Difference between revisions of "Replacing non-Alpine Linux with Alpine remotely"

From Alpine Linux
Jump to: navigation, search
 
(38 intermediate revisions by 6 users not shown)
Line 1: Line 1:
Instructions to replace running Linux installation with Alpine Linux, remotely using ssh connection only.
+
* What: These instructions are for installing Alpine Linux on a hosted ''physical'' server from a hosting company like serverpronto, bluehost, etc.
 +
* Why: Typically these companies run Debian, Fedora, or another Linux distribution.  This document explains how to get Alpine Linux on a machine with nothing but ssh access.
  
Tested using alpine-1.9.0_rc2.
+
== With VNC access ==
 +
{{Note|Usually providers offer vnc access to the server, if that's not the case skip this.}}
 +
Download an alpine iso that boots from ram, e.g. alpine-virt
 +
  wget nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-virt-3.5.2-x86_64.iso
 +
Flash the image to the drive of your server, e.g. /dev/sda
 +
  dd if=alpine-virt-3.5.2-x86_64.iso of=/dev/sda
 +
Reboot, and login again from vnc with root. Alpine is now running from ram, and should have mounted /dev/sda on /media/sda, paste it into ram.
 +
  mkdir /media/setup
 +
  cp -a /media/sda/* /media/setup
 +
Copy also the kernel modules which are located in /.modloop
 +
  mkdir /lib/setup
 +
  cp -a /.modloop/* /lib/setup
 +
Unmount modloop and the media folder
 +
  /etc/init.d/modloop stop
 +
  umount /dev/sda
 +
Move back the files in place
 +
  mv /media/setup/* /media/sda/
 +
  mv /lib/setup/* /.modloop/
 +
Finally you can format the disk to install alpine
 +
  setup-disk
 +
Or just run the the whole setup
 +
  setup-alpine
  
'''CAUTION: Practice with computer with physical access first. If something goes wrong, the remote box will very likely be left into unusable state.'''
+
== Without VNC access ==
  
'''WARNING: UNTESTED INSTRUCTION. WRITING IN PROGRESS.'''
+
{{Note|This process will not work with alpine-1.9.0_rc4 or ''earlier'''''  Use Alpine-1.9.1 or later for best results.}}
 +
 
 +
{{Warning| Practice on a computer with physical access first. If something goes wrong, the remote box will very likely be left in an unusable state.  In that case, you get to turn in a support request to regen the server back to "factory fresh" mode.}}
 +
 
 +
{{Warning|Really.  Practice this first.}}
 +
 
 +
Prerequisites:
 +
* SSH access to the remote box (needs to have SSH server running)
 +
* Alpine Linux supported hardware
 +
* Adventurous mind
 +
* Nerves of steel
 +
 
 +
These instructions are based on a debian (physical) server, and all steps are performed while logged into the machine. So you should start with a machine that has ssh running.
  
 
== Create apk overlay suitable for hard disk based tmpfs boot ==
 
== Create apk overlay suitable for hard disk based tmpfs boot ==
 +
 +
{{Note|This entire section can be replaced by setting up a box from scratch, using setup-alpine and selecting 'none' for the install disk, then running 'lbu ci' to save the apkovl. You can then open the overlay and set up networking ''exactly'' as it should be on the target box, then repackage the overlay and drop in the root of alpine_dev on the remote host.)}}
  
 
The first step is to create Alpine configuration file with basic configuration of the host. We need the new box to start networking and ssh in the beginning so we can reconnect to it after reboot.
 
The first step is to create Alpine configuration file with basic configuration of the host. We need the new box to start networking and ssh in the beginning so we can reconnect to it after reboot.
Line 14: Line 50:
 
  mkdir overlay
 
  mkdir overlay
 
  cd overlay
 
  cd overlay
  mkdir -p etc/ssh etc/network etc/runlevels/default root/.ssh
+
  mkdir -p etc/ssh etc/network etc/runlevels/{default,boot,sysinit,shutdown} root/.ssh etc/lbu
 +
 
 +
You can also use default Alpine configuration files. In this case you should use ssh key to authorize yourself (as root password is empty, and ssh has empty passwords disabled).
  
