A colleague and I are currently trying to get autoyast running for openSUSE 13.1. Our Clients are all Fujitsu x86_64 machines, the newer ones mostly consist of P-Series machines. Our autoyast installation works for the most part, but we have two problems that we consider to be major blockers:
We want all network devices to automatically obtain their addresses via DHCP. Most machines only have one onboard gigabit ethernet controller, but we might consider installing notebooks via autoyast, too. So far (openSUSE 12.3) we relied on the network device name (eth0) to configure the appropriate settings in our autoyast.xml file, but as you probably know, openSUSE 13.1 relies on a different, non-udev but persistent naming system and as such we might be getting different names for what was previously known as eth0 on all PCs. Is there a way to tell autoyast that all network devices should use DHCP by default, or is there an easy way to find out the name of the onboard ethernet device so that we can write a script to configure the appropriate settings?
After packages are copied onto the HDD, autoyast reboots into a not-yet-ready openSUSE installation and continues installing. At one point of the installation, I think right before post-installation scripts are ran, the system just waits until we press a few keys (arrow keys only, for example) on the keyboard. We’ve tried to locate the problem, but as the error only occurs sometimes, we don’t really know what to look for. It occurs with our without having scripts of our own in our autoyast.xml, so we think the problem lies somewhere else. We also had the same problems with 12.3, but we’d really like to get autoyast running without having to manually intervene this time.
I’ll try to specify what I wrote above when I get access to our testing environment again, but maybe Fujitsu hardware or autoyast-network-configurations are propular enough to make this a known problem for a more experienced openSUSE systems administrator
The workaround for problem 1 (i.e. using the installer network configuration for the installed client) does what we want it to do for most of our clients. Until we find a better way to set network parameters, we will be using this.
Problem 2 can be avoided by deleting the plymouth-package before rebooting for the first time. As we don’t need an animated boot-image, this workaround works quite well for us (and we could probably install plymouth at a later time if we ever needed it).
As getting autoyast to run was quite the adventure for us, I’m posting an anonymized version of our autoyast configuration here. I might put this in a wiki in the future. Comments welcome.
Our configuration is split into 4 files:
autoyast.xml
<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns" xmlns:xi="http://www.w3.org/2001/XInclude">
<add-on>
<add_on_products config:type="list">
<listentry>
<media_url><![CDATA[http://our-suse-repository.domain/os13.1/filesystems/]]></media_url> <!-- change these to your own repository (or online repositories) -->
<product_dir>/</product_dir>
<name>Filesystems</name>
</listentry>
<listentry>
<media_url><![CDATA[http://our-suse-repository.domain/os13.1/packman/]]></media_url>
<product_dir>/</product_dir>
<name>Packman</name>
</listentry>
<listentry>
<media_url><![CDATA[http://our-suse-repository.domain/os13.1/education/]]></media_url>
<product_dir>/</product_dir>
<name>Education</name>
</listentry>
<listentry>
<media_url><![CDATA[http://our-suse-repository.domain/os13.1/update-nonoss/]]></media_url>
<product_dir>/</product_dir>
<name>Updates-NonOSS</name>
</listentry>
<listentry>
<media_url><![CDATA[http://our-suse-repository.domain/os13.1/update/]]></media_url>
<product_dir>/</product_dir>
<name>openSuSE-Updates</name>
</listentry>
<listentry> <!-- our own repository with patched packages. change/remove this -->
<media_url><![CDATA[http://our-suse-repository.domain/os13.1/ouraddons/]]></media_url>
