Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tech:linux:setup_new_vm [2020/06/22 06:27]
tech:linux:setup_new_vm [2023/08/12 06:30] (current)
Line 1: Line 1:
 +====== Setting up a new Linux VM ======
 +This is similar to [[setup_new_box|Setup New Liux (Physical) Box]]
 +
 +This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla.
 +
 +===== Debian / Bookworm =====
 +Specific steps for Debian/​Bookworm
 +==== Add non-free repositories ====
 +In the past (Debian Buster) you will have to update ''/​etc/​apt/​sources.list''​ by adding ''​contrib non-free''​ to the end of line. However, this time around, this file was empty! ​ Below are the lines obtained from [[https://​wiki.debian.org/​SourcesList|Debian sources list]]. ​ Also added ''​non-free-firmware''​ to the end.
 +<​code>​
 +deb http://​deb.debian.org/​debian bookworm main contrib non-free non-free-firmware
 +deb-src http://​deb.debian.org/​debian bookworm main contrib non-free non-free-firmware
 +
 +deb http://​deb.debian.org/​debian-security/​ bookworm-security main contrib non-free non-free-firmware
 +deb-src http://​deb.debian.org/​debian-security/​ bookworm-security main contrib non-free non-free-firmware
 +
 +deb http://​deb.debian.org/​debian bookworm-updates main contrib non-free non-free-firmware
 +deb-src http://​deb.debian.org/​debian bookworm-updates main contrib non-free non-free-firmware
 +</​code>​
 +
 +==== Install packages ====
 +<code bash>
 +apt update
 +apt-get install aptitude
 +aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip rsync git screen
 +ln -s /​usr/​sbin/​ifconfig /​usr/​local/​bin/​ifconfig
 +updatedb
 +</​code>​
 +
 +Optional packages to install
 +<code bash>
 +aptitude install ncdu htop nload pydf iotop
 +</​code>​
 +
 +Use ''​tasksel''​ to install GUI such as KDE Plasma.
 +==== Other changes ====
 +  * vim: Besides other .vimrc setting, also include ''​set mouse=''​
 +
 +<code bash>
 +echo "set mouse="​ > ~/.vimrc
 +sudo echo "set mouse="​ | sudo tee -a /​root/​.vimrc
 +</​code>​
 +
 +
 +==== Comments on Minimum Memory requirements ====
 +https://​unix.stackexchange.com/​questions/​616137/​kernel-panic-on-debian-buster-with-128-mb-of-memory
 +
 +==== Update root password ====
 +When cloning, make sure to update the root password on the clone. ​ Debian requires it when you need to rescue the system.
 +
 +==== SSHD Config Changes ====
 +Update ''/​etc/​ssh/​sshd_config''​ to include
 +<​code>​
 +PermitRootLogin prohibit-password
 +PermitEmptyPasswords no
 +TCPKeepAlive yes
 +</​code>​
 +To temporarily enable Root Login
 +<​code>​
 +PermitRootLogin yes
 +</​code>​
 +
 +==== Network configuration ====
 +Specify the Static IP address and DNS address in ''/​etc/​network/​interfaces''​
 +<​code>​
 +# This file describes the network interfaces available on your system
 +# and how to activate them. For more information,​ see interfaces(5).
 +
 +source /​etc/​network/​interfaces.d/​*
 +
 +# The loopback network interface
 +auto lo
 +iface lo inet loopback
 +
 +# The primary network interface
 +allow-hotplug enp0s3
 +#iface enp0s3 inet dhcp
 +auto enp0s3
 +iface enp0s3 inet static
 +        address 192.168.1.47
 +        netmask 255.255.255.0
 +        network 192.168.1.0
 +        gateway 192.168.1.1
 +        broadcast 192.168.1.255
 +        dns-nameservers 192.168.1.48
 +        dns-nameservers 192.168.1.10
 +        dns-nameservers 192.168.1.1
 +        dns-nameservers 8.8.8.8
 +
 +# This is an autoconfigured IPv6 interface
 +#iface enp0s3 inet6 auto
 +
 +#
 +# The network interface for Host-Only Network
 +auto enp0s8
 +iface enp0s8 inet static
 +        address 192.168.56.47
 +        netmask 255.255.255.0
 +        network 192.168.56.0
 +        gateway 192.168.56.1
 +        broadcast 192.168.56.255
 +</​code>​
 +
 +Update ''/​etc/​resolv.conf''​ as well to indicate the DNS entries and DNS configuration
 +<​code>​
 +nameserver 192.168.1.48
 +nameserver 192.168.1.10
 +nameserver 192.168.1.1
 +nameserver 8.8.8.8
 +options timeout:1
 +options attempts:1
 +</​code>​
 +
 +==== Include DNS entry in DNS Servers ====
 +Include the new server in the DNS entries on the DNS servers: ''​ubv47''​ and ''​ubv10''​.
