1. System Setup

  • Restart the server.

  • Press F2 to enter System Setup.

1.1. System BIOS

1.1.1. System Information

1.1.2. Memory Settings

1.1.3. Processor Settings

1.1.4. SATA Settings

1.1.5. NVMe Settings

1.1.6. Boot Settings

1.1.7. Network Settings

1.1.8. Integrated Devices

1.1.9. Serial Communication

1.1.10. System Profile Settings

1.1.11. System Security

  • Select System BIOS.

  • Select System Security.

  • Choose Disabled for Secure Boot.

    SECURE BOOT
  Secure Boot                           ○ Enabled       ● Disabled
  Secure Boot Policy                    Standard
  Secure Boot Mode                      ○ User Mode     ● Deployed Mode

  • Click Back.

1.1.12. Redundant OS Control

1.1.13. Miscellaneous Settings

  • Select System BIOS.

  • Select Miscellaneous Settings.

  • Click on the System Time field.

  • Adjust the time to GMT+00 (local time in the UK) and click OK.

  • Click Back.

  • Click Finish.

  • Click Finish.

  • Click Yes to exit.

1.2. iDRAC Settings

1.2.1. ???

1.2.2. ???

1.2.3. …​

1.2.4. System Lockdown Mode

  • Choose Disabled for System Lockdown Mode.

  • Choose Enabled for System Lockdown Mode.

  • Click Back.

  • Click Finish.

1.3. Device Settings

1.3.1. RAID Controller in SL 3

1.3.2. Embedded NIC 1 Port 1

1.3.3. Embedded NIC 2 Port 1

2. Lyfecycle Controller

  • Restart the server.

  • Press F10 to enter Lifecycle Controller.

2.1. Home

2.1.1. Get the latest firmware

  • Note: 2025-01-31: Firmware updates in Lifecycle Controller 7.10.90.00 Build 1190 don’t work.

  • Note: 2025-01-31: Instead check for firmware updates using iDRAC > ???.

2.1.2. Configure server for remote access (iDRAC)

  • Select Configure server for remote access (iDRAC).

    iDRAC Settings Version  5.00.00.18
iDRAC Firmware Version  7.10.90.00 (Build 27)
2.1.2.1. System Summary
2.1.2.2. System Event Log
2.1.2.3. Network

  • Select Network.

    NETWORK SETTINGS
  Enable NIC                                    ○ Disabled      ● Enabled
  NIC Selection                                 ● Dedicated     ○ LOM1          ○ LOM2
  Failover Network                              ● None
  MAC Address                                   08:92:04:AA:F2:78
  Auto Negotiation                              ○ Off           ● On
  Auto Dedicated NIC                            ● Disabled      ○ Enabled
  Network Speed                                 ○ 10 Mbps       ○ 100 Mbps      ● 1000 Mbps
  Active NIC Interface                          Dedicated
  Duplex Mode                                   ○ Half Duplex   ● Full Duplex

COMMON SETTINGS
  Register DRAC on DNS                          ● Disabled      ○ Enabled
  DNS DRAC Name                                 idrac-BPRCCR3
  Auto Config Domain Name                       ○ Disabled      ● Enabled
  Static DNS Domain Name

IPV4 SETTINGS
  Enable IPv4                                   ○ Disabled      ● Enabled
  Enable DHCP                                   ● Disabled      ○ Enabled
  Static IP Address                             10.10.1.202
  Static Gateway                                10.10.1.170
  Static Subnet Mask                            255.255.255.0
  Use DHCP to obtain DNS server address         ● Disabled      ○ Enabled
  Static Preferred DNS Server                   10.10.1.1
  Static Alternate DNS Server                   0.0.0.0

IPV6 SETTINGS
  Enable IPv6                                   ● Disabled      ○ Enabled
  Enable Auto-configuration                     ○ Disabled      ● Enabled
  Static IP Address 1                           ::
  Static Prefix Length                          64
  Static Gateway                                ::
  Link Local Adddress                           ::
  Use DHCPv6 to obtain DNS server address       ○ Disabled      ● Enabled
  Static Preferred DNS Server                   ::
  Static Alternate DNS Server                   ::

IPMI SETTINGS
  Ebable IPMI Over LAN                          ● Disabled      ○ Enabled
  Channel Privilege Level Limit                 ● Administrator ○ Operator      ○ User
  Encryption Key                                0000000000000000000000000000000000000000

VLAN SETTINGS
  Enable VLAN ID                                ● Disabled      ○ Enabled
  VLAN ID                                       1
  Priority                                      0

  • Click Back.

2.1.2.4. Alerts
2.1.2.5. Front Panel Security
2.1.2.6. Media and USB Port Settings
2.1.2.7. Lifecycle Controller
2.1.2.8. Hardware Configuration Validation
2.1.2.9. Power Configuration
2.1.2.10. Thermal
2.1.2.11. System Location
2.1.2.12. User Configuration
2.1.2.13. Smart Card
2.1.2.14. Communications Permissions
2.1.2.15. Remote Enablement
2.1.2.16. Reset iDRAC configurations to defaults
2.1.2.17. Reset iDRAC configurations to defaults all
2.1.2.18. Reset iDRAC configurations to default factory settings
2.1.2.19. System Lockdown Mode

  • Click Finish.

2.1.3. Configure RAID

  • Select Configure RAID.

  • Select PERC H755 Front in SL3 (Security Capable) for Select RAID Controller.

    Select RAID Controller                  PERC H755 Front in SL3 (Security Capable)

RAID Type
  ● Windows RAID        ○ Linux RAID
2.1.3.1. Virtual Disk 1

  • Click Next.

  • Select RAID 1.

  • Click Next.

  • Check Solid State Disk 0:1:0.

  • Check Solid State Disk 0:1:1.

    Protocol                SATA
Media Type              SSD
Encryption Capability   Non-encryption
Encryption Protocol     Non-encryption Capable
Span Length             None
Disk Block Size         512

□ M2 Boot Optimized
□ Select All

Disk Name                       Size (GB)       Encryption Capability   T10 PI
■ Solid State Disk 0:1:0        446.625         No                      No
■ Solid State Disk 0:1:1        446.625         No                      No
□ Solid State Disk 0:1:2        893.750         No                      No
□ Solid State Disk 0:1:3        893.750         No                      No
□ Solid State Disk 0:1:4        893.750         No                      No
□ Solid State Disk 0:1:5        893.750         No                      No
□ Solid State Disk 0:1:6        446.625         No                      No
□ Solid State Disk 0:1:7        893.750         No                      No

  • Click Next.

  • Select Solid State Disk 0:1:6 for Hot Spare Disk.

    Virtual Disk Name               System
  Size (0,1 - 446.62 GB)        446.62
Stripe Element Size             256 KB
Read Policy                     Read Ahead
Write Policy                    Write Back

□ Enable T10 Protection Information Capability
□ Secure Disk
□ Assign a Hot Spare Disk if available
Hot Spare Disk                  Solid State Disk 0:1:6

  • Click Next.

  • Click Finish. [note]*Note: If the new configuration is applied, all existing virtual disks will be deleted from the selected RAID controller and data will be lost from all physical disks that have been used for the new configuration.

  • Click Yes to continue.

2.1.3.2. Virtual Disk 2

2.1.4. Configure RAID and Deploy an Operating System

2.2. Lifecycle Log

2.3. Firmware Update

2.4. Hardware Configuration

2.5. OS Deployment

2.6. Platform Restore

2.7. Hardware Diagnostics

2.8. Settings

2.9. System Setup

3. iDRAC

  • Browse to https://10.10.1.202.

