Machine/template-precise

From Sugar Labs
Jump to: navigation, search

VM Creation (host part)

virt-install --prompt -v --accelerate --nographics -x console=ttyS0,115200 \
 --name template-precise --vcpus=3 --ram $((1*1024)) \
 --os-type=linux --os-variant=ubuntuprecise --network bridge:br0 \
 --disk path=/var/lib/libvirt/images/template-precise-boot.img,bus=virtio,size=0.25 \
 --disk path=/dev/VG/template-precise-root,bus=virtio,size=10 \
 --location http://ubuntu.media.mit.edu/ubuntu/dists/precise/main/installer-amd64/

The new VM will boot into the installer. Answer all questions with the defaults, except:

  1. Hostname: template-precise
  2. Mirror: enter information manually
  3. Mirror hostname: ubuntu.media.mit.edu
  4. (create your user with a strong password and no encrypted home)
  5. Partitioning: manual (see Partitioning below)
  6. Automatically install security updates
  7. Software selection:
  • Basic Ubuntu Server
  • OpenSSH server
  1. GRUB: let the installer setup grub on /dev/vba (which contains /boot)

Partitioning

The goal is to have a small disk file for the MBR and /boot, and a larger raw filesystem in an LVM Logical Volume. We don't want the LV to be partitioned because this makes it harder to resize, mount, etc.

Now create a partition table in the smallest disk (256MB) and create a single partition in it. Format this partition as ext4, labeled "boot" and mounted as /boot.

The installer won't let you format the entire disk as a filesystem, so go ahead and partition the 10GB disk too, then create a primary partition in it and format it as ext4, mounted as / and labeled "template-precise" ("template-precise-root" would exceed the ext4 limit).

We'll have to fix the disk later.

Switch the root filesystem to an LV

When the machine is offline, go to the host to recreate the root filesystem directly as an LV (as opposed to a partitioned volume)

Use fdisk to check at what offset the first partition starts (usually 2048):

fdisk -l  /dev/justice/template-precise-root

Use the loopback device to mount the partition inside the LV:

mkdir /mnt/template-precise-root
mount /dev/justice/template-precise-root -o loop,offset=$((63 * 512)) /mnt/template-precise-root

Now create and format a new LV:

 lvcreate -L 10G -n template-precise-root2 VG
 mkfs.ext4 -L template-precise -O flex_bg,extent,uninit_bg,sparse_super /dev/justice/template-precise-root2
 tune2fs -c -1 -i 0 /dev/justice/template-precise-root2
 mkdir /mnt/template-precise-root2
 mount /dev/justice/template-precise-root2 /mnt/template-precise-root2

Move the files over:

 rsync -HAXphax --numeric-ids /mnt/template-precise-root/ /mnt/template-precise-root2/

VERY IMPORTANT! Dismount the filesystems before starting your VM:

 umount /mnt/template-precise-root /mnt/template-precise-root2

Get rid of the old root and rename the new one on top of it

 lvremove /dev/justice/template-precise-root
 lvrename justice template-precise-root2 template-precise-root


Configuration (serial console part)

After the installation, the machine will boot automatically and you'll be dropped into the serial console. You can return to the console at any time by doing:

virsh console template-precise

Login with your installation username and password, then become root:

sudo -i
  • Adjust /etc/fstab to mount the filesystems from "LABEL=boot" and "LABEL=template-precise". This makes it a bit easier to

move the VM in the future.

  • Adjust /etc/default/grub:
    • Set `GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200"` (and remove the obnoxious "quiet splash")
    • Uncomment GRUB_DISABLE_LINUX_UUID
  • Update grub: `update-grub`
  • Get rid of the restricted repositories from /etc/apt/sources.list (virtual machines don't need any non-free drivers anyway).
  • Add a few useful packages and remove useless ones:
apt-get install git-core
apt-get install etckeeper bash-completion strace munin-node postfix vim
apt-get purge memtest86+ landscape-common

When prompted on how to configure postfix, say "Internet site". Afterwards, edit `/etc/postfix/main.cs` by hand and set `inet_interfaces = loopback-only` and restart postfix.

  • Monitor mail for root:
echo >>/etc/aliases "root: systems-logs@lists.sugarlabs.org"
newliases
  • Switch to the virtual kernel:
apt-get install linux-image-virtual linux-virtual
apt-get purge linux-image-generic linux-generic linux-headers-generic
apt-get autoremove
update-grub
  • Setup etckeeper:
vim /etc/etckeeper/etckeeper.conf # comment out bzr, enable git
etckeeper init
etckeeper commit "Initial commit"
cd /etc && git gc

Network interface setup

We use 6to4 to reach the closest IPv6 anycast relay. Append the following to /etc/network/interfaces:

auto eth0
iface eth0 inet static

address 18.85.44.67 netmask 255.255.255.0 gateway 18.85.44.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 18.71.0.151 18.70.0.160 18.72.0.3 dns-search sugarlabs.org

auto tun6to4
iface tun6to4 inet6 v4tunnel

# printf "2002:%02x%02x:%02x%02x::1\n" `echo $IPV4ADDR | tr . ' '` address 2002:1255:2c43::1 netmask 16 gateway ::192.88.99.1 endpoint any local 18.85.44.67

Add these to /etc/sudoers:

#bernie: forward ssh-agent
Defaults    env_keep+="SSH_AUTH_SOCK"
#bernie: 
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
  • Install your ssh keys to /root/.ssh/authorized_keys and to your user account. Also install the wizbackup keys for Service/backup.

Additional configuration (ssh part)

Log in with "ssh -A template-precise.sugarlabs.org" to forward your ssh-agent and copy files from sunjammer

rsync -aP bernie@sunjammer.sugarlabs.org:/usr/src/devtools/ /usr/src/devtools/
ln -sf /usr/src/devtools/sysadm/bashrc.sh /etc/skel/.bashrc
ln -sf /usr/src/devtools/sysadm/bashrc.sh /root/.bashrc
ln -sf /usr/src/devtools/sysadm/zzz_profile.sh /etc/profile.d/zzz_profile.sh
ln -sf /usr/src/devtools/conf/vimrc /etc/vim/vimrc.local
vim /etc/bash.bashrc # comment out code messing with PS1
vim /etc/login.defs # set umask 002
  • Create /etc/zzz_profile.conf:
HOST_COLOR='\033[1;40;37m'
  • Disable PasswordAuthentication in /etc/ssh/sshd_config, then restart ssh
  • Set a blank password for root, to be used to log in from the console only
  • You can copy users from sunjammer and install their ssh keys in one command:
 sunjammer# remote-useradd host user
  • Insert into /etc/munin/munin.node:
#bernie
allow ^208\.118\.235\.53$     # sunjammer.sugarlabs.org
allow ^2001:4830:134:7::11$   # sunjammer.sugarlabs.org (IPv6)
  • Add/remove munin plugins
cd /etc/munin/plugins
rm df_inode entropy forks fw_packets http_loadtime  if_err_eth0 open_files open_inodes threads uptime processes proc_pri postfix_mailqueue postfix_mailvolume swap