Skip to main content

BMX - Generic VM Template

Purpose

These instructions are for standing up a Debian 13.4 VM to be used as a template in the isolated manufacturing network.

It will be prepopulated with packages we anticipate needing:

  • NGINX
  • SubVersion
  • net-tools
  • Docker
  • nano
  • python
  • sqlite

Setup

Update Host

apt update

Install sudo:

apt install sudo

Add a user:

usermod -aG sudo yourusername

Add user to sudoers:

As root, open /etc/sudoers.

Add this entry to the bottom:

yourusername ALL=(ALL:ALL) ALL

Package Install

Update the base image:

sudo apt update
sudo apt upgrade -y

Install core admin and networking tools:

sudo apt install -y \
  openssh-server sudo ca-certificates curl wget gnupg lsb-release \
  nano vim less bash-completion locales tzdata \
  iproute2 net-tools dnsutils iputils-ping traceroute tcpdump nmap netcat-openbsd \
  htop iotop lsof psmisc strace procps sysstat \
  jq tree file unzip zip tar rsync dos2unix \
  apache2-utils openssl \
  chrony \
  git make build-essential python3 python3-pip python3-venv \
  nfs-common cifs-utils \
  parted gdisk smartmontools acl \
  tmux screen ncdu \
  sqlite3

Install network tools:

sudo apt install -y mtr-tiny socat

Install certificate debugging tools:

sudo apt install -y ssl-cert

Install http API debugging tools:

sudo apt install -y httpie

Install process debugging tools:

sudo apt install -y dstat

Install NGINX

sudo apt install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx

Install Docker

First remove conflicting packages:

sudo apt remove -y docker.io docker-doc docker-compose podman-docker containerd runc || true

Add Docker repo and key:

sudo install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/debian/gpg | \
  sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

sudo chmod a+r /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo $VERSION_CODENAME) stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker:

sudo apt update
sudo apt install -y \
  docker-ce docker-ce-cli containerd.io \
  docker-buildx-plugin docker-compose-plugin

Enable Docker:

sudo systemctl enable docker
sudo systemctl start docker

Allow user to run Docker without sudo:

sudo usermod -aG docker $USER

Add offline package management for Docker:

sudo apt install -y dpkg-dev

SubVersion Client

Installing the SVN client is straightforward.

NOTE: It was actually installed as offline packages, after the VM was moved to the target network.
The instructions, here, are to describe how it would have been installed, before the move.

See this page for details of how it was installed as an offline package: Debian: Offline Package Installation

 

.NET Runtime

This requires a couple steps.

Do this, first:

wget https://packages.microsoft.com/config/debian/13/packages-microsoft-prod.deb -O packages-microsoft-prod.deb

sudo dpkg -i packages-microsoft-prod.deb

rm packages-microsoft-prod.deb

sudo apt update

Install the runtime:

sudo apt install -y dotnet-runtime-8.0

Install the aspnet runtime:

sudo apt install -y aspnetcore-runtime-8.0

Install the .NET sdk:

sudo apt install -y dotnet-sdk-8.0

Verify the installed version:

dotnet --info

Have it list the runtimes, as well:

dotnet --list-runtimes

Do a quick hello world, to test the runtime.

mkdir ./dotnet-test && cd ./dotnet-test

dotnet new console
dotnet run

Validation Checks

systemctl status nginx
systemctl status docker
docker run hello-world

Cleanup

sudo apt autoremove --purge -y
sudo apt clean
sudo rm -rf /var/lib/apt/lists/*
sudo journalctl --vacuum-time=1d
sudo rm -rf /tmp/* /var/tmp/*

Template Reset Script

The template VM has a reset script installed at: /etc/template/reset.sh.

Run it each time you shutdown the template VM, to reset needed info, for cloning.

It can be executed with this:

sudo /etc/template/reset.sh

The script contents are here: Template VM Reset Script

Zero Out Free Space

To make the VM smaller, this needs to be done.

sudo dd if=/dev/zero of=/EMPTY bs=1M status=progress || true
sudo rm /EMPTY
sync

Power Off

Instead of a shutdown, you should execute a power off with this:

sudo poweroff

Further Packages

You will inevitably need to install packages, after the VM has been deployed inside the isolated network.

See this page for details of how we installed the SubVersion client as an offline package: Debian: Offline Package Installation

Back to top