ISO-based
ISO-based unattended installation is ideal for automating Airlock Gateway deployments in on-premises environments. It allows for consistent, repeatable installations without manual intervention, making it suitable for large-scale deployments or environments requiring rapid provisioning.
Airlock Gateway supports two alternative methods of ISO-based unattended installation:
Method | Typical use case | How kernel parameters are applied |
|---|---|---|
Automated kernel-line injection | Building a virtual machine template with an automation tool (e.g., Packer) | A helper injects the parameters at the boot loader prompt (no ISO editing). |
Modified ISO image | Installing bare-metal or virtual machines without interaction | The ISO image itself is unpacked, the boot loader configuration file is edited, and the image is repacked. |
Alternative A: automated kernel-line injection (Packer example)
To enable unattended installation, automation tools such as HashiCorp Packer can inject kernel parameters into the boot process of the virtual machine. Specifically the VMware ISO builder in Packer, can be used with VMware products. The boot_wait and boot_command builder options can be used to enter kernel parameters via the boot loader at the start of the boot process:
{
"type": "vmware-iso",
...
"iso_url": "./airlock_ISO_x64_8.5.iso",
"iso_checksum": "none",
"boot_wait": "5s",
"boot_command" : [
"<home>", "<tab>",
"alinst.interactive=0 alinst.rootpw=xxxx alinst.dhcp=1" , "<enter>"
],
"ssh_username": "root",
"ssh_password": "xxxxxx",
"ssh_timeout": "60m",
...
}- The ellipses (
...) indicate that this example is incomplete. alinst.interactive=0switches the installer to fully automated mode.- Any other kernel parameter (i.e.,
static ip=, proxy settings, debug flags) can be appended the same way.
Alternative B: modified ISO image (Linux open-source tools example)
Prerequisites
- Linux workstation
- xorriso – to extract and re-author the ISO filesystem
- isohybrid – to make the rebuilt ISO image bootable from USB and optical media
Creating a modified ISO image
- Unpack the original ISO image.
ISO=./airlock_ISO_x64_8.5.iso DEST=./isotmp xorriso -no_rc -osirrox on:auto_chmod_on \ -indev "$ISO" -extract "/" "$DEST"- For both BIOS and EFI boot modes, adapt the respective boot loader configuration file as follows:
- Extend the kernel command line defined in these files with the required kernel parameters.
- Add at least
alinst.interactive=0to disable interactive prompts andalinst.sshkey=(preferred) oralinst.rootpw=as authentication option.
- Notice
We recommend to update both boot loader configuration files consistently to ensure the resulting ISO image remains universally bootable.
Example of a modified EFI boot loader configuration file (
$DEST/EFI/BOOT/grub.cfg):- Example
menuentry 'Install Airlock Gateway' { linuxefi /images/pxeboot/vmlinuz \ inst.stage2=hd:LABEL=Airlock \ inst.ks=hd:LABEL=Airlock:/airlock/kickstart/airlock_install.cfg \ alinst.interactive=0 alinst.sshkey="ssh-ed25519 AAAA..." initrdefi /images/pxeboot/initrd.img } Example of a modified BIOS boot loader configuration file (
$DEST/isolinux/isolinux.cfg):- Example
label Airlock menu label Install Airlock Gateway menu default # make this entry the default kernel vmlinuz append initrd=initrd.img \ inst.stage2=hd:LABEL=Airlock \ inst.ks=hd:LABEL=Airlock:/airlock/kickstart/airlock_install.cfg \ alinst.interactive=0 alinst.sshkey="ssh-ed25519 AAAA..." - Notice
This entry must be set as the default boot option. Ensure that the line
menu defaultis present in this entry and removed from all other boot entries. - Repack the ISO image.
- Example
source "${DEST}/airlock/create-iso.inc" eval $(create_airlock_iso_cmd "${DEST}" ./airlock_auto.iso) - The resulting
airlock_auto.isofile boots on BIOS and UEFI systems and starts the installation without user interaction.
Once the Gateway boots for the first time, continue with System provisioning to create an admin account and issue a JWT for REST-based automation.