 +
 +Add the entry in ''/​etc/​hosts.dnsmasq''​ as below:
 +<​code>​
 +192.168.1.50 ​   server50 ​ server50.example.org
 +</​code>​
 +Restart dnsmasq
 +<code bash>
 +systemctl restart dnsmasq
 +# OR
 +service dnsmasq restart
 +</​code>​
 +
 +==== Backuppc configuration ====
 +Add new server in Backuppc (ubv33) ''/​etc/​hosts''​. Then copy SSH keys to be able to log in as root from backuppc user.
 +<code bash>
 +ssh-copy-id root@<​new server>
 +</​code>​
 +
 +==== Nagios configuration ====
 +Below is the list of Nagios configurations
 +<code bash>
 +aptitude install nagios-nrpe-server
 +# On /​etc/​nagios/​nrpe.cfg,​ update line to ''​allowed_hosts=127.0.0.1,::​1,​192.168.1.0/​24''​
 +# Copy /​etc/​nagios/​nrpe.d/​cu_nrpe.cfg configuration from an existing server
 +# Copy the following files from another server to ''/​usr/​lib/​nagios/​plugins/''​.
 +  # check_deleted_lsof
 +  # check_cpu.sh
 +  # check_uptime
 +  # check_template
 +  # check_mem.pl
 +  # check_lost_found
 +  # check_log1
 +  # check_file_per
 +  # check_mailq
 +# Make nagios user part of sudo group
 +systemctl restart nagios-nrpe-server
 +</​code>​
 +
 +Update file ''/​etc/​nagios/​nrpe.cfg''​ and change line as below
 +<​code>​
 +allowed_hosts=127.0.0.1,::​1,​192.168.1.0/​24
 +</​code>​
 +
 +Create file ''/​etc/​nagios/​nrpe.d/​cu_nrpe.cfg''​ with the below
 +<​code>​
 +command[check_cu_users]=/​usr/​lib/​nagios/​plugins/​check_users -w 10 -c 15
 +command[check_cu_load]=/​usr/​lib/​nagios/​plugins/​check_load -w 15,10,5 -c 20,15,10
 +command[check_cu_zombie_procs]=/​usr/​lib/​nagios/​plugins/​check_procs -w 1 -c 2 -s Z
 +command[check_cu_total_procs]=/​usr/​lib/​nagios/​plugins/​check_procs -w 150 -c 200
 +command[check_cu_swap]=/​usr/​lib/​nagios/​plugins/​check_swap -w 20 -c 10
 +command[check_cu_mailq]=/​usr/​lib/​nagios/​plugins/​check_mailq -w 1 -c 5 -M postfix
 +command[check_cu_ntp_time]=/​usr/​lib/​nagios/​plugins/​check_ntp_time -H pool.ntp.org -w 30 -c 60
 +command[check_cu_memory]=/​usr/​lib/​nagios/​plugins/​check_mem.pl -u -C -w 80 -c 90
 +command[check_cu_raid]=/​usr/​lib/​nagios/​plugins/​check_raid
 +command[check_cu_cron]=/​usr/​lib/​nagios/​plugins/​check_procs -w 1:1 -c 1:1024 -C cron
 +command[check_cu_pcpu]=/​usr/​lib/​nagios/​plugins/​check_procs -w 40 -c 45 --metric=CPU -v
 +command[check_cu_fp_tmp]=/​usr/​lib/​nagios/​plugins/​check_file_per -f /tmp -p 1777
 +command[check_cu_disk]=/​usr/​lib/​nagios/​plugins/​check_disk -w 15% -c 10% -N ext4 -f
 +command[check_cu_uptime]=/​usr/​lib/​nagios/​plugins/​check_uptime --warning 60: --critical 60:
 +command[check_cu_cpu]=/​usr/​lib/​nagios/​plugins/​check_cpu.sh -w 90 -c 95
 +command[check_cu_lostfound]=/​usr/​bin/​sudo /​usr/​lib/​nagios/​plugins/​check_lost_found -w 1 -c 2
 +command[check_cu_kernlog]=/​usr/​bin/​sudo /​usr/​lib/​nagios/​plugins/​check_log1 -F /​var/​log/​kern.log -O /​tmp/​kern.log -q ^
 +command[check_cu_deleted_lsof]=/​usr/​bin/​sudo /​usr/​lib/​nagios/​plugins/​check_deleted_lsof -w 50000000 -c 60000000
 +</​code>​
 +
 +Add nagios to sudo group to execute commands that need root access
 +<code bash>
 +usermod -a -G sudo nagios
 +</​code>​
 +==== Tools Directory ====
 +Copy /​home/​senthil/​tools directory to the new server
 +
 +==== Postfix ====
 +Validate Postfix configuration
 +
 +==== MySQL ====
 +  * Choose a password: ''​date|md5sum''​
 +  * Run ''​mysql_secure_installation''​ to make db secure.
