Hetzner - DokuWiki
Xen auf Ubuntu Gutsy (RAID/LVM)
fresh ubuntu gutsy xen+raid on hetzner rootserver
install the basic system
i want a basic ubuntu installation with raid, a small system root for xen and the Dom0 and a large raid partition for the lvm-ed DomUs.
- via hetzner robot switch to rescue system, choose 64-bit, note password
- via hetzner robot invoke hardware reset
- ssh into the rescue sys
- start install-image
install-image
choose ubuntu gutsy 32-bit or 64-bit
in the editor modify some settings:
- configure partitions like
part 1 swap <xxx> # unmodified part 2 / ext3 8192 # resize to reasonable size for the dom0 root part 3 /data ext3 all # all space for the vms
- turn on raid
swraid 1
- exit editor and start the installation
- reboot the rootserver into your new gutsy installation
create ubuntu-like admin user with sudo rights
i want to have the system-administration ubuntu-like with root unable to log in and an admin user which will sudo for admin tasks.
- ssh into newly installed sys with root and the noted password
- create ubuntu-common admin user (and group)
groupadd admin useradd -m -s /bin/bash -g users -G admin <admin user name>
- set password for the new admin user
passwd <admins user name>
- add sudo rights to the admin group
visudo
add
%admin ALL=(ALL) ALL
to the end of the sudoers file and save.
- try to ssh into the server with the newly created admin account and make sure that sudo works
secure ssh
i want to secure ssh via ssh public key authentication, no password hacking on my Dom0. to do this i will need a private/public key pair, look into http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Public-Key_Authentication-2.html how to create one on your workstation.
additionally i want to have ssh listen on another port (a bit obscurity for the scanning folk) and no root access via ssh whatsoever (not needed because our admin user can sudo anyway).
! be sure to let one session with root or sudo rights open for possible config errors until you are pretty sure everything works as intended
- copy an authorized key into the admins ./ssh directory
log in the (above createdadmin user if not already logged in
mkdir .ssh
from another machine (your workstation f.e.) copy the key
scp .ssh/authorized_keys <admin user>@<your host>:.ssh/
- try out ssh via SSH-key reconnecting to the machine
it should ask for the SSH-keys passphrase instead of the admin users password now, be sure that this works (sudo-ing will ask you for the password then)
- change the ssh connection to allow only via SSH-key and deny password
vi /etc/ssh/sshd_config if desired change ssh port number (around line 4) <code><pre>Port 3322 # example only use your own port
uncomment # PasswordAuthentication and set it to no (around line 50)
PasswordAuthentication no
- restart sshd
!again be sure to have a second session open to correct errors
sudo /etc/init.d/ssh restart
- try to connect on a second session
note: if you changed the ssh port use ssh -p <port> <admin>@<your server>
be sure that this works
- try to connect on a third session as root (with the noted password)
note: if you changed the ssh port use ssh -p <port> <admin>@<your server>
! you should be unable to ssh root into the machine now – only the admin user should be able to connect via the SSH-key and not via the admin users password
note: you will need sudo from now on
- remove the root users password
sudo passwd -l root
update the machine
- reboot the machine
- ssh into the machine again
- start update
sudo apt-get update sudo apt-get dist-upgrade
- install some tools
sudo apt-get install vim mc
- reboot
install lvm2 and prepare volume group for the domu's
- install lvm software
sudo apt-get install lvm2
- reboot
- umount and remove mounted data partition from fstab
sudo umount /data - sudo vi /etc/fstab
remove /dev/md2 line
- create physical volume
sudo pvcreate /dev/md2
4.create volume group on it
sudo vgcreate vgvm /dev/md2
install xen
- install the xen software (look https://help.ubuntu.com/community/Xen for reference)
for amd64 use
sudo aptitude install linux-image-xen bridge-utils libxen3.1 python-xen-3.1 xen-docs-3.1 xen-hypervisor-3.1 xen-ioemu-3.1 xen-tools xen-utils-3.1
for 32-bit just use
sudo apt-get install ubuntu-xen-server
- change xen network config
sudo vi /etc/xen/xend-config.sxd
comment dummy network script (around 143)
#(network-script network-dummy)
comment bridge vif (around 158)
#(vif-script vif-bridge)
uncomment network-route vif-route (around 163)
(network-script network-route) (vif-script vif-route)
- customize xen-tools config
sudo vi /etc/xen-tools/xen-tools.conf
set default volume group (around 37)
lvm = vgvm
set sizes and distribution (around 100)
size = 16Gb swap = 512Mb dist = gutsy
set networking defaults (around 130)
gateway = <your first useable ip in the subnet (last byte must be odd)> netmask = 255.255.255.248 broadcast = <last ip in the subnet (must be odd)>
change architecture if you drive 64-bit (around 176)
arch=amd64
change mirror
mirror = http://de.archive.ubuntu.com/ubuntu/
4.add workaround for console bug in gutsy (https://bugs.launchpad.net/ubuntu/+source/xen-3.1/+bug/144631)
sudo vi /etc/xen-tools/xm.tmpl
add console statement after "memory = '{$memory}'"
extra='xencons=tty'
- add workaround for hwclock bug in gutsy (https://bugs.launchpad.net/ubuntu/+source/xen-3.1/+bug/144631)
sudo vi /usr/lib/xen-tools/gutsy.d/15-disable-hwclock
add rm of some init/rules files and un-exec set_hwclock (after the disable statement, around 32)
rm -f ${prefix}/etc/init.d/hwclock.sh ${prefix}/etc/init.d/hwclockfirst.sh ${prefix}/etc/udev/rules.d/85-hwclock.rules
- chmod -x ${prefix}/lib/udev/set_hwclock
- add workaround for locale bug in xen-tools (
sudo vi /usr/lib/xen-tools/gutsy.d/25-generate-locale
add prefix to the installDebianImage line (around 35)
installDebianPackage ${prefix} language-pack-en
- install a hook/role to automatically create an admin user in new DomU's
save ...