  • Type root for the Username field.

  • Type the iDRAC-TBHF-LXD-MRM password stored in the KeePass Password Manager.

    Username:       root
Password:       ********
Domain:         This iDRAC

  • Click Log In.

  • Optional: Choose Keep Default Password.

  • Optional: Check Do not show this warning again.

  • Click Contimue.

  • Select Logout.

3.1. Dashboard

3.2. System

3.3. Storage

3.4. Configuration

3.5. Maintenance

3.6. iDRAC Settings

3.6.1. Overview

3.6.2. Connectivity

3.6.3. Services

3.6.4. Users

3.6.5. Settings

3.6.5.1. Time Zone and NTP Settings

  • Select iDRAC Settings > Settings > Time Zone and NTP Settings.

  • Select Europe/London for the Time Zone.

  • Click Apply.

  • Click Ok.

  • Select Enabled for the Enable Network Time Protocol (NTP).

  • Type 0.pool.ntp.org in the NTP Server 1 field.

  • Type 1.pool.ntp.org in the NTP Server 2 field.

  • Type 2.pool.ntp.org in the NTP Server 3 field.

  • Click Apply.

  • Click Ok.

3.6.5.2. iDRAC Service Module Setup
3.6.5.3. Management USB Settings
3.6.5.4. SMTP (Email) Server Settings
3.6.5.5. RSA SecurID Configuration
3.6.5.6. Job Settings
3.6.5.7. Plugins

4. Linux Debian 13

4.1. Installation

  • Attach the boot media.

  • Restart the server.

  • Press F12 for the Boot Menu.

5. Initial Setup

  • Power on the Dell PowerEdge R450.

  • Press F10 to open Lifecycle Controller.

  • Optional: Select Settings.

  • Optional: Select Network Settings.

  • Select English for the language.

  • Select United States for the keyboard type.

  • Click Next.

  • Click Next.

    Network Settings
    NIC Card                Broadcom NetXtreme Gigabit Ethernet (Embedded NIC 1)

IPv4 Network Settings
IP Address Source       Static IP
IP Address              10.10.0.201
Subnet Mask             255.255.255.0
Default Gateway         10.10.0.170
DNS Address             10.10.1.1

IPv6 Network Settings
IP Address Source       No Configuration
IP Address
Prefix Length
Default Gateway
DNS Address

Lifecycle Controller VLAN Settings
○ Enabled       ● Disabled
VLAN ID                 1
Priority                0
    Network Settings
    NIC Card                Broadcom NetXtreme Gigabit Ethernet (Embedded NIC 2)

IPv4 Network Settings
IP Address Source       Static IP
IP Address              10.10.1.201
Subnet Mask             255.255.255.0
Default Gateway         10.10.1.170
DNS Address             10.10.1.1

IPv6 Network Settings
IP Address Source       No Configuration
IP Address
Prefix Length
Default Gateway
DNS Address

Lifecycle Controller VLAN Settings
○ Enabled       ● Disabled
VLAN ID                 1
Priority                0

  • Click Next.

  • Click OK.

  • Note: Use the iDRAC Default Password located on the information tag.

  • Note: Store the iDRAC Default Password in the KeePass Password Manager.

    iDRAC Network Settings
    IPv4 Configuration
IP Address Source       ● Static        ○ DHCP
IP Address              10.10.1.202
Default Gateway         10.10.1.170
Subnet Mask             255.255.255.0
DNS Address Source      ● Static        ○ DHCP
DNS Address             10.10.1.1

Credentials
Account Username        root
Password                ********
Confirm Password        ********

  • Click Next.

  • Click Yes to confirm.

  • Click OK.

  • Click Finish.

6. iDRAC Login

  • Browse to https://10.10.1.202.

  • Type root for the Username field.

  • Type the iDRAC-TBHF-LXD-MRM password stored in the KeePass Password Manager.

    Username:       root
Password:       ********
Domain:         This iDRAC

  • Click Log In.

  • Optional: Choose Keep Default Password.

  • Optional: Check Do not show this warning again.

  • Click Contimue.

  • Select Logout.

7. Date and Time

8. Firmware Updates

  • Browse to https://10.10.1.202 and log in with the root account.

  • Select Maintenance > System Update > Manual Update.

  • Select HTTPS for the Location Type.

  • Check Use Default Address.

    Location Type                           HTTPS
Use Default Address                     ■
Catalog Location (optional)
Catalog Name (optional)
Additional Filter Options               ■ Apply Same Versions   □ Apply Downgrade Versions

HTTPS Address                           downloads.dell.com
User Name
Password
Expired or invalid certificate action   Ignore
Server Certificate                      A valid certificate is not loaded

Enable Proxy Server                     Disabled
Server
Port                                    80
User Name
Password
Type                                    HTTP

  • Click Check for Update.

    Contents                                                                Criticality     Prerequisites   Status
--------                                                                -----------     -------------   ------
Firmware_X3JNV_WN64_7.10_A00_07.EXE                                     Recommended     None            Available
Serial-ATA_Firmware_7YCK2_WN64_HJ58_A00_06.EXE                          Recommended     None            Available
Serial-ATA_Firmware_9RF8X_WN64_DL7A_A00.EXE                             Critical        None            Available
Serial-ATA_Firmware_KT63Y_WN64_J008_A00.EXE                             Optional        None            Available
SAS-RAID_Firmware_R2N55_WN64_52.26.0-5179_A09_03.EXE                    Recommended     None            Available
BIOS_Y9M3Y_WN64_1.15.2.EXE                                              Critical        None            Available
Network_Firmware_MGPTR_WN64_23.11.4.EXE                                 Optional        None            Available
Security_Firmware_YWM7C_WN64_7.2.3.1_A00_02.EXE                         Optional        None            Available
Systems-Management_Application_YN8W5_WN64_5.4.0.0_A00.EXE               Recommended     None            Available
Drivers-for-OS-Deployment_Application_3NWPN_WN64_24.08.07_A00.EXE       Optional        None            Available
Diagnostics_Application_3GX21_WN64_4303A28_4303.28.EXE                  Optional        None            Available
iDRAC-with-Lifecycle-Controller_Firmware_92MM7_WN64_7.10.90.00_A00.EXE  Recommended     None            Available

  • Check all available updates.

  • Click Install Next Reboot.

  • Click Job Queue to view the status of the update jobs.

  • Wait for downloads and updates to finish.

  • Restart the server.

  • Select Get the latest firmware.

  • Choose Dell Website.

  • Select Test Network Connection.

  • Click OK at the Network Connection Test was Successful popup message.

  • Click Next.

  • Click Yes to continue without enabling proxy.

  • Click Yes to continue.

