threefoldtech · Mik-TF · Nov 13, 2024 · Oct 23, 2024 · Oct 23, 2024 · Oct 23, 2024
@@ -0,0 +1,5 @@
+/ubuntu-noble
+/logs
+wget-log
+*.tar.gz
+ubuntu-24.04_vm_xrdp.tar.gz
@@ -0,0 +1,11 @@
+build:
+	@echo "Please enter your API key:"
+	@read -p "API Key: " api_key; \
+	chmod +x create_vm_ubuntu_xrdp_flist.sh; \
+	sudo ./create_vm_ubuntu_xrdp_flist.sh "$$api_key"
+
+delete:
+	sudo rm -rf ubuntu-noble
+	sudo rm -rf logs
+	sudo rm -rf wget-log
+	sudo rm ubuntu-24.04_vm_xrdp.tar.gz
@@ -0,0 +1,163 @@
+<h1> Ubuntu XRDP VM Flist Creator </h1>
+
+<h2>Table of Contents</h2>
+
+- [Introduction](#introduction)
+- [Prerequisites](#prerequisites)
+- [Usage](#usage)
+  - [Manual Method](#manual-method)
+  - [Using Makefile](#using-makefile)
+- [What the Script Does](#what-the-script-does)
+- [Notes](#notes)
+- [Troubleshooting](#troubleshooting)
+- [Clean Up](#clean-up)
+- [Server Side: Dashboard Deployment](#server-side-dashboard-deployment)
+- [Client Side: Install Remote Desktop Connection for Windows, MAC or Linux](#client-side-install-remote-desktop-connection-for-windows-mac-or-linux)
+  - [Download the App](#download-the-app)
+  - [Connect Remotely](#connect-remotely)
+- [License](#license)
+
+---
+
+## Introduction
+
+This directory contains a script to create a VM flist with Ubuntu and XRDP for the ThreeFold Grid. The flist includes a desktop environment (XFCE) and XRDP, allowing for remote desktop access to your deployed VM.
+
+> Note: This is not an officially supported flist. You can use it as a guide to build your own.
+
+## Prerequisites
+
+- A Linux system with root access
+- Sufficient disk space (at least 10GB free)
+- A [ThreeFold ZOS Hub](https://manual.grid.tf/documentation/developers/flist/flist_hub/zos_hub.html) account with an API key
+- `make` utility installed on your system (optional, for Makefile method)
+
+## Usage
+
+### Manual Method
+
+1. Clone this repository:
+   ```
+   git clone https://github.com/threefoldtech/tf-images
+   cd ./tf-images/tfgrid3/ubuntu_24_xrdp
+   ```
+
+2. Make the script executable:
+   ```
+   chmod +x create_vm_ubuntu_xrdp_flist.sh
+   ```
+
+3. Run the script with sudo privileges, providing your [ThreeFold ZOS Hub API key](https://manual.grid.tf/documentation/developers/flist/flist_hub/api_token.html) as an argument:
+   ```
+   sudo ./create_vm_ubuntu_xrdp_flist.sh YOUR_API_KEY_HERE
+   ```
+   Replace `YOUR_API_KEY_HERE` with your actual ThreeFold Hub API key.
+
+### Using Makefile
+
+1. Clone this repository:
+   ```
+   git clone https://github.com/threefoldtech/tf-images
+   cd ./tf-images/tfgrid3/ubuntu_24_xrdp
+   ```
+
+2. Run the build command using make:
+   ```
+   make build
+   ```
+
+3. When prompted, enter your ThreeFold ZOS Hub API key.
+
+4. Wait for the script to complete. This may take some time depending on your internet connection and system performance.
+
+5. Once completed, the script will have created and uploaded an flist named `ubuntu-24.04_vm_xrdp.tar.gz` to your ThreeFold Hub account.
+
+## What the Script Does
+
+1. Installs necessary packages
+2. Creates a base Ubuntu system using debootstrap
+3. Installs XFCE desktop environment and XRDP
+4. Configures a non-root user for XRDP access
+5. Sets up firewall rules
+6. Creates and uploads the flist to the ThreeFold Hub
+
+## Notes
+
+- The default non-root user created is `xrdpuser` with password `xrdppassword`. It's recommended to change this password after first login.
+  - Simply set the variable PASSWORD="your password here" when deploying the VM on the Dashboard
+  - You can also update your password with the command `sudo passwd` on the VM
+- The script requires an active internet connection throughout its execution.
+- Ensure you have the latest version of the script by pulling from this repository before each use.
+
+## Troubleshooting
+
+If you encounter any issues:
+1. Check your internet connection
+2. Ensure you have sufficient disk space
+3. Verify that you're using a valid ThreeFold API key
+4. Review the script output for any error messages
+
+For persistent issues, please open an issue in this GitHub repository.
