Skip to content

Instantly share code, notes, and snippets.

@peteyoung

peteyoung/gentoo_install_linode.txt

Last active August 29, 2015 14:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save peteyoung/6b087af963fb16ab14e4 to your computer and use it in GitHub Desktop.
Save peteyoung/6b087af963fb16ab14e4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gentoo_install_linode.txt
Initial Setup
===========================================================
Create drive for portage
-----------------------------------------------------------
Linode Manager -> Dashboard -> Disks -> Create new disk
Label: Gentoo Portage
Type: unformatted/raw
Size: 20148
Save Changes
NOTE: May need to do this for /var/tmp/portage
Deploy an Image
-----------------------------------------------------------
Linode Manager -> Dashboard -> Dashboard -> Deploy an Image
Image: Gentoo 2013-11-26
Deployment Disk Size: 3072
Swap Disk: Use existing swap
Root Password: <REDACTED>
Click Deploy
Wait for "Disk Create From Distribution" to succeed
Click on "My Gentoo 2013-11-26 Profile"
Under "Block Device Assignment" select "Gentoo Portage" for /dev/xvdc
Save Changes
Boot "My Gentoo 2013-11-26 Profile"
Set up the portage partition
-----------------------------------------------------------
# ssh to Linode and log in
# create ext2 filesystem for portage drive with a block size
# with enough inodes for portage and ebuilds
mkfs.ext2 -b 1024 -i 1024 /dev/xvdc
# disk label
e2label /dev/xvdc portage
# -O dir_index Use hashed b-trees to speed up lookups in large directories.
# -c10 Number of mounts between forced fsck checks
# -i20 Number of days between forced fsck checks
tune2fs -O dir_index -c10 -i20 /dev/xvdc
# edit fstab to mount the new drive
vim /etc/fstab
nano /etc/fstab
# add the following line to fstab
/dev/xvdc /usr/portage ext2 noatime,rw 0 2
# check the new mount
mount /usr/portage
df -h
---------------------------8<---------------------------
Filesystem Size Used Avail Use% Mounted on
rootfs 2.9G 743M 2.2G 26% /
/dev/root 2.9G 743M 2.2G 26% /
devtmpfs 996M 0 996M 0% /dev
tmpfs 200M 228K 200M 1% /run
shm 997M 0 997M 0% /dev/shm
cgroup_root 10M 0 10M 0% /sys/fs/cgroup
/dev/xvdc 1.5G 3.1M 1.4G 1% /usr/portage
--------------------------->8---------------------------
# restart the server
shutdown -r now
# ssh to Linode and log in
# check the new mount again
df -h
---------------------------8<---------------------------
Filesystem Size Used Avail Use% Mounted on
rootfs 2.9G 743M 2.2G 26% /
/dev/root 2.9G 743M 2.2G 26% /
devtmpfs 996M 0 996M 0% /dev
tmpfs 200M 228K 200M 1% /run
shm 997M 0 997M 0% /dev/shm
cgroup_root 10M 0 10M 0% /sys/fs/cgroup
/dev/xvdc 1.5G 3.1M 1.4G 1% /usr/portage
--------------------------->8---------------------------
# sync emerge
emerge --sync
---------------------------8<---------------------------
* IMPORTANT: 3 config files in '/etc' need updating.
* See the CONFIGURATION FILES section of the emerge
* man page to learn how to update config files.
* An update to portage is available. It is _highly_ recommended
* that you update portage now, before any other packages are updated.
* To update portage, run 'emerge --oneshot portage' now.
