Post by am0ral on May 9, 2007 5:56:55 GMT 7
Work In Progress.. I'll be updating this post as I get things working. I will move this info over to the wiki soon. I've never done anything like this before so there will likely be much room for improvement on this guide. Your feedback is appreciated.
Goal:
Run a minimal Debian sarge install on top of the default system without breaking it (optimally without touching it). Setup basic LAMP + FTP
Overview:
Install a minimal Debian distribution onto RAID
Get it running in a jail
Install aptitude package manager to Jailed OS
Use aptitude to Install and configure Apache2 with PHP support, mySQL with phpmyadmin interface, ProFTPD server with PROFTPDADMIN web interface
Get the services to start automatically
Whats left to resolve:
FTP server: jailed inetd is not hearing requests on port 21. Probably being caught by n2100's system. Can I bypass without messing the n2100 system?
PHP - shouldn't be a problem
automatic starting: Currently running a script after boot to get services up - "/etc/init.d/apache start" and so on
Step 1 - gain ssh access to n2100
Use the handy SSH module to gain root access -> onbeat.dk/thecus/index.php/N2100_Module:_SSH
Step 2 - get minimal Debian sarge distribution
Note: My method requires a separate Linux machine. If you don't have access see this guide -> onbeat.dk/thecus/index.php/N2100_Debian_Chroot
Note: Other versions of Debian should also work and might make this process easier. If you have success please report it.
On your linux machine install cdebootstrap if you don't already have it. Run these commands as root. This will take awhile.
You just downloaded a bare bones install of debian 3 and updated some files so it can get online after you put it on the n2100.
Step 3 - Move debian to n2100
Copy tarball to a n2100 share
ssh to the n2100 and do
you can remove the tarball
Step 4 - mount proc for jailed debian and test jail
You should now be in the jail at # prompt, poke around to make sure its not the base n2100. Proc must be mounted for some of the installing we are doing below. I'm not sure if it must be after everything is set up. If it does then the mounting should be automated. Now exit jail.
Step 5 - prep Debian for network access
from n2100 outside of jail
Step 6 - Install aptitude package manager
make sure your not in the jail
This is allot of work but once its done you can use aptitude to download all your packages. On the physical system your on (not the n2100) open your web browser and load up this page packages.debian.org/stable/admin/aptitude . You need the download the arm specific package for aptitude plus the arm specific packages for all its dependencies and their dependencies and so on. You will download these packages to the n2100 with wget. So you want to copy the location of the package then paste it into your ssh client (i use putty). Your first download will look like this "wget ftp.egr.msu.edu/debian/pool/main/a/aptitude/aptitude_0.4.4-4_arm.deb". Use the FTP sources. I had trouble with the http's. If someone can generate a list of these addresses, a script to download them, or an easier way to do this please help. (perhaps download them before transfer to n2100) Once you've downloaded everything:
You may have to do this many times or get more specific with dpkg. When i did this I found that I missed many dependencies in the above step and had to go back a few times. Its a pain. When your done try aptitude
if it starts your in good shape.
Step 7 Set jailed Root Password
say yes to shadow passwords. You may want to make a standard user but I tried and it hung. If it hangs kill process addusr from another session outside of the jail
Step 8 - install a good file editor, i used emacs
Step 9 - install mysql
NOTE: If you get a failure and with some messages about base-files unable to create /var/mail then
Try again:
NOTE: If install hangs with some "configuration error - unknown item"'s then you can either reboot TheCus or kill the process to escape.
NOTE: To kill process open new ssh session. ps to see running processes. find aptitude and note ps#. run kill ps# now your other session should be freed
Now back at the prompt. I wasn't able to successfully install mysql without switching users to root on the jailed system.
makes you jailed root, you can no longer exit back to the n2100 system in this session
At this point I had properly install mysql-server. Try aptitude show mysql-server to see if its good
Step 10 - Start mysql
open another session and enter jail (chroot)
Set mysql root password
now when you run 'netstat -tap' you should see a mysql entry
Make MySQL to listen on all available IP addresses:
edit /etc/mysql/my.cnf and comment out bind-address = 127.0.0.1
restart mysql
Need to set permissions on the temp files used by mySQL. By default this is /tmp
step 11 - installing Apache
you will get a message about the server not being started and port 80 being in use.
