User:Moggers87/Installing Opensuse: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
Strugglers (talk | contribs) (→Configure GRUB and install kernel: Set the xen console correctly; don't use "quiet") |
||
| (27 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
==Install OpenSUSE== | |||
===Make sure you're in PVH mode=== | |||
<syntaxhighlight lang="text"> | |||
# apt update | xen-shell> virtmode pvh | ||
# apt install rpm zypper curl btrfs-progs zstd parted | </syntaxhighlight> | ||
===Boot rescue VM and log in=== | |||
<syntaxhighlight lang="text"> | |||
xen-shell> rescue | |||
</syntaxhighlight> | |||
# mkdir -vp /target && mount -v /dev/xvda1 /target | After a while you'll be presented with a login prompt. The password is auto-generated and should be printed a few lines above the prompt. Once you're logged in, become root: | ||
# cp -v /etc/resolv.conf /target/etc/ | |||
<syntaxhighlight lang="text"> | |||
user@rescue:~$ sudo -i | |||
root@rescue:~# | |||
</syntaxhighlight> | |||
===Install required utilities into rescue VM=== | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# apt update | |||
root@rescue:~# apt install rpm zypper curl btrfs-progs zstd parted | |||
</syntaxhighlight> | |||
===Set up partitions on disk=== | |||
Wipe existing block devices: | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# for d in a b; do wipefs -a /dev/xvd${d}; done | |||
</syntaxhighlight> | |||
Create partitions: | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# parted -s /dev/xvda mklabel gpt mkpart root btrfs 0% 100% | |||
root@rescue:~# parted -s /dev/xvda set 1 boot on | |||
root@rescue:~# parted -s /dev/xvdb mklabel gpt mkpart swap linux-swap 0% 100% | |||
root@rescue:~# mkfs.btrfs /dev/xvda1 | |||
root@rescue:~# mkswap -L SWAP /dev/xvdb1 | |||
</syntaxhighlight> | |||
Finally, mount the partition: | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# mkdir -vp /target && mount -v /dev/xvda1 /target | |||
</syntaxhighlight> | |||
===Copy in resolv.conf=== | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# mkdir /target/etc/ | |||
root@rescue:~# cp -v /etc/resolv.conf /target/etc/ | |||
</syntaxhighlight> | |||
===Set up Zypper repoes=== | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# mkdir -p /target/etc/zypp/repos.d/ | |||
root@rescue:~# cat <<-EOF > /target/etc/zypp/repos.d/repo-oss.repo | |||
[repo-oss] | [repo-oss] | ||
name=Main Repository | name=Main Repository | ||
| Line 27: | Line 72: | ||
keeppackages=0 | keeppackages=0 | ||
EOF | EOF | ||
# | root@rescue:~# cat <<-EOF > /target/etc/zypp/repos.d/repo-update.repo | ||
[repo-update] | |||
name=Main Update Repository | |||
enabled=1 | |||
autorefresh=1 | |||
baseurl=http://download.opensuse.org/update/leap/\$releasever/oss | |||
path=/ | |||
type=rpm-md | |||
keeppackages=0 | |||
EOF | |||
</syntaxhighlight> | |||
# | |||
===Install Zypper=== | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# zypper --releasever=15.3 -R /target install zypper | |||
</syntaxhighlight> | |||
# | |||
You'll be prompted to trust various GPG keys and confirm that you want to install the zypper package and its dependencies. | |||
# | |||
===Enter chroot=== | |||
# | |||
Mount <code>/dev</code> and some other things needed by the chroot: | |||
# | <syntaxhighlight lang="text"> | ||
root@rescue:~# mount -v --bind /dev /target/dev | |||
# | root@rescue:~# mount -v -t proc procfs /target/proc | ||
root@rescue:~# mount -v -t sysfs sysfs /target/sys | |||
# | </syntaxhighlight> | ||
Enter the chroot: | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# chroot /target /bin/bash | |||
</syntaxhighlight> | |||
===Install base packages=== | |||
Install some base packages for first boot: | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # zypper --releasever=15.3 install openSUSE-release lsb grub2 dracut-tools wicked -t pattern enhanced_base | |||
</syntaxhighlight> | |||