 +    * Use the above password
 +  * Run [[tech:​mysql:​creating_mysql_users_for_a_database#​creating_root_user|Create root user]] and set password for remote user
 +  * Copy /​etc/​cron.daily/​mysql_backup
 +  * [[tech1:​linux:​nagios3#​create_a_mysql_user_and_database|Create MySQL User and Database]] ''​ncheck''​ and ''​ucheck''​ (not ''​nagioscheck''​) for Monitoring.
 +
 +
 +===== Install Configuration / Steps =====
 +    * Postfix is no longer installed by default on Groovy - so please install
 +
 +===== System Configuration =====
 +  * Update system by running "​aptitude"​
 +    * Completed Security Upgrades
 +    * Complete Package Upgrades
 +    * Reboot
 +  * Network configuration
 +    * Settings are at [[setup_network_groovy|/​etc/​netplan/​00-installer-config.yaml]]
 +  * Update user settings with [[etc_skel|this]] set
 +  * Install the [[most_common_packages_v2|most common packages]] that will the required
 +
 +===== apt related =====
 +  * [[tech:​linux:​apt_upgrades|Automatic apt upgrades]]
 +  * [[tech:​linux:​apt_update_resource_overload|APT update resource overload]]
 +
 +===== More items =====
 +  * Mail
 +    * Setup postfix
 +      * Configure ''/​etc/​aliases''​ to include
 +<​code>​
 +root: system@example.org
 +user: system@example.org
 +</​code>​
 +Then run ''​newaliases''​
 +  * SSH
 +    * Generate SSH private and public keys
 +  * Tuning
 +    * Change swapiness and other parameters based on server needs - [[tech:​linux:​sysctl_config|sysctl.conf]]
 +  * Others
 +    * Optionally ask server to reboot automatically on [[tech1:​linux:​kernel_panic|kernel panic]]
 +    * [[tech1:​linux:​others:​i2c_piix4|Disable module i2c_piix4]] on Virtual Machines
 +    * Install NRPE to be monitored
 +      * nagios-nrpe-server nagios-plugins
 +    * Install x11-utils x11-xserver-utils
 +
 +===== Other Items configuration =====
 +  * [[apache_configuration|Apache Configuration]]
 +  * [[tech:​linux:​etc_skel#​sudo_without_password|Setup to sudo without password]]
 +  * [[tech:​linux:​mail_server_setup|Mail Server Configuration]]
 +  * [[tech:​linux:​mysql:​backups|MySQL Backups]]
 +  * [[tech:​linux:​others:​ntp_update|Reset System Clock with NTP Update]]
 +  * [[tech:​linux:​others:​pflogsumm_mail_report|Setup mail reporting using pflogsumm]]
 +  * [[tech:​linux:​others:​notify_reboot_req|Notify if the system requires a reboot]]
 +  * [[tech:​others:​mounting_usb_drive_in_ubuntu&#​permanently_mount_the_usb_drive|Mounting a USB drive permanently for Backups]]
 +  * Install telnetd - To be used in case SSH server is down.  Remember to change password immediately if doing a remote connection.
 +  * [[tech:​linux:​php_ini|Update php.ini]] configuration file to improve on default limits
 +  * [[apt_update_resource_overload|Disable APT update resource overload]]
 +  * Nagios
 +    * If only setting this up for being monitored install nagios-nrpe-server nagios-plugins
 +    * Share keys between Nagios host and the new VM
 +  * Backuppc
 +    * Setup key share access between backuppc host and the new VM
  

QR Code
QR Code tech:linux:setup_new_vm (generated for current page)