From 62b1ed3cfdbde6e1fe4355150f0710816aea0e4e Mon Sep 17 00:00:00 2001 From: Adrian Date: Mon, 14 Dec 2015 03:13:59 +0100 Subject: [PATCH 1/2] Various cleanups and clarifications --- conf/extlinux.conf | 4 ++-- conf/nginx/README.md | 2 +- conf/nginx/nginx.conf | 5 ++++- doc/Chroot.md | 11 +++++++---- doc/Copy-VM-to-ESX.md | 10 ++++++---- doc/Install-a-Server.md | 21 ++++++++++----------- doc/Push-to-Deploy.md | 10 ++++++---- 7 files changed, 36 insertions(+), 27 deletions(-) diff --git a/conf/extlinux.conf b/conf/extlinux.conf index 2a726e1..727afc5 100644 --- a/conf/extlinux.conf +++ b/conf/extlinux.conf @@ -3,6 +3,6 @@ prompt 1 timeout 1 label linux - menu label Debian Testing + menu label Debian linux /vmlinuz - append initrd=/initrd.img init=/bin/systemd ro quiet vga=0x314 root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + append initrd=/initrd.img ro quiet vga=0x314 root=LABEL=System diff --git a/conf/nginx/README.md b/conf/nginx/README.md index 713c9a8..bcd2bbc 100644 --- a/conf/nginx/README.md +++ b/conf/nginx/README.md @@ -5,7 +5,7 @@ These are carefully crafted Nginx config files. Do not forget the following: - sudo chown -R wwwrun.www /var/lib/nginx + sudo chown -R wwwrun.www /var/lib/nginx # if on openSUSE cd /etc/nginx/sites-conf sudo ln -s example.ssl default.ssl diff --git a/conf/nginx/nginx.conf b/conf/nginx/nginx.conf index 92ad95f..3bcb0d5 100644 --- a/conf/nginx/nginx.conf +++ b/conf/nginx/nginx.conf @@ -1,4 +1,7 @@ -user wwwrun www; +user www-data; +# Or, if on openSUSE: +# user wwwrun www; + worker_processes auto; pid /run/nginx.pid; diff --git a/doc/Chroot.md b/doc/Chroot.md index 2d58b1c..634f449 100644 --- a/doc/Chroot.md +++ b/doc/Chroot.md @@ -2,11 +2,11 @@ A `chroot` environment can be used to modify a system installed to a different location. -Combined with `aufs`, the technique can be used, for example, to modify an ISO live image. +Combined with `aufs`, the technique can be used, for example, to modify a mounted ISO image. ## Setup - MNT=/tmp/mnt/rootfs + MNT=/mnt mount -o bind /dev $MNT/dev mount -o bind /dev/pts $MNT/dev/pts mount -t proc none $MNT/proc @@ -15,6 +15,8 @@ Combined with `aufs`, the technique can be used, for example, to modify an ISO l cp /etc/resolv.conf $MNT/etc/resolv.conf chroot $MNT +`$MNT/etc/mtab` should be edited manually to correctly point to the root file system. + Umount the chroot environment: umount $MNT/{sys,proc,dev/pts,dev} @@ -23,6 +25,7 @@ Umount the chroot environment: ## AUFS Overlay -Mount a writeable version of `/tmp/mnt/rootfs` to `/tmp/mnt/rootrw` +Mount a writeable version of `/tmp/mnt/root` to `/tmp/mnt/rootrw` - mount -t aufs -o br:/tmp/mnt/aufs:/tmp/mnt/rootfs none /tmp/mnt/rootrw + mkdir -p /tmp/mnt/{root,rootrw,aufs} + mount -t aufs -o br:/tmp/mnt/aufs:/tmp/mnt/root none /tmp/mnt/rootrw diff --git a/doc/Copy-VM-to-ESX.md b/doc/Copy-VM-to-ESX.md index 61d9bf0..1fe88c2 100644 --- a/doc/Copy-VM-to-ESX.md +++ b/doc/Copy-VM-to-ESX.md @@ -2,21 +2,23 @@ Prepare Image ============= * Use the **VMDK format** - +* Use SCSI adapter type in VM, or: * Add **mptspi** (SCSI driver) to the initrd * openSUSE: Edit `/etc/dracut.conf` - Change the line `#add_drivers+=""` to `add_drivers+="mptspi"` - Then execute `dracut -f` + 1. Change the line `#add_drivers+=""` to `add_drivers+="mptspi"` + 2. Execute `dracut -f` * openSUSE < 13.2: 1. Edit `/etc/sysconfig/kernel` 2. Add it to `INITRD_MODULES` 3. Update initrd: `mkinitrd` + * Debian + 1. Edit `/etc/initramfs-tools/modules` + 2. Execute `update-initramfs -u` Copy VM to ESX ============== 1. Create a new VM using the vSphere Client - * Create a disk image, but it will not be used afterwards. 2. Upload the VMDK disk image files diff --git a/doc/Install-a-Server.md b/doc/Install-a-Server.md index 2f3cbf4..f80ac4b 100644 --- a/doc/Install-a-Server.md +++ b/doc/Install-a-Server.md @@ -50,9 +50,9 @@ Security * Disable root account (put an asterisk `*` as password) * Create SSH user: - * /etc/passwd: `sshuser:x:999:65534::/run:/bin/bash` - * /etc/shadow: `sshuser:*:16436:0:99999::::` - * Change its password: `$ sudo passwd sshuser` + * `echo "sshuser:x:999:65534::/run:/bin/bash" >> /etc/passwd` + * `echo "sshuser:*:16436:0:99999::::" >> /etc/shadow` + * Change the password: `sudo passwd sshuser` * Edit SSH config `/etc/ssh/sshd_config`: Port xxx @@ -119,19 +119,18 @@ Debian `/etc/cron.