* IMPORTANT: 4 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
--------------------------->8---------------------------
# update emerge config files
find /etc -name '._cfg????_*'
---------------------------8<---------------------------
/etc/._cfg0000_rc.conf
/etc/conf.d/._cfg0000_hostname
/etc/ssh/._cfg0000_sshd_config
--------------------------->8---------------------------
diff /etc/rc.conf /etc/._cfg0000_rc.conf | view -
mv -f /etc/._cfg0000_rc.conf /etc/rc.conf
diff /etc/conf.d/hostname /etc/conf.d/._cfg0000_hostname | view -
mv -f /etc/conf.d/._cfg0000_hostname /etc/conf.d/hostname
diff /etc/ssh/sshd_config /etc/ssh/._cfg0000_sshd_config | view -
# DON'T MOVE, it sets sshd passwd auto to NO. We need that for now
# get some disk usage stats
df -i
---------------------------8<---------------------------
Filesystem Inodes IUsed IFree IUse% Mounted on
rootfs 196608 48103 148505 25% /
/dev/root 196608 48103 148505 25% /
devtmpfs 254813 1363 253450 1% /dev
tmpfs 255108 808 254300 1% /run
shm 255108 1 255107 1% /dev/shm
cgroup_root 255108 12 255096 1% /sys/fs/cgroup
/dev/xvdc 2097152 180927 1916225 9% /usr/portage
--------------------------->8---------------------------
df -h
---------------------------8<---------------------------
Filesystem Size Used Avail Use% Mounted on
rootfs 2.9G 743M 2.2G 26% /
/dev/root 2.9G 743M 2.2G 26% /
devtmpfs 996M 0 996M 0% /dev
tmpfs 200M 228K 200M 1% /run
shm 997M 0 997M 0% /dev/shm
cgroup_root 10M 0 10M 0% /sys/fs/cgroup
/dev/xvdc 1.5G 427M 1007M 30% /usr/portage
--------------------------->8---------------------------
Update portage
===========================================================
emerge --oneshot portage
Detect IP address
===========================================================
IPADDR=$(/bin/ifconfig eth0 | awk '/inet / { print $2 }')
Setup hosts and hostname
===========================================================
HOSTNAME=aybabtu
FQDN=aybabtu.yepitworks.com
# hosts
echo $IPADDR $FQDN $HOSTNAME >> /etc/hosts
echo "HOSTNAME=\"$HOSTNAME\"" > /etc/conf.d/hostname
/etc/init.d/hostname restart
Set timezone
===========================================================
echo "CST6CDT" > /etc/timezone
emerge --config sys-libs/timezone-data
Update all the things
===========================================================
# update world
emerge -uDNv world
# clean out the portage drive
rm /usr/portage/distfiles/*
Install some packages
===========================================================
# equery et. al.
emerge gentoolkit
# see what's installed already
equery list "*" | less
# install curl
emerge net-misc/curl
# install vim
emerge vim
# install sudo
emerge app-admin/sudo
Set root's default editor to vim
===========================================================
echo "export EDITOR=$(which vim)" >> ~/.bashrc
. .bashrc
Create normal user and add to sudoers
===========================================================
NEWUSER=peteyoung
useradd -m -G users,wheel $NEWUSER
NEWPASS=<REDACTED>
echo -e "$NEWPASS\n$NEWPASS" | passwd peteyoung
unset NEWPASS
echo "$NEWUSER ALL=(ALL:ALL) ALL" >> /etc/sudoers
echo "export EDITOR=$(which vim)" >> /home/$NEWUSER/.bashrc
curl ssh keys
===========================================================
PRIVKEYURL=<REDACTED>
PUBKEYURL=<REDACTED>
AUTHKEYSURL=<REDACTED>
mkdir ~/.ssh
curl -L $PRIVKEYURL > ~/.ssh/ln_rsa
curl -L $PUBKEYURL > ~/.ssh/ln_rsa.pub
chmod 700 ~/.ssh
chmod 600 ~/.ssh/ln_rsa
chmod 600 ~/.ssh/ln_rsa.pub
mkdir /home/$NEWUSER/.ssh
cp ~/.ssh/ln_rsa /home/$NEWUSER/.ssh
cp ~/.ssh/ln_rsa.pub /home/$NEWUSER/.ssh
curl -L $AUTHKEYSURL > /home/$NEWUSER/.ssh/authorized_keys
chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh
chmod 700 /home/$NEWUSER/.ssh
chmod 600 /home/$NEWUSER/.ssh/ln_rsa
chmod 600 /home/$NEWUSER/.ssh/ln_rsa.pub
chmod 600 /home/$NEWUSER/.ssh/authorized_keys
Disable ssh root login and password auth
===========================================================
sed -r -i.bak \
-e 's/^#?PermitRootLogin .*$/PermitRootLogin no/g' \
-e 's/^#?PasswordAuthentication .*$/PasswordAuthentication no/g' \
-e 's/^#?PermitEmptyPasswords .*$/PermitEmptyPasswords no/g' \
/etc/ssh/sshd_config
/etc/init.d/sshd restart
Install some more packages
===========================================================
sudo emerge dev-vcs/git
sudo emerge dev-vcs/mercurial
sudo emerge app-misc/tmux
Update the kernel
===========================================================
# http://wiki.gentoo.org/wiki/Kernel/Upgrade
# https://www.linode.com/docs/tools-reference/custom-kernels-distros/run-a-custom-compiled-kernel-with-pvgrub
# install kernel source
# http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-kernel/gentoo-sources/
sudo emerge sys-kernel/gentoo-sources
# NOTE: some kernels may require a keyword change in order to be emerged
sudo vim /etc/portage/package.accept_keywords
