piwik

dimarts, 30 de setembre del 2014

Mirroring Ubuntu 12.04 repo

Within the efforts of improving the performance of our network, we've decided to clone the official ubuntu repository to a local share which is served through anonymous FTP. There are plenty of tutorials explaining how to setup a local repo using apt-mirror, but what you basically need to know is how to configure this file
I've decided to clone also debian-installer packages in order to use this local repo for network installation through PXE.
/etc/apt/mirror.list


############# config ##################
#

set base_path    /mnt/my_ftp
#
 set mirror_path  $base_path/mirror
 set skel_path    $base_path/skel
 set var_path     $base_path/var
 set cleanscript $var_path/clean.sh
# set defaultarch  amd64
 set postmirror_script $var_path/postmirror.sh
# set run_postmirror 0
set nthreads     20
set _tilde 0
#
############# end config ##############
# Precise (12.04 LTS) for i386 architecture
deb-i386 http://archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse
deb-i386 http://archive.ubuntu.com/ubuntu/ precise-security main restricted universe multiverse
deb-i386 http://archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse
deb-i386 http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-i386 http://archive.canonical.com/ubuntu precise partner
deb-i386 http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse
#Source code
deb-src http://archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ precise-security main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://archive.canonical.com/ubuntu precise partner
deb-src http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse
#Adding some entries to have the installer files for the new PXE installations
deb-i386 http://archive.ubuntu.com/ubuntu precise main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
deb-i386 http://archive.ubuntu.com/ubuntu precise-security main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
deb-i386 http://archive.ubuntu.com/ubuntu precise-updates main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
deb-i386 http://archive.ubuntu.com/ubuntu precise-backports main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
# Precise (12.04 LTS) for x86_64 architecture
deb-amd64 http://archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse
deb-amd64 http://archive.ubuntu.com/ubuntu/ precise-security main restricted universe multiverse
deb-amd64 http://archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse
deb-amd64 http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-amd64 http://archive.canonical.com/ubuntu precise partner
deb-amd64 http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse
#Adding some entries to have the installer files for the new PXE installations
deb-amd64  http://archive.ubuntu.com/ubuntu precise main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
deb-amd64  http://archive.ubuntu.com/ubuntu precise-security main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
deb-amd64  http://archive.ubuntu.com/ubuntu precise-updates main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer
deb-amd64  http://archive.ubuntu.com/ubuntu precise-backports main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer

clean http://archive.ubuntu.com/ubuntu
clean http://archive.canonical.com/ubuntu
clean http://security.ubuntu.com/ubuntu

dilluns, 22 de setembre del 2014

Get GPG fingerprint and push your key to ubuntu key server

root@samaruc:/tmp# gpg --fingerprint
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/D9ADF82B 2014-09-09
      Key fingerprint = 3CDF 02F5 5532 E6FE 88D1  C152 5FE3 8CF1 D9AD F82B
uid                  Josep Manel Andres (IC3 standard WS)
sub   2048R/CB446606 2014-09-09


root@samaruc:/tmp# gpg --send-keys --keyserver keyserver.ubuntu.com D9ADF82B
gpg: sending key D9ADF82B to hkp server keyserver.ubuntu.com

dimarts, 9 de setembre del 2014

How to restrict ftp users from getting console access

We have set up an FTP server with several users that also have access to the server through SSH, which is not what we want.
The way we have set up the server is not probable the best one, but it just works for us. We have a Debian server in which we create normal users that we modify their home directory to point to the FTP filesystem, /ftpdata, which is an LVM disc.

So, to remove console access we need to do two things, adding /usr/lib/sftp-server as a shell to the /etc/shells file:

root@host # echo '/usr/lib/stfp-server' >> /etc/shells

and modify the default user's console to sftp-server by editing /etc/passwd or

root@host # usermod -s /usr/lib/sftp-server username

dimecres, 3 de setembre del 2014

Create unattended Ubuntu CD

This need came when we wanted to add a new machine to our infrastructure but it wasn't able to perform network boot, so it couldn't get the standard ubuntu installation from TFTP server. So, to get started, we need to have an Ubuntu Server edition ISO or an Ubuntu alternate edition, note that it won't work with the stardard Ubuntu Desktop edition.

Now we mount Ubuntu Alternate iso to some directory. Copy it with rsync to somewhere where you can edit it, and give write permisions to some directories.

mount -o loop /home/josep/ubuntu-alternate-12.04.iso /mnt/ubuntu
rsync -av /mnt/ubuntu/ /tmp/ubuntu
chmod -R u+w /tmp/ubuntu/isolinux
chmod -R u+w /tmp/ubuntu/preseed 

Modify the files /isolinux/txt.cfg to point to the new preseed that we have


default install
label install
  menu label ^Install Ubuntu
  kernel /install/vmlinuz
  append  file=/cdrom/preseed/ubuntu-our-preseed.seed locale=en_GB.UTF-8 console-setup/ask_detect=false keyboard-configuration/layoutcode=es vga=788 initrd=/install/initrd.gz quiet --
label check
  menu label ^Check disc for defects
  kernel /install/vmlinuz
  append   MENU=/bin/cdrom-checker-menu vga=788 initrd=/install/initrd.gz quiet --
label memtest
  menu label Test ^memory
  kernel /install/mt86plus
label hd
  menu label ^Boot from first hard disk
  localboot 0x80


And now we add our preseed to /preseed/ubuntu-our-preseed.seed



# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_GB.UTF-8
d-i debian-installer/country string ES
d-i localechooser/supported-locales en_US.UTF-8, en_GB.UTF-8, es_ES.UTF-8
# The values can also be preseeded individually for greater flexibility.
#d-i debian-installer/language string en
#d-i debian-installer/country string NL
#d-i debian-installer/locale string en_GB.UTF-8
# Optionally specify additional locales to be generated.
#d-i localechooser/supported-locales en_US.UTF-8, nl_NL.UTF-8
#
# Keyboard ======================
#
#d-i keyboard-configuration/modelcode skip
# New config
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/layoutcode string es
#
#
# Network installation
#
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/choose_interface select auto
d-i netcfg/get_nameservers string 192.168.60.9
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string ic3.local
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
d-i hw-detect/load_firmware boolean true
#
# Time ==========================
#
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Madrid
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
d-i clock-setup/ntp-server string 1.es.pool.ntp.org
#
# MIRROR ==========================
#
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string Spain
d-i mirror/http/hostname string es.archive.ubuntu.com
d-i mirror/http/directory string /ubuntu
d-i mirror/http/proxy string
.
.
.
. 


At this point we just need to recreate de ISO image:



mkisofs -r -V "auto-ubuntu-minimalvm" -cache-inodes -J -l -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o /home/josep/ubuntu-our-refurbished-image.iso /tmp/ubuntu