TurnKey Core Live CD

TurnKey Core Live CD is an open source operating system based on the well known Debian GNU/Linux distribution and designed to be used as a base for all the existing or upcoming software appliances developed by TurnKey.

Key features include automated backup and restore functionality, system migration support, automatic daily package updates, Dynamic DNS, Logical Volume Management (LVM), AJAX Web Shell, Webmin web management interface, simple configuration console, and powerful command-line utilities.

It's available for download as two Live CD ISO images, supporting both 32-bit and 64-bit hardware platforms, virtual machine images for Xen, OpenStack, OpenNode, OpenVZ and OVF virtualization technologies, and an Amazon Machine Image (AMI) for deploying it on the cloud.

The Live CDs are normally used to try the appliance without installing anything on your computer, as well as to install the appliance on any computer that supports the amd64 or i386 instruction set architectures.

The entire installation process runs in the Linux console (text-mode) and takes only five minutes, requiring users to choose a partitioning scheme and where to deploy the boot loader. After installation, the first boot initialization wizard will kick in, allowing you to set a new password for the root account.

Optionally, it is possible to initialize the TurnKey Backup and Migration or TurnKey Domain Management and Dynamic DNS services, which help you to securely store your files, databases and package management, as well as to associate your IP address with a custom domain or the *.tklapp.com free domain.

The TurnKey Linux Configuration Console will appear at the end of the first boot configuration process, enabling users to set up network interfaces, as well as to reboot or shutdown the server. You can also view the appliance's active services (SSH, Webmin, Web Shell and SFTP) and their IP addresses and ports.

What is new in this release:

• Adminer (replaces PHPMyAdmin & PHPPgAdmin):
• Troubles forcing the Debian Jessie version of PHPMyAdmin to stay bound to port 12322 (without hardcoding a full URL) lead me to consider Adminer (as suggested on the tracker). Following some testing we decided to go for it. No sooner had the decision been made; community superstar Ken Robinson (@DocCyblade | TKL) swung into action and took the project on!
• Hardened default SSL/TLS settings:
• After the SSL troubles of the last year or so, default webserver settings have been slowly getting better. However nowhere near good enough for community powerhouse John Carver (@Dude4Linux | TKL). John took it upon himself to drive the hardening of default TurnKey webserver SSL settings (technically TLS settings as all versions of SSL are now disabled).
• The result is that now TurnKey appliances have Webmin and Webshell hidden behind stunnel (TLS only) and the 3 webservers we use across appliances (Apache, LigHTTPd & Nginx) are all configured to use consistent hardened TLS cipher suite and settings. Tomcat too has hardened TLS settings for v14.0.
• Security & System Alerts:
• For a long time TurnKey appliances have been auto installing security updates. But have you ever wondered what has been updated and when? Well wonder no more! TurnKey appliances will now alert you via email when updates have been installed. This should make questions of "am I vulnerable to such-and-such?" much easier to answer.
• TurnKey v14.0 appliances also include a minimalist monitoring system (Monit) which also alerts via email when RAM, CPU and/or HDD limits are hit (75%, 90% & 90% respectively). The email address for all these features can be set at firstboot. As a bonus you will also be automatically subscribed to TurnKey's "Security and News Alerts" email list. This is a very low traffic e-newletter which will only email you with important security and/or news announcements. You can unsubscribe at any time if you'd rather not.

What is new in version :

• Adminer (replaces PHPMyAdmin & PHPPgAdmin):
• Troubles forcing the Debian Jessie version of PHPMyAdmin to stay bound to port 12322 (without hardcoding a full URL) lead me to consider Adminer (as suggested on the tracker). Following some testing we decided to go for it. No sooner had the decision been made; community superstar Ken Robinson (@DocCyblade | TKL) swung into action and took the project on!
• Hardened default SSL/TLS settings:
• After the SSL troubles of the last year or so, default webserver settings have been slowly getting better. However nowhere near good enough for community powerhouse John Carver (@Dude4Linux | TKL). John took it upon himself to drive the hardening of default TurnKey webserver SSL settings (technically TLS settings as all versions of SSL are now disabled).
• The result is that now TurnKey appliances have Webmin and Webshell hidden behind stunnel (TLS only) and the 3 webservers we use across appliances (Apache, LigHTTPd & Nginx) are all configured to use consistent hardened TLS cipher suite and settings. Tomcat too has hardened TLS settings for v14.0.
• Security & System Alerts:
• For a long time TurnKey appliances have been auto installing security updates. But have you ever wondered what has been updated and when? Well wonder no more! TurnKey appliances will now alert you via email when updates have been installed. This should make questions of "am I vulnerable to such-and-such?" much easier to answer.
• TurnKey v14.0 appliances also include a minimalist monitoring system (Monit) which also alerts via email when RAM, CPU and/or HDD limits are hit (75%, 90% & 90% respectively). The email address for all these features can be set at firstboot. As a bonus you will also be automatically subscribed to TurnKey's "Security and News Alerts" email list. This is a very low traffic e-newletter which will only email you with important security and/or news announcements. You can unsubscribe at any time if you'd rather not.

