Skip to content

Using Ansible to install Arch Linux with LUKS and Btrfs

Automating the installation of Arch Linux is an ongoing topic in this blog. In the past, I often used meta packages, but this approach has some drawbacks. So I started trying out Ansible and created some playbooks that enable the automated remote installation of Arch Linux with different flavors: A simple setup (UEFI, and an Ext4-formatted system partition, no encryption, no swap) and a more complex setup (UEFI, a Btrfs-formatted system partition with a customizable subvolume structure, and - optional - LUKS encryption and a swap file).

Meta packages

There are different approaches to automate the installation of Arch Linux. One option is to create meta packages that contain the dependencies for the software packages to be installed, including the logic for activating services and defining system-wide configuration (I described this approach in a dedicated blog post). This works great, but has some disadvantages:

  • First, the meta package to be used for the installation, has to be present in the system (i.e., in the system that was started from the Arch Linux ISO). Therefore, it must be installed from a (custom) package repository (which must be configured in /etc/pacman.conf), downloaded from s server, or copied into the system in some other way.
  • Second, a meta package defines hard dependencies. I.e., it depends on the packages whose installation it is supposed to initiate. Now, once the installation is complete and some time has passed, it may happen that one of these packages is no longer needed and should be uninstalled. But that's not possible since the meta package depends on it. Therefore, in order to uninstall the package, the meta package would first have to be modified (the corresponding dependency would have to be removed) and then reinstalled or updated - quite cumbersome.

Custom ISOs

Creating a custom ISO based on the Arch Linux ISO is another option to automate the installation process. Arch Linux has all the tools to create such an image. This works fine (I tested that as well), but keeping a custom ISO up to date is very time-consuming - too time-consuming for me.

Installation scripts

And then, there are scripts that aim to facilitate the installation of Arch Linux. I gave archinstall a try. The installation can be done interactively, or via configuration file. I tried the second option, but was unable to create a configuration file that would install the system I wanted (LUKS encryption, btrfs). This may be due to my own incompetence, but I also found the archinstall documentation to be rather incomplete.

Ansible

Finally, I came across Ansible.

Ansible is an open source, command-line IT automation software application written in Python. It can configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more. (from ansible.com)

To install Arch Linux with Ansible, two computers are required:

  1. The one that is to be installed,
  2. and an Ansible host where ansible runs and from which the execution of the Ansible Python scripts on the other system is initiated via SSH.

Modules, tasks, roles, and playbooks

Ansible scripts are called modules. They are called/executed in tasks. These are grouped into roles, which in turn are combined into playbooks. All these entities can be configured with YAML files.

Ansible contains a large number of predefined modules: For executing bash scripts, partitioning block devices, creating file systems, mounting partitions, etc.

Playbooks for Arch Linux installation

From these modules, I created Ansible roles that mimic the different steps of the Arch Linux installation guide. I.e., there are roles for partitioning, creating file systems, mounting partitions, pacstrapping the system, generating fstab, generating initramfs, localization, etc. From these roles, I created two playbooks:

  • One installs a simple system with an UEFI partition, and a second Ext4-formatted system partition.
  • The other installs a more complex system, with an UEFI partition, and a Btrfs-formatted system partition. The system partition can have multiple Btrfs subvolumes (configurable). Also LUKS encryption and a swap file is possible. In fact, this is an automated version of the setup I described here.

There are numerous configuration options, see the configuration of my personal system (LUKS encrypted, Btrfs, swap file, German localization, GNOME desktop) as example.

Installation process

Once you have created the appropriate system configuration file on the Ansible host, the installation process itself is straightforward:

  1. Boot the system that is to be installed, create a password for root, start the SSH server, determine the IP address and the device path of the drive on which Arch Linux should be installed.

  2. On the Ansible host, add the IP address and the device path to the conifuration and run the appropriate Ansible playbook:

    $ ansible-playbook -k -i my_inventory.ini playbooks/luks_btrfs.yml

    Now the installation runs completely automated.

  3. After the installation is done, reboot the new Arch Linux system.

Managing secrets

Ansible contains a way to store secrets, such as passwords and passphrases: Ansible vault. I used this mechanism to store the initial password of the administraion user and the LUKS passphrase.

Comments