Add some documentations.

DOC/install_LXC-jessie.txt

@@ -0,0 +1,435 @@
+
+
+
+## - On the host-system install "bridge-utils"
+## -
+apt-get install bridge-utils
+
+## - On the host-system install LXC
+## -
+apt-get install lxc
+apt-get install btrfs-tools lua5.2
+
+
+## - !! Debian Jessie related
+## -
+## - Konfiguration /etc/security/limits.conf seems not be working together 
+## - with systemd.
+## -
+## - One possibility is, setting parameter "DefaultLimitNOFILE" in file
+## - /etc/systemd/system.conf. This setting is "world wide".
+## -
+## - At least that allows me to do my work again but it is obviously not the
+## - right solution. I just want to change my own user's limits, not the 
+## - limits of each and everything.
+## -
+perl -i.ORIG -n -p -e "s/(\s*#\s*DefaultLimitNOFILE.*)/\1\nDefaultLimitNOFILE=1048576/" /etc/systemd/system.conf 
+systemctl daemon-reload
+
+
+## - Configure your hots-sstem to use a bridge-interface (typically br0)
+## - instead of a real one (typically eth0)
+## -
+## - Replace your network configuration in file /etc/network/interfaces
+## - from:
+## - 
+## -    auto eth0
+## -    iface eth0 inet static
+## -          address <ip-address>
+## -          netmask <netmask>
+## -          network <network-address>
+## -          broadcast <broadcast-address>
+## -          gateway <gateway-address>
+## - 
+## - to:
+## - 
+## -    auto br0
+## -    iface br0 inet static
+## -       bridge-ports eth0
+## -       address <ip-address..>
+## -       netmask <netmask>
+## -       network <network-address>
+## -       broadcast <broadcast-address>
+## -       gateway <gateway-address>
+## -       # default route to access subnet
+## -       #up route add -net <network-address> netmask <netmask> gw <gateway-address> br0
+## -
+vim /etc/network/interfaces
+
+
+## - Restart host-system
+## -
+
+## - -------------------------------------------------------------------------
+
+## - <lxc-name>
+## -
+#LXC_ROOT_DIR=/srv/lxc
+LXC_ROOT_DIR=/data/lxc
+
+LXC_NAME=<lxc-name>
+LXC_DIST=debian
+LXC_RELEASE=jessie
+IPV4_ADDRESS=<IPv4-address>
+IPV4_NETMASK=<IPv4-netmask>
+IPV4_BROADCAST=<IPv4-broadcast>
+IPV4_GATEWAY=<IPv4-gateway>
+IPv4_Prefix=<IPv4-Prefix>
+## - !! Über das Hetzner Webinterface MAC-Adresse vergeben !!
+MAC_ADDRESS=`echo -n 00 ; dd bs=1 count=5 if=/dev/random 2>/dev/null | hexdump -v -e '/1 ":%02X"'`
+#MAC_ADDRESS=<MAC-Address>
+
+#IPV6_ADDRESS=<IPv6-address>
+#IPV6_GATEWAY=<IPv6-gateway>
+#IPv6_Prefix=<IPv6-Prefix>
+
+HOSTNAME=<Hostname>
+
+
+## - -------------------------------------------------------------------------
+
+
+lxc-create -n $LXC_NAME -t $LXC_DIST -- --release $LXC_RELEASE --arch amd64
+
+
+cp ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces \
+   ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces.ORIG
+
+touch /var/lib/lxc/${LXC_NAME}/fstab
+
+cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces
+
+#-----------------------------
+# lo: loopback
+#-----------------------------
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth0
+#-----------------------------
+auto eth0
+iface eth0 inet manual
+iface eth0 inet6 manual
+
+EOF
+
+cp ${LXC_ROOT_DIR}/${LXC_NAME}/config ${LXC_ROOT_DIR}/${LXC_NAME}/config.ORIG
+
+cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/config
+lxc.rootfs = /var/lib/lxc/${LXC_NAME}/rootfs
+
+# Common configuration
+lxc.include = /usr/share/lxc/config/${LXC_DIST}.common.conf
+
+# Container specific configuration
+lxc.mount = /var/lib/lxc/${LXC_NAME}/fstab
+lxc.utsname = $LXC_NAME
+lxc.arch = amd64
+lxc.autodev = 1
+lxc.kmsg = 0
+
+# Network configuration
+lxc.network.type = veth
+lxc.network.flags = up
+lxc.network.link = br0
+lxc.network.hwaddr = $MAC_ADDRESS
+# IPv4
+lxc.network.ipv4 = ${IPV4_ADDRESS}/$IPv4_Prefix
+lxc.network.ipv4.gateway = ${IPV4_GATEWAY}
+# IPv6
+lxc.network.ipv6 = ${IPV6_ADDRESS}/$IPv6_Prefix
+lxc.network.ipv6.gateway = $IPV6_GATEWAY
+
+# Autostart
+lxc.start.auto = 1
+lxc.start.delay = 5
+lxc.start.order = 100
+EOF
+
+## - -------------------------------------------------------------------------
+
+lxc-start -d -n $LXC_NAME
+
+## - Starte eine root shell im neuen Container
+## - 
+lxc-attach -n $LXC_NAME
+
+## - Alternativ: Starte eine Console im neuen Container
+## -
+## - Bemerkung: Es wird das root-passwort benötigt, welches Teil der
+## - Ausgabe des "lxc-create" Befehls am Ende ist
+## -
+lxc-console -n $LXC_NAME
+
+## - -------------------------------------------------------------------------
+
+## - apt konfiguroren
+## - setze in /etc/apt/sources.list
+## -
+## -    deb     http://ftp.de.debian.org/debian  jessie  main contrib non-free
+## -    deb-src http://ftp.de.debian.org/debian  jessie  main contrib non-free
+## -
+## -    deb     http://security.debian.org/  jessie/updates  main contrib non-free
+## -    deb-src http://security.debian.org/  jessie/updates  main contrib non-free
+## -
+## -    ## - formerly: volatile
+## -    deb ftp://ftp.de.debian.org/debian jessie-updates main contrib
+## -
+## -    # jessie-backports
+## -    deb http://ftp.de.debian.org/debian jessie-backports main contrib non-free
+## -
+cat << EOF > /etc/apt/sources.list
+
+deb http://ftp.de.debian.org/debian/ jessie main non-free contrib
+deb-src http://ftp.de.debian.org/debian/ jessie main non-free contrib
+
+deb http://security.debian.org/ jessie/updates main contrib non-free
+deb-src http://security.debian.org/ jessie/updates main contrib non-free
+
+# jessie-updates, previously known as 'volatile'
+deb http://ftp.de.debian.org/debian/ jessie-updates main contrib non-free
+deb-src http://ftp.de.debian.org/debian/ jessie-updates main contrib non-free
+
+# jessie-backports, previously on backports.debian.org
+deb http://ftp.de.debian.org/debian/ jessie-backports main contrib non-free
+deb-src http://ftp.de.debian.org/debian/ jessie-backports main contrib non-free
+
+EOF
+
+## - Update
+## -
+apt-get update
+
+## - Install/Setup locales
+## -
+apt-get install locales
+dpkg-reconfigure locales
+
+
+## - Install os-upgrade.sh
+## -
+mkdir -p /root/bin
+cat << EOF >> /root/bin/os-upgrade.sh
+#!/usr/bin/env bash
+
+apt-get update
+apt-get upgrade -y
+apt-get clean
+
+exit 0
+EOF
+chmod 700 /root/bin/os-upgrade.sh
+
+
+## - Upgrade System
+## -
+apt-get upgrade
+
+
+apt-get install -y openssh-server rssh \
+   vim vim-common vim-doc mc screen tmux bc \
+   rcconf iproute sudo rsync dselect iputils-ping aptitude \
+   zip unzip bzip2 arj \
+   locate \
+   gawk mawk \
+   lynx links w3m ctags mime-support \
+   file coreutils moreutils less realpath sipcalc psmisc \
+   dnsutils rblcheck whois \
+   gettext gettext-base gettext-doc \
+   debian-keyring \
+   patch patchutils \
+   recode recode-doc librecode0 librecode-dev sharutils \
+   perl perl-modules perl-doc libperl-dev \
+   libterm-readline-gnu-perl libterm-readline-perl-perl libterm-readkey-perl \
+   libmail-imapclient-perl libtime-duration-perl libtimedate-perl \
+   libwww-perl libpcre3 libio-compress-perl \
+   re2c util-linux \
+   parted lshw gdisk smartmontools \
+   tcpdump telnet unhide lsof groff iproute bridge-utils vlan \
+   ethtool wipe iperf mtr iptraf \
+   wget logrotate rsyslog haveged \
+   ntpdate wipe man groff \
+   iptables shellcheck \
+   git
+
+
+## - take care shadow passwords are enabled
+## -
+dpkg-reconfigure passwd
+/sbin/shadowconfig on
+
+## - configure time-zone
+## -
+dpkg-reconfigure tzdata
+
+## - add more users
+adduser chris
+adduser defa
+
+## - add user/group back
+addgroup --gid 1020 back
+adduser --uid 1020 --gid 1020 back
+
+## - user/group sysadm
+## -
+## -    passwd: gHZu81_p
+## -
+addgroup --gid 1050 sysadm
+adduser --uid 1050 --gid 1050 sysadm
+
+
+## - add new user tou group (gid) 11
+usermod -a -G sudo chris
+usermod -a -G sudo sysadm
+usermod -a -G sudo defa
+
+
+## - Copy templates for .bashrc, .profile, .vimrc, .ssh etcpp
+## -
+hostname=83.223.86.97
+
+cd /home/chris/O.OPEN/Rechner/templates_home/root
+scp -r adduser_backup.oopen.sh adduser_defa.sh .bashrc .profile .vimrc bin .ssh root@${hostname}:
+
+cd /home/chris/O.OPEN/Rechner/templates_home/chris
+scp -r .bashrc .profile .ssh .vimrc ${hostname}:
+scp -r .bashrc .profile .vimrc back@${hostname}:
+scp -r .bashrc .profile .ssh .vimrc sysadm@${hostname}:
+
+cd /home/chris/O.OPEN/Rechner/templates_home/root
+scp -r adduser_backup.oopen.sh  adduser_defa.sh .bashrc .profile .ssh .vimrc root@sympa.oopen.de:
+
+cd ~
+./adduser_defa.sh
+./adduser_backup.oopen.sh
+
+
+## - Adjust /etc/sudoers
+## -
+## -    back   ALL=(root)NOPASSWD:/usr/bin/rsync
+## -    back   ALL=(root)NOPASSWD:/usr/bin/find
+## -    back   ALL=(root)NOPASSWD:/usr/bin/realpath
+## -
+visudo
+
+
+## - Adjust /etc/resolv.conf
+## -
+## -    search warenform.de
+## -    nameserver 83.223.66.51
+## -    nameserver 212.42.230.1
+## -    nameserver 83.223.90.90
+## -
+vim /etc/resolv.conf
+
+
+## - NOTICE!!
