目次
作業内容
QEMUによる仮想化環境で、Ubuntu Server 22.04 LTSの仮想サーバーを準備する
WEB制作のため、Apache2を準備する
WEBコンテンツはMac側で作成するため、共有フォルダをドキュメントルートにする
手順1:ゲストOS作成
1. 仮想イメージファイル準備
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini ~ % cd qemu-images
taiyo@Mac-mini qemu-images % mkdir 002
taiyo@Mac-mini qemu-images % cd 002
taiyo@Mac-mini 002 % qemu-img create qemu-002.img 20G
Formatting 'qemu-002.img', fmt=raw size=21474836480
2. UEFIファイル準備
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini 002 % cp -a /opt/homebrew/share/qemu/edk2-aarch64-code.fd .
taiyo@Mac-mini 002 % dd if=/dev/zero conv=sync bs=1m count=64 of=ovmf_vars.fd
64+0 records in
64+0 records out
67108864 bytes transferred in 0.028161 secs (2383042648 bytes/sec)
taiyo@Mac-mini 002 % ls -l
total 262176
-rw-r--r-- 1 taiyo admin 67108864 8 31 01:43 edk2-aarch64-code.fd
-rw-r--r-- 1 taiyo staff 67108864 10 11 10:13 ovmf_vars.fd
-rw-r--r-- 1 taiyo staff 21474836480 10 11 10:12 qemu-002.img
3. QEMU起動
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini 002 % /opt/homebrew/bin/qemu-system-aarch64 \
-name 002_u22-web-creation -display default,show-cursor=on \
-machine virt,highmem=off -accel hvf \
-cpu cortex-a76 -smp 2 -m 2G -k ja \
-device intel-hda -device hda-output \
-device virtio-gpu-pci \
-device qemu-xhci -device usb-tablet \
-device usb-kbd \
-monitor telnet::46002,server,nowait \
-net nic,model=virtio \
-net user,hostfwd=tcp:192.168.20.60:46102-:22 \
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/edk2-aarch64-code.fd,readonly=on \
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/ovmf_vars.fd \
-drive if=virtio,format=raw,file=/Users/taiyo/qemu-images/002/qemu-002.img \
-cdrom /Users/taiyo/Downloads/ISOs/ubuntu-22.04-live-server-arm64.iso \
-boot order=d &
4. Ubuntu Serverをインストール
QEMUデフォルト画面に表示されるブートメニューで『Try or Install Ubuntu Server』を選択する
インストーラーのメニューに従って、下記項目を選択する(他の項目はデフォルト)
・『言語選択』→ English ・『Installer update available』→ Continue without updating ・『Keyboard configuration:Layout』→ Japanese ・『Keyboard configuration:Variant』→ Japanese(Macintosh) ・『Choose type of install』→ Ubuntu Server (minimized) ・『SSH setup』→ [X] Install OpenSSH server ・『Install complete!』→ Reboot Now
5. QEMU停止
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini 002 % nc localhost 46002
????????QEMU 7.1.0 monitor - type 'help' for more information
(qemu) system_powerdown
system_powerdown
(qemu) %
taiyo@Mac-mini 002 %
[1] + done /opt/homebrew/bin/qemu-system-aarch64 -name 002_u22-web-creation -display
手順2:サーバー初期設定
1. 仮想サーバー起動
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini 002 % /opt/homebrew/bin/qemu-system-aarch64 \
-name 002_u22-web-creation -display default,show-cursor=on \
-machine virt,highmem=off -accel hvf \
-cpu cortex-a76 -smp 2 -m 2G -k ja \
-device intel-hda -device hda-output \
-device virtio-gpu-pci \
-device qemu-xhci -device usb-tablet \
-device usb-kbd \
-monitor telnet::46002,server,nowait \
-net nic,model=virtio \
-net user,hostfwd=tcp:192.168.20.60:46102-:22 \
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/edk2-aarch64-code.fd,readonly=on \
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/ovmf_vars.fd \
-drive if=virtio,format=raw,file=/Users/taiyo/qemu-images/002/qemu-002.img \
-boot order=c &
2. 仮想サーバーにログイン
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini 002 % ssh -p 46102 taiyo@mac-mini.local
The authenticity of host '[mac-mini.local]:46102 ([192.168.20.60]:46102)' can't be established.
