Arvutiteaduse instituut
  1. Kursused
  2. 2017/18 kevad
  3. Süsteemihaldus (LTAT.06.003)
EN
Logi sisse

Süsteemihaldus 2017/18 kevad

  • Home
  • Video Lectures
  • Practicals
  • Exam
  • References

Lab2 Bootstrapping Debian

In this lab we will cover the install process relying on the bootstrapping process, which in our opinion illustrates all the essential steps of the installation. Using the installer application will eventually hide all these important steps making the whole installation more user friendly, we however are aiming at expert level understanding of the GNU/Linux OS and therefore now and further we will try to avoid wizards and helpers.

Creating the VM

Next let's create VM suitable to run Debian 9.3 GNU/Linux. This newly created VM becomes our temporary environment for installing Debian.

First of all download (if you didn't in lab0) the ISO file of the distribution:

  • Official Debian repository
  • UT Local Copy (for faster download)

Once the ISO downloaded and is valid, we may create VM and install Debian(dependent on chosen emulator Qemu or VirtualBox):

  • For Qemu users:
    • First create the HDD for your VM:
    • in command line, create virtual hard disk as follows:
      • qemu-img create -f qcow2 BootstrapDebian.qcow2 10G
      • the options used here:
        • create qemu-img command for creating new virtual hard disks
        • -f qcow2 virtual hard disk file format, QEMU Copy-On-Write format (more details here)
        • BootstrapDebian.qcow2 the name of the file to be created in your CWD
        • 10G maximal size of the virtual hard disk. The actual file will be several kilobytes after creation, however it will grow once we start filling the disk with the data (due to Dynamically allocated variant of virtual disk).
      • Now create a second virtual hard disk with same parameters but different name e.g. BootstrapDebian2.qcow2 .
    • Next start the VM using newly created HDD:
    • in command line, start Qemu as follows:
      • qemu-system-i386 --enable-kvm -m 1024M -hda BootstrapDebian.qcow2 -hdb BootstrabDebian2.qcow2 -cdrom debian-live-9.3.0-i386-xfce.iso -boot d
      • the options used here:
        • --enable-kvm forcing KVM hypervizer (CPU-virtualization feature has to be enabled)
        • -m 1024M amount of RAM to assign for the VM
        • -cdrom debian-live-9.3.0-i386-xfce.iso install Live ISO file into VM's CD-ROM
        • -boot d force VM to boot CD-ROM first

As a result the VM should start Live CD boot process

  • the issued command will run blocking your CLI
  • new window will opened illustrating VM's VGA output
    • NB! For releasing the mouse pointer use left Ctrl+Alt key combination
  • you should see the boot menu page with possible boot options

Killing the running VM instance can be do by

  • Closing the VM-window
  • Issuing Ctrl+C in the CLI

Remember the corresponding command you used to run the VM again once you have killed it.

  • For VirtualBox users:
    • Open the VirtualBox application, and click New Button
      • Give a new VM a name BootstrapDebian
      • Choose a type Linux
      • Choose version Debian (32-bit)
      • Click Next
      • Specify amount of memory 1024MB, as this will be enough for testing purposes
      • Click Next
        • Select Create a virtual hard disk now
      • Click Next
        • Select VDI (VirtualBox Disk Image)
      • Click Next
        • Select Dynamically allocated
      • Click Next
        • Set 10 GB as size
      • Click Create
    • The newly created VM should be visible in the VM list (in the left in VirtualBox main window you should see BootStrapDebian icon)
    • Right-click on it and select Settings
      • Go to System -> Processor tab -> select 2 CPU cores and Enable PAE/NX -> Acceleration tab -> Verify that Enable VT-x/AMD-V is marked -> Click OK.
      • Go to Storage -> Click Controller: SATA -> Click second icon with green "plus sign" called Add hard disk -> Create new disk -> Select VDI (VirtualBox Disk Image) -> Select Dynamically allocated -> 10GB -> Click Create -> Click OK.
    • Double-click on BootstrapDebian VM in the list of VMs
    • During the first boot, the VM will ask to provide an ISO image to boot from
      • Provide the ISO file of the live version of Debian 9.3 which was copied or downloaded in previous lab.

