Trace:

Differences

This shows you the differences between two versions of the page.


tech:linux:setup_new_vm [2025/01/15 12:32] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Setting up a new Linux VM ======
 +This is similar to [[setup_new_box|Setup New Liux (Physical) Box]]
 +
 +This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla.
 +
 +===== Debian / Bookworm =====
 +Specific steps for Debian/Bookworm
 +==== Add non-free repositories ====
 +In the past (Debian Buster) you will have to update ''/etc/apt/sources.list'' by adding ''contrib non-free'' to the end of line. However, this time around, this file was empty!  Below are the lines obtained from [[https://wiki.debian.org/SourcesList|Debian sources list]].  Also added ''non-free-firmware'' to the end.
 +<code>
 +deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
 +deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
 +
 +deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
 +deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
 +
 +deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
 +deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
 +</code>
 +
 +When installing on Dell PowerEdge R630
 +<code>
 +deb http://deb.debian.org/debian/ bookworm main non-free-firmware contrib non-free
 +deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware contrib non-free
 +
 +deb http://security.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free
 +deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free
 +
 +# bookworm-updates, to get updates before a point release is made;
 +# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
 +deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware contrib non-free
 +deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware contrib non-free
 +</code>
 +
 +==== Install packages ====
 +<code bash>
 +apt update
 +apt-get install aptitude
 +aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip rsync git screen
 +ln -s /usr/sbin/ifconfig /usr/local/bin/ifconfig
 +updatedb
 +</code>
 +
 +Optional packages to install
 +<code bash>
 +aptitude install ncdu htop nload pydf iotop
 +</code>
 +
 +Use ''tasksel'' to install GUI such as KDE Plasma.
 +==== Other changes ====
 +  * vim: Besides other .vimrc setting, also include ''set mouse=''
 +
 +<code bash>
 +echo "set mouse=" > ~/.vimrc
 +sudo echo "set mouse=" | sudo tee -a /root/.vimrc
 +</code>
 +
 +
 +==== Comments on Minimum Memory requirements ====
 +https://unix.stackexchange.com/questions/616137/kernel-panic-on-debian-buster-with-128-mb-of-memory
 +
 +==== Update root password ====
 +When cloning, make sure to update the root password on the clone.  Debian requires it when you need to rescue the system.
 +
 +==== SSHD Config Changes ====
 +Update ''/etc/ssh/sshd_config'' to include
 +<code>
 +PermitRootLogin prohibit-password
 +PermitEmptyPasswords no
 +TCPKeepAlive yes
 +</code>
 +To temporarily enable Root Login
 +<code>
 +PermitRootLogin yes
 +</code>
 +
 +==== Network configuration ====
 +Specify the Static IP address and DNS address in ''/etc/network/interfaces''
 +<code>
 +# This file describes the network interfaces available on your system
 +# and how to activate them. For more information, see interfaces(5).
 +
 +source /etc/network/interfaces.d/*
 +
 +# The loopback network interface
 +auto lo
 +iface lo inet loopback
 +
 +# The primary network interface
 +allow-hotplug enp0s3
 +#iface enp0s3 inet dhcp
 +auto enp0s3
 +iface enp0s3 inet static
 +        address 192.168.1.47
 +        netmask 255.255.255.0
 +        network 192.168.1.0
 +        gateway 192.168.1.1
 +        broadcast 192.168.1.255
 +        dns-nameservers 192.168.1.48
 +        dns-nameservers 192.168.1.10
 +        dns-nameservers 192.168.1.1
 +        dns-nameservers 8.8.8.8
 +
 +# This is an autoconfigured IPv6 interface
 +#iface enp0s3 inet6 auto
 +
 +#
 +# The network interface for Host-Only Network
 +auto enp0s8
 +iface enp0s8 inet static
 +        address 192.168.56.47
 +        netmask 255.255.255.0
 +        network 192.168.56.0
 +        gateway 192.168.56.1
 +        broadcast 192.168.56.255
 +</code>
 +
 +Update ''/etc/resolv.conf'' as well to indicate the DNS entries and DNS configuration
 +<code>
 +nameserver 192.168.1.48
 +nameserver 192.168.1.10
 +nameserver 192.168.1.1
 +nameserver 8.8.8.8
 +options timeout:1
 +options attempts:1
 +</code>
 +
 +==== Include DNS entry in DNS Servers ====
 +Include the new server in the DNS entries on the DNS servers: ''ubv47'' and ''ubv10''.