# add the following lines to package.accept_keywords
---------------------------8<---------------------------
# required by =sys-kernel/gentoo-sources-3.18.1 (argument)
=sys-kernel/gentoo-sources-3.18.1 ~amd64
--------------------------->8----------------------------
sudo emerge sys-kernel/gentoo-sources
- or to force the version -
sudo emerge -1 =sys-kernel/gentoo-sources-3.18.1
# review and set link to current kernel sources
eselect kernel list
sudo eselect kernel set 1
# jump into src dir
cd /usr/src/linux
# make a copy of current linode gentoo kernel config in src dir
sudo sh -c 'zcat /proc/config.gz > .config'
# if you need to sanitize sources
sudo cp .config /usr/src/kernel_config_bk
sudo make distclean
sudo mv /usr/src/kernel_config_bk .config
# redo config with nftables options enabled
sudo make oldconfig
# build modules and kernel
sudo make modules_prepare
sudo emerge --ask @module-rebuild
sudo make -j3
sudo make install
sudo make modules_install
# set up pv-grub with new kernel
sudo mkdir /boot/grub
sudo vim /boot/grub/menu.lst
---------------------------8<---------------------------
timeout 3
title Custom Compile, vmlinuz-3.17.7-gentoo
root (hd0)
kernel /boot/vmlinuz-3.17.7-gentoo root=/dev/xvda ro quiet
--------------------------->8---------------------------
Set up the profile to boot the kernel with pv-grub
-----------------------------------------------------------
Dashboard -> My Gentoo 2014.12 Profile -> Kernel dropdown
Select pv-grub-x86_64
Save changes
uname -a
---------------------------8<---------------------------
Linux aybabtu 3.16.7-x86_64-linode49 #3 SMP Fri Nov 14 16:55:37 EST 2014 x86_64 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz GenuineIntel GNU/Linux
Linux aybabtu 3.17.7-gentoo #1 SMP Wed Dec 31 01:54:08 CST 2014 x86_64 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz GenuineIntel GNU/Linux
--------------------------->8---------------------------
Reboot the Linode
uname -a
---------------------------8<---------------------------
Linux aybabtu 3.17.7-gentoo #1 SMP Wed Dec 31 01:54:08 CST 2014 x86_64 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz GenuineIntel GNU/Linux
Linux aybabtu 3.18.1-gentoo #1 SMP Sun Jan 4 17:48:01 CST 2015 x86_64 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz GenuineIntel GNU/Linux
--------------------------->8---------------------------
Scan open ports
===========================================================
# https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps
sudo nmap -Pn 173.255.198.155
---------------------------8<---------------------------
Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-31 18:38 CST
Nmap scan report for yepitworks.com (173.255.198.155)
Host is up (0.036s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
--------------------------->8---------------------------
Install nftables
===========================================================
# be sure kernel source is installed and you've recompiled the
# kernel with nftables options enabled
# create or edit package.accept_keywords
sudo vim /etc/portage/package.accept_keywords
# add the following lines to package.accept_keywords
---------------------------8<---------------------------
# required by net-firewall/nftables (argument)
=net-firewall/nftables-0.4 ~amd64
# required by net-firewall/nftables-0.4
# required by net-firewall/nftables (argument)
=net-libs/libnftnl-1.0.3 ~amd64
--------------------------->8---------------------------
# install nftables
sudo emerge net-firewall/nftables
# setup nftables tables, chains, and rules
cat > rules.nft
---------------------------8<---------------------------
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
ip protocol icmp limit rate 10/second accept
ip protocol icmp drop
ip6 nexthdr ipv6-icmp limit rate 10/second accept
ip6 nexthdr ipv6-icmp drop
ct state established,related accept
ct state invalid drop
ip6 daddr & :: == :: icmpv6 type { nd-router-advert, nd-neighbor-solicit, echo-request, nd-neighbor-advert} accept
tcp dport { ssh} accept
counter packets 61 bytes 2563 drop
}
chain output {
type filter hook output priority 0;
}
}
--------------------------->8---------------------------
ctrl-d
nft -f rules.nft
nft list ruleset
Install dotfiles from github
===========================================================
* Have you forgotten to do a complete update prior to depclean? The
* most comprehensive command for this purpose is as follows:
*
* emerge --update --newuse --deep --with-bdeps=y @world
find ~/.ssh -name '*.pub' -print0 \
| xargs -0 -n 1 -I {} sh -c \
'echo $(basename {}): $(ssh-keygen -lf {})' \
| awk '{printf "%-20s %-5s %-48s %-8s\n", $1, $2, $3, $4}'
PREVIOUS ISSUES
===========================================================