As a result the VM should start Live CD boot process

  • the new window will appear illustrating VM's VGA output
    • For releasing the mouse pointer use right Ctrl key
  • you should see the boot menu page with possible boot options

In order kill/reset the running instance:

  • In menu File of the running VM's window
  • Select Close
  • Chose Power off ...

Next time you need to run the VM you can just double-click the corresponding icon in the VM list

After you have started the VM a Debian Live boot windows should appear:

  • Please select First option Debian Gnu/Linux Live (kernel 4.9...) and hit Enter
  • The standard boot process will take place and bring to a login prompt:
    • The default user for any Debian live is user with password live

Now we are ready to boot into Debian Live and start installing Debian manually!

Bootstrapping Debian 9.3 into virtual HDD using Debian Live shell

The first thing we need to do is to switch to root shell in order to have access to utils like:

  • fdisk, mkfs.ext4, mkswap, tune2fs, apt, mount, nano, vi, debootstrap (etc.)
  • ... which we will use to setup the OS up.

'Changing to root shell in Live Normally I would do this over su - in live however it is not critical to avoid sudo, so we do this like:

  • sudo su -

And afterwards we may notice our user shell sign $ changed # (a sign of a root shell).
Now we can start partitioning and formatting our HDD.

Partitioning virtual HDD (DOS or GPT)
First of all make sure we have HDD in our system at all:

  • # fdisk -l or
  • # lsblk
  • ... should give us an information about attached hard drives and partitions
    • We should see /dev/sda (the first hard drive) and /dev/sdb empty with 10 GiB of free space each.


Enter the fdisk interactive partitioning tool:

  • # fdisk /dev/sda
  • Now here we operate the the using keys, for example key m gives a manual of all other keys to control fdisk
  • Lets create a fresh DOS partition table issuing o
  • Now click n to create a first partition table
    • It will ask to select primary/extended, in our setup we will rely on primary partitions only (we will only have 2 of them)
    • Now confirm the 1 for partition number and 2048 for the offset of first sector
    • Next select the last sector by giving an amount of desired free space +200M
  • Now you can see the first partition was created, you can check it using p key.
  • Next we give a type for a first partition which we make a boot area of our OS (what it is by the way ?)
    • Hit t for specifying the type, and you may have list of all types using L
    • Enter the code ef for type EFI file system and hit Enter
  • Now create another primary partition, allocating the remaining free space for it and giving it a type Linux raid auto (code fd).
    • In order to make it use all the remaining space - in the dialog, when asked about the last sector just leave the default value as it is (default value is the last possible sector to allocate on HDD).
  • Save the partition table using w key which will also terminate the fdisk and refresh the partition partition tables in kernel.

The correct output for p command in fdisk

  • In case you did something wrong or want to redo you can use # fdisk /dev/sda and then hit d to delete partitions.

Repeat the process for a second disk

  • # fdisk /dev/sdb

The correct output for lsblk command

RAID 1 for better data reliability
RAID (Redundant Array of Independent Disks, originally Redundant Array of Inexpensive Disks) is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemes, or data distribution layouts, are named by the word "RAID" followed by a number, for example RAID 0 or RAID 1. Each schema, or RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable sector read errors, as well as against failures of whole physical drives. https://en.wikipedia.org/wiki/RAID

First we need to update available package list

  • # apt update.

Now we can install mdadm tool

  • # apt install mdadm .

Lets create md0 array from /dev/sda1 and /dev/sdb1

  • # mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 --metadata=0.90 /dev/sda1 /dev/sdb1 .

Format the first RAID array as FAT32 using command

  • # mkfs.vfat -n BOOT -F32 /dev/md0 .

