Differences
This shows you the differences between two versions of the page.
tech:linux:setup_new_vm [2020/06/22 06:27] |
tech:linux:setup_new_vm [2023/08/12 06:30] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Setting up a new Linux VM ====== | ||
+ | This is similar to [[setup_new_box|Setup New Liux (Physical) Box]] | ||
+ | |||
+ | This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla. | ||
+ | |||
+ | ===== Debian / Bookworm ===== | ||
+ | Specific steps for Debian/Bookworm | ||
+ | ==== Add non-free repositories ==== | ||
+ | In the past (Debian Buster) you will have to update ''/etc/apt/sources.list'' by adding ''contrib non-free'' to the end of line. However, this time around, this file was empty! Below are the lines obtained from [[https://wiki.debian.org/SourcesList|Debian sources list]]. Also added ''non-free-firmware'' to the end. | ||
+ | <code> | ||
+ | deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware | ||
+ | deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware | ||
+ | |||
+ | deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware | ||
+ | deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware | ||
+ | |||
+ | deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware | ||
+ | deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware | ||
+ | </code> | ||
+ | |||
+ | ==== Install packages ==== | ||
+ | <code bash> | ||
+ | apt update | ||
+ | apt-get install aptitude | ||
+ | aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip rsync git screen | ||
+ | ln -s /usr/sbin/ifconfig /usr/local/bin/ifconfig | ||
+ | updatedb | ||
+ | </code> | ||
+ | |||
+ | Optional packages to install | ||
+ | <code bash> | ||
+ | aptitude install ncdu htop nload pydf iotop | ||
+ | </code> | ||
+ | |||
+ | Use ''tasksel'' to install GUI such as KDE Plasma. | ||
+ | ==== Other changes ==== | ||
+ | * vim: Besides other .vimrc setting, also include ''set mouse='' | ||
+ | |||
+ | <code bash> | ||
+ | echo "set mouse=" > ~/.vimrc | ||
+ | sudo echo "set mouse=" | sudo tee -a /root/.vimrc | ||
+ | </code> | ||
+ | |||
+ | |||
+ | ==== Comments on Minimum Memory requirements ==== | ||
+ | https://unix.stackexchange.com/questions/616137/kernel-panic-on-debian-buster-with-128-mb-of-memory | ||
+ | |||
+ | ==== Update root password ==== | ||
+ | When cloning, make sure to update the root password on the clone. Debian requires it when you need to rescue the system. | ||
+ | |||
+ | ==== SSHD Config Changes ==== | ||
+ | Update ''/etc/ssh/sshd_config'' to include | ||
+ | <code> | ||
+ | PermitRootLogin prohibit-password | ||
+ | PermitEmptyPasswords no | ||
+ | TCPKeepAlive yes | ||
+ | </code> | ||
+ | To temporarily enable Root Login | ||
+ | <code> | ||
+ | PermitRootLogin yes | ||
+ | </code> | ||
+ | |||
+ | ==== Network configuration ==== | ||
+ | Specify the Static IP address and DNS address in ''/etc/network/interfaces'' | ||
+ | <code> | ||
+ | # This file describes the network interfaces available on your system | ||
+ | # and how to activate them. For more information, see interfaces(5). | ||
+ | |||
+ | source /etc/network/interfaces.d/* | ||
+ | |||
+ | # The loopback network interface | ||
+ | auto lo | ||
+ | iface lo inet loopback | ||
+ | |||
+ | # The primary network interface | ||
+ | allow-hotplug enp0s3 | ||
+ | #iface enp0s3 inet dhcp | ||
+ | auto enp0s3 | ||
+ | iface enp0s3 inet static | ||
+ | address 192.168.1.47 | ||
+ | netmask 255.255.255.0 | ||
+ | network 192.168.1.0 | ||
+ | gateway 192.168.1.1 | ||
+ | broadcast 192.168.1.255 | ||
+ | dns-nameservers 192.168.1.48 | ||
+ | dns-nameservers 192.168.1.10 | ||
+ | dns-nameservers 192.168.1.1 | ||
+ | dns-nameservers 8.8.8.8 | ||
+ | |||
+ | # This is an autoconfigured IPv6 interface | ||
+ | #iface enp0s3 inet6 auto | ||
+ | |||
+ | # | ||
+ | # The network interface for Host-Only Network | ||