===========================================================
inodes issue when first synching emerge
===========================================================
df -i
---------------------------8<---------------------------
Filesystem Inodes IUsed IFree IUse% Mounted on
rootfs 196608 48102 148506 25% /
/dev/root 196608 48102 148506 25% /
devtmpfs 254813 1358 253455 1% /dev
tmpfs 255108 802 254306 1% /run
shm 255108 1 255107 1% /dev/shm
cgroup_root 255108 12 255096 1% /sys/fs/cgroup
--------------------------->8---------------------------
emerge --sync
---------------------------8<---------------------------
receiving incremental file list
rsync: mkstemp "/var/tmp/.tmp48j99g.GMJD5b" failed: No space left on device (28)
--------------------------->8---------------------------
df -i
---------------------------8<---------------------------
Filesystem Inodes IUsed IFree IUse% Mounted on
rootfs 196608 196607 1 100% /
/dev/root 196608 196607 1 100% /
devtmpfs 254813 1358 253455 1% /dev
tmpfs 255108 802 254306 1% /run
shm 255108 1 255107 1% /dev/shm
cgroup_root 255108 12 255096 1% /sys/fs/cgroup
--------------------------->8---------------------------
# Research
https://nixos.org/wiki/Install_NixOS_on_Linode
https://forums.gentoo.org/viewtopic-t-422692-start-0.html
https://forum.linode.com/viewtopic.php?t=3423
http://forums.gentoo.org/viewtopic-p-7168622.html
Portage disk space issue
===========================================================
Argh! vim-core at 7.4.237, but vim at 7.3.567
----------------------------------------
emerge vim
# Blargh! drive full.
# `du -hd1` points at /var/tmp/portage.
# rm all the subfolders in /var/tmp/portage.
# rerun `emerge vim`
Update all the things
===========================================================
# https://forums.gentoo.org/viewtopic-t-763595-start-0.html
# update meta-data (no man page, eix-sync -h)
eix-sync
# pretend, display what *would* have been installed
emerge -puDNv world
# just fetch all the packages, don't build
emerge -fuDNv world
# actually update all the things now
emerge -uDNv world
# sane configuration file merging
dispatch-conf
# pretend to build reverse dependencies, display what *would* have been installed
revdep-rebuild --pretend
# build reverse dependencies
#revdep-rebuild --ignore
# clean out the portage drive
rm /usr/portage/distfiles/*
sudo emerge net-firewall/nftables
Password:
* IMPORTANT: 8 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
Calculating dependencies... done!
[ebuild N ] net-libs/libmnl-1.0.3-r1 USE="-examples -static-libs"
[ebuild NS ] app-text/docbook-xml-dtd-4.2-r2 [4.1.2-r6]
[ebuild N ] dev-perl/XML-NamespaceSupport-1.110.0-r1
[ebuild N ] dev-perl/XML-SAX-Base-1.80.0-r1
[ebuild N ] dev-perl/XML-SAX-0.990.0-r1
[ebuild N ] dev-perl/XML-LibXML-2.1.400-r1 USE="{-test}"
[ebuild N ] app-text/docbook2X-0.8.8-r4 USE="{-test}"
[ebuild N ~] net-libs/libnftnl-1.0.3 USE="-examples -json -static-libs {-test} -xml"
[ebuild N ~] net-firewall/nftables-0.4 USE="readline -debug"
The following keyword changes are necessary to proceed:
(see "package.accept_keywords" in the portage(5) man page for more details)
# required by net-firewall/nftables (argument)
=net-firewall/nftables-0.4 ~amd64
# required by net-firewall/nftables-0.4
# required by net-firewall/nftables (argument)
=net-libs/libnftnl-1.0.3 ~amd64
Use --autounmask-write to write changes to config files (honoring
CONFIG_PROTECT). Carefully examine the list of proposed changes,
paying special attention to mask or keyword changes that may expose
experimental or unstable packages.
update and upgrade brew
install nmap
scan server's ports
2013-09-27-initramfs-required
Title Separate /usr on Linux requires initramfs
Author William Hubbs <williamh@gentoo.org>
Posted 2013-09-27
Revision 1
Linux systems which have / and /usr on separate file systems but do not
use an initramfs will not be supported starting on 01-Nov-2013.
If you have / and /usr on separate file systems and you are not
currently using an initramfs, you must set one up before this date.
Otherwise, at some point on or after this date, upgrading packages
will make your system unbootable.
For more information on setting up an initramfs, see this URL:
https://wiki.gentoo.org/wiki/Initramfs/HOWTO
Due to many upstream changes, properly supporting Linux systems that
have /usr missing at boot time has become increasingly difficult.
Despite all our efforts, it already breaks in some exotic
configurations, and this trend is likely to grow worse.
For more information on the upstream changes and why using an initramfs
is the cleanest route forward, see the following URLs:
http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
https://blog.flameeyes.eu/2013/01/the-boot-process
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment