Basic Debian Installation: Difference between revisions
Jump to navigation
Jump to search
DrEdWilliams (talk | contribs) m (DrEdWilliams moved page Basic Debian 10 Installation to Basic Debian Installation) |
|||
| (9 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
'''NOTE''': | '''NOTE''': The instructions on this page have been tested and appear to work properly on Debian 10 ('''Buster'''), Debian 11 ('''Bullseye'''), and Debian 12 ('''Bookworm'''). | ||
Debian | Debian standard install from distributed ISO images: | ||
* Debian 10/11 - ''firmware-amd64-DVD'' (which includes the proprietary firmware that is supposedly not included in the other install disks) | |||
* Debian 12 - select the full or network standard media - they have appeared to include the extra firmware in the primary install images | |||
Basic instructions for all versions: | |||
* Do a normal 'Install' option from the boot menu | * Do a normal 'Install' option from the boot menu | ||
** if that hangs on the network device detection, do the 'Expert Install' option from the 'Advanced' menu and select the default options | ** if that hangs on the network device detection, do the 'Expert Install' option from the 'Advanced' menu and select the default options | ||
| Line 52: | Line 55: | ||
apt-get -y upgrade | apt-get -y upgrade | ||
# make sudo passwordless for group | # make sudo passwordless for group sudo | ||
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD | echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD | ||
chmod 440 /etc/sudoers.d/91-wheel-NOPASSWD | chmod 440 /etc/sudoers.d/91-wheel-NOPASSWD | ||
| Line 67: | Line 70: | ||
# load ssh known_hosts from the config server | # load ssh known_hosts from the config server | ||
curl -s http://config/config/ssh/known_hosts -o /etc/ssh/ssh_known_hosts | |||
curl -s | |||
# get backup scripts | # get backup scripts | ||
| Line 86: | Line 85: | ||
# to make it work, the hostname needs to be set to 'williams.localnet' and the mail server must be at 'mail' | # to make it work, the hostname needs to be set to 'williams.localnet' and the mail server must be at 'mail' | ||
sed -i 's/^hostname=.*$/hostname=williams.localnet/' /etc/ssmtp/ssmtp.conf | sed -i 's/^hostname=.*$/hostname=williams.localnet/' /etc/ssmtp/ssmtp.conf | ||
sed -i 's/^#rewriteDomain=.*$/rewriteDomain=williams.localnet/' /etc/ssmtp/ssmtp.conf | |||
# get rid of the obnoxious political statement in the /etc/motd | # get rid of the obnoxious political statement in the /etc/motd | ||
| Line 95: | Line 95: | ||
# install more supporting stuff | # install more supporting stuff | ||
apt-get install -y gpg apt-transport-https | apt-get install -y gpg apt-transport-https | ||
# install webmin | # install webmin | ||
| Line 129: | Line 121: | ||
curl -s http://config/config/debian/install-mcp.sh | bash -x | curl -s http://config/config/debian/install-mcp.sh | bash -x | ||
[[Proliant SSA Command Examples | Here]] are some useful command examples. | |||
== Proliant iLO Watchdog Timer == | |||
There appears to be an issue during boot with the watchdog timer that ends up in a deadlock waiting for a response from iLO. It has happened now on most of the HP servers running Debian. Thanks to a rather in-depth analysis and testing [[ https://www.claudiokuenzler.com/blog/1125/debian-11-bullseye-boot-freeze-kernel-panic-hp-proliant-dl380 | here ]], the problem seems to be the hpwdt module. According to the article, it has been blacklisted in most other distros already. The script below creates the blacklist entry and rebuilds the initramfs images: | |||
#!/bin/bash | |||
# | |||
# blacklist the HP iLO watchdog timer module (hpwdt) to avoid boot freezes under debian | |||
# | |||
echo "blacklist hpwdt" >> /etc/modprobe.d/blacklist-hp.conf | |||
update-initramfs -k all -u | |||
update-grub | |||
This script is available on the config server: | |||
curl -s http://config/config/debian/fix-hpwdt.sh | bash -x | |||
== Non-Free Drivers == | == Non-Free Drivers == | ||
| Line 152: | Line 147: | ||
apt install firmware-realtek | apt install firmware-realtek | ||
Some systems also require tigon/tg3 drivers. This one installs more than a few other packages, too ... including the amd-graphics package mentioned above. | |||
apt install -y firmware-linux-nonfree | |||
== Next Steps == | |||
The rest of the installation process is not OS-dependent and is described [[Common Post-Install|here]]. | |||
Latest revision as of 10:14, 15 September 2024
NOTE: The instructions on this page have been tested and appear to work properly on Debian 10 (Buster), Debian 11 (Bullseye), and Debian 12 (Bookworm).
Debian standard install from distributed ISO images:
- Debian 10/11 - firmware-amd64-DVD (which includes the proprietary firmware that is supposedly not included in the other install disks)
- Debian 12 - select the full or network standard media - they have appeared to include the extra firmware in the primary install images
Basic instructions for all versions:
- Do a normal 'Install' option from the boot menu
- if that hangs on the network device detection, do the 'Expert Install' option from the 'Advanced' menu and select the default options
- select basic options, one partition formatting, and only the minimal software selection, but make sure the 'SSHD server' option is selected
- For a graphic workstation, select the desired desktop from the list
- select 'yes' for network mirror, using the defaults (USA/deb.debian.org)
- let it finish and reboot
Basic system prep[edit]
Most of the initial configuration is now contained in a script that can be executed directly from the config server as root on the target system:
curl -s http://config/config/debian-basic-config.sh | bash -x | tee config.out wget -qO - http://config/config/debian-basic-config.sh | bash -x | tee config.out
The contents of this script are included here for reference, though updates to the script may occur without updates to this page:
#!/bin/sh
#
# script to do the basic install of a debian headless server
#
# Assumptions:
# - this is run as root immediately after the install has completed
# - the hostname has been set as desired before this script is run
# - an administrator account 'ewilliam' was created during installation
#
# invoke using one of these commands:
#
# wget -qO http://config/config/debian-basic-config.sh | bash
# curl -s http://config/config/debian-basic-config.sh | bash
#
CONFIG=http://config/config
# first -- install all the basic necessities (some may already be there)
apt-get update
apt-get install -y net-tools zsh sudo rsync mlocate wget nfs-common psmisc
apt-get install -y aptitude sshfs git curl smartmontools vim
# the ssmtp package is not officially supported under buster
# download the package from stretch and install
#SSMTP_DEB=ssmtp_2.64-9_amd64.deb
SSMTP_DEB=ssmtp_2.64-8+b2_amd64.deb
wget http://http.us.debian.org/debian/pool/main/s/ssmtp/${SSMTP_DEB}
apt-get install -y ./${SSMTP_DEB}
# now get all the updates
apt-get -y upgrade
# make sudo passwordless for group sudo
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD
chmod 440 /etc/sudoers.d/91-wheel-NOPASSWD
usermod -aG sudo ewilliam
# now that zsh is installed, make it the default
chsh -s /bin/zsh
chsh -s /bin/zsh ewilliam
# copy the standard zsh config files
curl -s $CONFIG/common/.zshrc -o /root/.zshrc
curl -s $CONFIG/common/.zshrc -o /home/ewilliam/.zshrc
chown ewilliam.ewilliam /home/ewilliam/.zshrc
# load ssh known_hosts from the config server
curl -s http://config/config/ssh/known_hosts -o /etc/ssh/ssh_known_hosts
# get backup scripts
curl -s $CONFIG/common/backup -o /etc/cron.daily/backup
curl -s $CONFIG/common/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh
chmod +x /usr/local/bin/rsync_backup.sh /etc/cron.daily/backup
# configure log server
curl -s $CONFIG/common/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf
systemctl restart rsyslog
# enable mail to the central email server
# unlike the CentOS version of the ssmtp package, this doesn't recognize the /etc/aliases file
# to make it work, the hostname needs to be set to 'williams.localnet' and the mail server must be at 'mail'
sed -i 's/^hostname=.*$/hostname=williams.localnet/' /etc/ssmtp/ssmtp.conf
sed -i 's/^#rewriteDomain=.*$/rewriteDomain=williams.localnet/' /etc/ssmtp/ssmtp.conf
# get rid of the obnoxious political statement in the /etc/motd
echo > /etc/motd
# get the standard /etc/hosts file
curl -s $CONFIG/hosts -o /etc/hosts
# install more supporting stuff
apt-get install -y gpg apt-transport-https
# install webmin
wget -qO - https://download.webmin.com/jcameron-key.asc | sudo apt-key add -
echo "deb https://download.webmin.com/download/repository sarge contrib" | sudo tee -a /etc/apt/sources.list.d/webmin.list
apt-get update
apt-get install -y webmin
# install the host/known_hosts synchronization
curl -s $CONFIG/host_check.sh > /etc/cron.hourly/host_check
chmod +x /etc/cron.hourly/host_check
# provide a daily list of packages that need updating
curl -s $CONFIG/debian/0-apt-upgradeable -o /etc/cron.daily/0-apt-upgradable
chmod +x /etc/cron.daily/0-apt-upgradable
# install other status checks
curl -s $CONFIG/common/ssd-endurance > /etc/cron.weekly/ssd-endurance
chmod +x /etc/cron.weekly/ssd-endurance
# now reboot
reboot
Proliant System Utilities[edit]
For Proliant servers, we need to install the Management Component Pack (MCP) to manage the storage controller. A script to do this is available on the config server:
curl -s http://config/config/debian/install-mcp.sh | bash -x
Here are some useful command examples.
Proliant iLO Watchdog Timer[edit]
There appears to be an issue during boot with the watchdog timer that ends up in a deadlock waiting for a response from iLO. It has happened now on most of the HP servers running Debian. Thanks to a rather in-depth analysis and testing [[ https://www.claudiokuenzler.com/blog/1125/debian-11-bullseye-boot-freeze-kernel-panic-hp-proliant-dl380 | here ]], the problem seems to be the hpwdt module. According to the article, it has been blacklisted in most other distros already. The script below creates the blacklist entry and rebuilds the initramfs images:
#!/bin/bash # # blacklist the HP iLO watchdog timer module (hpwdt) to avoid boot freezes under debian # echo "blacklist hpwdt" >> /etc/modprobe.d/blacklist-hp.conf update-initramfs -k all -u update-grub
This script is available on the config server:
curl -s http://config/config/debian/fix-hpwdt.sh | bash -x
Non-Free Drivers[edit]
Debian's militant policy towards non-free drivers can be rather annoying. The Radeon built-in graphics controller on the motherboard for lamppost (ASUS M4A785-M) apparently needs some 'non-free' firmware, which is not detected during the install process, even though I'm using the non-free firmware installation disk image. Because the firmmware is not loaded during the install, it isn't included in the initramdisk, and therefore the device is loaded in an inoperative state. There is a firmware package available to install:
apt install firmware-amd-graphics
... but even after rebooting it doesn't load because by the time the root filesystem is mounted, the devices are already initialized. Until I find a better way, the device needs to be unloaded and reloaded after boot to enable the graphics
rmmod radeon modprobe radeon
Similarly, some RealTek drivers need to be added:
apt install firmware-realtek
Some systems also require tigon/tg3 drivers. This one installs more than a few other packages, too ... including the amd-graphics package mentioned above.
apt install -y firmware-linux-nonfree
Next Steps[edit]
The rest of the installation process is not OS-dependent and is described here.