 
If you want to keep the existing host identity (e.g. SSH key), you can copy them over:
 
If you want to keep the existing host identity (e.g. SSH key), you can copy them over:
 +
 
  cp -a /etc/{passwd,group,shadow,gshadow,hostname,resolv.conf,network/interfaces,ssh} etc/
 
  cp -a /etc/{passwd,group,shadow,gshadow,hostname,resolv.conf,network/interfaces,ssh} etc/
 +
cp /etc/network/interfaces etc/network
 +
 +
Copy over your ssh authorized_keys and make sure its included in future:
 +
cp -a /root/.ssh/authorized_keys root/.ssh
 +
echo "/root/.ssh" > etc/lbu/include
 +
 +
Find out which shell is used for root:
 +
 +
grep ^root /etc/passwd
  
You can copy the network/interfaces might not necessarily exists. Some distributions use different configuration file for network. If it does not exists, you need to create it. It should look something like:
+
If its /bin/ash, you are good. If not, edit etc/passwd and change it to /bin/ash.
 +
sed -i -e '/^root:/s:/bin/bash:/bin/ash:' etc/passwd
 +
 
 +
{{Note|If you don't do this, nobody (even with physical access) will be able to log into the machine.}}
 +
 
 +
Create etc/network/interfaces with network configuration (unless it was previously copied over). It should look something like:
 
  auto lo
 
  auto lo
 
  iface lo inet loopback
 
  iface lo inet loopback
Line 29: Line 82:
 
       gateway gw.ad.dr.es
 
       gateway gw.ad.dr.es
  
Create the apk world (var/lib/apk/world) with essential packages:
+
'''Make sure there is no whitespace at end of lines''' in interfaces file. Busybox ifup is very picky.
  alpine-base iproute2 openssh
+
 
 +
Make sure your etc/resolv.conf exists; if not create etc/resolv.conf with the nameserver configuration like:
 +
nameserver dns.ip.ad.dr
 +
 
 +
Create the apk world (etc/apk/world) with essential packages:
 +
  mkdir -p etc/apk
 +
echo "alpine-base iproute2 openssh" > etc/apk/world
 +
 
 +
'''Double check the IP configuration and ssh keys.'''
  
 
Finally, make the essential services start up automatically and create the overlay file:
 
Finally, make the essential services start up automatically and create the overlay file:
  ln -s /etc/init.d/networking etc/runlevels/default/networking
+
  ln -s /etc/init.d/{hwclock,modules,sysctl,hostname,bootmisc,syslog} etc/runlevels/boot/
  ln -s /etc/init.d/sshd etc/runlevels/default/sshd
+
ln -s /etc/init.d/{devfs,dmesg,mdev,hwdrivers} etc/runlevels/sysinit/
 +
ln -s /etc/init.d/{networking,sshd} etc/runlevels/default/
 +
  ln -s /etc/init.d/{mount-ro,killprocs,savecache} etc/runlevels/shutdown/
 
  tar czf ../host.apkovl.tar.gz *
 
  tar czf ../host.apkovl.tar.gz *
 +
 +
Verify the overlay with "tar tzf" to see that it contains everything in proper places, and ensure it is in the / directory
 +
 +
tar tzvf host.apkovl.tar.gz
 +
cp host.apkovl.tar.gz /
  
 
== Install Alpine cd-rom image on hard disk ==
 
== Install Alpine cd-rom image on hard disk ==
  
We need to copy over two sets of information: the boot kernel (kernel, initramdisk and boot configuration) and operating system boot data (overlay, apk packages and kernel modules). These can reside on same partition if they fit. However, /boot is usually small, so you might want to put the apks on separate partition. This guide assumes they are on hda1 (/boot) sand hda2 (/).
+
We need to copy over two sets of information: the boot kernel (kernel, initramdisk and boot configuration) and operating system boot data (overlay, apk packages and kernel modules). These can reside on same partition if they fit. However, /boot is usually small, so you might want to put the apks on separate partition. This guide assumes they are on sda1 (/boot) and sda2 (/) with both having ext3 filesystems. If you don't have ext3 on / or /boot, then you might be able to disable swap and reformat the swap partition as ext3 and use that.
  
