subiquity

Not possible to run interactive debconf scripts in late-commands

Bug #1960068 reported by Anton on 2022-02-04

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	subiquity	New	Undecided	Unassigned

Bug Description

With debian installer we were used to run an unattended installation with an interactive debconf-based script to join the server to AD domain. So the whole server setup (except hostname) is automatic and predefined and the only last step requires some input form user.
The script looks something like this:
#!/bin/sh
cat > /tmp/MyInstall.template <<'!EOF!'
Template: my-install/username
Type: string
Description: Username that will be used for joining the domain

Template: my-install/password
Type: password
Description: Password that will be used for joining the domain

Template: my-install/title
Type: title
Description: Credentials for joining the domain

Template: my-install/ou
Type: select
Choices: #LIST of OU's
Description: Credentials for joining the domain

!EOF!

debconf-loadtemplate snare-install /tmp/MyInstall.template
db_settitle my-install/title
db_input critical my-install/username || true
db_input critical my-install/password || true
db_input critical my-install/ou || true
db_go
db_get my-install/username
admin_user=$RET
db_get my-install/password
admin_password=$RET
db_get my-install/ou
ou=$RET
name="$(hostname -f)"
in-target /bin/bash -c "echo '$admin_password' | kinit $admin_user"
in-target klist
in-target msktutil --create --base $ou --service host --keytab /etc/krb5.keytab --upn host/$name --verbose

======================
With subiquity this is not working and none of the hacks that we tried helped. Joining server to domain after installation is a major inconvenience as you need to log in with local user account, and run those commands manually which can lead to errors.
It would be great to have scripts running in late-commands to have a way to interact with the user installing the server in one way or another.
This has been asked about by someone else here: https://askubuntu.com/questions/1376149/interact-with-user-from-subiquity-late-command so there is some demand.

Revision history for this message

Matthew L. Dailey (matthew-l-dailey) wrote on 2022-02-18:

Adding a "me too" to this. One specific example of something we've always done in a d-i late_command via preseed is to set a grub password. We do this is a late_command to make sure that the installer has finished installing grub before we attempt to alter the config.

Our package has a templates file that looks like:
Template: thayer-grub/username
Type: string
Description: GRUB Username:
GRUB menu username.

Template: thayer-grub/password
Type: password
Description: GRUB Password:
GRUB menu password.

And then a postinst that does this:
# Source debconf library.
. /usr/share/debconf/confmodule

# Get the username and password
db_get thayer-grub/username
USER="${RET}"
db_get thayer-grub/password
PASSWORD="${RET}"

With subiquity, we're trying to install this with a late-command like:
curtin in-target --target=/target -- apt-get -y install thayer-grub-efi

However, there's no frontend for debconf, so the user is never prompted:
Setting up thayer-grub-efi (0.1-3) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
Configuring thayer-grub-efi
---------------------------
GRUB menu username.
GRUB Username:
GRUB menu password.
GRUB Password:
Use of uninitialized value $_[1] in join or string at /usr/share/perl5/Debconf/DbDriver/Stack.pm line 111.
Use of uninitialized value $_[1] in join or string at /usr/share/perl5/Debconf/DbDriver/Stack.pm line 111.

Revision history for this message

Anton (user1553) wrote on 2022-02-21:

We've overcome the limitation after finding this post: https://discourse.ubuntu.com/t/automated-server-install-reference/16613/21

So wrapping your interactive script into:
==========================
  if ! chvt 3 &>/dev/null; then
    break
  fi

export TERM=linux
export NCURSES_NO_UTF8_ACS=1

printf "\ec"

=====================
your script here
=======================
  #Change back to tty1
  if ! chvt 1 &>/dev/null; then
    break
  fi
===========================
brings the interactivity to subuquity late-commands

Revision history for this message

Matthew L. Dailey (matthew-l-dailey) wrote on 2022-02-25:

Thanks, @Anton - We've been using this trickery in early-commands to customize the autoinstall yaml file and it seems to work in late-commands as well.

One related note that may help others. By the time late-commands is called, subiquity has unmounted all the bind filesystems in /target, so things like networking in the chroot don't work. If you need the chroot system to be more functional in late-commands, you need to wrap the above with:

for mount in dev proc run sys; do
mount --bind /${mount} /target/${mount}
done
<late-command chroot commands>
for mount in dev proc run sys; do
umount /target/${mount}
done

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.