(Warning: Work in progress)
The purpose of this tool is to have a predictable tool that prepares disk images for our drives library. The tool is also open source, such that the modifications that we make to the operating systems are transparent and easy to audit.
We've also designed these base images to be as convenient as possible for you as a user. Just clone the image, and you should be good to go. Even your SSH key will be automatically installed.
_________________________________________
| Distribution | Version | Auto expand* |
| -------------|-----------|--------------|
| CentOS | 6.4 | Yes |
| Debian | 7.2 | No † |
| Fedora | 19 | Yes |
| Ubuntu | 12.04 LTS | Yes |
| Ubuntu | 13.10 | Yes |
|______________|___________|______________|
(*) Automatically expand root file system on first boot. (†) 'cloud-init' missing from repository.
In order to keep things consistent, we make a few things consistent across all Linux distributions:
sudo
to switch to root.fail2ban
is installed, which provides additional protection against brute-force attacks.eth0
as the network interface, and it is configured to use DHCP./dev/vda1
) and the rest for root (/dev/vda2
).One of the corner-stones of these disk images is the use of contextualization/meta data. Using this, we are able to pass data to the guest operating system. To get a better overview of the various meta-data variables used, here's a brief overview:
&&
or ;
) to be executed on first boot. Please note that these commands will be executed as 'root'. Use with caution.Please see these installation instructions.
In order to increase the security, the post-installation script installs Uncomplicated Firewall (ufw), and configured to block all connections with the exception of SSH. To disable ufw, simply run sudo ufw disable
. For more information about ufw, please visit this page.
Please see these installation instructions.
Similarly to Ubuntu, 'ufw' is installed.
Please see these installation instructions.
By default, the firewall is configured to only accept SSH connections. To alter the firewall, we recommend that you use system-config-securitylevel-tui
(or iptables
directly).
First, make sure that curl
and python
are installed. Once that is done, simply run this command as root:
curl -sL -o /tmp/setup.sh https://www.cloudsigma.com/vmprep.sh
chmod +x /tmp/setup.sh && sudo /tmp/setup.sh && rm -f /tmp/setup.sh
Simply run the following command:
sudo cs_util.sh install-desktop
Just run the following command:
sudo cs_util.sh set-timezone
We've built in a tool for disabling the firewall. Simply run:
sudo cs_util.sh disable-firewall
By default, the SSH key(s) stored in the WebApp for the server (or drive) will be installed to the account 'cloudsigma'. If you wish to do this later on, you can use the same tool again.
cs_util.sh install-ssh-key
This will install your SSH key(s) to your account. If you wish to install the same SSH key to a different account, you can do that too by runnning:
cs_util.sh install-ssh-key otheruser