Machine/template-maverick

NOTE: Ubuntu Maverick is no longer receiving security updates and shouldn't be used

Guest installation

 qemu-img create -f qcow2 /srv/vm/template-maverick.qcow2 10G 
 virt-install -v --accelerate --nographics -x console=ttyS0,115200 \
 --name template-maverick2 --vcpus=4 --ram $((1*1024)) \
 --os-type=linux --os-variant=ubuntulucid \
 --network bridge:br0 --disk /srv/vm/template-maverick.qcow2 \
 --location http://ubuntu.media.mit.edu/ubuntu/dists/maverick/main/installer-amd64/current

this didn't work ... or I was able to install the system, but not boot from it with graphical output so that I was able to find out which IP-Address I got ...

NOTE: you should remove '/current' from the --location url bernie 13:27, 19 February 2012 (EST)

I could have set this address which is a way to enter the system, sniffing the network an other. I followed an complete different path, which was to use virt-manager. How to setup virt-manager with our Cloud (Machines: treehouse and housetree is disclosed for security reasons.

alt Picture of virt-manager connected to housetree

The other install ingredient was ubuntu maverick server install cd. Under the consideration that this files have to be located in "/var/lib/libvirt/images/", the best way to approx this to start on housetree with:

 sudo -s
 cd /var/lib/libvirt/images/
 wget http://ubuntu.media.mit.edu/ubuntu-releases/maverick/ubuntu-10.10-server-amd64.iso
 qemu-img create -f qcow2 template-maverick.qcow2

Now you can press the "Create a new virtual machine" button in virt-manager to start the installation.

This gives us a virtual machine which is reachable over VNC, but for being to do this on the terminal-level with the command "virsh console template-maverick" we need to fix this template. On housetree as root:

 virsh destroy template-maverick
 vim /etc/libvirt/qemu/template-maverick.xml

add

 <serial type='pty'>
   <target port='0'/>
 </serial>
 <console type='pty'>
   <target port='0'/>
 </console>

and then

 virsh define /etc/libvirt/qemu/template-maverick.xml
 virsh start template-maverick

In the VNCterminal of template-maverick:

 sudo -s
 cd /etc/init
 cp tty1.conf ttyS0.conf
 vim ttyS0.conf

and change it to

 # ttyS0 - getty
 #
 # This service maintains a getty on tty1 from the point the system is
 # started until it is shut down again.
 
 start on stopped rc RUNLEVEL=[2345]
 stop on runlevel [!2345]
 
 respawn
 exec /sbin/getty -8 38400 ttyS0 vt102

and start this serial tty with:

 start ttyS0

which will allow the console login from housetree:

 virsh console housetree
 sudo -s
 vim /etc/network/interfaces
 vim /etc/resolve.conf
 aptitude install linux-image-virtual

Initial configuration

On the guest-template:

sudo -i
aptitude install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo
aptitude purge memtest86+
update-alternatives --set editor /usr/bin/vim.basic

• Remove restricted repositories from /etc/apt/sources.list (fsf asks us to avoid using non-free software).
• Disable PasswordAuthentication in /etc/ssh/sshd_config

vim /etc/etckeeper/etckeeper.conf # comment out bzr, enable git
etckeeper init
etckeeper commit "Initial commit"
echo >>/etc/aliases "root: systems-logs@lists.sugarlabs.org"
newaliases

In case of error consider (dpkg-reconfigure postfix)

cd /etc/profile.d
ln -s /usr/share/doc/devtodo/examples/scripts.sh devtodo.sh

We use 6to4 to reach the closest IPv6 anycast relay. Append the following to /etc/network/interfaces, then restart network:

auto tun6to4
iface tun6to4 inet6 v4tunnel
   # printf "2002:%02x%02x:%02x%02x::1\n" `echo $IPV4ADDR | tr . ' '`
   address 2002:8cba:466c::1
   netmask 16
   gateway ::192.88.99.1
   local 140.186.70.108
   endpoint any

Add these to /etc/sudoers:

#bernie: forward agent
Defaults    env_keep += "SSH_AUTH_SOCK"
 
# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL

Log in with "ssh -A template-jaunty.sugarlabs.org" to copy files from sunjammer

rsync -aP bernie@sunjammer.sugarlabs.org:/usr/src/devtools/ /usr/src/devtools/
ln -sf /usr/src/devtools/sysadm/bashrc.sh /etc/skel/.bashrc
ln -sf /usr/src/devtools/sysadm/bashrc.sh /root/.bashrc
ln -sf /usr/src/devtools/sysadm/zzz_profile.sh /etc/profile.d/zzz_profile.sh
ln -sf /usr/src/devtools/conf/vimrc /etc/vim/vimrc.local
 
vim /etc/bash.bashrc # enable bash_completion, kill code messing with PS1
vim /etc/profile # set umask 002, kill code messing with PS1

• Set a blank password for root, to be used to log in from the console only

• Create initial admin users:

adduser  bernie
adduser  dogi
adduser  dfarning
addgroup bernie   sudo
addgroup dogi     sudo
addgroup dfarning sudo
mkdir /root/.ssh /home/bernie/.ssh /home/dogi/.ssh /home/dfarning/.ssh
cat >/home/bernie/.ssh/authorized_keys
XXX
cat >/home/dogi/.ssh/authorized_keys
YYYY
cat >/home/dfarning/.ssh/authorized_keys
ZZZ
cat >/root/.ssh/authorized_keys
XYZ
chown -R bernie:bernie     /home/bernie/.ssh
chown -R dogi:dogi         /home/dogi/.ssh
chown -R dfarning:dfarning /home/dfarning/.ssh

Insert into /etc/munin/munin.node :

#bernie
allow ^140\.186\.70\.53$      # sunjammer.sugarlabs.org
allow ^10\.3\.3\.1$           # trinity.trilan
allow ^2001:4830:1100:48::2$  # sunjammer.sugarlabs.org (IPv6)

cd /etc/munin/plugins
rm if_err_eth0 entropy

Create /etc/system-full-backup.conf :

#bernie: This file MUST have permissions 600
echo "Please configure /etc/system-full-backup.conf and run"
echo "  ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org"
echo "then, comment out these lines to enable backups"
exit 1

PASSPHRASE=ChangeMe
TARGET="scp://sugarbackup@backup.sugarlabs.org/backup/`hostname`"

Create /etc/zzz_profile.conf :

#bernie
HOST_COLOR='\033[1;40;37m'
HOST_CFLAGS='-march=native'
HOST_CORES=4

Edit /etc/default/grub to set the following:

GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --unit= --speed=115200 --stop=1"
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 "