Krusty Ruffle Babbles!

I was originally thinking of using apt-cacher for this, and I’m sure it would be a more bandwidth friendly solution, but I had some issues with using it for local installs and had already used apt-mirror to build an entire mirror before I figured out what the problem was. Considering that I already had 30 some gigs of mirror sitting there I went ahead and stuck with the apt-mirror solution.

I had also planned on using a separate Xen DomU to set this up on, but as both of these work through the Apache web server I went ahead and modified the LAMP server DomU to also contain this. If your running this in a Xen virtual machine, and you haven’t created the virtual machine yet then this one needs to be big. Apt-mirror takes a little over 26 gigs for the main, restricted, universe, and multiverse repositories, and that’s without mirroring the source repositories. If you also mirror other repositories you could very easily go over 30 gigs, and I have no idea how big the source repositories would be but I would guess they are bigger than the non-source equivalents. If you have already made the virtual machine then you have a couple of choices. You could make another volume and set it up so that it mounts in the place you want your repositories to be mirrored, or you can extend the volume you have set up for the virtual machines root drive, or var if you used multiple volumes. I’ve used the second option and will not be covering the first one here. As always, most of this requires root access, so sudo -i might be a good idea, and any commands I post will need to be modifies to fit your naming schemes etc…

Fixing Xen: In my case, I had not only already made the volumes for the LAMP virtual machine, but I had also made the volumes for the install server. Luckily there is a command for deleting the virtual machines:

xen-delete-image --lvm /dev/system-volume/ machine.yourdomain.name

This is supposed to remove the machine.yourdomain.name-disk and machine.yourdomain.name-swap volumes, but for some reason it did not work for me. If this happens to you you can manually remove them with:

lvremove volume-group-name/machine.yourdomain.name-disk \
&& lvremove volume-group-name/machine.yourdomain.name-swap

Assuming the volume is not mounted, and that you’ve named your xen doms as I have in previous walkthroughs, this will remove them.

To extend the volume that we already have as a lamp-server we first need to shut it down:

xm shutdown machine.yourdomain.name

Once it’s shutdown we can extend the LVM volume with:

lvextend -L+50G /dev/volume-group/machine.yourdomain.name-disk

The above command will extend the disk by 50 gigs. If you plan on mirroring source code repositories or other stuff this will most likely not be enough. The original Xen machines were made with 5 gig root drives, +50G only makes 55 gigs. If you are planning on mirroring only the main repository, without restricted, universe, or multiverse then this may be overkill. It is good for me though, so that’s what I used

Now, before we restart the virtual machine we need to do a couple of things to make this extended volume be recognised properly, first we need to disk check it:

e2fsck -f /dev/volume-group/machine.yourdomain.name-disk

I’m assuming this is built with ext3, as I was unable to get reiserfs to work and I’ve stuck with ext3 throughout this series, if not then you will need the proper command for your formatting. After disk checking we can actually extend the formatting to the new end of the volume:

resize2fs /dev/volume-group/machine.yourdomain.name-disk

And finally, restart the virtual machine:

xm create /etc/xen/machine.yourdomain.name -c

The ‘-c’ on the above will attach you to the console of the starting virtual machine, if you don’t want to watch it boot up and would rather log in with ssh then that is not needed.

Now that it’s back up and running we need to log in and probably get a root console. I do this with ssh and sudo -i, you might use the ‘-c’ option above, or attach to the console with:

xm console machine.yourdomain.name

Apt-Mirror: There is a very nice howto about apt-mirror at howtoforge.com. I used it for this, with only a couple of issues to note:

1. If you plan to do installs from this mirror then you need to make sure that you have mirrored the /debian-installer repositories, if you do not then you will get file not found errors all over the place and the install will blow up. I will post an example for Ubuntu Hardy below.
2. To make the local mirrors available over HTTP I did not create symlinks. Instead I set up a site file called ‘mirror’ for apache, placed some aliases and directory rules in it and enabled it to make the mirrors available in different directories of the server. This just felt like a cleaner solution to me, I will cover how to do that, but if you prefer symlinks then either way will work fine.
3. I did not use ip addresses for the servers in my configuration files, I have a DNS server setup and I use the FQDN of my servers in all configuration files. It may be that I’ll be screwed on those occasions that DNS dies for some reason, but it will also be easier for me to move something from one server to another as I will not need to fix all of the config files when I do, dns will take care of that for me. Once again, this ust feels cleaner to me, but the choice is yours, either way will work.