            Component                       Current         Available       Prerequisites   Status
■       iDRAC 6.10.30.20                5.10.30.00      6.10.30.20      N/A             Ready to apply
■       Dell 64 Bit uEFI                4301A70         4301A79         N/A             Ready to apply
        Diagnostics, version 4301
■       Dell OS Driver Pack             21.10.02        22.12.05        N/A             Ready to apply
■       Dell EMC iDRAC Service          4.2.0.0         5.1.0.0         N/A             Ready to apply
        Module Embedded Package
        v5.1.0.0, A00
■       Broadcom NetXtreme network      22.00.6         22.31.6         N/A             Ready to apply
        device firmware, 22.3
■       Broadcom NetXtreme network      22.00.6         22.31.6         N/A             Ready to apply
        device firmware, 22.3
■       Dell Server PowerEdge R750,     1.6.5           1.9.2           N/A             Ready to apply
        R750xa, R750xs, R650,
        R650xs, R550, R450, C6520,
        MX750c and T550 BIOS Version
        1.9.2
■       PERC H755 RAID Controller       52.16.1-4405    52.21.0-4606    N/A             Ready to apply
        firmweare version
        52.21.0-4606
■       Non-Expander Storage            3.67            6.97            N/A             Ready to apply
        Backplane Firmware for
        Select PowerEdge Platforms

  • Click Apply.

  • Click Apply.

  • Wait several minutes for the firmware updates to download.

  • Wait several minutes for the firmware updates to install.

9. Sophos Firewall

  • Browse to SMRU-SFW-MRM.

  • Logon as admin.

  • Select PROTECT > Rules and policies.

  • Select Outgoing traffic - LAN.

  • Add or modify the Allow DNS HTTP HTTPS NTP SMTP for Linux servers rule.

    Source zones                    LAN
Source networks and devices     MST DMZ Network
Destination zones               WAN
Destination networks            Any
Services                        DNS, HTTP, HTTPS, NTP, SMTP(S), PING

10. Firmware

The firmware-bnx2_20210315-3_all.deb package is needed for the Broadcom BCM5716 network interface cards. This package needs to be installed manually after the installation if during the installation networking was not configured. This package is automatically installed during installation if networking is configured. Connect the server to the LAN using a port on the SMRU-SW01 24p switch that has MAC Auth disabled to configure networking during installation. After the installation connect the server to the LAN.

11. Linux Debian 11

11.1. Installation

  • Attach the debian-11.6.0-amd64-DVD-1.iso installation media.

  • Boot the computer from the installation media.

    • Press F11 to enter the UEFI Boot Manager.

    • Select the installation media and press Enter.

  • Select Install and press Enter.

  • Step through the installation with the following choices.

  • Language: English - English

  • Country, territory or area: other

  • Continent or region: Asia

  • Country, territory or area: Thailand

  • Country to base default locale settings on: United States - en_US.UTF-8

  • Keymap to use: American English

  • Primary network interface: eno1: Broadcom Inc. and subsidiaries NetXtreme II BCM5716 Gigabit Ethernet (rev 20)

  • Hostname: tbhf-lxd-mrm

  • Root password: level 1 password

  • Re-enter password to verify: level 1 password

  • Full name for the new user: SMRU

  • Username for your account: smru

  • Choose a password for the new user: level 2 password

  • Re-enter password to verify: level 2 password

  • Partitioning method: Guided - use entire disk

  • Select disk to partition: SCSI1 (2,0,0) (sda) - 6.0 TB DELL PERC H710

  • Partitioning scheme: All files in one partition (recommended for new users)

  • Partition disks: Finish partitioning and write changes to disk

  • Write the changes to disk? Yes

  • Note: The following disk partitions will be created.

    Device        Start         End     Sectors  Size Type
/dev/sda1      2048     1050623     1048576  512M EFI System
/dev/sda2   1050624    59643903    58593280 27.9G Linux filesystem
/dev/sda3  59643904    61644799     2000896  977M Linux swap
/dev/sda4  61644800 11718883327 11657238528  5.4T Linux filesystem

  • Use a network mirror? No

  • Participate in the package usage survey? No

    Choose software to install:                     [ ] Debian desktop environment
                                                [ ] ... GNOME
                                                [ ] ... Xfce
                                                [ ] ... GNOME Flashback
                                                [ ] ... KDE Plasma
                                                [ ] ... Cinnamon
                                                [ ] ... MATE
                                                [ ] ... LXDE
                                                [ ] ... LXQt
                                                [ ] web server
                                                [*] SSH server
                                                [*] standard system utilities

  • Choose software to install: Continue

  • Detach the installation media.

  • Select Continue to reboot and press Enter.

12. Configuration

  • Download the firmware-bnx2_20210315-3_all.deb file from https://packages.debian.org/bullseye/all/firmware-bnx2/download.

  • Copy the firmware-bnx2_20210315-3_all.deb file to a FAT32 formatted USB key.

  • Attach the USB key to the Dell PowerEdge R410 server.

  • Log in as smru at the console of the tbhf-lxd-mrm server.

  • Enter the following commands at a Command Line with root privileges.

    fdisk -l
fdisk -l /dev/sdc
mount /dev/sdc1 /mnt
cp -a /mnt/firmware-bnx2_20210315-3_all.deb .
umount /mnt
dpkg -i firmware-bnx2_20210315-3_all.deb

  • Detach the USB key.

  • Restart the computer.

13. Configuration

  • Log in as smru at the console of the tbhf-lxd-mrm server.

  • Type ip address and press Enter.

  • Log in as smru on tbhf-lxd-mrm using PuTTY.

  • Enter the following commands at a Command Line with root privileges.

    ip address
lspci -D | grep Ether
sudo systemctl --type service
cp -a  /etc/network/interfaces /etc/network/interfaces.org

  • Append the following lines to the /etc/network/interfaces file.

    # The primary network interface
auto eno1
iface eno1 inet static
    address 10.10.1.11
    gateway 10.10.1.170
    netmask 255.255.255.0
    network 10.10.1.0

  • Enter the following commands at a Command Line with root privileges.

    scp -p delta@tbhf-anc-mrm:/media/Windows/Software/_Delta/delta-linux-tools-#.#.#-1-all.deb .
dpkg -i delta-linux-tools-#.#.#-1-all.deb

smru config apt                         # Configure apt repositories.
smru config bash                        # Configure bash shell for each user.
smru config cron                        # Configure cron jobs.
smru config editor                      # Set default editor to vim.tiny for each user.
smru config kernel acpi=off             # Prevent ACPI syslog errors.
smru config locale                      # Configure locale settings.

smru setup inventory                    # Install and configure inventory.
smru setup openssh                      # Install and configure openssh server.
smru setup sudo                         # Install and configure sudo for each user.
smru setup timezone                     # Install and configure time zone.

14. Network

The KVM server is running on a Dell PowerEdge R320 that has two network cards. Because of this it makes sense to use predictable network interface names, which is the default for Debian 10 and later and to use NIC Bonding, also called NIC Teaming. Bridging should be enabled for the virtual machines to have direct access to the LAN.

  • Log in as smru on tbhf-kvm-mrm using PuTTY.

14.1. Legacy Networking

  • Enter the following commands at a Command Line.

    sudo apt-get install bridge-utils ifenslave

  • Bridging:

    • Remove the primary network interface section from the /etc/network/interfaces file.

    • Append the following lines to the /etc/network/interfaces file.

    # This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

## The primary network interface
#auto eno1
#iface eno1 inet static
#    address 10.10.1.11
#    gateway 10.10.1.170
#    netmask 255.255.255.0
#    network 10.10.1.0

# Requires bridge-utils package
allow-hotplug br0
auto br0
iface br0 inet static
    address 10.10.1.11
    gateway 10.10.1.170
    netmask 255.255.255.0
    network 10.10.1.0
    bridge_fd 0
    bridge_maxwait 0
    bridge_ports eno1
    bridge_stp off
    bridge_waitport 0

  • Bonding + Bridging:

    • Remove the primary network interface section from the /etc/network/interfaces file.