ED25519 key fingerprint is SHA256:
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[mac-mini.local]:46102' (ED25519) to the list of known hosts.
taiyo@mac-mini.local's password:
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-50-generic aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
3. アップデート有無を確認
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt update && apt list --upgradable
Hit:1 http://ports.ubuntu.com/ubuntu-ports jammy InRelease
Hit:2 http://ports.ubuntu.com/ubuntu-ports jammy-updates InRelease
Hit:3 http://ports.ubuntu.com/ubuntu-ports jammy-backports InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports jammy-security InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
[以下略]
4. アップデート後のneedrestart確認を抑止
アップデート後、該当サービスを自動的に再起動するように変更する
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ echo "\$nrconf{restart} = 'a';" | sudo tee /etc/needrestart/conf.d/50-autorestart.conf $nrconf{restart} = 'a'; taiyo@virt002:~$ ls -l /etc/needrestart/conf.d total 8 -rw-r--r-- 1 root root 24 Oct 11 09:43 50-autorestart.conf -rw-r--r-- 1 root root 241 Mar 16 2022 README.needrestart
5. アップデート実施
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt dist-upgrade -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
[以下略]
6. net-toolsをインストール
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt install net-tools -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 207 kB of archives.
After this operation, 774 kB of additional disk space will be used.
[以下略]
7. pingをインストール
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt install iputils-ping -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
iputils-ping
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 43.3 kB of archives.
After this operation, 112 kB of additional disk space will be used.
[以下略]
8. ファイアウォール関連パッケージをインストール
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt install ufw -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
iptables libip6tc2 libnetfilter-conntrack3 libnfnetlink0 libnftnl11
Suggested packages:
firewalld nftables rsyslog
The following NEW packages will be installed:
iptables libip6tc2 libnetfilter-conntrack3 libnfnetlink0 libnftnl11 ufw
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 756 kB of archives.
[以下略]
9. ファイアウォールを変更
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo ufw allow proto tcp to 192.168.20.0/24 port 22
Rules updated
taiyo@virt002:~$ sudo ufw allow proto tcp to 192.168.20.0/24 port 80
Rules updated
taiyo@virt002:~$ sudo ufw allow proto tcp to 192.168.20.0/24 port 443
Rules updated
taiyo@virt002:~$ sudo ufw allow proto tcp to 10.0.2.0/24 port 22
Rules updated
taiyo@virt002:~$ sudo ufw allow proto tcp to 10.0.2.0/24 port 80
Rules updated
taiyo@virt002:~$ sudo ufw allow proto tcp to 10.0.2.0/24 port 443
Rules updated
taiyo@virt002:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
taiyo@virt002:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
192.168.20.0/24 22/tcp ALLOW Anywhere
192.168.20.0/24 80/tcp ALLOW Anywhere
192.168.20.0/24 443/tcp ALLOW Anywhere
10.0.2.0/24 22/tcp ALLOW Anywhere
10.0.2.0/24 80/tcp ALLOW Anywhere
10.0.2.0/24 443/tcp ALLOW Anywhere
10. vimをインストール
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt install vim -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
libgpm2 libpython3.10 libsodium23 vim-common vim-runtime
Suggested packages:
gpm ctags vim-doc vim-scripts
The following NEW packages will be installed:
libgpm2 libpython3.10 libsodium23 vim vim-common vim-runtime
0 upgraded, 6 newly installed, 0 to remove and 1 not upgraded.
Need to get 10.6 MB of archives.
[以下略]
11. タイムゾーン設定
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ timedatectl status
Local time: Fri 2022-10-14 08:07:22 UTC
Universal time: Fri 2022-10-14 08:07:22 UTC
RTC time: Fri 2022-10-14 08:07:23
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
taiyo@virt002:~$ timedatectl list-timezones | grep Tokyo
Asia/Tokyo
taiyo@virt002:~$ sudo timedatectl set-timezone Asia/Tokyo
taiyo@virt002:~$ timedatectl status
Local time: Fri 2022-10-14 17:10:04 JST
Universal time: Fri 2022-10-14 08:10:04 UTC
RTC time: Fri 2022-10-14 08:10:05
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
12. 共有フォルダ関連のカーネルモジュールを有効化
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ echo "9pnet_virtio" | sudo tee /etc/modules-load.d/9pnet_virtio.conf
9pnet_virtio
taiyo@virt002:~$ echo "9p" | sudo tee /etc/modules-load.d/9p.conf
9p
13. 仮想サーバー停止
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo poweroff
Connection to mac-mini.local closed by remote host.
