Automated Debian 11 Netinstall with Preseeding: Solving Hostname/Domain Prompt Issues in LUKS-BTRFS Setup


6 views

When building automated Debian installations, the hostname/domain prompts can be particularly stubborn. Here's how I created a truly universal preseed file that works across multiple servers without requiring individual hostname configuration.

The solution lies in these critical preseed directives:

d-i netcfg/get_hostname unassigned-hostname
d-i netcfg/get_domain unassigned-domain
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain seen true

Here's the full working preseed configuration that handles LUKS encryption, BTRFS filesystem, and remote SSH unlock:

### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/use_dhcp string true
d-i netcfg/get_hostname unassigned-hostname
d-i netcfg/get_domain unassigned-domain
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain seen true

### Partitioning for LUKS+BTRFS
d-i partman-auto/method string crypto
d-i partman-auto/disk string /dev/vda
d-i partman-auto/choose_recipe select boot-crypto
d-i partman-crypto/passphrase password your_encryption_pass
d-i partman-auto/expert_recipe string \
boot-crypto :: \
  1024 1024 1024 ext4 \
          $primary{ } $bootable{ } \
          method{ format } format{ } \
          use_filesystem{ } filesystem{ ext4 } \
          mountpoint{ /boot } \
  . \
  8192 8192 8192 linux-swap \
          $lvmok{ } lv_name{ swap } \
          in_vg { debian } \
          method{ swap } format{ } \
  . \
  80896 80896 1000000 btrfs \
          $lvmok{ } lv_name{ root } \
          in_vg { debian } \
          method{ format } format{ } \
          use_filesystem{ } filesystem{ btrfs } \
          mountpoint{ / } \
   .

The late_command section is crucial for post-install setup:

d-i preseed/late_command string \
  mkdir -p -m 700 /target/root/.ssh; \
  echo "ssh-ed25519 YOUR_PUB_KEY" > /target/root/.ssh/authorized_keys; \
  in-target chmod 0644 /root/.ssh/authorized_keys; \
  in-target update-alternatives --set editor /usr/bin/vim.basic; \
  in-target passwd --expire root; \
  in-target echo 'YOUR_PUB_KEY' > /etc/dropbear-initramfs/authorized_keys; \
  in-target sed -i '/*PasswordAuthentication*/c\PasswordAuthentication no' /etc/ssh/sshd_config; \
  in-target systemctl enable --now sshd; \
  in-target sed -i '/*DROPBEAR_OPTIONS=*/c\DROPBEAR_OPTIONS="-I 300 -j -k -p 22 -s -c /bin/cryptroot-unlock "' /etc/dropbear-initramfs/config; \
  in-target update-initramfs -u;

These kernel parameters in the GRUB configuration ensure complete automation:

linux /debian-installer/amd64/linux auto=true url=http://your.server/preseed.cfg \
net.ifnames=0 biosdevname=0 ipv6.disable=1 language=en locale=en_US.UTF-8 \
keymap=fr vga=788 noprompt DEBCONF_DEBUG=5 --- quiet

If you still encounter prompts:

  1. Check /var/log/syslog during installation
  2. Add DEBCONF_DEBUG=5 to kernel parameters
  3. Monitor tty4 (Alt+F4) for real-time debugging output

During automated Debian installations, the installer stubbornly prompts for hostname and domain information despite preseed configurations. Here's how to completely eliminate these prompts while maintaining universal applicability across multiple servers.

# The magic combination that works:
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain seen true

For a fully automated UEFI installation with LUKS encryption, BTRFS filesystem, and remote SSH decryption capability:

#### Partitioning Configuration ####
d-i partman-auto/method string crypto
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-auto/disk string /dev/vda
d-i partman-auto/choose_recipe select boot-crypto

# LUKS Passphrase
d-i partman-crypto/passphrase password your_secure_passphrase
d-i partman-crypto/passphrase-again password your_secure_passphrase

# Partition Layout
d-i partman-auto/expert_recipe string \
boot-crypto :: \
  1024 1024 1024 ext4 \
          $primary{ } $bootable{ } \
          method{ format } format{ } \
          use_filesystem{ } filesystem{ ext4 } \
          mountpoint{ /boot } \
  . \
  8192 8192 8192 linux-swap \
          $lvmok{ } lv_name{ swap } \
          in_vg { debian } \
          method{ swap } format{ } \
  . \
  80896 80896 1000000 btrfs \
          $lvmok{ } lv_name{ root } \
          in_vg { debian } \
          method{ format } format{ } \
          use_filesystem{ } filesystem{ btrfs } \
          mountpoint{ / } \
   . \

These settings ensure the installer won't pause for network information:

d-i netcfg/choose_interface select auto
d-i netcfg/use_dhcp string true
d-i netcfg/link_wait_timeout string 10
d-i netcfg/dhcp_timeout string 60

The late_command section configures SSH access for remote LUKS decryption:

d-i preseed/late_command string \
  mkdir -p -m 700 /target/root/.ssh; \
  echo "ssh-ed25519 YOUR_PUBLIC_KEY" > /target/root/.ssh/authorized_keys; \
  in-target chmod 0600 /root/.ssh/authorized_keys; \
  in-target echo 'YOUR_PUBLIC_KEY' > /etc/dropbear-initramfs/authorized_keys; \
  in-target update-initramfs -u;

For PXE boot scenarios, include these kernel parameters:

linux /debian-installer/amd64/linux auto=true \
  url=http://your.server/preseed.cfg \
  net.ifnames=0 biosdevname=0 \
  language=en locale=en_US.UTF-8 \
  keymap=fr \
  DEBCONF_DEBUG=5 \
  --- quiet

When troubleshooting automated installations:

  • Use DEBCONF_DEBUG=5 to get detailed logs
  • Check /var/log/syslog during installation
  • Monitor tty4 (Alt+F4) for debug output
  • Test with virtual machines before physical deployment