+
+## Clean Up
+
+To remove the created files after running the script, you can use either of the following methods:
+
+- Manual method:
+```
+sudo rm -rf ubuntu-noble
+sudo rm -rf logs
+sudo rm -rf wget-log
+sudo rm ubuntu-24.04_vm_xrdp.tar.gz
+```
+
+- Using Makefile:
+```
+make delete
+```
+
+Both methods will remove the `ubuntu-noble` directory, the `ubuntu-24.04_vm_xrdp.tar.gz` file, and the `logs`.
+
+## Server Side: Dashboard Deployment
+
+Once the Flist is set, deploy it on the Dashboard via the Micro VM page.
+
+- Go to the Micro VM page
+- Under `VM Image`, select ̀`Other` and insert the Flist URL
+- Under `Entry Point`, make sure that nothing is written
+- Open the `Environment Variables` windows and set the environment variables:
+  - Name: LOCALIP
+  - Value: The local PC IP you're using
+    - You can use `curl ifconfig.me` to see your public IP address
+  - Name: PASSWORD
+  - Value: The password you want for your xrdp user
+- Choose a node with IPv4 network and click `Deploy`
+
+## Client Side: Install Remote Desktop Connection for Windows, MAC or Linux
+
+For the client side (the local computer accessing the VM remotely), you can use remote desktop connection for Windows, MAC and Linux. The process is very similar in all three cases.
+
+Simply download the app, open it and write the IPv4 address of the VM. You then will need to write the username and password to enter into your VM.
+
+### Download the App
+
+* Client side Remote app
+  * Windows
+    * [Remote Desktop Connection app](https://apps.microsoft.com/store/detail/microsoft-remote-desktop/9WZDNCRFJ3PS?hl=en-ca&gl=ca&rtc=1)
+  * MAC
+    * Download in app store
+      *  [Microsoft Remote Desktop Connection app](https://apps.apple.com/ca/app/microsoft-remote-desktop/id1295203466?mt=12)
+  * Linux
+    * [Remmina RDP Client](https://remmina.org/)
+
+### Connect Remotely
+
+* General process
+  * In the Remote app, enter the following:
+    * the IPv4 Address of the VM
+    * the VM root-access username and password
+  * You now have remote desktop connection to your VM
+
+## License
+
+This work is under the Apache 2.0 license.
@@ -0,0 +1,136 @@
+#!/bin/bash
+
+# Ensure the script is run as root
+if [ "$(id -u)" -ne 0 ]; then
+    echo "This script must be run as root" >&2
+    exit 1
+fi
+
+# Check if API_KEY provided or not
+if [ -z "$1" ]; then
+    echo "Usage: $0 <API_KEY>"
+    exit 2
+fi
+
+API_KEY=$1
+
+mkdir -p ./logs
+
+# Function to log messages with timestamps
+log_message() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a ./logs/setup.log
+}
+
+log_message "Starting script execution"
+log_message "Installing arch-install-scripts package..."
+apt-get update
+apt-get install arch-install-scripts debootstrap -y
+
+log_message "Starting debootstrap..."
+mkdir -p ubuntu-noble
+
+debootstrap noble ubuntu-noble http://archive.ubuntu.com/ubuntu
+log_message "Debootstrap completed."
+
+log_message "Preparing chroot environment script..."
+cat <<'EOF' > ubuntu-noble/root/setup_inside_chroot.sh
+#!/bin/bash
+set -x  # This will print each command before it's executed
+export PATH=/usr/local/sbin/:/usr/local/bin/:/usr/sbin/:/usr/bin/:/sbin:/bin
+
+echo "Starting setup inside chroot"
+
+# Pre-configure tzdata
+echo "tzdata tzdata/Areas select Etc" | debconf-set-selections
+echo "tzdata tzdata/Zones/Etc select UTC" | debconf-set-selections
+
+# Set timezone to UTC
+ln -fs /usr/share/zoneinfo/UTC /etc/localtime
+dpkg-reconfigure -f noninteractive tzdata
+
+echo "Configuring DNS..."
+rm /etc/resolv.conf
+echo 'nameserver 1.1.1.1' > /etc/resolv.conf
+
+echo "Updating package lists..."
+apt-get update -y || echo "ERROR: Failed to update package lists"
+
+echo "Installing initial packages..."
+apt-get install -y cloud-init openssh-server curl initramfs-tools ufw || echo "ERROR: Failed to install initial packages"
+
+echo "Cleaning cloud-init..."
+cloud-init clean
+
+echo "Installing extra kernel modules..."
