I decided that I wanted to move my dev web server over to nginx instead of apache. I am also thinking about a production setup, but first things first. Firstly I needed a new dev server. My dev box is a Ubuntu 14.04 LTS machine running KVM, hosting a number of virtual servers. This guide is not to do any of that setup. This guide is specifically the steps I take to roll a new dev virtual machine. While this may seem lame, this truly is step one on a lot of projects for me, so it makes sense to document it…

Ubuntu-vm-builder

So the first thing I do is build the machine. In this case, I am building an Ubuntu server guest on an Ubuntu server host on KVM. This means I can cheat with the awesome ubuntu-vm-builder application.

As you can see, I just need to make some particular selections here and let it do the work for me.

sudo ubuntu-vm-builder kvm trusty \
    --domain home.aaron \
    --dest vweb02 \
    --hostname vweb02 \
    --arch amd64 \
    --mem 256 \
    --cpus 1 \
    --user aaron \
    --pass temppass \
    --bridge br0 \
    --ip 192.168.80.9 \
    --mask 255.255.255.0 \
    --net 192.168.80.0 \
    --bcast 192.168.80.255 \
    --gw 192.168.80.1 \
    --dns 192.168.80.2 \
    --components main,universe \
    --addpkg acpid \
    --addpkg openssh-server \
    --addpkg linux-image-generic \
    --libvirt qemu:///system ;

What Selections?

Yeah, so these are the options I picked. This is what they all mean. Here is a page with the other options that I don’t use so frequently - Ubuntu Manpages.

KVM Trusty - This refers to the fact that it is going to create a KVM type guest with the OS version Trusty Tahr (14.04.3 LTS)

-Domain: my domain is home.aaron - you may want to choose something different here -Dest: this is the destination directory where it will put the files it creates -Hostname: This is the server name that it is Creating -Arch: This is the type of cpu (i386 | amd64) -Mem: This is how much memory to allocate in megabytes -CPUs: This is how many processors to allocate to the guest -User: The name of the user to create on os setup -Pass: The password of the user to create - I always use something temporary here and then change it later after some of the other setup is done -Bridge: This is the network bridge on the host to use -IP: This is the manually set ip - I usually don’t let my servers dhcp -Mask: This is the network mask of the network the guest is on -Net: This is the network address of the network the guest is on -BCast: This is the broadcast address for the network the guest is on -GW: This is the gateway address for network the guest is on -DNS: This is the dns address for network the guest is on -Components: This is the list of distribution components to include (main is officially supported, universe also includes community maintained software) -Addpkg: This allows you to add packages to the OS installation process. I add acpid as it seems to help with the power on/off stuff from kvm, openssh-server so that I can ssh in immediately (my host is headless so either ssh in or do a vnc tunnel), and linux-image-generic because it fixes a CPU issue with KVM on Ubuntu

DNS Setup

This takes a little while to process. While it is going I start cleaning up my dns server for my new server. Due to the fact that I already had a vweb01 server with the same IP address (I am not overly creative in dev land) - I have a little bit of cleaning up to do.

grep vweb /var/lib/bind/home.aaron.zone
vweb			A	192.168.80.9
vweb01			CNAME	vweb

As you can see, I like to call my dev web server vweb, so I have a CNAME record as well as the A record. I go ahead and edit the vweb01 record with the new server name.

sudo nano /var/lib/bind/home.aaron.zone

vweb02			CNAME	vweb

Lastly, I restart the Bind server as I have little luck with the reload command.

sudo service bind9 restart

Client Machine SSH cleanup

As I mentioned, I use vweb to refer to my virtual web server, but I actually have three different ways to connect to the old one here - vweb, vweb01, and 192.168.80.9. As I am retiring that old one, I am going to go ahead and clean all three of them out of my known hosts file on my ssh client machines. My client machines run Linux Mint, so this process may be different for you if you are using Windows or something else here. Doing this step will prevent any warnings regarding a possible security breach due to the machine you are connecting to not being the expected machine.

ssh-keygen -R "192.168.80.9"
ssh-keygen -R "vweb"
ssh-keygen -R "vweb01"

Start your ‘ngines

Assuming the script is done by now, I head back over to my host system and run the following commands to start her up.

virsh start vweb02

As this is a web server, I will also be issuing the command to always start on reboot of the host system. I only do this one for particular machines on my host. You can disable later by issuing this command with a “–disable” parameter at the end.

virsh autostart vweb02

SSH Setup

Firstly I just connect to the machine to validate that we are in good shape. Once in, I back out and add my client key to the ssh host server. This way I never have to log in with username and password again. In a production environment I would then remove the ability to ssh with passwords, but this is a dev box on my internal network, so probably not a big deal.

ssh-copy-id aaron@vweb02

Server Polish

A couple last things to do here. Firstly I install nano, because I am not man enough for vim. I also change the timezone from UTC to where I am.

sudo apt-get install nano
sudo dpkg-reconfigure tzdata

Next I edit the sudo file to allow my user to execute server updates without password entry.

sudo visudo

At the end of the text file I just insert the following line:

aaron ALL=(root)NOPASSWD:/usr/bin/apt-get update,/usr/bin/apt-get upgrade -y, /usr/bin/apt-get dist-upgrade -y, /usr/bin/apt-get autoremove -y

And lastly, I go ahead and add this machine into my shell script that I run to keep the ubuntu servers updated.

#!/bin/bash
clear
for server in vdns vhost vweb
do
ssh $server << SSHINPUT
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get dist-upgrade -y
exit
SSHINPUT
done

Last but certainly not least

Now that I don’t have to enter a password to login or update the machine, it is definitely time to choose a stronger password. I am not very good at calculating entropy in my head, so I suggest GRC.com for a decent password.

passwd
Changing password for aaron.
(current) UNIX password: temppass
Enter new UNIX password: SF9bmCdlD:[KmSvo#ZYqTXTnAf3W)HGzCJsR{7M_[;6|#'3*nobs7cbKY=E8@.x
Retype new UNIX password: SF9bmCdlD:[KmSvo#ZYqTXTnAf3W)HGzCJsR{7M_[;6|#'3*nobs7cbKY=E8@.x
passwd: password updated successfully

Final Thoughts

I know this is a lot of simple steps, but I wanted to document the process as there are a lot of little commands that I forget each time I go to do this…