First there are a few things to consider and configure before creating new virtual machines (DomU).
Loopback vs LVM
Transfering a file is easier than moving lvm volumes to servers.
As the DomU will run services in production, lvm is the better choice.
Other possibilities for more portability: Docker, XenServer Cluster, OpenStack
XL config
Modify /etc/xen/xl.conf to equip the xl toolstack with neccessary environment.
autoballoon="off" lockfile="/var/lock/xl" vif.default.gatewaydev="eth0" vif.default.bridge="xenbr0"
Partition template
Create template file: /etc/xen-tools/partitions.d/server
As rights, permissions and performance can be set per disk partition a proper setup is recommended (but not neccessary). This template is used only with parameter –partitions=server using xen-create-image.
[root] size=20G type=ext4 mountpoint=/ options=errors=remount-ro [opt] size=5G type=xfs mountpoint=/opt options=nodev [tmp] size=2.5G type=xfs mountpoint=/tmp options=nodev,nosuid [usr] size=10G type=xfs mountpoint=/usr options=nodev [var] size=10G type=xfs mountpoint=/var options=nodev,nosuid [var-tmp] size=2.5G type=xfs mountpoint=/var/tmp options=nodev,nosuid [var-www] size=100G type=ext4 mountpoint=/var/www options=relatime,nodev,nosuid [var-srv] size=100G type=ext4 mountpoint=/var/srv options=relatime,nodev
Deposit public ready to spread to new virtual machines
To have keybased login working in the new vms the public key is stored in the skeleton directory of xen-tools.
mkdir -p /etc/xen-tools/skel/root/.ssh chmod -R 700 /etc/xen-tools/skel/root # If you don't have ssh key - run ssh-keygen to create ssh-keygen cp /root/.ssh/id_rsa.pub /etc/xen-tools/skel/root/.ssh/authorized_keys
Create xen vm role
To customize a xen install, we could use custom hooks or roles.
The role file could be extended to launch and preconfigure puppet client. To adopt look at: /etc/xen-tools/roles.d/puppet
Create a role: /etc/xen-tools/roles.d/server
Purpose of this role file
- Create Hetzner network configuration based on ipv4 list
- Create Hetzner network configuration based on ipv6 list
- Install few tools (htop, screen…)
- Create message of the day (Use your own ASCII logo)
- Create locale files and set de_DE.UTF-8 as default
# create and make executable touch /etc/xen-tools/roles.d/server chmod +x /etc/xen-tools/roles.d/server
#!/bin/bash
prefix=$1
#
# Source our common functions
#
if [ -e /usr/share/xen-tools/common.sh ]; then
. /usr/share/xen-tools/common.sh
else
echo "Installation problem"
fi
#
# network config
#
if [ -f ${prefix}/etc/network/interfaces ]; then
cat << EOF > ${prefix}/etc/network/interfaces
# loopback
auto lo
iface lo inet loopback
EOF
# ipv4 of host system
host_ipv4=$(ifconfig xenbr0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://')
# if /etc/xen-tools/ipv4-list.conf exist use these values, otherwise use parameter
if [ -f "/etc/xen-tools/ipv4-list.conf" ]; then
ipv4row=$(grep "${hostname}\$" /etc/xen-tools/ipv4-list.conf)
if [ ! -z "${ipv4row}" ] ; then
# extract ip values of ipv4-list.conf
ipv4regex='^([0-9.]+);([0-9.]+);([0-9.]+);.*$'
[[ "$ipv4row" =~ $ipv4regex ]] && { add_ipv4=${BASH_REMATCH[1]} ; add_netmaskv4=${BASH_REMATCH[2]} ; add_gatewayv4=${BASH_REMATCH[3]} ; }