Lets create md1 array from /dev/sda2 and /dev/sdb2

  • # mdadm --create --verbose /dev/md1 --level=1 --raid-devices=2 /dev/sda2 /dev/sdb2 .
  • Accept the warning about metadata.
  • Now lsblk output should look like this
  • You can check status of RAID arrays with cat /proc/mdstat command

For added security lets encrypt the data parts of our disks
dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API. The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of the block device – it does not interpret any data itself. It relies on user space front-ends to create and activate encrypted volumes, and manage authentication. At least two frontends are currently available: cryptsetup and cryptmount. The cryptsetup command-line interface, by default, does not write any headers to the encrypted volume, and hence only provides the bare essentials: encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only one key can be used per volume; the symmetric encryption key is directly derived from the supplied passphrase. https://en.wikipedia.org/wiki/Dm-crypt

  • Make sure the cryptsetup package is installed

# apt install cryptsetup

  • Encrypt the md1 array with cipher: aes-xts-plain64 and hash: sha-512

# cryptsetup luksFormat -c aes-xts-plain64 -h sha512 -y -v /dev/md1 .

  • Confirm the formatting
  • Open the encrypted array md1 into a mapped drive crypt1

# cryptsetup luksOpen /dev/md1 crypt1 .

  • You can chek if the newly opened disk is available in lsblk list

LVM

In Linux, Logical Volume Manager (LVM) is a device mapper target that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

LVM is used for the following purposes:

  • Creating single logical volumes of multiple physical volumes or entire hard disks (somewhat similar to RAID 0, but more similar to JBOD), allowing for dynamic volume resizing.
  • Managing large hard disk farms by allowing disks to be added and replaced without downtime or service disruption, in combination with hot swapping.
  • On small systems (like a desktop), instead of having to estimate at installation time how big a partition might need to be, LVM allows filesystems to be easily resized as needed.
  • Performing consistent backups by taking snapshots of the logical volumes.

LVM can be considered as a thin software layer on top of the hard disks and partitions, which creates an abstraction of continuity and ease-of-use for managing hard drive replacement, repartitioning and backup.

  • Install lvm2 package,

# apt install lvm2

  • Create a Physical Volume (PV) using the mapped crypted drive

# pvcreate /dev/mapper/crypt1

  • Check that PV was created successfully

# pvs
# pvdisplay

  • Create a Volume Group (VG) named 'system' using the PV we have just created

# vgcreate vgsystem /dev/mapper/crypt1

  • Check that VG was created successfully

# vgs
# vgdisplay

  • Create following Logical Volumes (LV) in volume group system

# lvcreate -L 8G -n lvroot vgsystem
# lvcreate -l 100%FREE -n lvswap vgsystem

  • Check that LV was created successfully

# lvs
# lvdisplay

If done correctly lsblk should look like something like this

  • Format the lvroot partitions into ext4 using command

# mkfs.ext4 -L ROOT /dev/mapper/vgsystem-lvroot .

  • Flag -L adds a label to the partition.
  • Format swap partition

# mkswap -L SWAP /dev/mapper/vgsystem-lvswap .

  • To verify previous command you can use blkid command

Adding created partition to the file tree
The newly formatted ROOT file system is not yet added to the file tree, hence it is impossible to create any files in there. First we need to add the file system to the system file tree by specifying a directory for it (mounting a file system to a directory). Create a new directory under /mnt named NewRoot. Mount the root partition (by its label) to the newly created directory,

  • Lets mount partition with label ROOT to /mnt/NewRoot

# mkdir /mnt/NewRoot
# mount -L ROOT /mnt/NewRoot

  • We created separate partition for BOOT so now lets mount it to /mnt/NewRoot/boot

# mkdir /mnt/NewRoot/boot
# mount -L BOOT /mnt/NewRoot/boot

  • PS! Check that you have two different -L parameters in previous command one starts with R (r) and another with B (b).
  • Use lsblk to check that /mnt/NewRoot/boot is munted to /dev/md0 and /mnt/NewRoot to /dev/mapper/vgsystem-lvroot.

Bootstrapping the new Debian into ROOT filesystem

Install debootstrap package using command:

  • # apt install debootstrap .

Let us check that /mnt/NewRoot has only boot folder

  • # ls -la /mnt/NewRoot

Next command will install the basic Debian (version 9.3 - stretch) system into the specified directory using the closest to us Estonian mirror of the Debian repository.

  • # debootstrap stretch /mnt/NewRoot http://ftp.ee.debian.org/debian .

Let us verify that /mnt/NewRoot have linux files and folders

  • # ls -la /mnt/NewRoot

Confinguring the hostname, file system map and network

  • Navigate to /mnt/NewRoot

# cd /mnt/NewRoot

  • Now change your hostname in etc/hostname with nano to newdebian.

# nano etc/hostname use CTRL+X key-combination to exit and hit Y to save.

  • Open etc/hosts file and add a new line after the line 127.0.0.1 localhost . The new line should be 127.0.1.1 newdebian . Please note, we refer here to etc/hostname, etc/hosts with no top-directory prefix / as the /etc/hostname is an absolute path and belongs to Debian Live environment and etc/hostname is relative path and is in fact /mnt/NewRoot/etc/hostname and belongs to new Debian we are setting up.
  • Add the following lines to etc/fstab (use TAB key instead of spaces in this file). 
 LABEL=BOOT	/boot	vfat	defaults	0	0 
 LABEL=ROOT	/	ext4	defaults,errors=remount-ro	0	0
 LABEL=SWAP	swap	swap	defaults	0	0
  • Open the etc/network/interfaces and add the following lines 
 auto lo
 iface lo inet loopback

 auto eth0
 iface eth0 inet dhcp

Change root into new Debian
Currently we have just one Debian environment running on Linux kernel. What we do next is that we first share the kernel specific directories of the Debian Live with our new Debian. In file tree we will have to now link existing kernel directories into the new root directory.

Navigate to new Debian root first:

  • # cd /mnt/NewRoot

Next do linking using --bind option of a mount commands:

  • # mount --bind /dev dev
  • # mount --bind /proc proc
  • # mount --bind /sys sys

Now run command:

  • # chroot /mnt/NewRoot

Which will change the top level directory / of Live Debian into /mnt/NewRoot of our new Debian. Now the active environment is not anymore the one of Debian Live but the on new Debian.

  • If you check the file /etc/hostname now you will see newdebian indicating that we are indeed in chroot mode.

cat /etc/hostname

Setting up locale

  • As we are in a new Linux environment we should always update available package list before doing any further administration.

# apt update

  • Install the locales first using command:

# apt install locales

  • Configure the locales using command:

# dpkg-reconfigure locales Choose (press space) en_US.UTF-8 UTF-8 from the list of locales, also in the next page setting default locale, please, choose en_US.UTF-8.

Also install package console-setup. This enables your own keyboard layout and other properties in your system. Command to do this: apt install console-setup .

You can also run # dpkg-reconfigure keyboard-configuration to change the layout and then # dpkg-reconfigure console-setup .

Setting up timezone

  • Install the time zone package tzdata first using command:

# apt install ntp tzdata

  • Configure the tzdata using command:

# dpkg-reconfigure tzdata
Use the following settings:

  • Geographic area: Europe
  • Time zone: Tallinn


  • Re-enter chroot to apply changes:

# exit - Will exit the chroot environment.
# chroot /mnt/NewRoot - Will change the root environment again taking into account new locale settings.

Setting up initial users and passwords

Change root password using # passwd

  • Choose any password you find secure enough, but also one that you can remember

Create a new user # adduser user

  • Choose any password you find secure enough, but also one that you can remember

Install extra Software for RAID, LVM and encryption support.