 +
 +Add the entry in ''/etc/hosts.dnsmasq'' as below:
 +<code>
 +192.168.1.50    server50  server50.example.org
 +</code>
 +Restart dnsmasq
 +<code bash>
 +systemctl restart dnsmasq
 +# OR
 +service dnsmasq restart
 +</code>
 +
 +==== Backuppc configuration ====
 +Add new server in Backuppc (ubv33) ''/etc/hosts''. Then copy SSH keys to be able to log in as root from backuppc user.
 +<code bash>
 +ssh-copy-id root@<new server>
 +</code>
 +
 +==== Nagios configuration ====
 +Below is the list of Nagios configurations
 +<code bash>
 +aptitude install nagios-nrpe-server
 +# On /etc/nagios/nrpe.cfg, update line to ''allowed_hosts=127.0.0.1,::1,192.168.1.0/24''
 +# Copy /etc/nagios/nrpe.d/cu_nrpe.cfg configuration from an existing server
 +# Copy the following files from another server to ''/usr/lib/nagios/plugins/''.
 +  # check_deleted_lsof
 +  # check_cpu.sh
 +  # check_uptime
 +  # check_template
 +  # check_mem.pl
 +  # check_lost_found
 +  # check_log1
 +  # check_file_per
 +  # check_mailq
 +# Make nagios user part of sudo group
 +systemctl restart nagios-nrpe-server
 +</code>
 +
 +Update file ''/etc/nagios/nrpe.cfg'' and change line as below
 +<code>
 +allowed_hosts=127.0.0.1,::1,192.168.1.0/24
 +</code>
 +
 +Create file ''/etc/nagios/nrpe.d/cu_nrpe.cfg'' with the below
 +<code>
 +command[check_cu_users]=/usr/lib/nagios/plugins/check_users -w 10 -c 15
 +command[check_cu_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 20,15,10
 +command[check_cu_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 1 -c 2 -s Z
 +command[check_cu_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
 +command[check_cu_swap]=/usr/lib/nagios/plugins/check_swap -w 20 -c 10
 +command[check_cu_mailq]=/usr/lib/nagios/plugins/check_mailq -w 1 -c 5 -M postfix
 +command[check_cu_ntp_time]=/usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org -w 30 -c 60
 +command[check_cu_memory]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 80 -c 90
 +command[check_cu_raid]=/usr/lib/nagios/plugins/check_raid
 +command[check_cu_cron]=/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1024 -C cron
 +command[check_cu_pcpu]=/usr/lib/nagios/plugins/check_procs -w 40 -c 45 --metric=CPU -v
 +command[check_cu_fp_tmp]=/usr/lib/nagios/plugins/check_file_per -f /tmp -p 1777
 +command[check_cu_disk]=/usr/lib/nagios/plugins/check_disk -w 15% -c 10% -N ext4 -f
 +command[check_cu_uptime]=/usr/lib/nagios/plugins/check_uptime --warning 60: --critical 60:
 +command[check_cu_cpu]=/usr/lib/nagios/plugins/check_cpu.sh -w 90 -c 95
 +command[check_cu_lostfound]=/usr/bin/sudo /usr/lib/nagios/plugins/check_lost_found -w 1 -c 2
 +command[check_cu_kernlog]=/usr/bin/sudo /usr/lib/nagios/plugins/check_log1 -F /var/log/kern.log -O /tmp/kern.log -q ^
 +command[check_cu_deleted_lsof]=/usr/bin/sudo /usr/lib/nagios/plugins/check_deleted_lsof -w 50000000 -c 60000000
 +#
 +# Specific item(s)
 +command[check_cu_openvpn]=/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1024 -C openvpn
 +</code>
 +
 +Add nagios to sudo group to execute commands that need root access
 +<code bash>
 +usermod -a -G sudo nagios
 +</code>
 +==== Tools Directory ====
 +Copy /home/senthil/tools directory to the new server
 +
 +==== Postfix ====
 +Validate Postfix configuration
 +
 +==== MySQL ====
 +  * Choose a password: ''date|md5sum''
 +  * Run ''mysql_secure_installation'' to make db secure.
