Console installation mode


1. About console installation mode

In the console installation mode during the OS installation to the computer, the user is prompted to accept the License agreement conditions, set up the OS parameters, confirm the installation, reboot the computer after the installation completion, and, if the installation is successful, perform the first boot of the installed OS.

The OS installer allows to select the OS regional settings, perform disk partitioning, select additional software packages to be installed, create user accounts, and setup sources for the OS installation.

Control buttons:
- [Next] --- move to the next screen;
- [Back] --- move to the previous screen;
- [Install] --- install the OS.

The following keys are used to navigate across the menu and to change settings (listed in the bottom of the screen):
- <Left>, <Right>, <Up> и <Down> --- move the cursor left, right, up and down respectively;
- <Tab> --- move between interface elements sequentially;
- <Space> --- open a drop-down list, select an option, press a button;
- <Esc> --- close a drop-down list or a window, cancel;
- <F1> --- view the installer help;
- <F10> --- finish the installer operation;
- <Ctrl+left Alt+FN> (where <FN> --- <F1> – <F7> function keys) --- switch to the respective console:
	- tty1 --- runs the installer;
	- tty2-tty6 --- for debug.


2. The installation type selection

On the <<Welcome>> screen, select on of the options from the <<Select the installation type>> list:

- <<Step by step installation>> --- the OS regular installation will be performed with a permanent administrator account created;

- <<OEM installation>> --- the OS installation to a device before its handout to an end user. A temporary administrator account will be created during the installation and deleted after its completion. Upon the installation completion the end user will be prompted to change the installed OS options and create the administrator account.

To move to the <<License>> screen, select the installation type and press [Next].


3. License

The <<License>> screen contains the text of the license agreement according to which the OS is shipped, the <<I accept the License agreement terms>> box, a brief description of control keys, the [Back] and the [Next] buttons.

To continue the installation, on the <<License>> screen perform the following:
1) select the security level as per the purchased licence;
	- base security level ("Orel");
	- advanced security level ("Voronezh");
	- maximum security level ("Smolensk").
	Note. The respective security functions will be available depending on the selected security level;
2) read the license conditions$
3) check the <<I accept the License agreement terms>> box to accept the license conditions; 
4) press [Next].

The License Agreement is also available at the developer's official website https://astra.ru/info/law/. 



4. OS parameters setup

When the license agreement conditions are accepted, the <<Settings>> screen is displayed to set the OS parameters.

On the <<Settings>> screen set up the installed OS parameters and perform disk partitioning.

The installed OS parameters are grouped by their type.


4.1. Regional settings

The <<Regional settings>> section of the <<Settings>> screen contains the OS locale parameters and time settings:
- in the <<Language switching field>>, select the keyboard shortcut to switch the input language. The <Alt+Shift> keyboard shortcut is used by default;
- in the <<System language>> field, select the installed OS language. Russian or English languages can be selected. Russian is selected by default;
- in the <<Time zone>> field, select the UTC time zone to adjust the system time;
- in the <<Additional settings>> menu: 
	- set time and date manually or enable time synchronization;
	- select a keyboard layout.

To manually set date and time:
- in the <<Additional settings>>, press <Enter>;
- in the open window, select <<Set date and time manually>>. The <<Date>> and <<Time>> fields will become available;
- click on the <<Date>> field and set the current date in the open calendar window;
- click on the <<Time>> field and set time in the open window;
- press [OK]. The <<Additional settings>> field in the <<Regional settings>> section of the <<Settings>> screen will be selected. The date and time will be set immediately and will remain after the OS installation is finished.

To enable time synchronization:
- in the <<Additional settings>>, press <Enter>;
- in the open window select <<Use network time settings>>;
- if required, in the <<NTP server>> field, enter the NTP server name;
- press [OK]. The <<Additional settings>> field in the <<Regional settings>> section of the <<Settings>> screen will be selected. The time synchronization will be enabled immediately and will stay enabled after the OS installation is finished.