We start with the easy task. Place the overlay file and the "apks" directory from cd-rom image to root of current installation:
+
Download an alpine iso and mount it; for example
 +
 
 +
  wget {{#latestalp:alpine|url}}
 +
  mount alpine*.iso /cdrom -o loop
 +
 
 +
Copy the apkovl and the contents of cd-rom image to root of current installation:
 
  cp host.apkovl.tar.gz /
 
  cp host.apkovl.tar.gz /
  cp -a /cdrom/apks /
+
  cp -a /cdrom/* /
cp -a /cdrom/boot/grsec.cmg /
 
  
 
Next we make the Alpine Linux kernel bootable (requires syslinux) and use fdisk to mark the /boot partition as bootable (if not done already):
 
Next we make the Alpine Linux kernel bootable (requires syslinux) and use fdisk to mark the /boot partition as bootable (if not done already):
cp -a /cdrom/boot/grsec{,.gz} /boot
+
  dd if=/usr/share/syslinux/mbr.bin of=/dev/sda  # on some older systems its /usr/lib/syslinux/mbr.bin
  dd if=/usr/share/syslinux/mbr.bin of=/dev/hda
+
  fdisk /dev/sda
  fdisk /dev/hda
 
  
Create /boot/extlinux.conf with contents like (alpine_dev needs special care, generally hard-disks are sd* in alpine due to new kernel and libata; you also need to check the filesystem type; kernel and initrd are relative to partition root):
+
Make sure that /boot dir has a symlink pointing to itself. This is to handle the case when /boot is on separate partition.
 +
  ln -sf . /boot/boot
 +
 
 +
Create /boot/extlinux.conf with contents like (check the filesystem type for alpine_dev; kernel and initrd are relative to partition root):
 
  timeout 20
 
  timeout 20
 
  prompt 1
 
  prompt 1
 
  default grsec
 
  default grsec
 
  label grsec
 
  label grsec
   kernel /grsec
+
   kernel /boot/grsec
   append initrd=/grsec.gz alpine_dev=sda2:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet
+
   append initrd=/boot/grsec.gz alpine_dev=sda2:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet
 +
 
 +
From Alpine Linux 2.1 you can use the UUID of the partition that holds the apkovl and the ''apks'' directory, the current root. Use ''blkid'' to get the proper UUID. By using UUID we solve the problem when there are multiple disks and we don't knowing how kernel enumerates them after boot. Example extlinux.conf:
 +
timeout 20
 +
prompt 1
 +
default grsec
 +
label grsec
 +
kernel /boot/grsec
 +
append initrd=/boot/grsec.gz alpine_dev=UUID=44ea33e2-deb4-4a29-88e2-fc8a4ef80ab0:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet
  
 
Finally make the /boot partition bootable by extlinux.
 
Finally make the /boot partition bootable by extlinux.
 
  extlinux -i /boot
 
  extlinux -i /boot
 +
 +
 +
(Tested on 2.1.2 and higher)  Make sure:
 +
* grsec.cmg is on /
 +
* [something].apkovl.tar.gz is on /
 +
* grsec.gz is on /boot
 +
* The apline_dev UUID value points to whatever is currently /
 +
* the partition for /boot is flagged as bootable
 +
* the output of extlinux was for the partition currently mounted at /boot
  
 
== Install Alpine on hard-disk ==
 
== Install Alpine on hard-disk ==
 +
 +
Reboot the box. And wait for it to come alive again. If it doesn't, tough luck. So dry practice with local box, with as identical hardware as possible.
 +
 +
Once back in the box, we are running in Alpine Linux from tmpfs. So just do a regular installation of Alpine from network via ssh connection.
 +
 +
Edit /etc/apk/repositories to contain your favorite Alpine mirror or just:
 +
http://dl-3.alpinelinux.org/alpine/v1.10/packages/main
 +
 +
Finally run:
 +
/etc/init.d/modloop stop
 +
apk update
 +
setup-disk
 +
 +
After hard disk setup is complete, '''copy ssh_authorized_keys to hard disk'''.
 +
 +
Reboot once more, and you have the server with native Alpine hard disk installation.
 +
 +
[[Category:Installation]]

Latest revision as of 12:04, 20 March 2017

  • What: These instructions are for installing Alpine Linux on a hosted physical server from a hosting company like serverpronto, bluehost, etc.
  • Why: Typically these companies run Debian, Fedora, or another Linux distribution. This document explains how to get Alpine Linux on a machine with nothing but ssh access.