# append to interfaces-file
cat << EOF >> ${prefix}/etc/network/interfaces
# internet
auto eth0
iface eth0 inet static
address ${add_ipv4}
gateway ${add_gatewayv4}
netmask ${add_netmaskv4}
pointopoint ${add_gatewayv4}
EOF
else
# append to interface-file if ipv4-list.conf not matching
cat << EOF >> ${prefix}/etc/network/interfaces
# internet
auto eth0
iface eth0 inet static
address ${ip1}
gateway ${gateway}
netmask ${netmask}
#pointopoint ${host_ipv4}
EOF
fi
fi
# if /etc/xen-tools/ipv6-list.conf exist use these values
if [ -f "/etc/xen-tools/ipv6-list.conf" ]; then
ipv6row=$(grep "${hostname}\$" /etc/xen-tools/ipv6-list.conf)
if [ ! -z "${ipv6row}" ] ; then
# extract ip ipv6-list.conf
ipv6regex='^([0-9A-Fa-f:]+);([0-9]+);.*$'
[[ "$ipv6row" =~ $ipv6regex ]] && { add_ipv6=${BASH_REMATCH[1]} ; add_subnetv6=${BASH_REMATCH[2]} ; }
# append to interfaces-file
cat << EOF >> ${prefix}/etc/network/interfaces
iface eth0 inet6 static
address ${add_ipv6}
netmask 80
up ip -6 route add default via fe80::1 dev eth0
EOF
fi
fi
fi
cat << EOF > ${prefix}/etc/motd
___ ____
/ __| __ _ _ ___ ___ _ _ |_ /___ _ _ ___
\__ \/ _| '_/ -_) -_) ' \ / // _ \ ' \/ -_)
|___/\__|_| \___\___|_||_/___\___/_||_\___|
${hostname} | ${ip1} | ${add_ipv6}
EOF
#
# Install additional Packages
#
installDebianPackage ${prefix} obnam fail2ban ntpdate ntp screen htop iftop iotop psmisc rsync
#
# Locale Settings
#
echo "export LANGUAGE=de_DE.UTF-8" >>${prefix}/etc/profile
echo "export LANG=de_DE.UTF-8" >>${prefix}/etc/profile
echo "export LC_ALL=de_DE.UTF-8" >>${prefix}/etc/profile
chroot ${prefix} locale-gen de_DE.UTF-8
#
# Log our finish
#
logMessage Script $0 finished
Configuration
For ip address assignment there are configuration files to be filled.
Since Xen is missing network management, it has to be configured manually (using the role script above and config files underneath).
My solution is only a quick hack working with Hetzner network environment. Adopt it and modify it to your needs!
IP list configuration files
Create files and setup you additional ips.
vi /etc/xen-tools/ipv6-list.conf # ipv6 ; subnet ; vm hostname W:X:Y:Z:1::1;80;srv-xy-1 W:X:Y:Z:2::1;80;srv-xy-2 vi /etc/xen-tools/ipv4-list.conf # ip ; netmask ; gateway ; vm hostname (optional) A.A.A.A;255.255.255.224;GW.GW.GW.GW;srv-xy-1 B.B.B.B;255.255.255.248;GW2.GW2.GW2.GW2;srv-xy-2
Using these two configuration files, the role file “server” and xen-create-image with hostname=srv-xy-1, a network configuration within the vm will be created with eth0 ipv4 A.A.A.A, gateway GW.GW.GW.GW and netmask 255.255.255.224 (this may vary based on what Hetzer is going to assign). Also a eth0 ipv6 will be created with W:X:Y:Z:1::1, netmask 80.
If there is no hostname matching in ipv6 config files, the parameter of xen-create-image will be used. Example:
xen-create-image [..] --hostname=srv-name-not-in-list --ip=A.A.A.A --gateway=Gw.GW.GW.GW --netmask=255.255.255.224 [..]
Configure screen
Use this screen configuration in .screenrc config file for fancy and smart screen layout.
This config provides functions like resize regions, step through windows using F3/F4 and nicer layout.
