tachtler:archlinux_-_minimal_server_installation_-_mit_festplattenverschluesselung
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:archlinux_-_minimal_server_installation_-_mit_festplattenverschluesselung [2020/07/20 10:18] – [Schritt 3: Verschlüsselung durchführen] klaus | tachtler:archlinux_-_minimal_server_installation_-_mit_festplattenverschluesselung [2023/05/10 11:17] (aktuell) – [IPv6 DAD - tentative] klaus | ||
---|---|---|---|
Zeile 422: | Zeile 422: | ||
Command succesful. | Command succesful. | ||
</ | </ | ||
- | |||
Nachfolgende Tabelle veranschaulicht die Parameter: | Nachfolgende Tabelle veranschaulicht die Parameter: | ||
Zeile 432: | Zeile 431: | ||
| '' | | '' | ||
| '' | | '' | ||
+ | |||
+ | ==== Schritt 4: Verschlüsselte Partition öffnen ==== | ||
+ | |||
+ | Nachfolgender Befehl öffnet nun die verschlüsselte Partition der Festplatte: | ||
+ | < | ||
+ | root@archiso ~ # cryptsetup open /dev/sda2 archlinux | ||
+ | Enter passphrase for /dev/sda2: | ||
+ | </ | ||
+ | |||
+ | ===== LVM ===== | ||
+ | |||
+ | Nachfolgend sollen nun die einzelnen **Mount-Points** auf den zuvor angelegten **Partitionen** erstellt und formatiert werden. | ||
+ | |||
+ | ==== Schritt 1: Phys. Volume anlegen ==== | ||
+ | |||
+ | Anlegen eines **physischen Volume** zur Nutzung durch ein LVM mit nachfolgendem Befehl: | ||
+ | < | ||
+ | root@archiso ~ # pvcreate / | ||
+ | Physical volume "/ | ||
+ | </ | ||
+ | |||
+ | ==== Schritt 2: Volume Gruppe anlegen ==== | ||
+ | |||
+ | Anlegen einer **Volume Gruppe** mit dem Namen '' | ||
+ | < | ||
+ | root@archiso ~ # vgcreate archlinux / | ||
+ | Volume group " | ||
+ | </ | ||
+ | |||
+ | ==== Schritt 3: Logische Volumes anlegen ==== | ||
+ | |||
+ | Nachfolgende Befehle legen die **logischen Volumes** | ||
+ | * ''/ | ||
+ | * ''/ | ||
+ | * ''/ | ||
+ | * ''/ | ||
+ | * ''/ | ||
+ | an: | ||
+ | < | ||
+ | root@archiso ~ # lvcreate --name swap -L2048M archlinux | ||
+ | Logical volume " | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # lvcreate --name root -L10240M archlinux | ||
+ | Logical volume " | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # lvcreate --name home -L1024M archlinux | ||
+ | Logical volume " | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # lvcreate --name var -L3072M archlinux | ||
+ | Logical volume " | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # lvcreate --name var_log -L2048M archlinux | ||
+ | Logical volume " | ||
+ | </ | ||
+ | |||
+ | Mit nachfolgendem Befehl kann überprüft werden, ob die Neuanlagen erfolgreich durchführt wurden: | ||
+ | < | ||
+ | root@archiso ~ # lsblk /dev/vda | ||
+ | NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT | ||
+ | vda | ||
+ | ├─vda1 | ||
+ | └─vda2 | ||
+ | └─archlinux | ||
+ | ├─archlinux-swap | ||
+ | ├─archlinux-root | ||
+ | ├─archlinux-home | ||
+ | ├─archlinux-var | ||
+ | └─archlinux-var_log 253:4 0 2G 0 lvm | ||
+ | </ | ||
+ | |||
+ | ===== Dateisysteme formatieren ===== | ||
+ | |||
+ | Nachfolgende Befehle formatieren die zuvor erstellen **Partitionen** mit einem Dateisystem, | ||
+ | < | ||
+ | root@archiso ~ # mkfs.ext4 /dev/vda1 | ||
+ | mke2fs 1.45.4 (23-Sep-2019) | ||
+ | Creating filesystem with 262144 4k blocks and 65536 inodes | ||
+ | Filesystem UUID: 0a4eca7f-882b-4ea1-a950-d2b4636d325c | ||
+ | Superblock backups stored on blocks: | ||
+ | 32768, 98304, 163840, 229376 | ||
+ | |||
+ | Allocating group tables: done | ||
+ | Writing inode tables: done | ||
+ | Creating journal (8192 blocks): done | ||
+ | Writing superblocks and filesystem accounting information: | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkswap / | ||
+ | Setting up swapspace version 1, size = 2 GiB (2147479552 bytes) | ||
+ | no label, UUID=9399a618-575f-4ef2-bfaf-6b259c1147fd | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkfs.ext4 / | ||
+ | mke2fs 1.45.4 (23-Sep-2019) | ||
+ | Creating filesystem with 2621440 4k blocks and 655360 inodes | ||
+ | Filesystem UUID: 4df0fcd7-fade-4887-81c5-fdc78f96572d | ||
+ | Superblock backups stored on blocks: | ||
+ | 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 | ||
+ | |||
+ | Allocating group tables: done | ||
+ | Writing inode tables: done | ||
+ | Creating journal (16384 blocks): done | ||
+ | Writing superblocks and filesystem accounting information: | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkfs.ext4 / | ||
+ | mke2fs 1.45.4 (23-Sep-2019) | ||
+ | Creating filesystem with 262144 4k blocks and 65536 inodes | ||
+ | Filesystem UUID: 777a7860-c768-4277-8c0c-c9194fcd2ec5 | ||
+ | Superblock backups stored on blocks: | ||
+ | 32768, 98304, 163840, 229376 | ||
+ | |||
+ | Allocating group tables: done | ||
+ | Writing inode tables: done | ||
+ | Creating journal (8192 blocks): done | ||
+ | Writing superblocks and filesystem accounting information: | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkfs.ext4 / | ||
+ | mke2fs 1.45.4 (23-Sep-2019) | ||
+ | Creating filesystem with 786432 4k blocks and 196608 inodes | ||
+ | Filesystem UUID: c341665d-3f02-4fff-bfd5-346233987ccc | ||
+ | Superblock backups stored on blocks: | ||
+ | 32768, 98304, 163840, 229376, 294912 | ||
+ | |||
+ | Allocating group tables: done | ||
+ | Writing inode tables: done | ||
+ | Creating journal (16384 blocks): done | ||
+ | Writing superblocks and filesystem accounting information: | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkfs.ext4 / | ||
+ | mke2fs 1.45.4 (23-Sep-2019) | ||
+ | Creating filesystem with 524288 4k blocks and 131072 inodes | ||
+ | Filesystem UUID: 7f70accb-6bc6-47be-85a6-cf6fb86a6958 | ||
+ | Superblock backups stored on blocks: | ||
+ | 32768, 98304, 163840, 229376, 294912 | ||
+ | |||
+ | Allocating group tables: done | ||
+ | Writing inode tables: done | ||
+ | Creating journal (16384 blocks): done | ||
