sudo apt -y install cloud-guest-utils gdisk
df -h
growpart /dev/sda 3
lsblk
sudo resize2fs /dev/sda3
# or this for LVM
sudo lvextend -r -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
df -h
Network
Static IP
Set a static IP in the netplan.yaml if not configured during OS installation.
# Show listening sockets and running services
sudo ss -atpu
# List available network interfaces and use the interface ens32
ip -br -c a
# Disable cloud-init networking configuration - if necessary
sudo nano /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
# Make sure it is "disabled"
# network: {config: disabled}
# Open the netplan configuration file for editing
sudo nano /etc/netplan/00-installer-config.yaml
# or
sudo nano /etc/netplan/50-cloud-init.yaml
# This is the network config written by 'subiquity'
network:
version: 2
ethernets:
ens32:
addresses: [<IP>/24]
gateway4: <GATEWAY_IP>
nameservers:
addresses: [1.1.1.1, 9.9.9.9]
# Exit and save
# Apply the netplan configuration changes
sudo netplan apply
# Reboot the system
If necessary and the VM has 2 NICs, add the seccond one in the netplan.yaml
# List available network interfaces and check the second interface name
ip -br -c a
# Example of DHCP on both network interfaces
sudo nano /etc/netplan/50-cloud-init.yaml
network:
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: true
version: 2
sudo su
apt install curl
# Docker Engine - Convenience Script
sh <(curl -sSL https://get.docker.com)
# Docker Compose
LATEST=$(curl -sL https://api.github.com/repos/docker/compose/releases/latest | grep '"tag_name":' | cut -d'"' -f4)
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -sSL https://github.com/docker/compose/releases/download/$LATEST/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
docker compose version
# Add a user to the "docker" group to let it run Docker
sudo groupadd docker
sudo gpasswd -a "${USER}" docker
Alternative to install Docker Engine (via APT)
# Install Docker Engine via APT repository
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
sudo apt update -y && sudo apt install -y ca-certificates curl gnupg
sudo sh -c '
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg
sudo chmod a+r /usr/share/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
'
sudo systemctl enable docker --now
sudo gpasswd -a "${USER}" docker
# On Debian and Ubuntu, the Docker service starts on boot by default, if not run
sudo systemctl enable docker.service
sudo systemctl enable containerd.service
# Reboot and Test
reboot
docker run hello-world
Hardening
SSH-key-based authentication
Ubuntu Server with OpenSSH pre-installed comes with PasswordAuthentication yes parameter already set inside /etc/ssh/sshd_config.d/50-cloud-init.conf (or /etc/ssh/sshd_config). If the parameter is commented, the default is yes (password auth permitted) for the sshd_config.
Generate an SSH Key Pair on the local HOST from which the connection is established
# Local HOST
cd
mkdir -p ~/.ssh
cd ~/.ssh
ssh-keygen -t ed25519
# Type a secure passphrase when asked
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
# Add the SSH private key to the ssh-agent
eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519
Add the Public Key to a system/sudo user on the Ubuntu Server VM
If you want to use the same key saved on Github profile, having already the private key in the Ubuntu Local HOST (commands above), ssh into the Ubuntu Server VM and use the following curl command
# Ubuntu Server VM
curl -s https://github.com/<github-username>.keys >> $HOME/.ssh/authorized_keys
# e.g.
curl -s https://github.com/syselement.keys >> $HOME/.ssh/authorized_keys
# Automatic (if password SSH is allowed)
ssh-copy-id <sudo_user>@<remote_Server_IP>
# Manually
# Local HOST
cat ~/.ssh/id_ed25519.pub
# copy the string
# Should start with ssh-ed25519 AAAA... or ssh-rsa AAAA... (if rsa)
# Ubuntu Server VM
echo "pubkey_string" >> ~/.ssh/authorized_keys
# Set permissions
chmod -R go= ~/.ssh
Log out and log in using the Private Key
ssh <sudo_user>@<remote_Server_IP>
# ssh -i ~/.ssh/id_ed25519 <sudo_user>@<remote_host_IP>
# Enter the key Passphrase if necessary
Disable SSH password authentication
# Delete sshd_config.d/50-cloud-init.conf
sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf
# Inside /etc/ssh/sshd_config set PasswordAuthentication to "no"
sudo sed -i '/^[#]*[[:space:]]*PasswordAuthentication[[:space:]]*yes/c\PasswordAuthentication no' /etc/ssh/sshd_config
# Restart SSH service
sudo systemctl restart sshd
Try again to logout and login. Only SSH-key-base authentication is permitted.