 +    * Use the above password
 +  * Run [[tech:mysql:creating_mysql_users_for_a_database#creating_root_user|Create root user]] and set password for remote user
 +  * Copy /etc/cron.daily/mysql_backup
 +  * [[tech1:linux:nagios3#create_a_mysql_user_and_database|Create MySQL User and Database]] ''ncheck'' and ''ucheck'' (not ''nagioscheck'') for Monitoring.
 +
 +
 +===== Install Configuration / Steps =====
 +    * Postfix is no longer installed by default on Groovy - so please install
 +
 +===== System Configuration =====
 +  * Update system by running "aptitude"
 +    * Completed Security Upgrades
 +    * Complete Package Upgrades
 +    * Reboot
 +  * Network configuration
 +    * Settings are at [[setup_network_groovy|/etc/netplan/00-installer-config.yaml]]
 +  * Update user settings with [[etc_skel|this]] set
 +  * Install the [[most_common_packages_v2|most common packages]] that will the required
 +
 +===== apt related =====
 +  * [[tech:linux:apt_upgrades|Automatic apt upgrades]]
 +  * [[tech:linux:apt_update_resource_overload|APT update resource overload]]
 +
 +===== More items =====
 +  * Mail
 +    * Setup postfix
 +      * Configure ''/etc/aliases'' to include
 +<code>
 +root: system@example.org
 +user: system@example.org
 +</code>
 +Then run ''newaliases''
 +  * SSH
 +    * Generate SSH private and public keys
 +  * Tuning
 +    * Change swapiness and other parameters based on server needs - [[tech:linux:sysctl_config|sysctl.conf]]
 +  * Others
 +    * Optionally ask server to reboot automatically on [[tech1:linux:kernel_panic|kernel panic]]
 +    * [[tech1:linux:others:i2c_piix4|Disable module i2c_piix4]] on Virtual Machines
 +    * Install NRPE to be monitored
 +      * nagios-nrpe-server nagios-plugins
 +    * Install x11-utils x11-xserver-utils
 +
 +===== Other Items configuration =====
 +  * [[apache_configuration|Apache Configuration]]
 +  * [[tech:linux:etc_skel#sudo_without_password|Setup to sudo without password]]
 +  * [[tech:linux:mail_server_setup|Mail Server Configuration]]
 +  * [[tech:linux:mysql:backups|MySQL Backups]]
 +  * [[tech:linux:others:ntp_update|Reset System Clock with NTP Update]]
 +  * [[tech:linux:others:pflogsumm_mail_report|Setup mail reporting using pflogsumm]]
 +  * [[tech:linux:others:notify_reboot_req|Notify if the system requires a reboot]]
 +  * [[tech:others:mounting_usb_drive_in_ubuntu&#permanently_mount_the_usb_drive|Mounting a USB drive permanently for Backups]]
 +  * Install telnetd - To be used in case SSH server is down.  Remember to change password immediately if doing a remote connection.
 +  * [[tech:linux:php_ini|Update php.ini]] configuration file to improve on default limits
 +  * [[apt_update_resource_overload|Disable APT update resource overload]]
 +  * Nagios
 +    * If only setting this up for being monitored install nagios-nrpe-server nagios-plugins
 +    * Share keys between Nagios host and the new VM
 +  * Backuppc
 +    * Setup key share access between backuppc host and the new VM
  

QR Code
QR Code tech:linux:setup_new_vm (generated for current page)