Skip to Content

Minimal Ubuntu

Posted on

Ubuntu 17.10 “Artful Aardvark” is the latest release of the popular Linux operating system. I use Ubuntu’s minimal install image to create a console-only base configuration that can be customized for various tasks and alternate desktops.

Let’s go!

Below is a visual walk-through of a sample Ubuntu setup that makes use of an entire disk divided into 2 partitions: a boot partition, 1 and an encrypted partition used by the Logical Volume Manager (LVM) to create “virtual partitions” (Logical Volumes). Installing LVM on top of the encrypted partition allows:

  • creation of multiple LVs protected by a single passphrase entered at boot time
  • dynamic resizing of filesystems (set aside unallocated space and make use of it as needed)
  • snapshots of filesystems that can be used as backups or to restore a previous state 2

0. Prepare install media

Download the 64-bit artful minimal installer (32-bit for older machines) and burn to CD or flash the image to a USB stick. 3 Using the minimal console installer vs. the graphical installer provides more options during setup.

Minimal installer (requires network connection) downloads all the latest packages during setup.

1. Launch

Install

Select language

Selecl location

Configure keyboard

Keyboard

I use the Colemak keyboard layout …

Keyboard

A device with a single network interface is auto-detected and configured (otherwise the installer prompts to select an interface) …

Detecting network hardware

DHCP

Hostname

Mirror country

Mirror archive

Proxy

Contents of the installer are now loaded into memory and the USB stick can safely be removed. 4

Full name

Username

User password

Verify password

Encrypt home

Configure clock

2. Partitions

Sample layout:

  • sda1 is a 512MB boot partition
  • sda2 uses the remaining storage as a LUKS encrypted partition
  • LVM is installed on the encrypted partition, and contains a volume group with the 3 logical volumes: root + swap + home

Partitioning method

Partition disks

Partition table

Free space

New partition

Partition size

Primary partition

Beginning

Mount point

Mount boot

Boot flag

Done with partition

Free space

New partition

Partition size

Primary partition

Use as

Encrypt volume

If the hard disk has not been securely wiped prior to installing Ubuntu you may want to configure Erase data: yes. Note, however, that depending on the size of the disk this operation can last several hours …

Done with partition

Configure encrypt

Write changes

Create encrypt

Device to encrypt

Finish

Passphrase

Re-enter passphrase

Encrypt volume

Use as

LVM

Done setting up partition

Configure LVM

Write changes

Create volume group

Volume group name

Device for group

Create lv

Vg

Lv root

Lv size

Create lv

Vg

Lv swap

Lv size

Create lv

Vg

Lv home

Lv size

Finish

Partition

Use as

Ext4

Mount point

Home

Reserved blocks can be used by privileged system processes to write to disk - useful if a full filesystem blocks users from writing - and reduce disk fragmentation. On large, non-root partitions extra space can be gained by reducing the 5% default reserve set by Ubuntu to 1%

Reserved blocks

Percent reserved

Done with partition

Partition

Use as

Ext4

Mount point

Root

Done with partition

Partition

Use as

Swap

Done with partition

Finish

Write changes

3. Install packages and finish up

Install base

No automatic updates

Alternative: For a home server setup I like to select Install security updates automatically for a device often running unattended.

Un-select all tasks 5 for a minimal install …

Software selection

Core packages are downloaded and the installer makes its finishing touches …

GRUB

UTC

Finish install

4. First boot

User is prompted for the passphrase to unlock the encrypted partition …

Enter encrypt passphrase

Login

Login … then run timedatectl to confirm system time+date is properly set.

5. GRUB

After running a minimal install on my laptop with LUKS encryption I ran into this issue: “Black screen instead of password prompt for boot encryption”.

I had to enter my passphrase blind and ALT+F1 to console. When I tried removing the GRUB options splash and/or quiet I lost the ability to enter the passphrase at all and a hard reset was required.

[ Fix! ] Modify /etc/default/grub

# Force the kernel to boot in normal text mode with '=text'                     
GRUB_GFXPAYLOAD_LINUX=text

… and update …

sudo update-grub

Now it works!

Link: GNU gfxpayload

6. Network

Check which network interfaces are detected and settings …

ip a

Wired interfaces are usually auto-configured by default and assigned an IP address courtesy of DHCP.

To assign a static address, deactivate the wired interface and create a new entry in /etc/network/interfaces. Sample entry for enp3s0

# The primary network interface
auto enp3s0
#iface enp3s0 inet dhcp
iface enp3s0 inet static
address 192.168.1.88
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1

Bring up|down interface with sudo if{up,down} enp3s0.

Create a temporary wireless interface connection to WPA2 encrypted access points manually using wpa_supplicant + wpa_passphrase + dhclinet. Sample setup of wlp1s0

sudo ip link set wlp1s0 up            # bring up interface
iw dev wlp1s0 link                    # get link status
sudo iw dev wlp1s0 scan | grep SSID   # scan for access points
sudo -i                               # simulate a root login shell (for wpa_supplicant)
wpa_supplicant -B -i wlp1s0 -c<(wpa_passphrase "MY_SSID" "MY_PASSPHRASE")   # connect to WPA/WPA2 ... '-B' sends the process to the background
exit
sudo dhclient wlp1s0                  # obtain IP address

More permanent configurations may be set in /etc/default/interfaces. Sample setup 6 with a static IP address …

iface wlp1s0 inet static
address 192.168.1.77
netmask 255.255.255.0
gateway 192.168.1.1                                                              
wpa-ssid MY_SSID
wpa-psk MY_PASSPHRASE
dns-nameservers 8.8.8.8 8.8.4.4                                                  

Alternative setup using DHCP …

allow-hotplug wlp1s0
iface wlp1s0 inet dhcp
wpa-ssid MY_SSID
wpa-psk MY_PASSPHRASE                                       
dns-nameservers 8.8.8.8 8.8.4.4

Once a link is established install an (optional) network manager utility. Packages network-manager and network-manager-gnome provide the console nmcli and graphical nm-applet clients respectively. Comment out (deactivate) any entries in interfaces that will be managed by network-manager.

7. Secure access using SSH keys

Create cryptographic keys, install the OpenSSH server, and configure remote access.

8. Where to go next …

… is up to YOU. Yeehaw.

Happy hacking!

Notes


  1. Encrypted root requires an unencrypted boot. [return]
  2. Very helpful! LVM post on the Arch Wiki. [return]
  3. An alternative is adding the image to a USB stick with multiple Linux installers. [return]
  4. Recommended: Otherwise the partitioning tool may designate the USB device as primary (sda) storage and lead to broken partition layouts. [return]
  5. The task selection menu can be run post-install using sudo tasksel. [return]
  6. Multiple wireless static IP address setups can be created with iface wlp1s0_NAME inet static and [de]activated with sudo if{up.down} wlp1s0=wlp1s0_NAME. [return]