To select a keyboard layout:
- in the <<Additional settings>>, press <Enter>;
- in the open window check the layouts to be available in the installed OS. Russian and English layouts are checked by default;
- press [OK]. The <<Additional settings>> field in the <<Regional settings>> section of the <<Settings>> screen will be selected. The keyboard layouts will be applied after the OS installation is finished.

4.2. Authorization settings

In the <<Authorization settings>> section of the <<Settings>> screen, set the password for the administrator account. The administrator username, the computer name and the bootloader password can be also set.

The created account type is different for different types of installation. 


4.2.1. <<Step by step installation>>: Authorization settings

If <<Step by step installation>> is selected, a permanent administrator account is set up. The other settings are the same as for the <<OEM installation>> type.

In the <<Authorization settings>> section of the <<Settings>> screen, set up the administrator account:
- in <<Password>> and <<Password confirmation>> fields, enter the password. The password must be at least 8 characters long. It is recommended to use a complex password containing characters from at least three of the following groups:
	- uppercase and/or lowercase Latin letters; 
	- digits; 
	- punctuation characters; 
	- math characters;
	- special characters.
- edit the <<Username>> name field to change the administrator account name. The default name for the administrator account is 'administrator'. The name must start with a lowercase Latin letter followed by any combination of lowercase Latin letters, digits and dashes. The name must be 1-32 characters long.

The computer name can be used for its network identification. In the <<Hostname>> field, enter the computer name. The computer name assigned by default follows the 'astra-<number>' pattern. If required, the computer name can be changed. The computer name may contain digits, uppercase and/or lowercase Latin letters, and dashes (<<->>). The computer name must not start or end with a dash (<<->>). The computer name must be 1-63 characters long.

The administrator's password is set as the bootloader password by default. To change the password, check <<Setup bootloader (GRUB) password>> and in the <<Password> and <<Password confirmation>> fields, enter the bootloader password (the requirements are the same as for the administrator's password).


4.2.2. <<OEM installation>>: Authorization settings

If the <<OEM installation>> type is selected, a temporary administrator account 'astra-oem' is set up by default, it is removed when the installation is completed. Upon the installation completion during the first login, the end user will be prompted to change the installed OS options and create the administrator account. The temporary administrator account name 'astra-oem' cannot be changed. The remaining settings of the temporary administrator account are set up similarly to <<Step by step>> installation.


4.3. Other settings

In the <<Additional settings>> section of the <<Settings>> screen, set up the disk partition layout, select the installed software, select the Linux kernel version, and specify additional packages to be installed.

To list the OS components, select <<OS Components>>, the following components are available for installation:
- <<SSH server>> --- an OpenSSH server for remote connections via SSH. The box is unchecked by default;
- <<Ufw firewall>> --- ufw firewall software with preset profiles. The box is checked by default. The box is inactive if the <<Virtualization tools>> box is checked;
- <<Virtualization tools>> --- virtualization environment creation tools and virtual machines basic management software. The box is unchecked by default.  If the Virtualization tools box is checked, the Ufw firewall box is inactive;
- <<Console utilities>> --- text interface software. The box is checked by default;
- <<Games>> --- a game suite. The box is unchecked by default;
- <<Multimedia>> --- audio and video players. The box is checked by default;
- <<Graphics tools>> --- graphic editors for vector and raster graphics. The box is checked by default;
- <<Office suite>> --- LibreOffice software and additional text editing tools, printing and scanning software. The box is checked by default;
- <<Internet suite>> --- internet browsers, email clients, etc The box is checked by default;
- <<Fly desktop>> --- desktop and Fly software graphics environment. If <<Step by step installation>> is selected, the box is checked by default. If the box is unchecked, the installed OS will only work in console mode. If <<OEM installation>> is selected, the box is checked and cannot be unchecked.

The required software suites should be checked. Packages required for the selected software suites will be installed automatically. To save the changes and return to the main settings, select [OK], to return to the main settings without saving the additional settings, select [Cancel].