What is new in version 14.0:

• Adminer (replaces PHPMyAdmin & PHPPgAdmin):
• Troubles forcing the Debian Jessie version of PHPMyAdmin to stay bound to port 12322 (without hardcoding a full URL) lead me to consider Adminer (as suggested on the tracker). Following some testing we decided to go for it. No sooner had the decision been made; community superstar Ken Robinson (@DocCyblade | TKL) swung into action and took the project on!
• Hardened default SSL/TLS settings:
• After the SSL troubles of the last year or so, default webserver settings have been slowly getting better. However nowhere near good enough for community powerhouse John Carver (@Dude4Linux | TKL). John took it upon himself to drive the hardening of default TurnKey webserver SSL settings (technically TLS settings as all versions of SSL are now disabled).
• The result is that now TurnKey appliances have Webmin and Webshell hidden behind stunnel (TLS only) and the 3 webservers we use across appliances (Apache, LigHTTPd & Nginx) are all configured to use consistent hardened TLS cipher suite and settings. Tomcat too has hardened TLS settings for v14.0.
• Security & System Alerts:
• For a long time TurnKey appliances have been auto installing security updates. But have you ever wondered what has been updated and when? Well wonder no more! TurnKey appliances will now alert you via email when updates have been installed. This should make questions of "am I vulnerable to such-and-such?" much easier to answer.
• TurnKey v14.0 appliances also include a minimalist monitoring system (Monit) which also alerts via email when RAM, CPU and/or HDD limits are hit (75%, 90% & 90% respectively). The email address for all these features can be set at firstboot. As a bonus you will also be automatically subscribed to TurnKey's "Security and News Alerts" email list. This is a very low traffic e-newletter which will only email you with important security and/or news announcements. You can unsubscribe at any time if you'd rather not.

What is new in version 13.0 / 14.0 RC1:

• TurnKey Backup and Migration (tklbam):
• No longer requires TurnKey Hub or even a network connection.
• Ability to force a profile.
• Increased robustness of MySQL backup/restore.
• Improved logging (output in realtime, exceptions, rotation).
• Usability improvments (more verbose, self-documenting).
• Improved --debug behaviour.
• Multiple bugfixes and improvements
• Web management console (webmin):
• Upgraded webmin to 1.740.
• Configured SSL to resolve Poodle vulnerability.
• Web shell (shellinabox):
• Served behind stunnel4 to resolve Poodle vulnerability.
• Bugfix: only one line displayed on mobile device (ie. ipad).
• Initialization hooks (inithooks):
• Kernel upgrade on firstboot will trigger a reboot.
• TurnKey initialization fence HTTPS encryption warning explanation.
• Improved SSH key regeneration.
• New hooks added: hostname, autogrow-fs, ipconfig.
• Added autogrow filesystem hook.
• Added IP configuration hook.
• Added support for systemd.
• Configuration console (confconsole):
• Added support for systemd.
• Installer (di-live):
• Updated to support Debian 8.0, version bump to 0.9.5.
• Upgraded partitioner with latest d-i upstream code.
• Removed alignment tags which are not interpreted by debconf.
• Updated build-depends and recommends.
• Added support for systemd.
• Miscallaneous:
• systemd: set as default init system.
• ssl/ssh: lots of security improvements.
• openssh-server: configured to permit root login with password.
• vim-tiny: set as alternative for vim instead of symlink.
• sources.list: updated cdn.debian.net to http.debian.net.
• udhcpc: added support for /32 IPv4 subnets.
• bashrc: added missing aliases for color terms.
• iso-hybrid: ISO images are pre-processed for USB flash booting.
• gfxboot: updated to support newer syslinux version.
• busybox-initramfs: custom built enabling initramfs support.

What is new in version 13.0:

• Upgraded base distribution to Debian Squeeze 6.0.7.
• Available in both 32-bit (i386) and 64-bit (amd64) architectures.
• TurnKey Backup and Migration (tklbam):
• Fixed MySQL deserialization code (duplicated last element in row if > 1MB).
• Fixed keypacket AES cipher initialization required as of python-crypto 2.6.
• Added jitter to tklbam-backup cron job.
• Refactored to use pycurl-wrapper's new API class.
• TurnKey Configuration Console (confconsole):
• Fixed multiple network interface support (LP#1045320).
• Added support for --usage (no advanced menu options).
• Replaced kbd recommendation with console-tools | console-utilities.
• TurnKey Initialization Hooks (inithooks):
• Implemented turnkey-init-fence for headless deployments.
• Re-implemented turnkey-init in Python.
• Display confconsole usage as last screen of turnkey-init.
• Improved hooks sub-execution and handling of CTRL-C.
• Imported common hooks from overlay into package.
• Limit paragraph width for better UX.
• Replaced kbd dependency with console-tools | console-utilities.
• Web management console (webmin):
• Upgraded webmin to 1.620.
• New version includes new ISCSI modules and a gray theme.
• Web shell (shellinabox):
• Support new keycodes (dash, underscore) used by firefox 15+ (LP#1104164).
• Install available options as is without renaming or enabling.
• Enable default options (white-on-black, color) postinst.
• Fixed broken packaging of stray option styling files.
• Fixed colors to support dialog interfaces.
• TurnKey Python Library (turnkey-pylib):
• Multiple improvements to Parallelize and Command modules.
• Added 20 new modules.
• Bugfixes and tweaks:
• packages: added curl (generically useful).
• packages: acpi-support-base (handle acpi events - LP#101194).
• apt: replaced auto-apt-archive with Debian's CDN mirror network.
• apt: updated trusted.gpg.d/$release to $distro.
• apt: removed ubuntu trusted key.
• bash: improved bashrc whitespace support (LP#932388).
• bash: added useful git aliases (see ~/.bashrc.d/git).
• di-live: updated architecture config and bootloader depends.
• di-live: replaced kbd recommendation with console-tools | console-utilities.
• busybox-initramfs: custom built enabling initramfs support.
• casper: updated path_id execution per udev changes.
• sshd: disabled dns checks (if resolution fails will prevent logins).
• motd: tweaked configuration to support upcoming Wheezy release.
• pycurl-wrapper: added timeout support, created new API class.
• hubdns: increased jitter, refactored to use pycurl-wrapper's API class.

