Infrastructure Team/Template virtual machine lucid

From Sugar Labs
Jump to: navigation, search

This procedure documents how our template Karmic image was created and configured

VM Creation

virt-install --prompt -v --accelerate --nographics -x console=ttyS0,115200 \
 --name template-lucid --vcpus=4 --ram $((1*1024)) \
 --os-type=linux --os-variant=ubuntujaunty --network bridge:br0 \
 --disk path=/srv/vm/template-lucid.qcow2,bus=virtio,sparse=true,size=10 \

ip adresse:

We install with the minimun of needed package setup:

  • ubuntu basic server -> since we use ubuntu server, we want ubuntu basic
  • openssh server -> for remote access

After installation:

virsh start --console template-lucid

Configuration (serial console part)

Open the console (virsh console template-karmic) with your installation username and password, then:

sudo -i

aptitude install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo
aptitude purge memtest86+
update-alternatives --set editor /usr/bin/vim.basic

<- template-lucid changes

  • Remove restricted repositories from /etc/apt/sources.list (fsf asks us to avoid using non-free software).
  • Disable PasswordAuthentication in /etc/ssh/sshd_config
vim /etc/etckeeper/etckeeper.conf # comment out bzr, enable git
etckeeper init
etckeeper commit "Initial commit"
echo >>/etc/aliases "root:"
cd /etc/profile.d
ln -s /usr/share/doc/devtodo/examples/

Append to /etc/network/interfaces, then restart network:

auto tun6to4
iface tun6to4 inet6 v4tunnel
   # printf "2002:%02x%02x:%02x%02x::1\n" `echo $IPV4ADDR | tr . ' '`
   address 2002:8cba:466c::1
   netmask 16
   gateway ::
   endpoint any

Add these to /etc/sudoers:

#bernie: forward agent
Defaults    env_keep += "SSH_AUTH_SOCK"

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)

Log in with "ssh -A" to copy files from sunjammer

rsync -aP /usr/src/devtools/
ln -sf /usr/src/devtools/sysadm/ /etc/skel/.bashrc
ln -sf /usr/src/devtools/sysadm/ /root/.bashrc
ln -sf /usr/src/devtools/sysadm/ /etc/profile.d/
ln -sf /usr/src/devtools/conf/vimrc /etc/vim/vimrc.local

vim /etc/bash.bashrc # enable bash_completion, kill code messing with PS1
vim /etc/profile # set umask 002, kill code messing with PS1

Create initial admin users:

passwd # set a password for root, to be used to log in from the console only

adduser  bernie
adduser  dogi
adduser  dfarning
addgroup bernie   sudo
addgroup dogi     sudo
addgroup dfarning sudo
mkdir /root/.ssh /home/bernie/.ssh /home/dogi/.ssh /home/dfarning/.ssh
cat >/home/bernie/.ssh/authorized_keys
cat >/home/dogi/.ssh/authorized_keys
cat >/home/dfarning/.ssh/authorized_keys
cat >/root/.ssh/authorized_keys
chown -R bernie:bernie     /home/bernie/.ssh
chown -R dogi:dogi         /home/dogi/.ssh
chown -R dfarning:dfarning /home/dfarning/.ssh

Insert into /etc/munin/munin.node :

allow ^140\.186\.70\.53$      #
allow ^10\.3\.3\.1$           # trinity.trilan
allow ^2001:4830:1100:48::2$  # (IPv6)
cd /etc/munin/plugins
rm if_err_eth0 entropy

Create /etc/system-full-backup.conf :

#bernie: This file MUST have permissions 600
echo "Please configure /etc/system-full-backup.conf and run"
echo "  ssh-copy-id -i /root/.ssh/"
echo "then, comment out these lines to enable backups"
exit 1


Create /etc/zzz_profile.conf :


Edit /etc/default/grub to set the following:

GRUB_SERIAL_COMMAND="serial --unit= --speed=115200 --stop=1"
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 "

See also