Edit /etc/apache2/ports.conf and change Listen 80 to Listen 85
edit /etc/default/apache2 and change NO_START to be 0
start apache
To test apache open up a web browser and load http://n2100:85 you should get "IT WORKS"
Step 12 - Installing phpmyadmin
x11-common is required.. no way around it with phpmyadmin, ill be looking for an interface that doesn't require this
if you get "/etc/init.d/x11-common: line 20: /etc/default/rcS: No such file or directory" then
edit file (i use emacs) /etc/init.d/x11-common and comment out line 20
try installation again
Done, now test it - http://TheCus IP:85/phpmyadmin
Getting Jailed apache on standard port 80
To do this you need to first move the N2100's original apache to another port.
Backup the original (non-jailed) apache's configuration file
Next edit the original httpd.conf file. For this I extracted the file to my personal computer for editing but you may use vi or send a copy of the file into your jail to use the editor you setup there.
To change the port to 8080 modify line 11 from "Listen 0.0.0.0:80" to "Listen 0.0.0.0:8080" Save the file and copy it back to its original location if you moved it.
Now you need to change the port of your jailed apache. Instructions for doing this where listed earlier in this post.
Goal:
Run a minimal Debian sarge install on top of the default system without breaking it (optimally without touching it). Setup basic LAMP + FTP
Overview:
Install a minimal Debian distribution onto RAID
Get it running in a jail
Install aptitude package manager to Jailed OS
Use aptitude to Install and configure Apache2 with PHP support, mySQL with phpmyadmin interface, ProFTPD server with PROFTPDADMIN web interface
Get the services to start automatically
Whats left to resolve:
FTP server: jailed inetd is not hearing requests on port 21. Probably being caught by n2100's system. Can I bypass without messing the n2100 system?
PHP - shouldn't be a problem
automatic starting: Currently running a script after boot to get services up - "/etc/init.d/apache start" and so on
Step 1 - gain ssh access to n2100
Use the handy SSH module to gain root access -> onbeat.dk/thecus/index.php/N2100_Module:_SSH
Step 2 - get minimal Debian sarge distribution
Note: My method requires a separate Linux machine. If you don't have access see this guide -> onbeat.dk/thecus/index.php/N2100_Debian_Chroot
Note: Other versions of Debian should also work and might make this process easier. If you have success please report it.
On your linux machine install cdebootstrap if you don't already have it. Run these commands as root. This will take awhile.
mkdir /mnt/debian
cdebootstrap -a arm -f minimal sarge /mnt/debian ftp://mirrors.sunsite.dk/mirrors/debian/
echo "nameserver xxx.xxx.xxx.xxx" > /mnt/debian/etc/resolv.conf
echo "deb ftp://mirrors.sunsite.dk/mirrors/debian/ stable main" > /mnt/debian/etc/apt/sources.listYou just downloaded a bare bones install of debian 3 and updated some files so it can get online after you put it on the n2100.
Step 3 - Move debian to n2100
tar -cvf /mnt/debian.tar /mnt/debian/Copy tarball to a n2100 share
ssh to the n2100 and do
cd /raid
mv /raid/n2100share/debian.tar /raid/
tar -xvf debian.taryou can remove the tarball
Step 4 - mount proc for jailed debian and test jail
mount proc-chroot /raid/mnt/debian/proc -t proc -o defaults
chroot /raid/mnt/debianYou should now be in the jail at # prompt, poke around to make sure its not the base n2100. Proc must be mounted for some of the installing we are doing below. I'm not sure if it must be after everything is set up. If it does then the mounting should be automated. Now exit jail.
