Replacing non-Alpine Linux with Alpine remotely

From Alpine Linux
Jump to: navigation, search
  • What: These instructions are for installing Alpine Linux on a hosted physical server from a hosting company like serverpronto, bluehost, etc.
  • Why: Typically these companies run Debian, Fedora, or another Linux distribution. This document explains how to get Alpine Linux on a machine with nothing but ssh access.
Note: This process will not work with alpine-1.9.0_rc4 or earlier Use Alpine-1.9.1 or later for best results.
Tango-dialog-warning.png
Warning: Practice on a computer with physical access first. If something goes wrong, the remote box will very likely be left in an unusable state. In that case, you get to turn in a support request to regen the server back to "factory fresh" mode.

Tango-dialog-warning.png
Warning: Really. Practice this first.

Prerequisites:

  • SSH access to the remote box (needs to have SSH server running)
  • Alpine Linux supported hardware
  • Adventurous mind
  • Nerves of steel

These instructions are based on a debian (physical) server, and all steps are performed while logged into the machine. So you should start with a machine that has ssh running.

Create apk overlay suitable for hard disk based tmpfs boot

Note: This entire section can be replaced by setting up a box from scratch, using setup-alpine, setting up networking exactly as it should be on the target box, then apk pkg foo.apkovl.tar.gz. The "host.apkovl.tar.gz" file can be copied to the target at that point. ("apk pkg" seems no longer to be available.)

The first step is to create Alpine configuration file with basic configuration of the host. We need the new box to start networking and ssh in the beginning so we can reconnect to it after reboot.

Create basic layout for the overlay:

mkdir overlay
cd overlay
mkdir -p etc/ssh etc/network etc/runlevels/{default,boot,sysinit,shutdown} root/.ssh etc/lbu

You can also use default Alpine configuration files. In this case you should use ssh key to authorize yourself (as root password is empty, and ssh has empty passwords disabled).

If you want to keep the existing host identity (e.g. SSH key), you can copy them over:

cp -a /etc/{passwd,group,shadow,gshadow,hostname,resolv.conf,network/interfaces,ssh} etc/
cp /etc/network/interfaces etc/network

Copy over your ssh authorized_keys and make sure its included in future:

cp -a /root/.ssh/authorized_keys root/.ssh
echo "/root/.ssh" > etc/lbu/include


Find out which shell is used for root:

grep ^root /etc/passwd

If its /bin/sh, you are good. If not, edit etc/passwd and change it to /bin/sh.

sed -i -e '/^root:/s:/bin/bash:/bin/sh:' etc/passwd
Note: If you don't do this, nobody (even with physical access) will be able to log into the machine.

Create etc/network/interfaces with network configuration (unless it was previously copied over). It should look something like:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
      address ip.ad.dr.es
      netmask 255.255.255.0
      gateway gw.ad.dr.es

Make sure there is no whitespace at end of lines in interfaces file. Busybox ifup is very picky.


Make sure your etc/resolv.conf exists; if not create etc/resolv.conf with the nameserver configuration like:

nameserver dns.ip.ad.dr

Create the apk world (var/lib/apk/world) with essential packages:

mkdir -p var/lib/apk
echo "alpine-base iproute2 openssh bash" > var/lib/apk/world

(bash is technically not needed, but include it in case you forgot to edit your etc/passwd file correctly)

Double check the IP configuration and ssh keys.

Finally, make the essential services start up automatically and create the overlay file:

ln -s /etc/init.d/{hwclock,modules,sysctl,hostname,bootmisc,syslog} etc/runlevels/boot/
ln -s /etc/init.d/{devfs,dmesg,mdev,hwdrivers} etc/runlevels/sysinit/
ln -s /etc/init.d/{networking,sshd} etc/runlevels/default/
ln -s /etc/init.d/{mount-ro,killprocs,savecache} etc/runlevels/shutdown/
tar czf ../host.apkovl.tar.gz *

Verify the overlay with "tar tzf" to see that it contains everything in proper places, and ensure it is in the / directory

tar tzvf host.apkovl.tar.gz
cp host.apkovl.tar.gz /

Install Alpine cd-rom image on hard disk

We need to copy over two sets of information: the boot kernel (kernel, initramdisk and boot configuration) and operating system boot data (overlay, apk packages and kernel modules). These can reside on same partition if they fit. However, /boot is usually small, so you might want to put the apks on separate partition. This guide assumes they are on sda1 (/boot) and sda2 (/) with both having ext3 filesystems. If you don't have ext3 on / or /boot, then you might be able to disable swap and reformat the swap partition as ext3 and use that.

Download an alpine iso and mount it; for example

 wget http://wiki.alpinelinux.org/cgi-bin/dl.cgi/v3.0/releases/x86/alpine-3.0.4-x86.iso
 mount alpine*.iso /cdrom -o loop

Copy the apkovl and the contents of cd-rom image to root of current installation:

cp host.apkovl.tar.gz /
cp -a /cdrom/* /

Next we make the Alpine Linux kernel bootable (requires syslinux) and use fdisk to mark the /boot partition as bootable (if not done already):

dd if=/usr/share/syslinux/mbr.bin of=/dev/sda   # on some older systems its /usr/lib/syslinux/mbr.bin
fdisk /dev/sda

Make sure that /boot dir has a symlink pointing to itself. This is to handle the case when /boot is on separate partition.

 ln -sf . /boot/boot

Create /boot/extlinux.conf with contents like (check the filesystem type for alpine_dev; kernel and initrd are relative to partition root):

timeout 20
prompt 1
default grsec
label grsec
  kernel /boot/grsec
  append initrd=/boot/grsec.gz alpine_dev=sda2:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet

From Alpine Linux 2.1 you can use the UUID of the partition that holds the apkovl and the apks directory, the current root. Use blkid to get the proper UUID. By using UUID we solve the problem when there are multiple disks and we don't knowing how kernel enumerates them after boot. Example extlinux.conf:

timeout 20
prompt 1
default grsec
label grsec
	kernel /boot/grsec
	append initrd=/boot/grsec.gz alpine_dev=UUID=44ea33e2-deb4-4a29-88e2-fc8a4ef80ab0:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet

Finally make the /boot partition bootable by extlinux.

extlinux -i /boot


(Tested on 2.1.2 and higher) Make sure:

  • grsec.cmg is on /
  • [something].apkovl.tar.gz is on /
  • grsec.gz is on /boot
  • The apline_dev UUID value points to whatever is currently /
  • the partition for /boot is flagged as bootable
  • the output of extlinux was for the partition currently mounted at /boot

Install Alpine on hard-disk

Reboot the box. And wait for it to come alive again. If it doesn't, tough luck. So dry practice with local box, with as identical hardware as possible.

Once back in the box, we are running in Alpine Linux from tmpfs. So just do a regular installation of Alpine from network via ssh connection.

Edit /etc/apk/repositories to contain your favorite Alpine mirror or just:

http://dl-3.alpinelinux.org/alpine/v1.10/packages/main

Finally run:

/etc/init.d/modloop stop
apk update
setup-disk

After hard disk setup is complete, copy ssh_authorized_keys to hard disk.

Reboot once more, and you have the server with native Alpine hard disk installation.