Skip to main content

Ubuntu Template Image Preparation and Cloning

About

Just some documentation I use to keep track of how to provision a new, fresh Ubuntu VM template on my homelab. Some values are going to differ in your environment, such as:

    Name Username Interface names (could vary asenX0, ens160, etc depending on your hypervisor or lack thereof) IP Addresses, Subnets, DNS servers, and search domains

    Fresh Install of VM

    Fresh Ubuntu Installation

    • Select and hit enter on the Try or Install Ubuntu Server option (loads by default)
    • Hit Enter, leaving the the default English option
    • Hit Enter, leaving the defaults of English (US) and English (US)
    • Hit Enter, leaving the default of Ubuntu Server
    • Arrow up on the keyboard to enX0 eth and hit Enter
    • Arrow down on the keyboard to Edit IPv4 and hit Enter
    • Hit Enter on Automatic (DHCP) and then arrow down on the keyboard to select Manual, then hit Enter
    • Tab between fields:
      • Subnet: 192.168.160.0/23
      • Address: 192.168.160.xxx (Choose a free temporary IP from IP Address Allocations)
      • Gateway: 192.168.160.1
      • Name Servers: 192.168.160.105, 8.8.8.8, 8.8.4.4
      • Search domains: (blank)
      • Save (hit Enter)
    • Tab to Done and hit Enter
    • Hit Enter, leaving the proxy set to blank
    • Hit Enter to accept the default mirror
    • Tab to Done and hit Enter to accept the defaults for the storage layout
    • Arrow up to ubuntu-lv (aka "mounted at /") and hit Enter
    • Select Edit and hit Enter
    • Tab to Size and change the value to the same as is listed next to max (probably ~?.???G)
    • Tab down to Save and hit Enter
    • Tab down to Done and hit Enter
    • Tab to Continue and hit Enter on the Confirm destructive action dialog
    • Profile Setup
      • Your Name: John HolmstadtDoe
      • Your server's name: ubuntu2404 (or ubuntu24041 etc for newer revisions)
      • Pick a username: jholmstadtjdoe
      • Choose a password: (my standard)
      • Confirm your password: (same)
      • Tab to Done and hit Enter
    • Hit Enter, leaving the Skip for now option selected on the Upgrade to Ubuntu Pro
    • Hit Spacebar on the option to Install OpenSSH Server
    • SomethingIf somethingyou githubhave muchtalla GitHub account, you can optionally add your public SSH key
    • Tab to Done and hit Enter
    • Tab to Done and hit Enter, leaving defaults of nothing selected on Featured Server Snaps
    • Wait for the "Cancel update and reboot" option to go away, which will be replaced with Reboot now

    Post-install Ubuntu Configuration

      Return to the Remote Console window and Power On the VM Once it comes up, SSH to your VM

      Run any available upgrades and reboot

      sudo apt update && sudo apt upgrade -y && sudo reboot
      Reconnect via SSH

      Set up Chrony for time sync

      sudo apt install -y chrony && \
sudo systemctl restart chrony && \
chronyc tracking | grep --color=auto -e ^ -e "Last offset.*"

      VIM Tweaks

      While cool, some of the newer VIM plugins that come with Ubuntu can cause unexpected weirdness. Lets tweak the room VIM config so that it's less of a pain when doing a sudo vi

      Apparently `sudoedit` is a thing. That loads your personal .vimrc while executing edits as root. In which case, if you use sudoedit, you may want to add these tweaks to your personal ~/.vimrc

        Fix the auto-indentation of YAML when commenting out an existing line (for both your username and root)

        cat << EOF >> ~/.vimrc
" Fix auto-indentation for YAML files
augroup yaml_fix
    autocmd!
    autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab indentkeys-=0# indentkeys-=<:>
augroup END
  
EOF
 
sudo bash -c 'cat << EOF >> ~/.vimrc
" Fix auto-indentation for YAML files
augroup yaml_fix
    autocmd!
    autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab indentkeys-=0# indentkeys-=<:>
augroup END
 
EOF'

        Template Image Prep

        Set up OpenSSH Key Reconfiguration

        If you simply clone an Ubuntu image without resetting the OpenSSH server host keys, an attacker can take those host keys and perform a MITM SSH attack on any system that was cloned from the same image. So we have to make sure those are reset before we make the image, and then automatically regenerated on the next boot.

          Copy/Paste/Run this entire chunk of script into your terminal (creates process that checks for missing keys at boot, and regenerates them if missing):

          if [ `systemctl is-enabled openssh-reconfigure.service 2> /dev/null > /dev/null || true && false` ] ; then \
  echo "OpenSSH Key Reconfiguration Service already installed." ; \
else
  sudo bash -c 'cat << EOF > /usr/local/sbin/openssh-reconfigure
#!/bin/bash
test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
EOF'
sudo chmod 700 /usr/local/sbin/openssh-reconfigure
sudo bash -c 'cat << EOF > /etc/systemd/system/openssh-reconfigure.service
[Unit]
Description=OpenSSH Key Reconfiguration Service
Before=ssh.service
 
[Service]
Type=simple
ExecStart=/usr/local/sbin/openssh-reconfigure
 
[Install]
WantedBy=multi-user.target
EOF' ; \
  sudo chmod 644 /etc/systemd/system/openssh-reconfigure.service ; \
  sudo systemctl enable openssh-reconfigure.service ; \
fi
          Delete the existing keys
          sudo /bin/rm -v /etc/ssh/ssh_host_*

          Clear the Machine ID

            Run this:

            sudo bash -c "truncate -s0 /etc/machine-id ; \
rm /var/lib/dbus/machine-id ; \
ln -s /etc/machine-id /var/lib/dbus/machine-id"

            Genericize the netplan config

              Make these alterations to /etc/netplan/50-cloud-init.yaml in the enX0 section. Leave the comments for the image/template user to understand what needs to happen to re-activate networking
              Ubuntu 24.04:

              link-local: [ ipv4 ]   # Post-cloning, comment this out or remove
#link-local: [ ]       # Post-cloning, un-comment this line
#addresses:            # Post-cloning, un-comment this line
#- 192.168.160.xxx/23  # Post-cloning, un-comment this line and set appropriately

              Setting link-local allows the network interface to come up on boot, but without DHCP or a Static IP assigned. Additionally, setting link-local to a blank array ([ ]) after initial config disabled link-local addressing which can cause problems for default route handling in some cases.

              Clear the Bash, VIM, and other history

                Run this:

                rm -rf ~/.viminfo ~/.Xauthority ~/.cache
sudo bash -c 'rm -rf ~/.viminfo ~/.Xauthority ~/.cache'
sudo bash -c 'echo -n "" > /var/log/wtmp'
sudo bash -c 'echo -n "" > /var/log/btmp'
sudo bash -c 'echo -n "" > /var/log/lastlog'
 
### These should always run last
sudo bash -c 'truncate -s0 ~/.bash_history ; history -c'
truncate -s0 ~/.bash_history ; history -c

                Shutdown

                  Run this:

                  sudo shutdown -h now

                  Create the Template or Image

                  XCP-NG

                   

                  asdfasdf

                  Back to top