===Configure GRUB and install kernel=== | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # cat > /etc/default/grub << EOF | |||
# If you change this file, run 'grub2-mkconfig -o /boot/grub2/grub.cfg' afterwarrds to update | |||
# /boot/grub2/grub.cfg. | |||
GRUB_DEFAULT=saved | |||
GRUB_HIDDEN_TIMEOUT=0 | |||
GRUB_HIDDEN_TIMEOUT_QUIET=true | |||
GRUB_TIMEOUT=10 | |||
# Xen consoles are on hvc0 | |||
#GRUB_CMDLINE_LINUX_DEFAULT="" | |||
GRUB_CMDLINE_LINUX_DEFAULT="console=hvc0" | |||
# I like to see all the kernel boot/shutdown messages so I remove "quiet" | |||
#GRUB_CMDLINE_LINUX="splash=silent mitigations=auto quiet" | |||
GRUB_CMDLINE_LINUX="splash=silent mitigations=auto" | |||
GRUB_TERMINAL=console | |||
GRUB_DISABLE_RECOVERY="true" | |||
EOF | |||
rescue:/ # zypper --releasever=15.3 install kernel-default | |||
</syntaxhighlight> | |||
Finally, you need to manually generate an initrd file and then generate the GRUB config: | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # dracut --kver `ls /lib/modules` | |||
rescue:/ # grub2-mkconfig -o /boot/grub2/grub.cfg | |||
</syntaxhighlight> | |||
===Networking=== | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # cat > /etc/sysconfig/network/ifcfg-eth0 << EOF | |||
TYPE='Ethernet' | |||
PROXY_METHOD='none' | |||
BROWSER_ONLY='no' | |||
DEFROUTE='yes' | |||
IPV6INIT='yes' | |||
DEVICE='eth0' | |||
ONBOOT='yes' | |||
PREFIX='21' | |||
PREFIX_0='64' | |||
DNS1='85.119.80.232' | |||
DNS2='85.119.80.233' | |||
IPADDR='85.119.82.225/21' | |||
IPADDR_0='2001:ba8:1f1:f1d7::2/64' | |||
NAME='eth0' | |||
BOOTPROTO='static' | |||
STARTMODE='auto' | |||
LABEL_0='' | |||
ZONE='public' | |||
EOF | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # cat > /etc/sysconfig/network/ifroute-eth0 << EOF | |||
85.119.80.0/21 - - eth0 | |||
2001:ba8:1f1:f1d7::/64 - - eth0 | |||
default 85.119.80.1 - eth0 | |||
default 2001:ba8:1f1:f1d7::1 - eth0 | |||
EOF | |||
</syntaxhighlight> | |||
===Set host name=== | |||
Can be skipped but you'll only have to do it after boot if so. | |||
The format of the '''/etc/hosts''' file is: | |||
* IP address | |||
* Fully-qualified host name, i.e. what this host would be reachable as from the Internet | |||
* Zero or more short alias names | |||
Each separated by white space. | |||
Note the append ('<tt>'''>>'''</tt>') on the second '''cat'''; don't clobber the existing contents of the hosts file. | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # cat > /etc/hostname << EOF | |||
susetest1 | |||
EOF | |||
rescue:/ # cat >> /etc/hosts << EOF | |||
85.119.82.225 susetest1.vps.bitfolk.space susetest1 | |||
EOF | |||
</syntaxhighlight> | |||
===Create fstab=== | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # cat > /etc/fstab << EOF | |||
/dev/xvda1 / btrfs defaults,noatime 0 0 | |||
LABEL=SWAP swap swap defaults 0 0 | |||
EOF | |||
</syntaxhighlight> | |||
===Set root password=== | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # passwd root | |||
</syntaxhighlight> | |||
===SSHD configuration=== | |||
The default configuration of SSHD is to both allow password logins and allow root logins. I would recommend you change at least one of these settings before your first boot | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # zypper --releasever=15.3 install openssh | |||
rescue:/ # sed -i 's/.*PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |||
rescue:/ # sed -i 's/.*PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config | |||
</syntaxhighlight> | |||
===Exit chroot and dismount=== | |||
<syntaxhighlight lang="text"> | |||
rescue:/ # exit | |||
root@rescue:~# umount /target/sys | |||
root@rescue:~# umount /target/proc | |||
root@rescue:~# umount /target/dev | |||
root@rescue:~# umount /target | |||
</syntaxhighlight> | |||
===Stop the rescue VM=== | |||
<syntaxhighlight lang="text"> | |||
root@rescue:~# poweroff | |||
</syntaxhighlight> | |||
==First boot== | |||
Boot and then log in as root with the password you set earlier: | |||
