Machine/template-squeeze

From Sugar Labs
Jump to: navigation, search

Introduction

This recipe to create a debian squeeze template for KVM requires:

  • a DOM (= Machine/dextra)
  • a Homecomputer/Workstation
  • DHCP with DynamicDNS support
  • already configured "virt-manager"

and follows the prinziple to use the minimun amount of tools ... a console and virt-manager

Preparation on DOM

 ssh root@dextra 'wget http://cdimage.debian.org/debian-cd/6.0.2.1/amd64/iso-cd/debian-6.0.2.1-amd64-netinst.iso -O /var/lib/libvirt/images/debian-6.0.2.1-amd64-netinst.iso'
 ssh root@dextra 'qemu-img create -f qcow2 /var/lib/libvirt/images/template-squeeze.qcow2 20G'

Create template

 virt-manager &

connect to DOM and create new VM (=template-squeeze) select iso, qcow2 and br0 install debian with "standard tools" and "ssh-server" switch console before rebooting with Send Keys "CRTL + ALT + F2" and enter

 echo "send host-name squeeze;" >> /target/etc/dhcp/dhclient.conf

switch back with "CRTL + ALT + F1" and reboot

open missing ttyT0 for virsh console squeeze on dextra

 ssh root@squeeze 'sed -i "s/^#T0/T0/" /etc/inittab'

ssh & sshd

FIXME add "Host squeeze ..." to .ssh/config

 ssh-copy-id squeeze
 ssh-copy-id root@squeeze
 ssh root@squeeze 'sed -i "s/#PasswordAuthentication\ yes/PasswordAuthentication\ no/" /etc/ssh/sshd_config'
 ssh root@squeeze 'service ssh restart'
 ssh root@squeeze 'sed -i "1 c\root::15184:0:99999:7:::" /etc/shadow'
 ssh root@squeeze 'reboot'

test if "virsh console template-squeeze" from DOM (root & empty pwd) works

sudo

 ssh root@squeeze 'aptitude install sudo'
 ssh root@squeeze 'adduser nemo sudo'
 ssh root@squeeze 'sed -i "s/)\ ALL/)\ NOPASSWD: ALL/" /etc/sudoers'

vim & screen

 ssh root@squeeze 'aptitude install vim screen'
 ssh root@squeeze 'update-alternatives --set editor /usr/bin/vim.basic'

FIXME add .vimrc to /etc/skel

etckeeper

 ssh root@squeeze 'aptitude install etckeeper git-core'
 ssh root@squeeze 'etckeeper init'
 ssh root@squeeze 'etckeeper commit "Initial commit"'

postfix

 ssh root@squeeze 'aptitude install postfix'
 ssh root@squeeze 'aptitude purge exim4'

select "Internet Site" for postfix

 ssh root@squeeze 'sed -i "$ c\root: stefan@unterhauser.name" /etc/aliases; newaliases'
 ssh root@squeeze 'sed -i "s/squeeze.media/squeeze.treehouse.su\ squeeze.media/" /etc/hosts'
 ssh root@squeeze 'sed -i "s/^myhostname\ =\ squeeze.media.mit.edu/myhostname\ =\ squeeze.treehouse.su/" /etc/postfix/main.cf'
 ssh root@squeeze 'sed -i "s/localhost.media.mit.edu/squeeze/" /etc/postfix/main.cf'

shell

 ssh root@squeeze 'aptitude install bash-completion strace'

FIXME modify /etc/skel/.bashrc FIXME add /etc/skel/.zzz_profile

devtodo

 ssh root@squeeze 'aptitude install devtodo'
 ssh root@squeeze 'ln -s /usr/share/doc/devtodo/examples/scripts.sh /etc/profile.d/devtodo.sh'
 ssh root@squeeze 'cd /etc/skel; tda -p 1 "Welcome to #treehouse"'
 ssh root@squeeze 'cd /etc/skel; tda -p 2 "xo dogi"'
 ssh root@squeeze 'cd /etc/skel; tda -p 3 "PS: man devtodo"'

addmin

(= add admin) :P

 ssh root@squeeze 'cd /etc/skel/; mkdir -m 700 .ssh; touch .ssh/authorized_keys; chmod -R go-r .ssh' 
 ssh root@squeeze 'echo "EXTRA_GROUPS=\"sudo\"" >> /etc/adduser.conf'

user "dogi" name "Stefan Unterhauser" other "stefan@unterhauser.name"

 ssh root@squeeze 'adduser --disabled-password --add_extra_groups dogi'
 ssh root@squeeze 'echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArMkyotKz1J5+Kux3ToBNe+X3Qm+6WzTXflEEeOWdmxDZ5f5le7Ujes81ybRnavWSNR2TGr1evigE7vGsxHm2aEeR0YICWR24lPcJ2FUROmEdwn2OjDzh1YcKJDNvlMzXt1x0dNeEkSisHpk6p5RJ7OfCtyD/OjKhGyajbxS/n3RDSMgND46M7AiiaaIzlut3D09Gyhd93t16NTyR9Ej1RRRk8z9of3qLwhC1AqVJpSkuWn9+q111AfljsVZCHHDLw0+j7NIntk5x+yzrl2QQECNEaPpm1Pt4gmLG2nnrNjPAtrjWIfyWfhdSbgk/QscAE2XpCYoSFBW9d8bdIVMfSw== stefan@unterhauser.name" >> /home/dogi/.ssh/authorized_keys'

duplicity

 ssh root@squeeze 'aptitude install duplicity'
 ssh root@squeeze 'touch /etc/system-full-backup.conf; chmod 600 /etc/system-full-backup.conf'
 ssh root@squeeze 'echo "echo \"Please configure /etc/system-full-backup.conf and run\"" >> /etc/system-full-backup.conf'
 ssh root@squeeze 'echo "echo \"ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.treehouse.su\"" >> /etc/system-full-backup.conf'
 ssh root@squeeze 'echo "echo \"then, comment out these lines to enable backups\"" >>/etc/system-full-backup.conf'
 ssh root@squeeze 'echo "exit 1" >>/etc/system-full-backup.conf'
 ssh root@squeeze 'echo " " >>/etc/system-full-backup.conf'
 ssh root@squeeze 'echo "PASSPHRASE=ChangeMe" >>/etc/system-full-backup.conf'
 ssh root@squeeze 'echo "TARGET=\"scp://sugarbackup@backup.treehouse.su/backup/\`hostname\`\"" >>/etc/system-full-backup.conf'

munin

 ssh root@squeeze 'aptitude install munin-node munin-plugins-extra'
 ssh root@squeeze 'echo "allow ^140\.186\.70\.53$ #sunjammer.sugarlabs.org" >> /etc/munin/munin-node.conf'
 ssh root@squeeze 'echo "allow ^140\.186\.70\.128$ #monitoring.treehouse.su" >> /etc/munin/munin-node.conf'
 ssh root@squeeze 'echo "allow ^18\.85\.44\.172$ #munin.treehouse.su" >> /etc/munin/munin-node.conf'
 ssh root@squeeze 'echo "allow ^2001:4830:1100:48::2$ #sunjammer.sugarlabs.org (IPv6)" >> /etc/munin/munin-node.conf'
 ssh root@squeeze 'rm /etc/munin/plugins/entropy'
 ssh root@munin 'echo "[VMs;squeeze.treehouse.su]" > /etc/munin/munin-conf.d/squeeze'
 ssh root@munin 'echo "  address squeeze.treehouse.su" >> /etc/munin/munin-conf.d/squeeze'
 ssh root@munin 'echo "  use_node_name yes" >> /etc/munin/munin-conf.d/squeeze'