#!/bin/bash
# save tty for interaction
myTTY=`tty`
# save installed domu dir into prefix
prefix=$1
shift
# some subs for interactive stuff
eo ()
{
echo $* >$myTTY 2>&1
}
ec ()
{
$* >$myTTY 2>&1
}
eo Ubuntu Admin User Creation Hook starting
eo
eo -n Enter a Username for the admin/sudo user:
read admin
eo
chroot ${prefix} /usr/sbin/groupadd admin && eo Successfull created DomU Admin Group
eo
chroot ${prefix} /usr/sbin/useradd -m -s /bin/bash -g users -G admin $admin && eo Successfull created DomU Admin User $admin
eo
ec chroot ${prefix} /usr/bin/passwd $admin && eo Successfull changed Password for $admin
eo
eo Ubuntu Admin User Creation Hook finished
eo
... into /etc/xend/xen-tools/role.d/ubuntu-admin and make it executable
sudo chmod +x /etc/xen-tools/role.d/ubuntu-admin
creating and starting the first DomU
- create the DomU via xen-tools
sudo xen-create-image --hostname=<hostname for the DomU> --ip=<ip for the DomU (f.e.gatway + 1)> --role=ubuntu-admin
the script should ask for an admins user name and his password
- start the DomU
sudo xm create <DomUs hostname.cfg>
- enter console for the DomU
sudo xm console <DomUs hostname>
log in with the DomUs admin/password
- check that the DomU has internet access
- exit console via CTRL-5 (on german keyboard)
- if you want to autostart the DomU create a link into /etc/xen/auto
sudo ln -s /etc/xen/<hostname>.cfg /etc/xen/auto/
slow network performance on domU
If network performance seems to be slow/buggy (seeming loss of packets), especially very high HTTP response time as described here:
OpenSuSE 10.3 und Xen bei Hetzner
or here:
or Xen FAQ:
or a note from Hetzner in /etc/network/interfaces:
# post-up ethtool -K eth0 tx off # # The commented out line above will disable TCP checksumming which # might resolve problems for some users. It is disabled by default #
just do on domU's
ethtool -K eth0 tx off
permanent on OpenSuSE 10.3 by adding to /etc/sysconfig/network/ifcfg-eth0
ETHTOOL_OPTIONS='-K eth0 tx off"
permanent on Debian/Ubuntu
auto eth0 iface eth0 inet static address ... gateway ... netmask ... post-up ethtool -K eth0 tx off
dom0 do-release-upgrade to hardy
!!! Backup configs first !!!
Request a LARA console for the next steps.
sudo tar cf /root/xen_all.tar /etc/xen/ /etc/xen-tools/
check and backup /boot/grub/menu.lst
sudo apt-get install update-manager-core
sudo do-release-upgrade
WARNING: xen packages won't be upgraded
Reboot your machine with a *-server kernel, NOT *-xen.
Purge all *xen* packages sudo apt-get remove --purge list_of_*xen*_packages.
Install xen metapackage:
sudo apt-get install ubuntu-xen-server
Check and restore your xen configs.
Check and edit /boot/grub/menu.lst
Reboot and be happy =)
Bugs / Workarounds
"Time went backwards" + freeze for domU's with kernel 2.6.22-xen
https://bugs.launchpad.net/xen/+bug/146924
Quote:
[...] "I've found there are three fundamental things you need to make clocks reliable and not have the system pause under load, these are;
a. in the Dom0's grub menu.lst, add "dom0_mem=xxx" (where xxx is for example 512 for 512M)
b. add "xen.independent_wallclock=1" to /etc/sysctl.conf in each DomU
c. add "clock=jiffies" in the DomU's .cnf file in the "extra" section
This makes a huge difference to overall usability. [...]"
Quote END
[[Kategorie:Dedizierte Server]]
- Diese Seite wurde zuletzt am 30. Juli 2009 um 14:49 Uhr geändert.
- Diese Seite wurde bisher 42-mal abgerufen.
- Impressum