# apt install mdadm cryptsetup lvm2

  • Add into /etc/crypttab new line

crypt1 /dev/md1 none luks

Installing Linux kernel and Boot loader for new Debian Each operating system uses a kernel. Without a kernel, you can’t have an operating system that actually works. Windows, Mac OS X, and Linux all have kernels, and they’re all different. It’s the kernel that also does the grunt work of the operating system. Besides the kernel, there are a lot of applications that are bundled with the kernel to make the entire package something useful — more on that a bit later.

The kernel’s job is to talk to the hardware and software, and to manage the system’s resources as best as possible. It talks to the hardware via the drivers that are included in the kernel (or additionally installed later on in the form of a kernel module). This way, when an application wants to do something (say change the volume setting of the speakers), it can just submit that request to the kernel, and the kernel can use the driver it has for the speakers to actually change the volume.

The kernel is highly involved in resource management. It has to make sure that there is enough memory available for an application to run, as well as to place an application in the right location in memory. It tries to optimize the usage of the processor so that it can complete tasks as quickly as possible. It also aims to avoid deadlocks, which are problems that completely halt the system when one application needs a resource that another application is using. It’s a fairly complicated circus act to coordinate all of those things, but it needs to be done and that’s what the kernel is for. https://www.makeuseof.com/tag/linux-kernel-explanation-laymans-terms/

  • Install Linux kernel with command

# apt install linux-image-4.9.0-4-686-pae

  • Now lets install EXT file-system support to kernel for more stablilty

# apt install extlinux

  • In order for our new Linux to boot we need to install a bootloader called GRUB

# apt install grub-pc

  • when asked where to install GRUB - specify with SPACE both /dev/sda and /dev/sdb (not dm-0 or others dm nor md), use TAB to get to OK


Finishing and checking installation

  • Exit chroot

# exit

  • Unmount bound directories

# umount /mnt/NewRoot/dev
# umount /mnt/NewRoot/sys
# umount /mnt/NewRoot/proc

  • Unmount /boot and /

# umount /mnt/NewRoot/boot
# cd we need to exit /mnt/NewRoot folder # umount /mnt/NewRoot

  • Close LVM volumes

# vgchange -an vgsystem

  • Close encrypted partition crypt1

# cryptsetup luksClose /dev/mapper/crypt1

  • Close md0 and md1

# mdadm -S md1
# mdadm -S md0

  • To improve performance, a computer often keeps data in its memory rather than write it to disk because the RAM is much faster than accessing the hard disk. This is fine until there is a computer crash. When that happens the data that was held in memory is lost, or the file system is corrupted. The Sync command causes everything to be written to disk so none of the data is lost.

# sync

  • Poweroff the live

# poweroff

Remove attached ISO file of the Debian Live and try to run the VM using only the HDD we used to bootstrap new Debian:

  • For Qemu users:
    • you may just remove the -cdrom and -boot options from the qemu command line, leaving it as follows:
    • qemu-system-i386 --enable-kvm -m 512M -hda BootstrapDebian.qcow2
  • For VirtualBox users:
    • Start the BootstrapDebian VM
    • In the Devices Menu:
      • In Optical Drives section:
        • Click Remove disk from virtual drive
    • Reboot the BootstrapDebian -> Machine -> Reboot VM

The VM should ask for decryption password and then automatically boot into your fresh Debian OS:

  • The HDD has to be bootable (Boot Loader embedded into MBR)
    • So the GRUB menu has to be visible during boot time
  • The first entry Debian should ask for decryption password, then boot the OS and bring user to login screen with no errors
  • Defined users root and user should be able to login using the configured passwords
  • Check that Debian is not started with read only file system i.e with touch test.txt

CONGRATULATIONS you have completed the lab 2.

  • We believe in self study and that you are in University to learn so we do not ask proof of completing this lab, but instead we warn that you need this knowledge in future labs and exam.
  • We try to keep lab manuals short so we do not add long explaining texts in them so if you feel that some topics are still unclear we encourage you to use your favorite search engine to fill the gaps in knowledge you might encounter during System Administration course.
  • In case you still need help we have made a short video to help you get started. Video!

Lab 001 Live Videos

  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused