vm-ubuntu-fe安装过程

vm-ubuntu-fe安装过程

记录时间:2011-03-20

虚拟系统配置

  • CPU:1
  • 内存:512MB
  • 硬盘:系统:2GB
  • 服务:Apache2 + WordPress

提供服务

添加vm-ubuntu-fe虚拟机

在vmhost-ubuntu-vbox上初始化及设置虚拟机

mount /dev/sdb1 /mnt/backup/
su - vbox
VBoxManage createvm --name vm-ubuntu-fe --register
VBoxManage modifyvm vm-ubuntu-fe --cpus 1 --memory 512 --vram 8 --acpi on --boot1 dvd --boot2 disk --audio alsa --audiocontroller ac97 --usb on --usbehci on --nic1 bridged --bridgeadapter1 eth0 --vrde on --vrdevideochannel on --vrdevideochannelquality 75
VBoxManage sharedfolder add vm-ubuntu-fe --name vbox-shared --hostpath /opt/vbox-shared --automount
VBoxManage createhd --filename /opt/vbox/vm-ubuntu-fe/vm-ubuntu-fe-system.vdi --size 2000 --variant fixed
VBoxManage storagectl vm-ubuntu-fe --name "SATA Controller" --add sata
VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-fe/vm-ubuntu-fe-system.vdi
VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /mnt/backup/setup/system/ubuntu-10.04.2-server-amd64.iso
VBoxManage showvminfo vm-ubuntu-fe
VBoxHeadless -s vm-ubuntu-fe

远程VRDP安装

使用Windows上的远程管理工具

  • mstsc <vmhost-ubuntu-vbox-ip>:3389
  • 选项:640*400, 16bit
  • Installer boot menu
    • Language: English
    • <F6>: noacpi=on, nomodeset=on
    • Install Ubuntu Server 10.04 (Rescue mode)
  • Ubuntu installer main menu
    • Choose language: English
    • Location: other, Europe, Germany
    • Detect keyboard layout: yes, + y <ENTER> => de:nodeadkeys
  • Configure the network
    • DHCP: Auto
    • hostname: vm-ubuntu-fe
  • Partition disks
  • Install the base system
  • Set up users and passwords
    • Fullname: admin 2cn.de
    • Username: r
    • Password: <password>
    • Encrypt your home directory: No
  • Configure the package manager
  • Select and install software: No automatic updates
  • Software selection
  • Configuring grub-pc
    • Install the GRUB boot loader to the MBR: Yes
  • Restart

开启代理,更新系统,安装常用软件,删除不需要的软件包

sudo su
export http_proxy=http://www-cache.uni-mannheim.de:3128
apt-get update
apt-get dist-upgrade
apt-get autoremove
apt-get install rcconf
apt-get install python-software-properties
add-apt-repository "deb http://archive.canonical.com/ lucid partner"
apt-get remove ubuntu-docs
apt-get remove mysql-common
apt-get remove samba-common
apt-get clean
apt-get autoclean
apt-get autoremove
cat /etc/issue
vi /etc/hosts
127.0.0.1 vm-ubuntu-fe
10.20.18.104 vmhost-ubuntu-vbox

为r和root用户设置top

添加nagios远程监测

apt-get install nagios-nrpe-server
vi /etc/nagios/nrpe.cfg

修改/添加

allowed_hosts=vmhost-ubuntu-vbox
command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -e
/etc/init.d/nagios-nrpe-server restart

避免意外删除文件等错误

vi /etc/bash.bashrc

在vi里添加以下几行:

confirm() {
echo -n "Please confirm $*? [N/y] "
read -N 1 REPLY
echo
if test "$REPLY" = "y" -o "$REPLY" = "Y"; then
"$@"
else
echo "Cancelled by user"
fi
}
alias rm="rm -i"
alias cp="cp -i"
alias mv="mv -i"
alias halt="confirm halt"
alias reboot="confirm reboot"
alias shutdown="confirm shutdown"

