xen notes (not a complete checklist!) for creating a new paravirtualized VM on the dom0 hypervisor. Domain name and hostnames have been changed.
Example on dom0.domainname.ca dom0: create the partitions manually We're using /dev/vg0 for the volume group, which is the only volume group on this system. sudo lvcreate -nnewhostname-disk -L6G vg0 sudo lvcreate -nnewohstname-swap -L1G vg0 so we get a 6GB disk and 1GB swap , this is for a tiny testing VM Create the domU VM sudo xen-create-image \ --hostname=newhostname \ --memory=512MB \ --vcpus=2 \ --lvm=vg0 \ --image-dev=/dev/vg0/newhostname-disk \ --swap-dev=/dev/vg0/newhostname-swap \ --dist=jessie \ --ip=10.0.0.39 \ --netmask=255.255.255.0 \ --gateway=10.0.0.1 \ --nameserver="x.x.x.x x.x.x.x" --fs=ext4 \ --pygrub The .cfg file will be created in /etc/xen/newhostname.cfg , by default this will not automatically start on reboot of the dom0. *mv /etc/xen/newhostname.cfg /etc/xen/auto/* All .cfg files located in the auto/ directory will be started with the hypervisor dom0 reboots. If no nameservers are provided with the --nameserver option, the same nameservers in the host's /etc/resolv.conf will be used. We want to use pygrub for the bootloader on the new VM so that it can run a different kernel version than the dom0, if necesary. This avoids the need to have the same kernel version on the dom0 and all domU virtual machines. Create DNS entries for the new VM We need forward resolution to work for the new VM, whether or not it's on a publicly accessible IP address. ssh to the authoritative ns1 for the infrastructure domain and do the following: Edit the zonefile on ns1.domainname.ca to give an A record to the IP for the new virtual machine, such as: *sudo nano /etc/bind/db.domainname.ca <http://db.domainname.ca>* insert a line such as: vpn-van IN A 10.0.0.39 be certain to increment the zonefile's serial number so that it will propagate to ns2 and n3, and other DNS servers. *sudo rndc reload domainname.ca <http://domainname.ca>* logout from the nameserver Post-Installation Guest VM Configuration Edit the appropriate area in https://wiki.domainname.ca <https://wiki.tengigabit.ca> to create documentation for the new virtual machine. Next step: use "sudo xl console" to get into the new virtual machine and verify that the username needed to login to the machine has been created by the xen installation process, typically "eric". Login as root Create your user's home directory: *mkdir /home/eric* *chgrp eric /home/eric* *chown eric /home/eric* Install essential things, install in a new vm: sudo apt-get install sudo whois locate traceroute curl dnsutils fail2ban rtorrent sqlite3 sshfs mtr speedtest-cli snmp snmpd snmp-mibs-downloader htop irssi figlet bzip2 p7zip lzip unzip unrar gcc make build-essential nmon iptraf joe nano rsync ntp ntpdate postfix This should download about 100MB of .deb files and install them Add the admin user's username to /etc/sudoers in the "User privilege specifiction" section *nano /etc/sudoers* edit the file /etc/snmp/snmpd.conf and configure it to allow read-only snmpv2 polling by cacti.domainname.ca <http://cacti.tengigabit.ca> *sudo /etc/init.d/snmpd restart* exit the root shell. Use Ctrl-] to escape from the xen console and back to the CLI of the dom0. >From your workstation or the bastion host, copy over your ssh public keys *ssh-copy-id -i ~/.ssh/identity_file.pub usern...@newhostname.domainname.ca <usern...@newhostname.tengigabit.ca>* Verify that logging in with your ssh public/private key pair works: *ssh usern...@hostname.domainname.ca <usern...@hostname.tengigabit.ca>* Verify that you can sudo Using the https GUI of https://cacti.domainname.ca <https://cacti.tengigabit.ca> , login and add the new virtual machine as a "Linux" host template machine. Add the new machine by hostname, not by IP address. Verify that you can snmpwalk the new machine and its charts are drawing correctly in cacti. automatic backups of the new virtual machine - ssh to the new virtual machine, su to root - create a new ssh public/private RSA key file set in ~/.ssh/ (by doing "ssh-keygen -t rsa") - ssh-copy-id e...@workstation.domainname.ca <e...@tikkakebab.tengigabit.ca> , this puts the public key on eric's workstation desktop system - ssh e...@workstation.domainname.ca <e...@tikkakebab.tengigabit.ca> and verify that logging in with pub/private key authentication (without password) works normally - look at the contents of /home/eric/.ssh/authorized_keys to verify that the VM's id_rsa.pub has been copied in successfully - create the /root/backup-hostname.sh, chmod +x the file, add to /etc/crontab - contents of /root/backup-hostname.sh script should look like the following example: tar -pcvjf - --exclude=/proc --exclude=/sys /* | ssh -l eric workstation.domainname.ca <http://tikkakebab.tengigabit.ca> "cat > ~/Desktop/backups.compressed/hostname.tengigabit.ca.tar.bz2" post-installation monitoring configuration 1. configured /etc/snmp/snmpd.conf to allow read-only v2c polling with community string, see snmpd configuration section for details. 2. Add the new VM to cacti and ensure that it is being polled successfully with correct snmp v2c community string, interfaces are charting 3. Add the new VM to opennms and ensure that it is being polled successfully with correct snmp v2c community string On Fri, Nov 20, 2015 at 9:14 AM, David <dmilho...@wletc.com> wrote: > I am doing a home brew vmhost at home and I am tossing around using XEN vs > Vmware like I use at the office. > From what I gather of Xen alot is done within the CLI but I am looking for > a client like VMware host client that will > give me the gui interface to manage host on XEN > > Any ideas or thoughts are welcome > > -- >
