debinstvaiovgnbz11en.txt



Performs one of the following tasks
  (i)   Installs a Debian operating system on an empty hard disk in such a
        manner that the root, swap, and individually structured data partitions
        get under control of LVM, whereat its physical volume lives on an
        encrypted disk partition.
  (ii)  Installs a Debian operating system on an hard disk as under (i), but
        without touching the data areas as they were created under (i).
  (iii) Performs some maintenance to keep the root file systems consistent
        if there are two of them.
        Creates a backup of a virgin Debian operating system as described
        under (i) or (ii), that is, a backup of an operating system that has
        never been executed.

Tested with a 64-bit SONY VAIO VGN-BZ11EN notebook equipped
    with 6 GB of RAM and a SATA SSD of 2 TB

  Create a boot medium using some file as
      firmware-9.6.0-amd64-i386-netinst.iso,
      for example
  Connect the machine to the Internet by means of an Ethernet interface
  Boot from the prepared installation medium
  Advanced options
  Expert install
  Choose language
    Language: English - English
    Country, territory or area: other
    Continent or region: Europe
    Country, territory or area: Germany
    Country to base default locale settings on: United States - en_US.UTF-8
    Additional locales: de_DE.UTF-8
                        de_DE
                        de_DE@euro
                        en_US
                        en_US.ISO-8858-15
                        es_ES.UTF-8
                        es_ES
                        es_ES@euro
    System locale: en_US.UTF-8
  Configure the keyboard
    Keymap to use: German
  Detect and mount CD-ROM
  Load installer components from CD
    Installer components to load: none
  Detect network hardware
  Configure the network
    Waiting time (in seconds) for link detection: 3
    ...