+ | Writing superblocks and filesystem accounting information: | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== Partitonen einhängen ===== | ||
+ | |||
+ | Nachfolgende Befehle hängen die zuvor erstellen **Mount-Points** in das Dateisystem des Servers ein: | ||
+ | |||
+ | :!: **WICHTIG** - **Zuerst die '' | ||
+ | |||
+ | < | ||
+ | root@archiso ~ # mount / | ||
+ | </ | ||
+ | |||
+ | Anschließend müssen für die weiteren **Mount-Points** **__unterhalb__** von **''/'' | ||
+ | < | ||
+ | root@archiso ~ # mkdir /mnt/boot | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkdir /mnt/home | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mkdir /mnt/var | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - **''/ | ||
+ | |||
+ | Nachfolgender Befehl überprüft, | ||
+ | < | ||
+ | root@archiso ~ # ls -l /mnt | ||
+ | total 28 | ||
+ | drwxr-xr-x 2 root root 4096 Jan 10 09:28 boot | ||
+ | drwxr-xr-x 2 root root 4096 Jan 10 09:28 home | ||
+ | drwx------ 2 root root 16384 Jan 10 09:25 lost+found | ||
+ | drwxr-xr-x 2 root root 4096 Jan 10 09:28 var | ||
+ | </ | ||
+ | |||
+ | Anschließend können nun alle weiteren **Mount-Points** eingehängt werden, was mit nachfolgenden Befehlen durchgeführt wird: | ||
+ | |||
+ | Zuerst wird die **''/ | ||
+ | < | ||
+ | root@archiso ~ # mount /dev/vda1 /mnt/boot | ||
+ | </ | ||
+ | |||
+ | Anschließend wird die **'' | ||
+ | < | ||
+ | root@archiso ~ # swapon / | ||
+ | </ | ||
+ | |||
+ | Anschließend folgen alle restlichen **Mount-Points** aus dem **LVM**: | ||
+ | < | ||
+ | root@archiso ~ # mount / | ||
+ | </ | ||
+ | < | ||
+ | root@archiso ~ # mount / | ||
+ | </ | ||
+ | |||
+ | Jetzt muss noch nach dem Einhängen des **Mount-Points** - ''/ | ||
+ | < | ||
+ | root@archiso ~ # mkdir / | ||
+ | </ | ||
+ | |||
+ | Somit kann nun auch der letzte **Mount-Point** - ''/ | ||
+ | < | ||
+ | root@archiso ~ # mount / | ||
+ | </ | ||
+ | |||
+ | Nachfolgender Befehl überprüft, | ||
+ | < | ||
+ | root@archiso ~ # lsblk /dev/vda | ||
+ | NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT | ||
+ | vda | ||
+ | ├─vda1 | ||
+ | └─vda2 | ||
+ | ├─archlinux-swap | ||
+ | ├─archlinux-root | ||
+ | ├─archlinux-home | ||
+ | ├─archlinux-var | ||
+ | └─archlinux-var_log 253:4 0 2G 0 lvm / | ||
+ | </ | ||
+ | |||
+ | ===== Installation: | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Bevor die eigentliche Installation des **Basissystems** erfolgen kann, soll noch eine länderspezifische vorab Auswahl der Installationsquellen getroffen werden, damit die Installation über das Internet möglichst von lokalen Server, hier aus Deutschland, | ||
+ | |||
+ | Dazu ist die Optimierung der Konfigurationsdatei | ||
+ | * **''/ | ||
+ | erforderlich. | ||
+ | |||
+ | Zuerst soll aber eine **Sicherungskopie** der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | root@archiso ~ # cp -a / | ||
+ | </ | ||
+ | |||
+ | **bis Version 2020-06** | ||
+ | |||
+ | Um nur die lokalen Server, hier nur aus Deutschland, | ||
+ | < | ||
+ | root@archiso ~ # grep -E -A 1 " | ||
+ | </ | ||
+ | |||
+ | Der so generierte Inhalt der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | root@archiso ~ # cat / | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | ## Germany | ||
+ | Server = http:// | ||
+ | </ | ||
+ | |||
+ | **ab Version 2020-07** | ||
+ | |||
+ | Um nur die lokalen Server, hier nur aus Deutschland, | ||
+ | < | ||
+ | root@archiso ~ # grep -E -A 1 " | ||
+ | </ | ||
+ | |||
+ | Der so generierte Inhalt der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | ################################################################################ | ||
+ | ################# | ||
+ | ################################################################################ | ||
+ | |||
+ | # With: | ||
+ | # When: | ||
+ | # From: | ||
+ | # Retrieved: | ||
+ | # Last Check: 2020-09-09 11:23:05 UTC | ||
+ | |||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | Server = https:// | ||
+ | </ | ||
+ | |||
+ | ==== Basissystem: | ||
+ | |||
+ | Der folgende Befehl führt nun die Installation von [[https:// | ||
+ | < | ||
+ | root@archiso ~ # pacstrap /mnt base base-devel linux-lts linux-firmware lvm2 openssh sshpass vi vim | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | root@archiso ~ # pacstrap /mnt base base-devel linux-lts linux-firmware lvm2 openssh sshpass vi vim | ||
+ | ==> Creating install root at /mnt | ||
+ | ==> Installing packages to /mnt | ||
+ | :: Synchronizing package databases... | ||
+ | | ||
+ | | ||
+ | | ||
+ | :: There are 24 members in group base-devel: | ||
+ | :: Repository core | ||
+ | 1) autoconf | ||
+ | 7) findutils | ||
+ | 14) gzip 15) libtool | ||
+ | 21) sed 22) sudo 23) texinfo | ||
+ | |||
+ | Enter a selection (default=all): | ||
+ | resolving dependencies... | ||
+ | :: There are 2 providers available for initramfs: | ||
+ | :: Repository core | ||
+ | 1) mkinitcpio | ||
+ | :: Repository extra | ||
+ | 2) dracut | ||
+ | |||
+ | Enter a number (default=1): | ||
+ | looking for conflicting packages... | ||
+ | |||
+ | Packages (147) acl-2.2.53-2 | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Total Download Size: 339.00 MiB | ||
+ | Total Installed Size: 1420.10 MiB | ||
+ | |||
+ | :: Proceed with installation? | ||
+ | :: Retrieving packages... | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | (147/147) checking keys in keyring | ||
+ | (147/147) checking package integrity | ||
+ | (147/147) loading package files [###################### | ||
+ | (147/147) checking for file conflicts | ||
+ | :: Processing package changes... | ||
+ | ( 1/147) installing iana-etc | ||
+ | ( 2/147) installing filesystem | ||
+ | ( 3/147) installing linux-api-headers | ||
+ | ( 4/147) installing tzdata | ||
+ | ( 5/147) installing glibc | ||