    • Append the following lines to the /etc/network/interfaces file.

    # The primary network interface
#allow-hotplug eno1
#iface eno1 inet dhcp

## The primary network interface
#allow-hotplug eno1
#iface eno1 inet static
#    address 10.10.1.11
#    netmask 255.255.255.0
#    network 10.10.1.0
#    gateway 10.10.1.170

## The primary network interface
#auto eno1
#iface eno1 inet manual

## The secondary network interface
#auto eno2
#iface eno2 inet manual

# The bond interface
auto bond0
iface bond0 inet manual
    bond-slaves eno1 eno2
    bond-mode active-backup
    bond-miimon 100
    bond-downdelay 200
    bond-updelay 200

# The bridge interface
auto br0
iface br0 inet static
    address 10.10.1.11
    netmask 255.255.255.0
    network 10.10.1.0
    gateway 10.10.1.170
    bridge_ports bond0
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0
    bridge_waitport 0

  • Restart the computer.

  • Enter the following commands at a Command Line.

    cat /proc/net/bonding/bond0
ip address

  • Note: You will see that the primary and secondary network interfaces have the same MAC address.

14.2. Systemd Networking

  • Bonding + Bridging:

    • Create a /etc/systemd/network/bond1.netdev file with the following contents.

      [NetDev]
Name=bond1
Kind=bond

[Bond]
Mode=active-backup

    • Create a /etc/systemd/network/bond1.network file with the following contents.

      [Match]
Name=eno1
Name=eno2

[Network]
Bond=bond1

    • Create a /etc/systemd/network/static.network file with the following contents.

      [Match]
Name=br0

[Network]
Address=10.10.1.11/24
Gateway=10.10.1.170

    • Create a /etc/systemd/network/br0.netdev file with the following contents.

      [NetDev]
Name=br0
Kind=bridge

    • Create a /etc/systemd/network/br0.network file with the following contents.

      [Match]
Name=bond1

[Network]
Bridge=br0

    • Enter the following commands at a Command Line with root privileges.

      mkdir -p /etc/systemd/system/systemd-networkd-wait-online.service.d
mv /etc/network/interfaces /etc/network/interfaces.org
systemctl disable networking
systemctl enable systemd-networkd

    • See https://askubuntu.com/questions/972215/a-start-job-is-running-for-wait-for-network-to-be-configured-ubuntu-server-17-1.

    • Create a /etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf file with the following contents.

    [Service]
ExecStart=
ExecStart=/lib/systemd/systemd-networkd-wait-online --any

  • Restart the computer.

  • Log in as smru on the tbhf-kvm-mrm server using PuTTY.

  • Enter the following commands at a Command Line.

    ip address
ip link list
systemctl --type service
ls -al /etc/resolv.conf
cat /etc/resolv.conf
    domain smru.shoklo-unit.com
search smru.shoklo-unit.com
nameserver 10.10.1.1

15. iDRAC

  • Enter the following commands at a Command Line.

    sudo apt-get update
sudo apt-get --yes install ipmitool

sudo ipmitool mc getsysinfo system_name
sudo ipmitool mc setsysinfo system_name tbhf-lxd-mrm.smru.shoklo-unit.com
sudo ipmitool mc getsysinfo system_name

sudo ipmitool mc getsysinfo primary_os_name
sudo ipmitool mc setsysinfo primary_os_name "Debian GNU/Linux 11"
sudo ipmitool mc getsysinfo primary_os_name

16. Configuration

  • Log in as smru on tbhf-kvm-mrm using PuTTY.

  • Enter the following commands at a Command Line.

    # Prevent ethtool syslog messages.
sudo apt-get remove ethtool

# Prevent os-prober syslog messages.
sudo apt-get remove os-prober

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get autoremove
sudo apt-get autoclean

cat /etc/debian_version
df

sudo apt-get --yes install net-tools    # Contains ifconfig command.
sudo smru setup snmp-server 10.10.1.12  # Install and configure snmp server.
sudo smru setup vim                     # Install and configure vim editor for each user.

sudo check-syslog
sudo zgrep -i 'systemd-networkd-wait-online' /var/log/syslog*
sudo zgrep -i 'lost carrier' /var/log/syslog*

17. PowerChute Network Shutdown

17.1. Installation

  • Enter the following commands at a Command Line.

    sudo smru setup apache          # Set up apache web server.

scp -p smru@tbhf-anc-mrm:/media/Windows/Software/APC/pcns441Linux-x86-64.tar.gz .
tar xfz pcns441Linux-x86-64.tar.gz
cd Linux_x64
sudo ./install.sh

  • Press Enter for the default English language.

  • Type q to quit the license terms.

  • Type yes and press Enter to agree with the license terms.

  • Press Enter for the default /opt/APC/PowerChute installation directory.

  • Type Yes and press Enter to install PCNS.

  • Enter the following commands at a Command Line.

    cd
rm -rf Linux_x64
sudo service PowerChute status

17.2. Configuration

  • Note: Make sure to disable the proxy server.

  • Browse to https://10.10.1.11:6547.

  • Click Next.

  • Uncheck Join PowerChute Customer Experience Improvement Program ("CEIP").

  • Click Next.

  • Choose IPv4.

  • Click Next.

  • Choose Redundant.

  • Click Next.

  • Password requirements:

    • Must be between 8-128 characters.

    • Must contain at least one digit character.

    • Must contain at least one lower case character.

    • Must contain at least one upper case character.

    • Must contain at least one special character.

  • Type the Network Card Management user name (apc) in the User Name field.

  • Type the APC PowerChute password in the Password field.

  • Type the Network Management Card PowerChute authentication phrase in the Authentication Phrase field.

  • Click Next.

  • Select Protocol | http.

  • Click Network Management Cards | Add IP Address.

  • Type 10.10.1.57 and click OK.

  • Click Network Management Cards | Add IP Address.

  • Type 10.10.1.58 and click OK.

    Protocol                                http
Port                                    80
Network Management Cards
10.10.1.57
10.10.1.58

  • Click Next.

    Username:                               apc
Password:                               *****
Authentication Phrase:                  *****
PowerChute IP:                          10.10.1.11
UPS Configuration:                      Redundant
Network Management Card IP:             10.10.1.57
                                        10.10.1.58
Network Management Card Protocol:       http
Network Management Card Port:           80

  • Click Apply.

  • Wait.

  • Click Next.

  • Select Outlet Group: | UPS Outlets: On for the 10.10.1.58 UPS.

  • Click Apply.

  • Click Next.

  • Choose Do not turn off the UPS.

  • Click Next.

    Automatically check for PowerChute update notifications.        ■

  • Click Finish.

  • Select Logout.

17.3. Uninstallation

  • Enter the following commands at a Command Line.

    sudo /opt/APC/PowerChute/uninstall

  • Type Yes and press Enter to uninstall PowerChute Network Shutdown.

17.4. Usage

  • Note: Make sure to disable the proxy server.

  • Browse to https://10.10.1.11:6547.

  • Type apc for the user name.

  • Type the PowerChute password.

  • Click Log on.

  • Select Logout.