+ | auto enp0s8 | ||
+ | iface enp0s8 inet static | ||
+ | address 192.168.56.47 | ||
+ | netmask 255.255.255.0 | ||
+ | network 192.168.56.0 | ||
+ | gateway 192.168.56.1 | ||
+ | broadcast 192.168.56.255 | ||
+ | </code> | ||
+ | |||
+ | Update ''/etc/resolv.conf'' as well to indicate the DNS entries and DNS configuration | ||
+ | <code> | ||
+ | nameserver 192.168.1.48 | ||
+ | nameserver 192.168.1.10 | ||
+ | nameserver 192.168.1.1 | ||
+ | nameserver 8.8.8.8 | ||
+ | options timeout:1 | ||
+ | options attempts:1 | ||
+ | </code> | ||
+ | |||
+ | ==== Include DNS entry in DNS Servers ==== | ||
+ | Include the new server in the DNS entries on the DNS servers: ''ubv47'' and ''ubv10''. | ||
+ | |||
+ | Add the entry in ''/etc/hosts.dnsmasq'' as below: | ||
+ | <code> | ||
+ | 192.168.1.50 server50 server50.example.org | ||
+ | </code> | ||
+ | Restart dnsmasq | ||
+ | <code bash> | ||
+ | systemctl restart dnsmasq | ||
+ | # OR | ||
+ | service dnsmasq restart | ||
+ | </code> | ||
+ | |||
+ | ==== Backuppc configuration ==== | ||
+ | Add new server in Backuppc (ubv33) ''/etc/hosts''. Then copy SSH keys to be able to log in as root from backuppc user. | ||
+ | <code bash> | ||
+ | ssh-copy-id root@<new server> | ||
+ | </code> | ||
+ | |||
+ | ==== Nagios configuration ==== | ||
+ | Below is the list of Nagios configurations | ||
+ | <code bash> | ||
+ | aptitude install nagios-nrpe-server | ||
+ | # On /etc/nagios/nrpe.cfg, update line to ''allowed_hosts=127.0.0.1,::1,192.168.1.0/24'' | ||
+ | # Copy /etc/nagios/nrpe.d/cu_nrpe.cfg configuration from an existing server | ||
+ | # Copy the following files from another server to ''/usr/lib/nagios/plugins/''. | ||
+ | # check_deleted_lsof | ||
+ | # check_cpu.sh | ||
+ | # check_uptime | ||
+ | # check_template | ||
+ | # check_mem.pl | ||
+ | # check_lost_found | ||
+ | # check_log1 | ||
+ | # check_file_per | ||
+ | # check_mailq | ||
+ | # Make nagios user part of sudo group | ||
+ | systemctl restart nagios-nrpe-server | ||
+ | </code> | ||
+ | |||
+ | Update file ''/etc/nagios/nrpe.cfg'' and change line as below | ||
+ | <code> | ||
+ | allowed_hosts=127.0.0.1,::1,192.168.1.0/24 | ||
+ | </code> | ||
+ | |||
+ | Create file ''/etc/nagios/nrpe.d/cu_nrpe.cfg'' with the below | ||
+ | <code> | ||
+ | command[check_cu_users]=/usr/lib/nagios/plugins/check_users -w 10 -c 15 | ||
+ | command[check_cu_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 20,15,10 | ||
+ | command[check_cu_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 1 -c 2 -s Z | ||
+ | command[check_cu_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 | ||
+ | command[check_cu_swap]=/usr/lib/nagios/plugins/check_swap -w 20 -c 10 | ||
+ | command[check_cu_mailq]=/usr/lib/nagios/plugins/check_mailq -w 1 -c 5 -M postfix | ||
+ | command[check_cu_ntp_time]=/usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org -w 30 -c 60 | ||
+ | command[check_cu_memory]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 80 -c 90 | ||
+ | command[check_cu_raid]=/usr/lib/nagios/plugins/check_raid | ||
+ | command[check_cu_cron]=/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1024 -C cron | ||
+ | command[check_cu_pcpu]=/usr/lib/nagios/plugins/check_procs -w 40 -c 45 --metric=CPU -v | ||
+ | command[check_cu_fp_tmp]=/usr/lib/nagios/plugins/check_file_per -f /tmp -p 1777 | ||
+ | command[check_cu_disk]=/usr/lib/nagios/plugins/check_disk -w 15% -c 10% -N ext4 -f | ||
+ | command[check_cu_uptime]=/usr/lib/nagios/plugins/check_uptime --warning 60: --critical 60: | ||
+ | command[check_cu_cpu]=/usr/lib/nagios/plugins/check_cpu.sh -w 90 -c 95 | ||
+ | command[check_cu_lostfound]=/usr/bin/sudo /usr/lib/nagios/plugins/check_lost_found -w 1 -c 2 | ||
+ | command[check_cu_kernlog]=/usr/bin/sudo /usr/lib/nagios/plugins/check_log1 -F /var/log/kern.log -O /tmp/kern.log -q ^ | ||
+ | command[check_cu_deleted_lsof]=/usr/bin/sudo /usr/lib/nagios/plugins/check_deleted_lsof -w 50000000 -c 60000000 | ||
+ | </code> | ||
+ | |||
+ | Add nagios to sudo group to execute commands that need root access | ||
+ | <code bash> | ||
+ | usermod -a -G sudo nagios | ||
+ | </code> | ||
+ | ==== Tools Directory ==== | ||
+ | Copy /home/senthil/tools directory to the new server | ||
+ | |||
+ | ==== Postfix ==== | ||
+ | Validate Postfix configuration | ||
+ | |||
+ | ==== MySQL ==== | ||
+ | * Choose a password: ''date|md5sum'' | ||
+ | * Run ''mysql_secure_installation'' to make db secure. | ||
+ | * Use the above password | ||
+ | * Run [[tech:mysql:creating_mysql_users_for_a_database#creating_root_user|Create root user]] and set password for remote user | ||
+ | * Copy /etc/cron.daily/mysql_backup | ||
+ | * [[tech1:linux:nagios3#create_a_mysql_user_and_database|Create MySQL User and Database]] ''ncheck'' and ''ucheck'' (not ''nagioscheck'') for Monitoring. | ||
+ | |||
+ | |||
+ | ===== Install Configuration / Steps ===== | ||
+ | * Postfix is no longer installed by default on Groovy - so please install | ||
+ | |||
+ | ===== System Configuration ===== | ||
+ | * Update system by running "aptitude" | ||
+ | * Completed Security Upgrades | ||
+ | * Complete Package Upgrades | ||
+ | * Reboot | ||
+ | * Network configuration | ||
+ | * Settings are at [[setup_network_groovy|/etc/netplan/00-installer-config.yaml]] | ||
+ | * Update user settings with [[etc_skel|this]] set | ||
+ | * Install the [[most_common_packages_v2|most common packages]] that will the required | ||
+ | |||
+ | ===== apt related ===== | ||
+ | * [[tech:linux:apt_upgrades|Automatic apt upgrades]] | ||
+ | * [[tech:linux:apt_update_resource_overload|APT update resource overload]] | ||
+ | |||
+ | ===== More items ===== | ||
+ | |||
+ | * Setup postfix | ||
+ | * Configure ''/etc/aliases'' to include | ||
+ | <code> | ||
+ | root: system@example.org | ||
+ | user: system@example.org | ||
+ | </code> | ||
+ | Then run ''newaliases'' | ||
+ | * SSH | ||
+ | * Generate SSH private and public keys | ||
+ | * Tuning | ||
+ | * Change swapiness and other parameters based on server needs - [[tech:linux:sysctl_config|sysctl.conf]] | ||
+ | * Others | ||
+ | * Optionally ask server to reboot automatically on [[tech1:linux:kernel_panic|kernel panic]] | ||
+ | * [[tech1:linux:others:i2c_piix4|Disable module i2c_piix4]] on Virtual Machines | ||
+ | * Install NRPE to be monitored | ||
+ | * nagios-nrpe-server nagios-plugins | ||
+ | * Install x11-utils x11-xserver-utils | ||
+ | |||
+ | ===== Other Items configuration ===== | ||
+ | * [[apache_configuration|Apache Configuration]] | ||
+ | * [[tech:linux:etc_skel#sudo_without_password|Setup to sudo without password]] | ||
+ | * [[tech:linux:mail_server_setup|Mail Server Configuration]] | ||
+ | * [[tech:linux:mysql:backups|MySQL Backups]] | ||
+ | * [[tech:linux:others:ntp_update|Reset System Clock with NTP Update]] | ||
+ | * [[tech:linux:others:pflogsumm_mail_report|Setup mail reporting using pflogsumm]] | ||
+ | * [[tech:linux:others:notify_reboot_req|Notify if the system requires a reboot]] | ||
+ | * [[tech:others:mounting_usb_drive_in_ubuntu&#permanently_mount_the_usb_drive|Mounting a USB drive permanently for Backups]] | ||
+ | * Install telnetd - To be used in case SSH server is down. Remember to change password immediately if doing a remote connection. | ||
+ | * [[tech:linux:php_ini|Update php.ini]] configuration file to improve on default limits | ||
+ | * [[apt_update_resource_overload|Disable APT update resource overload]] | ||
+ | * Nagios | ||
+ | * If only setting this up for being monitored install nagios-nrpe-server nagios-plugins | ||
+ | * Share keys between Nagios host and the new VM | ||
+ | * Backuppc | ||
+ | * Setup key share access between backuppc host and the new VM | ||