用LUKS解决桌面Ubuntu自动安装问题

Question

我正在尝试使用云init& autoinstall对Ubuntu自动安装程序进行故障排除。理想情况下，我试图在安装程序运行后对笔记本电脑上的主OS磁盘进行加密和分区。以下文件中的所有内容都正常工作，但存储部分除外，在以交互式方式运行安装程序之后，我已经复制了这个部分。

下面是用户数据文件，在查看了几个不同的资源之后，我将它们放在一起：

autoinstall:
  version: 1
  refresh-installer:  # start with an up-to-date installer
  update: yes
  channel: stable     # update from the ubuntu stable branch only
  interactive-sections:  # Install groups listed here will wait for user input
    - network
    - identity

  locale: en_US.UTF-8
  keyboard:
    layout: us
  ssh:
    allow-pw: false
    install-server: false
  storage:
    config:
    - grub_device: false
      id: disk-nvme0n1
      name: ''
      path: /dev/nvme0n1
      preserve: false
      ptable: gpt
      serial: KINGSTON SNVS1000G_50026B7784415179
      type: disk
      wipe: superblock
      wwn: eui.00000000000000000026b77844151795
    - device: disk-nvme0n1
      flag: boot
      grub_device: true
      id: partition-0
      number: 1
      preserve: false
      size: 536870912
      type: partition
      wipe: superblock
    - fstype: fat32
      id: format-0
      preserve: false
      type: format
      volume: partition-0
    - device: disk-nvme0n1
      flag: ''
      grub_device: false
      id: partition-1
      number: 2
      preserve: false
      size: 1073741824
      type: partition
      wipe: superblock
    - fstype: ext4
      id: format-1
      preserve: false
      type: format
      volume: partition-1
    - device: disk-nvme0n1
      flag: ''
      grub_device: false
      id: partition-2
      number: 3
      preserve: false
      size: 998591430656
      type: partition
      wipe: superblock
    - id: dm_crypt-0
      keyfile: /tmp/luks-key-em_r7gfw
      preserve: false
      type: dm_crypt
      volume: partition-2
    - devices:
      - dm_crypt-0
      id: lvm_volgroup-0
      name: ubuntu-vg
      preserve: false
      type: lvm_volgroup
    - id: lvm_partition-0
      name: ubuntu-lv
      preserve: false
      size: 107374182400B
      type: lvm_partition
      volgroup: lvm_volgroup-0
      wipe: superblock
    - fstype: ext4
      id: format-2
      preserve: false
      type: format
      volume: lvm_partition-0
    - device: format-2
      id: mount-2
      path: /
      type: mount
    - device: format-1
      id: mount-1
      path: /boot
      type: mount
    - device: format-0
      id: mount-0
      path: /boot/efi
      type: mount
    version: 1

  apt:
    preserve_sources_list: false
    primary:
    - arches: [amd64, i386]
      uri: http://us.archive.ubuntu.com/ubuntu
    - arches: [default]
      uri: http://ports.ubuntu.com/ubuntu-ports
    conf: | # APT config
      APT {
        Get {
          Assume-Yes "true";
          Fix-Broken "true";
        };
      };
    sources:
      ignored1:  # for yaml formatting. below adds graphics drivers ppa
        source: ppa:graphics-drivers/ppa

  snaps:
    - name: slack
      classic: true
      channel: stable

  packages: 
    - build-essential
    - ubuntu-desktop
    - dkms
    # Zoom dependencies
    - libgl1-mesa-glx
    - libegl1-mesa
    - libxcb-xtest0
    - libxcb-xinerama0
    # - wormhole for an easy to use encrypted file transfer
    - wormhole
    - emacs
    #- Commented out desktop environments for future selection menu via grub
    #- ubuntu-mate-desktop
    #- xfce4
    #- kde-full
    - git
    - libreoffice
    # pavucontrol for bluetooth/pulseaudio
    - pavucontrol
    #- gnome-session - used for ubuntu-minimal-desktop
    #- gdm3 - ubuntu-minimal-desktop
    # ClamAV packages
    - clamav
    - clamtk
    #- clamtk-gnome
    - clamav-daemon
    - clamav-docs
    # - chrome & some dependencies for the user experience
    - google-chrome-stable
    - chromium-codecs-ffmpeg-extra
    # Bluetooth dependencies
    - bluez-btsco
    - bluez-dbg
    - bluez-hcidump
    - bluez-tools
    - libbluetooth3-dbg
    # End of Bluetooth dependencies
    # These packages are for adding a repo that requires https, in particular for Sublime Text which we install later
    - dirmngr
    - gnupg
    - apt-transport-https
    - ca-certificates
    - software-properties-common
    - sublime-text
    # End https repo/sublime dependencies
    # Uncomment for OEM kernel
    #- linux-oem-20.04b