SSH设置

用PAM限制SSH用户

vi /etc/pam.d/sshd

在vi里写入

auth required pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail

添加允许SSH的用户

vi /etc/ssh/ssh.allow

在vi里写入

r

10分钟后自动关闭空闲的SSH链接

vi /etc/ssh/sshd_config

添加以下几行:

ClientAliveInterval 300
ClientAliveCountMax 2
UseDNS no

安装VirtualBox Additions增强功能

在vmhost-ubuntu-vbox上:

su - vbox
VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /usr/share/virtualbox/VBoxGuestAdditions.iso

在vm-ubuntu-fe上:

sudo su
mkdir /media/cdrom
mount /dev/cdrom1 /media/cdrom
apt-get install dkms
/media/cdrom/VBoxLinuxAdditions.run --nox11
# 忽略没有视窗的错误:Installing the Window System drivers ...fail!
addgroup r vboxrf

安装apache2

apt-get install apache2
vi /etc/apache2/apache2.conf

添加/修改行:

ServerName localhost
Timeout 60
vi /etc/apache2/conf.d/security

添加/修改行:

# Disable access, directory indexing and .htaccess files by default
<Directory />
Options -Indexes
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
# Disable system information be included in the HTTP responses
ServerTokens Prod
# Disable system information to be included in server-generated pages
ServerSignature Off
# Disable HTTP TRACE requests
TraceEnable Off
groupadd log
usermod -a -G log www-data
usermod -a -G log r
mkdir /opt/logs
mkdir /opt/logs/apache2
rm -R /var/log/apache2
ln -s /opt/logs/apache2 /var/log/apache2
chown -R www-data.log /opt/logs
chmod -R g+w /opt/logs
chmod -R o-r /opt/logs
chmod -R o-x /opt/logs

安装WordPress

apt-get install mysql-server
apt-get install php5 phpmyadmin
adduser --system --shell /bin/sh --gecos 'wordpress admin' --group --disabled-password --home /opt/wordpress wpadmin
usermod -a -G log wpadmin
usermod -a -G wpadmin www-data
mkdir /opt/wordpress
cd /opt/wordpress
wget http://wordpress.org/latest.tar.gz
tar -zxvf latest.tar.gz
chown -R www-data.www-data wordpress
ln -s /opt/wordpress/wordpress /var/www/wordpress
mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wpadmin;
SET PASSWORD FOR wpadmin = PASSWORD("<PASSWORD>");
GRANT ALL PRIVILEGES ON wordpress.* TO "wpadmin"@"localhost" IDENTIFIED BY "<PASSWORD>";
FLUSH PRIVILEGES;
EXIT
cp /opt/wordpress/wordpress/wp-config-sample.php /opt/wordpress/wordpress/wp-config.php
vi /opt/wordpress/wordpress/wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wpadmin');
define('DB_PASSWORD', '<PASSWORD>');
# https://api.wordpress.org/secret-key/1.1/salt/
<SALT>

设置固定IP

vi /etc/network/interfaces

删除以下dhcp的设置

auto eth0
iface eth0 inet dhcp

添加IP设置

auto  eth0
iface eth0 inet static
address 192.168.178.111
netmask 255.255.255.0
network 192.168.178.0
broadcast 192.168.178.255
gateway 192.168.178.1
vi /etc/resolv.conf
search vm.2cn.de
domain vm.2cn.de
nameserver 192.168.178.1
nameserver 134.155.96.53
vi /etc/hosts
127.0.0.1 vm-ubuntu-fe
127.0.0.1 vm-ubuntu-fe.vm.2cn.de
192.168.168.11 vmhost-ubuntu-vbox
192.168.168.11 vmhost-ubuntu-vbox.2cn.de
/etc/init.d/networking restart

卸载dhcp

apt-get remove dhcp-client3

TODOs

Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s