Lab 00 - Installing The Base System

There was a young lady named Hall,
Wore a newspaper dress to a ball.
        The dress caught on fire
        And burned her entire
Front page, sporting section, and all.

Overview

In this lab you will be performing the following tasks:

  1. Selecting an available DNS name for your virtual machine
  2. Logging into the VMWare server
  3. Create your virtual machine
  4. Installing the base machine
  5. Creating users
  6. Copying SSH public keys to my and root's accounts
  7. Installing OpenSSH server
  8. Updating the system packages

Grading

This lab is due at 5:05pm, Thursday January 25th, 2007. The grading criteria for this lab are the following:

  1. You pick a DNS name for your machine that is unique on campus
  2. You follow all of the criteria for the installation of your machine:
    • RAM set to 128MB
    • Disk space is 2.0GB
    • You don't install X windows
  3. The machine is pingable on the network
  4. I am able to login via ssh to my account and 'root' without a password
  5. The system packages are up to date
Notes

If I find that anyone has installed their machine with more than 2.0GB, I will delete the virtual machine, give you a zero for the assignment, and you will have to install again. Also, there is very little disk space, and so if you install X windows, you will also receive a zero on the assignment.

Commands Covered

  • nslookup (man page) - DNS query tool
  • dig (man page) - Another DNS query tool, output compatible with BIND configuration files
  • host (host) - Yet another DNS query tool
  • sudo (man page) - Super User DO, or do the following command with root privileges
  • adduser/useradd (man page) - Wrapper script that runs useradd and other commands like chfn
  • mkdir (man page) - Creates a directory
  • ls (man page) - Lists the contents of a directory
  • apt-get (man page) - Ubuntu Package manager. Actually comes from Debian (since Ubuntu is built on Debian)
  • su (man page) - Switch User, changes to another user. Requires the target user's password to change, unless the command is run as root.
  • wget (man page) - Performs an HTTP GET request and saves the returned HTML to a file in the working directory

Selecting an available DNS name for your machine

The first thing you need to do is choose a name for your computer. This name will go into the CS department's DNS server which will look something like coolname.cs.colorado.edu. Before you can choose a name for your server, a few core details about DNS must be understood. DNS is a hierarchical naming system in the form of a tree, very similar to trees studied in algorithms. Here is a visual example of how DNS is organized:

As you can see, there is a top-level node in the DNS tree that doesn't have a name. This node is called the 'root' node and is also NULL, as in the empty string. This detail will be very important later when we work on configuring a DNS server on our machines. A node on the tree is actually more than just an IP entry. In face, nodes are actually delegation domains, but we will cover that later. There are many different types of information that can be found at each node, such as IP addresses (A records), mail exchangers (MX records), and nameservers (NS records), but for this lab we will be worrying about only one: the A, or address record.

The address record is an IP address associated with the given DNS name, and is one of the most commonly used pieces of data within DNS. Whenever you open up google.com in your web browser, the browser actually performs a DNS lookup for the A (address) record for the name 'google.com', because DNS names are useless to computers. They need IP addresses in order to communicate to each other. Once the translation is done from name to IP address, a connection is made, and you see data displayed on your browser.

Now, since DNS is organized in a tree, identical node names can exist at different levels. For example, you can have the names coolname.dns.org and coolname.coolname.dns.org can both co-exist. However, within the colorado.edu domain, ITS requires that almost every bottom-level DNS name be unique across all sub-domains within colorado.edu. What does this mean? This means that ITS does not allow 'coolname' to exist at multiple levels within the domain.

Now onto the key part about selecting a name for your machine: You must select a name that is unique across both the cs.colorado.edu and colorado.edu domains. In order to check whether or not a name is available, we must query DNS using an available tool on our linux machines, and we actually have three options. Let's look at how we can use all three tools.

nslookup

Nslookup is a very easy tool, and is quite popular. The output is simple and intuitive to anyone with a little experience with DNS names and IP addresses. Let's work by example, so let's check if the DNS name 'bob' is available on campus. Remember, I said we want to check both our domain cs.colorado.edu as well as the top-level domain colorado.edu:

[23:15:11]schenkc@trunkmonkey:~$ nslookup bob.cs.colorado.edu
Server:         128.138.243.151
Address:        128.138.243.151#53

** server can't find bob.cs.colorado.edu: NXDOMAIN

The first line of output tells us which DNS server our nslookup utility is using to perform the query, in this case it's 128.138.243.151. The second line has the same IP address, as well as the port being used to communicate with the server, in this case it's port 53. The fourth line is what we want. The server can't find 'bob.cs.colorado.edu'. Notice the final text on this line, NXDOMAIN. This is the actual return value from the server, telling us that this is a Non-eXistent DOMAIN. So far so good! Let's try to lookup bob.colorado.edu now:

[23:18:19]schenkc@trunkmonkey:~$ nslookup bob.colorado.edu
Server:         128.138.243.151
Address:        128.138.243.151#53

Non-authoritative answer:
Name:   bob.colorado.edu
Address: 128.138.196.69

Ahh look at it this time, we actually got a response back. We received a non-authoritative answer (we will talk about what authority means later in the semester) that 'bob.colorado.edu' has an A record of 128.138.196.69. Looks like we'll have to look for another DNS name for our machine.

Notes on nslookup
  • Remember that I said that there are many different types of information in DNS, and we wanted the A (address) record returned to us, which is an IP address. I didn't specify this in the command, but the A record is the default record to be returned to us.
  • Nslookup has an interactive mode as well that can be entered if you run nslookup without any command-line arguments.

dig

Dig is my tool of choice to lookup DNS information, because the output from dig is actually compatible with the 'BIND' DNS server configuration files. After a while, reading both the config files and the output of dig become second nature. However, initially the output is quite confusing, so we will go over a few key pieces. Let's work by example, so I will be checking if the name 'bob' is availble on campus.

[23:14:51]schenkc@trunkmonkey:~$ dig bob.cs.colorado.edu

; <<>> DiG 9.3.2 <<>> bob.cs.colorado.edu
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40874
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bob.cs.colorado.edu.           IN      A

;; AUTHORITY SECTION:
cs.colorado.edu.        7200    IN      SOA     cs.colorado.edu. hostmaster.cs.colorado.edu. 2007011704 86400 1800 604800 7200

;; Query time: 1 msec
;; SERVER: 128.138.243.151#53(128.138.243.151)
;; WHEN: Wed Jan 17 23:15:11 2007
;; MSG SIZE  rcvd: 84

[23:15:11]schenkc@trunkmonkey:~$

Holy crap, that's a lot of output for a very simple command! We're only looking for two pieces of information from this output, which are the status and ANSWER sections. We don't have an answer section in the above output, but we always have a status:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40874
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
...
;; Query time: 1 msec
;; SERVER: 128.138.243.151#53(128.138.243.151)
;; WHEN: Wed Jan 17 23:15:11 2007
;; MSG SIZE  rcvd: 84

There's our Non-eXistent DOMAIN return value. Also notice the 'AUTHORITY' flag listed on the second line. You can also see the server and port again at the bottom of the output. Here is output from a successful lookup of 'bob.colorado.edu':

[23:31:43]schenkc@trunkmonkey:~$ dig bob.colorado.edu

; <<>> DiG 9.3.2 <<>> bob.colorado.edu
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37965
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; QUESTION SECTION:
;bob.colorado.edu.              IN      A

;; ANSWER SECTION:
bob.colorado.edu.       25368   IN      A       128.138.196.69

;; AUTHORITY SECTION:
colorado.edu.           8644    IN      NS      ns1.westnet.net.
colorado.edu.           8644    IN      NS      cujo.colorado.edu.
colorado.edu.           8644    IN      NS      boulder.colorado.edu.