+ | Optional dependencies for glibc | ||
+ | gd: for memusagestat | ||
+ | ( 6/147) installing gcc-libs | ||
+ | ( 7/147) installing ncurses | ||
+ | ( 8/147) installing readline | ||
+ | ( 9/147) installing bash [###################### | ||
+ | Optional dependencies for bash | ||
+ | bash-completion: | ||
+ | ( 10/147) installing attr [###################### | ||
+ | ( 11/147) installing acl | ||
+ | ( 12/147) installing gmp | ||
+ | ( 13/147) installing libcap | ||
+ | ( 14/147) installing gdbm [###################### | ||
+ | ( 15/147) installing db [###################### | ||
+ | ( 16/147) installing perl [###################### | ||
+ | ( 17/147) installing openssl | ||
+ | Optional dependencies for openssl | ||
+ | ca-certificates [pending] | ||
+ | ( 18/147) installing coreutils | ||
+ | ( 19/147) installing zlib [###################### | ||
+ | ( 20/147) installing xz [###################### | ||
+ | ( 21/147) installing bzip2 | ||
+ | ( 22/147) installing libseccomp | ||
+ | ( 23/147) installing file [###################### | ||
+ | ( 24/147) installing findutils | ||
+ | ( 25/147) installing mpfr [###################### | ||
+ | ( 26/147) installing gawk [###################### | ||
+ | ( 27/147) installing pcre [###################### | ||
+ | ( 28/147) installing grep [###################### | ||
+ | ( 29/147) installing libgpg-error | ||
+ | ( 30/147) installing libgcrypt | ||
+ | ( 31/147) installing lz4 | ||
+ | ( 32/147) installing systemd-libs | ||
+ | ( 33/147) installing procps-ng | ||
+ | ( 34/147) installing sed | ||
+ | ( 35/147) installing tar | ||
+ | ( 36/147) installing libffi | ||
+ | ( 37/147) installing libutil-linux | ||
+ | ( 38/147) installing glib2 | ||
+ | Optional dependencies for glib2 | ||
+ | python: gdbus-codegen, | ||
+ | libelf: gresource inspection tool [pending] | ||
+ | ( 39/147) installing libunistring | ||
+ | ( 40/147) installing icu | ||
+ | ( 41/147) installing libxml2 | ||
+ | ( 42/147) installing libcroco | ||
+ | ( 43/147) installing gettext | ||
+ | Optional dependencies for gettext | ||
+ | git: for autopoint infrastructure updates | ||
+ | ( 44/147) installing hwids | ||
+ | ( 45/147) installing kmod [###################### | ||
+ | ( 46/147) installing pciutils | ||
+ | ( 47/147) installing psmisc | ||
+ | ( 48/147) installing cracklib | ||
+ | ( 49/147) installing e2fsprogs | ||
+ | ( 50/147) installing libsasl | ||
+ | ( 51/147) installing libldap | ||
+ | ( 52/147) installing keyutils | ||
+ | ( 53/147) installing krb5 [###################### | ||
+ | ( 54/147) installing libtirpc | ||
+ | ( 55/147) installing pambase | ||
+ | ( 56/147) installing pam | ||
+ | ( 57/147) installing libcap-ng | ||
+ | ( 58/147) installing audit | ||
+ | ( 59/147) installing shadow | ||
+ | ( 60/147) installing util-linux | ||
+ | Optional dependencies for util-linux | ||
+ | python: python bindings to libmount | ||
+ | words: default dictionary for look | ||
+ | ( 61/147) installing less [###################### | ||
+ | ( 62/147) installing gzip [###################### | ||
+ | ( 63/147) installing licenses | ||
+ | ( 64/147) installing expat | ||
+ | ( 65/147) installing zstd [###################### | ||
+ | ( 66/147) installing libarchive | ||
+ | ( 67/147) installing libtasn1 | ||
+ | ( 68/147) installing device-mapper | ||
+ | ( 69/147) installing popt [###################### | ||
+ | ( 70/147) installing json-c | ||
+ | ( 71/147) installing argon2 | ||
+ | ( 72/147) installing cryptsetup | ||
+ | ( 73/147) installing dbus [###################### | ||
+ | ( 74/147) installing libmnl | ||
+ | ( 75/147) installing libnftnl | ||
+ | ( 76/147) installing libnl | ||
+ | ( 77/147) installing libusb | ||
+ | ( 78/147) installing libpcap | ||
+ | ( 79/147) installing libnfnetlink | ||
+ | ( 80/147) installing libnetfilter_conntrack | ||
+ | ( 81/147) installing iptables | ||
+ | ( 82/147) installing kbd | ||
+ | ( 83/147) installing libidn2 | ||
+ | ( 84/147) installing libelf | ||
+ | ( 85/147) installing pcre2 | ||
+ | ( 86/147) installing systemd | ||
+ | Initializing machine ID from KVM UUID. | ||
+ | Created symlink / | ||
+ | Created symlink / | ||
+ | :: Append ' | ||
+ | | ||
+ | Optional dependencies for systemd | ||
+ | libmicrohttpd: | ||
+ | quota-tools: | ||
+ | systemd-sysvcompat: | ||
+ | polkit: allow administration as unprivileged user | ||
+ | curl: machinectl pull-tar and pull-raw [pending] | ||
+ | ( 87/147) installing p11-kit | ||
+ | Created symlink / | ||
+ | ( 88/147) installing ca-certificates-utils | ||
+ | ( 89/147) installing ca-certificates-mozilla | ||
+ | ( 90/147) installing ca-certificates | ||
+ | ( 91/147) installing libssh2 | ||
+ | ( 92/147) installing libpsl | ||
+ | ( 93/147) installing libnghttp2 | ||
+ | ( 94/147) installing curl [###################### | ||
+ | ( 95/147) installing npth [###################### | ||
+ | ( 96/147) installing libksba | ||
+ | ( 97/147) installing libassuan | ||
+ | ( 98/147) installing libsecret | ||
+ | Optional dependencies for libsecret | ||
+ | org.freedesktop.secrets: | ||
+ | ( 99/147) installing pinentry | ||
+ | Optional dependencies for pinentry | ||
+ | gtk2: gtk2 backend | ||
+ | qt5-base: qt backend | ||
+ | gcr: gnome3 backend | ||
+ | (100/147) installing nettle | ||
+ | (101/147) installing gnutls | ||
+ | Optional dependencies for gnutls | ||
+ | guile: for use with Guile bindings [pending] | ||
+ | (102/147) installing sqlite | ||
+ | (103/147) installing gnupg | ||
+ | Optional dependencies for gnupg | ||
+ | libldap: gpg2keys_ldap [installed] | ||
+ | libusb-compat: | ||
+ | pcsclite: scdaemon | ||
+ | (104/147) installing gpgme | ||
+ | (105/147) installing pacman-mirrorlist | ||
+ | (106/147) installing archlinux-keyring | ||
+ | (107/147) installing pacman | ||
+ | Optional dependencies for pacman | ||
+ | perl-locale-gettext: | ||
+ | (108/147) installing systemd-sysvcompat | ||
+ | (109/147) installing iputils | ||
+ | Optional dependencies for iputils | ||
+ | xinetd: for tftpd | ||
+ | (110/147) installing iproute2 | ||
+ | Optional dependencies for iproute2 | ||
+ | linux-atm: ATM support | ||
+ | (111/147) installing base [###################### | ||
+ | Optional dependencies for base | ||
+ | linux: bare metal support | ||
+ | (112/147) installing m4 [###################### | ||
+ | (113/147) installing diffutils | ||
+ | (114/147) installing autoconf | ||
+ | (115/147) installing automake | ||
+ | (116/147) installing binutils | ||
+ | (117/147) installing bison | ||
+ | (118/147) installing fakeroot | ||
+ | (119/147) installing flex [###################### | ||
+ | (120/147) installing libmpc | ||
+ | (121/147) installing gcc | ||
+ | Optional dependencies for gcc | ||
+ | lib32-gcc-libs: | ||
+ | (122/147) installing groff | ||
+ | Optional dependencies for groff | ||
+ | netpbm: for use together with man -H command interaction in browsers | ||
+ | psutils: for use together with man -H command interaction in browsers | ||
+ | libxaw: for gxditview | ||
+ | perl-file-homedir: | ||
+ | (123/147) installing libtool | ||
+ | (124/147) installing texinfo | ||
+ | (125/147) installing gc [###################### | ||
+ | (126/147) installing guile | ||
+ | (127/147) installing make [###################### | ||
+ | (128/147) installing patch | ||
+ | Optional dependencies for patch | ||
+ | ed: for patch -e functionality | ||
+ | (129/147) installing pkgconf | ||
+ | (130/147) installing sudo [###################### | ||
+ | (131/147) installing which | ||
+ | (132/147) installing mkinitcpio-busybox | ||
+ | (133/147) installing mkinitcpio | ||
+ | Optional dependencies for mkinitcpio | ||
+ | xz: Use lzma or xz compression for the initramfs image [installed] | ||
+ | bzip2: Use bzip2 compression for the initramfs image [installed] | ||
+ | lzop: Use lzo compression for the initramfs image | ||
+ | lz4: Use lz4 compression for the initramfs image [installed] | ||
+ | mkinitcpio-nfs-utils: | ||
+ | (134/147) installing linux-lts | ||
+ | Optional dependencies for linux-lts | ||
+ | crda: to set the correct wireless channels of your country | ||
+ | linux-firmware: | ||
+ | (135/147) installing linux-firmware | ||
+ | (136/147) installing libaio | ||
+ | (137/147) installing thin-provisioning-tools | ||
+ | (138/147) installing lvm2 [###################### | ||
+ | (139/147) installing libedit | ||
+ | (140/147) installing dnssec-anchors | ||
+ | (141/147) installing ldns [###################### | ||
+ | Optional dependencies for ldns | ||
+ | libpcap: ldns-dpa tool [installed] | ||
+ | (142/147) installing openssh | ||
+ | Optional dependencies for openssh | ||
+ | xorg-xauth: X11 forwarding | ||
+ | x11-ssh-askpass: | ||
+ | (143/147) installing sshpass | ||
+ | (144/147) installing vi [###################### | ||
+ | Optional dependencies for vi | ||
+ | s-nail: used by the preserve command for notification | ||
+ | (145/147) installing vim-runtime | ||
+ | Optional dependencies for vim-runtime | ||
+ | sh: support for some tools and macros [installed] | ||
+ | python: demoserver example tool | ||
+ | gawk: mve tools upport [installed] | ||
+ | (146/147) installing gpm | ||
+ | (147/147) installing vim | ||
+ | Optional dependencies for vim | ||
+ | python2: Python 2 language support | ||
+ | python: Python 3 language support | ||
+ | ruby: Ruby language support | ||
+ | lua: Lua language support | ||
+ | perl: Perl language support [installed] | ||
+ | tcl: Tcl language support | ||
+ | :: Running post-transaction hooks... | ||
+ | ( 1/14) Creating system user accounts... | ||
+ | ( 2/14) Updating journal message catalog... | ||
+ | ( 3/14) Reloading system manager configuration... | ||
+ | Running in chroot, ignoring request: daemon-reload | ||
+ | ( 4/14) Updating udev hardware database... | ||
+ | ( 5/14) Applying kernel sysctl settings... | ||
+ | ( 6/14) Creating temporary files... | ||
+ | ( 7/14) Reloading device manager configuration... | ||
+ | Running in chroot, ignoring request. | ||
+ | ( 8/14) Arming ConditionNeedsUpdate... | ||
+ | ( 9/14) Updating module dependencies... | ||
+ | (10/14) Updating linux initcpios... | ||
+ | ==> Building image from preset: / | ||
+ | -> -k / | ||
+ | ==> Starting build: 4.19.98-1-lts | ||
+ | -> Running build hook: [base] | ||
+ | -> Running build hook: [udev] | ||
+ | -> Running build hook: [autodetect] | ||
+ | -> Running build hook: [modconf] | ||
+ | -> Running build hook: [block] | ||
+ | -> Running build hook: [filesystems] | ||
+ | -> Running build hook: [keyboard] | ||
+ | -> Running build hook: [fsck] | ||
+ | ==> Generating module dependencies | ||
+ | ==> Creating gzip-compressed initcpio image: / | ||
+ | ==> Image generation successful | ||
+ | ==> Building image from preset: / | ||
+ | -> -k / | ||
+ | ==> Starting build: 4.19.98-1-lts | ||
+ | -> Running build hook: [base] | ||
+ | -> Running build hook: [udev] | ||
+ | -> Running build hook: [modconf] | ||
+ | -> Running build hook: [block] | ||
+ | ==> WARNING: Possibly missing firmware for module: aic94xx | ||
+ | ==> WARNING: Possibly missing firmware for module: wd719x | ||
+ | -> Running build hook: [filesystems] | ||
+ | -> Running build hook: [keyboard] | ||
+ | -> Running build hook: [fsck] | ||
+ | ==> Generating module dependencies | ||
+ | ==> Creating gzip-compressed initcpio image: / | ||
+ | ==> Image generation successful | ||
+ | (11/14) Reloading system bus configuration... | ||
+ | Running in chroot, ignoring request: try-reload-or-restart | ||
+ | (12/14) Warn about old perl modules | ||
+ | perl: warning: Setting locale failed. | ||
+ | perl: warning: Please check that your locale settings: | ||
