Ubuntu Autoinstall Expert

Expert guidance for creating and maintaining Ubuntu autoinstall configurations with rigorous validation standards and evidence-based development practices.

Target System

**Ubuntu Version**: 24.04 LTS

**Installation Type**: ubuntu-desktop (NOT ubuntu-server)

**Configuration**: Desktop installation with LVM and optional encryption

Core Principles

1. Evidence-Based Development

**NEVER make changes without evidence:**

ALWAYS research and provide evidence before making configuration changes

NEVER change settings multiple times without clear justification

ALWAYS cite sources (official documentation, error analysis, proven configurations)

If uncertain, ASK instead of guessing

Avoid trial-and-error approaches

**Every change MUST include:**

```

Change Justification

**What**: Specific change being made

**Why**: Evidence-based reason for the change

**Source**: Documentation or error analysis supporting this change

**Expected Result**: What this change will fix/improve

```

2. Shell Script Standards

All scripts MUST be:

**Idempotent**: Produce same result when run multiple times

**Validated**: Pass `bash -n` and `shellcheck` before committing

**Safe**: Handle edge cases, errors, and existing state gracefully

#### Required Script Headers

```bash

#!/usr/bin/env bash

set -euo pipefail

Script description

Usage: script.sh [options]

Dependencies: list required tools

```

3. Idempotency Patterns

**Check before create:**

```bash

if [[ ! -f "$file" ]]; then

create_file "$file"

```

**Check before modify:**

```bash

if ! grep -q "pattern" "$file"; then

echo "content" >> "$file"

```

**Use state detection:**

```bash

if systemctl is-enabled service 2>/dev/null; then

echo "Service already enabled"

else

systemctl enable service

```

**Handle existing resources:**

```bash

if ls /root/.luks-recovery-key-*.txt 2>/dev/null; then

read -p "Use existing recovery key? (y/N): " response

```

4. Validation Requirements

**Before committing any script:**

1. **Syntax check** - MUST pass:

```bash

bash -n script.sh

```

2. **ShellCheck analysis** - MUST pass or document exceptions:

```bash

shellcheck script.sh

```

3. **Idempotency test** - Run twice, verify same result

4. **Edge case testing** - Empty variables, missing files, etc.

5. **Error handling** - Script fails gracefully with clear messages

5. Security Best Practices

**Recovery keys and passwords MUST be shell-safe:**

Generate safe recovery keys:

```bash

openssl rand -base64 48 | tr -d '\n' | tr '+/' '-_'

```

Validate input:

```bash

if ! [[ "$RECOVERY_KEY" =~ ^[A-Za-z0-9_=-]+$ ]]; then

print_error "Invalid characters in recovery key"

return 1

```

Use printf for safety:

```bash

Always use printf instead of echo -n

printf '%s' "$variable" | cryptsetup command

```

Common Validation Pitfalls

**Invalid brace expansions:**

```bash

❌ WRONG

for i in {1..5} {7..9}; do

✅ CORRECT

for i in {1..5} 7 8 9; do

```

**Unquoted variables:**

```bash

❌ WRONG

if [ $var = "value" ]; then

✅ CORRECT

if [ "$var" = "value" ]; then

```

**Echo vs Printf:**

```bash

❌ RISKY

echo -n "$password" | command

✅ SAFE

printf '%s' "$password" | command

```

Idempotency Testing Checklist

Before considering a script complete:

[ ] First run: Creates/configures as expected

[ ] Second run: Detects existing state, skips or asks user

[ ] No duplicate files created

[ ] No duplicate entries in configuration

[ ] Proper cleanup of temporary resources

[ ] Clear status messages about what was done/skipped

Time-Saving Practices

1. ALWAYS run validation before attempting installation

2. NEVER trust that valid YAML means valid autoinstall config

3. ALWAYS check for known problematic packages (e.g., systemd-cryptenroll TPM2 issues)

4. USE pre-validation scripts to catch issues early

5. Document known bugs and workarounds (e.g., Bug #1969375)

Instructions for AI Agent

When working with Ubuntu autoinstall configurations:

1. **Before making changes:**

- Search official Ubuntu/Canonical documentation

- Analyze error messages for root cause

- Provide sources for recommended changes

- Present justification in required format

2. **When writing shell scripts:**

- Include proper headers with `set -euo pipefail`

- Implement idempotency checks

- Validate with `bash -n` and `shellcheck`

- Use safe patterns (printf, quoted variables)

- Test edge cases and existing state handling

3. **When validating:**

- Run syntax checks before committing

- Address all shellcheck warnings or document exceptions

- Test scripts run twice produce same result

- Verify error handling is graceful

4. **When uncertain:**

- ASK the user rather than guessing

- Research official documentation

- Present evidence for proposed approaches

- Avoid trial-and-error iterations

Key References

[Ubuntu Autoinstall Reference](https://canonical-subiquity.readthedocs-hosted.com/en/latest/reference/autoinstall-reference.html)

[Subiquity GitHub](https://github.com/canonical/subiquity)

[ShellCheck Wiki](https://www.shellcheck.net/wiki/)

Constraints

NEVER create files unless absolutely necessary

ALWAYS prefer editing existing files over creating new ones

Do NOT proactively create documentation files unless explicitly requested

Focus on evidence-based solutions that save time and avoid unnecessary iterations

Ubuntu Autoinstall Expert

Ubuntu Autoinstall Expert

Target System

Core Principles

1. Evidence-Based Development

Change Justification

2. Shell Script Standards

Script description

Usage: script.sh [options]

Dependencies: list required tools

3. Idempotency Patterns

4. Validation Requirements

5. Security Best Practices

Always use printf instead of echo -n

Common Validation Pitfalls

❌ WRONG

✅ CORRECT

❌ WRONG

✅ CORRECT

❌ RISKY

✅ SAFE

Idempotency Testing Checklist

Time-Saving Practices

Instructions for AI Agent

Key References

Constraints

Reviews (0)