;; ADDITIONAL SECTION:
ns1.westnet.net.        27257   IN      A       128.138.213.13
cujo.colorado.edu.      22681   IN      A       128.138.238.154
boulder.colorado.edu.   19995   IN      A       128.138.240.1
boulder.colorado.edu.   19995   IN      A       128.138.238.18

;; Query time: 1 msec
;; SERVER: 128.138.243.151#53(128.138.243.151)
;; WHEN: Wed Jan 17 23:37:11 2007
;; MSG SIZE  rcvd: 184

Here we have even MORE output. Check the status line for the NOERROR return value, and now we have an ANSWER section with our A record.

host

I rarely use host (in fact I never do) but it's good to know that it exists. The output is formatted differently, but we get similar information back. Here's looking up the name cs.colorado.edu:

[23:08:41]schenkc@trunkmonkey:~$ host cs.colorado.edu
cs.colorado.edu has address 128.138.243.151
cs.colorado.edu mail is handled by 10 cs.colorado.edu.
cs.colorado.edu mail is handled by 70 research.cs.colorado.edu.
cs.colorado.edu mail is handled by 80 mx1.colorado.edu.
cs.colorado.edu mail is handled by 90 mx2.colorado.edu.

Really simple output here. If we search for bob, we only get the first line of output telling us the IP address information.

Select a name for your DNS server

Before you move onto the next section, use the above tools to find a unique name for your machine. Once you have a unique name selected, you must email Chris and obtain an available IP address to use in your machine. You must include in the email:

  • You and your partner's name
  • The name of your machine, including the .cs.colorado.edu portion

Once I have the above information, I will email you the IP address to be used for your machine.

Logging into the VMWare server

We are using the free VMWare server package to access and run our virtual machines. You will connect to the VMWare server using the console utility. This utility is already on all of the CSEL machines by simply running the command:

% vmware-server-console

There are flavors for both Windows and Linux (unfortunately there is not support for OSX people as far as I know) to install the console on your personal machines. Here are the links for the installations:

Note

We are setting our memory to 128MB. In some of the screenshots below, they still show 512MB set, but those are incorrect.

The windows install is very quick and easy. The linux one is a little more involved, so if you are attempting to run this on a linux box you own but are quite new to it, let me know and I can help you through installing it. Logging into the VMWare server is quite easy. Once you have the console installed, load it up and the connect window will automatically pop up. Connect using the following information:

  • Host name: nsa.cs.colorado.edu
  • User name: <your CSEL username>
  • Password: <your CSEL password>

Create your virtual machine

Next click the 'Create new virtual machine' button:

Select 'Typical configuration':

Now select the 'Linux' radio button and 'Ubuntu' under the Version drop-down menu.

This next step is quite important. In the 'Name' field, you must enter in the DNS name you selected for your machine in the first section. For example, if I found 'coolname.cs.colorado.edu' to be available, I would enter coolname in the 'Name' field:

Now select bridged networking:

This is another important step. You must set the size of your virtual machine to 2.0GB. Remember if I find that any machine is using more than 2.0GB, your machine will be deleted and you will have to reinstall!

You will then have to wait while your virtual disk is written as a file on the hard drive of nsa:

Congratulations! You have created your virtual machine. We still have to tweak a few settings, starting with the amount of RAM available to the virtual machine. Click the 'Edit virtual machine settings' button and change the memory usage to 128MB.

Now you need to change your CDROM device to use the ubuntu 6.10 server iso image. Click the 'browse' button and find the file /virtual/iso/ubuntu-6.10-server-i386.iso.

Now we need to set the correct 'Specific virtual network' device to be used for your bridged networking. If your IP address is 128.138.202.120 or lower, set the device to /dev/vmnet0. If your IP address is 128.138.202.121 or higher, set the device to /dev/vmnet2.

Next, go to the 'Options' tab and select 'Permissions', and UNCHECK the checkbox to make your machine public. This will allow your partner to access your virtual machine as well as you. I will set file permissions on your virtual machines after the lab is due to make sure only you and your partner may access the virtual machine.

