Doc /

Open SUSE small-server 2021

Configuring a small home server in 2021 with openSUSE Leap 15.3 | MySQL - Mariadb 2021 >

Updated on march 19, 2021 and now from september 24 and following...

Presentation

As of 2021, I have still an online hosted server at Kimsufi, very cheap one, implemented with Yunohost for Nextcloud (2TB HDD).

As I want to run INN, the Internet Newsgroup server, and I'm not fluent with debian (Yunohost) and Yunohost don't know about INN, I first use an old laptop at home, where now I have fiber glass link, very fast.

So I rent a much betetr server, still at kimsufi, but with "Serveur KS-7 - Intel i3-2130 - 8GB DDR3 1333 MHz - 2To SATA", much faster (and much more expensive) than the other.

Installing openSUSE on this server was pretty hard, for kimsufi do not provide anymore he openSUSE template, but I could do the job.

I also notice my FAI ("Free" the french FAI) modem "Delta" is a full NAS with raid capability and able to run VM's, I also build a server there (at little cost).

First step: install the system

Kimsufi

I had to start from the kimsufi rescue mode. Ans first found where the command was on the interface. It's in "netboot". This "netboot" interface is a very pretty kimsufi option, allowing to boot from a provider kernel in place of the hard drive kernel. Very handy for debugging. Here it was booting an complete rescue system, very similar of the one openSUSE provide on its iso images.

Of course it's not openSUSE, only a small debian jessie abstract, but when things get minimal, there are little differences.

So I have to install openSUSE on a remote server, I have no physical access. The details are given here:

Remote openSUSE installation

This is a script, you can copy / Paste it in any opensuse.sh text file. Me, I opened a new file in the kimsufi rescue system with vi (available in the rescue system) and pasted the script content in there.

I changed the super passwd for something a bit simpler (it's only for the time of install, no reason to be hacked) and run "sh opensuse.sh"

I copy here the code, just in case the web page desappear (script CC0 bmwiedemann 2020], but be warned than this script may be obsolete:

#!/bin/bash
 set -xe
 : ${repo:=https://download.opensuse.org/distribution/openSUSE-stable/repo/oss}
 #: ${repo:=https://download.opensuse.org/tumbleweed/repo/oss}
 : ${arch:=$(uname -m)}
 : ${vncpassword:=supercomplexpassword}
 #: ${append:=vnc=1 vncpassword=$vncpassword}
 : ${append:=ssh=1 sshpassword=$vncpassword}
 #append+=" addon=https://download.opensuse.org/update/openSUSE-stable/"
 #append+=" autoyast=https://www.zq1.de/~bernhard/linux/opensuse/autoyast.leap152.xml"
 pkgs="wget kexec-tools"
 zypper -n install $pkgs ||
   DEBIAN_FRONTEND=noninteractive apt-get -y install $pkgs ||
   dnf install -y $pkgs ||
   pacman --noconfirm -S $pkgs ||
   emerge $pkgs ||
   true
 which wget
 which kexec
 mkdir -p /dev/shm/
 mount -t tmpfs tmpfs /dev/shm
 cd /dev/shm/
 wget $repo/boot/$arch/loader/{linux,initrd}
 kexec -l linux --initrd=initrd --reset-vga --append="install=$repo $append"
 sync ; echo u > /proc/sysrq-trigger ; sync
 kexec -e

Run the script, then CR (Enter key). You then can connect to the server IP with the super passwd, then launch "yast2.ssh" and follow the mostly usual yast2 install, including hard drive partitioning. Only very slow, I foubnd me in swedish and danish befire getting my french language interface.

It's probably special to kimsufi, to reboot in my new install I had to go again to netboot interface and choose "hard drive".

Freebox

Simple: There is an openSUSE template, installing openSUSE JeOS.

Network

I activated the network interface during install, so no work to be done here, it worked.

Of course, as soon as you reboot openSUSE it's the openSUSE passwd that counts, not the super one (you can forget this one).

Base

I choosed "server" in the software choice of install interface, of course. Most essential software is installed by default by this server implementation.

"ssh" in started and opened by default, thankfully :-).

I immediately did two things: upgrade 15.2 to 15.3

Upgrade system, official openSUSE doc

and add Packman repo with Yast, then change any application from system to Packman, but at this stage there are none. I need packman, because I have to use multimedia packages.

Connecting with rsa key

getting a ssh key

If not already done, generate a local (your workstation) ssh rsa key (here size 4096). Do *not* type any pass phrase:

 ssh-keygen -t rsa -b 4096

This gives you a private key, not to be disclosed to anyone, and a public key that can be copied to anybody, exactly bit for bit, mine looks like this:

cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB[long binary chain]pBLDylFAOZ jdd@linux-tivq

Copy all from "ssh" to "vq" - the readable part is probably not relevant.

From install interface

Many server interface allows inserting an ssh key directly from the install script, so the access is immediate after install.

However, having a remote running system without root access can make it very difficult to debug some boot problem, when the system asks for root password to go further... I advice to set a root password, as long and complex you think it possible (but then you have to write it down in some safe place).

After the install

Copy the key to the server, to any account to witch you want to connect easily:

 ssh-copy-id jdd@dodinXXX.nf

After that you shouldn't have to key in password anymore. Very handy for cron jobs.

It could be useful to copy the same key to the server using it's IP in place of the domain name, just in case the domain name -or the DBS - could be unavailable.

Automatic updates

You should have a YaST module to manage automatic security updates. If you don't have, you didn't install the relevant module. Do and configure the update. The module name (15.3) is "yast2-online-update-configuration".

I fully trust the openSUSE update system, so I also accept automatic update of recommended software. Nowadays, exploits are to fast to be used to miss an update.

Firewall

I was pretty used with SuseFirewall2, but not at all with the new firewalld, I trust Yast2 config. the defaults from server install seems ok, I don't change them (my machine is alone in it's network).

Services

AND OF OCT 7 UPDATE

Tested in 2014

Base

services

Tips

Tested earlier

Unusefull for my 2014 config

Old pages

May be of some use?

http://en.opensuse.org/Mail_server_HOWTO
http://www.3111skyline.com/linux/openSuSE-server.php#mail

Configuring a small home server in 2021 with openSUSE Leap 15.3 | MySQL - Mariadb 2021 >