My Example mirror.list for Ubuntu Hardy:

############# config ##################
#
# set base_path    /var/spool/apt-mirror
#
# if you change the base path you must create the directories below with write privlages
#
# set mirror_path  $base_path/mirror
# set skel_path    $base_path/skel
# set var_path     $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
set nthreads     20
set _tilde 0
#
############# end config ##############

deb http://us.archive.ubuntu.com/ubuntu hardy main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu hardy-updates main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu hardy-backports main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu hardy-security main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu hardy-proposed main restricted universe multiverse

# These lines are needed if you plan to do netboot installs from this mirror
deb http://us.archive.ubuntu.com/ubuntu hardy main/debian-installer multiverse/debian-installer restricted/debian-installer universe/debian-installer
deb http://us.archive.ubuntu.com/ubuntu hardy-updates main/debian-installer restricted/debian-installer universe/debian-installer
deb http://us.archive.ubuntu.com/ubuntu hardy-backports main/debian-installer
deb http://us.archive.ubuntu.com/ubuntu hardy-security main/debian-installer restricted/debian-installer universe/debian-installer

# Cononical's 'partner' repository... not part of Ubuntu...
deb http://archive.canonical.com/ubuntu hardy partner
#deb-src http://archive.canonical.com/ubuntu hardy partner

## Medibuntu - Ubuntu 8.04 LTS "hardy heron"
## Please report any bug on https://bugs.launchpad.net/medibuntu/
deb http://packages.medibuntu.org/ hardy free non-free
#deb-src http://packages.medibuntu.org/ hardy free non-free

# I'm not mirroring any source code, I rarely use it so it would be a waste of storage/bandwidth for me.
#deb-src http://archive.ubuntu.com/ubuntu hardy main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu hardy-backports main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu hardy-security main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu hardy-proposed main restricted universe multiverse

clean http://us.archive.ubuntu.com/ubuntu
clean http://security.ubuntu.com/ubuntu
clean http://archive.canonical.com/ubuntu
clean http://packages.medibuntu.org

Now for the apache site file, first we need to do:

vim /etc/apache2/sites-available/mirror

Mine looks like:

<IfModule alias_module>
# mod alias is enabled by default so this should work
# without issues.
Alias /ubuntu/ "/var/spool/apt-mirror/mirror/us.archive.ubuntu.com/ubuntu/"
<Directory "/var/spool/apt-mirror/mirror/us.archive.ubuntu.com/ubuntu">
    Options Indexes MultiViews FollowSymlinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 192.168.1.0/24
</Directory>

Alias /canonical/ "/var/spool/apt-mirror/mirror/archive.canonical.com/ubuntu/"
<Directory "/var/spool/apt-mirror/mirror/archive.canonical.com/ubuntu">
    Options Indexes MultiViews FollowSymlinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 192.168.1.0/24
</Directory>

Alias /medibuntu/ "/var/spool/apt-mirror/mirror/packages.medibuntu.org/"
<Directory "/var/spool/apt-mirror/mirror/packages.medibuntu.org">
    Options Indexes MultiViews FollowSymlinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 192.168.1.0/24
</Directory>

</IfModule>

Now to enable the mirror sites:

a2ensite mirror

And reload apaches to get it working:

/etc/init.d/apache2 reload

You should now be able to get to your repositories through HTTP, test it by aiming a browser at http://apacheserver.yourdomain.name/mirror/ and see if it gives any errors. Assuming that all is well I’ll move on.

PXE Installs: Allright, this part requires a few things. I used a howto at the howtoforge.com website for this one too. However, the howto involves setting up for installing several distros and I do not need that, so I have only used information on the first 2 pages so far.

Some notes about getting this to work:

1. netkit-inetd is not a separate package anymore, I used openbsd-inetd, so the install line should look like:

   apt-get install openbsd-inetd tftpd-hpa dhcp3-server lftp

2. I had to manually start inet.d the first time, apparently it installed before tftpd-hpa so it though it had nothing to do and did not start. I did that with:

   /etc/init.d/openbsd-inet.d start

3. I used the FQDN of the server in the DHCP config.
4. tftp uses UDP port 69. If you are using UFW you can open that up with:

   ufw allow proto udp from 192.168.1.0/24 to <ip.of.this.server> port 69 

   This is the one place you actually have to have the ip, and that’s only if you want to limit the interface that can accept connections.

5. On page 2 of the howto, right off the bat, when you download the netboot directory from the ubuntu repository you need to make sure you change ‘edgy’ to ‘hardy’ in the lftp command so that first code block will look like:

   cd /tmp
   lftp -c "open http://archive.ubuntu.com/ubuntu/dists/hardy/main/installer-i386/current/images/; mirror netboot/"
   mv netboot/* /var/lib/tftpboot
   rm -fr netboot

6. The /var/lib/tftpboot/pxelinux.cfg/default file is different now, and you will need to make a couple of small changes to it to get net installs to use the local mirror. This involves setting a preseed file and using it to tell the installer where the mirror is. I’ll post samples below.

Sample /var/lib/tftpboot/pxelinux.cfg/default file:

DISPLAY ubuntu-installer/i386/boot-screens/boot.txt

F1 ubuntu-installer/i386/boot-screens/f1.txt
F2 ubuntu-installer/i386/boot-screens/f2.txt
F3 ubuntu-installer/i386/boot-screens/f3.txt
F4 ubuntu-installer/i386/boot-screens/f4.txt
F5 ubuntu-installer/i386/boot-screens/f5.txt
F6 ubuntu-installer/i386/boot-screens/f6.txt
F7 ubuntu-installer/i386/boot-screens/f7.txt
F8 ubuntu-installer/i386/boot-screens/f8.txt
F9 ubuntu-installer/i386/boot-screens/f9.txt
F0 ubuntu-installer/i386/boot-screens/f10.txt

DEFAULT install

LABEL install
        kernel ubuntu-installer/i386/linux
        append vga=normal initrd=ubuntu-installer/i386/initrd.gz url=http://apcheserver.yourdomain.name/preseed/preseed.cfg --
LABEL linux
        kernel ubuntu-installer/i386/linux
        append vga=normal initrd=ubuntu-installer/i386/initrd.gz url=http://apcheserver.yourdomain.name/preseed/preseed.cfg --
LABEL cli
        kernel ubuntu-installer/i386/linux
        append tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false vga=normal initrd=ubuntu-installer/i386/initrd.gz  url=http://apcheserver.yourdomain.name/preseed/preseed.cfg --
LABEL expert
        kernel ubuntu-installer/i386/linux
        append priority=low vga=normal initrd=ubuntu-installer/i386/initrd.gz url=http://apcheserver.yourdomain.name/preseed/preseed.cfg --
LABEL cli-expert
        kernel ubuntu-installer/i386/linux
        append tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false priority=low vga=normal initrd=ubuntu-installer/i386/initrd.gz  url=http://apcheserver.yourdomain.name/preseed/preseed.cfg --

LABEL rescue
        kernel ubuntu-installer/i386/linux
        append vga=normal initrd=ubuntu-installer/i386/initrd.gz rescue/enable=true  url=http://apcheserver.yourdomain.name/preseed/preseed.cfg --

PROMPT 1
TIMEOUT 0
<

Now, you need to create the directory under the apache root directory, I’ve assumed that you have non encrypted apache running from /var/www/html if this is not the case then this command will need adjusted:

mkdir /var/www/html/preseed

Create the preseed file:

vim /var/www/html/preseed/preseed.cfg

The following will get the installs to use the local mirror. Please read the comments for information about available options:

#### Contents of the preconfiguration file
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
# uses HTTP by default
#d-i mirror/protocol string ftp
# this sets the country code for your mirror, not needed for local mirrors
# but setting it stops it from asking... I think...
d-i mirror/country string manual
# sets the url to the mirror
d-i mirror/http/hostname string apacheserver.yourdomain.name
# sets the directory of the mirror, relative to the above url
d-i mirror/http/directory string /ubuntu
# setting this as empty stops it from asking about proxy settings
d-i mirror/http/proxy string

# Suite to install.
d-i mirror/suite string hardy
# Components to use for loading installer components (optional).
# used to install components from repositories other than main
d-i mirror/udeb/components multiselect main, restricted, universe, multiverse

### Apt setup
# You can choose to install restricted, universe, and multiverse software,
# or to install software from the backports repository.
d-i apt-setup/restricted boolean true
d-i apt-setup/universe boolean true
d-i apt-setup/backports boolean true
d-i apt-setup/multiverse boolean true

# Select which update services to use
# Choices: security updates (from security.ubuntu.com),
#       volatile updates (from volatile.debian.org)
d-i apt-setup/services-select multiselect security
# define the mirror for the above, only if you've chosen to mirror the security updates
d-i apt-setup/security_host string apacheserver.yourdomain.name
# and the directory for the updates, relative to the above
d-i apt-setup/security_path string /ubuntu

Alright! Once that is saved you should be able to do a network boot and install the whole thing from your local mirror. This has been a much more complicated thing that what I had thought it would be, though most of the complications are with kickstart and preseeding, which I’ll get to next.