Creating Xen Machines on Debian Lenny

From Wiki
Jump to: navigation, search


Usually, creating Xen virtual machines involves some editing of a .cfg file and some fiddling.

I installed Xen on Debian Lenny following a guide from here, but I made some modifications based on my own experience. This is the result of that guide. Thanks to Pierre-Yves Landuré

First off, the Dom0 needs some dependencies installed, so let's get those out of the way, or it'll spoil the fun later on. (I'm assuming here that you've just finished installing Lenny)

apt-get install gcc make openssh-server fuse-utils 

Once they're out of the way, it's time to play with CPAN.

cpan YAML <br />
cpan Slurp 

You may have been asked to set up cpan - just use the defaults for now.

Install Xen Hypervisor

apt-get install xen-hypervisor-i386 linux-image-2.6-xen-686 linux-headers-2.6-xen-686 xen-utils-3.2-1 xen-tools bridge-utils 

Once this is done, lets use the new kernel.


Network Configuration

I used bridge here for my network configuration - it suited my needs at the time, if you're brave or stupid, use NAT.

So, let's get typing


Let's disable the previous configuration

sed -i -e 's/^(network-script .*).*$/# \0/' -e 's/^(vif-script .*).*$/# \0/' /etc/xen/xend-config.sxp 

We now enable the network configuration that we chose before

sed -i -e "s/^#[ ]*\\((network-script.*network-${XEN_NETWORK_MODE}).*\\)\$/\\1/" -e "s/^#[ ]*\\((vifscript.*vif{XEN_NETWORK_MODE}).*\\)\$/\\1/" /etc/xen/xend-config.sxp 

We restart the Xen daemon to enable the new network configuration:

/etc/init.d/xend restart

Let's get the Dom0 IP address right

or whatever the current ip address is. ifconfig eth0 to check
if [ $(/bin/grep "^[^#]*bridge" /etc/xen/xend-config.sxp | /usr/bin/wc --lines) -gt 0 ]; then
MAINDOM_IP=$(/sbin/ifconfig eth0 | /bin/grep "inet adr" | /bin/sed -e 's/^.*inet adr:\([^ ]*\) .*$/\1/')

Configuring virtual guest creation by Xen Tools

Default Configuration

By default, Xen Tools is configured to create Debian 3.1 Sarge based guest computers. We will change this. Use this command line to setup Xen Tools to create Debian 4.0 Etch or 5.0 Lenny guest computers by default (depending on the Dom0 distribution):

if [ "$(/bin/cat /etc/debian_version)" = "4.0" ]; then
  /bin/sed -i -e 's/^\(dist[ ]*=[ ]*\)[^ ]*\([ ]*#.*\)$/\1etch\2/' /etc/xen-tools/xen-tools.conf
  /bin/sed -i -e 's/^\(dist[ ]*=[ ]*\)[^ ]*\([ ]*#.*\)$/\1lenny\2/' /etc/xen-tools/xen-tools.conf

Similarly, change the default swap size from 128Mo to 1Go (for safety reasons, even if most of the time it is not used):

sed -i -e 's/^\(swap[ ]*=[ ]*\)[^ ]*\([ ]*#.*\)$/\11Gb\2/' /etc/xen-tools/xen-tools.conf

Declare "debootstrap" as the default virtual computer OS installation method:

/bin/sed -i -e 's/^[# ]*\(debootstrap[ ]*=\).*$/\1 1/' /etc/xen-tools/xen-tools.conf

If Xen is configured to use the NAT mode, setup the default DomU network parameters for the creation of DomU with fixed IP:

if [ $(/bin/grep "^[^#]*nat" /etc/xen/xend-config.sxp | /usr/bin/wc --lines) -gt 0 ]; then
  /bin/sed -i -e 's/^[# ]*\(gateway[ ]*=\).*$/\1' \
            -e 's/^[# ]*\(netmask[ ]*=\).*$/\1' \

Using LVM Volume Group for virtual computer partitions

We will now configure Xen to use a LVM volume group. First, we detect the name of the first LVM volume group of the system :

LVM_VG=$(/sbin/vgdisplay \
  | /bin/grep "VG Name" \
  | /usr/bin/head --lines=1 \
  | /usr/bin/cut --characters=25-)

Update the Xen tools configuration file:

/bin/sed -i -e "s/^# \(lvm = \).*/\1$LVM_VG/" /etc/xen-tools/xen-tools.conf

Once this done, we configure Xen Tools to use the right kernel when creating virtual computers:

