- michelinus / ArchOracleCloud.md
- Setting up Arch Linux on Hetzner Cloud
- Setup Server
- Launch Rescue Console
- Bootstrap Arch System
- Bootstrap Secrets from Keybase
- Setup dotfiles with yadm
- Reboot
- References
- Archlinux on Azure
- Pre-requisites
- Get a virtual machine
- Prepare the VM
- Add hyper-v modules to startup
- Install WALinuxAgent and configure it
- Virtual disk on the cloud
- Upload the vhd to azure
- Create VM in azure
- Footnotes
michelinus / ArchOracleCloud.md
in fdisk: (TIP: You may have to first delete all partitions using ‘d’ and then ‘w’ (save) and then proceed with following):
Press "g" (use gpt table) Press "n", partition 15, First sector default, Last sector +512M (set esp/EFI partition 15, size 512M) Press "t", then "1" (set type as EFI System) Press "n", partition 1 (set root partition 1, size remaining) Press "w" (save the changes)
partprobe mkfs.vfat /dev/sda15 mkfs.ext4 /dev/sda1 mount /dev/sda1 /mnt mkdir -p /mnt/boot/EFI mount /dev/sda15 /mnt/boot/EFI
mkdir /mnt/tmp cd /mnt/tmp wget -c https://mirror.cs.pitt.edu/archlinux/iso/2022.09.03/archlinux-bootstrap-2022.09.03-x86_64.tar.gz tar xf archlinux-bootstrap-2022.09.03-x86_64.tar.gz # uncomment any one mirror vi root.x86_64/etc/pacman.d/mirrorlist arch-chroot root.x86_64 # now we are inside Arch Installation process (as if booted through Arch ISO / Boot medium) pacman-key --init pacman-key --populate archlinux
mount /dev/sda1 /mnt mount /dev/sda15 /mnt/boot/EFI pacstrap /mnt base linux linux-firmware amd-ucode e2fsprogs openssh vim grub efibootmgr genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt # now we are inside our actual Arch system which we will be using in future # setup root password incase of serial console (see below) based recovery is required passwd # Setup swap (4GB) dd if=/dev/zero of=/swapfile bs=1M count=4096 status=progress chmod 600 /swapfile mkswap /swapfile echo '/swapfile none swap defaults 0 0' >> /etc/fstab # Configure the services systemctl enable systemd-networkd systemd-timesyncd sshd systemctl set-default multi-user.target # Basic Arch configuration ln -sf /usr/share/zoneinfo/YOURREGION/YOURCITY /etc/localtime hwclock --systohc # uncomment your locale(s) vim /etc/locale.gen locale-gen echo 'LANG=en_US.UTF-8' >> /etc/locale.conf echo 'TYPE_YOUR_HOSTNAME_HERE' >> /etc/hostname # sshd: PermitRootLogin with authorized_keys sed -i -e 's/^#PermitRootLogin/PermitRootLogin/g' /etc/ssh/sshd_config mkdir -p /root/.ssh chmod 700 /root/.ssh echo 'ssh-ed25519 TYPE_YOUR_SSH_KEY_HERE root@localhost' >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys
echo -e 'search localdomain\nnameserver 1.1.1.1\nnameserver 1.0.0.1' >> /etc/resolv.conf vim /etc/systemd/network/20-ethernet.network
[Match] Name=en* Name=eth* [Network] # How to enable IPv6 on Oracle Cloud? - https://youtu.be/yxm3Bn7uHyw # Also open port 546 on IPv6. Nftables example: # nft add rule ip6 filter INPUT udp dport dhcpv6-client accept DHCP=yes IPv6AcceptRA=yes IPForward=no [DHCPv4] UseDNS=false UseNTP=false [DHCPv6] UseDNS=false UseNTP=false [IPv6AcceptRA] UseDNS=false UseDomains=false
This step is optional but helpful to get instance Console (ttyS0) / Cloud Shell access (via https://cloud.oracle.com) in case the system is not accessible via SSH or not booting.
