Skip to content

Create a Debian 9 (Stretch) image that works with UEFI secure booting

Jump to bottom
Juan Vela edited this page Apr 29, 2019 · 6 revisions

Create a Debian 9.X image for MaaS

Get the (cloud) image

root@maas:~/custom-oses# wget http://cdimage.debian.org/cdimage/openstack/archive/9.7.0/debian-9.7.0-openstack-amd64.raw

Customize the OS image

Here we're going to install some required packages and add the buster (Debian 10) repos in order to allow the OS to install certain -not currently present- packages (mainly grub-efi-amd64-signed and shim-signed) in a later stage (curtin install) in order to allow UEFI booting. Don't worry about breaking the system with this, as cloud-init will replace the sources with the proper ones on the first boot.

root@maas:~/custom-oses# mkdir /mnt/custom-os-loop
root@maas:~/custom-oses# mount -o rw,loop,offset=1048576,sync debian-9.7.0-openstack-amd64.raw /mnt/custom-os-loop
root@maas:~/custom-oses# chroot /mnt/custom-os-loop
root@maas:/# apt update
root@maas:/# apt install -y apt-transport-https ca-certificates efibootmgr xfsprogs
root@maas:/# apt-mark hold xfsprogs
root@maas:/# echo "deb http://ftp.debian.org/debian buster main contrib non-free" >> /etc/apt/sources.list
root@maas:/# apt update

Even though the MaaS server has the DNS server config and it's going to configure the node's network interfaces according to that, the name servers are not being set properly. In order to solve that we are going to set our custom nameservers in the resolv.conf file

root@maas:/# echo "nameserver 1.1.1.1" > /etc/resolv.conf
root@maas:/# echo "nameserver 8.8.8.8" >> /etc/resolv.conf
root@maas:/# exit
root@maas:~/custom-oses# umount /mnt/custom-os-loop

Upload to MaaS

First of all we must change the format of the image from raw to gzipped tarball

root@maas:~/custom-oses# mount -o ro,loop,offset=1048576 debian-9.7.0-openstack-amd64.raw /mnt/custom-os-loop
root@maas:~/custom-oses# cd /mnt/custom-os-loop
root@maas:/mnt/custom-os-loop# tar czvf ~/custom-oses/debian-9.7.0-amd64.tgz .
root@maas:/mnt/custom-os-loop# cd ~/custom-oses
root@maas:~/custom-oses# umount /mnt/custom-os-loop

And then upload it to MaaS

root@maas:~/custom-oses# MAAS_USER="root"
root@maas:~/custom-oses# MAAS_API_KEY="my-maas-api-key"
root@maas:~/custom-oses# MAAS_API_SERVER="http://10.10.10.1:5240/MAAS"
root@maas:~/custom-oses# maas login $MAAS_USER $MAAS_API_SERVER $MAAS_API_KEY
root@maas:~/custom-oses# maas $MAAS_USER boot-resources create name=custom/debian970 title="debian-9.7.0" architecture=amd64/generic content@=debian-9.7.0-amd64.tgz

Customize the curtin preseed config

Edit the file /etc/maas/preseeds/curtin_userdata_custom and add the following contents at the top of the file (after the cloud-config comment)

#cloud-config
early_commands:
  000_update_repositories: apt update
  010_install_apt_https: apt install -y apt-transport-https ca-certificates

kernel:
  fallback-package: linux-image-amd64
  package: linux-image-amd64

[...]

References

Clone this wiki locally