How to Develop Virtual Appliances Using Ubuntu JeOS
Ubuntu JeOS (pronounced" juice") is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. Soren Hansen and Nick Barcet discuss how to use JeOS to create your own virtual appliance to help distribute your applications.
Virtual appliances are an effective and convenient way to distribute applications, whether it’s an open source application stack or a commercial product. Users and customers can simply fire up the virtual machine and start using the application, without having to deal with the installation and configuration that goes along with it.
Ubuntu JeOS (pronounced” juice”) is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. JeOS is a specialized installation of Ubuntu Server Edition with a tuned kernel that only contains the base elements needed to run within a virtualized environment.
Ubuntu JeOS has been tuned to take advantage of key performance technologies in the latest virtualization products from VMware. The combination of reduced size and optimized performance ensures that Ubuntu JeOS Edition delivers a highly efficient use of server resources in large virtual deployments.
Without unnecessary drivers, and only the minimal required packages, ISVs can configure their supporting OS exactly as they require. They have the peace of mind that updates, whether for security or enhancement reasons, will be limited to the bare minimum of what is required in their specific environment.
In turn, users deploying virtual appliances built on top of JeOS will have to go through fewer updates and therefore less maintenance than they would have had to with a standard full installation of a server.
Initial setup (VMware Only)
The current version of Ubuntu JeOS was built to run under VMware Server or VMware ESX, and doesn’t work under other virtualization technologies yet. We’ll assume that you’ve already installed a VMware environment for the purpose of this tutorial.
It’s a good idea to verify the MD5 sum of the ISO with the sum provided on the Ubuntu site. For 7.10, you’ll find the MD5 sum here: http://cdimage.ubuntu.com/jeos/releases/7.10/release/MD5SUMS. To get the ISO’s MD5 sum, run md5sum ubuntu-7.10-jeos-i386.iso. If the values are not the same, you should try to download the file again.
Installation of JeOS
Installation of JeOS is done the same way you would install any other OS in VMware, but you’ll need to consider a few things:
To reduce the size of JeOS, SCSI drivers have not been included in the kernel shipped with JeOS. Make sure that you instruct VMware to use an IDE drive instead.
If you plan on shipping a virtual appliance, do not assume that the end-user will know how to extend disk size to fit their needs. So, either plan for a large virtual disk to allow for your appliance to grow, or provide the user with adequate documentation on allocating more space.
Given that it’s much easier to change the amount of RAM allocated to your VM, set the RAM to whatever you think is a safe minimum for your appliace. The user can change this if/when necessary.
Even though LVM setup is proposed by the installer, it doesn’t work at this time– so if you need LVM, it will need to be set up post-install.
Defining the VMware machine
The following example is based on using VMware server:
Create a new virtual machine.
Select Custom configuration.
Select Linux, pick Ubuntu in the version drop down menu.
Pick a name for your virtual appliance (use something that makes sense for your product).
Pick one processor (always default to the lowest configuration you think your users may have).
Letting the machine be private is a good secure basis.
Pick the minimum RAM you think your appliance will need (this can be changed easily by the user later on).
Bridged networking might seem a sensible default to simplify user set-up later on.
Do not use default SCSI at this point, use IDE, as SCSI drivers are not included in the kernel.
Pick a disk size that makes sense for your virtual appliance. A minimum of 8GB seems reasonable, particularly if you do not pick allocate disk space now. Split the disk into 2GB files makes sense if you want to allow storage on FAT volumes.
Pick where you want to store the disk image, click Finish.
JeOS installation parameters
Once your machine has been defined, you need to start it, but before you do that you need to tell it to boot from the ISO image you downloaded earlier. The installer for JeOS is very similar to the Ubuntu Server Installer, but as we are preparing a virtual appliance, there are a few steps that we want to change from a regular install.
Assigning a fixed IP address
As a virtual appliance that may be deployed on various very different networks, it is very difficult to know what the actual network will look like.
In order to simplify configuration, it’s a good idea to take an approach similar to what network hardware vendors often do, namely assigning an initial fixed IP address to the appliance in a private class network that you will provide in your documentation. An address in the range 192.168.0.0/255 is usually a good choice.
When you arrive at the screen Configure your network, you’ll be prompted to provide a hostname for this machine. Press Escape to access the network configuration menu. Select Configure network manually in the next screen. Enter a fixed IP address and other network information in the next screen. Once this is done, the installer will continue to its next steps automatically.
When partitioning the virtual appliance, you will have to take into consideration what you are planning to do with it. As mentioned before, do not pick one of the LVM options as it will fail, LVM not being provided by default on JeOS at this time. Because most appliances will run as server, using separate /home, /usr, /var and /tmp partitions would make sense.
