forked from steve-daedilus/ubuntu-autoinstall-generator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathubuntu-autoinstall-generator.sh
281 lines (249 loc) · 13.1 KB
/
ubuntu-autoinstall-generator.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
#!/bin/bash
set -Eeuo pipefail
function cleanup() {
trap - SIGINT SIGTERM ERR EXIT
if [ -n "${tmpdir+x}" ]; then
rm -rf "$tmpdir"
log "🚽 Deleted temporary working directory $tmpdir"
fi
}
trap cleanup SIGINT SIGTERM ERR EXIT
script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
[[ ! -x "$(command -v date)" ]] && echo "💥 date command not found." && exit 1
today=$(date +"%Y-%m-%d")
function log() {
echo >&2 -e "[$(date +"%Y-%m-%d %H:%M:%S")] ${1-}"
}
function die() {
local msg=$1
local code=${2-1} # Bash parameter expansion - default exit status 1. See https://wiki.bash-hackers.org/syntax/pe#use_a_default_value
log "$msg"
exit "$code"
}
usage() {
cat <<EOF
Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-a] [-e] [-u user-data-file] [-m meta-data-file] [-k] [-c] [-r] [-s source-iso-file] [-d destination-iso-file]
💁 This script will create fully-automated Ubuntu 20.04 Focal Fossa installation media.
Available options:
-h, --help Print this help and exit
-v, --verbose Print script debug info
-a, --all-in-one Bake user-data and meta-data into the generated ISO. By default you will
need to boot systems with a CIDATA volume attached containing your
autoinstall user-data and meta-data files.
For more information see: https://ubuntu.com/server/docs/install/autoinstall-quickstart
-e, --use-hwe-kernel Force the generated ISO to boot using the hardware enablement (HWE) kernel. Not supported
by early Ubuntu 20.04 release ISOs.
-u, --user-data Path to user-data file. Required if using -a
-m, --meta-data Path to meta-data file. Will be an empty file if not specified and using -a
-k, --no-verify Disable GPG verification of the source ISO file. By default SHA256SUMS-$today and
SHA256SUMS-$today.gpg in ${script_dir} will be used to verify the authenticity and integrity
of the source ISO file. If they are not present the latest daily SHA256SUMS will be
downloaded and saved in ${script_dir}. The Ubuntu signing key will be downloaded and
saved in a new keyring in ${script_dir}
-c, --no-md5 Disable MD5 checksum on boot
-r, --use-release-iso Use the current release ISO instead of the daily ISO. The file will be used if it already
exists.
-s, --source Source ISO file. By default the latest daily ISO for Ubuntu 20.04 will be downloaded
and saved as ${script_dir}/ubuntu-original-$today.iso
That file will be used by default if it already exists.
-d, --destination Destination ISO file. By default ${script_dir}/ubuntu-autoinstall-$today.iso will be
created, overwriting any existing file.
-x, --extra-file Additional file or files using standard folder / file wildcards to include in the image.
Used for customisations of the image for specific deployment purposes
EOF
exit
}
function parse_params() {
# default values of variables set from params
user_data_file=''
meta_data_file=''
download_url="https://cdimage.ubuntu.com/ubuntu-server/focal/daily-live/current"
download_iso="focal-live-server-amd64.iso"
original_iso="ubuntu-original-$today.iso"
source_iso="${script_dir}/${original_iso}"
destination_iso="${script_dir}/ubuntu-autoinstall-$today.iso"
sha_suffix="${today}"
gpg_verify=1
all_in_one=0
use_hwe_kernel=0
md5_checksum=1
use_release_iso=0
extra_file=''
while :; do
case "${1-}" in
-h | --help) usage ;;
-v | --verbose) set -x ;;
-a | --all-in-one) all_in_one=1 ;;
-e | --use-hwe-kernel) use_hwe_kernel=1 ;;
-c | --no-md5) md5_checksum=0 ;;
-k | --no-verify) gpg_verify=0 ;;
-r | --use-release-iso) use_release_iso=1 ;;
-u | --user-data)
user_data_file="${2-}"
shift
;;
-s | --source)
source_iso="${2-}"
shift
;;
-d | --destination)
destination_iso="${2-}"
shift
;;
-m | --meta-data)
meta_data_file="${2-}"
shift
;;
-x | --extra-file)
extra_file="${2-}"
shift
;;
-?*) die "Unknown option: $1" ;;
*) break ;;
esac
shift
done
log "👶 Starting up..."
