User:Moggers87/Installing Opensuse

From BitFolk
Jump to navigation Jump to search

Install OpenSUSE

Make sure you're in PVH mode

xen-shell> virtmode pvh

Boot rescue VM and log in

xen-shell> rescue

After a while you'll be presented with a login prompt. The password is auto-generated and should be printed a few lines above the prompt. Once you're logged in, become root:

user@rescue:~$ sudo -i
root@rescue:~#

Install required utilities into rescue VM

root@rescue:~# apt update
root@rescue:~# apt install rpm zypper curl btrfs-progs zstd parted

Set up partitions on disk

Wipe existing block devices:

root@rescue:~# for d in a b; do wipefs -a /dev/xvd${d}; done

Create partitions:

root@rescue:~# parted -s /dev/xvda mklabel gpt mkpart root btrfs 0% 100%
root@rescue:~# parted -s /dev/xvda set 1 boot on
root@rescue:~# parted -s /dev/xvdb mklabel gpt mkpart swap linux-swap 0% 100%
root@rescue:~# mkfs.btrfs /dev/xvda1
root@rescue:~# mkswap -L SWAP /dev/xvdb1

Finally, mount the partition:

root@rescue:~# mkdir -vp /target && mount -v /dev/xvda1 /target

Copy in resolv.conf

root@rescue:~# mkdir /target/etc/
root@rescue:~# cp -v /etc/resolv.conf /target/etc/

Set up Zypper repoes

root@rescue:~# mkdir -p /target/etc/zypp/repos.d/
root@rescue:~# cat <<-EOF > /target/etc/zypp/repos.d/repo-oss.repo
[repo-oss]
name=Main Repository
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/distribution/leap/\$releasever/repo/oss/
path=/
type=rpm-md
keeppackages=0
EOF
root@rescue:~# cat <<-EOF > /target/etc/zypp/repos.d/repo-update.repo
[repo-update]
name=Main Update Repository
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/update/leap/\$releasever/oss
path=/
type=rpm-md
keeppackages=0
EOF

Install Zypper

root@rescue:~# zypper --releasever=15.3 -R /target install zypper

You'll be prompted to trust various GPG keys and confirm that you want to install the zypper package and its dependencies.

Enter chroot

Mount /dev and some other things needed by the chroot:

root@rescue:~# mount -v --bind /dev /target/dev
root@rescue:~# mount -v -t proc procfs /target/proc
root@rescue:~# mount -v -t sysfs sysfs /target/sys

Enter the chroot:

root@rescue:~# chroot /target /bin/bash

Install base packages

Install some base packages for first boot:

rescue:/ # zypper --releasever=15.3 install openSUSE-release lsb grub2 dracut-tools wicked -t pattern enhanced_base

Configure GRUB and install kernel

rescue:/ # cat > /etc/default/grub << EOF
# If you change this file, run 'grub2-mkconfig -o /boot/grub2/grub.cfg' afterwarrds to update
# /boot/grub2/grub.cfg.

GRUB_DEFAULT=saved
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
# Xen consoles are on hvc0
#GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX_DEFAULT="console=hvc0"
# I like to see all the kernel boot/shutdown messages so I remove "quiet"
#GRUB_CMDLINE_LINUX="splash=silent mitigations=auto quiet"
GRUB_CMDLINE_LINUX="splash=silent mitigations=auto"
GRUB_TERMINAL=console
GRUB_DISABLE_RECOVERY="true"
EOF
rescue:/ # zypper --releasever=15.3 install kernel-default

Finally, you need to manually generate an initrd file and then generate the GRUB config:

rescue:/ # dracut --kver `ls /lib/modules`
rescue:/ # grub2-mkconfig -o /boot/grub2/grub.cfg

Networking

rescue:/ # cat > /etc/sysconfig/network/ifcfg-eth0 << EOF
TYPE='Ethernet'
PROXY_METHOD='none'
BROWSER_ONLY='no'
DEFROUTE='yes'
IPV6INIT='yes'
DEVICE='eth0'
ONBOOT='yes'
PREFIX='21'
PREFIX_0='64'
DNS1='85.119.80.232'
DNS2='85.119.80.233'
IPADDR='85.119.82.225/21'
IPADDR_0='2001:ba8:1f1:f1d7::2/64'
NAME='eth0'
BOOTPROTO='static'
STARTMODE='auto'
LABEL_0=''
ZONE='public'
EOF
rescue:/ # cat > /etc/sysconfig/network/ifroute-eth0 << EOF
85.119.80.0/21 - - eth0
2001:ba8:1f1:f1d7::/64 - - eth0
default 85.119.80.1 - eth0
default 2001:ba8:1f1:f1d7::1 - eth0
EOF

Set host name

Can be skipped but you'll only have to do it after boot if so.

The format of the /etc/hosts file is:

  • IP address
  • Fully-qualified host name, i.e. what this host would be reachable as from the Internet
  • Zero or more short alias names

Each separated by white space.

Note the append ('>>') on the second cat; don't clobber the existing contents of the hosts file.

rescue:/ # cat > /etc/hostname << EOF
susetest1
EOF
rescue:/ # cat >> /etc/hosts << EOF
85.119.82.225 susetest1.vps.bitfolk.space susetest1
EOF

Create fstab

rescue:/ # cat > /etc/fstab << EOF
/dev/xvda1  /   btrfs defaults,noatime 0 0
LABEL=SWAP swap swap  defaults         0 0
EOF

Set root password

rescue:/ # passwd root

SSHD configuration

The default configuration of SSHD is to both allow password logins and allow root logins. I would recommend you change at least one of these settings before your first boot

rescue:/ # zypper --releasever=15.3 install openssh
rescue:/ # sed -i 's/.*PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
rescue:/ # sed -i 's/.*PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

Exit chroot and dismount

rescue:/ # exit
root@rescue:~# umount /target/sys
root@rescue:~# umount /target/proc
root@rescue:~# umount /target/dev
root@rescue:~# umount /target

Stop the rescue VM

root@rescue:~# poweroff

First boot

Boot and then log in as root with the password you set earlier:

xen-shell> boot

Firewall

Currently there is no firewall running, so we need to configure it and start it:

localhost:~ # zypper install firewalld
localhost:~ # firewall-offline-cmd --zone=public --add-service=ssh
localhost:~ # systemctl enable firewalld
localhost:~ # systemctl start firewalld

Add a user

localhost:~ # useradd -m user
localhost:~ # passwd user

You can add your ssh keys to /home/user/.ssh/authorized_keys to allow login via SSH. You will be able to use sudo to perform actions as root.

Sudo with user password

By default, sudo will ask for the password of the target user (usually root). If you want it to ask for the user's own password you will need to take the following steps:

localhost:~ # groupadd wheel
localhost:~ # usermod -a -G wheel user

You will now need to use visudo to change sudo's configuration:

localhost:~ # sypper install vim # or whatever other editor you like
localhost:~ # visudo

Search for the following lines and uncomment the second line:

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

And add this line above to turn off targetpw for users in group wheel:

## Uncomment to allow members of group wheel to execute any command
Defaults:%wheel !targetpw
%wheel ALL=(ALL) ALL

Exit with :wq.

All done

OpenSUSE is now installed. You can log out of the Xen console and SSH in via the user you've just created.