18. KVM

18.1. Installation

  • Enter the following commands at a Command Line.

    sudo smru setup kernel-firmware                 # Install and configure kernel firmware.
sudo smru setup kvm                             # Install and configure kvm type 1 hypervisor.
sudo systemctl status libvirtd

# Make Debian 11 known as an os variant.
sudo apt-get install curl
sudo apt-get install libosinfo-bin
# Browse to http://http.us.debian.org/debian/pool/main/o/osinfo-db to find latest package.
curl -L -O http://http.us.debian.org/debian/pool/main/o/osinfo-db/osinfo-db_0.20220214-1_all.deb
sudo dpkg -i osinfo-db_0.20220214-1_all.deb

# List os variants for Debian.
osinfo-query os | grep -i debian

18.2. Configuration

  • Enter the following commands at a Command Line.

    sudo mkdir -p /home/kvm/images
mkdir -p /home/delta/images

sudo adduser smru kvm
sudo adduser smru libvirt

# log of & log on
# sudo systemctl restart libvirtd

ls -al /usr/lib/qemu/qemu-bridge-helper
sudo chmod u+s /usr/lib/qemu/qemu-bridge-helper
ls -al /usr/lib/qemu/qemu-bridge-helper

# https://blog.christophersmart.com/2016/08/31/configuring-qemu-bridge-helper-after-access-denied-by-acl-file-error
sudo mkdir -p /etc/qemu
echo "allow all" | sudo tee /etc/qemu/smru.conf
echo "include /etc/qemu/smru.conf" | sudo tee --append /etc/qemu/bridge.conf
cat /etc/qemu/bridge.conf               # include /etc/qemu/smru.conf
cat /etc/qemu/smru.conf                 # allow all
sudo chmod 640 /etc/qemu/smru.conf
sudo chown root:smru /etc/qemu/smru.conf
ls -al /etc/qemu/bridge.conf            # -rw-r--r-- 1 root root 28 2022-03-16 16:35:56 /etc/qemu/bridge.conf
ls -al /etc/qemu/smru.conf              # -rw-r----- 1 root smru 10 2022-03-16 16:34:30 /etc/qemu/smru.conf

18.3. Create KVM vm

  • Enter the following commands at a Command Line.

    # Create virtual machine in user space.
virt-install \
  --disk format=qcow2,path=/home/delta/images/tbhf-anc-mrm.qcow2,size=100 \
  --extra-args "console tty0 console=ttyS0,115200n8 serial" \
  --graphics none \
  --location http://deb.debian.org/debian/dists/stable/main/installer-amd64 \
  --memory 2048 \
  --name tbhf-anc-mrm \
  --network bridge=br0 \
  --os-variant debian11 \
  --vcpus 1 \
  --virt-type kvm

18.4. Destroy KVM vm

  • Enter the following commands at a Command Line.

    sudo ls -al /home/kvm/images
sudo ls -al /home/delta/images
sudo virsh list --all
sudo virsh shutdown <vm>        # Graceful shut down.
sudo virsh list --all
sudo virsh destroy <vm>         # Forced shut down.
sudo virsh undefine --domain <vm> --remove-all-storage
sudo virsh list --all
sudo ls -al /home/kvm/images
sudo ls -al /home/delta/images

18.5. Usage

  • Enter the following commands at a Command Line.

    sudo virsh list --all
sudo virsh pool-list --all
sudo virsh start <vm>
sudo virsh shutdown <vm>

sudo ls -al /var/lib/libvirt/images
sudo ls -al /home/kvm/images

18.5.1. Idle VM Backup

  • Enter the following commands at a Command Line.

    ls -al /home/kvm/images
sudo virsh list --all
sudo virsh shutdown tbhf-tst-mrm
ls -al /home/kvm/images
sudo chown libvirt-qemu:libvirt-qemu /home/kvm/images/tbhf-tst-mrm.qcow2
ls -al /home/kvm/images
sudo virsh list --all
sudo cp -a /home/kvm/images/tbhf-tst-mrm.qcow2 /home/kvm/backups
sudo cp -a /etc/libvirt/qemu/tbhf-tst-mrm.xml   /home/kvm/backups
sudo virsh dumpxml tbhf-tst-mrm > /home/kvm/backups/tbhf-tst-mrm-dump.xml
sudo chown delta:delta /home/kvm/backups/tbhf-tst-mrm.qcow2
sudo chown delta:delta /home/kvm/backups/tbhf-tst-mrm.xml
ls -al /home/kvm/backups
sudo virsh start tbhf-tst-mrm
sudo virsh list --all
ls -al /home/kvm/images

18.5.2. Live VM Backup

  • Enter the following commands at a Command Line.

    sudo virsh domblklist tbhf-tst-mrm
sudo virsh snapshot-create-as --domain tbhf-tst-mrm tbhf-tst-mrm \
  --diskspec vda,file=/home/kvm/overlays/tbhf-tst-mrm.qcow2 \
  --disk-only --atomic --no-metadata
sudo virsh domblklist tbhf-tst-mrm

sudo cp -a /home/kvm/images/tbhf-tst-mrm.qcow2 /home/kvm/backups/tbhf-tst-mrm.qcow2
sudo virsh blockcommit --domain tbhf-tst-mrm vda --active --pivot --verbose
sudo virsh domblklist tbhf-tst-mrm
sudo rm -f /home/kvm/overlays/tbhf-tst-mrm.qcow2

sudo cp -a /etc/libvirt/qemu/tbhf-tst-mrm.xml /home/kvm/backups
sudo virsh dumpxml tbhf-tst-mrm > /home/kvm/backups/tbhf-tst-mrm-dump.xml
sudo chown delta:delta /home/kvm/backups/tbhf-tst-mrm.qcow2
sudo chown delta:delta /home/kvm/backups/tbhf-tst-mrm.xml

qemu-img convert -O qcow2 /home/kvm/backups/tbhf-tst-mrm.qcow2 /home/kvm/backups/tbhf-tst-mrm-shrunk.qcow2
qemu-img info /home/kvm/backups/tbhf-tst-mrm-shrunk.qcow2

qemu-img resize /home/kvm/backups/tbhf-tst-mrm-shrunk.qcow2 +5G
qemu-img info /home/kvm/backups/tbhf-tst-mrm-shrunk.qcow2

18.5.3. Restore

  • Enter the following commands at a Command Line.

    sudo virsh list --all
sudo virsh shutdown tbhf-tst-mrm
sudo virsh undefine --domain tbhf-tst-mrm --remove-all-storage
sudo virsh list --all
sudo vdir /home/kvm/images
sudo cp -a /home/kvm/backups/tbhf-tst-mrm.qcow2 /home/kvm/images
qemu-img resize /home/kvm/images/tbhf-tst-mrm.qcow2 +5G
sudo vdir /home/kvm/images
sudo vdir /etc/libvirt/qemu
sudo cp -a /home/kvm/backups/tbhf-tst-mrm.xml /etc/libvirt/qemu
sudo vdir /etc/libvirt/qemu
sudo virsh list --all
sudo virsh define /etc/libvirt/qemu/tbhf-tst-mrm.xml
sudo virsh list --all
sudo virsh start tbhf-tst-mrm
sudo virsh list --all

18.5.4. Restore Test

  • Enter the following commands at a Command Line.

    backup="tbhf-tst-mrm"
target="smru-restore"
/bin/cp -a      "/home/kvm/backups/${backup}-conv.qcow2" "/home/kvm/images/${target}.qcow2"
sudo chown libvirt-qemu:libvirt-qemu "/home/kvm/images/${target}.qcow2"
ls -al /home/kvm/images

sudo virsh list --all
sudo virsh shutdown "${backup}"
sudo virsh list --all

sudo virt-install --name=${target} \
--check all=off \
--disk path=/home/kvm/images/${target}.qcow2,format=qcow2,size=100 \
--graphics none \
--import \
--network bridge:br0 \
--os-variant=debian10 \
--ram=2048 \
--vcpus=1

  • Press Ctrl + ] to quit the KVM guest console.

    sudo virsh list --all

  • Log in as smru on tbhf-tst-mrm using PuTTY.