What is new in version 13.0 RC:

• This is a release candidate of TurnKey Core 13 based on Debian 7.0 ("Wheezy")- the upcoming version of Debian, which hasn't officially been released bu shouldn't be too far off.
• 64-bit support: TurnKey Core 13RC is available in both 32bit and 64bit versions. This means we can now guarantee that TurnKey 13 will come with 64-bit support. The wait for is nearly over. To be honest lack of 64-bit support been a nagging source of embarrassment for TurnKey for quite a while now. A significant 66% of users said this was "Very important" to them.

What is new in version 11.1-lucid-x86:

• Upgraded base distribution to Ubuntu 10.04.1 LTS.
• No more chimeras (mixing of packages from Debian/ubuntu).
• Installer (di-live):
• Added LVM support, with guided partitioning supported in di-live, and webmin module for convenience.
• Guided partitioning of root volume will default to 90% of volume group to support LVM snapshots out of the box.
• Moved appliance secret regeneration, configuration, setting of passwords to inithooks to run on firstboot.
• Installation media will be ejected and a message displayed to remove media after successful installation.
• Warning messages will be logged instead of inline (caused a bad user experience).
• Upgraded di-live to latest version compatible with Lucid.
• Initialization Hooks (inithooks):
• Setting of passwords and configuration is now done on firstboot.
• Application specific configuration (passwords, email, domain) is now supported putting an end to default settings.
• This supports all build targets such as VM builds, and most run in live-mode (convenience, consistent user-experience).
• Includes auto-apt-archive to configure the closest APT package archive, determined via the TurnKey Hub GeoIP service.
• All relevant inithooks can be preseeded, refer to: http://www.turnkeylinux.org/docs/inithooks
• Configuration Console (confconsole):
• /etc/confconsole/usage.txt has been replaced with services.txt
• The usage screen is now updated dynamically for simpler management and customization.
• Updated bootsplash menu:
• Install to hard disk - default, moved to first option.
• Live system -> Try without installing (Live CD demo mode).
• Removed Boot from first hard disk.
• Display system info in motd, as well non-persistent mode warning (motd).
• NTP configured with recommended pool servers and to cope with large time drifts.
• Setting of LANG in /etc/default/locale.
• Packages:
• Includes TKLBAM (TurnKey Backup and Migration) + new Webmin module.
• Includes etckeeper initialized on firstboot (using git-core).
• Includes logrotate for automatic log rotation.
• Configured APT to not install recommends by default.
• Upgraded webmin to 1.520 and default theme.
• Upgraded shellinabox to 2.10, set default theme to white-on-black.
• Customized bashrc and bashrc.d scripts.
• Includes bash-completion (very useful addition for cli).
• Includes iproute (ipv6 provisoning).
• Includes acpid (support hypervisor reboot/power down signals).
• Replaces host with bind9-host (deprecated).
• Replaces sysklogd and klogd with rsyslog (inline with Ubuntu).
• Grub2 (grub-pc) pre-configuration (verbose, timeout, console).

What is new in version 2009.10-hardy-x86:

• Upgraded base distribution to Ubuntu 8.04.3 LTS.
• Added shell-in-a-box to provide web shell access (listening on port 12320 - uses SSL).
• Added inithooks to execute firstboot/everyboot scripts, for example regenerating cryptographic keys on live boot:
• SSH keys.
• Default SSL certificate (used by Webmin, Apache, Lighttpd).
• Upgraded Webmin to 1.490 and default theme.
• Disabled Webmin scheduled updates (managed by APT)
• New versions of confconsole and di-live include many improvements and bugfixes (see their respective release notes for details).
• Implemented APT pinning downgrade workaround (LP#315175).
• Added a few generically useful packages (unzip: LP#356099, ethtool).
• Added IPv6 configuration to /etc/hosts.