Ultimate home server - Installing the base system

This is a rather large complicated project for me. I’m putting these posts here mostly as a record of what worked for me, or possibly what didn’t work. If you use these pages to attempt this yourself then I hope that these pages are helpful, but I cannot guarantee any certain results. If you encounter any problems while following these instructions then feel free to leave a comment and I’ll try to see if I can help, but you shouldn’t expect much as I am just some guy with a weird hobby and not a real IT professional.  In other words, good luck, but your mostly on your own…  :P
Also, if you follow this guide then please notice that I have not used any means of backing up anything on the server. When using encrypted drived there is always the threat of lost data, especially in multi disk LVM arrays due to the fact that any problems with the disks will make the entire disk array unreadable and unrecoverable. I would hope that anyone doing this with information that is important would be sure to have a suitable backup solution in place.

Before doing this you may want to consider running DBAN or some other hard drive wiping software, this will fill the drives in your computer with random data which makes it harder for someone to tell where the actual data is. It’s not a nessecary step, but it is another small layer of protection. Whether you opt to DBAN or not you need to download the server image for Ubuntu Hardy Heron and burn it to a disk. Once that is done I set my BIOS to boot from CD first, and HDD0 second. The procedure for this is different on every computer, but it’s not hard to figure out. Now, make sure that any drives you intend to use are hooked up/enabled/plugged in/etc… including USB sticks or other external media. Then put the cd in the computer and boot into the install. The install is not really complicated, most of it is obvious and easy to figure out, I’ll be skipping over most of it and only hitting on the parts that are important to me.

Configure Network: This I want to do manually as I will eventually be using a Xen virtual machine on this physical machine for DHCP and DNS. I assigned an IP in the 192.168.1. range. The install will fill in defaults for Netmask, Gateway, Name Server, and Hostname. Change these if you need to, or accept the defaults. I would suggest at least changing the hostname to something other than “ubuntu” and then assigning a domain name, (the domain name will be needed later for some things to function properly).

Partition Disks: This is the most complicated part of the base install. There are tons of howtos out there that show how to do an encrypted install with Ubuntu, but none of them tell you how to add other encrypted volumes during that install, or how to set it up when you want to put several disks into an LVM volume and encrypt them. What I want here is an encrypted root drive, swap, and three large disks in an LVM array that is also encrypted and I want to use as few passphrases as possible. I also want to be able to put some key files on a removable USB stick so that I can plug it in when I find I have to reboot which will allow me to avoid typing in long passphrases every time. I originally also wanted to put my /boot partition on the removable drive so that everything on the computer itself would be encrypted, but my BIOS has very flaky support for that and I could not do it with this machine. Still, to make things easier later I’m making sure the USB stick is plugged in before I partition anything and I’ll be using the installer’s partitioner to format and prepare it.

When you get to the Partition Disks screen you will have several “guided” choices and a “manual” choice. You want manual. On the next screen that comes up I would delete any existing partitions and start everything over, this will not be needed if they are new disks, or if you’ve done something like DBAN the machine to wipe everything out before installing. In my setup I have:

  • 3 250 GB drives, these are hooked up to an integrated HighPoint 3.72 raid that I only use for extra EIDE ports.
  • 1 80 GB drive, this will hold the /boot partition, as well as / and swap partitions.
  • 1 126 MB USB stick, this will eventually hold the key files for booting the machine, but I am going to format it and assign a mount point for it during the install.

Here are the steps I took, in order. You may not need to stick to this order completely, but some parts do need to be done in the proper order to succeed.

  1. select the USB stick.
    1. Create a new partition.
    2. Take the default size of the entire disk.
    3. Choose ‘Primary’ for the partition type.

    On the next screen you will:

    1. Select “Use as:” and choose ext2.
    2. Select “Mount point”, I manually entered /media/keys you may want to choose something else.
    3. Set any mount options you would like, or take the default.
    4. Set a label for the drive, I called this one “keys”, but this is not necessary.
    5. Set the bootable flag to ‘off’ if it is on.
    6. Choose “Done setting up the partition” to return to the main screen

    This finishes off the USB stick that will hold the keys to the system.

  2. Select the 80 GB drive that is intended to hold the /boot, / and swap partitions.
    1. Create a new partition.
    2. Change the size to 250 MB, or whatever you want your /boot partition to be. 250 MB is probably pretty big, but there is lots of hard drive to go ’round so that’s what I pick.
    3. Select Primary for the partition type.
    4. Leave this partition at the beginning of the drive.

    On the next screen you will:

    1. Select “Use as:” I use ext2 for the /boot partition, you may prefer something else.
    2. Select “Mount point:” Use /boot
    3. Set any mount options you would like, or take the default.
    4. Set a label for the partition, I used “boot”, or you can leave this blank.
    5. Set the bootable flag to ‘on’ if it is off.
    6. Choose “Done setting up the partition” to return to the main screen

    This Finishes up the /boot partition.

  3. Select the remaining space on the 80 GB drive, This is where things begin to get tricky…
    1. Create a new partition.
    2. Accept the default size of the rest of the disk.
    3. Select ‘Primary’ for the partition type.

    On the next screen you will:

    1. Select “Use as:” Choose “Physical Volume for encryption”
    2. Accept all the defaults for the partition. (At least I did, if you know what they all mean and are comfortable changing them then I’m sure you won’t need me to tell you anything about it. :) ) and choose “Done setting up the partition” to return to the main screen

    This finishes step one of the main drive… now I need to configure the encryption.

    1. Select “Configure Encrypted Volumes” from the main partitioner screen.
    2. Select ‘yes’ on the screen that asks about writing changes to disk.
    3. Enter a good passphrase at the prompts.