+## -
+## - since "sueeze", /bin/sh ist linked to /bin/dash. with that some of my
+## - scripts doesn't work. so link back to /bin/bash
+## -
+## - link /bin/sh to /bin/bash
+## -
+cd /bin
+rm sh
+ln -s bash sh
+
+
+
+## - install subversion
+## -
+apt-get install -y subversion subversion-tools # smbclient
+
+## - Install git
+## -
+apt-get install -y git
+
+
+## - if package-version of mysql is needed
+## -
+apt-get install mysql-client-5.5 mysql-common \
+   mysql-server-5.5 mysql-server-core-5.5
+
+## ---------------------------------------------------------------
+
+## - compiler stuff
+## -
+apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \
+   make automake autoconf libtool flex bison \
+   gettext pkg-config gnu-standards \
+   libssl-dev libreadline-dev libncurses-dev
+
+apt-get install libsystemd-dev
+
+
+## - packages to build apache webserver with php5/ruby support
+## -
+apt-get install -y libdb-dev zlib1g zlib1g-dev libssl-dev \
+    libneon27-dev
+
+apt-get install -y libxml2 libxml2-dev \
+   curl libcurl4-openssl-dev \
+   libqdbm-dev libgdbm-dev libpspell-dev \
+   libjpeg-dev libpng12-dev libxpm-dev libfreetype6-dev \
+   libwmf-dev libtiff-dev libjasper-dev libpaper-dev \
+   libmagic-dev  \
+   libmagick-dev libgraphics-magick-perl \
+   libgraphicsmagick++1-dev libgraphicsmagick++3 libgraphicsmagick1-dev \
+   libgraphviz-dev libgd2-xpm-dev libcroco3-dev libgsf-1-dev libilmbase-dev \
+   libvpx-dev libvpx1 vpx-tools \
+   libgpm-dev libkpathsea-dev libopenexr-dev librsvg2-dev libdjvulibre-dev \
+   libatm-dev libexpat-dev \
+   imagemagick graphicsmagick \
+   re2c \
+   exif libexiv2-dev \
+   netpbm libnetpbm10-dev \
+   libmcrypt-dev mcrypt \
+   libmysqlclient-dev mysql-client \
+   libpq-dev postgresql-client \
+   libreadline-dev libncurses-dev \
+   libdb5.3 libdb5.3++ libdb5.3++-dev libdb5.3-dev \
+   libxslt1-dev libpcre3-dev \
+   libc-client2007e-dev libc-client-dev \
+   libicu-dev \
+   libtidy-dev \
+   libmm-dev libgmp-dev libkrb5-dev libldap-dev \
+   libmhash-dev libgd-dev \
+   libapr1-dev libaprutil1-dev \
+   liblua5.1-0 liblua5.1-0-dev \
+   libsctp-dev \
+   libcrypto++-dev
+
+
+## - So create a symlink
+## -    /usr/lib/libldap.so -> /usr/lib/x86_64-linux-gnu/libldap.so
+ln -s x86_64-linux-gnu/libldap.so /usr/lib/libldap.so
+
+
+## - Hinweis: libt1-dev nicht mehr verfügbar in debian jessie
+
+
+## - Hinweis: »graphicsmagick-libmagick-dev-compat« wird an Stelle von »libmagick-dev« gewählt
+
+## - if ruby is/will be installed this is needed for rmagick gem
+## -
+##libmagick++-dev libmagickcore-dev libmagickwand-dev \
+
+## - needed for php extension imagick
+## -
+apt-get install -y libmagickwand-dev
+
+## - needed for php extension geoip
+## -
+apt-get install -y libgeoip-dev
+
+
+## - add some tk/tcl stuff
+## -
+
+## - tcl tcl-dev tk tk-dev tclreadline
+## -
+apt-get install -y tk-dev  tcl-dev tclreadline
+apt-get install -y expect expect-dev libexpect-perl
+