I’ve long been a client and fan of Dreamhost. Recently they started a cloud computing platform ‘DreamCompute,’ based on OpenStack. I use one of their VPS servers for all my web hosting, but often want a virtual, cloud machine, with root access, to run odd jobs on. And I want it to run Arch Linux, because that is what I run in my laptop; I’m OK with a second linux environment (e.g., CentOS -- I used to run Fedora/Red Hat), but it’s easier to stay with one, for rapid, frequent hacking jobs. DreamCompute does not offer an Arch image, but I found one here for OpenStack. So I thought I’d try to get it running. And did, quite easily. For myself, and for anyone else who might be interested, here’s what I did:
1. Sign up for DreamCompute
The $5/month plan gives you: “2 Instance(s), 2 vCPU(s), 2 GB Memory, 25 GB Storage, 1 Floating IP(s).” I.e., enough to run one public machine and test/backup machine. A second IP is $5.95.
2. Get the image ready
(I actually did this on another DreamCompute (CentOS) instance, but it can be done anywhere)
# yum install qemu-kvm # if you need to # curl "http://linuximages.de/...4d8.qcow2 > arch.qcow2 # qemu-img convert arch.qcow2 -O raw arch.img # mv arch.img /var/www/html/
Note that the
linuximages.de images are not fully secure, as per the
info on that page. But they should be OK for a hacker platform. Do
not store sensitive data there.
In the DreamCompute Dashboard (Images) ‘Add’ an image, pointing to the
online URL where you just placed
arch.img. The format is RAW.
3. Make a security key for yourself
Import the file
id_rsa.pub (from your local, laptop
directory) into DreamCompute. Give it a name.
4. Make a Volume from the Image
I made it 5 GB.
5. Create the Instance
Start up an Instance, using the volume you just created. Settings:
no delete on terminate and
(firewall). All else can be left as default. You should now be able to
reach the instance directly from the console in the DreamCompute dashboard.
6. Give the instance an IP
This step was tricky to work out. First, ‘manually’ add a router
link between the ‘public hub’ (e.g.,
public-110) and your private
network, using the visual topology browser. This link was not there
by default. Only then can you use the dropdown list on the instance to
‘Associate a floating IP.’
7. Log In!
arch is the default user, with
$ ssh email@example.com.X $ sudo su
The only vital steps seem to be: 1) Setting the nameserver in
resolv.conf to be
10.10.10.1 (this took a while to discover; there
was ping/curl access to an IP, but not using hostnames). 2) Setting up
the firewall. I used the defaults on the Arch Wiki
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :TCP - [0:0] :UDP - [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate \ NEW -j ACCEPT -A INPUT -p udp -m conntrack --ctstate NEW -j UDP -A INPUT -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack \ --ctstate NEW -j TCP -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -j REJECT --reject-with tcp-reset -A INPUT -j REJECT --reject-with icmp-proto-unreachable -A TCP -p tcp --dport 22 -j ACCEPT -A TCP -p tcp --dport 80 -j ACCEPT COMMIT
Put these in
systemctl enable iptables. See
# pacman -Syu # pacman -S apache # systemctl start httpd # systemctl enable httpd # echo "Hello World" > /srv/http/index.html # curl http://127.0.0.1 # curl http://67.205.60.X # pacman -S lynx
Yeah! I now have a virtual Arch Box to play with, and host trick RDFy things on too!
(This is of course a very cursory guide. See the DreamCompute Wiki, for more, and google away.)