+ | LANGUAGE = (unset), | ||
+ | LC_ALL = (unset), | ||
+ | LC_MESSAGES = "", | ||
+ | LANG = " | ||
+ | are supported and installed on your system. | ||
+ | perl: warning: Falling back to the standard locale (" | ||
+ | (13/14) Updating the info directory file... | ||
+ | (14/14) Rebuilding certificate stores... | ||
+ | pacstrap /mnt base base-devel linux-lts linux-firmware lvm2 openssh sshpass v 32.27s user 7.97s system 13% cpu 4:48.26 total | ||
+ | </ | ||
+ | |||
+ | In den **Mount-Point** | ||
+ | * ''/ | ||
+ | werden nachfolgende Paketgruppen bzw. Pakete | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | installiert. | ||
+ | |||
+ | Optional, aber **__dringend empfohlen__**, | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ===== Systemkonfiguration: | ||
+ | |||
+ | ==== /etc/fstab erstellen ==== | ||
+ | |||
+ | Nachfolgender Befehl erzeugt die Konfigurationsdatei **''/ | ||
+ | < | ||
+ | root@archiso ~ # genfstab -Up /mnt > / | ||
+ | </ | ||
+ | |||
+ | Der so erzeugte Inhalt, kann mit nachfolgendem Befehl überprüft werden und sollte eine Ausgabe wie die nachfolgende zum Vorschein bringen: | ||
+ | < | ||
+ | root@archiso ~ # cat / | ||
+ | # / | ||
+ | UUID=4df0fcd7-fade-4887-81c5-fdc78f96572d | ||
+ | |||
+ | # /dev/vda1 | ||
+ | UUID=0a4eca7f-882b-4ea1-a950-d2b4636d325c | ||
+ | |||
+ | # / | ||
+ | UUID=777a7860-c768-4277-8c0c-c9194fcd2ec5 | ||
+ | |||
+ | # / | ||
+ | UUID=c341665d-3f02-4fff-bfd5-346233987ccc | ||
+ | |||
+ | # / | ||
+ | UUID=7f70accb-6bc6-47be-85a6-cf6fb86a6958 | ||
+ | |||
+ | # / | ||
+ | UUID=9399a618-575f-4ef2-bfaf-6b259c1147fd | ||
+ | </ | ||
+ | |||
+ | ==== arch-chroot /mnt ==== | ||
+ | |||
+ | Jetzt ist es an der Zeit, **in das installierte System zu wechseln** und weitere Konfigurationen vorzunehmen, | ||
+ | < | ||
+ | root@archiso ~ # arch-chroot /mnt/ | ||
+ | [root@archiso /]# | ||
+ | </ | ||
+ | |||
+ | :!: **WICHTIG** - **Der '' | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Nachfolgender Befehl setzt den **Hostnamen** für den Server: | ||
+ | < | ||
+ | # echo archlinux > / | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Nachfolgender Befehl setzt die Systemsprache auf **English-US Ausprägung UTF-8** | ||
+ | |||
+ | (Für **Deutsch-DE Ausprägung UTF-8**, __wäre__ '' | ||
+ | < | ||
+ | # echo LANG=en_US.UTF-8 > / | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Nachfolgende Veränderungen der Konfigurationsdatei ''/ | ||
+ | * '' | ||
+ | * '' | ||
+ | setzen die erweiterten Systemsprachenspezifikation auf **English-US Ausprägung UTF-8** durch **ein kommentieren** der entsprechenden Systemsprache. | ||
+ | |||
+ | (Für **Deutsch-DE Ausprägung UTF-8** wäre | ||
+ | * ''# | ||
+ | * ''# | ||
+ | * ''# | ||
+ | **einzukommentieren**) | ||
+ | |||
+ | Nachfolgend soll die Konfigurationsdatei mit dem Text-Editor '' | ||
+ | < | ||
+ | [root@archiso /]# vim / | ||
+ | </ | ||
+ | |||
+ | Nachfolgender Befehl gibt zur Kontrolle, nur die ein kommentieren Zeilen der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# egrep -v ' | ||
+ | en_US.UTF-8 UTF-8 | ||
+ | en_US ISO-8859-1 | ||
+ | </ | ||
+ | |||
+ | Der abschließende Befehl setzt die Konfiguration dann im System um: | ||
+ | < | ||
+ | [root@archiso /]# locale-gen | ||
+ | Generating locales... | ||
+ | en_US.UTF-8... done | ||
+ | en_US.ISO-8859-1... done | ||
+ | Generation complete. | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Nachfolgende Befehle legen das **Tastaturlayout**: | ||
+ | < | ||
+ | [root@archiso /]# echo KEYMAP=de-latin1-nodeadkeys > / | ||
+ | </ | ||
+ | |||
+ | und die **Schriftart der '' | ||
+ | < | ||
+ | [root@archiso /]# echo FONT=lat9w-16 >> / | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Nachfolgender Befehl legt einen Verweis (Link) auf die zu verwendende **Zeitzone**, | ||
+ | < | ||
+ | [root@archiso /]# ln -sf / | ||
+ | </ | ||
+ | |||
+ | ==== /etc/hosts ==== | ||
+ | |||
+ | Nachfolgende Befehle erstellen die Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# echo -e '#< | ||
+ | [root@archiso /]# echo -e ' | ||
+ | [root@archiso /]# echo -e ':: | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - Eine Ausrichtung der einzelnen Zeilen **__muss__** ebenfalls durch Verwendung des Texteditors '' | ||
+ | |||
+ | Nachfolgend soll die Konfigurationsdatei mit dem Text-Editor '' | ||
+ | < | ||
+ | [root@archiso /]# vim /etc/hosts | ||
+ | </ | ||
+ | |||
+ | Der Inhalt der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# cat /etc/hosts | ||
+ | # Static table lookup for hostnames. | ||
+ | # See hosts(5) for details. | ||
+ | |||
+ | #< | ||
+ | 127.0.0.1 | ||
+ | ::1 | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | :!: **HINWEIS** - **Der Namensserver aus dem LIVE-System sollte bereits vorhanden sein!** | ||
+ | |||
+ | Zuerst sollte die Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# cat / | ||
+ | # Resolver configuration file. | ||
+ | # See resolv.conf(5) for details. | ||
+ | nameserver 192.168.1.20 | ||
+ | </ | ||
+ | |||
+ | In der Konfigurationsdatei **''/ | ||
+ | |||
+ | :!: HINWEIS - Die Wiederholung des Befehls mit weiteren Namensservern erweitert die Datei entsprechend! | ||
+ | |||
+ | < | ||
+ | [root@archiso /]# echo ' | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | :!: **WICHTIG** - **Nachfolgende Anpassung ist __sehr__ wichtig, da sonst das LVM nicht genutzt werden kann und der Start von der Festplatte von [[https:// | ||
+ | |||
+ | Nachfolgende Ergänzung in der Konfigurationsdatei | ||
+ | * **''/ | ||
+ | **__muss__** zwingend durchgeführt werden. | ||
+ | |||
+ | Zuerst soll aber eine **Sicherungskopie** der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# cp -a / | ||
+ | </ | ||
+ | |||
+ | Anschließend muss das Laden des systembedingten, | ||
