Debian Template VM

To speed-up later VMs deployments, you better start creating a VM template that will fit most of your later needs as a base OS. One of the most stable, versatile and full-featured distribution which is extremely well supported by an extended community throughout the world is Debian.
This is the reason we'll use this distro as our base OS to setup our fresh VM template.

This template will be based on the latest Debian Stable release which, at the time of writing, is Debian Jessie (8.2).

PLEASE NOTE: although all of the installation process steps will be identical whatever your virtualization environment, what follows includes steps specifically intended to prepare a VM that will run within a VirtualBox environment.

In case you'd like to know how to install VirtualBox on a Debian (LMDE 2) workstation, you can refer to this other wiki article.

(VirtualBox specific)

Open the VirtualBox desktop application and use the “New” button to start creating a fresh virtual machine, we'll use the following:

• Name: Debian-8.2-amd64
• Type: Linux
• Version: Debains (64-bit)

Let's allow 1GB of RAM and an 8GB hard disk, you can change these values to fit your needs, note that we'll also use LVM to ease later hard disk size modification.

• Memory: 1024 MB
• Hard disk: Create a virtual hard disk now
  • VDI
  • Dynamically allocated
  • 8.00GB

Create the VM.

In our general purpose template, we'd like to have, by default, two inner networks:

• NAT network allowing access to the Internet (via DHCP)
• Host-only network allowing management access on a fixed IP

In this way, the guest OS will never interfere with the network in which the host machine evolves, as it will use NAT and DHCP to the host for Internet access. We'll also have a persistent, fixed, IP address which we can use to access this specific VM through the Host-only network.

VirtualBox offers a simple and elegant way to achieve this configuration, without the need for you to tweak your host's network config.

In the VirtualBox desktop application, go to the menu File > Preferences (Ctrl-G) and select Network in the left list.

In the NAT Networks, double click on the existing NatNetwork entry (or click on the + icon on the right to create a new entry). Configure it as follow:

• Network Name: NatNetwork
• Network CIDR: 10.0.2.0/24
• Network Options
  • Support DHCP

The 10.0.2.0/24 might need to be changed in case your local network is already using those sub-network addresses…

Then click the Host-only Networks tab and click on the + icon on the right to create a new network if it doesn't already exist:

• Adapter vboxnet0
  • IPv4 Address: 172.20.20.1
  • IPv4 Network Mask: 255.255.255.0

Leave DHCP server empty for this config.

For the moment we'll set the VM description as: Debian 8.2

Now we need the debian .iso file to initiate the VM OS install. All installation images for Debian are available on the Get Debian page, we'll use the 64-bit PC netinst iso image, downloading it somewhere on our host system, lets say our downloaded file location is: /home/<myuser>/Downloads/debian-8.2.0-amd64-netinst.iso

Let's now associate this iso file as the startupr disk for our VirtualBox VM:

In the VirtualBox desktop application interface, having your fresh VM selected in the left column, click on the Storage tab. You should see a panel exposing 2 controllers:

• Controller: IDE
  • Empty
• Controller: SATA
  • Debian-8.2-amd64.vdi

Select the empty entry and click on the CD disk icon to “Choose Optical Disk File…“, in the dialog that opens, select the downloaded Debian .iso file you got from the previous step: /home/<myuser>/Downloads/debian-8.2.0-amd64-netinst.iso

Start the VirtualBox VM using the Start button on top of the VitualBox window.

Let's start our VM to delve into the Debian installation process (click on the green arrow in the VirtualBox interface). A window opens, showing you the Debian installation interface. As a general rule you can use the up, down, left, right and tab keys to navigate the menus the Debian installer will present you.

Select the first option: Install (enter)

Use up / down arrows keyboard keys to select what's appropriate to your needs:

• Language
• Location
• Locales
• Keyboard

Select a hostname for the system: DEBIAN 8.2 (continue)
Set root password.
New user: System Administrator
Username for user account: sysadmin
Password:

Partitioning method:

• Manual
• SCSI (0,0,0) (sda) 8.6 GB ATA VBOX HARDISK
• Create one single partition filling all free space

You'll be asked if you want to proceed without a swap partition, go ahead and say “yes”, as we'll create a swap file later-on.
This choice is aiming at simplifying potential subsequent needs of extending the hard disk partition, since we won't have to worry about partitioning scheme and will only have one single partition to extend.