  • Enter the following commands at a Command Line.

    hostname
ip address
exit

  • Enter the following commands at a Command Line.

    sudo virsh list --all
sudo virsh shutdown "${target}"
sudo virsh start "${backup}"

sudo virsh undefine --domain "${target}"
rm -f "/home/kvm/images/${target}.qcow2"

sudo virsh list --all
ls -al /home/kvm/images

18.5.5. Snapshots

  • Note: snapshot-revert: Be aware that this is a destructive action. Any changes in the domain since the last snapshot was taken will be lost. Also note that the state of the domain after snapshot-revert has completed will be the state of the domain at the time the original snapshot was taken.

  • Enter the following commands at a Command Line.

    # Create snapshot.
sudo virsh list --all                                   # List domains.
sudo virsh shutdown --domain <domain>                   # Shut down domain.
sudo virsh list --all                                   # Check domain is shut off.
sudo virsh snapshot-create-as --domain <domain>         # Create snapshot.
sudo virsh start --domain <domain>                      # Start domain.
sudo virsh list --all                                   # Check domain is running.

# List domain info.
sudo virsh snapshot-list --domain <domain>              # List snapshots.
sudo virsh snapshot-info --current --domain <domain>    # List detailed info
sudo qemu-img info --force-share /home/kvm/images/<domain>.qcow2        # List snapshot sizes.

# Do your thing on <domain>.

# Delete snapshot (keep changes).
sudo virsh snapshot-delete --current --domain <domain>  # Delete current snapshot.

# Revert snapshot (lose changes).
sudo virsh snapshot-revert --current --domain <domain>  # Revert current snapshot.
sudo virsh start --domain <domain>                      # Start domain.
sudo virsh list --all                                   # Check domain is running.
sudo virsh snapshot-delete --current --domain <domain>  # Delete current snapshot.

18.6. Cron Jobs

  • Enter the following commands at a Command Line.

    sudo smru setup exim                            # Install and configure exim message transfer agent.
sudo smru setup share SMRU-SRV Teams$           # Add Teams$ (itadmin) share to /etc/fstab.
sudo smru setup share SMRU-HyperV01 Windows$    # Add Windows$ (winaccess) share to /etc/fstab.
sudo crontab -e                                 # Append following line to cron jobs.
    00 20 * * * /usr/local/sbin/backup kvm tbhf-ops-mrm tbhf-tst-mrm

18.7. Smartmontools

  • Enter the following commands at a Command Line.

    sudo smru setup smartmontools           # Install and configure smartmontools.

19. LXC

19.1. Installation

  • Enter the following commands at a Command Line.

    sudo apt-get install bridge-utils debootstrap lxc
sudo systemctl status lxc-net
sudo systemctl --type service
ip address

19.2. Configuration

  • Enter the following commands at a Command Line.

    sudo mkdir -p /home/lxc
sudo mount --bind /home/lxc /var/lib/lxc
sudo cp -a /etc/fstab /etc/fstab.org

file="/etc/lxc/default.conf"
# Back up original file if backup file is missing.
if [ -f "${file}" ] && [ ! -f "${file}.org" ]; then cp -a "${file}" "${file}.org"; fi

sudo sed -i "s/lxcbr0/br0/" "${file}"
sudo sed -i "$ a lxc.start.auto = 1" "${file}"
sudo sed -i "$ a lxc.start.delay = 5" "${file}"
diff /etc/lxc/default.conf.org /etc/lxc/default.conf
sudo systemctl restart lxc-net
sudo systemctl status lxc-net

  • Contents of the /etc/fstab file.

    /home/lxc       /var/lib/lxc    none    bind

19.3. Create LXC container

  • Enter the following commands at a Command Line.

    # Note: The very first time debootstrap is called which takes about 2 minutes.
# Note: The update-rc.d: errors can be safely ignored.
# Note: The invoke-rc.d: errors can be safely ignored.
# Note: Type "lxc-create -t debian -h" to see the template options.

# Create privileged container.
sudo lxc-create --name tbhf-aaa-mrm --template debian -- -r bullseye
sudo ls -al /home/lxc

# Make sure to modify the /etc/network/interfaces file.
sudo lxc-info tbhf-aaa-mrm

19.4. Destroy LXC container

  • Enter the following commands at a Command Line.

    sudo lxc-ls
sudo lxc-destroy --name tbhf-aaa-mrm

19.5. Backup LXC container

  • Enter the following commands at a Command Line.

    sudo lxc-snapshot --logpriority=LEVEL --name tbhf-aaa-mrm

19.6. Restore LXC container

  • Enter the following commands at a Command Line.

19.7. Usage

  • Enter the following commands at a Command Line.

    sudo lxc-info tbhf-aaa-mrm
sudo lxc-ls
sudo lxc-ls --fancy
sudo lxc-start  --name tbhf-aaa-mrm
sudo lxc-attach --name tbhf-aaa-mrm

# Inside container.
ip address
cat /etc/network/interfaces
cat /etc/resolv.conf
ls -al /etc/resolv.conf

apt-get install iputils-ping
apt-get install vim.tiny

exit

20. LXD

20.1. Installation

  • Enter the following commands at a Command Line.

    sudo apt-get update
sudo apt-get install snapd
sudo snap install lxd


file="/etc/sudoers"
# Back up original file if backup file is missing.
if [ -f "${file}" ] && [ ! -f "${file}.org" ]; then cp -a "${file}" "${file}.org"; fi
# Add path.
sudo sed -i "s|secure_path=\"\(.*\)\"|secure_path=\"\1:/snap/bin\"|g" "${file}"

# Log off and log in again.
which lxd
sudo which lxd                          # /snap/bin/lxd
lxd --version                           # 5.0.0
sudo lxd --version                      # 5.0.0

20.2. Configuration

  • Enter the following commands at a Command Line.

    sudo lxd init
# Press Enter (default=no) for no LXD clustering.
# Press Enter (default=yes) to configure a new storage pool.
# Press Enter (default=default) for the name of the new storage pool.
# Press Enter (default=btrfs) for btrfs storage backend.
# Type "no" and press Enter (default=yes) to skip creating a new btrfs storage pool.
# Type "/home" and press Enter for the name to the existing BTRFS pool or dataset.
# Press Enter (default=no) to skip connecting to a MAAS server.
# Type "no" and Press Enter (default=yes) to skip creating a new local network bridge.
# Type "yes" and Press Enter (default=no) to use an existing bridge or host interface.
# Type "br0" and press Enter for the name of the existing bridge or host interface.
# Press Enter (default=no) for the LXD server not to be available over the network.
# Type "no" and press Enter (default=yes) for stale cached images not to be updated automatically.
# Type "yes" and press Enter (default=no) for a YAML "lxd init" preseed to be printed.
    Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]:
Name of the storage backend to use (btrfs, dir, lvm, ceph) [default=btrfs]:
Create a new BTRFS pool? (yes/no) [default=yes]: no
Name of the existing BTRFS pool or dataset: /home
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]: no
Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
Name of the existing bridge or host interface: br0
Would you like the LXD server to be available over the network? (yes/no) [default=no]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: no
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: yes
    config:
  images.auto_update_interval: "0"
networks: []
storage_pools:
- config:
    source: /home
  description: ""
  name: default
  driver: btrfs
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      nictype: bridged
      parent: br0
      type: nic
    root:
      path: /
      pool: default
      type: disk
  name: default
projects: []
cluster: null

  • Enter the following commands at a Command Line.

