I couldn't find a way to set the variant as desktop in the autoinstall
file or command line.
Thus some shell scripting hackery runs curl to set the variant.
Also, GET /active_directory must provide user and domain, thus updating
the password and curl'ing again configures the AD controller.
When installing a package, try the package download up to three times
before giving up.
The install is only tried once.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
When apt is run as root, APT tries to drop privileges by setuid-ing to
the APT::Sandbox::User user (i.e., _apt by default). This does not work
for us when doing mirror testing because the default sandbox user does
not have access to the overlay. Therefore, APT produces a warning and
reverts to unsandboxed downloads.
Let's force apt to use unsandboxed downloads by setting root as the
sandbox user. This has the same result but avoids showing a warning in
the APT output during mirror testing.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
Sadly, passing an alternative config file to apt using -o CLI options
does not work because apt:
1) Reads the configuration file first
2) Reads CLI options (and override specified settings) second
Therefore, the default configuration file is always read, instead of the
one we supply.
To specify an alternative configuration file, the recommendation from
the apt maintainer is to supply an APT_CONFIG variable, hinting apt to
read said file instead of the default.
We now generate a temporary file, write the directives we need to it
using the python apt library, and then execute apt-get with a path to
this temporary file set in APT_CONFIG.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
AD is by nature an optional feature.
Yet, we need to make its model part of the POSTINSTALL_MODEL_NAMES set.
That would turn this into a required controller.
Thus, explicitly mark AD as configured
For as long as TUI doesn't have a matching controller.
In LP: #2008271, an invalid but reasonable-looking layout was supplied
in autoinstall, which makes it all the way to curthooks before failing
with an inscruitble and difficult to find error from ckbcomp.
Validate ahead of time these values.
Even though AD joining is not that critical.
I noticed in lab higher success rates when not specifying the computer
name option in realm join CLI.
But I'm not convident enough to say that this would behave better than
Ubiquity's original implementation, which does use the computer name
option.
It turns out that the `realm --install /target` does a chroot.
So curtin in target command is not necessary for that.
The same doesn't hold for pam-auth-update.
Setting hostnames is still a requirement, because realm calls adcli
under the hood, which doesn't go through chroot.