User and password
Again setting up a virtual appliance, you will need to provide a default user and password that is generic so that you can include it in your documentation. We will see later on in this tutorial how we will provide some security by defining a script that will be run the first time a user actually logs in the appliance, that will, among other things, ask him to change his password. In this example I will use’ user’ as my user name, and’ default’ as the password.
Preparing the OS
Once we’re done with the initial installation of JeOS, and our virtual machine is waiting with a login prompt, we now have to prepare our operating to accommodate our application. It’s generally a good time to make a snapshot of your clean VMware image, so that if a mistake is made later on, it will be possible to revert to a blank page without having to reinstall everything.
The very first thing to do after install of the system is to check that it is up to date. This is done by running:
sudo apt-get update && sudo apt-get upgrade
Installing VMware Tools
VMware Tools will allow to have a better control of our appliance by the VMware environment, so it’s a pretty good idea to set it up. First, lets set up our environement by installing the build tools:
Next, you should ask VMware to mount the VMwareTools CD by clicking on VM-> Install VMware Tools… in the VMware Server menu.
Mount the cdrom using mount /media/cdrom0 or similar, and then copy the tools to the /tmp directory and uncompress them with sudo cp-a /media/cdrom0/VMwareTools*.gz /tmp/. Next, cd to the /tmp directory and run sudo tar-xzvf VMwareTools*.gz.
Now you can run the vmware-install.pl script. You’ll want to accept all of the default options when prompted during its setup.
cd vmware-tools-distrib/sudo ./vmware-install.pl
Installing Required Packages
In this example we will be installing a very simple application consisting of a Web page that accesses a MySQL database. So, we’ll need our OS to provide us with Apache, PHP, and MySQL– the basic LAMP stack, which we can install in one single step using the apt-get command:
sudo apt-get install lamp-server
Note that at this point we could easily install any additional packages that we might need using, for example, the aptitude command line utility.
Once we are done installing our base packages, it’s a good time to do a snapshot of our virtual machine. We also can save the intermediary steps by doing a full copy of the virtual machine by issuing the following command on our host after powering it down (you will have to adapt it to your particular environment):
Another convenient tool that we want to have on our appliance is OpenSSH, as it will allow our admins to access the appliance remotely. However, pushing externally an appliance with a pre-installed OpenSSH server is a big security risk as all these servers will share the same secret key, making it very easy for hackers to target our appliances with all the tools they need to crack it open. As with the user password, we will instead rely on a script that will install OpenSSH the first time a user logs in so that the key generated will be different for each appliance.
However, it might be simpler during the set-up to access our appliance using ssh, so we still install it at this time. Note that it will need to be fully removed by the time we ship our appliance, which is described in the last part of this tutorial. To install it, simply run:
sudo apt-get install openssh-server
When we ran apt-get to install the lamp-server, the only question we were asked was to provide a default password for MySQL. It would not be wise to have all our deployed appliances to use the same password, so we will change it the first time a user logs into our appliance.
Installing and Maintaining Our Application
In general this is a four-step process:
Packaging our application so that it is easily deployable.
Setting up a MySQL user. Finish preparing the system so that our application can run. Here we will simply create a MySQL user for our application to use.
Configure Apache to access the database.
Set up the system for updates so that it will be updated automatically every day.
Packaging the application
We have two options. The recommended method is to make a Debian package. Since this is outside of the scope of this tutorial, we will not perform this step here. We do invite the reader to read the documentation on how to do this at https://wiki.ubuntu.com/PackagingGuide.
Manually install the application under /opt as recommended by the Filesystem Hierarchy Standard (FHS) guidelines at http://www.pathname.com/fhs/. This is the approach we will be using here for more simplicity, even though this is not the one we would recommend for any serious application as it does mean more complexity in maintaining it. We cover this in the” How to get your application updated” section below.
Setting up a MySQL user
Our application needs to access the MySQL database. For security reasons, we do not want this user to be the root MySQL user, so we define a user named www-data that has read access to the local databases and can only connect locally with some password.
First we need to connect to the MySQL monitor using the default password we specified earlier:
user@JeOS:$ mysql -p --user=rootEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 9Server version: 5.0.45-Debian_1ubuntu3-log Debian etch distributionType 'help;' or '\h' for help. Type '\c' to clear the buffer.mysql>
Then we can create our user and exit the MySQL monitor:
mysql> GRANT SELECT ON *.* TO 'www-data'@'localhost' IDENTIFIED BY 'password';Query OK, 0 rows affected (0.00 sec)mysql> exitByeuser@JeOS:$
Installing the Application
Now it’s time to install the application itself. In this example our application is a very simple PHP script that lists the databases available in MySQL:
To install the script we’ll make a directory and create the file:
sudo mkdir /opt/sample-app/
Now, open the file /opt/sample-app/index.php using sudo with the text editor of your choice and paste the script in the text editor, then save the file and make it readable by Apache using sudo chown-R www-data:www-data /opt/sample-app.