With VNC access

Note: Usually providers offer vnc access to the server, if that's not the case skip this.

Download an alpine iso that boots from ram, e.g. alpine-virt

 wget nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-virt-3.5.2-x86_64.iso

Flash the image to the drive of your server, e.g. /dev/sda

 dd if=alpine-virt-3.5.2-x86_64.iso of=/dev/sda

Reboot, and login again from vnc with root. Alpine is now running from ram, and should have mounted /dev/sda on /media/sda, paste it into ram.

 mkdir /media/setup
 cp -a /media/sda/* /media/setup

Copy also the kernel modules which are located in /.modloop

 mkdir /lib/setup
 cp -a /.modloop/* /lib/setup

Unmount modloop and the media folder

 /etc/init.d/modloop stop
 umount /dev/sda

Move back the files in place

 mv /media/setup/* /media/sda/
 mv /lib/setup/* /.modloop/

Finally you can format the disk to install alpine

 setup-disk

Or just run the the whole setup

 setup-alpine

Without VNC access

Note: This process will not work with alpine-1.9.0_rc4 or earlier Use Alpine-1.9.1 or later for best results.
Tango-dialog-warning.png
Warning: Practice on a computer with physical access first. If something goes wrong, the remote box will very likely be left in an unusable state. In that case, you get to turn in a support request to regen the server back to "factory fresh" mode.


Tango-dialog-warning.png
Warning: Really. Practice this first.


Prerequisites:

  • SSH access to the remote box (needs to have SSH server running)
  • Alpine Linux supported hardware
  • Adventurous mind
  • Nerves of steel

These instructions are based on a debian (physical) server, and all steps are performed while logged into the machine. So you should start with a machine that has ssh running.

Create apk overlay suitable for hard disk based tmpfs boot

Note: This entire section can be replaced by setting up a box from scratch, using setup-alpine and selecting 'none' for the install disk, then running 'lbu ci' to save the apkovl. You can then open the overlay and set up networking exactly as it should be on the target box, then repackage the overlay and drop in the root of alpine_dev on the remote host.)

The first step is to create Alpine configuration file with basic configuration of the host. We need the new box to start networking and ssh in the beginning so we can reconnect to it after reboot.

Create basic layout for the overlay:

mkdir overlay
cd overlay
mkdir -p etc/ssh etc/network etc/runlevels/{default,boot,sysinit,shutdown} root/.ssh etc/lbu

You can also use default Alpine configuration files. In this case you should use ssh key to authorize yourself (as root password is empty, and ssh has empty passwords disabled).

If you want to keep the existing host identity (e.g. SSH key), you can copy them over:

cp -a /etc/{passwd,group,shadow,gshadow,hostname,resolv.conf,network/interfaces,ssh} etc/
cp /etc/network/interfaces etc/network

Copy over your ssh authorized_keys and make sure its included in future:

cp -a /root/.ssh/authorized_keys root/.ssh
echo "/root/.ssh" > etc/lbu/include

Find out which shell is used for root:

grep ^root /etc/passwd

If its /bin/ash, you are good. If not, edit etc/passwd and change it to /bin/ash.

sed -i -e '/^root:/s:/bin/bash:/bin/ash:' etc/passwd
Note: If you don't do this, nobody (even with physical access) will be able to log into the machine.

Create etc/network/interfaces with network configuration (unless it was previously copied over). It should look something like:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
      address ip.ad.dr.es
      netmask 255.255.255.0
      gateway gw.ad.dr.es

Make sure there is no whitespace at end of lines in interfaces file. Busybox ifup is very picky.