+apt-get install linux-virtual -y || echo "ERROR: Failed to install extra kernel modules"
+
+echo "Configuring initramfs..."
+echo 'fs-virtiofs' >> /etc/initramfs-tools/modules
+update-initramfs -c -k all
+
+# Install XFCE and XRDP
+echo "Installing XFCE and XRDP..."
+DEBIAN_FRONTEND=noninteractive add-apt-repository -y universe
+apt-get update
+DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 xfce4-goodies xrdp sudo || echo "ERROR: Failed to install xrdp"
+
+# Create a non-root user for XRDP
+echo "Creating non-root user for XRDP..."
+useradd -m -s /bin/bash xrdpuser
+echo "xrdpuser:xrdppassword" | chpasswd
+usermod -aG sudo xrdpuser
+
+# Configure XRDP for the new user
+echo "Configuring XRDP for the new user..."
+echo "xfce4-session" > /home/xrdpuser/.xsession
+chown xrdpuser:xrdpuser /home/xrdpuser/.xsession
+
+# Configure XRDP
+echo "Configuring XRDP..."
+sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config
+systemctl enable xrdp || echo "WARNING: Failed to enable XRDP service"
+
+echo "Cleaning up packages..."
+apt-get clean
+
+# Set correct ownership and permissions for sudo
+echo "Setting sudo permissions..."
+chown root:root /usr/bin/sudo
+chmod 4755 /usr/bin/sudo
+
+echo "Setting execute permissions for custom scripts..."
+chmod +x /usr/local/bin/*
+
+# Enable the services
+echo "Enabling custom services..."
+systemctl enable set_sudo_permissions.service || echo "WARNING: Failed to enable set_sudo_permissions service"
+systemctl enable user_password.service || echo "WARNING: Failed to enable user_password service"
+systemctl enable ufw_setup.service || echo "WARNING: Failed to enable ufw_setup service"
+systemctl enable xrdp_setup.service || echo "WARNING: Failed to enable xrdp_setup service"
+
+echo "Chroot setup completed"
+EOF
+
+chmod +x ubuntu-noble/root/setup_inside_chroot.sh
+
+log_message "Copying services and scripts into the VM..."
+cp ./services/* ubuntu-noble/etc/systemd/system/ 2>/dev/null || log_message "WARNING: Could not copy service files"
+cp ./scripts/* ubuntu-noble/usr/local/bin/ 2>/dev/null || log_message "WARNING: Could not copy script files"
+
+log_message "Entering chroot environment..."
+arch-chroot ubuntu-noble /root/setup_inside_chroot.sh 2>&1 | tee -a ./logs/chroot_setup.log
+log_message "Chroot setup completed."
+
+log_message "Cleaning up..."
+rm ubuntu-noble/root/setup_inside_chroot.sh
+rm -rf ubuntu-noble/dev/*
+
+log_message "Creating tar archive..."
+tar -czf ubuntu-24.04_vm_xrdp.tar.gz -C ubuntu-noble .
+log_message "Tar archive created."
+
+log_message "Uploading to Threefold Hub..."
+curl -v -X POST -H "Authorization: Bearer $API_KEY" -F "file=@ubuntu-24.04_vm_xrdp.tar.gz" https://hub.grid.tf/api/flist/me/upload
+log_message "Upload completed."
+
+log_message "Script execution completed"
@@ -0,0 +1,2 @@
+#!/bin/bash
+/bin/chown root:root /usr/bin/sudo && /bin/chmod 4755 /usr/bin/sudo
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+mount /dev/vda /mnt
+source /mnt/zosrc
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow ssh
+ufw allow from ${LOCALIP}/32 to any port 3389
+ufw limit ssh
+ufw --force enable
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Mount the device (requires root privileges)
+mount /dev/vda /mnt
+
+# Source the file (make sure it exists)
+source /mnt/zosrc
+
+# Only change password if PASSWORD is set
+if [ -n "${PASSWORD}" ]; then
+    echo "Changing the password..."
+    echo "xrdpuser:${PASSWORD}" | chpasswd
+else
+    echo "PASSWORD not set. Skipping password change."
+fi
@@ -0,0 +1,5 @@
+#!/bin/bash
+systemctl start xrdp
+cd ~
+echo "xfce4-session" | tee .xsession
+systemctl restart xrdp
@@ -0,0 +1,10 @@
+[Unit]
+Description=Set correct ownership and permissions for sudo
+Before=ssh.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/set_sudo_permissions.sh
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,10 @@
+[Unit]
+Description=Set firewall
+Before=ssh.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/ufw_setup.sh
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,10 @@
+[Unit]
+Description=Set new password
+Before=ssh.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/user_password.sh
+
+[Install]
+WantedBy=multi-user.target