Then we just need to modify the default Apache configuration to point to our application directory. Open /etc/apache2/sites-enabled/000-default using sudo with your text editor of choice and change all instances of /var/www/ to /opt/sample-app. Then, save and exit the file, and reload Apache using sudo /etc/init.d/apache2 reload.
You can now test your application by pointing your browser to the IP address of the virtual appliance.
Setting Up Automated Updates
To have your system be configured to update itself on a regular basis, we will just install unattended-upgrades sudo aptitude install unattended-upgrades.
If you decided to package your application as a Debian package and set up your own repository, all you need to do is to add your repository to /etc/apt/source.list.d/.
The auto-update cron job will then pull the update each time you provide it in your repository. Another advantage of using a packaged approach is that, if your dependencies evolve during the life of your application, all updated dependencies will be automatically installed in the same process.
If you decided to install your application manually, it’s up to you how to automate the updates. One solution would be to place a tar file with your app on some HTTP server, along with a version file, and create a script that is placed in /etc/cron.daily that compares the version file on the server with the version file that you would have stored in /opt/sample-app/. If the version online is newer, download and apply the new tar file, then reload Apache.
Preparing First User Boot
To deal with the security risks we outlined earlier, we need to have a few tasks performed the first time a user logs in. Reinstall OpenSSH if the appliance can be accessed this way, ask for a new user password, ask for a new MySQL root password, and regenerate the SSL certificate if our application can be accessed through SSL.
Sound complicated? It’s not, and here’s how we can do it. Add a line to the very end of /etc/bash.bashrc:
if [ ! -e /etc/opt/sample-app/initial_config_done ]; then /opt/sample-app/bin/initial_config sudo touch /etc/opt/sample-app/initial_config_donefi
Through this line, the script /opt/sample-app/bin/initial_config will be executed upon first login if the file /etc/opt/sample-app/initial_config_done does not exist. So we now need to create the directory /etc/opt/sample-app/:
sudo mkdir /etc/opt/sample-app/
Then create the script /opt/sample-app/bin/initial_config using sudo and copy the script shown here:
#!/bin/bash# Let's change the user's passwordecho "Thank you for choosing our sample-app appliance"echo "For the security of the appliance, we need you to change this user password now."passwd# Now change the MySQL passwordecho "We now need you to specify a new MySQL root password"let done=0while [ $done -eq 0 ]; do read -e -s -r -p "New mysql root password:" PASS1 echo "" read -e -s -r -p "Retype mysql root password:" PASS2 if [[ "$PASS1" == "$PASS2" ]]; then let done=1 #perform the actual change assuming that our initial password is default mysqladmin -u root --password='default' password $PASS1 else echo "The 2 passwords did not match, please try again." fidone#Perform the reinstall of openssh so that the key is regeneratedecho "We are now going to generate your ssh keys."sudo apt-get --purge -y remove openssh-serversudo apt-get install -y openssh-server#You can add any additional first user login #actions that you require after this line
Make it executable with sudo chmod a+x /opt/sample-app/bin/initial_config and that’s it.
Cleaning Before Shipping
After testing our appliance, it’s time to make it” clean” before shipping it. You want to provide your users with a production-ready appliance, so get rid of all the unnecessary scripts and such before sending it on its way.
First, remove /etc/opt/sample-app/initial_config_done with sudo rm /etc/opt/sample-app/initial_config_done. Reset the passwords to their default values if you have changed them, and remove services that are no longer needed.
Also, remember to remove configuration files, too. You can use sudo aptitude purge, sudo apt-get--purge remove, or sudo dpkg-P, whichever tool you prefer. From our example this would include openssh-server, build-essentials, and linux-headers-$ (uname- r).
Now, clear out the apt cache with sudo apt-get clean and remove $HOME/.ssh for users and root with sudo rm-rf /home/user/.ssh && sudo rm-rf /root/.ssh.
You’ll also want to remove any build directories that have been used in the process. In our example that would be the content of the /tmp directory. Also, you probably want to remove the history of your commands, which you can do with history-c.
Now it’s time to shut down the system and do the final cleanup. Once it’s shut down, go to your virtual machine settings in the VMware management console and select the virtual disk. Defragment it, which should reclaim all of the space you’ve freed, which will make the appliance smaller. Your virtual appliance is ready to ship!
We hope that this tutorial will make building your own appliance much simpler. For further documentation on the Ubuntu Server Edition, please refer to the Ubuntu Server Guide: https://help.ubuntu.com/7.10/server/C/. If you are interested in learning more, have questions or suggestions, you are welcome to come talk with us at on IRC(# ubuntu-server on Freenode) and on the Ubuntu mailing list (https://lists.ubuntu.com/mailman/listinfo/ubuntu-server).
Fatal error: Call to undefined function aa_author_bios() in /opt/apache/dms/b2b/linux-mag.com/site/www/htdocs/wp-content/themes/linuxmag/single.php on line 62