*` times: AWstats ======= - mkdir /usr/local/awstats; cd /usr/local/awstats - git init - git remote add origin git://git.code.sf.net/p/awstats/code - git fetch --depth=1 origin tag AWSTATS_7_3 - git checkout AWSTATS_7_3 - - mkdir /usr/local/share/cgi-bin - ln -s /usr/local/awstats/wwwroot /usr/local/share/cgi-bin/awstats + mkdir /usr/local/awstats && cd /usr/local/awstats && git init + git remote add origin https://github.com/eldy/awstats.git + git fetch --depth=1 origin tag AWSTATS_7_4 + git checkout AWSTATS_7_4 Check version tags: git ls-remote +To use it with [AWstats](../conf/nginx/sites-available/example), +set: `DirIcons="/awstatsicons"` + Free Space ========== diff --git a/doc/Push-to-Deploy.md b/doc/Push-to-Deploy.md index 096b5c2..684ad30 100644 --- a/doc/Push-to-Deploy.md +++ b/doc/Push-to-Deploy.md @@ -37,8 +37,7 @@ The safe update script which is listed below. ## Universal Safe Update -The script is located in [scripts/git-safe-update.sh](../scripts/git-safe-update.sh). -Copy the file to `/path/to/safe-update` and make it executable. +Copy the file [git-safe-update.sh](../scripts/git-safe-update.sh) and make it executable. It can be used to update any repository. It takes two arguments: @@ -63,7 +62,7 @@ It executes `safe-update` only when the master branch is updated. read oldid newid ref if [ "$ref" = "refs/heads/master" ]; then - sudo /path/to/safe-update /path/to/deploy-target wwwrun.www + sudo /path/to/safe-update /path/to/deploy-target www-data.www-data fi ``` @@ -75,8 +74,11 @@ a `file:` URL as the remote. The *master* branch is assumed to be a deployable version. Hence, use the following command to add the remote: + cd /path/to/deploy-target + git init git remote add -t master origin file:///path/to/main.git - git branch -u origin/master + git fetch --depth=1 + git checkout master ## Sudo Configuration From af7fee31a60d62a7b79ae0aea64e4a563613111f Mon Sep 17 00:00:00 2001 From: Adrian Date: Tue, 15 Dec 2015 14:13:13 +0100 Subject: [PATCH 2/2] Update Debootstrap Guide --- doc/Debootstrap.md | 87 ++++++++++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 30 deletions(-) diff --git a/doc/Debootstrap.md b/doc/Debootstrap.md index 6b648c1..44698db 100644 --- a/doc/Debootstrap.md +++ b/doc/Debootstrap.md @@ -6,6 +6,8 @@ a basic copy of a Debian derivative into a folder. This guide explains how to install a full Kubuntu system with debootstrap. However, any Ubuntu flavour can be installed this way. +This guide uses Bashisms. + # Procedure ## Basic Minimal Installation @@ -17,8 +19,13 @@ The subsequent commands are all executed inside a ## Basic Configuration +### Mark packages + + apt-mark showmanual | xargs apt-mark auto + ### Set language + apt-get install locales locale-gen en_US.UTF-8 update-locale LANG=en_US.UTF-8 @@ -28,23 +35,37 @@ The subsequent commands are all executed inside a ### Basic configuration -Do not forget to edit `fstab`, `hostname`, and `hosts` in /etc. + echo > /etc/fstab + echo "LABEL=System / ext4 errors=remount-ro,noatime 0 1" >> /etc/fstab -An example fstab might look like: + echo > /etc/hosts + echo "127.0.0.1 localhost" >> /etc/hosts + echo "127.0.0.1 your-host" >> /etc/hosts + echo "::1 ip6-localhost ip6-loopback" >> /etc/hosts + echo "your-host" > /etc/hostname - LABEL=System / ext4 errors=remount-ro,noatime,discard 0 1 + echo > /etc/network/interfaces.d/eth0 + echo auto eth0 >> /etc/network/interfaces.d/eth0 + echo iface eth0 inet dhcp >> /etc/network/interfaces.d/eth0 -Note: `discard` is useful for SSD disks. +Note: The option `discard` can be added in `/etc/fstab` for SSD disks. -### Optionally, configure keyboard +### Configure keyboard (optional) dpkg-reconfigure keyboard-configuration -### Optionally, configure APT +### Configure APT (optional) - # /etc/apt/apt.conf.d/99recommends - APT::AutoRemove::RecommendsImportant - APT::Install-Recommends + echo 'APT::AutoRemove::RecommendsImportant "true";' >> /etc/apt/apt.conf.d/99no-recommends + echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf.d/99no-recommends + echo 'APT::Get::Purge "true";' >> /etc/apt/apt.conf.d/99always-purge + +### ACPI support (optional) + + apt-get install acpi-support-base + systemctl enable acpid + +Note: This enables ACPI shutdown as commonly used in VMs. ## Ubuntu Installation @@ -52,9 +73,8 @@ Note: `discard` is useful for SSD disks. apt-get install ubuntu-minimal -ubuntu-minimal contains useful packages +`ubuntu-minimal` contains useful packages which would have to be installed manually in Debian. - These include: `cron logrotate nano netbase net-tools isc-dhcp-client sudo rsyslog` ### Add a regular user @@ -70,14 +90,24 @@ In Ubuntu, the default secondary user groups are: To install a bootable system, the kernel and a bootloader have to be installed. + apt-get install linux-generic + The following command installs Grub for EFI with Secure Boot enabled: - apt-get install linux-generic grub-efi-amd64-signed shim-signed + apt-get install grub-efi-amd64-signed shim-signed -For BIOS, `grub-pc` has to be installed. +For BIOS: -Alternatively, extlinux can be installed instead of grub. -That section has yet to be written though... + apt-get install grub-pc + +Alternatively, extlinux can be installed: + + apt-get install extlinux + mkdir /boot/extlinux + extlinux -i /boot/extlinux + cat /usr/lib/EXTLINUX/mbr.bin > /dev/sda + +Copy [extlinux.conf](../conf/extlinux.conf) to `/boot/extlinux`. ### Install desktop system @@ -89,18 +119,18 @@ It is a good time to add some repositories. All Ubuntu repositories are enabled using the following configuration: - # /etc/apt/sources.list - deb http://ch.archive.ubuntu.com/ubuntu/ wily main restricted universe multiverse - deb http://ch.archive.ubuntu.com/ubuntu/ wily-security main restricted universe multiverse - deb http://ch.archive.ubuntu.com/ubuntu/ wily-updates main restricted universe multiverse - deb http://archive.canonical.com/ubuntu wily partner + echo > /etc/apt/sources.list + echo "deb http://ch.archive.ubuntu.com/ubuntu wily main restricted universe multiverse" >> /etc/apt/sources.list + echo "deb http://ch.archive.ubuntu.com/ubuntu wily-security main restricted universe multiverse" >> /etc/apt/sources.list + echo "deb http://ch.archive.ubuntu.com/ubuntu wily-updates main restricted universe multiverse" >> /etc/apt/sources.list + echo "deb http://archive.canonical.com/ubuntu wily partner" >> /etc/apt/sources.list Also refer to the [Ubuntu Help](https://help.ubuntu.com/community/Repositories/Ubuntu) -to find about the different components. +to read about the different components. -Some PPAs are needed to be sure to get the latest software versions. -First the `add-apt-repository` helper is installed, -and then those repositories are added: +Some PPAs are needed to ensure the latest software versions are installed. +First, the `add-apt-repository` helper is installed, +and then, those repositories are added: apt-get install software-properties-common apt-mark auto software-properties-common @@ -108,13 +138,12 @@ and then those repositories are added: add-apt-repository ppa:libreoffice/ppa add-apt-repository ppa:rvm/smplayer add-apt-repository ppa:qtbittorrent-team/qtbittorrent-stable - echo deb http://debian-mirrors.sdinet.de/debian-multimedia testing main \ - > /etc/apt/sources.list.d/deb-multimedia.list + echo "deb http://debian-mirrors.sdinet.de/debian-multimedia testing main" > /etc/apt/sources.list.d/deb-multimedia.list #### Install desktop packages -Now do an `apt-get update` and install the desktop system: - + apt-get update + apt-get install --allow-unauthenticated -y deb-multimedia-keyring apt-get install --install-recommends ubuntu-standard kubuntu-desktop kubuntu-restricted-extras language-pack-kde-en Personally, I like to use Chrome and SMPlayer: @@ -126,5 +155,3 @@ Personally, I like to use Chrome and SMPlayer: Sometimes, some packages have to be pulled from [packages.debian.org](http://packages.debian.org) manually. - -## Finished!