## - On the host-system install "bridge-utils" ## - apt-get install bridge-utils ## - On the host-system install LXC ## - apt-get install lxc apt-get install btrfs-tools lua5.2 ## - !! Debian Jessie related ## - ## - Konfiguration /etc/security/limits.conf seems not be working together ## - with systemd. ## - ## - One possibility is, setting parameter "DefaultLimitNOFILE" in file ## - /etc/systemd/system.conf. This setting is "world wide". ## - ## - At least that allows me to do my work again but it is obviously not the ## - right solution. I just want to change my own user's limits, not the ## - limits of each and everything. ## - perl -i.ORIG -n -p -e "s/(\s*#\s*DefaultLimitNOFILE.*)/\1\nDefaultLimitNOFILE=1048576/" /etc/systemd/system.conf systemctl daemon-reload ## - Configure your hots-sstem to use a bridge-interface (typically br0) ## - instead of a real one (typically eth0) ## - ## - Replace your network configuration in file /etc/network/interfaces ## - from: ## - ## - auto eth0 ## - iface eth0 inet static ## - address ## - netmask ## - network ## - broadcast ## - gateway ## - ## - to: ## - ## - auto br0 ## - iface br0 inet static ## - bridge-ports eth0 ## - address ## - netmask ## - network ## - broadcast ## - gateway ## - # default route to access subnet ## - #up route add -net netmask gw br0 ## - vim /etc/network/interfaces ## - Restart host-system ## - ## - ------------------------------------------------------------------------- ## - ## - #LXC_ROOT_DIR=/srv/lxc LXC_ROOT_DIR=/data/lxc LXC_NAME= LXC_DIST=debian LXC_RELEASE=jessie IPV4_ADDRESS= IPV4_NETMASK= IPV4_BROADCAST= IPV4_GATEWAY= IPv4_Prefix= ## - !! Über das Hetzner Webinterface MAC-Adresse vergeben !! MAC_ADDRESS=`echo -n 00 ; dd bs=1 count=5 if=/dev/random 2>/dev/null | hexdump -v -e '/1 ":%02X"'` #MAC_ADDRESS= #IPV6_ADDRESS= #IPV6_GATEWAY= #IPv6_Prefix= HOSTNAME= ## - ------------------------------------------------------------------------- lxc-create -n $LXC_NAME -t $LXC_DIST -- --release $LXC_RELEASE --arch amd64 cp ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces \ ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces.ORIG touch /var/lib/lxc/${LXC_NAME}/fstab cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces #----------------------------- # lo: loopback #----------------------------- auto lo iface lo inet loopback #----------------------------- # eth0 #----------------------------- auto eth0 iface eth0 inet manual iface eth0 inet6 manual EOF cp ${LXC_ROOT_DIR}/${LXC_NAME}/config ${LXC_ROOT_DIR}/${LXC_NAME}/config.ORIG cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/config lxc.rootfs = /var/lib/lxc/${LXC_NAME}/rootfs # Common configuration lxc.include = /usr/share/lxc/config/${LXC_DIST}.common.conf # Container specific configuration lxc.mount = /var/lib/lxc/${LXC_NAME}/fstab lxc.utsname = $LXC_NAME lxc.arch = amd64 lxc.autodev = 1 lxc.kmsg = 0 # Network configuration lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = $MAC_ADDRESS # IPv4 lxc.network.ipv4 = ${IPV4_ADDRESS}/$IPv4_Prefix lxc.network.ipv4.gateway = ${IPV4_GATEWAY} # IPv6 lxc.network.ipv6 = ${IPV6_ADDRESS}/$IPv6_Prefix lxc.network.ipv6.gateway = $IPV6_GATEWAY # Autostart lxc.start.auto = 1 lxc.start.delay = 5 lxc.start.order = 100 EOF ## - ------------------------------------------------------------------------- lxc-start -d -n $LXC_NAME ## - Starte eine root shell im neuen Container ## - lxc-attach -n $LXC_NAME ## - Alternativ: Starte eine Console im neuen Container ## - ## - Bemerkung: Es wird das root-passwort benötigt, welches Teil der ## - Ausgabe des "lxc-create" Befehls am Ende ist ## - lxc-console -n $LXC_NAME ## - ------------------------------------------------------------------------- ## - apt konfiguroren ## - setze in /etc/apt/sources.list ## - ## - deb http://ftp.de.debian.org/debian jessie main contrib non-free ## - deb-src http://ftp.de.debian.org/debian jessie main contrib non-free ## - ## - deb http://security.debian.org/ jessie/updates main contrib non-free ## - deb-src http://security.debian.org/ jessie/updates main contrib non-free ## - ## - ## - formerly: volatile ## - deb ftp://ftp.de.debian.org/debian jessie-updates main contrib ## - ## - # jessie-backports ## - deb http://ftp.de.debian.org/debian jessie-backports main contrib non-free ## - cat << EOF > /etc/apt/sources.list deb http://ftp.de.debian.org/debian/ jessie main non-free contrib deb-src http://ftp.de.debian.org/debian/ jessie main non-free contrib deb http://security.debian.org/ jessie/updates main contrib non-free deb-src http://security.debian.org/ jessie/updates main contrib non-free # jessie-updates, previously known as 'volatile' deb http://ftp.de.debian.org/debian/ jessie-updates main contrib non-free deb-src http://ftp.de.debian.org/debian/ jessie-updates main contrib non-free # jessie-backports, previously on backports.debian.org deb http://ftp.de.debian.org/debian/ jessie-backports main contrib non-free deb-src http://ftp.de.debian.org/debian/ jessie-backports main contrib non-free EOF ## - Update ## - apt-get update ## - Install/Setup locales ## - apt-get install locales dpkg-reconfigure locales ## - Install os-upgrade.sh ## - mkdir -p /root/bin cat << EOF >> /root/bin/os-upgrade.sh #!/usr/bin/env bash apt-get update apt-get upgrade -y apt-get clean exit 0 EOF chmod 700 /root/bin/os-upgrade.sh ## - Upgrade System ## - apt-get upgrade apt-get install -y openssh-server rssh \ vim vim-common vim-doc mc screen tmux bc \ rcconf iproute sudo rsync dselect iputils-ping aptitude \ zip unzip bzip2 arj \ locate \ gawk mawk \ lynx links w3m ctags mime-support \ file coreutils moreutils less realpath sipcalc psmisc \ dnsutils rblcheck whois \ gettext gettext-base gettext-doc \ debian-keyring \ patch patchutils \ recode recode-doc librecode0 librecode-dev sharutils \ perl perl-modules perl-doc libperl-dev \ libterm-readline-gnu-perl libterm-readline-perl-perl libterm-readkey-perl \ libmail-imapclient-perl libtime-duration-perl libtimedate-perl \ libwww-perl libpcre3 libio-compress-perl \ re2c util-linux \ parted lshw gdisk smartmontools \ tcpdump telnet unhide lsof groff iproute bridge-utils vlan \ ethtool wipe iperf mtr iptraf \ wget logrotate rsyslog haveged \ ntpdate wipe man groff \ iptables shellcheck \ git ## - take care shadow passwords are enabled ## - dpkg-reconfigure passwd /sbin/shadowconfig on ## - configure time-zone ## - dpkg-reconfigure tzdata ## - add more users adduser chris adduser defa ## - add user/group back addgroup --gid 1020 back adduser --uid 1020 --gid 1020 back ## - user/group sysadm ## - ## - passwd: gHZu81_p ## - addgroup --gid 1050 sysadm adduser --uid 1050 --gid 1050 sysadm ## - add new user tou group (gid) 11 usermod -a -G sudo chris usermod -a -G sudo sysadm usermod -a -G sudo defa ## - Copy templates for .bashrc, .profile, .vimrc, .ssh etcpp ## - hostname=83.223.86.97 cd /home/chris/O.OPEN/Rechner/templates_home/root scp -r adduser_backup.oopen.sh adduser_defa.sh .bashrc .profile .vimrc bin .ssh root@${hostname}: cd /home/chris/O.OPEN/Rechner/templates_home/chris scp -r .bashrc .profile .ssh .vimrc ${hostname}: scp -r .bashrc .profile .vimrc back@${hostname}: scp -r .bashrc .profile .ssh .vimrc sysadm@${hostname}: cd /home/chris/O.OPEN/Rechner/templates_home/root scp -r adduser_backup.oopen.sh adduser_defa.sh .bashrc .profile .ssh .vimrc root@sympa.oopen.de: cd ~ ./adduser_defa.sh ./adduser_backup.oopen.sh ## - Adjust /etc/sudoers ## - ## - back ALL=(root)NOPASSWD:/usr/bin/rsync ## - back ALL=(root)NOPASSWD:/usr/bin/find ## - back ALL=(root)NOPASSWD:/usr/bin/realpath ## - visudo ## - Adjust /etc/resolv.conf ## - ## - search warenform.de ## - nameserver 83.223.66.51 ## - nameserver 212.42.230.1 ## - nameserver 83.223.90.90 ## - vim /etc/resolv.conf ## - NOTICE!! ## - ## - since "sueeze", /bin/sh ist linked to /bin/dash. with that some of my ## - scripts doesn't work. so link back to /bin/bash ## - ## - link /bin/sh to /bin/bash ## - cd /bin rm sh ln -s bash sh ## - install subversion ## - apt-get install -y subversion subversion-tools # smbclient ## - Install git ## - apt-get install -y git ## - if package-version of mysql is needed ## - apt-get install mysql-client-5.5 mysql-common \ mysql-server-5.5 mysql-server-core-5.5 ## --------------------------------------------------------------- ## - compiler stuff ## - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \ make automake autoconf libtool flex bison \ gettext pkg-config gnu-standards \ libssl-dev libreadline-dev libncurses-dev apt-get install libsystemd-dev ## - packages to build apache webserver with php5/ruby support ## - apt-get install -y libdb-dev zlib1g zlib1g-dev libssl-dev \ libneon27-dev apt-get install -y libxml2 libxml2-dev \ curl libcurl4-openssl-dev \ libqdbm-dev libgdbm-dev libpspell-dev \ libjpeg-dev libpng12-dev libxpm-dev libfreetype6-dev \ libwmf-dev libtiff-dev libjasper-dev libpaper-dev \ libmagic-dev \ libmagick-dev libgraphics-magick-perl \ libgraphicsmagick++1-dev libgraphicsmagick++3 libgraphicsmagick1-dev \ libgraphviz-dev libgd2-xpm-dev libcroco3-dev libgsf-1-dev libilmbase-dev \ libvpx-dev libvpx1 vpx-tools \ libgpm-dev libkpathsea-dev libopenexr-dev librsvg2-dev libdjvulibre-dev \ libatm-dev libexpat-dev \ imagemagick graphicsmagick \ re2c \ exif libexiv2-dev \ netpbm libnetpbm10-dev \ libmcrypt-dev mcrypt \ libmysqlclient-dev mysql-client \ libpq-dev postgresql-client \ libreadline-dev libncurses-dev \ libdb5.3 libdb5.3++ libdb5.3++-dev libdb5.3-dev \ libxslt1-dev libpcre3-dev \ libc-client2007e-dev libc-client-dev \ libicu-dev \ libtidy-dev \ libmm-dev libgmp-dev libkrb5-dev libldap-dev \ libmhash-dev libgd-dev \ libapr1-dev libaprutil1-dev \ liblua5.1-0 liblua5.1-0-dev \ libsctp-dev \ libcrypto++-dev ## - So create a symlink ## - /usr/lib/libldap.so -> /usr/lib/x86_64-linux-gnu/libldap.so ln -s x86_64-linux-gnu/libldap.so /usr/lib/libldap.so ## - Hinweis: libt1-dev nicht mehr verfügbar in debian jessie ## - Hinweis: »graphicsmagick-libmagick-dev-compat« wird an Stelle von »libmagick-dev« gewählt ## - if ruby is/will be installed this is needed for rmagick gem ## - ##libmagick++-dev libmagickcore-dev libmagickwand-dev \ ## - needed for php extension imagick ## - apt-get install -y libmagickwand-dev ## - needed for php extension geoip ## - apt-get install -y libgeoip-dev ## - add some tk/tcl stuff ## - ## - tcl tcl-dev tk tk-dev tclreadline ## - apt-get install -y tk-dev tcl-dev tclreadline apt-get install -y expect expect-dev libexpect-perl