The OS will be installed with the generic Linux kernel designed to be used in protected systems and providing information protection capabilities.

The generic kernel improves the system overall security, including the kernel stack cleaning (STACKLEAK), safe allocation of RAM areas, restriction of access to memory pages.

In the <<Additional packages>> field, additional packages to be installed in the OS can be specified. This requires:
- select <<Additional packages>>; 
- in the open window, list names of packages from the main repository on the installation media separated by spaces;
- press [OK]. If absent packages are specified, when [OK] is pressed, the <<Some packages are unavailable>> window will open with the list of unavailable packages. Delete these package names and press [OK].


4.4. Disk partitioning

To partition the disk, in the <<Other settings>> section, select the <<Device partitioning scheme>>.


4.4.1. Partitioning templates

The partitioning tools allow to:

1) select the disk partitioning profile;
2) select the device (disk) to be partitioned;
3) select the partitioning table --- GPT or MBR (msdos).

The disk (volume) to be partitioned must be selected from the <<Disk on which the system will be installed>> list.

To perform automatic partitioning, in the <<Disk partitioning config>> section, select the appropriate option:
1) <<AUTO: Use EXT4>> --- the profile for small disks (under 40 GB). Free space is not reserved for OS snapshots or upgrades;
2) << AUTO: Using LVM with EXT4 and a separate /home>> --- the partitioning profile to automatically reserve free disk space for OS snapshots or upgrades;
3) <<Protective conversion to EXT4>> --- a partitioning layout with protective scrambling of the disk space. When this template is selected a keyphrase will be requested (see Setting a keyphrase);
4) <<Protective conversion to LVM with EXT4 and separate /home>> --- a partitioning layout similar to <<Using LVM with EXT4 and a separate /home>> (see 2)), but with a protective scrambling of the disk space. When this template is selected a keyphrase will be requested (see Setting a keyphrase);

For manual partitioning, select one of the configs and change it.

To select the GPT partition table --- check the <<Use GPT partition table>> box, to select the MBR partition table --- uncheck the <<Use GPT partition table>> box.


4.4.2. Partitioning layout editing

Press <F2> to alter the selected partitioning config. 

Additional description of the partition layout editing is provided in the built-in help.

To display the built-in help on the partition layout editor screen, press <F1>.

The editor can do the following:
1) change the partitions file systems;
2) set or change partition labels;
3) set or change partition mount points;
4) delete partitions;
5) change the swap area;
6) create new partitions within the disk space freed up after other partitions deletion.

The disk partitioning is performed based on the recommendations for the future OS snapshots creation and further OS upgrades.

The recommended disk layout:
1) GPT partition table;
2) a '/boot' partition, at least 1 GB;
3) an LVM volume group, including:
	a) a root partition, at least 60 GB;
	b) a '/home' partition;
	c) at least 60 GB of free unallocated disk space.

The free space on the disk is recommended to be allocated in advance using specialized partitioning software. If required, free space can be also allocated using the installer.

For manual partitioning, edit, comment-out or delete the existing strings and add new ones.


4.4.3. Partition tables

ATTENTION! If the disk contains data and should be formated, the partition table must not be created. After free space allocation partitions required for the OS should be created.

If the disk is empty or can be formatted, a partition table must be created on it.

The msdos partition table is supported on all computers. However the msdos partition table does not support more than four primary partitions. The example describes partitioning using the GPT partition table.

To create a GPT partition table, enter the following string:
	clearpart --all --drives=/dev/<device> --disklabel=gpt


4.4.4. Boot partition

To create the boot partition, enter the following strings:
	bootloader --boot-drive=/dev/<device> --location=partition
	
	part /boot --label=boot --fstype=ext2 --size=1024 --asprimary


4.4.5. LVM volume group

An LVM volume group partition with the recommended configuration should use all the remaining free disk space. Otherwise the following size requirements should be met:
1) the root partition --- at least 60 GB;
2) the '/home' and other partitions --- as per the suggested use scenario.

