Machine/template-fedora13

From Sugar Labs
< Machine
Revision as of 12:10, 27 July 2010 by Bernie (talk | contribs)
Jump to navigation Jump to search

Guest installation

qemu-img create -f qcow2 /srv/vm/template-fedora13.qcow2 10G
virt-install -v --accelerate --nographics -x console=ttyS0,115200 \
   --name template-fedora13 --vcpus=4 --ram $((1*1024)) \
   --os-type=linux --os-variant=fedora13 \
   --network bridge:br0 \
   --disk /srv/vm/template-fedora13.qcow2 \
   --location http://download.fedora.redhat.com/pub/fedora/linux/releases/13/Fedora/x86_64/os/
  • In Anaconda, select graphical installation over vnc
  • Layout the disk with a single primary partition for root
  • In package selection, choose "minimal system"

Initial configuration

At the end of installation, boot with: 

virsh start --console template-fedora13
  • Set ssh keys of Sugar Labs sysadmins:
mkdir ~/.ssh
cat >>~/.ssh/authorized_keys
paste keys
  • Configure the SSH daemon:
vi /etc/ssh/sshd_config
  PermitRootLogin yes
  PermitEmptyPasswords no
  PasswordAuthentication no
service sshd restart
setsebool -P ssh_sysadm_login on
  • Put selinux in permissive mode (while we patiently wait for the day in which selinux in Fedora will become sort of usable out of the box without major tweaks):
vi /etc/sysconfig/selinux
  • Remove root password (this lets us login from the console with no password):
vipw -s
  • Enable traditional networking (no NetworkManager nonsense):
chkconfig network on
start network
  • Optimize creation of new users
mkdir /etc/skel/.ssh
cat >/etc/skel/.ssh.authorized_keys <<__EOF__
# Place your ssh public keys here, one per line
__EOF__
chmod g-w -R /etc/skel/.ssh


  • Create sysadmin accounts:
useradd -c "Bernie Innocenti" -m bernie
cat >>/home/bernie/.ssh/authorized_keys
chown -R bernie:bernie /home/bernie/.ssh
...
  • Add users to wheel group (no better way in Fedora?):
vigr
  • Edit sudoers with visudo:
    • Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL"
    • Add these lines
#bernie: forward agent
Defaults env_keep += "SSH_AUTH_SOCK"


  • Switch from serial console to ssh
ssh root@template-fedora13.sugarlabs.org
  • Install a bunch of useful rpms:
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man
  • insert into /etc/munin/munin-node.conf
#SMParrish
allow ^140\.186\.70\.53$      # sunjammer.sugarlabs.org
allow ^10\.3\.3\.1$           # trinity.trilan
allow ^2001:4830:1100:48::2$  # sunjammer.sugarlabs.org (IPv6)

cd /etc/munin/plugins
rm if_err_eth0 entropy
  • turn on munin-node
chkconfig munin-node on
service munin-node start
  • generate key for root
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa
  • create /etc/system-full-backup.conf
#bernie: This file MUST have permissions 600
echo "Please configure /etc/system-full-backup.conf and run"
echo "  ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org"
echo "then, comment out these lines to enable backups"
exit 1

PASSPHRASE=ChangeMe
TARGET="scp://sugarbackup@backup.sugarlabs.org/backup/`hostname`"
  • Install /root/.ssh/id_rsa.pub key on sugarbackup@backup.sugarlabs.org
ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org
  • log in for the first time on backup server to accept ssh fingerprint
ssh sugarbackup@backup.sugarlabs.org
  • create /etc/profile.conf
#SMParrish
HOST_COLOR='\033[1;33m'
HOST_CFLAGS='-march=core2'
HOST_CORES=2
  • Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring.
 [VM Name]
        address vmname.sugarlabs.org
Retrieved from "https://wiki.sugarlabs.org/index.php?title=Machine/template-fedora13&oldid=54865"