Autoinstall.yaml for Ubuntu 26.04

Project Discussion Desktop
, ,
1

I hope that Autoinstall.yaml will be updated to support all the new features of the Ubuntu 26.04 installer.

Specifically, the following features are important to me:

  1. Support for preconfiguring HW FDE.
  2. Support for enabling and preconfiguring Landscape.
  3. Backup of the HW FDE recovery key in Landscape and Entra ID/Intune storage.
  4. Support for enabling and preconfiguring authd.
  5. Enabling automatic snap package updates.
  6. Support for download with authentication in the Autoinstall.yaml file location selection window.
  7. The ability to add additional software repositories with their signing keys (Microsoft, Google, etc.).

I would also like to be able to:

  1. Preset corporate (OEM) desktop wallpapers (with or without the option to block wallpaper changes).
  2. Be able to set a custom device name based on the serial number, for example, “text” - {{SERIAL}}.
  3. It would be nice to fix the already existing functions:
    shutdown: poweroff
    and
    debconf-selections: |
    ufw ufw/enable boolean true

These commands don’t work.

Why do we need this?
There are two scenarios:

  1. Provisioning a preset by downloading Autoinstall.yaml from a secure site for an employee who wants to install Ubuntu themselves.
  2. Silent and fully automatic installation of Ubuntu with the Autoinstall.yaml file in the root of the flash drive.
    This is necessary so that engineers can prepare a corporate laptop with Ubuntu on board for delivery to a new employee.
    Currently, due to the lack of the ability to preset authd, the user is created after the OS installation using the GDM wizard. The only interactive window is the network selection.

Example is below:

autoinstall:
  version: 1
  # Basic system configuration
  
  
  # Installer updates
  refresh-installer:
    update: true
    channel: stable/ubuntu-$REL

  #Automatically install OEM Kernel if recommended
  oem:
      install: auto
    
  # Make these sections interactive
  interactive-sections:
    - network

  # id on the Ubuntu Desktop ISO, install with the minimal (default) source
  source:
    id: ubuntu-desktop-minimal

  # Explicit storage configuration (Will be skipped because of Interactive selection)
  storage:
    layout:
      name: lvm
  
  # User and hostname configuration (Pre-fill values but allow user modification)
  identity:
    # GDM native solution after OS installation will open the wizard to set the options below:
    hostname: ""
    username: "" 
    password: ""
  
  # Additional software installation
  packages:
    - gufw
  snaps:
    - name: prompting-client
      channel: stable
    - name: desktop-security-center
      channel: stable

  # Start the ufw firewall automatically
  debconf-selections: |
    ufw ufw/enable boolean true

  drivers:
    install: true  # Third-party drivers for graphics/WiFi
  codecs:
    install: true  # Additional media formats
  
  # APT configuration (for selecting main software update source by default instead of the local mirror)
  apt:
    mirror-selection:
      primary:
        - uri: "http://archive.ubuntu.com/ubuntu"
          arches: [amd64, i386]
        - uri: "http://ports.ubuntu.com/ubuntu-ports"
          arches: [s390x, arm64, armhf, powerpc, ppc64el, riscv64]
    fallback: abort
    geoip: false
  
  # Updates, the type that will be downloaded and installed after the system installation, and before rebooting into the target system
  # Updates from both the security and updates pockets are installed.
  updates: all

  # Shutdown configuration
  shutdown: poweroff

  # Edge and Intune installation
  late-commands:
    # Install Prerequisites
    - curtin in-target -- apt update
    - curtin in-target -- apt install -y curl gpg

    # Install Microsoft GPG key
    - curtin in-target -- sh -c "curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/microsoft-edge.gpg"
    - curtin in-target -- sh -c "curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /usr/share/keyrings//microsoft.gpg"
    
    # Add Microsoft repositories
    - curtin in-target -- sh -c "echo 'deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main' > /etc/apt/sources.list.d/microsoft-edge.list"
    - curtin in-target -- sh -c "echo 'deb [arch=amd64] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main' > /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list"
    
    # Install Edge and Intune
    - curtin in-target -- apt update
    - curtin in-target -- apt install -y microsoft-edge-stable intune-portal
    - curtin in-target -- ufw --force enable
    # Restart Intune daemon to apply changes and avoid the Intune registration error "4u3gb"
    - curtin in-target -- systemctl restart intune-daemon.service || true