  • Enter the following commands at a Command Line with root privileges.

    ls -al /home

#
sudo lxc config set core.https_address :8443
sudo lxc config set core.trust_password ********        # Use level 2 password.

20.3. Images

  • Note: All images use systemd-networkd.service instead of networking.service.

  • Enter the following commands at a Command Line.

  • Enter the following commands at a Command Line with root privileges.

    lxc remote list
lxc image list images: debian bullseye amd64
lxc image list images: debian bookworm amd64

20.4. Usage

  • Enter the following commands at a Command Line.

  • Enter the following commands at a Command Line with root privileges.

    sudo lxc list -c ns46tS,boot.autostart

# Create container.
sudo lxc launch images:debian/11 tbhf-aaa-mrm

# Create virtual machine.
sudo lxc launch images:debian/11 tbhf-bbb-mrm --vm

sudo lxc list
sudo lxc info tbhf-aaa-mrm
sudo lxc info tbhf-bbb-mrm

# Prevent apparmor="DENIED" operation="mount" syslog messages for containers.
# See https://discuss.linuxcontainers.org/t/apparmor-denied-operation-mount/2424/17
sudo lxc config set tbhf-aaa-mrm security.nesting true

# Attach to console, to detach from console, press <ctrl>+a q
sudo lxc console tbhf-aaa-mrm
sudo lxc console tbhf-bbb-mrm

# Start shell inside container or virtual machine.
sudo lxc exec tbhf-aaa-mrm -- /bin/bash
sudo lxc exec tbhf-bbb-mrm -- /bin/bash

# Delete container.
sudo lxc stop   tbhf-aaa-mrm
sudo lxc stop   debian11 --force
sudo lxc delete tbhf-aaa-mrm

# Backup container.
sudo lxc snapshot tbhf-aaa-mrm 2022-04-13
sudo ls -al /home/containers-snapshots/tbhf-aaa-mrm/2022-04-13
sudo lxc info tbhf-aaa-mrm
sudo lxc publish --force tbhf-aaa-mrm/2022-04-13 --alias tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE
sudo lxc image info tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE
# Export lxc image to image.tar.gz file.
sudo lxc image export tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE
ls -al tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE.tar.gz

# Cleanup container snapshots.
sudo lxc delete tbhf-aaa-mrm/2022-04-13                         # Delete snapshot.
sudo lxc image delete tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE      # Delete image.
# sudo rm tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE.tar.gz           # Delete published image.

# Restore container.
sudo lxc image import tbhf-aaa-mrm-BACKUP-2022-04-13-IMAGE.tar.gz --alias tbhf-aaa-mrm-restored
sudo lxc image list
sudo lxc launch tbhf-aaa-mrm-restored tbhf-aaa-mrm
sudo lxc list

# Backup virtual machine.
sudo lxc snapshot debian11 2022-04-26
sudo ls -al /home/virtual-machines-snapshots/debian11/2022-04-26
sudo lxc info debian11
sudo lxc publish --force debian11/2022-04-26 --alias debian11-BACKUP-2022-04-26-IMAGE
#       qemu-img convert -f raw -O qcow2 -c -T none -t none /var/snap/lxd/common/lxd/storage-pools/default/virtual-machines-snapshots/win10b/2022-04-27/root.img /var/snap/lxd/common/lxd/images/lxd_export_2189678916/rootfs.img
#       See https://github.com/lxc/lxd/issues/5509
        sudo lxc storage show default
        sudo lxc storage list

# Export lxc image to image.tar.gz file.
sudo lxc image export debian11-BACKUP-2022-04-26-IMAGE debian11-BACKUP-2022-04-26-IMAGE
ls -al debian11-BACKUP-2022-04-26-IMAGE.tar.gz

# Cleanup virtual machine snapshots.
sudo lxc delete debian11/2022-04-26                     # Delete snapshot.
sudo lxc image delete debian11-BACKUP-2022-04-26-IMAGE  # Delete image.
sudo lxc image delete debian11                          # Delete image.                 ???
# sudo rm debian11-BACKUP-2022-04-26-IMAGE.tar.gz       # Delete published image.

# Restore virtual machine.
sudo lxc stop debian11
sudo lxc delete debian11/2022-04-26     # Remove snapshot.
#       Error: Failed setting subvolume writable "/var/snap/lxd/common/lxd/storage-pools/default/virtual-machines-snapshots/debian11/2022-04-26":
#       Failed to run: btrfs property set -ts /var/snap/lxd/common/lxd/storage-pools/default/virtual-machines-snapshots/debian11/2022-04-26 ro false:
#       ERROR: Could not set subvolume flags: Read-only file system
# Workaround:   sudo btrfs subvolume delete /home/images/b5230ba66e21c7718f887d3f58235ae204bc3d4aa9093a983e25a82d76026dd0
# Workaround:   sudo btrfs subvolume delete /home/virtual-machines-snapshots/debian11/2022-04-26

# Moving to a different storage pool.
# See https://discuss.linuxcontainers.org/t/change-storage-size-and-driver/6097

sudo lxc delete debian11
sudo lxc image import debian11-BACKUP-2022-04-26-IMAGE.tar.gz --alias debian11-restored
sudo lxc image list
sudo lxc launch debian11-restored debian11
sudo lxc list

sudo lxc delete debian11
sudo lxc init debian11-restored debian11 --vm --config security.secureboot=false --config limits.cpu=1 --config limits.memory=2GB
sudo lxc start debian11

sudo lxc stop debian11 --force
sudo lxc delete debian11
sudo lxc launch debian11-restored debian11 --console --vm
sudo lxc start debian11 --console

#       BdsDxe: failed to load Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1): Not Found
#       >>Start PXE over IPv4.

sudo lxc stop win10 --force
sudo lxc delete win10
sudo lxc launch win10-restored win10 --console --vm
sudo lxc start win10 --console

#       BdsDxe: failed to load Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1): Not Found
#       >>Start PXE over IPv4.



# See https://pve.proxmox.com/wiki/OVMF/UEFI_Boot_Entries
# See https://mricher.fr/post/boot-from-an-efi-shell
# Press Esc during boot to enter ?UEFI boot menu?

# Linux:
# Wait several minutes for the SHELL> prompt to show up.
# Wait several minutes for the UEFI Interactive Shell.
# map
# FS0:
# ls
# cd EFI
# ls
# cd debian
# ls
# grubx64.efi
# IF: Command Error Status: Access Denied THEN Disable Secure Boot.
# sudo fdisk -l
# Fix boot error.
# sudo grub-install /dev/sda


# Windows:
# Wait several minutes for the SHELL> prompt to show up.
# Wait several minutes for the UEFI Interactive Shell.
# map
# BLK0:
# exit  -->



# Auto start.
sudo lxc config set <instance> boot.autostart false
sudo lxc config set <instance> boot.autostart true
sudo lxc list -c ns46tS,boot.autostart
sudo find /home -iname backup.yaml -print -exec sudo grep boot.autostart {} \;
sudo lxc image info debian11-BACKUP-2022-04-26-IMAGE

# Profiles.
sudo lxc profile list
sudo lxc profile show default

21. VGA Console Access

  • Install LXC Client.