/bin/sed -i -e "s/^\(kernel =\).*\$/\1 \/boot\/vmlinuz-$(uname -r)/" \
            -e "s/^\(initrd =\).*\$/\1 \/boot\/initrd.img-$(uname -r)/" \

Creating a Xen Tools Role for your virtual computer's creation

In order to be able to correctly manage our guest operating systems (domU), we now create a Xen Tools role that will do the following on each virtual computer (domU) we are going to create:

   * Installing the following packages: locales, sudo, ntp, cron-apt, logwatch, rkhunter, chkrootkit, vim, screen, backup-manager and fail2ban
   * Creating the system user "xen-upgrade" with its rsa key for ssh authentication in order to ease upgrading guest operating systems (it is what we need sudo for).
   * Configure Backup Manager to backup the guest operating systems (domU), and copy the backups in the /var/archives folder of the host computer (dom0).

First, we download the configuration file of our new role named "automatic":

/usr/bin/wget \
/bin/chmod +x /etc/xen-tools/role.d/automatic

Edit this file to stop it erroring at the last second.

vi /etc/xen-tools/role.d/automatic
dd (remove the last line)

We create the "xen-backup" system user on the host computer (dom0):

/usr/sbin/adduser --system --shell /bin/sh --home /var/lib/xen-backup --disabled-password xen-backup 

And we add it to the "backup" group:

/usr/sbin/adduser xen-backup backup

We create the RSA keys allowing the SSH authentication without password. In order to do this, create the folder that we will use to store this keys:

/bin/mkdir /etc/xen-tools/ssh-keys

And create the keys for the automatic authentication of the "xen-upgrade" (created by the "automatic" role on the guest OS (domU)) and "xen-backup" (that we created earlier on the dom0) accounts:

/usr/bin/ssh-keygen -t rsa -C "upgrade account key" -N "" -f /etc/xen-tools/ssh-keys/xen-upgrade-rsa
/usr/bin/ssh-keygen -t rsa -C "backup account key" -N "" -f /etc/xen-tools/ssh-keys/xen-backup-rsa

We setup the "xen-backup" user so that we can use the RSA key we just created to authenticated as it:

/bin/mkdir /var/lib/xen-backup/.ssh
/bin/cat /etc/xen-tools/ssh-keys/ \
    | /usr/bin/tee -a /var/lib/xen-backup/.ssh/authorized_keys
/bin/chown -R xen-backup:nogroup /var/lib/xen-backup/.ssh

We also install the script allowing us to upgrade the guest operating systems (domU) from the host computer (dom0):

/usr/bin/wget \
/bin/chmod +x /usr/bin/xen-apt-get

This script allow to upgrade all of the guest operating systems with this two commands:

xen-apt-get update
xen-apt-get upgrade

You can also upgrade a specific virtual computer (domU). You will learn more about its usage by reading the text displayed by:


Easing the access to guest operating systems (domU) shell (optional)

If you don't want to use password authentication for the root accounts of the guest operating systems, you can create a RSA key for authenticating as root on all guest operating systems. The "automatic" Xen Tools role will install it automaticaly if it find it. Please protect this RSA key with a strong password:

if [ ! -e ${HOME}/.ssh/id_rsa ]; then
  /usr/bin/ssh-keygen -t rsa -f ${HOME}/.ssh/id_rsa

Configuring virtual computers skeleton

We now create a skeleton with some default configurations (Exim 4, locales, timezone, bash and vim mainly) in order to reduce the configuration tasks needed by newly created virtual computers (domU).

First, we create the folder tree that will store the skeleton files (it is a standard linux organization: the skeleton is copied as is in the virtual operating system):

/bin/mkdir --parent /etc/xen-tools/skel/root
/bin/mkdir --parent /etc/xen-tools/skel/root/.ssh
/bin/mkdir --parent /etc/xen-tools/skel/etc/default
/bin/mkdir --parent /etc/xen-tools/skel/etc/exim4
/bin/mkdir --parent /etc/xen-tools/skel/etc/cron.d
/bin/mkdir --parent /etc/xen-tools/skel/etc/apt/apt.conf.d
/bin/mkdir --parent /etc/xen-tools/skel/etc/xen-data
/bin/mkdir --parent /etc/xen-tools/skel/usr/bin]

We copy the configuration files of the host computer (dom0) into the skeleton, so that virtual operating systems has a very close configuration from our main host:

/bin/cp /root/.bashrc /etc/xen-tools/skel/root/
if [ -e /root/.vimrc ]; then
  /bin/cp /root/.vimrc /etc/xen-tools/skel/root/
/bin/cp /etc/timezone /etc/xen-tools/skel/etc/
/bin/cp /etc/localtime /etc/xen-tools/skel/etc/
/bin/cp /etc/locale.gen /etc/xen-tools/skel/etc/
/bin/cp /etc/environment /etc/xen-tools/skel/etc/
/bin/cp /etc/default/locale /etc/xen-tools/skel/etc/default/

Add the SSH public key of the host computer (dom0) to the known hosts of the domU ssh client, in order for the backup to work correctly:

/usr/bin/ssh-keyscan -H -t rsa ${MAINDOM_IP} | /usr/bin/tee /etc/xen-tools/skel/root/.ssh/known_hosts

Also add the public RSA key of the Dom0 root account to the authorized keys for the domU root account:

if [ -e ${HOME}/.ssh/ ]; then
    /bin/cat ${HOME}/.ssh/ \
        | /usr/bin/tee -a /etc/xen-tools/skel/root/.ssh/authorized_keys

Creating a Xen virtual computer

Base system installation

We now create our first Xen virtual computer. First we setup its hostname:


And we choose a IP address for the guest computer (change the last digit of the example IP):


Now, create the virtual computer by using the command lines below.

Important: Do not loose the password you enter here, it is the root password of your virtual computer.

/usr/bin/xen-create-image --hostname $XEN_HOSTNAME \
    --ip $IP_ADDRESS --passwd --role automatic 

Creating a /var partition for the domU

Once the virtual computer created, we add a partition for /var. Here, i choosed to create a 10 Giga Bytes partition:

LVM_VG=$(/bin/grep lvm /etc/xen-tools/xen-tools.conf | /bin/sed -e 's/lvm = //')
/sbin/lvcreate -n $XEN_HOSTNAME-var -L 10G $LVM_VG
/sbin/mkfs.ext3 /dev/$LVM_VG/$XEN_HOSTNAME-var

We update the new virtual computer configuration to use this partition:

if [ $(/bin/grep "disk[\t ]*=.*\]" /etc/xen/$XEN_HOSTNAME.cfg | /usr/bin/wc --lines) -eq 0 ]; then
  /bin/sed -i -e "/^disk[\t ]*=.*/a\\
    'phy:$LVM_VG\/$XEN_HOSTNAME-var,sda3,w'," \
  /bin/sed -i -e "s/^\(disk[\t ]*=.*\)\]/\1, 'phy:$LVM_VG\/$XEN_HOSTNAME-var,sda3,w' ]/" /etc/xen/$XEN_HOSTNAME.cfg

And we edit the fstab file of the virtual computer:

/bin/umount /dev/$LVM_VG/$XEN_HOSTNAME-disk
MOUNT_POINT=$(/bin/mktemp -d)
/bin/mount /dev/${LVM_VG}/${XEN_HOSTNAME}-disk ${MOUNT_POINT}
/bin/echo "/dev/sda3   /var    ext3    defaults                0       1" | /usr/bin/tee -a ${MOUNT_POINT}/etc/fstab
VAR_MOUNT_POINT=$(/bin/mktemp -d)
/bin/mount /dev/${LVM_VG}/${XEN_HOSTNAME}-var ${VAR_MOUNT_POINT}
/bin/cp -a ${MOUNT_POINT}/var/* ${VAR_MOUNT_POINT}
/bin/umount ${VAR_MOUNT_POINT}
/bin/umount ${MOUNT_POINT}

Starting the virtual computer (domU)

We can now start our new virtual computer (domU):

/usr/sbin/xm create /etc/xen/$XEN_HOSTNAME.cfg

You can fetch the list of running virtual computers with the command:

/usr/sbin/xm list

We now use SSH to connect to our virtual computer:

/usr/bin/ssh root@$XEN_HOSTNAME

Automatic Startup of Virtual Computers

If you want some of your virtual computers to start automaticaly at your main system startup (this is needed for servers), you need to create an "auto" folder:

/bin/mkdir /etc/xen/auto

Once this done, place the configuration of virtual computers that need to be automaticaly started into this folder. For exemple, to start automaticaly the "apache2" virtual computer, use this command:

/bin/mv /etc/xen/apache2.cfg /etc/xen/auto/