Now go to the 'Startup/Shutdown' option and select 'Power on virtual machine' on host startup.

Installing the base machine

I don't have screenshots for this part, but the steps are VERY straightfoward, although a bit lengthy. In order to type in your virtual machine, click with your mouse in the window. To release your cursor at any time, hold down <CTRL> and <ALT> at the same time.

  1. Power on your virtual machine. If you receive errors about an inability to access the floppy device, just ignore it and click 'ok'.
  2. Once the machine boots off the cd image, simply hit enter to 'Install to the hard disk' (it's already selected).
  3. Select Language - English <enter>
  4. Choose location - United States <enter>
  5. Detect keyboard layout - Answer 'no' to keyboard detection, it does not work with the virtual machines. You can do so by hitting <tab> and then <enter>
  6. Origin of keyboard - U.S. English <enter>
  7. Keyboard layout - U.S. English <enter>
  8. Once the installer scans the cdrom and loads additional components, it will attempt to detect your network device and broadcast for a DHCP address. We will not be using DHCP, but instead will be manually configuring the network. When the error about 'network autoconfiguration failed' appears, click <continue>, and select 'configure network manually' and hit <enter>.
  9. Enter the IP address I gave you via email
  10. Set the netmask is set to '255.255.255.0' and hit <enter>
  11. Set the default gateway is 128.138.202.1 and hit <enter>
  12. Set the nameserver address is set to 128.138.202.8 and hit <enter>
  13. Set your hostname to be the same as the machine name you chose, but this time with the fully-qualified name, i.e. coolname.cs.colorado.edu.
  14. Next the partitioner will load. Select the first option, 'Erase entire disk: SCSI1 (0,0,0)...' and hit <enter>
  15. When asked to 'write changes to the disk', select 'yes' and hit <enter>
  16. Once the partitioner has completed, select the 'Mountain' timezone
  17. Yes, the system clock uses UTC
  18. Now you will need to create the first account on the machine. This will be one of your two accounts. More accounts will be created later in the lab. First enter your full name, followed by the username you wish to use.
  19. Set a password and verify the password for this new account
  20. The system will now install the base system and packages. This may take 10-20 minutes, depending on the load on the host machine. Once the packages have been installed, you will be asked if you wish to install a 'DNS server' or 'LAMP server'. Leave both UNCHECKED and move the cursor to the 'continue' button and hit <enter>.
  21. More automatic configuration will take place, and you will be finally prompted to eject the CD and reboot. You don't have to worry about changing your CDROM settings, simply click <enter> to reboot into your new virtual machine!

Congratulations on installing your machine! If you run into any problems along the way, be sure to let me know so we can get them squared away.

Creating users

Now we need to create two more users: one for the second group member and one for myself so I can access your machine to test the labs throughout the semester. However, creating a user requires 'root' privileges, so we must use a utility called sudo to run commands as root. Sudo stands for Super User DO.

sudo

The basic usage of sudo is the following:

% sudo <normal command with arguments>

Sudo will prompt you for a password the first time you use it. The key detail about sudo is that you must type in YOUR password, and not the root password. Sudo also has a timeout associated with it, so the first time you type your password, your authentication state is saved for five minutes. This means that successive invocations of sudo will not require you to type your password until five minutes have passed.

Let's tryout sudo. In order to understand how it operates, let's try to make a directory in a location that is not owned by our user:

[13:51:09]schenkc@trunkmonkey:~$ cd /mnt
[14:17:58]schenkc@trunkmonkey:mnt$ mkdir foo
mkdir: cannot create directory `foo': Permission denied
[14:18:04]schenkc@trunkmonkey:mnt$

Permission denied. Bummer. Now let's try it with sudo:

[14:18:04]schenkc@trunkmonkey:mnt$ sudo mkdir foo
Password:
[14:18:58]schenkc@trunkmonkey:mnt$

Booyeah! This time we didn't receive an error. But we also didn't receive any feedback as to what happened. So let's list the directory in long format (the -l argument) to see what our directory looks like:

[14:18:58]schenkc@trunkmonkey:mnt$ ls -l
total 4
drwxr-xr-x 2 root root 4096 2007-01-18 14:18 foo
[14:19:44]schenkc@trunkmonkey:mnt$

Here ls gives us some information about the directory. The first section of characters are the permissions, followed by the 'user' and 'group' ownership of the directory, followed by the date and the name of the directory. Note that since we ran the 'mkdir' command as 'root', the ownership of the created directory is now 'root'. Let's now try to remove the directory without using sudo (remember to use your password):

[14:19:44]schenkc@trunkmonkey:mnt$ rmdir foo
rmdir: foo: Permission denied
[14:21:44]schenkc@trunkmonkey:mnt$

Again, we are told that permission is denied. Let's run the command again but this time prepending 'sudo' to the front:

[14:21:44]schenkc@trunkmonkey:mnt$ sudo rmdir foo
[14:22:31]schenkc@trunkmonkey:mnt$ ls -l
total 0
[14:22:35]schenkc@trunkmonkey:mnt$

Again, we received no output from the successful removal of the directory using sudo. Note that we were not prompted for our password again! Now that we have the basics for running a command as root, we now can create more users.

adduser/useradd

adduser is merely a wrapper script for running the useradd program. Usage is quite simple:

% adduser <your username>

Remember, that since this is a command that requires root privileges, we need to prepend sudo to the command. Now create the account for the second group member using the above command. You will be prompted to enter in some things, but you can leave most blank if you like:

[14:26:44]schenkc@trunkmonkey:~$ sudo adduser bob
Adding user `bob'...
Adding new group `bob' (1003).
Adding new user `bob' (1003) with group `bob'.
Creating home directory `/home/bob'.
Copying files from `/etc/skel'
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for bob
Enter the new value, or press ENTER for the default
        Full Name []: Bob
        Room Number []: 7
        Work Phone []: 555-1212
        Home Phone []:
        Other []:
        Is the information correct? [y/N] y
[14:27:05]schenkc@trunkmonkey:~$

Now you must create an account for me. Use the same steps as above, and I want the username chris. Be sure to also type in a random, bogus password that you will forget. Once you have installed my RSA key in the next section, I will not need a password to remotely login.

Copying SSH public keys to my and root's accounts

Once you have the account setup, you must copy my public RSA keyfile into my home directory so I am able to remotely login to the machine. The easiest way to do this is to switch to my user using the su (Switch User) utility:

 
[14:39:34]schenkc@trunkmonkey:~$ sudo su - chris
chris@trunkmonkey:~$

The RSA public key file must exist under my .ssh directory, which does not yet exist. You can create this directory easily using the 'mkdir' command we used earlier:

chris@trunkmonkey:~$ mkdir .ssh
chris@trunkmonkey:~$

I have put my public key file online so you can easily download it directly to my .ssh directory. The file exists here. We will use the wget utility to do this:

chris@trunkmonkey:~$ cd .ssh
chris@trunkmonkey:.ssh$ wget http://www.cs.colorado.edu/~schenkc/authorized_keys
--14:45:00--  http://www.cs.colorado.edu/~schenkc/authorized_keys
           => `authorized_keys'
Resolving www.cs.colorado.edu... 128.138.242.233
Connecting to www.cs.colorado.edu|128.138.242.233|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 401 [text/plain]

100%[====================================>] 401           --.--K/s

14:45:00 (21.25 MB/s) - `authorized_keys' saved [401/401]

FINISHED --14:45:00--
Downloaded: 401 bytes in 1 files
chris@trunkmonkey:~$

You can safely exit out of my account by simply typing 'exit':

chris@trunkmonkey:~$ exit
logout
[14:46:17]schenkc@trunkmonkey:~$

Now perform the identical task and place the authorized_keys file in the 'root' user's .ssh directory.

Installing OpenSSH Server

Now we want to install OpenSSH server so we can access the machine remotely using the ssh client. Granted, we can easily access the machine using the VMWare console, but I will be grading certain things using scripts and they will be automatically SSHing into the machine to perform tasks. Installing OpenSSH is quite easy. To do this we will use the apt-get package manager. Usage to install is fairly simple:

% apt-get install <:package name>

Let's now install OpenSSH server. The server will automatically start once the package is installed.

chris@trunkmonkey:~$ sudo apt-get install openssh-server
Password:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  ssh-askpass xbase-clients rssh
The following NEW packages will be installed:
  openssh-server
0 upgraded, 1 newly installed, 0 to remove and 8 not upgraded.
Need to get 0B/217kB of archives.
After unpacking 565kB of additional disk space will be used.
Preconfiguring packages ...
Selecing previous deselected package openssh-server.
(Reading database ... 13878 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_4.3p2-5ubuntu1_i386.deb) ...
Setting up openssh-server (4.3p2-5ubuntu1) ...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
 * Restaring OpenBSD Secure Shell server...                               [ ok ]

chris@trunkmonkey:~$

Your ssh server is now up and running!

Updating the system packages

Now we will completely update the machine's packages using the same apt-get utility from the last section. This is quite easy to do. First we will update the package lists, and then we will upgrade all packages.

chris@trunkmonkey:~$ sudo apt-get update
Password:
Ign cdrom://Ubuntu-Server 6.10 _Edgy Eft_ - Release i386 (20061025.1) edgy/main Translation-en_US
Ign cdrom://Ubuntu-Server 6.10 _Edgy Eft_ - Release i386 (20061025.1) edgy/restricted Translation-en_US
Get:1 http://security.ubuntu.com edgy-security Release.gpg [191B]
Ign http://security.ubuntu.com edgy-security/main Translation-en_US
Ign http://security.ubuntu.com edgy-security/restricted Translation-en_US
Hit http://security.ubuntu.com edgy-security Release
Hit http://security.ubuntu.com edgy-security/main Packages
Get:2 http://us.archive.ubuntu.com edgy Release.gpg [191B]
Ign http://us.archive.ubuntu.com edgy/main Translation-en_US
Hit http://security.ubuntu.com edgy-security/restricted Packages
Hit http://security.ubuntu.com edgy-security/main Sources
Hit http://security.ubuntu.com edgy-security/restricted Sources
Ign http://us.archive.ubuntu.com edgy/restricted Translation-en_US
Get:3 http://us.archive.ubuntu.com edgy-updates Release.gpg [191B]
Ign http://us.archive.ubuntu.com edgy-updates/main Translation-en_US
Ign http://us.archive.ubuntu.com edgy-updates/restricted Translation-en_US
Hit http://us.archive.ubuntu.com edgy Release
Hit http://us.archive.ubuntu.com edgy-updates Release
Hit http://us.archive.ubuntu.com edgy/main Packages
Hit http://us.archive.ubuntu.com edgy/restricted Packages
Hit http://us.archive.ubuntu.com edgy/main Sources
Hit http://us.archive.ubuntu.com edgy/restricted Sources
Hit http://us.archive.ubuntu.com edgy-updates/main Packages
Hit http://us.archive.ubuntu.com edgy-updates/restricted Packages
Hit http://us.archive.ubuntu.com edgy-updates/main Sources
Hit http://us.archive.ubuntu.com edgy-updates/restricted Sources
Fetched 3B in 2s (1B/s)
Reading package lists... Done


chris@trunkmonkey:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  gnupg info libkrb53 linux-image-2.6.17-10-server tar tzdata w3m x11-common
  8 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  Need to get 27.2MB of archives.
  After unpacking 963kB of additional disk space will be used.
  Do you want to continue [Y/n]? y

...

Packages will download and then install automatically. You are now done with lab 00! I would recommend you go back to the grading section to make sure you have completed all of the tasks.