The assumption here is that you're starting with a Ubuntu 20.04 LTS Server or newer, rather than Desktop, base (Ubuntu Desktop deploys NetworkManager rather than systemd-networkd by default). This box has an AMD Ryzen CPU.
The goal is networking configured for static addressing using using ifupdown, rather than the newer systemd-networkd and netplan, or (for Ubuntu Desktop) NetworkManager. It basically returns networking on Ubuntu to its Debian roots.
The physical network device name for the test machine was "ens3", it will be something else on different hardware.
NOTE: I am currently using netplan rather than ifupdown on my own Ubuntu servers. I'll keep these notes updated because the configuration is close enough to Debian that it may come in handy when I finally switch to Debian.
Please do not perform this procedure on a virtual machine hosted in the cloud. Your will probably annoy your vendor and almost certainly have to re-create the vm (or restore from a snapshot -- you do take snapshots, don't you?
Every Ubuntu Server and Desktop shares one glaring security flaw: user home directories (other than root) are permissioned with read and execute rights for "other". Before going any further (and from this point forward until Canonical fixes this), be sure to reset these permissions on all user home directories:
$ sudo chmod o-rx /home/*
- Make vi(m) the default editor because I don't like nano.
$ sudo apt install vim
$ sudo update-alternatives --config editor
Pick "vim.basic" from the list.
- Completely remove cloud-init:
$ sudo apt remove --purge cloud-init
$ sudo rm -rf /etc/cloud
Also mask the systemd-networkd-wait-online service, because it depends on cloud-init and will drag out system recovery after reboot:
$ sudo systemctl mask systemd-networkd-wait-online
- Install ifupdown and configure /etc/network/interfaces.
$ sudo apt install ifupdown
$ sudo vi /etc/network/interfaces
Add nomodeset and loglevel to /etc/default/grub so it looks something like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset loglevel=3"
NOTE: loglevel must be at the end to work.
Then run sudo update-grub
and reboot.
The following sets up a network bridge, which is useful for providing access to virtual machines running on the server. It also provides a bridge alias with a second IP for the system (the physical interface in this example is "ens3").
# /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
bridge_ports ens3
address 10.0.1.11
netmask 255.255.255.0
network 10.0.1.0
broadcast 10.0.1.255
gateway 10.0.1.1
dns-nameservers 10.0.1.1
dns-nameservers 8.8.8.8
dns-nameservers 8.8.4.4
dns-search example.com
up ip addr add 10.0.1.9/24 dev br0 label br0:1
down ip addr del 10.0.1.9/24 dev br0 label br0:1
iface br0 inet6 dhcp
OR, for a simpler config without a bridge:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 10.0.1.11
netmask 255.255.255.0
network 10.0.1.0
broadcast 10.0.1.255
gateway 10.0.1.1
dns-nameservers 10.0.1.1
dns-nameservers 8.8.8.8
dns-nameservers 8.8.4.4
dns-search example.com
iface ens3 inet6 dhcp
- Make sure networking.service is enabled, disable systemd-networkd.
$ sudo systemctl enable networking
$ sudo systemctl disable systemd-networkd
Reboot the system.
$ sudo reboot
- If you haven't done so already, edit /etc/hosts to map the host's static ip.
$ sudo vi /etc/hosts
# /etc/hosts
127.0.0.1 localhost
10.0.1.11 myhost.example.com myhost
- Disable systemd-resolved and recreate /etc/resolv.conf.
$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved
$ sudo rm /etc/resolv.conf
$ sudo vi /etc/resolv.conf
# /etc/resolv.conf
search example.com
nameserver 10.0.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4
- Enable serial console access (especially if this will be a virtual machine):
$ sudo systemctl enable [email protected]
$ sudo systemctl start [email protected]
- Install and configure chrony (which will disable systemd-timesyncd)
$ sudo apt install chrony
$ sudo vi /etc/chrony/chrony.conf
The defaults will work fine for a desktop that doesn't need a local time server.
For a server:
# pool ntp.ubuntu.com iburst maxsources 4
# pool 0.ubuntu.pool.ntp.org iburst maxsources 1
# pool 1.ubuntu.pool.ntp.org iburst maxsources 1
# pool 2.ubuntu.pool.ntp.org iburst maxsources 2
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst
allow 10.0.1.0/24
Where 10.0.1.0/24 is your local network.
-
Postfix is my go to when I need to send mail over the Internet or my local network, or receive mail from services like cron (in the last case the server would be configured as Local only). Hanif Jetha and Mark Drake, "How to Install and Configure Postfix on Ubuntu 20.04" is a good place to start, https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-20-04. I use the mutt e-mail client (https://www.mutt.org) with postfix.
-
Other helpful software and services. These are not essential, but make life a lot easier (package names are for Ubuntu):
- needrestart tool
- bind9utils
- nmap
- After a major version upgrade you may need to remove and reinstall
ubuntu-release-upgrader-core
.