<product_dir>/</product_dir>
<name>Our-Addons</name>
</listentry>
</add_on_products>
</add-on>
<bootloader>
<device_map config:type="list">
<device_map_entry>
<firmware>hd0</firmware>
<linux>/dev/sda</linux>
</device_map_entry>
</device_map>
<global>
<append> resume=/dev/disk/by-label/swap splash=silent quiet showopts</append>
<append_failsafe>showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe</append_failsafe>
<default>openSUSE 13.1</default>
<distributor>openSUSE 13.1</distributor>
<gfxbackground>/boot/grub2/themes/openSUSE/background.png</gfxbackground>
<gfxmode>auto</gfxmode>
<gfxtheme>/boot/grub2/themes/openSUSE/theme.txt</gfxtheme>
<hiddenmenu>false</hiddenmenu>
<lines_cache_id>3</lines_cache_id>
<os_prober>true</os_prober>
<terminal>gfxterm</terminal>
<timeout config:type="integer">8</timeout>
</global>
<loader_type>grub2</loader_type>
<sections config:type="list">
<section>
<append>resume=/dev/disk/by-label/swap splash=silent quiet showopts</append>
<image>/boot/vmlinuz-3.11.6-4-default</image>
<lines_cache_id>0</lines_cache_id>
<menuentry>openSUSE 13.1</menuentry>
<name>openSUSE 13.1</name>
<root>/dev/disk/by-label/root</root>
<type>image</type>
<usage>linux</usage>
</section>
<section>
<append>resume=/dev/disk/by-label/root splash=silent quiet showopts</append>
<image>/boot/vmlinuz-3.11.6-4-default</image>
<lines_cache_id>1</lines_cache_id>
<menuentry>Erweiterte Optionen für openSUSE 13.1>openSUSE 13.1, mit Linux 3.11.6-4-default</menuentry>
<name>Erweiterte Optionen für openSUSE 13.1>openSUSE 13.1, mit Linux 3.11.6-4-default</name>
<root>/dev/disk/by-label/root</root>
<type>image</type>
<usage>linux</usage>
</section>
<section>
<append>showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe</append>
<image>/boot/vmlinuz-3.11.6-4-default</image>
<lines_cache_id>2</lines_cache_id>
<menuentry>Erweiterte Optionen für openSUSE 13.1>openSUSE 13.1, mit Linux 3.11.6-4-default (Wiederherstellungsmodus)</menuentry>
<name>Erweiterte Optionen für openSUSE 13.1>openSUSE 13.1, mit Linux 3.11.6-4-default (Wiederherstellungsmodus)</name>
<root>/dev/disk/by-label/root</root>
<type>image</type>
<usage>linux_failsafe</usage>
</section>
</sections>
</bootloader>
<deploy_image>
<image_installation config:type="boolean">false</image_installation>
</deploy_image>
<!-- firewall entry didn't work for us in 13.1, so we removed it and made a seperate script -->
<general>
<ask-list config:type="list"/>
<mode>
<confirm config:type="boolean">false</confirm>
<final_halt config:type="boolean">false</final_halt>
<final_reboot config:type="boolean">true</final_reboot>
<halt config:type="boolean">false</halt>
<second_stage config:type="boolean">true</second_stage>
</mode>
<mouse>
<id>none</id>
</mouse>
<proposals config:type="list"/>
<signature-handling> <!-- as we are still testing, we left this in a very insecure state but will enable verifications in the final script - CHANGE THIS! -->
<accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum>
<accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key>
<accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key>
<accept_unsigned_file config:type="boolean">true</accept_unsigned_file>
<accept_verification_failed config:type="boolean">true</accept_verification_failed>
<import_gpg_key config:type="boolean">true</import_gpg_key>
</signature-handling>
<storage/>
</general>
<groups config:type="list"/>
<keyboard>
<keymap>german</keymap>
</keyboard>
<language>
<language>de_DE</language>
<languages>en_US,de_DE</languages>
</language>
<login_settings/>
<networking>
<dns>
<dhcp_hostname config:type="boolean">false</dhcp_hostname>
<domain>site</domain>
<hostname>hostXXXX</hostname>
<resolv_conf_policy/>
<write_hostname config:type="boolean">false</write_hostname>
</dns>
<ipv6 config:type="boolean">false</ipv6>
<keep_install_network config:type="boolean">true</keep_install_network>
<managed config:type="boolean">false</managed>
<routing>