GRUB_TERMINAL_INPUT="console serial" GRUB_TERMINAL_OUTPUT="gfxterm serial" GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200" GRUB_CMDLINE_LINUX_DEFAULT="$" GRUB_CMDLINE_LINUX_DEFAULT="$ console=tty0 console=ttyS0,115200"
grub-install --efi-directory=/boot/EFI --bootloader-id=GRUB # create fallback boot loader too mkdir -p /boot/EFI/EFI/BOOT cp -dp /boot/EFI/EFI/GRUB/grubx64.efi /boot/EFI/EFI/BOOT/BOOTX64.EFI grub-mkconfig -o /boot/grub/grub.cfg
Also follow Arch Installation guide for any other steps that you may require: https://wiki.archlinux.org/index.php/installation_guide#Configure_the_system
- https://wiki.alpinelinux.org/wiki/Replacing_non-Alpine_Linux_with_Alpine_remotely
- https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.2-x86_64.iso
- https://wiki.archlinux.org/title/Install_Arch_Linux_from_existing_Linux
- https://mirror.cs.pitt.edu/archlinux/iso/2022.09.03/archlinux-bootstrap-2022.09.03-x86_64.tar.gz
- https://wiki.archlinux.org/title/Working_with_the_serial_console
- https://wiki.archlinux.org/index.php/installation_guide#Configure_the_system
- https://youtu.be/yxm3Bn7uHyw (Enable IPv6 for Oracle Cloud Infrastructure)
Setting up Arch Linux on Hetzner Cloud
This is a quick guide to how I setup a minimal, customized Arch Linux box on Hetzner Cloud. I use Keybase to bootstrap my secrets (SSH/GPG Keys and other credentials) and yadm to store and bootstrap my dotfiles.
Setup Server
Launch Rescue Console
- Enable Rescue and Power Cycle
- Log into host (now running rescue system) via SSH
- Run installimage and follow the steps to install Arch Linux
Bootstrap Arch System
Install the bare minimum packages
pacman -Syu --noconfirm base-devel git
useradd -m -s /bin/bash deepak \ && passwd -d deepak \ && echo 'deepak ALL=(ALL) ALL' > /etc/sudoers.d/deepak
su - deepak git clone https://aur.archlinux.org/trizen.git \ && cd trizen \ && makepkg -si --needed --noconfirm \
Install a few packages to start with
trizen --noconfirm -Syu \ aws-cli \ azure-cli \ bash-completion \ docker \ go \ inetutils \ iproute \ iputils \ man-db \ man-pages \ mosh \ nano \ neovim \ python-neovim \ neovim-remote \ openssh \ pacman-contrib \ procps-ng \ psmisc \ python-pip \ python-pipenv \ ripgrep \ svn \ sysfsutils \ tmux \ unzip \ yadm-git \ zip \ dotnet-sdk \ azure-functions-core-tools-bin
Bootstrap Secrets from Keybase
FIXME: Consider using an alternative way to bootstrap secrets like transcrypt.
Install Keybase and bootstrap machine
trizen -Syu --no-confirm keybase kbfs keybase service & keybase login debugjois
Check out secrets. I keep all my secrets in a keybase encrypted git repo.
mkdir .keybase cd .keybase git clone keybase://private/debugjois/secrets
Setup dotfiles with yadm
Use yadm to check out and bootstrap 1 dotfiles
yadm clone --bootstrap https://github.com/deepakjois/yadm
Reboot
Finally, reboot the system and ssh into the system as deepak
References
Archlinux on Azure
This post covers the steps required to get an Archlinux virtual machine up in Azure.
Azure documentation has a guide for Create and upload generic linux image. We will expand on it and go into archlinux specific details here 🙂
Pre-requisites
We will use qemu through out this article to run a VM locally and configure it. Let’s install it right away.
Our strategy is to locally create a virtual machine with all requisites for azure. Then we will convert the VM hard disk to a VHD suitable for azure. Finally, we will publish the vhd to cloud, and create a VM in azure from that!
Get a virtual machine
We will assume you already have a stock virtual machine image. You can get the archlinux iso and prepare a VM with qemu, or download a archlinux image 1 .
$ qemu-system-x86_64 archlinux.qcow2
All the following commands will run in the VM we just started.
Prepare the VM
Let’s tweak the image for azure readiness.
Add hyper-v modules to startup
Azure requires the hyper-v modules to be preloaded during boot time. We will create a new initramfs with them.
# vim /etc/mkinitcpio.conf Modify the MODULES array in the file MODULES="hv_storvsc hv_vmbus"
Now generate the default initramfs image.
Validate the generated image has required modules.