Connection to mac-mini.local closed.
taiyo@Mac-mini 002 %
[1] + done /opt/homebrew/bin/qemu-system-aarch64 -name 002_u22-web-creation -display
taiyo@Mac-mini 002 %
手順3:共有フォルダ設定
1. 共有フォルダ作成
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini 002 % mkdir -p /Users/taiyo/Share/qemu/virt002
taiyo@Mac-mini 002 % chown taiyo:33 /Users/taiyo/Share/qemu/virt002
2. WEB確認のファイル作成
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini qemu-images % vim /Users/taiyo/Share/qemu/virt002/index.html
taiyo@Mac-mini qemu-images % cat /Users/taiyo/Share/qemu/virt002/index.html
<html><body><h1>It works.</h1></body></html>
3. 手動起動スクリプトを作成(共有フォルダ設定を含む)
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini qemu-images % vim qemu-002-start.sh
taiyo@Mac-mini qemu-images % cat qemu-002-start.sh
#!/bin/bash
GUEST_NAME="002_u22-web-creation"
MONITOR_PORT=46002
SSH_PORT=46102
HTTP_PORT=46202
num=$(ps -A | grep -e ${GUEST_NAME} | grep -v "grep" | wc -c)
if [ $num -gt 0 ]; then
echo "Skip: ${GUEST_NAME} process is alrady exist."
else
nohup /opt/homebrew/bin/qemu-system-aarch64 -name ${GUEST_NAME} -display none \
-machine virt,highmem=off -accel hvf \
-cpu cortex-a76 -smp 2 -m 1G -k ja \
-fsdev local,id=share_dev,path=/Users/taiyo/Share/qemu/virt002,security_model=none \
-device virtio-9p-pci,fsdev=share_dev,mount_tag=share_mount \
-device intel-hda -device hda-output \
-device virtio-gpu-pci \
-device qemu-xhci -device usb-tablet \
-device usb-kbd \
-monitor telnet::${MONITOR_PORT},server,nowait \
-net nic,model=virtio \
-net user,hostfwd=tcp:192.168.20.60:${SSH_PORT}-:22,hostfwd=tcp:192.168.20.60:${HTTP_PORT}-:80,'guestfwd=tcp:10.0.2.15:80-cmd:/usr/bin/nc 192.168.20.60 '${HTTP_PORT} \
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/edk2-aarch64-code.fd,readonly=on \
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/ovmf_vars.fd \
-drive if=virtio,format=raw,file=/Users/taiyo/qemu-images/002/qemu-002.img \
-boot order=c > /tmp/${GUEST_NAME}.log &
fi
4. 手動起動スクリプトの確認
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini qemu-images % sh qemu-002-start.sh
taiyo@Mac-mini qemu-images % ps -A | grep 002_u22-web-creation
13882 ttys000 0:08.53 /opt/homebrew/bin/qemu-system-aarch64 -name 002_u22-web-creation
-display none -machine virt,highmem=off -accel hvf -cpu cortex-a76 -smp 2 -m 1G -k ja
-fsdev local,id=share_dev,path=/Users/taiyo/Share/qemu/virt002,security_model=none
-device virtio-9p-pci,fsdev=share_dev,mount_tag=share_mount -device intel-hda -device hda-output
-device virtio-gpu-pci -device qemu-xhci -device usb-tablet -device usb-kbd -monitor telnet::46002,server,nowait
-net nic,model=virtio -net user,hostfwd=tcp:192.168.20.60:46102-:22,hostfwd=tcp:192.168.20.60:46202-:80,
guestfwd=tcp:10.0.2.15:80-cmd:/usr/bin/nc 192.168.20.60 46202
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/edk2-aarch64-code.fd,readonly=on
-drive if=pflash,format=raw,file=/Users/taiyo/qemu-images/002/ovmf_vars.fd
-drive if=virtio,format=raw,file=/Users/taiyo/qemu-images/002/qemu-002.img -boot order=c
13910 ttys000 0:00.00 grep 002_u22-web-creation
taiyo@Mac-mini qemu-images % sh qemu-002-start.sh
Skip: 002_u22-web-creation process is alrady exist.
