Auto-installer proxmox-ve_x.y-z-auto-from-http.iso - include in regular ISO download?

[esi_y]

So I have used the new (to me) Auto installation by Proxmox:
https://pve.proxmox.com/wiki/Automated_Installation

This is the FIRST TIME I actually could say I might not need Debian installer anymore. Thanks to whoever (probably @aaron?) baked this.

QUESTION: Why not provide the --fetch-from http within a regular download?

Just to be clear, why not include the feature in the regular installer, i.e. when it gets DHCP option 250 or finds DNS entry, will proceed accordingly (unless something else is selected at boot)?

It makes for perfect deployment via PXE.

Second question - can I find it on GIT?

 

[cheiss]

Hi,

QUESTION: Why not provide the --fetch-from http within a regular download?

Just to be clear, why not include the feature in the regular installer, i.e. when it gets DHCP option 250 or finds DNS entry, will proceed accordingly (unless something else is selected at boot)?

To clarify: So when it finds the DHCP option, it should automatically switch to an unattended installation?

First of, an ISO that has been prepared for auto-installer can be used "manually" too, nothing prevents you from just choosing the graphical or terminal install option. So really, you can use it both ways and no need for any automagic that might surprise users.

Well, normally in any environment, you clearly different between automated and manual installation. Or - to say another way - if you have the need for the unattended installer to deploy to lot of server, you probably only use that one way anyway.
But you might not want this automatically, e.g. you already use DHCP option 250 for something else in your internal network or whatever.

In the end, this would mean making assumptions about the target network that you simply cannot reasonably make.

Second question - can I find it on GIT?

Of course: https://git.proxmox.com/?p=pve-installer.git;a=tree

 

[esi_y]

To clarify: So when it finds the DHCP option, it should automatically switch to an unattended installation?

Yes, basically one and the same installer could change default behaviour, a bit like an IP phone, if you will.

First of, an ISO that has been prepared for auto-installer can be used "manually" too, nothing prevents you from just choosing the graphical or terminal install option.

Oh, I did not realise this. But then again it's not exactly the same (does not fallback to manual when no answer file), but that's ok.

Or - to say another way - if you have the need for the unattended installer to deploy to lot of server, you probably only use that one way anyway.

That is true, but it's nice to have PXE boot setup (as fallback) and simply have it reinstall (only when answer file served) or ready to be reinstalled manually just when OOB getting to it.

But you might not want this automatically, e.g. you already use DHCP option 250 for something else in your internal network or whatever.

Fair enough, but the combination of all these (i.e. if using DHCP 250 for something else, usually would be only serving it to the applicable network segment, especially that it's private use) is on the user.

In the end, this would mean making assumptions about the target network that you simply cannot reasonably make.

It's alright, I will have it then auto-created in a chain for that PXE anyhow, just I thought it would have been nice to ship it all in one.

Of course: https://git.proxmox.com/?p=pve-installer.git;a=tree

Thanks a lot! I was mostly asking for the reason that currently it does not take multiple --fetch-from options. Naturally, I would want it to try to look everywhere possible for the answer file and simply keep one ISO knowing I can throw anything at it.

 

[esi_y]

I just wanted to follow up on this after some days of testing various options. One pet peeve left.

(Besides no support for custom partitioning, but that is easy to workaround by installing minimal root with installer, then do the rest post-reboot.)

When I follow the logic from the Wiki regarding "Once the installation is complete and the host has booted up, automation tools like Ansible can be used to further configure the installation." there's the chicken egg issue with SSH.

Every install generates fresh keys (as a normal install should) that identify the host. It is indeed possible to change them afterwards, except of course it's done blindly, i.e. the TOFU (trust-on-first-use) issue comes up. So I can automate post-install, except I cannot really trust what it is that I am post-installing. This issue is beyond "trust", i.e. I want to be sure that I am not running playbook on entirely different machine.

There's multiple ways to address this, but rather than going at this one particular problem, could the auto-installer simply accept optional shell script (inline in the answer file) that it runs before the final reboot?

It would also help with e.g. notification the install has been finished.

 

[cheiss]

All that should be solved one the post-installation notification hook functionality gets applied and into an ISO: https://lore.proxmox.com/pve-devel/20240821094023.667806-1-c.heiss@proxmox.com/

TL;DR implements a simple mechanism which can send a JSON with all possible information about the newly installed system to a configurable endpoint (via POST request), including e.g. also the generated SSH host keys.

Meaning

Every install generates fresh keys (as a normal install should) that identify the host. It is indeed possible to change them afterwards, except of course it's done blindly, i.e. the TOFU (trust-on-first-use) issue comes up. So I can automate post-install, except I cannot really trust what it is that I am post-installing.

would be solved completely.

 

[esi_y]

would be solved completely.

Thank you very much, Christoph! Looks like Christmas came early this year, I mean usually when I find something like this, I check BZ, there's nothing there, then I file it and wait and wait. This time someone else already reported, it was implemented within a month and waiting just to be applied.

Thanks again!

 

[LM1117]

Hello,

if I understand correctly, this is not yet in the official ISO, right? How to build the ISO with the post-hook functionality? I tried pulling the git code but it seems the post-hook code is not yet in there. It would be lovely if you can provide a quick how-to-build the iso with the post-hook

Thank you very much beforehand