+ | * **'' | ||
+ | wie folgt **__VOR__** dem Schlüsselwort **'' | ||
+ | < | ||
+ | [root@archiso /]# vim / | ||
+ | </ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**) | ||
+ | |||
+ | **__VORHER: | ||
+ | < | ||
+ | HOOKS=(base udev autodetect modconf block filesystems keyboard fsck) | ||
+ | </ | ||
+ | |||
+ | **__NACHHER: | ||
+ | < | ||
+ | # Tachtler | ||
+ | # default: HOOKS=(base udev autodetect modconf block filesystems keyboard fsck) | ||
+ | HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck) | ||
+ | </ | ||
+ | |||
+ | ==== initramfs: mkinitcpio ==== | ||
+ | |||
+ | Durch den nachfolgenden Befehl wird die **initramfs**-Erstellung durchgeführt: | ||
+ | < | ||
+ | [root@archiso /]# mkinitcpio -p linux-lts | ||
+ | ==> Building image from preset: / | ||
+ | -> -k / | ||
+ | ==> Starting build: 4.19.98-1-lts | ||
+ | -> Running build hook: [base] | ||
+ | -> Running build hook: [udev] | ||
+ | -> Running build hook: [autodetect] | ||
+ | -> Running build hook: [modconf] | ||
+ | -> Running build hook: [block] | ||
+ | -> Running build hook: [encrypt] | ||
+ | -> Running build hook: [lvm2] | ||
+ | -> Running build hook: [filesystems] | ||
+ | -> Running build hook: [keyboard] | ||
+ | -> Running build hook: [fsck] | ||
+ | ==> Generating module dependencies | ||
+ | ==> Creating gzip-compressed initcpio image: / | ||
+ | ==> Image generation successful | ||
+ | ==> Building image from preset: / | ||
+ | -> -k / | ||
+ | ==> Starting build: 4.19.98-1-lts | ||
+ | -> Running build hook: [base] | ||
+ | -> Running build hook: [udev] | ||
+ | -> Running build hook: [modconf] | ||
+ | -> Running build hook: [block] | ||
+ | ==> WARNING: Possibly missing firmware for module: aic94xx | ||
+ | ==> WARNING: Possibly missing firmware for module: wd719x | ||
+ | -> Running build hook: [encrypt] | ||
+ | -> Running build hook: [lvm2] | ||
+ | -> Running build hook: [filesystems] | ||
+ | -> Running build hook: [keyboard] | ||
+ | -> Running build hook: [fsck] | ||
+ | ==> Generating module dependencies | ||
+ | ==> Creating gzip-compressed initcpio image: / | ||
+ | ==> Image generation successful | ||
+ | </ | ||
+ | |||
+ | ==== Bootloader: GRUB ==== | ||
+ | |||
+ | Zum Start des Servers ist ein sogenannter **" | ||
+ | * **GRUB** | ||
+ | installiert werden, was mit nachfolgendem Befehl durchgeführt werden soll: | ||
+ | < | ||
+ | [root@archiso /]# pacman -S --noconfirm grub | ||
+ | resolving dependencies... | ||
+ | looking for conflicting packages... | ||
+ | |||
+ | Packages (1) grub-2: | ||
+ | |||
+ | Total Download Size: 6.68 MiB | ||
+ | Total Installed Size: 32.53 MiB | ||
+ | |||
+ | :: Proceed with installation? | ||
+ | :: Retrieving packages... | ||
+ | | ||
+ | (1/1) checking keys in keyring | ||
+ | (1/1) checking package integrity | ||
+ | (1/1) loading package files [###################### | ||
+ | (1/1) checking for file conflicts | ||
+ | (1/1) checking available disk space [###################### | ||
+ | :: Processing package changes... | ||
+ | (1/1) installing grub [###################### | ||
+ | Generate your bootloader configuration with: | ||
+ | grub-mkconfig -o / | ||
+ | Optional dependencies for grub | ||
+ | freetype2: For grub-mkfont usage | ||
+ | fuse2: For grub-mount usage | ||
+ | dosfstools: For grub-mkrescue FAT FS and EFI support | ||
+ | efibootmgr: For grub-install EFI support | ||
+ | libisoburn: Provides xorriso for generating grub rescue iso using | ||
+ | grub-mkrescue | ||
+ | os-prober: To detect other OSes when generating grub.cfg in BIOS systems | ||
+ | mtools: For grub-mkrescue FAT FS support | ||
+ | :: Running post-transaction hooks... | ||
+ | (1/2) Arming ConditionNeedsUpdate... | ||
+ | (2/2) Updating the info directory file... | ||
+ | </ | ||
+ | |||
+ | Anschließend ist die Konfiguration von **GRUB** für das Starten von der **Festplatte** einzurichten, | ||
+ | < | ||
+ | [root@archiso /]# grub-install /dev/vda | ||
+ | Installing for i386-pc platform. | ||
+ | Installation finished. No error reported. | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - **Falls beim starten und herunterfahren eine Ausgabe der gestarteten bzw. beendeten Dienste/ | ||
+ | * **''/ | ||
+ | **wie nachfolgend dargestellt geändert werden:** | ||
+ | |||
+ | Die Konfiguratiosndatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# vim / | ||
+ | </ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**: | ||
+ | |||
+ | __**Vorher**__: | ||
+ | <code bash> | ||
+ | # GRUB boot loader configuration | ||
+ | |||
+ | GRUB_DEFAULT=0 | ||
+ | GRUB_TIMEOUT=5 | ||
+ | GRUB_DISTRIBUTOR=" | ||
+ | GRUB_CMDLINE_LINUX_DEFAULT=" | ||
+ | GRUB_CMDLINE_LINUX="" | ||
+ | </ | ||
+ | |||
+ | __**Nachher**__ | ||
+ | <code bash> | ||
+ | # GRUB boot loader configuration | ||
+ | |||
+ | GRUB_DEFAULT=0 | ||
+ | GRUB_TIMEOUT=5 | ||
+ | GRUB_DISTRIBUTOR=" | ||
+ | # Tachtler | ||
+ | # default: GRUB_CMDLINE_LINUX_DEFAULT=" | ||
+ | GRUB_CMDLINE_LINUX_DEFAULT=" | ||
+ | GRUB_CMDLINE_LINUX="" | ||
+ | </ | ||
+ | |||
+ | **__Erklärung: | ||
+ | |||
+ | * < | ||
+ | |||
+ | Damit die **verschlüsselte** Partition entschlüsselt werden kann, ist nachfolgender Eintrag am Anfang des Konfigurationsparameters sinnvoll: '' | ||
+ | |||
+ | Damit Meldungen des '' | ||
+ | |||
+ | Abschließend muss noch die **GRUB**-Konfiguration generiert werden, was mit nachfolgendem Befehl durchgeführt werden kann: | ||
+ | < | ||
+ | [root@archiso /]# grub-mkconfig -o / | ||
+ | Generating grub configuration file ... | ||
+ | Found linux image: / | ||
+ | Found initrd image: / | ||
+ | Found fallback initrd image(s) in /boot: initramfs-linux-lts-fallback.img | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | ==== Passwort: root ==== | ||
+ | |||
+ | Es ist sinnvoll, dass der Benutzer **'' | ||
+ | < | ||
