Arch Linux on DreamCompute

I’ve long been a client and fan of Dreamhost. Recently they started a cloud computing platform ‘DreamCompute,’ based on OpenStack. I use one of their VPS servers for all my web hosting, but often want a virtual, cloud machine, with root access, to run odd jobs on. And I want it to run Arch Linux, because that is what I run in my laptop; I’m OK with a second linux environment (e.g., CentOS -- I used to run Fedora/Red Hat), but it’s easier to stay with one, for rapid, frequent hacking jobs. DreamCompute does not offer an Arch image, but I found one here for OpenStack. So I thought I’d try to get it running. And did, quite easily. For myself, and for anyone else who might be interested, here’s what I did:

1. Sign up for DreamCompute

The $5/month plan gives you: “2 Instance(s), 2 vCPU(s), 2 GB Memory, 25 GB Storage, 1 Floating IP(s).” I.e., enough to run one public machine and test/backup machine. A second IP is $5.95.

2. Get the image ready

(I actually did this on another DreamCompute (CentOS) instance, but it can be done anywhere)

  # yum install qemu-kvm  # if you need to
  # curl "http://linuximages.de/...4d8.qcow2 > arch.qcow2
  # qemu-img convert arch.qcow2 -O raw arch.img
  # mv arch.img /var/www/html/

Note that the linuximages.de images are not fully secure, as per the info on that page. But they should be OK for a hacker platform. Do not store sensitive data there.

In the DreamCompute Dashboard (Images) ‘Add’ an image, pointing to the online URL where you just placed arch.img. The format is RAW.

3. Make a security key for yourself

Import the file id_rsa.pub (from your local, laptop .ssh/ directory) into DreamCompute. Give it a name.

4. Make a Volume from the Image

I made it 5 GB.

5. Create the Instance

Start up an Instance, using the volume you just created. Settings: subsonic and no delete on terminate and ssh-http-ping (firewall). All else can be left as default. You should now be able to reach the instance directly from the console in the DreamCompute dashboard.

6. Give the instance an IP

This step was tricky to work out. First, ‘manually’ add a router link between the ‘public hub’ (e.g., public-110) and your private network, using the visual topology browser. This link was not there by default. Only then can you use the dropdown list on the instance to ‘Associate a floating IP.’

7. Log In!

(arch is the default user, with sudo privileges)

  $ ssh arch@67.205.60.X
  $ sudo su

The only vital steps seem to be: 1) Setting the nameserver in resolv.conf to be 10.10.10.1 (this took a while to discover; there was ping/curl access to an IP, but not using hostnames). 2) Setting up the firewall. I used the defaults on the Arch Wiki iptables page:

  *filter
  :INPUT DROP [0:0]
  :FORWARD DROP [0:0]
  :OUTPUT ACCEPT [0:0]
  :TCP - [0:0]
  :UDP - [0:0]
  -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  -A INPUT -i lo -j ACCEPT
  -A INPUT -m conntrack --ctstate INVALID -j DROP
  -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate \
           NEW -j ACCEPT
  -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
  -A INPUT -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack \
           --ctstate NEW -j TCP
  -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
  -A INPUT -p tcp -j REJECT --reject-with tcp-reset
  -A INPUT -j REJECT --reject-with icmp-proto-unreachable
  -A TCP -p tcp --dport 22 -j ACCEPT
  -A TCP -p tcp --dport 80 -j ACCEPT
  COMMIT

Put these in /etc/iptables/iptables.rules and systemctl start iptables and systemctl enable iptables. See here for basic iptables info.

8. Fiddle!

  # pacman -Syu
  # pacman -S apache
  # systemctl start httpd 
  # systemctl enable httpd
  # echo "Hello World" > /srv/http/index.html
  # curl http://127.0.0.1
  # curl http://67.205.60.X
  # pacman -S lynx

Yeah! I now have a virtual Arch Box to play with, and host trick RDFy things on too!

(This is of course a very cursory guide. See the DreamCompute Wiki, for more, and google away.)