<syntaxhighlight lang="text"> | |||
xen-shell> boot | |||
</syntaxhighlight> | |||
===Firewall=== | |||
Currently there is no firewall running, so we need to configure it and start it: | |||
<syntaxhighlight lang="text"> | |||
localhost:~ # zypper install firewalld | |||
localhost:~ # firewall-offline-cmd --zone=public --add-service=ssh | |||
localhost:~ # systemctl enable firewalld | |||
localhost:~ # systemctl start firewalld | |||
</syntaxhighlight> | |||
===Add a user=== | |||
<syntaxhighlight lang="text"> | |||
localhost:~ # useradd -m user | |||
localhost:~ # passwd user | |||
</syntaxhighlight> | |||
You can add your ssh keys to <code>/home/user/.ssh/authorized_keys</code> to allow login via SSH. You will be able to use <code>sudo</code> to perform actions as root. | |||
====Sudo with user password==== | |||
By default, sudo will ask for the password of the target user (usually root). If you want it to ask for the user's own password you will need to take the following steps: | |||
<syntaxhighlight lang="text"> | |||
localhost:~ # groupadd wheel | |||
localhost:~ # usermod -a -G wheel user | |||
</syntaxhighlight> | |||
You will now need to use <code>visudo</code> to change sudo's configuration: | |||
<syntaxhighlight lang="text"> | |||
localhost:~ # sypper install vim # or whatever other editor you like | |||
localhost:~ # visudo | |||
</syntaxhighlight> | |||
Search for the following lines and uncomment the second line: | |||
<syntaxhighlight lang="text"> | |||
## Uncomment to allow members of group wheel to execute any command | |||
# %wheel ALL=(ALL) ALL | |||
</syntaxhighlight> | |||
And add this line above to turn off '''targetpw''' for users in group '''wheel''': | |||
<syntaxhighlight lang="text"> | |||
## Uncomment to allow members of group wheel to execute any command | |||
Defaults:%wheel !targetpw | |||
%wheel ALL=(ALL) ALL | |||
</syntaxhighlight> | |||
Exit with <code><kbd>:</kbd><kbd>w</kbd><kbd>q</kbd></code>. | |||
==All done== | |||
OpenSUSE is now installed. You can log out of the Xen console and SSH in via the user you've just created. | |||
Latest revision as of 01:39, 31 January 2022
Install OpenSUSE
Make sure you're in PVH mode
xen-shell> virtmode pvh
Boot rescue VM and log in
xen-shell> rescue
After a while you'll be presented with a login prompt. The password is auto-generated and should be printed a few lines above the prompt. Once you're logged in, become root:
user@rescue:~$ sudo -i
root@rescue:~#
Install required utilities into rescue VM
root@rescue:~# apt update
root@rescue:~# apt install rpm zypper curl btrfs-progs zstd parted
Set up partitions on disk
Wipe existing block devices:
root@rescue:~# for d in a b; do wipefs -a /dev/xvd${d}; done
Create partitions:
root@rescue:~# parted -s /dev/xvda mklabel gpt mkpart root btrfs 0% 100%
root@rescue:~# parted -s /dev/xvda set 1 boot on
root@rescue:~# parted -s /dev/xvdb mklabel gpt mkpart swap linux-swap 0% 100%
root@rescue:~# mkfs.btrfs /dev/xvda1
root@rescue:~# mkswap -L SWAP /dev/xvdb1
Finally, mount the partition:
root@rescue:~# mkdir -vp /target && mount -v /dev/xvda1 /target
Copy in resolv.conf
root@rescue:~# mkdir /target/etc/
root@rescue:~# cp -v /etc/resolv.conf /target/etc/
Set up Zypper repoes
root@rescue:~# mkdir -p /target/etc/zypp/repos.d/
root@rescue:~# cat <<-EOF > /target/etc/zypp/repos.d/repo-oss.repo
[repo-oss]
name=Main Repository
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/distribution/leap/\$releasever/repo/oss/
path=/
type=rpm-md
keeppackages=0
EOF
root@rescue:~# cat <<-EOF > /target/etc/zypp/repos.d/repo-update.repo
[repo-update]
name=Main Update Repository
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/update/leap/\$releasever/oss
path=/
type=rpm-md
keeppackages=0
EOF
Install Zypper
root@rescue:~# zypper --releasever=15.3 -R /target install zypper
You'll be prompted to trust various GPG keys and confirm that you want to install the zypper package and its dependencies.