Configure the package manager:

get back to the top of the list: enter information manually:

• deb.debian.org as mirror hostname
• directory: /debian/
• proxy: (leave blank)

The http://deb.debian.org address is intended to always link your system to the most effective mirror related to the place where you're currently standing. Please refer to the deb.debian.org site for more information.

Software selection:

• uncheck: Debian desktop environment
• check only: ssh server + standard system utilities

Accept the default GRUB loader master boot record location (/dev/sda).

The Debian installation process has completed !

The first thing we'll do is setup the NICs configuration so that we'll have access to the system through an ssh connection. As we've linked 2 NICs to our VM, we'll use the one on the NAT network with DHCP, while configuring a static IP on the other, linked to the vboxnet0 virtual network.

To do so, we use the console that VirtualBox presents for the running VM and log in as root.

First we check the IP configuration:

> ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:bc:55:8e brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:febc:558e/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 08:00:27:44:2f:bd brd ff:ff:ff:ff:ff:ff

We see that the NAT NIC is named enp0s3 and has received an IP address, while the vboxnet0 NIC is referred to as enp0s8, but this one is DOWN.
Let's change this by editing the /etc/network/interfaces configuration file. In order to assign a static IP on vboxnet0 for our VM and keep the DHCP on the NAT, something like the following should do:

> nano /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The NAT network interface
allow-hotplug enp0s3
iface enp0s3 inet dhcp

# The vboxnet0 network interface
allow-hotplug enp0s8
iface enp0s8 inet static
	address 172.20.20.10/24

Restarting the network is sometimes tricky, so as long as we're still configurating our VM, the easiest way is to reboot, but don't be too fast !

For ease of use we'll want to be able to login as root using an rsa key, which will be uploaded using the ssh-copy-id command, but this requires us to be able to log in at least once using a password

Let's prepare that by editing our ssh daemon configuration file /etc/ssh/sshd_config:

> nano /etc/ssh/sshd_config

REPLACE (line 32)
#PermitRootLogin prohibit-password

WITH
PermitRootLogin yes

CTRL+x, y, Enter, to save the file.

We're now ready to reboot:

> reboot

Once the VM has rebooted, we should be able to access it using a terminal on the host machine.
To make sure this works, let's ping our guest VM:

> ping 172.20.20.10
PING 172.20.20.10 (172.20.20.10) 56(84) bytes of data.
64 bytes from 172.20.20.10: icmp_seq=1 ttl=64 time=0.511 ms
64 bytes from 172.20.20.10: icmp_seq=2 ttl=64 time=0.560 ms
64 bytes from 172.20.20.10: icmp_seq=3 ttl=64 time=0.547 ms
...

Since the VM can be reached, let's upload our rsa key to it.
In case you don't have an rsa key pair on your computer, and don't know how to generate it, you can refer to this DigitalOcean Tutorial to learn how to do this.

> ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.20.20.10

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.20.20.10's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@172.20.20.10'"
and check to make sure that only the key(s) you wanted were added.

Now that our key is on the guest VM, we'll log into it without having to enter a password. We'll immediately reinforce no password login for root once we're hooked:

> nano /etc/ssh/sshd_config

REPLACE (line 32)
PermitRootLogin yes

WITH
PermitRootLogin prohibit-password

CTRL+x, y, Enter, to save the file

Note that this time the line is uncommented, this means we need an rsa key to login as root.

All that is left is to reload our ssh daemon configuration to enforce the new configuration:

> systemctl reload sshd

The default shell is sometimes a bit difficult to read, an there are a few useful utilities that we'd want to have at hand to manage our VM, so let's install our favorite ones. Note that the apt-get update and apt-get upgrade instructions are not necessary on a fresh install, they are here only to remind one that it's always best to update the system before a complementary package installation:

> apt-get update
> apt-get upgrade
> apt-get install htop nload sysstat tmux ranger 

We won't detail here and now what each package does, but feel free to discover what each of those can help you do in the shell, you won't be disappointed…

This article explains how to install and configure sysstat package (which contains sar utility) and explains how to monitor the following Linux performance statistics using sar.

• Collective CPU usage
• Individual CPU statistics
• Memory used and available
• Swap space used and available
• Overall I/O activities of the system
• Individual device I/O activities
• Context switch statistics
• Run queue and load average data
• Network statistics
• Report sar data from a specific time

You could start discovering tmux using this cheat sheet.

