Install Ubuntu Desktop (not Server) 16.04 AMD64, then:
sudo apt install vim
Create /etc/network/iptables with the following contents:
# Generated by iptables-save v1.6.0 on Fri May 27 17:09:25 2016
*filter
:INPUT DROP [3:152]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [256:31110]
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i lo -p udp -m udp --dport 53 -m comment --comment "Allow local dnsmasq" -j ACCEPT
-A INPUT -i br0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i br0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 196.200.208.0/20 -p tcp -m tcp --dport 80 -j ACCEPT -m comment --comment "Apache"
-A INPUT -s 196.200.208.0/20 -p tcp -m tcp --dport 3142 -j ACCEPT -m comment --comment "apt-cacher-ng"
-A INPUT -s 196.200.208.0/20 -p tcp -m tcp --dport 3141 -j ACCEPT -m comment --comment "devpi-server"
-A INPUT -d 255.255.255.255/32 -m comment --comment "Drop multicast without logging" -j DROP
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "Rejected INPUT: "
-A FORWARD -o br0 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
COMMIT
*nat
-A POSTROUTING -s 196.200.219.0/24 -j MASQUERADE
COMMIT
*mangle
-A POSTROUTING -p udp --dport bootpc -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri May 27 17:09:25 2016
Add the following lines to /etc/rc.local before the line exit 0:
echo cfq > /sys/block/sda/queue/scheduler
# Mac Mini only: power on automatically after a power failure
setpci -s 0:1f.0 0xa4.w=0:1
/sbin/iptables-restore /etc/network/iptables
And execute /etc/rc.local.
Setup a local APT cache:
sudo apt install apt-cacher-ng
Following https://help.ubuntu.com/lts/serverguide/lxc.html, but modified for VLAN bridging:
sudo apt install bridge-utils vlan
Edit /etc/network/interfaces and make it look like this, to enable bridging for LXC containers:
# https://help.ubuntu.com/lts/serverguide/network-configuration.html#bridging
auto lo
iface lo inet loopback
auto enp1s0f0
iface enp1s0f0 inet static
# Please check the following values are appropriate for your network:
address 196.200.223.144
netmask 255.255.255.0
gateway 196.200.223.1
auto br0
iface br0 inet static
# Please check the following values are appropriate for your network:
address 196.200.219.2
netmask 255.255.255.0
bridge_ports enp1s0f0.219
bridge_fd 0
bridge_hello 2
bridge_maxage 12
bridge_stp off
auto enp1s0f0.219
iface enp1s0f0.219 inet static
address 0.0.0.0
vlan-raw-device enp1s0f0
Then bring the interface down and up again:
sudo ifdown enp1s0f0
sudo ifup br0
Check that you can access the Internet, and then reboot the box and check that it comes up OK.
Enable IP forwarding, but only if you expect the server to be used as a router for the virtual machines or containers, e.g. if they will need to be NATted to access the Internet during setup week.
echo net.ipv4.ip_forward=1 | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
To stop NetworkManager from editing /etc/resolv.conf, edit /etc/NetworkManager/NetworkManager.conf
and set dns=none, and restart it. Then edit /var/run/resolvconf/interface/custom and
add your own DNS settings, and run resolvconf -u to install them.
Setup a PIP caching server for Ganeti web manager installation:
sudo apt install virtualenv
virtualenv devpi
devpi/bin/pip install devpi-server
nohup devpi/bin/devpi-server --host 0.0.0.0 &