Make sure your etc/resolv.conf exists; if not create etc/resolv.conf with the nameserver configuration like:

nameserver dns.ip.ad.dr

Create the apk world (etc/apk/world) with essential packages:

mkdir -p etc/apk
echo "alpine-base iproute2 openssh" > etc/apk/world

Double check the IP configuration and ssh keys.

Finally, make the essential services start up automatically and create the overlay file:

ln -s /etc/init.d/{hwclock,modules,sysctl,hostname,bootmisc,syslog} etc/runlevels/boot/
ln -s /etc/init.d/{devfs,dmesg,mdev,hwdrivers} etc/runlevels/sysinit/
ln -s /etc/init.d/{networking,sshd} etc/runlevels/default/
ln -s /etc/init.d/{mount-ro,killprocs,savecache} etc/runlevels/shutdown/
tar czf ../host.apkovl.tar.gz *

Verify the overlay with "tar tzf" to see that it contains everything in proper places, and ensure it is in the / directory

tar tzvf host.apkovl.tar.gz
cp host.apkovl.tar.gz /

Install Alpine cd-rom image on hard disk

We need to copy over two sets of information: the boot kernel (kernel, initramdisk and boot configuration) and operating system boot data (overlay, apk packages and kernel modules). These can reside on same partition if they fit. However, /boot is usually small, so you might want to put the apks on separate partition. This guide assumes they are on sda1 (/boot) and sda2 (/) with both having ext3 filesystems. If you don't have ext3 on / or /boot, then you might be able to disable swap and reformat the swap partition as ext3 and use that.

Download an alpine iso and mount it; for example

 wget {{#latestalp:alpine|url}}
 mount alpine*.iso /cdrom -o loop

Copy the apkovl and the contents of cd-rom image to root of current installation:

cp host.apkovl.tar.gz /
cp -a /cdrom/* /

Next we make the Alpine Linux kernel bootable (requires syslinux) and use fdisk to mark the /boot partition as bootable (if not done already):

dd if=/usr/share/syslinux/mbr.bin of=/dev/sda   # on some older systems its /usr/lib/syslinux/mbr.bin
fdisk /dev/sda

Make sure that /boot dir has a symlink pointing to itself. This is to handle the case when /boot is on separate partition.

 ln -sf . /boot/boot

Create /boot/extlinux.conf with contents like (check the filesystem type for alpine_dev; kernel and initrd are relative to partition root):

timeout 20
prompt 1
default grsec
label grsec
  kernel /boot/grsec
  append initrd=/boot/grsec.gz alpine_dev=sda2:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet

From Alpine Linux 2.1 you can use the UUID of the partition that holds the apkovl and the apks directory, the current root. Use blkid to get the proper UUID. By using UUID we solve the problem when there are multiple disks and we don't knowing how kernel enumerates them after boot. Example extlinux.conf:

timeout 20
prompt 1
default grsec
label grsec
	kernel /boot/grsec
	append initrd=/boot/grsec.gz alpine_dev=UUID=44ea33e2-deb4-4a29-88e2-fc8a4ef80ab0:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet

Finally make the /boot partition bootable by extlinux.

extlinux -i /boot


(Tested on 2.1.2 and higher) Make sure:

  • grsec.cmg is on /
  • [something].apkovl.tar.gz is on /
  • grsec.gz is on /boot
  • The apline_dev UUID value points to whatever is currently /
  • the partition for /boot is flagged as bootable
  • the output of extlinux was for the partition currently mounted at /boot

Install Alpine on hard-disk

Reboot the box. And wait for it to come alive again. If it doesn't, tough luck. So dry practice with local box, with as identical hardware as possible.

Once back in the box, we are running in Alpine Linux from tmpfs. So just do a regular installation of Alpine from network via ssh connection.

Edit /etc/apk/repositories to contain your favorite Alpine mirror or just:

http://dl-3.alpinelinux.org/alpine/v1.10/packages/main

Finally run:

/etc/init.d/modloop stop
apk update
setup-disk

After hard disk setup is complete, copy ssh_authorized_keys to hard disk.

Reboot once more, and you have the server with native Alpine hard disk installation.