<ip_forward config:type="boolean">false</ip_forward>
</routing>
</networking>
<ntp-client>
<ntp_policy>auto</ntp_policy>
<peers config:type="list">
<peer>
<address>ntp1.our-ntp-server.domain</address>
<options>iburst</options>
<type>server</type>
</peer>
<peer>
<address>ntp2.our-ntp-server.domain</address>
<options>iburst</options>
<type>server</type>
</peer>
<peer>
<address>ntp3.our-ntp-server.domain</address>
<options>iburst</options>
<type>server</type>
</peer>
</peers>
<start_at_boot config:type="boolean">true</start_at_boot>
<start_in_chroot config:type="boolean">false</start_in_chroot>
<sync_interval config:type="integer">5</sync_interval>
<synchronize_time config:type="boolean">false</synchronize_time>
</ntp-client>
<!-- this here includes the three other files. don't forget the config-namespace in them! -->
<xi:include href="http://our-suse-repository.domain/os13.1/partitioning.xml" />
<xi:include href="http://our-suse-repository.domain/os13.1/files.xml" />
<xi:include href="http://our-suse-repository.domain/os13.1/software.xml" />
<!-- we have a <printer> </printer> part here, but it's tailored to our domain. use your own if necessary -->
<report>
<errors>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
</errors>
<messages>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
</messages>
<warnings>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
</warnings>
<yesno_messages>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
</yesno_messages>
</report>
<runlevel>
<default>5</default>
</runlevel>
<scripts> <!-- edited this hugely. we have a long script here to start services and create some symlinks, but this (again) is tailored to our domain and not that interesting for outsiders. I only kept the part that starts certain services because we couldn't get autoyasts own way of doing so to work -->
<post-scripts config:type="list">
<script>
<debug config:type="boolean">true</debug>
<feedback config:type="boolean">false</feedback>
<feedback_type/>
<filename>main-script</filename>
<interpreter>shell</interpreter>
<location><![CDATA[]]></location>
<network_needed config:type="boolean">false</network_needed>
<notification>AFS-Integration</notification>
<source><![CDATA[#! /bin/bash
# Stelle den Start einiger Dienste sicher
systemctl enable SuSEfirewall2
systemctl enable smartd
systemctl disable avahi-daemon
systemctl disable pcscd
systemctl disable nscd
ln -s /usr/lib/systemd/system/cups.service /etc/systemd/system/multi-user.target.wants/cups.service
]]></source>
</script>
</post-scripts>
</scripts>
<security>
<console_shutdown>reboot</console_shutdown>
<cracklib_dict_path>/usr/lib/cracklib_dict</cracklib_dict_path>
<cwd_in_root_path>no</cwd_in_root_path>
<cwd_in_user_path>no</cwd_in_user_path>
<disable_restart_on_update>no</disable_restart_on_update>
<disable_stop_on_removal>no</disable_stop_on_removal>
<displaymanager_remote_access>no</displaymanager_remote_access>
<displaymanager_root_login_remote>no</displaymanager_root_login_remote>
<displaymanager_shutdown>all</displaymanager_shutdown>
<displaymanager_xserver_tcp_port_6000_open>no</displaymanager_xserver_tcp_port_6000_open>
<fail_delay>0</fail_delay>
<gid_max>60000</gid_max>
<gid_min>1000</gid_min>
<group_encryption>md5</group_encryption>
<hibernate_system>active_console</hibernate_system>
<kernel.sysrq>1</kernel.sysrq>
<lastlog_enab>yes</lastlog_enab>
<net.ipv4.ip_forward>0</net.ipv4.ip_forward>
<net.ipv4.tcp_syncookies>1</net.ipv4.tcp_syncookies>
<net.ipv6.conf.all.forwarding>0</net.ipv6.conf.all.forwarding>
<pass_max_days>99999</pass_max_days>
<pass_min_days>0</pass_min_days>
<pass_min_len>8</pass_min_len>
<pass_warn_age>7</pass_warn_age>
<passwd_encryption>sha512</passwd_encryption>
<passwd_remember_history>0</passwd_remember_history>
<passwd_use_cracklib>yes</passwd_use_cracklib>
<permission_security>secure</permission_security>
<run_updatedb_as>nobody</run_updatedb_as>
<runlevel3_extra_services>no</runlevel3_extra_services>
<runlevel3_mandatory_services>yes</runlevel3_mandatory_services>
<runlevel5_extra_services>no</runlevel5_extra_services>
<runlevel5_mandatory_services>yes</runlevel5_mandatory_services>
<smtpd_listen_remote>no</smtpd_listen_remote>
<sys_gid_max>499</sys_gid_max>
<sys_gid_min>100</sys_gid_min>
<sys_uid_max>499</sys_uid_max>
<sys_uid_min>100</sys_uid_min>
<syslog_on_no_error>yes</syslog_on_no_error>
<systohc>yes</systohc>
<uid_max>60000</uid_max>
<uid_min>500</uid_min>
<useradd_cmd>/usr/sbin/useradd.local</useradd_cmd>
<userdel_postcmd>/usr/sbin/userdel-post.local</userdel_postcmd>
<userdel_precmd>/usr/sbin/userdel-pre.local</userdel_precmd>
</security>
<sysconfig config:type="list"> <!-- removed a few domain-specific settings here. change or remove this if you don't need kde4/dhcp last lease usage -->
<sysconfig_entry>
<sysconfig_key>DISPLAYMANAGER</sysconfig_key>
<sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path>
<sysconfig_value>kdm4</sysconfig_value>
</sysconfig_entry>
<sysconfig_entry>
<sysconfig_key>DISPLAYMANAGER_KDM_THEME</sysconfig_key>
<sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path>
<sysconfig_value></sysconfig_value>
</sysconfig_entry>
<sysconfig_entry>
<sysconfig_key>DHCLIENT_USE_LAST_LEASE</sysconfig_key>
<sysconfig_path>/etc/sysconfig/network/dhcp</sysconfig_path>
<sysconfig_value>no</sysconfig_value>
</sysconfig_entry>
</sysconfig>
<timezone>
<hwclock>UTC</hwclock>
<timezone>Europe/Berlin</timezone>
</timezone>
<user_defaults>
<group>100</group>
<groups/>
<home>/home</home>
<inactive>0</inactive>
<no_groups config:type="boolean">true</no_groups>
<shell>/bin/bash</shell>
<skel>/etc/skel</skel>
</user_defaults>
<users config:type="list">
<user>
<encrypted config:type="boolean">true</encrypted>
<user_password>$6$11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111.</user_password> <!-- encrypted password for root. you need to change this ;) -->
<username>root</username>
<shell>/bin/bash</shell>
</user>
</users>
</profile>
<partitioning xmlns:config="http://www.suse.com/1.0/configns" config:type="list">
<drive>
<device>/dev/sda</device> <!-- we don't use GPT or LVM for our clients. We don't have a local /home, but you might want one -->
<initialize config:type="boolean">true</initialize>
<partitions config:type="list">
<partition>
<create config:type="boolean">true</create>
<crypt_fs config:type="boolean">false</crypt_fs>
<filesystem config:type="symbol">swap</filesystem>
<format config:type="boolean">true</format>
<fstopt>defaults</fstopt>
<label>swap</label>
<loop_fs config:type="boolean">false</loop_fs>
<mount>swap</mount>
<mountby config:type="symbol">label</mountby>
<partition_id config:type="integer">130</partition_id>
<partition_nr config:type="integer">1</partition_nr>
<resize config:type="boolean">false</resize>
<size>2G</size>
</partition>
<partition>
<create config:type="boolean">true</create>
<crypt_fs config:type="boolean">false</crypt_fs>
<filesystem config:type="symbol">ext4</filesystem>
<format config:type="boolean">true</format>
<fstopt>acl,user_xattr</fstopt>
<label>root</label>
<loop_fs config:type="boolean">false</loop_fs>
<mount>/</mount>
<mountby config:type="symbol">label</mountby>
<partition_id config:type="integer">131</partition_id>
<partition_nr config:type="integer">2</partition_nr>
<resize config:type="boolean">false</resize>
<size>40G</size>
</partition>
<partition> <!-- you won't need this partition if you don't use openafs -->
<create config:type="boolean">true</create>
<crypt_fs config:type="boolean">false</crypt_fs>
<filesystem config:type="symbol">ext2</filesystem>
<format config:type="boolean">true</format>
<fstopt>acl,user_xattr</fstopt>
<label>afs</label>
<loop_fs config:type="boolean">false</loop_fs>
<mount>/var/cache/openafs</mount>
<mountby config:type="symbol">label</mountby>
<partition_id config:type="integer">131</partition_id>
<partition_nr config:type="integer">3</partition_nr>
<resize config:type="boolean">false</resize>