exitStep 5 - prep Debian for network access
from n2100 outside of jail
cp /etc/hosts /path/to/chroot/etc/hosts
cp /etc/resolv.conf /path/to/chroot/etc/resolv.confStep 6 - Install aptitude package manager
make sure your not in the jail
cd /raid/mnt/debian/tmp
wget [[aptitude and dependencies]] This is allot of work but once its done you can use aptitude to download all your packages. On the physical system your on (not the n2100) open your web browser and load up this page packages.debian.org/stable/admin/aptitude . You need the download the arm specific package for aptitude plus the arm specific packages for all its dependencies and their dependencies and so on. You will download these packages to the n2100 with wget. So you want to copy the location of the package then paste it into your ssh client (i use putty). Your first download will look like this "wget ftp.egr.msu.edu/debian/pool/main/a/aptitude/aptitude_0.4.4-4_arm.deb". Use the FTP sources. I had trouble with the http's. If someone can generate a list of these addresses, a script to download them, or an easier way to do this please help. (perhaps download them before transfer to n2100) Once you've downloaded everything:
chroot /raid/mnt/debian
cd tmp
dpkg -i *debYou may have to do this many times or get more specific with dpkg. When i did this I found that I missed many dependencies in the above step and had to go back a few times. Its a pain. When your done try aptitude
aptitudeif it starts your in good shape.
Step 7 Set jailed Root Password
dpkg-reconfigure passwdsay yes to shadow passwords. You may want to make a standard user but I tried and it hung. If it hangs kill process addusr from another session outside of the jail
Step 8 - install a good file editor, i used emacs
aptitude install emacsStep 9 - install mysql
aptitude install mysql-serverNOTE: If you get a failure and with some messages about base-files unable to create /var/mail then
mv /var/mail /var/mail_bakTry again:
aptitude install mysql-serverNOTE: If install hangs with some "configuration error - unknown item"'s then you can either reboot TheCus or kill the process to escape.
NOTE: To kill process open new ssh session. ps to see running processes. find aptitude and note ps#. run kill ps# now your other session should be freed
Now back at the prompt. I wasn't able to successfully install mysql without switching users to root on the jailed system.
sumakes you jailed root, you can no longer exit back to the n2100 system in this session
aptitude update
aptitude upgrade
aptitude install mysqlAt this point I had properly install mysql-server. Try aptitude show mysql-server to see if its good
Step 10 - Start mysql
mysqldopen another session and enter jail (chroot)
Set mysql root password
mysqladmin -u root password yourrootsqlpasswordnow when you run 'netstat -tap' you should see a mysql entry
Make MySQL to listen on all available IP addresses:
edit /etc/mysql/my.cnf and comment out bind-address = 127.0.0.1
restart mysql
/etc/init.d/mysql restartNeed to set permissions on the temp files used by mySQL. By default this is /tmp
chmod 777 /tmpstep 11 - installing Apache
aptitude install apache2you will get a message about the server not being started and port 80 being in use.
Edit /etc/apache2/ports.conf and change Listen 80 to Listen 85
edit /etc/default/apache2 and change NO_START to be 0
start apache
/etc/init.d/apache2 startTo test apache open up a web browser and load http://n2100:85 you should get "IT WORKS"
Step 12 - Installing phpmyadmin
aptitude install phpmyadminx11-common is required.. no way around it with phpmyadmin, ill be looking for an interface that doesn't require this
if you get "/etc/init.d/x11-common: line 20: /etc/default/rcS: No such file or directory" then
edit file (i use emacs) /etc/init.d/x11-common and comment out line 20
try installation again
aptitude install phpmyadminDone, now test it - http://TheCus IP:85/phpmyadmin
Getting Jailed apache on standard port 80
To do this you need to first move the N2100's original apache to another port.
Backup the original (non-jailed) apache's configuration file
mkdir /raid/backup
cp /app/etc/httpd/conf/httpd.conf /raid/backupNext edit the original httpd.conf file. For this I extracted the file to my personal computer for editing but you may use vi or send a copy of the file into your jail to use the editor you setup there.
To change the port to 8080 modify line 11 from "Listen 0.0.0.0:80" to "Listen 0.0.0.0:8080" Save the file and copy it back to its original location if you moved it.
Now you need to change the port of your jailed apache. Instructions for doing this where listed earlier in this post.