Deposit the file here: /etc/xen-tools/skel/root/.screenrc
# ===============================================================
# VARIABLES - Boolean values (on/off)
# ===============================================================
# mousetrack on # mouse tracking support
autodetach on # default: on
crlf off # default: off
defbce on
deflogin off # default: on
# defsilence off # default: off
hardcopy_append on # default: off
# nethack on # default: off
startup_message off # default: on
vbell off # default: ???
# 256 colors
attrcolor b ".I"
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
# mouse support in screen
term rxvt
# this makes screen work within rxvt on cygwin:
termcapinfo rxvt-cygwin-native ti@:te@
# make the cursor show up in red:
termcapinfo linux “ve=\E[?25h\E[?17;0;64c”
# the following two lines give a two-line status, with the current window highlighted
hardstatus alwayslastline
hardstatus string '%{gk}[ %{G}%H %{g}][%= %{wk}%?%-Lw%?%{=b kR}(%{W}%n*%f %t%?(%u)%?%{=b kR})%{= kw}%?%+Lw%?%?%= %{g}][%{Y}%l%{g}]%{=b C}[ %Y-%m-%d %c ]%{W}'
# huge scrollback buffer
defscrollback 5000
# ===============================================================
# AUTOSTART
# ===============================================================
# default windows
screen -t bash 1 bash
select 0
bind c screen 1 # window numbering starts at 1 not 0
bind 0 select 10
# get rid of silly xoff stuff
bind s split
# ===============================================================
# LAYOUT
# ===============================================================
layout autosave on
layout new one
select 1
layout new two
select 1
split
resize -v +8
focus down
select 4
focus up
layout new three
select 1
split
resize -v +7
focus down
select 3
split -v
resize -h +10
focus right
select 4
focus up
layout attach one
layout select one
# ===============================================================
# KEY BINDINGS
# ===============================================================
# navigating regions with Ctrl-arrows
bindkey "^[[1;5D" focus left
bindkey "^[[1;5C" focus right
bindkey "^[[1;5A" focus up
bindkey "^[[1;5B" focus down
# switch windows with F3 (prev) and F4 (next)
bindkey "^[OR" prev
bindkey "^[OS" next
# switch layouts with Ctrl+F3 (prev layout) and Ctrl+F4 (next)
bindkey "^[O1;5R" layout prev
bindkey "^[O1;5S" layout next
# F2 puts Screen into resize mode. Resize regions using hjkl keys.
bindkey "^[OQ" eval "command -c rsz" # enter resize mode
# use hjkl keys to resize regions
bind -c rsz h eval "resize -h -5" "command -c rsz"
bind -c rsz j eval "resize -v -5" "command -c rsz"
bind -c rsz k eval "resize -v +5" "command -c rsz"
bind -c rsz l eval "resize -h +5" "command -c rsz"
# quickly switch between regions using tab and arrows
bind -c rsz \t eval "focus" "command -c rsz" # Tab
bind -c rsz -k kl eval "focus left" "command -c rsz" # Left
bind -c rsz -k kr eval "focus right" "command -c rsz" # Right
bind -c rsz -k ku eval "focus up" "command -c rsz" # Up
bind -c rsz -k kd eval "focus down" "command -c rsz" # Down
Start Xen VM for demo
Finished with customizing.
Although a firewall is needed for production use, the functional part is still working.
Give it a try by initialising a demo vm.
xen-create-image --hostname=srv-xy-1 --role=server --partitions=server --dist=jessie --vcpus=4 --memory=4G --maxmem=6G --size=50G --noswap --ip=A.A.A.A --mac=A:B:C:D:E:F # connect to console after finishing install xl console srv-xy-1
Login to your demo. Disconnect using key combo: CTRL+[
Hi Damien,
Great guide how we interested in knowing how to configure public interfaces for DomU.
I have three IPs in total on a Hetzner server and would like to create two guests each with own ip. All Xen docs are not really clear
Damian, great tutorial! Thanks a lot!
fstab option sync is causing performance gaps:
Removing it from config improved disk speed.
Thank you CollabChris, already updated config! Config file posted here was outdated 🙁