  package_update: true
  package_upgrade: true

  late-commands:
    # Transfer RHR wallpaper from USB to user backgrounds
    # Changing from networkd to NetworkManager
    # move existing config out of the way
    - find /target/etc/netplan/ -name "*.yaml" -exec sh -c 'mv "$1" "$1-orig"' _ {} \;
    # Create a new netplan and enable it
    - |
      cat <

我试着注释了存储中的“串行”部分，以查看这是否会做出更改，但是，甚至复制存储部分的curtin-install-cfg.yaml的输出似乎都不起作用。

我发现这个bug报告似乎暗示未来可能会出现一些更简单的东西，但还没有出现：https://bugs.launchpad.net/subiquity/+bug/1913986

在建立这一框架时，引用了以下内容：

• https://ubuntu.com/server/docs/install/autoinstall-reference#storage
• https://curtin.readthedocs.io/en/latest/topics/storage.html
• https://www.pugetsystems.com/labs/hpc/How-To-Make-Ubuntu-Autoinstall-ISO-with-Cloud-init-2213/

PGP键的Chrome和崇高文本已经被省略，因为长度，但他们正在工作。只是无法获得存储设置！

如有任何指导，将不胜感激！

Answer 1

只是在黑暗中拍摄，基于我与此的斗争，但我认为您的问题是卷组声明。

这应该是可行的(我知道这是毫无意义的)：

- devices: [dm_crypt-0]
  id: lvm_volgroup-0
  name: ubuntu-vg
  preserve: false
  type: lvm_volgroup

下面是一个正在工作的自动安装LUKS--使用存储配置：

  storage:
    grub:
      update_nvram: true
      remove_duplicate_entries: true
      probe_additional_os: false
      reorder_uefi: false
    swap:
      filename: swap.img
      maxsize: 8GB
    config:
# Disks
      - id: disk0
        type: disk
        ptable: gpt
        wipe: superblock
        grub_device: false
        match:
          ssd: yes
          size: largest
# Partitions
      - id: bios
        type: partition
        device: disk0
        size: 1MB
        flag: bios_grub
      - id: esp 
        type: partition
        device: disk0
        grub_device: true
        size: 512MB
        flag: boot
      - id: boot
        type: partition
        device: disk0
        size: 1GB
# LVM Physical Volumes and DM-CRYPT disk encryption
      - id: pv
        type: partition 
        device: disk0
        size: -1
      - id: client_encrypted
        type: dm_crypt
        preserve: false
        key: 'SECRET_KEY'
        volume: pv
# LVM Volume Groups and Partitions
      - id: volumegroup
        name: ubuntu-volumegroup
        type: lvm_volgroup
        devices: [client_encrypted]
        preserve: false
      - id: lv_root
        name: root 
        volgroup: volumegroup
        size: 100%
        type: lvm_partition
# Filesystems
      - id: esp_filesystem
        type: format
        volume: esp
        fstype: fat32
        label: EFI 
      - id: boot_filesystem
        type: format
        volume: boot 
        fstype: ext4
      - id: root_filesystem
        type: format 
        fstype: ext4
        volume: lv_root
# Filesystem Mountpoints
      - id: esp_mount
        type: mount
        device: esp_filesystem
        path: /boot/efi
      - id: boot_mount
        type: mount
        device: boot_filesystem
        path: /boot
      - id: root_mount
        type: mount
        device: root_filesystem
        path: /

Answer 2

用户数据文件的问题可能是您指定了加密密码在安装后存储的"keyfile“。该/tmp目录是键在安装后存储的位置，每次自动安装时都可能发生更改。

不要在yaml中指定密钥文件dir，而是用" key“键指定实际的密码。

钥匙：

密钥密钥指定加密密钥的密码。目标系统将提示输入此密码，以便挂载磁盘。

键盘文件：

密钥文件包含加密密钥密码的/tmp dir。

必须提供一个密钥和密钥文件。

示例：

- id: lvm_partition_1
  type: dm_crypt
  dm_name: crypto
  volume: sdb1
  key: changeme