Machine/template-precise

VM Creation (host part)
virt-install --prompt -v --accelerate --nographics -x console=ttyS0,115200 \ --name template-precise --vcpus=3 --ram $((1*1024)) \ --os-type=linux --os-variant=ubuntuprecise --network bridge:br0 \ --disk path=/var/lib/libvirt/images/template-precise-boot.img,bus=virtio,size=0.25 \ --disk path=/dev/VG/template-precise-root,bus=virtio,size=10 \ --location http://ubuntu.media.mit.edu/ubuntu/dists/precise/main/installer-amd64/

The new VM will boot into the installer. Answer all questions with the defaults, except:


 * 1) Hostname: template-precise
 * 2) Mirror: enter information manually
 * 3) Mirror hostname: ubuntu.media.mit.edu
 * 4) (create your user with a strong password and no encrypted home)
 * 5) Partitioning: manual (see Partitioning below)
 * 6) Automatically install security updates
 * 7) Software selection:
 * Basic Ubuntu Server
 * OpenSSH server


 * 1) GRUB: let the installer setup grub on /dev/vba (which contains /boot)

Partitioning
The goal is to have a small disk file for the MBR and /boot, and a larger raw filesystem in an LVM Logical Volume. We don't want the LV to be partitioned because this makes it harder to resize, mount, etc.

Now create a partition table in the smallest disk (256MB) and create a single partition in it. Format this partition as ext4, labeled "boot" and mounted as /boot.

The installer won't let you format the entire disk as a filesystem, so go ahead and partition the 10GB disk too, then create a primary partition in it and format it as ext4, mounted as / and labeled "template-precise" ("template-precise-root" would exceed the ext4 limit).

We'll have to fix the disk later.

Switch the root filesystem to an LV
When the machine is offline, go to the host to recreate the root filesystem directly as an LV (as opposed to a partitioned volume)

Use fdisk to check at what offset the first partition starts (usually 2048):

fdisk -l /dev/justice/template-precise-root

Use the loopback device to mount the partition inside the LV:

mkdir /mnt/template-precise-root mount /dev/justice/template-precise-root -o loop,offset=$((63 * 512)) /mnt/template-precise-root

Now create and format a new LV:

lvcreate -L 10G -n template-precise-root2 VG mkfs.ext4 -L template-precise -O flex_bg,extent,uninit_bg,sparse_super /dev/justice/template-precise-root2 tune2fs -c -1 -i 0 /dev/justice/template-precise-root2 mkdir /mnt/template-precise-root2 mount /dev/justice/template-precise-root2 /mnt/template-precise-root2

Move the files over:

rsync -HAXphax --numeric-ids /mnt/template-precise-root/ /mnt/template-precise-root2/

VERY IMPORTANT! Dismount the filesystems before starting your VM:

umount /mnt/template-precise-root /mnt/template-precise-root2

Get rid of the old root and rename the new one on top of it

lvremove /dev/justice/template-precise-root lvrename justice template-precise-root2 template-precise-root

Configuration (serial console part)
After the installation, the machine will boot automatically and you'll be dropped into the serial console. You can return to the console at any time by doing:

virsh console template-precise

Login with your installation username and password, then become root:

sudo -i

move the VM in the future.
 * Adjust /etc/fstab to mount the filesystems from "LABEL=boot" and "LABEL=template-precise". This makes it a bit easier to
 * Adjust /etc/default/grub:
 * Set `GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200"` (and remove the obnoxious "quiet splash")
 * Uncomment GRUB_DISABLE_LINUX_UUID
 * Update grub: `update-grub`


 * Get rid of the restricted repositories from /etc/apt/sources.list (virtual machines don't need any non-free drivers anyway).
 * Add a few useful packages and remove useless ones:

apt-get install git-core apt-get install etckeeper bash-completion strace munin-node postfix vim apt-get purge memtest86+ landscape-common

When prompted on how to configure postfix, say "Internet site". Afterwards, edit `/etc/postfix/main.cs` by hand and set `inet_interfaces = loopback-only` and restart postfix.


 * Monitor mail for root:

echo >>/etc/aliases "root: systems-logs@lists.sugarlabs.org" newliases


 * Switch to the virtual kernel:

apt-get install linux-image-virtual linux-virtual apt-get purge linux-image-generic linux-generic linux-headers-generic apt-get autoremove update-grub


 * Setup etckeeper:

vim /etc/etckeeper/etckeeper.conf # comment out bzr, enable git etckeeper init etckeeper commit "Initial commit" cd /etc && git gc

Network interface setup
We use 6to4 to reach the closest IPv6 anycast relay. Append the following to /etc/network/interfaces:

auto eth0 iface eth0 inet static address 18.85.44.67 netmask 255.255.255.0 gateway 18.85.44.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 18.71.0.151 18.70.0.160 18.72.0.3 dns-search sugarlabs.org

auto tun6to4 iface tun6to4 inet6 v4tunnel # printf "2002:%02x%02x:%02x%02x::1\n" `echo $IPV4ADDR | tr. ' '`	address 2002:1255:2c43::1 netmask 16 gateway ::192.88.99.1 endpoint any local 18.85.44.67

Add these to /etc/sudoers:

Defaults   env_keep+="SSH_AUTH_SOCK"
 * 1) bernie: forward ssh-agent

%sudo ALL=(ALL:ALL) NOPASSWD: ALL
 * 1) bernie:


 * Install your ssh keys to /root/.ssh/authorized_keys and to your user account. Also install the wizbackup keys for Service/backup.

Additional configuration (ssh part)
Log in with "ssh -A template-precise.sugarlabs.org" to forward your ssh-agent and copy files from sunjammer

rsync -aP bernie@sunjammer.sugarlabs.org:/usr/src/devtools/ /usr/src/devtools/ ln -sf /usr/src/devtools/sysadm/bashrc.sh /etc/skel/.bashrc ln -sf /usr/src/devtools/sysadm/bashrc.sh /root/.bashrc ln -sf /usr/src/devtools/sysadm/zzz_profile.sh /etc/profile.d/zzz_profile.sh ln -sf /usr/src/devtools/conf/vimrc /etc/vim/vimrc.local

vim /etc/bash.bashrc # comment out code messing with PS1 vim /etc/login.defs # set umask 002


 * Create /etc/zzz_profile.conf:

HOST_COLOR='\033[1;40;37m'


 * Disable PasswordAuthentication in /etc/ssh/sshd_config, then restart ssh


 * Set a blank password for root, to be used to log in from the console only


 * You can copy users from sunjammer and install their ssh keys in one command:

sunjammer# remote-useradd host user


 * Insert into /etc/munin/munin.node:

allow ^208\.118\.235\.53$    # sunjammer.sugarlabs.org allow ^2001:4830:134:7::11$  # sunjammer.sugarlabs.org (IPv6)
 * 1) bernie


 * Add/remove munin plugins

cd /etc/munin/plugins rm df_inode entropy forks fw_packets http_loadtime if_err_eth0 open_files open_inodes threads uptime processes proc_pri postfix_mailqueue postfix_mailvolume swap