Cloud

First steps with a brand new Ubuntu virtual machine

Here is a quick how-to on setting up a brand new Ubuntu VM and adding a web server. Ubuntu is the most popular open source OS for cloud deployments.

Plenty of cloud providers offer ready-made Ubuntu images. That's no surprise. Ubuntu is the most popular open-source operating system for cloud deployments. There are more virtual machines running the Ubuntu OS than any other because it's free, it's the reference OS for OpenStack, and you can rely on help for the LTS (Long Term Support) version for five years. For that reason, it's a good idea to be familiar with the basic setup.

A brand new basic Ubuntu machine needs a little care and attention to get it up to scratch - for instance, it has no web server. A little CLI (Command Line Interface) work will do the trick. These commands upgrade your system and install a web server, and are pretty much the same no matter which IaaS provider you've chosen. The commands also produce a huge amount of feedback - hundreds of lines of abbreviated text.

Open a CLI on your new Ubuntu VM.

You must type a few commands in using the CLI.

  1. Find the public IP address of your new VM, such as 173.1.25.34.
  2. Open an SSH client. It doesn't matter which one - you may be using PuTTY on a Windows OS or OpenSSH on a Mac.
  3. Connect and log in.

The Connect and log in procedure varies between cloud providers.

The first time you connect using SSH you see an RSA key fingerprint, which is an obscure list of characters like this: 23:fd:82:c1:3e:5a:66:fc:97:37:36:29:67:3b:5b:c1. You should check this fingerprint against the new machine's RSA key fingerprint to make sure they match, but most people just skip this security check. If you want to do things properly, you will find the machine's fingerprint buried somewhere in the console output. AWS let you get at the console output using their control panel, but it does take some digging.

Logging in requires some kind of authentication. AWS and HP use key-based authentication. Rackspace and GoGrid let you use password authentication.

Upgrade your system and install a web server

Use the APT (Advanced Package Tool) by running these apt-get commands. You have to run these commands using the root account. In Ubuntu, that means sticking the sudo command in front.

  1. Get a new list of security updates: sudo apt-get update Your new VM's OS talks to the Ubuntu servers and updates its list of packages. The machine may be brand new, but the image it was built from is months out of date.
  2. Install the security updates: sudo apt-get upgrade All the old packages are upgraded. Security upgrades are downloaded from Ubuntu to your VM and installed. Ugrading 100 packages may take 10 minutes.
  3. Install a web server: apt-get install apache2 The Apache web server is downloaded, installed, and run.

Restart your machine (if you have 5 minutes)

Linux does not usually need rebooting, but if a system package is upgraded (like linux-image-virtual, a kernel package) then unfortunately a restart is required.

You can put off this job for a little while. Your system can't use the updated kernel until you reboot the machine, but it's not urgent and it won't break anything.

  1. Restart: sudo reboot Your CLI closes.
  2. Wait five minutes. That's plenty of time for a VM to shut down and start back up again.
  3. Open a CLI again.

Check your work.

Put the IP address into your web browser: http://173.1.25.34/. An It works! page appears.

Congratulations!

Your machine is now secure and providing a simple customer service. Coming up, I will introduce you to the GoGrid cloud hosting provider and show you how to put this Ubuntu VM to work.

About

Nick Hardiman builds and maintains the infrastructure required to run Internet services. Nick deals with the lower layers of the Internet - the machines, networks, operating systems, and applications. Nick's job stops there, and he hands over to the ...

6 comments
Brainstorms
Brainstorms

Another tip: After connecting to your remote machine via SSH, launch 'byobu' (rather than 'screen') in order to have a mult-tabbed console to interact with your system. Byobu is 'screen' on steroids, complete with customizable status indicators, the ability to split windows (H&V), and (as with 'screen') the ability to detach sessions and return to them later --history display & all-- even after logging out & logging back in again. Once you understand the concept of a "virtual terminal", you'll see the value. And it's all but essential for any session with a risk/bad outcome if the connection is lost mid-use.

Brainstorms
Brainstorms

Here's a tip: Use FWKNOP to secure remote access to your system (real or virtual). FWKNOP uses a stealthed port and a single encrypted "unlock" packet (containing a password, and sent by the client FWKNOP app to a port of your choice) to open your firewall. Even then, it will only accept connections from your originating IP. The implementation is done in such a way to frustrate port scanning, replay attacks, etc. FWKNOP opens a set of ports of your choosing in your firewall for a chosen duration -- i.e., long enough to get an SSH or RD session started -- then closes the firewall again, making your host "disappear" from the net. (Any established sessions will remain connected after the firewall closes.) It's in the Ubuntu repositories. The best way to avoid break-in attacks is to appear as though your machine doesn't even exist. Except to you, when you want it to.

Brainstorms
Brainstorms

You should update with sudo apt-get update && sudo apt-get dist-upgrade which handles any changed dependencies due to new packages. Also, you should use sync; sync; reboot to reboot your system remotely. This flushes all file buffers out to disk (and is done twice to be SURE) before rebooting, helping to prevent file system corruption.

YehudahGriffin
YehudahGriffin

Wow. I had no idea Ubuntu is the most popular open source OS for cloud deployments. Where is the data on that statement? [edit]..no data, go figure.[/edit]