+ | [root@archiso /]# passwd | ||
+ | New password: | ||
+ | Retype new password: | ||
+ | passwd: password updated successfully | ||
+ | </ | ||
+ | |||
+ | Das Passwort ist in der '' | ||
+ | |||
+ | ===== Neustart ===== | ||
+ | |||
+ | Wenn alle Konfigurationen durchgeführt sind, kann nun das installierte [[https:// | ||
+ | < | ||
+ | # exit | ||
+ | exit | ||
+ | arch-chroot /mnt/ 12.59s user 2.20s system 0% cpu 1:40:38.73 total | ||
+ | </ | ||
+ | |||
+ | :!: **WICHTIG** - **Der '' | ||
+ | |||
+ | Der eigentliche **Neustart** wird dann mit nachfolgendem Befehl durchgeführt: | ||
+ | < | ||
+ | root@archiso ~ # reboot | ||
+ | </ | ||
+ | |||
+ | Nach erfolgreichem Neustart, sollte nachfolgender **" | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Inmitten des Boot-Prozesses, | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Nach erfolgreichem **" | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ===== Hinweise ==== | ||
+ | |||
+ | Nach dem erfolgreichen ersten Start des Servers sind die folgenden Gegebenheiten zu beachten: | ||
+ | - Es gibt **__KEINE__** Benutzer die sich anmelden können, **ausser** der Benutzer **'' | ||
+ | - Es steht **__KEINE__** Netzwerkanbindung zur Verfügung! | ||
+ | - Es stehen **__KEINE__** Dienste/ | ||
+ | |||
+ | ===== Inbetriebnahme ===== | ||
+ | |||
+ | Um [[https:// | ||
+ | |||
+ | - Konfiguration einer **Netzwerkkarte** unter Verwendung und Start durch '' | ||
+ | - Konfiguration und Start des **SSH**-Dienstes/ | ||
+ | - Zugriff **__vorübergehend__** durch den Benutzer **'' | ||
+ | - Komfortkonfiguration für den Benutzer für die Verwendung der '' | ||
+ | - '' | ||
+ | - '' | ||
+ | - '' | ||
+ | |||
+ | ==== Netzwerk: systemd ==== | ||
+ | |||
+ | Damit beim Start oder Neustart des Servers gleich eine Netzwerkverbindung mit gestartet wird, soll das sich bereits auf dem Server befindliche '' | ||
+ | |||
+ | Dazu ist es erfordelrich, | ||
+ | |||
+ | Dazu soll zuerst mit nachfolgendem Befehl ermittelt werden, welche Netwzerkkarten auf dem Server vorhanden sind und welche Bezeichnung diese haben: | ||
+ | < | ||
+ | [root@archlinux ~]# ip a | ||
+ | 1: lo: < | ||
+ | link/ | ||
+ | inet 127.0.0.1/8 scope host lo | ||
+ | | ||
+ | inet6 ::1/128 scope host | ||
+ | | ||
+ | 2: eth0: < | ||
+ | link/ether 52: | ||
+ | </ | ||
+ | |||
+ | * //Hier ist nur **eine** Netzwerkkarte mit der Bezeichnung **'' | ||
+ | |||
+ | Zur Konfiguration der Netzwerkkarte mit der Bezeichnung '' | ||
+ | * **''/ | ||
+ | < | ||
+ | [root@archlinux ~]# vim / | ||
+ | </ | ||
+ | |||
+ | Der Inhalt der Konfigurationsdatei könnte dann wie folgt aussehen: | ||
+ | <code ini> | ||
+ | [Match] | ||
+ | Name=eth0 | ||
+ | |||
+ | [Network] | ||
+ | Address=192.168.1.250/ | ||
+ | Gateway=192.168.1.1 | ||
+ | DNS=192.168.122.1 | ||
+ | </ | ||
+ | |||
+ | oder auch inklusive **ipv6** Adressen: | ||
+ | |||
+ | <code ini> | ||
+ | [Match] | ||
+ | Name=eth0 | ||
+ | |||
+ | [Network] | ||
+ | Address=192.168.1.250/ | ||
+ | Gateway=192.168.1.1 | ||
+ | DNS=192.168.1.1 | ||
+ | |||
+ | Address=fd00:: | ||
+ | Gateway=fd00:: | ||
+ | DNS=fd00::1 | ||
+ | |||
+ | Address=fe80:: | ||
+ | LinkLocalAddressing=no | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - In der **ipv6**-Konfiguration wurde das **__automatische__** beziehen einer ipv6-Adresse für die **LinkLocal**-Adresse deaktiviert, | ||
+ | |||
+ | :!: **HINWEIS** - Bein Befehl '' | ||
+ | < | ||
+ | [root@archlinux ~]# ping -c 3 fe80:: | ||
+ | PING fe80:: | ||
+ | 64 bytes from fe80:: | ||
+ | 64 bytes from fe80:: | ||
+ | 64 bytes from fe80:: | ||
+ | |||
+ | --- fe80:: | ||
+ | 3 packets transmitted, | ||
+ | rtt min/ | ||
+ | </ | ||
+ | |||
+ | Anschließend sollte noch mit nachfolgendem Befehl überprüft werden, ob eine anderer Dienst/ | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl list-unit-files | grep netctl | ||
+ | </ | ||
+ | |||
+ | und | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl list-unit-files | grep dhcpcd | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - Falls hier ein Treffer erzielt wird, sollte der Dienst/ | ||
+ | - **gestoppt** | ||
+ | - **deaktiviert** | ||
+ | werden, was mit nachfolgenden Befehlen erfolgen kann: | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl stop netctl@eth0.service | ||
+ | </ | ||
+ | |||
+ | und | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl disable netctl@eth0.service | ||
+ | </ | ||
+ | |||
+ | bzw. | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl stop dhcpcd.service | ||
+ | </ | ||
+ | |||
+ | und | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl disable dhcpcd.service | ||
+ | </ | ||
+ | |||
+ | Damit nun der '' | ||
+ | - **aktiviert** | ||
+ | - **gestartet** | ||
+ | wird, was mit nachfolgenden Befehlen durchgeführt werden kann: | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl enable systemd-networkd.service | ||
+ | Created symlink / | ||
+ | Created symlink / | ||
+ | Created symlink / | ||
+ | Created symlink / | ||
+ | </ | ||
+ | |||
+ | und | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl start systemd-networkd.service | ||
+ | </ | ||
+ | |||
+ | Ein Überprüfung, | ||
+ | < | ||
+ | [root@archlinux ~]# ip a | ||
+ | 1: lo: < | ||
+ | link/ | ||
+ | inet 127.0.0.1/8 scope host lo | ||
+ | | ||
+ | inet6 ::1/128 scope host | ||
+ | | ||
+ | 2: eth0: < | ||
+ | link/ether 52: | ||
+ | inet 192.168.1.250/ | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung mit nachfolgendem Befehl zeigt die aktuellen Routen, inklusive der **'' | ||
+ | < | ||
+ | root@archiso ~ # ip ro | ||
+ | default via 192.168.1.10 dev ens3 | ||
+ | 192.168.1.0/ | ||
+ | </ | ||
+ | |||
+ | Zuerst sollte die Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archiso /]# cat / | ||
+ | # Resolver configuration file. | ||
