Ubuntu Server 16.04 x64 Deployment
Introduction:
Personally I'm pretty comfortable with linux, in fact this year marks a decade since I started using it (scary stuff). This guide is just something whipped up fairly quickly to demonstrate to those not quite so familiar with linux / ubuntu how a new ubuntu server installation can be done.
The following assumptions will be made:
- Deployment is being performed on a VMware ESXi environment
- CLI only access is required (asking for a GUI in linux is like asking for a well done steak, ask for chicken instead (i.e. windows)).
- Two network adapters are required, one with a default route and another with some specific routes
Implementation
Let's get started! First we'll need to obtain the ISO file to install Ubuntu.
The ISO file can be obtained from the Ubuntu website directly: https://www.ubuntu.com/download/server
If you're going to be using this server for more than a few months (i.e. pretty much anything) go for an LTS release. LTS stands for Long Term Support. These LTS releases will be supported for 5 years so are worth going with.
The current version of LTS is 16.04 the 16 refers to the year of release and the 04 is the month of release. Ubuntu tend to do two releases a year, once in April and once in October, so you will see 04 and 10 releases around. The 04 releases are more stable and used for the LTS releases, so I advise to use one of these.
Deployment:
Now we've got the ISO file, should be something like ubuntu-16.04.1-server-amd64.iso we can begin the installation.
First, create a VM within ESXi to the specification required. Ubuntu server will run on very little resources, but I've got plenty at my disposal so I'm going to use the following:
- 4vCPU (2 sockets, 2 cores per socket)
- 8GB RAM
- 150GB Disk (Thin provisioned - of course)
The settings I used are below:
Now go ahead and attach the ISO to the VM and boot it up, you should be greeted with the following on the console:
Installation:
Most of the installation options should be self explanatory, I will provide screenshots of each step and the options I selected or entered highlighted in BOLD
Pick the Install Ubuntu Server option. The screen may hang for a few seconds while the installer reads from the ISO file. Don't be tempted to hammer the enter key as you'll likely miss the next steps.
Pick the relevant language: English
Pick the relevant country: United Kingdom
Select No for detecting keyboard layout - it's faster to specify it manually:
Select the keyboard layout (it picks the most likely for your country) English (UK):
Same again English (UK):
The installer will proceed to load components and go through some additional screens before presenting the following (if multiple NICs are in use). The first adapter in the list will be the first network you added within the vSphere client. If you're not sure, you can always edit the settings of the VM and check the order of the NICs. In my case, we want ens160
The NIC will attempt to automatically configure itself with IPv4 and IPv6 but since this is a server it's likely there is no DHCP server and therefore you'll get the following error message:
We want to configure the network manually, so select the Configure network manually option:
Enter the IP you're going to use and the subnet mask in CIDR form and then select Continue:
Enter the default gateway for the network (by default the first usage IP of the subnet will be present) and select Continue:
Enter the DNS servers you want to use (separated by spaces) and select Continue:
Time to pick a hostname for the system. Make it a good one! Select Continue:
Enter a domain name, if you're in an organisation, best make it match where you are:
Initial username, this screen is where you set the Full Name and NOT the username:
Now we set the username, but I'm using the same for both:
Pick a password for the new user:
Verify the password (When you have to screenshot all these steps there are so many more than you remember):
Since this is a test system, I would not encrypt my home directory, just in case choose No:
The system will attempt to pull the time information, it doesn't always get it right. Mine for instance, is wrong, so choose No:
Next is the disk partitioning. The easiest option here (and the one we're going to use) is Guided - use entire disk. This will use the entire 150GB hard disk we selected and uses the default linux partitions. LVM stands for Logical Volume Management and changes the way partitions are mounted within your VM. You can do your own research on LVM and decide if you want it or not. There are advantages like resizing partitions on the fly without needing them to unmounted but since this is a test system it doesn't matter much. I've also had issues in the past when using LVM on VMware which really put me off using it.