Here is a nice reference for ranger functions: http://ranger.nongnu.org/ranger.1.html

One of the main difficulty in reading the console is that, unconfigured, it is totally monochromatic.
Adding colors can help the user's eye catch the structure and meanings of the output. That's what we'll do now.

Spotting the shell prompt is important as it not only can bring some important info, like the user/server names and working directory, it also allows to visually separate each command output. Here is a way to greatly enhance your shell prompt, not only colorizing it, but choosing what info is displayed.

The following example was created using the great tool available at http://bashrcgenerator.com/, it's warmly recommended that you build your own prompt using this fantastic tool.

export PS1="\[\033[38;5;130m\][\d]\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;208m\]\t\[$(tput sgr0)\]\[\033[38;5;15m\]\n\[$(tput sgr0)\]\[\033[38;5;75m\]\w\[$(tput sgr0)\]\[\033[38;5;15m\]\n\[$(tput sgr0)\]\[\033[38;5;82m\]\u\[$(tput sgr0)\]\[\033[38;5;64m\]@\[$(tput sgr0)\]\[\033[38;5;71m\]\H\[$(tput sgr0)\]\[\033[38;5;15m\] > \[$(tput sgr0)\]"

Note that, in our final .bashrc code, we will add tty -s && in front of this to avoid errors when connecting through ssh from a non-tty instance (like rsync or zfs send/receive).

Colored prompt in tmux

As we plan to use tmux (a lot), we'll need to have it run in 256 colors, which is not the case by default. To fix this we need to alias the tmux command as well as modify the tmux configuration file:

# tmux 256 colors for prompt compatibility
alias tmux='TERM=xterm-256color tmux'

set -g default-terminal "screen-256color"

Another enhancement that a colored shell can bring is an easy way to identify listed elements by their color. The simplest way to achieve this is by adding the following code in you ~/.bashrc file:

# Listing colors
export LS_OPTIONS='--color=auto'
eval "$(dircolors -b)"
alias ls='ls $LS_OPTIONS'

This will colorize your listing outputs with the preconfigured dircolors values. You could spend some time building your own preferred file types colors by using the references presented on this linux-sxs.org page. That would be used in your ~/.bashrc file as follow:

alias ls='ls --color'
LS_COLORS='di=92:fi=0:ln=100:pi=5:so=5:bd=5:cd=5:or=31:mi=0:ex=95:*.rpm=90'
export LS_COLORS

Finally, aliases are a great way to simplify some commands usage. Here is one example that makes nano always display the line/character number you're editing:

# CUSTOM ALIASES
alias nano="nano -c"

> su root
password:
> apt-get install sudo
> usermod -a sysadmin -G sudo

You might need to uncomment the sudo group members line in /etc/sudoers using visudo:

[> su root]
[password:]
> visudo

Check for line:
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

Make sure this line is NOT commented out.

Please note that you might have to re-connect to a new session to have the user's sudo rights activated.

> apt-get install build-essential module-assistant
> m-a prepare

From VM's window menu: Devices > Insert Guest Additions CD image...

> mount /media/cdrom
> sh /media/cdrom/VBoxLinuxAdditions.run

If you encounter problems with Debian 9 check this link: https://unix.stackexchange.com/questions/379501/error-installing-virtualbox-additions-on-debian-9

In case you are working with XenServer, you first need to connect the xs-tools.iso to your newly installed VM. This can be achieved using a GUI application like XenCenter (Windows only) or OpenXenManager (Python > All platforms). You might also choose to install Xen Orchestra as a VM straight on your XenServer platform, which will give you access to a nice Web GUI to manage your XenServer pools.

If you prefer to use the command line interface, refer to this (russian) article for the details. The command to link an ISO to a VM is something like: xe vm-cd-insert cd-name=“name-label of device” vm=“name-label of VM”.

Once the xs-tools.iso is connected to your debian VM, do the following on the VM CLI to install XenTools:

> mount /dev/cdrom /mnt
> bash /mnt/Linux/install.sh
> umount /dev/cdrom

In case you get a message like:

mount: wrong fs type, bad option, bad superblock on /dev/sr0,
       missing codepage or helper program, or other error

Try to issue the mount /dev/cdrom /mnt command a second time, this seems to work !

To figure out how to install the XenServer Tools on other OSs, please refer to this XenOrchestra web page.