    Waiting time (in seconds) for link detection: 3
    Primary network interface: ... <pressEnter>
    # A suitable DHCP server is expected in the network.
    Auto-configure networking: <Yes>
    Waiting time (in seconds) for link detection: 3
    Hostname: ... <Continue>
    Domain name: ... <Continue>
  Set up users and passwords
    Enable shadow passwords: Yes
    Allow login as root: Yes
    Root password: <theRootPassword>
    Re-enter password to verify: <theRootPassword>
    Create a normal user account now: No
  Configure the clock
    Set the clock using NTP: Yes
    NTP server to use: 0.debian.pool.ntp.org
    Select your time zone: Europe/Berlin
  Detect disks
  <Ctrl>-<Alt>-<F2>
    cd /cdrom/pool/main
    udpkg -i l/lvm2/lvm2-udeb_2.02.168-2_amd64.udeb
    udpkg -i c/cryptsetup/libcryptsetup4-udeb_1.7.3-4_amd64.udeb
    udpkg -i p/popt/libpopt0-udeb_1.16-10+b2_amd64.udeb
    udpkg -i l/lvm2/dmsetup-udeb_1.02.137-2_amd64.udeb
    udpkg -i c/cryptsetup/cryptsetup-udeb_1.7.3-4_amd64.udeb
    uname -a
    # Consider subtle differences between the kernel module packages, if some.
    udpkg -i l/linux/crypto-dm-modules-4.9.0-8-amd64-di_4.9.130-2_amd64.udeb
    cd /
    depmod
    modprobe dm_crypt
    df
    cat /proc/swaps
    fdisk -l
#-------------------------------------------------------------------------------
#-- For (ii) and (iii) goto label OpenTheEncryptedContainer --------------------
#-------------------------------------------------------------------------------
    # Disk setup from scatch.
    fdisk /dev/sda
      p
      delete all partitions on /dev/sda
      p
      w
    dd bs=1M count=3000 if=/dev/zero of=/dev/sda
    fdisk /dev/sda
      p
      m
      g
      n
      1
      2048
      1050623 (512M)
      n
      2
      1050624
      2099199 (512M)
      n
      3
      2099200
      <pressEnter>
      t
      1
      4 (BIOS Boot)
      p
      w
    fdisk -l
    dd bs=1M if=/dev/urandom of=/dev/sda3 (this may take hours)