# check required params and arguments
if [ ${all_in_one} -ne 0 ]; then
[[ -z "${user_data_file}" ]] && die "💥 user-data file was not specified."
[[ ! -f "$user_data_file" ]] && die "💥 user-data file could not be found."
[[ -n "${meta_data_file}" ]] && [[ ! -f "$meta_data_file" ]] && die "💥 meta-data file could not be found."
fi
if [ "${source_iso}" != "${script_dir}/${original_iso}" ]; then
[[ ! -f "${source_iso}" ]] && die "💥 Source ISO file could not be found."
fi
if [ "${use_release_iso}" -eq 1 ]; then
download_url="https://releases.ubuntu.com/focal"
log "🔎 Checking for current release..."
download_iso=$(curl -sSL "${download_url}" | grep -oP 'ubuntu-20\.04\.\d*-live-server-amd64\.iso' | head -n 1)
original_iso="${download_iso}"
source_iso="${script_dir}/${download_iso}"
current_release=$(echo "${download_iso}" | cut -f2 -d-)
sha_suffix="${current_release}"
log "💿 Current release is ${current_release}"
fi
destination_iso=$(realpath "${destination_iso}")
source_iso=$(realpath "${source_iso}")
return 0
}
ubuntu_gpg_key_id="843938DF228D22F7B3742BC0D94AA3F0EFE21092"
parse_params "$@"
tmpdir=$(mktemp -d)
if [[ ! "$tmpdir" || ! -d "$tmpdir" ]]; then
die "💥 Could not create temporary working directory."
else
log "📁 Created temporary working directory $tmpdir"
fi
log "🔎 Checking for required utilities..."
[[ ! -x "$(command -v xorriso)" ]] && die "💥 xorriso is not installed. On Ubuntu, install the 'xorriso' package."
[[ ! -x "$(command -v sed)" ]] && die "💥 sed is not installed. On Ubuntu, install the 'sed' package."
[[ ! -x "$(command -v curl)" ]] && die "💥 curl is not installed. On Ubuntu, install the 'curl' package."
[[ ! -x "$(command -v gpg)" ]] && die "💥 gpg is not installed. On Ubuntu, install the 'gpg' package."
[[ ! -f "/usr/lib/ISOLINUX/isohdpfx.bin" ]] && die "💥 isolinux is not installed. On Ubuntu, install the 'isolinux' package."
log "👍 All required utilities are installed."
if [ ! -f "${source_iso}" ]; then
log "🌎 Downloading ISO image for Ubuntu 20.04 Focal Fossa..."
curl -NsSL "${download_url}/${download_iso}" -o "${source_iso}"
log "👍 Downloaded and saved to ${source_iso}"
else
log "☑️ Using existing ${source_iso} file."
if [ ${gpg_verify} -eq 1 ]; then
if [ "${source_iso}" != "${script_dir}/${original_iso}" ]; then
log "⚠️ Automatic GPG verification is enabled. If the source ISO file is not the latest daily or release image, verification will fail!"
fi
fi
fi
if [ ${gpg_verify} -eq 1 ]; then
if [ ! -f "${script_dir}/SHA256SUMS-${sha_suffix}" ]; then
log "🌎 Downloading SHA256SUMS & SHA256SUMS.gpg files..."
curl -NsSL "${download_url}/SHA256SUMS" -o "${script_dir}/SHA256SUMS-${sha_suffix}"
curl -NsSL "${download_url}/SHA256SUMS.gpg" -o "${script_dir}/SHA256SUMS-${sha_suffix}.gpg"
else
log "☑️ Using existing SHA256SUMS-${sha_suffix} & SHA256SUMS-${sha_suffix}.gpg files."
fi
if [ ! -f "${script_dir}/${ubuntu_gpg_key_id}.keyring" ]; then
log "🌎 Downloading and saving Ubuntu signing key..."
gpg -q --no-default-keyring --keyring "${script_dir}/${ubuntu_gpg_key_id}.keyring" --keyserver "hkp://keyserver.ubuntu.com" --recv-keys "${ubuntu_gpg_key_id}"
log "👍 Downloaded and saved to ${script_dir}/${ubuntu_gpg_key_id}.keyring"
else
log "☑️ Using existing Ubuntu signing key saved in ${script_dir}/${ubuntu_gpg_key_id}.keyring"
fi
log "🔐 Verifying ${source_iso} integrity and authenticity..."
gpg -q --keyring "${script_dir}/${ubuntu_gpg_key_id}.keyring" --verify "${script_dir}/SHA256SUMS-${sha_suffix}.gpg" "${script_dir}/SHA256SUMS-${sha_suffix}" 2>/dev/null
if [ $? -ne 0 ]; then
rm -f "${script_dir}/${ubuntu_gpg_key_id}.keyring~"
die "👿 Verification of SHA256SUMS signature failed."
fi
rm -f "${script_dir}/${ubuntu_gpg_key_id}.keyring~"
digest=$(sha256sum "${source_iso}" | cut -f1 -d ' ')
set +e
grep -Fq "$digest" "${script_dir}/SHA256SUMS-${sha_suffix}"
if [ $? -eq 0 ]; then
log "👍 Verification succeeded."
set -e
else
die "👿 Verification of ISO digest failed."
fi
else
log "🤞 Skipping verification of source ISO."
fi
log "🔧 Extracting ISO image..."
xorriso -osirrox on -indev "${source_iso}" -extract / "$tmpdir" &>/dev/null
chmod -R u+w "$tmpdir"
rm -rf "$tmpdir/"'[BOOT]'
log "👍 Extracted to $tmpdir"
if [ ${use_hwe_kernel} -eq 1 ]; then
if grep -q "hwe-vmlinuz" "$tmpdir/boot/grub/grub.cfg"; then
log "☑️ Destination ISO will use HWE kernel."
sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/isolinux/txt.cfg"
sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/isolinux/txt.cfg"
sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/boot/grub/loopback.cfg"
sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/boot/grub/loopback.cfg"
else
log "⚠️ This source ISO does not support the HWE kernel. Proceeding with the regular kernel."
fi
fi
log "🧩 Adding autoinstall parameter to kernel command line..."
sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/isolinux/txt.cfg"
sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/boot/grub/loopback.cfg"
log "👍 Added parameter to UEFI and BIOS kernel command lines."
if [ ${all_in_one} -eq 1 ]; then
log "🧩 Adding user-data and meta-data files..."
mkdir "$tmpdir/nocloud"
cp "$user_data_file" "$tmpdir/nocloud/user-data"
if [ -n "${meta_data_file}" ]; then
cp "$meta_data_file" "$tmpdir/nocloud/meta-data"
else
touch "$tmpdir/nocloud/meta-data"
fi
if [[ -n "${extra_file}" ]]; then
log "🧩 Adding specified extra files"
cp -r "$extra_file" "$tmpdir/nocloud/"
fi
sed -i -e 's,---, ds=nocloud;s=/cdrom/nocloud/ ---,g' "$tmpdir/isolinux/txt.cfg"
sed -i -e 's,---, ds=nocloud\\\;s=/cdrom/nocloud/ ---,g' "$tmpdir/boot/grub/grub.cfg"
sed -i -e 's,---, ds=nocloud\\\;s=/cdrom/nocloud/ ---,g' "$tmpdir/boot/grub/loopback.cfg"
log "👍 Added data and configured kernel command line."
fi
if [ ${md5_checksum} -eq 1 ]; then
log "👷 Updating $tmpdir/md5sum.txt with hashes of modified files..."
md5=$(md5sum "$tmpdir/boot/grub/grub.cfg" | cut -f1 -d ' ')
sed -i -e 's,^.*[[:space:]] ./boot/grub/grub.cfg,'"$md5"' ./boot/grub/grub.cfg,' "$tmpdir/md5sum.txt"
md5=$(md5sum "$tmpdir/boot/grub/loopback.cfg" | cut -f1 -d ' ')
sed -i -e 's,^.*[[:space:]] ./boot/grub/loopback.cfg,'"$md5"' ./boot/grub/loopback.cfg,' "$tmpdir/md5sum.txt"
log "👍 Updated hashes."
else
log "🗑️ Clearing MD5 hashes..."
echo > "$tmpdir/md5sum.txt"
log "👍 Cleared hashes."
fi
log "📦 Repackaging extracted files into an ISO image..."
cd "$tmpdir"
xorriso -as mkisofs -r -V "ubuntu-autoinstall-$today" -J -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -boot-info-table -input-charset utf-8 -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot -isohybrid-gpt-basdat -o "${destination_iso}" . &>/dev/null
cd "$OLDPWD"
log "👍 Repackaged into ${destination_iso}"
die "✅ Completed." 0