    Back on the main partitioner screen there should now be an entry about an encrypted volume that wasn’t there before. Select it and then:

    1. Select “Use As:” and choose “Physical volume for LVM“.
    2. Chose “Done setting up the partition” to return to the main partitioner screen.

    Now we need to select “Configure the Logical Volume Manager”

    1. Choose ‘yes’ when prompted about writing changes to the disk.
    2. Select “Create volume group”.This group takes up the rest of the drive, we will be using it for the / and swap partitions, plus leaving a large chunk of it free for Xen virtual machines and future needs.
      1. When prompted for a name I entered “system-volume”, you can choose whatever you would like.
      2. When prompted for devices to use in the group there should only be one choice at this point, it should show up as encrypted, select it.
    3. Select “Create Logical Volume”
      1. When prompted for logical group to create the volume from there should only be “logical-volume”, or whatever you named it, select it.
      2. When prompted for a name for this volume I chose “system-swap”, as this will be the swap partition eventually, you may chose whatever you like.
      3. When prompted for size I chose 1 GB. You can choose whatever you would set your swap at on a normal install.
    4. Repeat the above steps with the following changes:
      1. When Prompted for a name I chose “system-root” as this will be the / partition, you may name it whatever you like.
      2. When prompted for size I entered 4 GB, again, you may pick another size, but remember that a lot of the remaining disk will be used for virtual machines later on.
      3. Select “Finish LVM configuration” to return to the main partitioner screen.

    That finally finishes up this part, select the “done” or “finish” options until you get back to the main partitioner screen. You should see two new drives there, both of which refer to LVM, one around 1 GB and the other around 4 GB. If the sizes aren’t exact I wouldn’t worry about it, that always happens.

  4. Select the new LVM disk that is around 1 GB, mine said VG system-storage, LV system-swap, yours will be different if you chose different names for your volumes and/or group.
    1. Select “Use as:” choose “swap area”.
    2. Select “Done setting up the partition” to return to the main partitioner screen.

    That sets up the swap partition… next it the / partition.

  5. Select the LVM volume that is about 4 GB in size, mine said: VG system-volume, LV system-root…
    1. Select “Us as:” I use ReiserFS, you may want something else, ext3 is default…
    2. Select “Mount point:” choose /
    3. Select any mount options you may want, or just leave it at default.
    4. Set a label for the partition if you like, I set “root”
    5. Select “done setting up the partition” and return to the main partitioner screen.

That finishes up the / partition, and the whole 80 GB drive… We could install the system now, but we’ll take the opportunity to go ahead and set up the larger disks in an encrypted array while we are here. This needs to be done differently than the root drive, which was encrypted, then set up in LVM before being used. If we do that with these drives we will need three different passphrases to get it to start up and that’s just too much. We’ll do this the other way around, set up the drives in LVM, then encrypt that, this way we only need one passphrase to start it up. Much better I think.

  1. Select the other drives to be included in this group, one at a time do the following to them until they have all been done.
    1. Create a new partition.
    2. Accept the default size of entire disk.
    3. Choose ‘Primary’ for the partition type.

    On the next screen:

    1. Select “Use as:” choose “Physical volume for LVM
    2. Select “done setting up the partition” and return to the main partitioner screen.

    When this is done for all of the remaining disks continue to the next step….

  2. Select “Configure the Logical Volume Manager”
    1. Choose ‘yes’ when prompted about writing changes.
    2. Select “Create volume group”
      1. When prompted for a name I chose system-storage, you can choose whatever you would like.
      2. When prompted for drives to include the list should only include the drives you just set up in the last step, select them all.
    3. Select “create logical volume”
      1. When prompted for what group to create from there will be more than one group, the first one on the root drive, and the one that was just created. Make sure you select the right one, mine was named system-storage.
      2. when prompted for a name I chose “storage-data”, you can choose whatever you want.
      3. When prompted for size use the default size of the entire size or the group. (this gives you one great big drive to use for data storage… If that’s not what you want then choose a smaller size and create multiple volumes to suite your needs…)
      4. Select “Finish LVM configuration” to return to the main partitioner screen.

    That sets up all of the disks in one big logical volume, now continue to the next step to set up encryption for the volume.

  3. Select “Configure encrypted volumes”
    1. Choose ‘yes’ when prompted to write changes to the disk.
    2. Enter a good passphrase at the prompts.

    That’s it for that, now continue to the next step to finish preparing the huge partition for system use.

  4. Back on the main partitioner screen select the newly created huge encrypted drive. Mine was named “system–storage-storage–data_crypt” yours may be different if you have used different names along the way…
    1. Select “Use as:” I use ReiserFS, you may prefer something else.
    2. Select “Mount Point:” I used /media/data
    3. Select mount options as desired.
    4. Set label if you want, I used “data”
    5. Select “done setting up the partition” and return to the main partitioner screen.

That should finish up all of the partition stuff and drive setup. check to make sure you have set all of the mount points that you need and select “Finish partitioning and write to disk”. You will need to, of course, choose ‘yes’ when prompted about writing the changes to disk.

The rest of the install is pretty self explanatory, but on the software selection screen I only chose “OpenSSH server”. This means that I’ll have to set up the other stuff later, but right now I just want to get it up and running enough that I can log in from my desktop and work on it from there…

I think this is long enough for today, it should come up okay, but you may get a GRUB error if your bios and the installer see your drives in a different order. Tomorow I will cover that problem, set up the OpenSSH server, do a little bit of GRUB security, and get keyfiles on the USB drive….

Share and Enjoy:
  • StumbleUpon
  • Digg
  • Reddit
  • del.icio.us
  • Facebook
  • Mixx
  • Google
This entry was written by admin, posted on June 26, 2008 at 4:03 pm, filed under Ubuntu and tagged , , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never shared.