Difference between revisions of "Remote installation"

Summary

This is a guide to set up a rootserver with Arch Linux. While Arch makes a good server system, it is not usually the pre-installed distribution of choice. It is quite easy to replace a pre-installed system on a local computer. Replacing a system on a computer you can only access remotely via SSH is not as easy and requires certain steps be done in a certain order. Please make sure you understand each step before proceeding. If not, please refer to some standard docs such as man-pages, Arch Linux Forum or the Wiki.

We will replace a running Linux system on a remote server. When you finish this tutorial you will have a base Arch Linux, which can be accessed via SSH. To setup Mail-server or Subversion or Apache is subject to other tutorials which can be found elsewhere.

Disclaimer: This is a dangerous process that assumes you know what you are doing. It is easy to destroy your system or to lose critical data, and your service provider will likely charge a lot to help you recover. Follow this procedure at your own risk.

Introduction

You will need to setup an intermediate system, boot into it and setup your new Arch Linux server from there. This sounds a bit easier than it is, because you will be faced with a classical situation: you kill the system that hosts your activities. As with many other things, there is more than just one way to do it. There are two possible scenarios:

1. Many providers offer systems called rescue systems or remote consoles, which is often just a bootdisc stored on a network card. This boots into a rudimentary system which just exists in your RAM. Thus you will have the ability to partition your harddrive as you like.
2. Many servers have a swap partition. If yours doesn't you should maybe switch providers. You can disable the swap partition and set up your intermediate system there.

This document outlines the latter option, as if you have access to a remote console, you have won half the battle.

Backup and Preparation

During the procedure you WILL ERASE ALL DATA on your former server. Backup all your data including mails, webservers, etc. Have all information at your fingertips. Preserve all your server configurations, hostnames, etc.

Here is a list of data you will likely need:

• your IP Address
• your hostname(s), (note: rootserver are mostly also part of the providers domain, check/save your /etc/hosts before you delete)
• your DNS Server (check /etc/resolv.conf)
• your SSH keys (if other people work on your server, they will have to accept new keys otherwise. This includes keys from your apache, your mail servers, your ssh server and others. Those are usually spread all over your system, at least all over /etc If you have signed keys, then you have paid for these keys. You better keep them ;-) )
• knowledge of your hardware (network card, etc. Refer to your pre-installed /etc/modules.conf )
• if your bootmanager is already using /boot/grub/menu.lst please backup it.

In General, it is a good idea to have a local copy of your original /etc directory on your local harddrive.

Prepare the intermediate system

The intermediate system is the system which is used as a place where you setup your new disc layout and install the final system. There is no need to install more then the absolutely necessary packages in it. In addition to the base system you will need wget to fetch some software and an ssl server.

Create a new swap file

If you're paranoid or have very little RAM available you might want to add a swap file as swapspace before you disable the swap partition. Note that you don't need running daemons such as mailserver, http-server etc. When you stop them you can free memory at the remote machine.

The following commands create a file filed with zeros, formats it as swap space, activates the swap file, forces writing of the buffer cache to the disk, and then checks for active swap files.

# dd if=/dev/zero of=/swapfile bs=1024 count=512288
# mkswap /swapfile
# swapon /swapfile
# sync
# cat /proc/swaps

Set old swap partition as new root partition

You likely have only one hard drive. (Otherwise you could install your intermediate system on the other hd). Check cfdisk, /proc/swaps or /etc/fstab to find your swap partition.

Assuming your hard drive is located on hdaX (X will be a number), The following commands disable the swap space, create a filesystem on it, create a directory to mount it in, and finally mounts the new directory for installing the intermediate system.

Don't forget to change the partition ID field from "Linux Swap" to "Linux" in fdisk first! Otherwise, GRUB will not boot your bootstrap Arch partition.

# swapoff /dev/hdaX
# fdisk /dev/hda
(set /dev/hdaX ID field to "Linux" - Hex 83)
# mke2fs -j /dev/hdaX
# mkdir /mnt/newsys
# mount -t ext3 /dev/hdaX /mnt/newsys

Install the intermediate system

David Leinhäuser (aka Calavera) wrote a bootstrap script which can be used for the intermediate system as well as the final system. It makes things easier. Grab it here: https://bbs.archlinux.org/viewtopic.php?id=4020.

Copy the file from your local machine to the remote machine:

$ scp archbootstrap root@yourserver.org:/home

Edit the script and change the repos dir

REPOS="core/os/i686"                              # Which repository to use.

Run the script on your remote machine (Ensure wget is installed on the remote machine before running archbootstrap):

# ./archbootstrap /mnt/newsys ftp://gd.tuwien.ac.at/opsys/linux/archlinux

You can, of course, choose another mirror.

! Make sure that you are running a 2.6 kernel or you will get problems when chrooting.

Configure the intermediate system

When archbootstrap has finished, you have a raw system which still needs information you usually setup during an ordinary Arch Linux setup. This is all information you should have saved from your former system.

Tweak the following files before you chroot into the new system:

• /mnt/newsys/etc/fstab
• /mnt/newsys/etc/resolv.conf
• /mnt/newsys/etc/hosts
• /mnt/newsys/etc/hosts.allow
• /mnt/newsys/etc/rc.conf
• /mnt/newsys/etc/modprobe.d/modprobe.conf

Specifically:

• add the newroot/formerswap partition to your /mnt/newsys/etc/fstab:

  /dev/discs/disc0/partX / ext3 defaults 0 1

• add the nameserver to your /mnt/newsys/etc/resolv.conf

  nameserver xxx.xxx.xxx.xxx

• add your remote host to /mnt/newsys/etc/hosts

  rooditoottoot yyy.yyy.yyy.yyy

• allow ssh clients to access; add sshd to /mnt/newsys/etc/hosts.allow

  sshd:ALL

• edit your /mnt/newsys/etc/rc.conf script; make sure you add sshd to your DAEMONS array. be sure that your eth0 settings and gateway information is set up properly.

Caution: If you don't allow your ssh daemon to start automatically you won't be able to gain remote access to your system. If you don't allow ssh clients to access your new server via /etc/hosts.allow the situation is technically different but the effect is the same.

• add your network card to your /mnt/newsys/etc/modprobe.d/modprobe.conf

alias eth0 <your module>

• copy your ssl keys from /etc/ssh to /mnt/newsys/etc/ssh

Things to check before you boot

You will have to chroot into your new system to bring up a kernel. When you're in it you will have to setup a root password, otherwise ssh won't let you into your system. Also your bootmanager must be directed to your new system. You might want to configure your bootmanager to be able to boot into your old system. This makes it easier to use the recovery console in case you have one.

• mount essential systems

 # mount -t devfs none /mnt/newsys/dev
 # mount -t proc none /mnt/newsys/proc
 on 2.6.24, we use udev, so the command is changed to
 # mount -o bind /dev /mnt/newsys/dev
 # mount -t proc none /mnt/newsys/proc

• chroot into your new system:

 # chroot /mnt/newsys /bin/bash

• make sure you have a network and `ifconfig` gives you something meaningful:

 [root@tester root]# ifconfig
 eth0      Link encap:Ethernet  HWaddr 00:E0:81:24:77:5E
           inet addr:192.168.0.7  Bcast:192.168.0.255  Mask:255.255.255.0
           inet6 addr: fe80::2e0:81ff:fe24:775e/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5259 errors:0 dropped:0 overruns:1 frame:0
           TX packets:3266 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:6076799 (5.7 Mb)  TX bytes:332020 (324.2 Kb)
           Interrupt:209 Base address:0x2000

 lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)</kbd>

• Now you should have pacman available to manage your system. You will need a kernel and an ssh server to reboot into your rescue system. Once you are installing stuff also consider the editor of your choice (nano, joe) if you dislike vi.

 # pacman -S kernel26 openssh

• You have to install and configure the bootloader now. I strongly recommend grub, as system updates on production systems are nerve wracking and there is a good chance to forget to call lilo after a kernelupdate. edit your /boot/grub/menu.lst (note: grub starts counting from zero not from one)

# (0) Arch Linux insert your old swap partition as new root 
title Arch Linux [/boot/vmlinuz26]
root (hd0,1) kernel /boot/vmlinuz26   root=/dev/discs/disc0/part2 ro

Before you install grub, note* that this is when you ruin your old system, If you don't make it available from your new grub config and don't edit your old fstab to disable the swap partition.

 # install-grub /dev/discs/disc0/disc /dev/discs/disc0/part2

• set a root password (DON'T MISS THIS AS IT LOCKS YOU OUT OF SSH)

 # passwd

• leave chroot environment:

 #exit

NOTE: Before proceeding double check that you:

1. set up your bootmanager to the new system
2. called sshd from rc.conf
3. allowed other machines to access your server in /etc/hosts.allow
4. set a root password

All this is necessary to get a working system.

• If you are sure the new system will boot, enter reboot.

Prepare a home for your new production server

Give the server time to reboot and then ping it to ensure you can access it.

SSH into your new Arch system. If you forgot to copy your ssh-keys the output will tell you why. Follow the lines to get rid of it. Make sure you understand where you are - at your former swap partition. In your private little rescue system. You are surrounded by your old system partition. If you are freaky enough to choose option #1 you are on your own for this part. To use parted is not the world's hardest challenge at all.

1. You want to migrate your old data to the new system. You use parted to create a rescue partition and copy all your data to it.
2. You already have a backup somewhere on the net (good boy!) then you can call cfdisk without a risk and set up your new disc layout directly.

Let's consider a good layout first: You are here in a rescue system. Useful, isn't it? Let's have rescue system at your harddrive if your server got hacked or if you have to work at the actual system. This can also be useful if you set up your server and need to interrupt your work. What to do, leave your server there without a firewall and no root passwords set for the MySQL-server? Bad idea! Boot into your rescue system just waiting to ssh into it again and continue your work. You can also add all the tools you need to work to this system and you're not restricted to the minimal system from the providers rescue console(if you have one). Now swap partitions, where you are currently, are mostly at the very beginning of a disc layout. Don't waste fast parts of the hd for your rescue system! Place the rescue system at the end (maybe 512-1024MB) of your disc layout.

Now the idea for the complete layout (It'll depend a bit on the former layout and where the partition you are currently working on is located). Some people might want to use Confixx or Vistas to maintain their domains and e-mail accounts. This will require a different layout but is not covered by this tutorial at all. We will suggest this layout:

• part1 swap 512MB
• part2 / 2048MB
• part3 /home depends on size of the disc
• part4 -- extended --
• part5 /backup usually the same size as /home
• part6 / for rescue system 1024MB

Now make your layout. When you do so don't forget that you will have to leave the partition you are currently working on intact!!!

 # parted /dev/discs/disc0/disc

or

 # cfdisk /dev/discs/disc0/disc

Create filesystems as desired and mount your new root partition to /mnt/newsys.

 # mkdir /mnt/newsys
 # mount -t ext3 /dev/discs/disc0/part3 /mnt/newsys

Set up your new system

We need archbootstrap again and this uses wget

# pacman -S wget

Copy archbootstrap from your old home, which you will have to mount, or copy it again via scp. Alternatively you can extract the original Arch setup script from the cd or from the floppy images. I assume you used archbootstrap again and have the base installed to /mnt/newsys. You can edit your /etc stuff manually again, or you can copy:

 # cat /etc/fstab > /mnt/newsys/etc/fstab
 # cat /etc/pacman.conf > /mnt/etc/pacman.conf
 # cat /etc/hosts > /mnt/etc/hosts
 # cat /etc/hosts.allow > /mnt/etc/hosts.allow
 # cat /etc/rc.conf > /mnt/etc/rc.conf
 # cat /etc/modprobe.d/modprobe.conf > /mnt/etc/modprobe.d/modprobe.conf
 # cat /etc/resolv.conf > /mnt/etc/resolv.conf

When you're done set up your final /mnt/newsys/etc/fstab (Edit to suit your system):

#
# /etc/fstab: static file system information
#
# <file system>        <dir>         <type>    <options>         <dump> <pass>
none                   /proc         proc      defaults            0      0
none                   /dev/pts      devpts    defaults            0      0
none                   /dev/shm      tmpfs     defaults            0      0
tmpfs                  /tmp          tmpfs     defaults            0      0
#sysfs                  /sys          sysfs     defaults            0      0
usbdevfs               /proc/bus/usb usbdevfs  defaults            0      0

/dev/cdroms/cdrom0     /mnt/cd      iso9660   ro,user,noauto,unhide   0      0
/dev/cdroms/cdrom0     /mnt/dvd     udf       ro,user,noauto,unhide   0      0
/dev/floppy/0          /mnt/fl      vfat      user,noauto,unhide      0      0

# the production system
/dev/discs/disc0/part1 swap         swap      defaults                0      0
/dev/discs/disc0/part2 /            ext3      defaults                0      1
/dev/discs/disc0/part3 /home        ext3      defaults                0      1

# the backup system
/dev/discs/disc0/part5 /mnt/backup  ext3      defaults,noauto         0      1

# the rescue system if necessary
/dev/discs/disc0/part6 /mnt/rescue  ext3      defaults,noauto         0      1

Don't forget to make a directory for the backup

 # mkdir /mnt/backup

Again, don't forget to copy your ssl keys. Mount devfs and proc:

 # mount -t devfs none /mnt/newsys/dev
 # mount -t proc none /mnt/newsys/proc

Chroot into your soon to be production system, set a root password, and install essential software

 # chroot /mnt/newsys /bin/bash
 # passwd
 # pacman -S kernel26 openssh mc wget nano

Tweak your /mnt/newsys/boot/grub/menu.lst to default it to your new production system.

 # install-grub /dev/discs/disc0/disc  dev/discs/disc0/part2

Double check that you have performed all necessary steps (as for setting up the rescue system), exit chroot, and reboot.

Final Remarks

Now you have Arch Linux running at your server. More things need to be done to turn it into something useful.