Network Ubuntu Install via PXE Using Preseed - Kickstart Alternative

Ubuntu has a method of automatic network installation similar to redhat's kickstart install.

It's called "debian-installer" and it is the recommended method of installing ubuntu automatically.

Similar to kickstart you have a preconfiguration file called "preseed" in which you answer questions asked by the installer.

You can either:

1. Install ubuntu manually and export answers to questions
2. Create answers to questions manually

#1 you can perform using:

# Generate a sample preseed.cfg with some default values you selected during manual install
apt-get install debconf-utils
debconf-get-selections --installer > preseed.cfg
debconf-get-selections >> preseed.cfg


Then you make this file available in the kickstart menu.

I've included a sample menu file (which points to the preseed) as well as the contents of a basic preseed file.
Menu File:

default linux

SERIAL 0 115200

label linux
kernel images/ubuntu/14.04/install/netboot/ubuntu-installer/amd64/linux
append initrd=images/ubuntu/14.04/install/netboot/ubuntu-installer/amd64/initrd.gz auto=true priority=critical interface=auto url=ftp://fbsd-ftp/images/ubuntu/14.04/preseed/sandvine.seed -- console=ttyS0,115200n8
IPAPPEND 2


Preseed File:

# Primary network interface:
d-i netcfg/choose_interface select auto

# Locale Configuration
d-i debian-installer/locale string en_US

# Set Keyboard to American English
d-i console-keymaps-at/keymap select American English
d-i debian-installer/keymap string us

# Set timezone
d-i time/zone string American/Toronto

# Do not make a user account
d-i passwd/make-user boolean false

# Assign the password for root
d-i passwd/root-password password sandvine
d-i passwd/root-password-again password sandvine

# Allow root login
user-setup-udeb passwd/root-login boolean true

# Partitioning
# Partition using LVM on the first and only detected disk
d-i partman-auto/method string lvm
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean false
partman-lvm partman-lvm/device_remove_lvm boolean true
partman-lvm partman-lvm/confirm_nochanges boolean true
partman-lvm partman-lvm/confirm boolean true
unknown partman-lvm/confirm boolean true
partman-lvm partman-lvm/vgdelete_confirm boolean true

# Choose automatic partitioning recipes where automatic puts
# All configuration on the same partition
d-i partman-auto/choose_recipe select automic
# Complete partitioning without further confirmation
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

#Choose some additional packages to instal
d-i pkgsel/include string openssh-server


### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
d-i finish-install/keep-consoles boolean true

# Send command to pxeboot server to tell it to boot from HDD after imaging is successful
d-i preseed/late_command string /bin/echo "$(hostname -s)" | nc -w 3 lab-nfsbootlinux 2509

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note


Ubuntu does have support for kickstart but there are some important features that may not be fully featured in kickstart that are available in debian installer. Ubuntu even has system-config-kickstart utility to build kickstart files but because of the lack of full functionality it does not end up being as useful as the more fully funcitoning debian installer.

References:
Serial Console - http://blather.michaelwlucas.com/archives/638
Package Install (openssh) - http://www.stratuslab.eu/fp7/doku.php/tutoral:examplepreseed.html
Remove LVM Parts - http://ubuntuforums.org/showthread.php?t=1505174
Debian Example Preseed - http://d-i.debian.org/manual/example-preseed.txt
Ubutntu Example Preseed - https://help.ubuntu.com/lts/installation-guide/example-preseed.txt
Ubuntu 12.04 Preseed Explained - https://help.ubuntu.com/12.04/installation-guide/i386/preseed-contents.html
Ubuntu 10.04 Preseed example - https://help.ubuntu.com/10.04/installation-guide/example-preseed.txt
Generate a preseed - http://searchitchannel.techtarget.com/feature/Performing-an-automated-Ubuntu-install-using-preseeding
Puppet and Preseed - http://ghantoos.org/2012/10/21/cocktail-of-pxe-debian-preseed-ipmi-puppet/
Add Console and debug to menu - http://christian.hofstaedtler.name/blog/2008/09/debian-installer-preseeding-autostart-from-pxe.html
Ubuntu 14.04 install bug - http://www.michaelm.info/blog/?p=1378
What you need to append to menu - https://saz.sh/2011/07/30/preseed-debian-squeeze-using-pxe/
Create User Accounts - https://help.ubuntu.com/community/Cobbler/Preseed
Debian links:
https://www.debian-administration.org/article/394/Automating_new_Debian_installations_with_preseeding
https://www.debian.org/releases/wheezy/i386/apbs04.html.en
https://www.debian.org/releases/wheezy/i386/apbs03.html.en

Official Documentation:
http://www.debian.org/releases/stable/i386/apb.html.en
https://wiki.debian.org/DebianInstaller/Preseed
http://searchitchannel.techtarget.com/feature/Performing-an-automated-Ubuntu-install-using-preseeding
http://www.debuntu.org/how-to-unattended-ubuntu-deployment-over-network-page-5-preseed-file/

New Docs:
http://web.theurbanpenguin.com/auto-installing-ubuntu-16-04/
https://www.debian.org/releases/stable/example-preseed.txt
http://hands.com/d-i/

How to get a post-install command working:
http://www.50ply.com/blog/2012/07/16/automating-debian-installs-with-preseed-and-puppet/
https://ubuntuforums.org/showthread.php?t=1977570

Network Serial Ports In VMware (Licensing Issues)

As per 5.1 Documentation it says you should be able to connect to a guest serial port by attaching a virtual serial port and using the "Use Network" option as of 5.x.

What they do not mention is that this feature only works in VMware Enterprise licenses.

I spent hours trying to figure out why my serial port would never maintain its "Connected" checkbox as shown below:


It would consistently revert and I had already confirmed that firewall was not blocking the ports:

~ # esxcli network firewall ruleset list -r remoteSerialPort
Name              Enabled
----------------  -------
remoteSerialPort     true

I have also verified that the esxi server is accepting connections to 3008 on the host:

telnet RPC-D8-03VM 3008   
Trying 10.129.36.2...                                
Connected to RPC-D8-03VM.phaedrus.sandvine.com.      
Escape character is '^]'.                            
                                                     
                                                     
test                                                 
                                                     
                                                     
testing                                              


~ # nc -l 3008


test


testing

But nothing seemed to work. Even new version of virtual hardware/different OS.

lspci wasn't showing anything even being connected to the guest.

After contacting VMware support they looked through some logs and noticed the following line stating this feature wasn't licensed:

2013-11-25T17:53:07.636Z| vmx| I120: Msg_Post: Error
2013-11-25T17:53:07.636Z| vmx| I120: [msg.serial.uri.nolicense.basic] The currently available license does not permit the use of remote serial ports.

Due to this licensing issue the VM will not even attempt to add the virtual serial port and you will not be able to telnet to your serial port or use a virtual serial port concentrator without an Enterprise license.

For future reference the log that told us that this was not a licensed feature was:

/vmfs/volumes/path/to/vmx/vmware.log

The fact that the GUI does not give any kind of notification of this functionality not working is a bit disappointing, but not more so than the functionality being licensed and not being usable.

References to others having this issue: http://community.spiceworks.com/topic/247096-virtual-serial-ports-in-vsphere-esxi-5

ESXi Network Port Statistics

To get port statistics you first need to know which port you wish to investigate via its port-id.

This can be gathered using the following method:

esxcli network vm list
World ID  Name            Num Ports  Networks
--------  --------------  ---------  ----------------
   54526  TPC-F11-09-013          2  VM Network, 2/13
   54675  TPC-F11-09-019          2  VM Network, 2/19
   55055  TPC-F11-09-016          2  VM Network, 2/16
   59076  TPC-F11-09-010          2  VM Network, 2/10
   69868  TPC-F11-09-011          2  VM Network, 2/11
   71906  TPC-F11-09-004          2  VM Network, 2/4

Grab the “World ID”

Use the world ID to get the port-id:

esxcli network vm port list -w 54526
   Port ID: 50331665
   vSwitch: vSwitch1
   Portgroup: 2/13
   DVPort ID:
   MAC Address: 00:50:56:82:0b:97
   IP Address: 0.0.0.0
   Team Uplink: vmnic5
   Uplink Port ID: 50331650
   Active Filters:

From here we can correlate which port-id is giving us the most traffic or which ones is giving us problems. Once we have the port-id we can get some statistics on that port.

esxcli network port stats get -p 50331665
Packet statistics for port 50331665
   Packets received: 554581
   Packets sent: 473571
   Bytes received: 740098057
   Bytes sent: 91336282
   Broadcast packets received: 9909
   Broadcast packets sent: 15
   Multicast packets received: 0
   Multicast packets sent: 0
   Unicast packets received: 544672
   Unicast packets sent: 473556
   Receive packets dropped: 3
   Transmit packets dropped: 0

References: http://blogs.vmware.com/vsphere/2013/01/network-troubleshooting-using-esxcli-5-1.html

Network Performance

dd with netcat

Local (Sending Server)

dd bs=16M if=/dev/zero | nc $ip_address $port#

Remote (Listening Server)

nc -l $port# | dd bs=16M of=/dev/null

reference material + compression: http://www.ndchost.com/wiki/server-administration/netcat-over-ssh

Creating a Acrobat Reader 9.3.3 AIP (administrative install point)

Adobe has one of most convoluted way of doing patches, and as a system administrator, this is a huge headache to maintain Acrobat Reader updated across your enterprise to prevent security breaches via Acrobat.

To understand Acrobat's release cycle, I'll point you to this page.

To summarize, Adobe has two type of patch releases: quarterly, and out of cycle security fix (and these happen quite often). However, to create a network installation point, one that is using msi deployment methods and fully up to date (9.3.3 as of writing) you have to follow a specific update path - you're only allowed to patch your AIP using quarterly patches. Again, that is outlined in the link above.

Adobe Reader:

For creating 9.3.3 AIP: 9.3 > 9.3.2 > 9.3.3
For creating 9.3.2 AIP: 9.3 > 9.3.2
For creating 9.3.1 AIP: 9.3 > 9.3.1

This means, if you have created a 9.3.1 AIP, you'll have to do whole process from 9.3 start again, because 9.3.1 was a security patch.

Today, I need a 9.3.3 AIP, so here's the steps I used:

1) Download 9.3 from here.

2) Extract setup package into its source (.msi):

AdbeRdr930_en_US.exe -nos_ne -nos_o"aip_directory"
Info on the switches can be found here.

3) Download 9.3.2 and 9.3.3 patches from here.

4) Apply 9.3.2 to the AIP like this:

msiexec /a "aip_directory\AcroRead.msi" /p "AdbeRdrUpd932_all_incr.msp"

5) Apply 9.3.3 to the AIP like this:

"msiexec /a aip_directory\AcroRead.msi /p AdbeRdrUpd933_all_incr.msp"

Now your aip_directory will contain a fully patched (9.3.3) version of Acrobat Reader. You can simply deploy the .msi file in it.

EDIT (Dec 20, 2010): Adobe changed some of the links, so I update the links to reflect the chanage. I tested the procedure for Acrobat Reader 9.4.1.