# lsinitcpio /boot/initramfs-linux.img | grep hv_ Output should be similar to: usr/lib/modules/4.7.0-1-ARCH/kernel/hv_storvsc.ko usr/lib/modules/4.7.0-1-ARCH/kernel/hv_vmbus.ko
Install WALinuxAgent and configure it
WALinuxAgent, as the name suggests, configures the VM to be azure compliant. It keeps azure notified of key changes like hostname etc., provisions a resource disk and so on.
If you’ve not setup yaourt or a similar aur package manager, please do so. Install the azure linux agent from AUR.
This package installs the waagent systemd service in the VM for monitoring. We will enable the service at boot.
Modify /etc/waagent.conf with following values.
Provisioning.DeleteRootPassword=n Logs.Verbose=y AutoUpdate.Enabled=n
Note that the options are primarily geared to help us debug failures. Later we can configure ssh to not allow root to login. We’ve disabled autoupdate to ensure VM doesn’t break without our knowledge, the demerit is we will not get any fixes (incl. critical ones) automatically. We can turn this on later as well.
A few additional checks before we deprovision the virtual machine.
Ensure dhcpcd service is enabled to run at startup. Without it, we will just lock the VM out in the cloud 🙂
Ensure ssh daemon is set to run at startup. You may want to pre-provision an user in the VM; just in case. Modify /etc/ssh/sshd.config appropriately.
We’re now ready to deprovision the virtual machine.
# waagent -force -deprovision # export HISTSIZE=0 # shutdown -h now
Virtual disk on the cloud
Now back to the local box which hosts the virtual machine.
Azure requires the VHD to be a fixed disk with size rounded to the nearest MB. The azure guide provides clear instructions for this. We’ll convert our disk to a raw image first.
$ qemu-img convert -f qcow2 -O raw archlinux.qcow2 archlinux.raw
Save the following script as resize.sh in local directory.
# Prints the size of raw and vhd disk rawdisk="archlinux.raw" vhddisk="archlinux.vhd" echo "RAW Info:" MB=$((1024*1024)) size=$(qemu-img info -f raw --output json "$rawdisk" | \ gawk 'match($0, /"virtual-size": (6+),/, val) ') echo "Current Size = $size" rounded_size=$((($size/$MB + 1)*$MB)) echo "Rounded Size = $rounded_size" echo "VHD Info:" size=$(qemu-img info -f raw --output json "$vhddisk" | \ gawk 'match($0, /"virtual-size": (9+),/, val) ') echo "Current Size = $size" rounded_size=$((($size/$MB + 1)*$MB)) echo "Rounded Size = $rounded_size"
On running ./resize.sh you will get the rounded size of the raw image. Resize it first to that value.
# # rounded_size is got by running ./resize.sh $ qemu-img resize archlinux.raw
Now convert the raw image to vhd.
$ qemu-img convert -f raw -o subformat=fixed,force_size -O vpc archlinux.raw archlinux.vhd $ ./resize.sh
Validate that the Rounded size for raw and vhd are the same.
Upload the vhd to azure
Install azure-vhd-utils-for-go-git from AUR.
$ yaourt -S azure-vhd-utils-for-go-git
Following command will upload the vhd and create a VM image in Azure.
$ vhd upload --localvhdpath archlinux.vhd --stgaccountname archtest --stgaccountkey storagekey --blobname archlinux.1
Note that the archtest storage account is a classic storage account.
Create VM in azure
Navigate to the older azure portal https://manage.windowsazure.com.
Create a Image for the vhd:
- Navigate to Virtual Machines in the left side pane
- Open the Images tab in right side
- Use Create from the toolbar below
Point the image to vhd uploaded previously.
For creating a VM with a custom image, use the Images option in Create VM dialog. There’s a windows VM guide here, the steps are similar for our custom vhd.
That’s all for now. If all went well, you should be able to ssh into the VM just created 🙂
Footnotes
आत्मा वा अरे द्रष्टव्यः श्रोतव्यो मन्तव्यो निदिध्यासितव्यो मैत्रेयि, आत्मनो वा अरे दर्शनेन श्रवणेन मत्या विज्ञानेनेदं सर्वं विदितम् ॥
The Self, my dear Maitreyī, should be realised—should be heard of, reflected on and meditated upon. By the realisation of the Self, my dear, through hearing, reflection and meditation, all this is known. Brihadaranyaka Upanishad, 2.4.5
© 2023 Inside Out. This work is licensed under a CC-BY-NC-SA 4.0 License .