Enter chroot
Mount /dev and some other things needed by the chroot:
root@rescue:~# mount -v --bind /dev /target/dev
root@rescue:~# mount -v -t proc procfs /target/proc
root@rescue:~# mount -v -t sysfs sysfs /target/sys
Enter the chroot:
root@rescue:~# chroot /target /bin/bash
Install base packages
Install some base packages for first boot:
rescue:/ # zypper --releasever=15.3 install openSUSE-release lsb grub2 dracut-tools wicked -t pattern enhanced_base
Configure GRUB and install kernel
rescue:/ # cat > /etc/default/grub << EOF
# If you change this file, run 'grub2-mkconfig -o /boot/grub2/grub.cfg' afterwarrds to update
# /boot/grub2/grub.cfg.
GRUB_DEFAULT=saved
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
# Xen consoles are on hvc0
#GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX_DEFAULT="console=hvc0"
# I like to see all the kernel boot/shutdown messages so I remove "quiet"
#GRUB_CMDLINE_LINUX="splash=silent mitigations=auto quiet"
GRUB_CMDLINE_LINUX="splash=silent mitigations=auto"
GRUB_TERMINAL=console
GRUB_DISABLE_RECOVERY="true"
EOF
rescue:/ # zypper --releasever=15.3 install kernel-default
Finally, you need to manually generate an initrd file and then generate the GRUB config:
rescue:/ # dracut --kver `ls /lib/modules`
rescue:/ # grub2-mkconfig -o /boot/grub2/grub.cfg
Networking
rescue:/ # cat > /etc/sysconfig/network/ifcfg-eth0 << EOF
TYPE='Ethernet'
PROXY_METHOD='none'
BROWSER_ONLY='no'
DEFROUTE='yes'
IPV6INIT='yes'
DEVICE='eth0'
ONBOOT='yes'
PREFIX='21'
PREFIX_0='64'
DNS1='85.119.80.232'
DNS2='85.119.80.233'
IPADDR='85.119.82.225/21'
IPADDR_0='2001:ba8:1f1:f1d7::2/64'
NAME='eth0'
BOOTPROTO='static'
STARTMODE='auto'
LABEL_0=''
ZONE='public'
EOF
rescue:/ # cat > /etc/sysconfig/network/ifroute-eth0 << EOF
85.119.80.0/21 - - eth0
2001:ba8:1f1:f1d7::/64 - - eth0
default 85.119.80.1 - eth0
default 2001:ba8:1f1:f1d7::1 - eth0
EOF
Set host name
Can be skipped but you'll only have to do it after boot if so.
The format of the /etc/hosts file is:
- IP address
- Fully-qualified host name, i.e. what this host would be reachable as from the Internet
- Zero or more short alias names
Each separated by white space.
Note the append ('>>') on the second cat; don't clobber the existing contents of the hosts file.
rescue:/ # cat > /etc/hostname << EOF
susetest1
EOF
rescue:/ # cat >> /etc/hosts << EOF
85.119.82.225 susetest1.vps.bitfolk.space susetest1
EOF
Create fstab
rescue:/ # cat > /etc/fstab << EOF
/dev/xvda1 / btrfs defaults,noatime 0 0
LABEL=SWAP swap swap defaults 0 0
EOF
Set root password
rescue:/ # passwd root
SSHD configuration
The default configuration of SSHD is to both allow password logins and allow root logins. I would recommend you change at least one of these settings before your first boot
rescue:/ # zypper --releasever=15.3 install openssh
rescue:/ # sed -i 's/.*PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
rescue:/ # sed -i 's/.*PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
Exit chroot and dismount
rescue:/ # exit
root@rescue:~# umount /target/sys
root@rescue:~# umount /target/proc
root@rescue:~# umount /target/dev
root@rescue:~# umount /target
Stop the rescue VM
root@rescue:~# poweroff
First boot
Boot and then log in as root with the password you set earlier:
xen-shell> boot
Firewall
Currently there is no firewall running, so we need to configure it and start it:
localhost:~ # zypper install firewalld
localhost:~ # firewall-offline-cmd --zone=public --add-service=ssh
localhost:~ # systemctl enable firewalld
localhost:~ # systemctl start firewalld
Add a user
localhost:~ # useradd -m user
localhost:~ # passwd user
You can add your ssh keys to /home/user/.ssh/authorized_keys to allow login via SSH. You will be able to use sudo to perform actions as root.
Sudo with user password
By default, sudo will ask for the password of the target user (usually root). If you want it to ask for the user's own password you will need to take the following steps:
localhost:~ # groupadd wheel
localhost:~ # usermod -a -G wheel user
You will now need to use visudo to change sudo's configuration:
localhost:~ # sypper install vim # or whatever other editor you like
localhost:~ # visudo
Search for the following lines and uncomment the second line:
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
And add this line above to turn off targetpw for users in group wheel:
## Uncomment to allow members of group wheel to execute any command
Defaults:%wheel !targetpw
%wheel ALL=(ALL) ALL
Exit with :wq.
All done
OpenSUSE is now installed. You can log out of the Xen console and SSH in via the user you've just created.