Xen1 Setup Process

From CSLabsWiki
Revision as of 18:41, 11 April 2009 by Mccarrms (talk | contribs) (Installed and configured apcupsd)

This page summarizes how Xen1 was set up in Spring 2009.

Install

  • Installed CentOS 5.3 x64 with Virtualization Support.
    • Partition Scheme

Configuration

Updated VM

  • yum install yum-fastestmirror vim-enhanced gcc emacs-nox screen
  • yum update

Created User

  • Created user mccarrms
    • /usr/sbin/useradd -m mccarrms
  • Set password for mccarrms
    • passwd mccarrms

Configured Sudo

  • /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

#User_Alias ADMINS = mccarrms

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
%admins localhost=/sbin/shutdown -h now
%admins ALL=/usr/sbin/xm

Configured Networks

  • Configured hostname in /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=xen1.cslabs.clarkson.edu
GATEWAY=128.153.145.1
  • Verified eth0 configuration for Clarkson Network in /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:1B:21:28:C8:56
IPADDR=128.153.145.41
NETMASK=255.255.255.0
ONBOOT=yes
  • Verified eth1 configuration for the Server Room Network in /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth1
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:E0:81:B5:88:74
IPADDR=10.0.1.37
NETMASK=255.255.255.0
ONBOOT=yes
  • Verified eth2 configuration for the Internal Network in /etc/sysconfig/network-scripts/ifcfg-eth2
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth2
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:E0:81:B5:88:75
IPADDR=10.0.0.16
NETMASK=255.255.255.0
ONBOOT=yes

Configured Additional Xen Bridges

  • Created a network configuration file (/etc/xen/scripts/networks-cslabs)
#!/bin/sh
dir=$(dirname "$0")

"$dir/network-bridge" start vifnum=0 netdev=eth0 bridge=xenbr0
"$dir/network-bridge" start vifnum=1 netdev=eth1 bridge=xenbr1
"$dir/network-bridge" start vifnum=2 netdev=eth2 bridge=xenbr2
  • Made script executable
    • chmod +x /etc/xen/scripts/networks-cslabs
  • Edited /etc/xen/xend-config.sxp
(xend-unix-server yes)

(xend-unix-path /var/lib/xend/xend-socket)

(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')

(network-script networks-cslabs)

(vif-script vif-bridge)

(dom0-min-mem 256)

(dom0-cpus 0)

(vncpasswd '')

Configured Hosts

  • Edited /etc/hosts
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
128.153.145.41  xen1.cslabs.clarkson.edu xen1.cslabs xen1
10.0.1.37       xen1.sr.cslabs.clarkson.edu xen1.sr.cslabs xen1.sr
10.0.0.16       xen1.int.cslabs.clarkson.edu xen1.int.cslabs xen1.int

Configured DNS Servers

  • Edited /etc/resolv.conf
search clarkson.edu
nameserver 128.153.0.254
nameserver 128.153.5.254

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
  • Restarted iptables
    • /etc/init.d/iptables restart

Configured SSH

  • Edited /etc/ssh/sshd_config
Due to the sensitivity of this material, this config file has been left off.
  • Restarted sshd
    • /etc/init.d/sshd restart

Set Up SSH Login Banner

  • Edited /etc/issue.net
               ___
 __ _____ ___ <  /
 \ \ / -_) _ \/ / 
/_\_\\__/_//_/_/  
                    

Configured Password Requirements

  • Edited /etc/login.defs
MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   360
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   60

UID_MIN                   500
UID_MAX                 60000

GID_MIN                   500
GID_MAX                 60000

CREATE_HOME     yes

UMASK           077

USERGROUPS_ENAB yes

MD5_CRYPT_ENAB yes

ENCRYPT_METHOD MD5

Added Custom PATH Variables

  • Added the following to /etc/profile
PATH=$PATH:/usr/sbin:/sbin
export PATH

Modified Root's Crontab

  • crontab -e
# Used to update locate database
0 * * * * /usr/bin/updatedb

Set Up & Configured NTP

  • Installed NTP
    • yum install ntp
  • Edited /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery

server tick.clarkson.edu
server tock.clarkson.edu

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift

keys /etc/ntp/keys
  • Edited /etc/ntp/step-tickers
tick.clarkson.edu
tock.clarkson.edu
  • Configured ntpd to start on boot
    • /sbin/chkconfig --levels 35 ntpd on
  • Started ntpd
    • /etc/init.d/ntpd start

Configured ntpd to Sync Hardware Clock

  • Edited /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes

# Additional options for ntpdate
NTPDATE_OPTIONS=""

Installed and Configured APCUPSD

This package is used to monitor the UPS which Xen1 is plugged into and is used to shutdown the system in the event of a power failure.

Configured to Power On when Power is Restored

  • Edited the BIOS to have Restore on AC/Power Loss set to Power On.

Installed and configured apcupsd

  • Installed apcupsd
    • yum install apcupsd
  • Edited /etc/apcupsd/apcupsd.conf
## apcupsd.conf v1.1 ##

UPSNAME ups4

UPSCABLE ether

UPSTYPE net
DEVICE 128.153.145.42:3551

LOCKFILE /var/lock

SCRIPTDIR /etc/apcupsd

PWRFAILDIR /etc/apcupsd

NOLOGINDIR /etc

ONBATTERYDELAY 6

BATTERYLEVEL 10

MINUTES 15

TIMEOUT 0

ANNOY 300

ANNOYDELAY 60

NOLOGON disable

KILLDELAY 0

NETSERVER on

NISIP 127.0.0.1

NISPORT 3551

EVENTSFILE /var/log/apcupsd.events

EVENTSFILEMAX 10

UPSCLASS standalone

UPSMODE disable

STATTIME 0

STATFILE /var/log/apcupsd.status

LOGSTATS off

DATATIME 0

SELFTEST 336
  • Edited /etc/apcupsd/offbattery
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when the
# UPS goes back on to the mains after a power failure.
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Power has returned"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/onbattery
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when the UPS
# goes on batteries.
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Power Failure !!!"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/commfailure
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when apcupsd
# loses contact with the UPS (i.e. the serial connection is not responding).
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Communications with UPS lost"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/commok
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when apcupsd
# restores contact with the UPS (i.e. the serial connection is restored).
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Communications with UPS restored"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/changeme
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when apcupsd
# detects that the battery should be replaced.
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME UPS battery needs changing NOW."
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Configured apcupsd to start on boot
    • /sbin/chkconfig --levels 2345 apcupsd on
  • Started apcupsd
    • /etc/init.d/apcupsd start

Configured Xen Domains to Shutdown on System Shutdown

  • Edited the following lines in /etc/sysconfig/xendomains
XENDOMAINS_SAVE=""

XENDOMAINS_RESTORE=false

Installed Debootstrap

  • Installed debootstrap
    • rpm -Uvh debootstrap-1.0.10-1.fc10.noarch.rpm