Select the disk you wish to use, in my case I only have one, so let's use it:
The disk partitioner will then be ready to write the changes to the disks, so go ahead and confirm your choices Finish partitioning and write changes to disk
We're just one more confirmation away from creating the disk, make sure to select Yes here, by default the installer will select No!
Now the installer will ask for a proxy address. We can configure this now, or later manually. Given it sometimes changes, let's configure it later and leave it blank for now, select Continue:
Nobody likes automatic updates No automatic updates:
Package selection, this stage is important! The SPACE key lets you select options from the menu. If you blast away with the enter key you'll just proceed with the installation. Scroll to OpenSSH server and select it, then Continue if you don't do this, you'll have to use the VMware console to get into the VM, and it's bad enough using it for installation:
The installer will proceed configuring and installing the system until it reaches the following screen. This will install the bootloader into the hard drive, which is what you want if you want to actually boot your server! Pick Yes
Installation is finished! Remove the ISO from VMware and select Continue:
Configuration
Following installation the server will reboot (should be pretty snappy) and a login prompt should be visible from the VMware console:
We could log in here with the username and password we configured earlier. But considering we also configured the networking on ens160 and installed the OpenSSH package we should be able to SSH to the box using your favourite SSH client!
dchidell@dchidell-mac:~$
dchidell@dchidell-mac:~$ ssh [email protected]
Warning: Permanently added '10.53.217.78' (ECDSA) to the list of known hosts.
[email protected]'s password:
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
78 packages can be updated.
36 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
david@dchidell-testbuntu:~$
david@dchidell-testbuntu:~$
david@dchidell-testbuntu:~$
Success!
We still have the following things to do:
- Install VMware tools
- Configure the second NIC & appropriate routing
- Configure a proxy server
- Update the system
VMware Tools:
Installing VMware tools used to be tricky, however these days it's rather straight forward. In fact, ubuntu server 16.04 actually comes pre-installed with VMware tools! So already, without doing anything, you should be able to see VMware tools running from VMware:
If you've not got VMware tools, (lets say you're using a different ubuntu version) your best bet is to use the following:
apt-get install open-vm-tools
This will download and install the VMware tools package from the ubuntu repository.
NIC & routing configuration:
This server sits in an environment where it can talk to two disjointed networks which are separate for security reasons. One NIC reaches out to the internet and thus uses a default gateway. This was the ens160 NIC we configured during installation. The other NIC has a few networks running behind it but that's all.
Using your SSH client edit the /etc/network/interfaces file. Currently you'll notice the following:
david@dchidell-testbuntu:~$
david@dchidell-testbuntu:~$ sudo su
[sudo] password for david:
root@dchidell-testbuntu:/home/david#
root@dchidell-testbuntu:/home/david#
root@dchidell-testbuntu:/home/david#
root@dchidell-testbuntu:/home/david# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
address 10.53.217.78
netmask 255.255.255.0
network 10.53.217.0
broadcast 10.53.217.255
gateway 10.53.217.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 144.254.71.184
dns-search dchidell.com
root@dchidell-testbuntu:/home/david#
root@dchidell-testbuntu:/home/david#
The ens160 configuration is present, but we also had another adapter which you can't see there. You can use ifconfig -a to view all of the network adapters in the system:
root@dchidell-testbuntu:/home/david# ifconfig -a
ens160 Link encap:Ethernet HWaddr 00:50:56:a9:46:a7
inet addr:10.53.217.78 Bcast:10.53.217.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fea9:46a7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1222 errors:0 dropped:0 overruns:0 frame:0
TX packets:763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:102574 (102.5 KB) TX bytes:64230 (64.2 KB)
ens192 Link encap:Ethernet HWaddr 00:50:56:a9:5f:7b
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:160 errors:0 dropped:0 overruns:0 frame:0
TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB)
root@dchidell-testbuntu:/home/david#
As we can see, the second NIC is ens192
We'll have the replicate the configuration of ens160 and change a few things to get ens192 to work. This is what I added to the /etc/network/interfaces file:
auto ens192
iface ens192 inet static
address 1.0.217.78
netmask 255.255.0.0
network 1.0.0.0
broadcast 1.0.255.255
So this will give our ens192 interface some basic configuration, following an interface reset it will be able to communicate with the 1.0.0.0/16 network! However, I've got a few other networks sitting behind this, so we have to add routes to these. We can do that by adding a bit more configuration to the /etc/network/interfaces file:
auto ens192
iface ens192 inet static
address 1.0.217.78
netmask 255.255.0.0
network 1.0.0.0
broadcast 1.0.255.255
up route add -net 1.0.0.0/8 gw 1.0.0.254 dev eth192
up route add -net 2.0.0.0/8 gw 1.0.0.254 dev eth192
up route add -net 3.0.0.0/8 gw 1.0.0.254 dev eth192
up route add -net 4.0.0.0/8 gw 1.0.0.254 dev eth192
You can add as many routes as you like, but these are the ones I am using to reach my remote subnets.