    cryptsetup --key-size 512 luksFormat /dev/sda3
    Are you sure ? (Type uppercase yes): YES
    Enter passphrase: <theDiskCryptPassPhrase>
    Verify passphrase: <theDiskCryptPassPhrase>
#-------------------------------------------------------------------------------
#-- LABEL: OpenTheEncryptedContainer -------------------------------------------
#-------------------------------------------------------------------------------
    cryptsetup open /dev/sda3 pvc0
    Enter passphrase for /dev/sda3: <theDiskCryptPassPhrase>
    cryptsetup status pvc0
    pvdisplay
#-------------------------------------------------------------------------------
#-- For (ii) and (iii) goto label ActivateVolumeGroupVg0 -----------------------
#-------------------------------------------------------------------------------
    pvcreate /dev/mapper/pvc0
    vgcreate vg0 /dev/mapper/pvc0
    pvdisplay
    lvcreate -L   12G vg0 -n swap
    lvcreate -L   50G vg0 -n root
    lvcreate -L   50G vg0 -n altroot
    lvcreate -L   10G vg0 -n mail
    lvcreate -L   12G vg0 -n u1
    lvcreate -L    2G vg0 -n u2
    lvcreate -L   50G vg0 -n u3
    lvcreate -L  400G vg0 -n crw
    lvcreate -L 1200G vg0 -n cro
    lvdisplay
    #
    # Just as a reminder, these would be the sequence to destroy all above.
    # lvremove -f vg0/cro
    # ...
    # lvremove -f vg0/swap
    # vgremove -f vg0
    # pvremove -y /dev/mapper/pvc0
    # cryptsetup close pvc0
    # End of reminder.
    #
    ls -al /dev/mapper
    dd bs=1M count=512 if=/dev/zero of=/dev/sda1
    mkfs.ext2 /dev/sda2
    mkswap /dev/vg0/swap
    mkfs.ext4 /dev/vg0/root
    mkfs.ext4 /dev/vg0/altroot
    mkfs.ext4 /dev/vg0/mail
    mkfs.ext4 /dev/vg0/u1
    mkfs.ext4 /dev/vg0/u2
    mkfs.ext4 /dev/vg0/u3
    mkfs.ext4 /dev/vg0/crw
    mkfs.ext4 /dev/vg0/cro
    swapon /dev/mapper/vg0-swap
    cat /proc/swaps
    swapoff /dev/mapper/vg0-swap
    cat /proc/swaps
#-------------------------------------------------------------------------------
#-- LABEL: ActivateVolumeGroupVg0 ----------------------------------------------
#-------------------------------------------------------------------------------
    ls -al /dev/mapper
    vgchange -ay vg0
    ls -al /dev/mapper
#-------------------------------------------------------------------------------
#-- For (i) and (ii) goto label BeforeMenuPointPartitionDisks ------------------
#-------------------------------------------------------------------------------
    #
    # Take the machine ID from vg0-altroot
    # if vg0-altroot is a prior installed root file system.
    #
    df
    mount -t ext4 /dev/mapper/vg0-root /mnt
    mkdir /mnt2
    mount -t ext4 /dev/mapper/vg0-altroot /mnt2
    ls -al /mnt2/etc/machine-id
    cat /mnt/etc/machine-id
    cat /mnt2/etc/machine-id
    cp /mnt2/etc/machine-id /mnt/etc/machine-id
    umount /mnt2
    rmdir /mnt2
    umount /mnt
    #
    # We changed the kernel RAM disk.
    # Maintain some sha1sum file in vg0-altroot
    # if vg0-altroot is a prior installed root file system.
    #
    df
    mount -t ext2 /dev/sda2 /mnt
    mkdir /mnt2
    mount -t ext4 /dev/mapper/vg0-altroot /mnt2
    cd /mnt
    sha1sum initrd.img-4.9.0-8-amd64 | sed 's,ini,/boot/ini,' > /tmp/sha1sum
    cat /tmp/sha1sum
    cat /mnt2/var/lib/initramfs-tools/4.9.0-8-amd64
    cp /tmp/sha1sum /mnt2/var/lib/initramfs-tools/4.9.0-8-amd64
    rm /tmp/sha1sum
    cd /
    umount /mnt2
    rmdir /mnt2
    umount /mnt
    #
    # Perform a nice backup.
    #
    df
    mount -t ext4 /dev/mapper/vg0-root /mnt
    mount -t ext2 /dev/sda2 /mnt/boot
    mount --bind /cdrom /mnt/media/cdrom
    cd /mnt
    mkdir /crw
    mount -t ext4 /dev/mapper/vg0-crw /crw
    ls -al /crw
    tar cpf /crw/RootDebian-960-amd64-i386-00.tar .
    mv /crw/RootDebian-960-amd64-i386-00.tar /mnt
    umount /crw
    rmdir /crw
    cd /
    umount /mnt/media/cdrom
    umount /mnt/boot
    umount /mnt
    # Reboot.
    <Ctrl>-<Alt>-<Del>
#-------------------------------------------------------------------------------
#-- LABEL: BeforeMenuPointPartitionDisks ---------------------------------------
#-------------------------------------------------------------------------------
    # We are going to install a new operating system.
    # Think of cleaning the following partitions before.
    dd bs=1M count=512 if=/dev/zero of=/dev/sda1
    mkfs.ext2 /dev/sda2
    mkfs.ext4 /dev/vg0/root
  <Ctrl>-<Alt>-<F1>
  Partition disks
    Manual
    Goto LVM VG vg0, LV root #1 and <pressEnter>
      # Uncommon behavior, hitting Enter does toggling in some cases.
      Partition settings: Use as: do no use <pressEnter>
      How to use this partition: Ext4 journaling file system
      Partition settings: Mount point: none <pressEnter>
      Mount point for this partition: / - the root file system
      Partition settings: Done setting up the partition
    Goto SCSI1 (...) (sda) #2 and <pressEnter>
      Partition settings: Use as: do no use <pressEnter>
      How to use this partition: Ext2 file system
      Partition settings: Mount point: none <pressEnter>
      Mount point for this partition: /boot - static files of the boot loader
      Partition settings: Done setting up the partition
    Finish partitioning and write changes to disk
    Write the changes to disk: Yes
  Install the base system
    Kernel to install linux-image-4.9.0-8-amd64
    Drivers to include in the initrd: generic: include all available drivers
  Configure the package manager
    Use a network mirror: No
    Services to use: <untagAll>
  Select and install software
    Participate in the package usage survey: No
    Choose software to install: <untagAll>
  Install the GRUB boot loader on an hard disk
    Install the GRUB boot loader to the master boot record: Yes
    Device for boot loader installation: /dev/sda
    Force GRUB installation to the EFI removable media path: No
  <Ctrl>-<Alt>-<F2>
    cd /target/etc
    echo pvc0 /dev/sda3 none luks > crypttab
    nano crypttab
      <Ctrl>-x
    cat crypttab
    echo /dev/mapper/vg0-swap none swap sw 0 0 > fstab
    echo /dev/mapper/vg0-root / ext4 errors=remount-ro 0 1 >> fstab
    echo /dev/sda2 /boot ext2 defaults 0 2 >> fstab
    nano fstab
      <Ctrl>-x
    cat fstab
    cd /target/etc/initramfs-tools
    # Due to the passphrase for the hard disk, early
    # USB keyboard support is of vital importance.
    echo usbcore >> modules
    echo uhci_hcd >> modules
    echo ehci_hcd >> modules
    echo ehci_pci >> modules
    echo usbhid >> modules
    echo hid_generic >> modules
    # Pay attention, update-initramfs will automatically
    # be excuted by Finish the installation below.
    nano modules
      <Ctrl>-x
    cat modules
    cd /
  <Ctrl>-<Alt>-<F1>
  Finish the installation
    Is the system clock set to UTC: Yes
    Remove the installation medium: continue
  Perform (iii)


Stephan K.H. Seidl