<size>16G</size>
</partition>
<partition> <!-- if you don't want an alternative for /tmp, just delete this and enter "max" somewhere else -->
<create config:type="boolean">true</create>
<crypt_fs config:type="boolean">false</crypt_fs>
<filesystem config:type="symbol">ext4</filesystem>
<format config:type="boolean">true</format>
<label>data</label>
<loop_fs config:type="boolean">false</loop_fs>
<mount>/tmp2</mount>
<mountby config:type="symbol">label</mountby>
<partition_id config:type="integer">131</partition_id>
<partition_nr config:type="integer">4</partition_nr>
<pool config:type="boolean">false</pool>
<raid_options/>
<resize config:type="boolean">false</resize>
<size>max</size>
<subvolumes config:type="list"/>
</partition>
</partitions>
<pesize/>
<type config:type="symbol">CT_DISK</type>
<use>all</use>
</drive>
</partitioning>
software.xml
<software xmlns:config="http://www.suse.com/1.0/configns" >
<kernel>kernel-desktop</kernel>
<instsource>http://our-suse-repository.domain/os13.1/install/</instsource> <!-- change this -->
<packages config:type="list">
<package>glibc-locale</package> <!-- ncurses-Interface in stage 2 does not show text if this package isn't installed; bugzilla ID 849255 -->
</packages>
<patterns config:type="list"> <!-- packages here are needed for autoyast to work properly -->
<pattern>base</pattern>
<pattern>sw_management</pattern>
<pattern>yast2_install_wf</pattern>
<pattern>yast2_basis</pattern>
</patterns>
<post-patterns config:type="list"> <!-- optional patterns, we use kde4 for our clients. -->
<pattern>enhanced_base</pattern>
<pattern>kde4</pattern>
<pattern>kde4_basis</pattern>
</post-patterns>
<post-packages config:type="list"> <!-- you won't need these packages if you aren't using kerberos or openafs. Just delete them if you want to. -->
<package>krb5-appl-clients</package>
<package>krb5-client</package>
<package>krb5-devel</package>
<package>krb5-doc</package>
<package>krb5-ticket-watcher</package>
<package>openafs</package>
<package>openafs-client</package>
<package>openafs-docs</package>
<package>openafs-kmp-desktop</package>
<package>openafs-krb5-mit</package>
<package>pam-devel-32bit</package>
<package>pam-modules-32bit</package>
<package>pam_krb5</package>
<package>pam_krb5-32bit</package>
<package>pam_mount-32bit</package>
<package>pam_ssh-32bit</package>
<package>puppet</package>
<package>sssd</package>
<package>sssd-32bit</package>
<package>syslog-ng</package>
<package>zsh</package>
</post-packages>
<remove-packages config:type="list">
<package>ypbind</package>
<package>plymouth</package> <!-- our clients tend to hang during stage two if plymouth is installed -->
<package>rsyslog</package>
</remove-packages>
</software>
files.xml
<files xmlns:config="http://www.suse.com/1.0/configns" config:type="list">
<file>
<file_contents><![CDATA[We have loads of <file>-entries, but they shouldn't be
too interesting for other administrators. I left this in so that other people know we use this feature
in autoyast and that it works (at least for 13.1 and 12.3).
]]></file_contents>
<file_owner>root</file_owner>
<file_path>/etc/somefile</file_path>
<file_permissions>644</file_permissions>
</file>
</files>
That looks really nice, thanks. We can’t really add all the software we want onto a DVD (too many packages/too big), but this will probably simplify creating our own minimal installation source quite a bit.
This is not exactly what you are asking for, but unless you really want to use the new device naming scheme, you can probably get around the whole by adding biosdevname=0 as boot and autoyast parameter, so to revert to the old style naming scheme.
Ok, let’s agree on this then: both biosdevname and net.ifnames disable different things, and could be necessary to keep an eye on both, like in 1029815 – net.ifnames=0 don't work
Interesting reading coming from that bug report : I wasn’t aware of the “combined policy”[1] mentioned in there.