After you've finished editing the file, run the following command to restart the networking services:
sudo systemctl restart networking
We can now use ifconfig again to see that our network adapter is up:
root@dchidell-testbuntu:/home/david# ifconfig
ens160 Link encap:Ethernet HWaddr 00:50:56:a9:46:a7
inet addr:10.53.217.78 Bcast:10.53.217.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fea9:46a7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3579 errors:0 dropped:0 overruns:0 frame:0
TX packets:2212 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:271011 (271.0 KB) TX bytes:168691 (168.6 KB)
ens192 Link encap:Ethernet HWaddr 00:50:56:a9:5f:7b
inet addr:1.0.217.78 Bcast:1.0.255.255 Mask:255.255.0.0
inet6 addr: fe80::250:56ff:fea9:5f7b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2044 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:204472 (204.4 KB) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:160 errors:0 dropped:0 overruns:0 frame:0
TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB)
root@dchidell-testbuntu:/home/david#
Note we can also ping a remote subnet:
root@dchidell-testbuntu:/home/david# ping 2.1.0.254
PING 2.1.0.254 (2.1.0.254) 56(84) bytes of data.
64 bytes from 2.1.0.254: icmp_seq=1 ttl=255 time=3.04 ms
64 bytes from 2.1.0.254: icmp_seq=2 ttl=255 time=0.425 ms
^C
--- 2.1.0.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.425/1.732/3.040/1.308 ms
root@dchidell-testbuntu:/home/david#
Proxy Server
These are always fun. In my position I need a proxy to get to the internet and download packages. To add a system proxy temporarily (for commands like wget) we can add an environment variable like the following:
export http_proxy="http://proxy.example.com:80/"
export https_proxy="https://proxy.example.com:8080/"
However for things like apt-get we can specifically configure the proxy server in the file /etc/apt/apt.conf (You may need to create it as it does not exist by default).
Put the following in the file:
Acquire::http::proxy "http://proxy.example.com:80/";
Acquire::https::proxy "https://proxy.example.com:8080/";
After this we should be able to update our repos with apt-get update
root@dchidell-testbuntu:/home/david# apt-get update
Hit:1 http://gb.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB]
Hit:4 http://gb.archive.ubuntu.com/ubuntu xenial-backports InRelease
Fetched 190 kB in 0s (485 kB/s)
Reading package lists... Done
root@dchidell-testbuntu:/home/david#
We can now install packages using the apt-get install command e.g.:
root@dchidell-testbuntu:/home/david# apt-get install default-jdk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
<output omitted>
0 to upgrade, 122 to newly install, 0 to remove and 73 not to upgrade.
Need to get 66.0 MB of archives.
After this operation, 358 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-dejavu-core all 2.35-1 [1,039 kB]
<output omitted>
I would recommend performing the following commands periodically to keep your system packages up to date:
apt-get update
apt-get upgrade
apt-get dist-upgrade
- Update checks for package updates
- Upgrade upgrades packages
- dist-upgrade upgrades the kernel
We're done! Happy ubuntuing! Remember that google is your friend, if you find a problem it's pretty likely someone else has had it - there's plenty of information out there.