  • Install VirtViewer.

  • Enter the following commands at a Command Prompt.

    lxc.exe remote add tbhf-lxd-mrm 10.10.1.8
lxc.exe remote add tbhf-tst-mrm 10.10.1.8
# Type "y" and press Enter to accept the fingerprint.
# Type the level 2 password and press Enter.

lxc.exe remote switch tbhf-lxd-mrm
lxc.exe remote switch tbhf-tst-mrm
lxc.exe config show
lxc.exe list
lxc.exe list -c ns46tS,boot.autostart
lxc.exe console win10 --type=vga

  • Press Shift+F10 to open a Command Prompt.

  • Enter the following commands at the Command Line.

    setup.exe /unattend:D:\Unattend-x64-Enterprise.xml

22. Instance Configuration

  • Enter the following commands at a Command Line with root privileges.

    cat /etc/debian_version
ip address
systemctl --type service
ls -al /etc/resolv.conf
cat    /etc/resolv.conf

scp -p delta@10.10.1.2:/media/Windows/Software/_Delta/delta-linux-tools-#.#.#-1-all.deb .
dpkg -i delta-linux-tools-#.#.#-1-all.deb

smru config legacy-ethernet 10.10.1.# 10.10.1.170 10.10.1.1 smru.shoklo-unit.com

# Only do for virtual machines.
smru config kernel net.ifnames=0        # Disable consistent network device names.

  • Restart the computer.

  • Enter the following commands at a Command Line with root privileges.

    ip address
ls -al /etc/resolv.conf
cat    /etc/resolv.conf

smru config apt                         # Configure apt repositories.

smru install basic-tools                # Install basic commands like curl and wget.

smru setup bash                         # Install and configure bash shell for each user.
smru setup cron                         # Install and configure cron.
smru setup editor                       # Install and set default editor to vim.tiny for each user.
smru setup locale                       # Install and configure locale.
smru setup timezone                     # Install and configure time zone.
smru setup user "smru" "SMRU" "live"    # Add "smru" user account with "live" password.
passwd                                  # Change password of "root" user account.
passwd smru                             # Change password of "smru" user account.

smru setup inventory                    # Install and configure inventory.
smru setup openssh                      # Install and configure openssh server.
smru setup sudo                         # Install and configure sudo for each user.

  • Restart the computer.

  • Enter the following commands at a Command Line.

    sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get autoremove
sudo apt-get autoclean

cat /etc/debian_version
df

sudo smru setup snmp-server 10.10.1.12  # Install and configure snmp server.
sudo smru setup vim                     # Install and configure vim editor for each user.

# Only do for virtual machines.
sudo check-syslog
sudo grep -Ei --color=always "bad |brok|cann|crit|deni|err:|erro|fail|igno|insu|leak|lost|miss|not |such|unab|warn" /var/log/syslog
sudo zgrep -i 'systemd-networkd-wait-online' /var/log/syslog*
sudo zgrep -i 'lost carrier' /var/log/syslog*

23. Advanced Instance Configuration

  • Contents of the /etc/apt/apt.conf.d/proxy.conf file.

    Acquire::http::Proxy  "http://10.10.1.170:8080";
Acquire::https::Proxy "http://10.10.1.170:8080";

#Acquire {
#  HTTP::proxy  "http://127.0.0.1:8080";
#  HTTPS::proxy "http://127.0.0.1:8080";
#}

  • Enter the following commands at a Command Line.

    apt-get update
apt-get install spice-client-gtk
apt-get install lxde
apt-get install xrdp

snap set system proxy.http="http://10.10.1.170:8080"
snap set system proxy.https="http://10.10.1.170:8080"

24. Debian VM On LXD

  • Enter the following commands at a Command Line.

    folder="/media/Windows/Images/Debian/Debian 11"
file="debian-11.6.0-amd64-netinst.iso"

# Create an empty virtual machine.
sudo lxc init debian11 --empty --vm --config security.secureboot=false --config limits.cpu=1 --config limits.memory=2GB
# Add iso file as boot drive.
# By default root disk has boot priority of 1.
sudo lxc config device add debian11 iso disk source="${folder}/${file}" boot.priority=10
sudo lxc config show debian11

sudo lxc list
sudo lxc start debian11

# Remote to the virtual machine from Windows.
# lxc.exe console debian11 --type=vga

# Remove boot drive.
sudo lxc config device remove debian11 iso

25. Windows VM On LXD

25.1. Preparation

  • First create a new iso file with the unattend files included.

  • Install Windows ADK.

  • Enter the following commands at a Command Prompt with administrative privileges.

    # Extract iso file and add unattend files.
set "Folder=W:\Images\Windows\Windows 10\21H2"
set "File=en-us_windows_10_business_editions_version_21h2_x64_dvd_ce067768.iso"
rmdir /q /s "%Folder%\Tmp"
"C:\Program Files\7-Zip\7z.exe" x -y -o"%Folder%\Tmp" "%Folder%\%File%"
copy W:\Unattend-x64-*.xml "%Folder%\Tmp"
copy W:\Unattend-x86-*.xml "%Folder%\Tmp"

# Create new iso file with unattend files.
set "BootFile="%Folder%\Tmp\boot\etfsboot.com"
set "Label=Windows-10-Enterprise-x64"
set "SourceRoot="%Folder%\Tmp"
set "TargetFile=W:\Windows-10-Enterprise-Unattend-x64.iso"
set "Folder=C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg"
"%Folder%\oscdimg.exe" -u2 -o -l%Label% -b%BootFile% %SourceRoot% %TargetFile%

25.2. Installation

  • Enter the following commands at a Command Line.

    sudo snap install distrobuilder --classic
sudo apt-get install -y libguestfs-tools wimtools

folder="/media/Windows"
file="Windows-10-Enterprise-Unattend-x64.iso"
sudo distrobuilder repack-windows "${folder}/${file}" "${file}"
# Wait about 5 minutes for it to finish.

# Create an empty virtual machine.
sudo lxc init win10 --empty --vm --config security.secureboot=false --config limits.cpu=1 --config limits.memory=2GB
sudo lxc config device override win10 root size=30GiB
# Add iso file as boot drive.
# By default root disk has boot priority of 1.
sudo lxc config device add win10 iso disk source="$(pwd)/${file}" boot.priority=10
sudo lxc config show win10

sudo lxc list
sudo lxc start win10

# Remote to the virtual machine from Windows.
# lxc.exe console win10 --type=vga

# Remove boot drive.
sudo lxc config device remove win10 iso

25.3. Configuration

  • Change the built-in Administrator password.

    • Press Ctrl+Alt+Del.

  • Enable Proxy Server.

    • Start Internet Options (inetcpl.cpl).

    • Select the Connections tab.

    • Click LAN settings.

    • Check Use a proxy server for your LAN.

    • Type 10.10.1.170 in the Address field.

    • Type 8080 in the Port field.

    • Check Bypass proxy server for local addresses.

    • Click OK.

    • Click OK.

    • Close Internet Options.

  • Enable RDP.

    • Start System Properties (sysdm.cpl).

    • Select the Remote tab.

    • Choose Allow remote connections to this computer.

    • Check Allow connections only from computers running Remote Desktop with Network Level Authentication.

    • Click Apply.

    • Click OK.

    • Close System Properties.

26. PMP