Debian Deployment Guide (Cobber v3.3.7) #188
Conversation
|
@SchoolGuy Could you review this PR for a new article when you get a chance? |
|
@sus-admin After a quick first look I would like you to switch in your new blog post to 3.3.7. 3.3.6 and older are containing a severe CVE and as such new material shouldn't point to older vulnerable versions. |
|
@SchoolGuy good point. I'll get that installed in my home lab and do some sanity checks and hopefully have that PR updated tonight. By the way, did I submit correctly this time? I made a new branch on my end, but it would only let me merge into main or an older branch in the official repo. |
sus-admin
changed the title
|
@SchoolGuy Can you review this PR when you get the chance? |
| systemctl restart cobblerd && sleep 10 | ||
| cobbler sync |
There was a problem hiding this comment.
I haven't tried it out but this shouldn't be needed. Just syncing should be fine.
| systemctl restart cobblerd && sleep 10 | |
| cobbler sync | |
| cobbler sync |
There was a problem hiding this comment.
There is no need to make any changes to the old blog entry. The new entry should focus on 3.3.7.
| yum install -y debmirror debian-keyring | ||
| sed -i "s/@arches/#@arches/g" /etc/debmirror.conf | ||
| sed -i "s/@dists/#@dists/g" /etc/debmirror.conf | ||
| systemctl restart cobblerd && sleep 5 | ||
| cobbler sync | ||
| cobbler check |
There was a problem hiding this comment.
Same here: I haven't tried it but I see no need for this restart. Restarting bigger cobbler instances can take minutes which is undesired I would argue.
| yum install -y debmirror debian-keyring | |
| sed -i "s/@arches/#@arches/g" /etc/debmirror.conf | |
| sed -i "s/@dists/#@dists/g" /etc/debmirror.conf | |
| systemctl restart cobblerd && sleep 5 | |
| cobbler sync | |
| cobbler check | |
| yum install -y debmirror debian-keyring | |
| sed -i "s/@arches/#@arches/g" /etc/debmirror.conf | |
| sed -i "s/@dists/#@dists/g" /etc/debmirror.conf | |
| cobbler sync | |
| cobbler check |
| ### Apt setup | ||
| # Choose, if you want to scan additional installation media | ||
| # (default: false). | ||
| d-i apt-setup/cdrom/set-first boolean false | ||
| # You can choose to install non-free firmware. | ||
| #d-i apt-setup/non-free-firmware boolean true | ||
| # You can choose to install non-free and contrib software. | ||
| #d-i apt-setup/non-free boolean true | ||
| #d-i apt-setup/contrib boolean true | ||
| # Uncomment the following line, if you don't want to have the sources.list | ||
| # entry for a DVD/BD installation image active in the installed system | ||
| # (entries for netinst or CD images will be disabled anyway, regardless of | ||
| # this setting). | ||
| #d-i apt-setup/disable-cdrom-entries boolean true | ||
| # Uncomment this if you don't want to use a network mirror. | ||
| #d-i apt-setup/use_mirror boolean false | ||
| # Select which update services to use; define the mirrors to be used. | ||
| # Values shown below are the normal defaults. | ||
| #d-i apt-setup/services-select multiselect security, updates | ||
| #d-i apt-setup/security_host string security.debian.org | ||
|
|
||
| # Additional repositories, local[0-9] available | ||
| #d-i apt-setup/local0/repository string \ | ||
| # http://local.server/debian stable main | ||
| #d-i apt-setup/local0/comment string local server | ||
| # Enable deb-src lines | ||
| #d-i apt-setup/local0/source boolean true | ||
| # URL to the public key of the local repository; you must provide a key or | ||
| # apt will complain about the unauthenticated repository and so the | ||
| # sources.list line will be left commented out. | ||
| #d-i apt-setup/local0/key string http://local.server/key | ||
| # or one can provide it in-line by base64 encoding the contents of the | ||
| # key file (with `base64 -w0`) and specifying it thus: | ||
| #d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= | ||
| # The content of the key file is checked to see if it appears to be ASCII-armoured. | ||
| # If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. | ||
| # "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) | ||
|
|
||
| # By default the installer requires that repositories be authenticated | ||
| # using a known gpg key. This setting can be used to disable that | ||
| # authentication. Warning: Insecure, not recommended. | ||
| #d-i debian-installer/allow_unauthenticated boolean true |
There was a problem hiding this comment.
I would like that to be a file inside this repository that is included via a relative include. More see here: https://jekyllrb.com/docs/includes/#including-files-relative-to-another-file
|
@SchoolGuy thanks for the feedback, I've updated my PR (I would rather just update the original post at 3.3.7 now since I've tested it already).
|
…oting" section - changed to file "include" instead of plaintext markdown
There was a problem hiding this comment.
file excerpt obtained from https://www.debian.org/releases/stable/example-preseed.txt
No description provided.