! Ok.
-
Not Synced
These are now the shell scripts that are
executed for the customization
-
Not Synced
of like /etc/messages of today,
/etc/network/interfaces is written
-
Not Synced
and so on.
-
Not Synced
You see the installation took 236s, it says
there are some errors
-
Not Synced
but that's not really true.
-
Not Synced
And it stops here, but we can also
disable this, this is only for showing
-
Not Synced
everything went well
-
Not Synced
and now we just reboot the machine.
-
Not Synced
You see the grub.
-
Not Synced
Ok, Xfce desktop.
-
Not Synced
debian was a user with password FAI.
-
Not Synced
We have "uname -a", this is 4.16,
the backports kernel was installed there.
-
Not Synced
We have only one partition, no LVM
-
Not Synced
and I told it to install gimp which is
not installed by default.
-
Not Synced
Gimp is there, so this is nice.
-
Not Synced
And the midnight commander is also there.
-
Not Synced
And now we just throw this machine.
Gone.
-
Not Synced
What's very nice with this wrapper script,
it creates the local disk
-
Not Synced
of the virtual machine in /tmp which is
a RAM disk and I love RAM,
-
Not Synced
it's so nice and fast.
-
Not Synced
So, this was installation image and now we
look at the cloud image.
-
Not Synced
First, you can say how big should your
disk image be.
-
Not Synced
Here, I say 8GB, you will see it's not
an 8GB image
-
Not Synced
that you have to download later.
-
Not Synced
By default, I use zstd compression.
-
Not Synced
Anyone who dose not know
this compression?
-
Not Synced
This is very fast, very new, created
by Facebook if I'm correct.
-
Not Synced
It's for very big files and what you should
never use is gzip with sparse images.
-
Not Synced
The disk image is sparse and gzip
cannot handle this
-
Not Synced
so if you compress it and uncompress it
it will be very large
-
Not Synced
and all the other, xz, zstd, can handle
sparse files very nicely.
-
Not Synced
So, the hostname is set, the root password,
username with a password.
-
Not Synced
Now we want to install Buster.
-
Not Synced
Maybe with no…
-
Not Synced
Oh, we also do the Xfce desktop.
-
Not Synced
Any packages you'd like to have in this
cloud image.
-
Not Synced
"desktop" and "cloud" image does not
make that much sense, maybe.
-
Not Synced
Emacs25, ok.
-
Not Synced
And now "Create disk image".
-
Not Synced
This will take a little bit longer because
we are doing the installation
-
Not Synced
inside a file image.
-
Not Synced
But no problem, I can tell you what
other ideas I have.
-
Not Synced
So, currently we have the installation and
the cloud or virtual machine images for amd64
-
Not Synced
FAI itself can also do cross-architecture
images so it would be some work
-
Not Synced
to extend the web page to say
"Please create an arm64 image"
-
Not Synced
It would be very nice to have predefined
configs for raspberry pi or
-
Not Synced
all the very different boards
-
Not Synced
but that would also be possible.
-
Not Synced
I guess the next thing I will implement
is other distributions
-
Not Synced
because I know people are always asking it.
-
Not Synced
Not you but the Ubuntu guys.
-
Not Synced
Yesterday I did the first test with Ubuntu
bionic, the LTS release
-
Not Synced
and FAI just works out of the box with it.
-
Not Synced
So what I have to do is to integrate it
in these FAI.me processing scripts.
-
Not Synced
Ready-to-go cloud images for the big
cloud providers.
-
Not Synced
That's only a different FAI config space
that I have to use.
-
Not Synced
Currently, for example, in what I call
cloud images, I do not install
-
Not Synced
the package cloud image.
-
Not Synced
That's needed for all the ones.
-
Not Synced
I'm also working in the Debian cloud team
and this team decided 2 years ago
-
Not Synced
that the tool chain in the future for
the official Debian package will be FAI.
-
Not Synced
Amazon is already using it, so if you
boot or if you use a Debian cloud image
-
Not Synced
in Amazon, Noah Meyerhans did this and
he's using the FAI tool chain for it.
-
Not Synced
Google is not yet using because there was
a very small problem
-
Not Synced
in a config file we had one space too much
-
Not Synced
which caused grub to hang forever
-
Not Synced
and that was the reason why they decided
for Stretch to use their auto tool chain.
-
Not Synced
But the things are working so we have
the config space also for Google.
-
Not Synced
And also for Azure, some people from
Credativ did this.
-
Not Synced
The Debian cloud team already has
the FAI configuration for
-
Not Synced
the big tool providers,
cloud providers.
-
Not Synced
We could also think on a more generic
FAI installation image.
-
Not Synced
It's an image that you would boot up
and then enter your job id of the web page
-
Not Synced
and then the configuration would be
downloaded
-
Not Synced
and the packages would be just
received from the internet.
-
Not Synced
That was one…
-
Not Synced
So, the image would be much smaller
because the packages do not need to be
-
Not Synced
on the installation image.
-
Not Synced
It's also possible to create live images
with FAI.
-
Not Synced
It is a little bit more…
-
Not Synced
Currently, you need some manual work
but that should be also possible
-
Not Synced
to use FAI for creating live image
and then also to provide this
-
Not Synced
on the FAI.me web service.
-
Not Synced
If you want to customize much more
inside the image, you just say
-
Not Synced
"Oh, I have some ansible scripts that
I want to execute at the very end"
-
Not Synced
then I say "Ok, this is just a starting
point, use the FAI.me service
-
Not Synced
and if you're happy with the FAI tools,
then set up your own FAI server,
-
Not Synced
create your own configuration space
and then you can do all the crazy things."
-
Not Synced
So, how does FAI.me work internally.
-
Not Synced
We have a web server where there are
some CGI scripts and
-
Not Synced
this is not the build server, so on the
web server, you click "Submit"
-
Not Synced
"Create my image", all the input
is validated so you cannot make nasty things
-
Not Synced
and then the CGI writes or creates
a subdirectory and puts files in it,
-
Not Synced
a config and a meta file
-
Not Synced
and writes a status
"waiting for processing".
-
Not Synced
Then, the other server, the build server
reads this config and
-
Not Synced
this is just an NFS mounted directory,
and sees
-
Not Synced
"Oh there's a new job I have to process".
-
Not Synced
In this processing script we pass for
some errors.
-
Not Synced
What's happening very often that people
type in a package that's not available
-
Not Synced
and this will be detected and then a new
version of the web page will pop up and say
-
Not Synced
"Oh, when creating the package mirror,
there was an error
-
Not Synced
because this package was not known."
-
Not Synced
Sometimes I have to…
-
Not Synced
Every night, I create new nfsroots
for Buster.
-
Not Synced
If there are security updates, I have
to create new nfsroots
-
Not Synced
for Stretch and backports.
-
Not Synced
I have some cleanup, so if a lot of jobs
are created,
-
Not Synced
the images are on the disk after,
-
Not Synced
normally I say after one day I just
remove the images
-
Not Synced
so you have one day to download
the images.
Debconf