+ | # See resolv.conf(5) for details. | ||
+ | </ | ||
+ | |||
+ | In der Konfigurationsdatei **''/ | ||
+ | |||
+ | :!: HINWEIS - Die Wiederholung des Befehls mit weiteren Namensservern erweitert die Datei entsprechend! | ||
+ | |||
+ | < | ||
+ | [root@archiso /]# echo ' | ||
+ | </ | ||
+ | |||
+ | ==== SSH-Dienst/ | ||
+ | |||
+ | Um den **SSH**-Dienst/ | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl enable sshd.service | ||
+ | Created symlink / | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung, | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl list-unit-files --type=service | grep -E ^sshd | ||
+ | sshd.service | ||
+ | </ | ||
+ | bzw. | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl is-enabled sshd.service | ||
+ | enabled | ||
+ | </ | ||
+ | |||
+ | Abschließend soll noch die **Anmeldung via Passwort** - **__vorübergehend__** während der Konfigurationsphase aktiviert werden. | ||
+ | |||
+ | Dazu soll mit nachfolgendem Befehl eine Sicherungskopie der originalen Konfigurationsdatei | ||
+ | * ''/ | ||
+ | mit dem Namen | ||
+ | * ''/ | ||
+ | ersteltl werden: | ||
+ | < | ||
+ | [root@archlinux ~]# cp -a / | ||
+ | </ | ||
+ | |||
+ | Anschließend soll nachfolgende Konfiguration in der Konfigurationsdatei ''/ | ||
+ | < | ||
+ | [root@archlinux ~]# vim / | ||
+ | </ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**: | ||
+ | <code bash> | ||
+ | PasswordAuthentication yes | ||
+ | </ | ||
+ | |||
+ | (**Nur relevanter Ausschnitt**: | ||
+ | <code bash> | ||
+ | PermitRootLogin yes | ||
+ | </ | ||
+ | |||
+ | Abschließend kann der **SSH**-Dienst/ | ||
+ | < | ||
+ | [root@archlinux ~]# systemctl start sshd.service | ||
+ | </ | ||
+ | |||
+ | Eine Überprüfung ob der **SSH**-Dienst/ | ||
+ | < | ||
+ | root@archiso ~ # systemctl status sshd.service | ||
+ | ● sshd.service - OpenSSH Daemon | ||
+ | | ||
+ | | ||
+ | Main PID: 775 (sshd) | ||
+ | Tasks: 1 (limit: 2330) | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Dec 29 11:43:56 archiso systemd[1]: Started OpenSSH Daemon. | ||
+ | Dec 29 11:43:56 archiso sshd[775]: Server listening on 0.0.0.0 port 22. | ||
+ | Dec 29 11:43:56 archiso sshd[775]: Server listening on :: port 22. | ||
+ | |||
+ | </ | ||
+ | |||
+ | Dann kann noch einmal die IP-Adresse des Servers in Erfahrung gebracht werden, damit eine Verbindung zum Server hergestellt werden kann. Dies kann durch Ausführung des nachfolgenden Befehls erfolgen: | ||
+ | < | ||
+ | [root@archlinux ~]# ip a | ||
+ | 1: lo: < | ||
+ | link/ | ||
+ | inet 127.0.0.1/8 scope host lo | ||
+ | | ||
+ | inet6 ::1/128 scope host | ||
+ | | ||
+ | 2: eth0: < | ||
+ | link/ether 52: | ||
+ | inet 192.168.1.250/ | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | </ | ||
+ | |||
+ | :!: **BEISPIEL** - Die IP-Adresse des Servers aus oben genanntem Beispiel wäre hier: **'' | ||
+ | |||
+ | Jetzt kann eine erste Verbindung als Benutzer **'' | ||
+ | < | ||
+ | $ ssh root@192.168.1.250 | ||
+ | The authenticity of host ' | ||
+ | ECDSA key fingerprint is SHA256: | ||
+ | ECDSA key fingerprint is MD5: | ||
+ | Are you sure you want to continue connecting (yes/no)? yes | ||
+ | Warning: Permanently added ' | ||
+ | root@192.168.1.250' | ||
+ | Last login: Fri Jan 10 13:43:16 2020 | ||
+ | [root@archlinux ~]# | ||
+ | </ | ||
+ | |||
+ | ==== ~/ | ||
+ | |||
+ | Damit die Konfigurationsdatei **'' | ||
+ | * **'' | ||
+ | **falls nicht schon vorhanden**, | ||
+ | < | ||
+ | [root@archlinux ~]# vim ~/ | ||
+ | </ | ||
+ | <code bash> | ||
+ | # | ||
+ | # ~/ | ||
+ | # | ||
+ | |||
+ | [[ -f ~/.bashrc ]] && . ~/.bashrc | ||
+ | </ | ||
+ | |||
+ | ==== ~/.bashrc ==== | ||
+ | |||
+ | Wer z.B. Nutzer von [[https:// | ||
+ | * '' | ||
+ | ist. | ||
+ | |||
+ | Um auf diesen " | ||
+ | * '' | ||
+ | |||
+ | Der Inhalt, welcher hier an z.B. [[https:// | ||
+ | < | ||
+ | [root@archlinux ~]# vim ~/.bashrc | ||
+ | </ | ||
+ | <code bash> | ||
+ | # | ||
+ | # ~/.bashrc | ||
+ | # | ||
+ | |||
+ | # If not running interactively, | ||
+ | [[ $- != *i* ]] && return | ||
+ | |||
+ | # Tachtler | ||
+ | # default: alias ls='ls --color=auto' | ||
+ | #alias ls='ls --color=auto' | ||
+ | PS1=' | ||
+ | |||
+ | # Tachtler - NEW - | ||
+ | alias ll='ls -l --color=auto' | ||
+ | alias l.='ls -d .* --color=auto' | ||
+ | alias ls='ls --color=auto' | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - Nach der **Beendigung** z.B. eines '' | ||
+ | |||
+ | ==== ~/.vimrc ==== | ||
+ | |||
+ | Wer z.B. Nutzer von [[https:// | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | erfordern. | ||
+ | |||
+ | Um auf diesen " | ||
+ | * '' | ||
+ | |||
+ | Der Inhalt, welcher hier an z.B. [[https:// | ||
+ | < | ||
+ | [root@archlinux ~]# vim ~/.vimrc | ||
+ | </ | ||
+ | <code bash> | ||
+ | syntax on | ||
+ | |||
+ | set mouse-=a | ||
+ | set tabstop=4 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Problembehandlung ===== | ||
+ | |||
+ | ==== IPv6 DAD - tentative ==== | ||
+ | |||
+ | Falls nach Inbetriebnahme von **ipv6**-Adressen, | ||
+ | |||
+ | Bei aktivieren von ipv6-Adressen wird überprüft, | ||
+ | |||
+ | Solange die ipv6 Adressen sich im Zustand **" | ||
+ | |||
+ | :!: **ACHTUNG** - Die **Lösung** des Problems __kann__ darin liegen, die Prüfung **DAD** (Duplicate Address Detection) zu deaktivieren. | ||
+ | |||
+ | Dazu soll nachfolgende Konfigurationsdatei in nachfolgendem Verzeichnis mit nachfolgendem | ||
+ | * ''/ | ||
+ | Der Inhalt dieser Datei kann wie folgt aussehen und **__deaktiviert__** für jedes **Netzwerk-Interface** die **DAD** (Duplicate Address Detection): | ||
+ | <code bash> | ||
+ | net.ipv6.conf.eth0.accept_dad = 0 | ||
+ | </ | ||
tachtler/archlinux_-_minimal_server_installation_-_mit_festplattenverschluesselung.1595233108.txt.gz · Zuletzt geändert: 2020/07/20 10:18 von klaus