Linux/Xen/DomU/Ubuntu/Ubuntu 14.04 LTS: Difference between revisions
(Created page with "===Ubuntu 14.04 LTS=== Start this process on a existing Ubuntu system. Does not have to be a 14.04 system. You will need to have debootstrap installed and may need to update ...") |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 41: | Line 41: | ||
Install the kernel image, SSH server and the full version of vim | Install the kernel image, SSH server and the full version of vim | ||
apt-get install linux-image | apt-get install linux-image-3.13.0-24-generic | ||
apt-get install openssh-server | apt-get install openssh-server | ||
apt-get install vim | apt-get install vim | ||
| Line 96: | Line 96: | ||
auto eth0 | auto eth0 | ||
iface eth0 inet dhcp | iface eth0 inet dhcp | ||
</syntaxhighlight> | |||
====GRUB==== | |||
Setup a basic grub config in "/boot/grub/menu.lst" | |||
<syntaxhighlight lang="bash"> | |||
default 0 | |||
timeout 2 | |||
title Ubuntu 14.04 | |||
root (hd0,0) | |||
kernel /boot/vmlinuz-3.13.0-24-generic root=/dev/xvda1 ro console=hvc0 | |||
initrd /boot/initrd.img-3.13.0-24-generic | |||
title Ubuntu 14.04 (Single-User) | |||
root (hd0,0) | |||
kernel /boot/vmlinuz-3.13.0-24-generic root=/dev/xvda1 ro single console=hvc0 | |||
initrd /boot/initrd.img-3.13.0-24-generic | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 124: | Line 143: | ||
DSA_KEY=/etc/ssh/ssh_host_dsa_key | DSA_KEY=/etc/ssh/ssh_host_dsa_key | ||
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key | ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key | ||
ED25519_KEY=/etc/ssh/ssh_host_ed25519_key | |||
| Line 163: | Line 183: | ||
chmod 600 $ECDSA_KEY | chmod 600 $ECDSA_KEY | ||
chmod 644 $ECDSA_KEY.pub | chmod 644 $ECDSA_KEY.pub | ||
echo "OK" | |||
else | |||
echo "FAIL" | |||
exit 1 | |||
fi | |||
fi | |||
} | |||
do_ed25519_keygen() { | |||
if [ ! -s $ED25519_KEY ]; then | |||
echo -n "Generating SSH2 ED25519 host key: " | |||
rm -f $ED25519_KEY | |||
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >/dev/null; then | |||
chmod 600 $ED25519_KEY | |||
chmod 644 $ED25519_KEY.pub | |||
echo "OK" | echo "OK" | ||
else | else | ||
| Line 174: | Line 209: | ||
do_dsa_keygen | do_dsa_keygen | ||
do_ecdsa_keygen | do_ecdsa_keygen | ||
do_ed25519_keygen | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 202: | Line 238: | ||
====Final Cleanup==== | ====Final Cleanup==== | ||
Set a hostname. | |||
Remove /etc/udev/rules.d/70-persistent-net.rules so that network comes up clean when the image is booted for the first time. | Remove /etc/udev/rules.d/70-persistent-net.rules so that network comes up clean when the image is booted for the first time. | ||
Remove SSH host keys so that new ones get generated on first boot. | Remove SSH host keys so that new ones get generated on first boot. | ||
Set a root password | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
echo 'trusy' > /etc/hostname | |||
rm /etc/udev/rules.d/70-persistent-net.rules | rm /etc/udev/rules.d/70-persistent-net.rules | ||
rm /etc/ssh/ssh_host_* | rm /etc/ssh/ssh_host_* | ||
passwd root | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 22:44, 9 May 2014
Ubuntu 14.04 LTS
Start this process on a existing Ubuntu system. Does not have to be a 14.04 system. You will need to have debootstrap installed and may need to update debootstrap so it has the correct script for 14.04.
Create a empty image file and format it with ext3.
dd if=/dev/zero of=ubuntu_trusty.img bs=1M count=1 seek=1024 mkfs.ext3 ubuntu_trusty.img
Create a directory to mount the image on. Using '/mnt/img' for this example.
mkdir /mnt/img mount -oloop ubuntu_trusty.img /mnt/img
Start the debootstrap process.
debootstrap trusty /mnt/img/
Once that completes, copy your existing /etc/apt/sources.list to the new image so we can run updates.
cp /etc/apt/sources.list /mnt/img/etc/apt/
Mount the necessary system files so that we can enter the new root filesystem with chroot.
mount --bind /dev /mnt/img/dev mount --bind /dev/pts /mnt/img/dev/pts mount -t proc proc /mnt/img/proc mount -t sysfs sys /mnt/img/sys chroot /mnt/img
Run updates and install a language pack.
apt-get update apt-get install language-pack-en-base apt-get upgrade
Configure the system timezone.
dpkg-reconfigure tzdata
Install the kernel image, SSH server and the full version of vim
apt-get install linux-image-3.13.0-24-generic apt-get install openssh-server apt-get install vim
To use the Xen console 'xm console (domU)' you need to setup a tty on /dev/hvc0. Create the file '/etc/init/hvc0.conf' with this content.
# This service maintains a getty on hvc0 from the point the system is
# started until it is shut down again.
start on stopped rc RUNLEVEL=[2345] and (
not-container or
container CONTAINER=lxc or
container CONTAINER=lxc-libvirt)
stop on runlevel [!2345]
respawn
exec /sbin/getty -8 38400 hvc0
The default udev rules for 13.10 ignore Xen generated MAC addresses so you won't get a '/etc/udev/rules.d/70-persistent-net.rules' This causes your network interfaces not to come up.
Edit '/lib/udev/rules.d/75-persistent-net-generator.rules' and comment these lines. Here's the changes in patch/diff format.
@@ -21,7 +21,7 @@ KERNEL!="eth*|ath*|wlan*[0-9]|msh*|ra*|s
GOTO="persistent_net_generator_end"
# ignore Xen virtual interfaces
-SUBSYSTEMS=="xen", GOTO="persistent_net_generator_end"
+#SUBSYSTEMS=="xen", GOTO="persistent_net_generator_end"
# ignore UML virtual interfaces
DRIVERS=="uml-netdev", GOTO="persistent_net_generator_end"
@@ -75,7 +75,7 @@ ENV{MATCHADDR}=="00:0c:29:*|00:50:56:*|0
ENV{MATCHADDR}=="00:15:5d:*", ENV{MATCHADDR}=""
ENV{MATCHADDR}=="52:54:00:*|54:52:00:*", ENV{MATCHADDR}=""
ENV{MATCHADDR}=="08:00:27:*", ENV{MATCHADDR}=""
-ENV{MATCHADDR}=="00:16:3e:*", ENV{MATCHADDR}=""
+#ENV{MATCHADDR}=="00:16:3e:*", ENV{MATCHADDR}=""
# ignore Windows Azure Hyper-V virtual interfaces
ENV{MATCHADDR}=="00:03:ff:*", ENV{MATCHADDR}=""
Configure your '/etc/network/interfaces' for DHCP
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto eth0
iface eth0 inet dhcp
GRUB
Setup a basic grub config in "/boot/grub/menu.lst"
default 0
timeout 2
title Ubuntu 14.04
root (hd0,0)
kernel /boot/vmlinuz-3.13.0-24-generic root=/dev/xvda1 ro console=hvc0
initrd /boot/initrd.img-3.13.0-24-generic
title Ubuntu 14.04 (Single-User)
root (hd0,0)
kernel /boot/vmlinuz-3.13.0-24-generic root=/dev/xvda1 ro single console=hvc0
initrd /boot/initrd.img-3.13.0-24-generic
Configure a basic fstab
# Begin /etc/fstab
# <file system> <mount-point> <type> <options> <dump> <pass>
/dev/sda1 / ext3 defaults,errors=remount-ro 0 0
proc /proc proc defaults 0 0
# End /etc/fstab
SSH host keys fix
Since this image will get cloned and used to create new virtual machines we don't want to re-use the same keys for every virtual machine. Ubuntu won't regenerate SSH host keys if you delete them from /etc/ssh. So we need a script to check the host keys and regenerate them if needed.
Create /lib/init/ssh_gen_key and paste this in,
#!/bin/sh
# Some variables to make things more readable
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n "Generating SSH2 RSA host key: "
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
echo "OK"
else
echo "FAIL"
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo -n "Generating SSH2 DSA host key: "
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
echo "OK"
else
echo "FAIL"
exit 1
fi
fi
}
do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then
echo -n "Generating SSH2 ECDSA host key: "
rm -f $ECDSA_KEY
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >/dev/null; then
chmod 600 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
echo "OK"
else
echo "FAIL"
exit 1
fi
fi
}
do_ed25519_keygen() {
if [ ! -s $ED25519_KEY ]; then
echo -n "Generating SSH2 ED25519 host key: "
rm -f $ED25519_KEY
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >/dev/null; then
chmod 600 $ED25519_KEY
chmod 644 $ED25519_KEY.pub
echo "OK"
else
echo "FAIL"
exit 1
fi
fi
}
do_rsa_keygen
do_dsa_keygen
do_ecdsa_keygen
do_ed25519_keygen
chmod 755 /lib/init/ssh_gen_keys
Edit /etc/init/ssh.conf
@@ -20,6 +20,7 @@ pre-start script
test -c /dev/null || { stop; exit 0; }
mkdir -p -m0755 /var/run/sshd
+ /lib/init/ssh_gen_keys
end script
# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
Firewall
apt-get install iptables
apt-get install ufw
ufw allow OpenSSH
ufw enable
Final Cleanup
Set a hostname.
Remove /etc/udev/rules.d/70-persistent-net.rules so that network comes up clean when the image is booted for the first time.
Remove SSH host keys so that new ones get generated on first boot.
Set a root password
echo 'trusy' > /etc/hostname
rm /etc/udev/rules.d/70-persistent-net.rules
rm /etc/ssh/ssh_host_*
passwd root