5. 仮想サーバーにログイン
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini qemu-images % ssh -p 46102 taiyo@mac-mini.local
taiyo@mac-mini.local's password:
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-50-generic aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
Last login: Fri Oct 14 15:36:25 2022 from 192.168.20.60
6. 共有フォルダのマウント確認
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo mount -t 9p -o trans=virtio share_mount /mnt
taiyo@virt002:~$ mount | grep share_mount
share_mount on /mnt type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio)
taiyo@virt002:~$ ls -l /mnt
total 4
-rw-r--r-- 1 501 www-data 45 Oct 14 18:12 index.html
7. uid追加
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo useradd -M -N -u 501 -g www-data -s /usr/sbin/nologin www-taiyo
[sudo] password for taiyo:
taiyo@virt002:~$ cat /etc/passwd|grep www-taiyo
www-taiyo:x:501:33::/home/www-taiyo:/usr/sbin/nologin
taiyo@virt002:~$ ls -l /mnt
total 4
-rw-r--r-- 1 www-taiyo www-data 45 Oct 14 18:12 index.html
8. 仮想サーバーからログアウト
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ logout
Connection to mac-mini.local closed.
taiyo@Mac-mini qemu-images %
9. 手動停止スクリプトを作成
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini qemu-images % vim qemu-002-stop.sh
taiyo@Mac-mini qemu-images % cat qemu-002-stop.sh
#!/bin/bash
GUEST_NAME="002_u22-web-creation"
MONITOR_PORT=46002
num=$(ps -A | grep -e ${GUEST_NAME} | grep -v "grep" | wc -c)
if [ $num -gt 0 ]; then
(echo 'system_powerdown'; sleep 1) | nc localhost ${MONITOR_PORT}
else
echo "Skip: ${GUEST_NAME} process is none."
fi
taiyo@Mac-mini qemu-images %
10. 手動停止スクリプトの確認
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini qemu-images % sh qemu-002-stop.sh
????????QEMU 7.1.0 monitor - type 'help' for more information
(qemu) system_powerdown
(qemu) %
taiyo@Mac-mini qemu-images % ps -A | grep 002_u22-web-creation
20795 ttys000 0:00.00 grep 002_u22-web-creation
taiyo@Mac-mini qemu-images % sh qemu-002-stop.sh
Skip: 002_u22-web-creation process is none.
手順4:Apache2設定
1. 仮想サーバーを起動した後、ログインする
ターミナルから下記のコマンド操作を行う
taiyo@Mac-mini ~ % sh qemu-images/qemu-002-start.sh
taiyo@Mac-mini ~ % ssh -p 46102 taiyo@mac-mini.local
taiyo@mac-mini.local's password:
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-50-generic aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
Last login: Sat Oct 15 10:11:56 2022 from 192.168.20.60
taiyo@virt002:~$
2. Apache2をインストール
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo apt install apache2 -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
apache2-bin apache2-data apache2-utils bzip2 file libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4
liblua5.3-0 libmagic-mgc libmagic1 mailcap mime-support ssl-cert
Suggested packages:
apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser bzip2-doc
The following NEW packages will be installed:
apache2 apache2-bin apache2-data apache2-utils bzip2 file libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4
liblua5.3-0 libmagic-mgc libmagic1 mailcap mime-support ssl-cert
0 upgraded, 17 newly installed, 0 to remove and 1 not upgraded.
Need to get 2481 kB of archives.
[以下略]
3. 共有フォルダを/var/www/htmlにマウントする
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo mv /var/www/html /var/www/html.`date +%Y%m%d-%H%M%S`
taiyo@virt002:~$ sudo mkdir /var/www/html
taiyo@virt002:~$ sudo cp -a /etc/fstab /etc/fstab.`date +%Y%m%d-%H%M%S`
taiyo@virt002:~$ sudo vim /etc/fstab
taiyo@virt002:~$ diff -U 0 /etc/fstab.20221014-171011 /etc/fstab
--- /etc/fstab.20221014-171011 2022-10-11 16:39:22.126373181 +0900
+++ /etc/fstab 2022-10-15 17:31:00.701413863 +0900
@@ -14,0 +15 @@
+share_mount /var/www/html 9p trans=virtio,version=9p2000.L,nobootwait,rw,_netdev 0 0
taiyo@virt002:~$ sudo mount -a
taiyo@virt002:~$ mount | grep share_mount
share_mount on /var/www/html type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio,_netdev)
taiyo@virt002:~$ ls -l /var/www/html
total 4
-rw-r--r-- 1 www-taiyo www-data 45 Oct 14 18:12 index.html
4. Apache2サービスを開始した後、ログアウトする
ターミナルから下記のコマンド操作を行う
taiyo@virt002:~$ sudo systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
taiyo@virt002:~$ sudo systemctl restart apache2
taiyo@virt002:~$
logout
Connection to mac-mini.local closed.
taiyo@Mac-mini ~ %
手順5:動作確認
1. WEBアクセス確認
WEBブラウザから下記URLを開いて、/var/www/html/index.htmlの内容が表示されることを確認する