Free space of at least 60 GB size reserved for the subsequent OS snapshots and upgrades can be both within the LVM volume group and outside it.

To create an LVM volume group, enter the following strings:
	part pv.lvm_part --grow --asprimary
	
	volgroup VG170 pv.lvm_part
	logvol / --fstype=ext4 --name=lv_root --vgname=VG170 --recommended
	logvol /home --fstype=ext4 --name=lv_home --vgname=VG170 --recommended


4.4.6. Swap area setup

The swap area is used to enable hibernation and to improve performance with  the insufficient amount of RAM.

The swap area can be allocated as a file and/or a partition. It is recommended to use a swap file rather than a swap partition.

A swap area is not required if the RAM volume exceeds 64 GB. If a swap area is not required, comment-out the swap file/partition strings.

To create a swap area, enter the following string:
	logvol swap --fstype=swap --name=lv_swap --vgname=VG170 --recommended --hibernation

To create a swap file, enter the following string:
	swapfile --path=/ --recommended

It is possible to create both a swap area and a swap file for the installed OS.


4.4.7. Partitioning finalization

Free unallocated space should be left within the LVM volume group to enable OS snapshots and further upgrades.

To finish the disk partitioning press [Apply], to discard changes press [Cancel].

Partitioning will be performed during the OS installation.


5. OEM installation and device hand over to end user

The <<OEM installation>> option is intended to install the OS to the device before its handout to the end user.

This type of installation creates a temporary administrator account which is deleted upon the installation completion.
 The installation type is selected on the <<Welcome>> screen.

Upon the installation completion during the first boot the OS setup wizard will launch and prompt the user to change the installed OS parameters and to create the administrator account.

Additional setup is possible during the OEM installation: additional packages installation or removal, the OS configuration, software autostart changes, etc. To enable it, on the <<Settings>> screen, uncheck the <<Hand over the device to the user>> box.

If the <<Hand over the device to the user>> box is unchecked, after the OS reboot it is possible to login with astra-oem temporary administrator account (the OS setup wizard will not launch at the OS first boot).

Perform additional OS setup in the astra-oem user session.

Upon the setup completion, to prepare the device for hand over to the end user, execute the `astra-installer-qt-oem-integration` script using one of the following methods:
- launch the OEM integration mode setup desktop shortcut;
- from the Start menu select Programs --- Tools --- OEM integration mode setup;
- run the following command in the terminal:
	sudo astra-installer-qt-oem-integration

After the script execution the device can be shut down.

The OS setup wizard will launch during the next OS boot.

After the OS setup wizard completion:
- the astra-installer-qt-oem-integration script will be deleted;
- the astra-oem temporary administrator account will be deleted.


6. OS installation

When all the required parameters on the <<Settings>> screen are set, and the disk is partitioned, move to the OS installation.

To reboot the computer automatically after the OS installation, check the <<Reboot computer after installation is complete>> box. The box is unchecked by default.

To start the OS installation select [Install], and in the confirmation dialog window select [Install] as well. After the confirmation, the OS installation progress bar will be displayed. 

To return to the previous installer screen, at any stage select [Back].

After the OS installation the progress and error messages log is available in the `/var/log/astra-installer.log` file. 

If the <<Reboot computer after installation is complete>> box is checked, the computer will reboot automatically after the OS installation completion. 

If the <<Reboot computer after installation is complete>>  box is unchecked, after the installation completion the computer must be rebooted manually by pressing [Reboot].


7. OS setup wizard

If the OEM installation type is selected, the OS setup wizard will be launched at the OS first boot.

The OS setup wizard allows the end user to create the administrator account and change the OS regional settings selected in the course of the OS installation.

For the OS setup wizard operation see it built-in help.
After the OS setup wizard completion the 'astra-oem' temporary administrator account will be deleted.
