Difference between revisions of "Xen2 Setup Process"

From CSLabsWiki
m (Set Up & Configured NTP)
m (added partition layout and kickstart file)
Line 4: Line 4:
 
*Installed CentOS 5.3 x64 with Virtualization Support.
  
*Installed CentOS 5.3 x64 with Virtualization Support.
 
**Partition Scheme
  
**Partition Scheme
  +
***100 MB /boot - Software RAID 1
***
  
  +
***73 GB root_lvg - Logical Volume Group Software RAID 1
***
  
  +
****59 GB / (root_lvg-root_lv)
***
  
  +
****4 GB /var (root_lvg-var_lv)
  +
****10 GB swap (root_lvg-swap_lv)
  +
***452 GB /xen - Software RAID 1
  +
  +
===Kickstart File===
  +
<code><pre>
  +
# Kickstart file automatically generated by anaconda.
  +
  +
install
  +
cdrom
  +
lang en_US.UTF-8
  +
keyboard us
  +
network --device eth0 --bootproto static --ip 128.153.145.42 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname xen2.cslabs
  +
.clarkson.edu
  +
network --device eth1 --bootproto static --ip 10.0.1.38 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname xen2.cslabs.clar
  +
kson.edu
  +
network --device eth2 --bootproto static --ip 10.0.0.17 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname xen2.cslabs.clar
  +
kson.edu
  +
rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
  +
firewall --enabled --port=22:tcp
  +
authconfig --enableshadow --enablemd5
  +
selinux --enforcing
  +
timezone --utc America/New_York
  +
bootloader --location=partition --driveorder=sda,sdb,hda,hdb --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
  +
# The following is the partition information you requested
  +
# Note that any partitions you deleted are not expressed
  +
# here so unless you clear all partitions first, this is
  +
# not guaranteed to work
  +
clearpart --linux
  +
part raid.16 --size=100 --ondisk=sda
  +
part raid.19 --size=100 --ondisk=sdb
  +
part raid.20 --size=100 --grow --ondisk=hdb
  +
part raid.18 --size=100 --grow --ondisk=sdb
  +
part raid.17 --size=100 --grow --ondisk=sda
  +
part raid.14 --size=100 --grow --ondisk=hda
  +
raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.16 raid.19
  +
raid pv.22 --fstype "physical volume (LVM)" --level=RAID1 --device=md1 raid.17 raid.18
  +
raid /xen --fstype ext3 --level=RAID1 --device=md2 raid.14 raid.20
  +
volgroup root_lvg --pesize=32768 pv.22
  +
logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=61856
  +
logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=10240
  +
logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=4096
  +
  +
%packages
  +
@virtualization
  +
@core
  +
@base
  +
bridge-utils
  +
device-mapper-multipath
  +
-gnome-applet-vm
  +
-NetworkManager
  +
-bluez-utils
  +
</pre></code>
   
 
==Configuration==
  
==Configuration==

Revision as of 22:18, 14 April 2009

This page summarizes how Xen2 was set up in Spring 2009.

Install

  • Installed CentOS 5.3 x64 with Virtualization Support.
    • Partition Scheme
      • 100 MB /boot - Software RAID 1
      • 73 GB root_lvg - Logical Volume Group Software RAID 1
        • 59 GB / (root_lvg-root_lv)
        • 4 GB /var (root_lvg-var_lv)
        • 10 GB swap (root_lvg-swap_lv)
      • 452 GB /xen - Software RAID 1

Kickstart File

# Kickstart file automatically generated by anaconda.

install
cdrom
lang en_US.UTF-8
keyboard us
network --device eth0 --bootproto static --ip 128.153.145.42 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname xen2.cslabs
.clarkson.edu
network --device eth1 --bootproto static --ip 10.0.1.38 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname xen2.cslabs.clar
kson.edu
network --device eth2 --bootproto static --ip 10.0.0.17 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname xen2.cslabs.clar
kson.edu
rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --enforcing
timezone --utc America/New_York
bootloader --location=partition --driveorder=sda,sdb,hda,hdb --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux
part raid.16 --size=100 --ondisk=sda
part raid.19 --size=100 --ondisk=sdb
part raid.20 --size=100 --grow --ondisk=hdb
part raid.18 --size=100 --grow --ondisk=sdb
part raid.17 --size=100 --grow --ondisk=sda
part raid.14 --size=100 --grow --ondisk=hda
raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.16 raid.19
raid pv.22 --fstype "physical volume (LVM)" --level=RAID1 --device=md1 raid.17 raid.18
raid /xen --fstype ext3 --level=RAID1 --device=md2 raid.14 raid.20
volgroup root_lvg --pesize=32768 pv.22
logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=61856
logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=10240
logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=4096

%packages
@virtualization
@core
@base
bridge-utils
device-mapper-multipath
-gnome-applet-vm
-NetworkManager
-bluez-utils

Configuration

Updated VM

  • yum install yum-fastestmirror vim-enhanced gcc emacs-nox screen
  • yum update

Created User

  • Created user mccarrms
    • /usr/sbin/useradd -m mccarrms
  • Set password for mccarrms
    • passwd mccarrms

Configured Sudo

  • /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

#User_Alias ADMINS = mccarrms

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
%admins localhost=/sbin/shutdown -h now
%admins ALL=/usr/sbin/xm

Configured Networks

  • Configured hostname in /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=xen2.cslabs.clarkson.edu
GATEWAY=128.153.145.1
  • Verified eth0 configuration for Clarkson Network in /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=static
BROADCAST=128.153.145.255
HWADDR=00:1B:21:28:C8:4E
IPADDR=128.153.145.42
NETMASK=255.255.255.0
NETWORK=128.153.145.0
ONBOOT=yes
  • Verified eth1 configuration for the Server Room Network in /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth1
BOOTPROTO=static
BROADCAST=10.0.1.255
HWADDR=00:E0:81:B5:88:84
IPADDR=10.0.1.38
NETMASK=255.255.255.0
NETWORK=10.0.1.0
ONBOOT=yes
  • Verified eth2 configuration for the Internal Network in /etc/sysconfig/network-scripts/ifcfg-eth2
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth2
BOOTPROTO=static
BROADCAST=10.0.0.255
HWADDR=00:E0:81:B5:88:85
IPADDR=10.0.0.17
NETMASK=255.255.255.0
NETWORK=10.0.0.0
ONBOOT=yes

Configured Additional Xen Bridges

  • Created a network configuration file (/etc/xen/scripts/networks-cslabs)
#!/bin/sh
dir=$(dirname "$0")

"$dir/network-bridge" start vifnum=0 netdev=eth0 bridge=xenbr0
"$dir/network-bridge" start vifnum=1 netdev=eth1 bridge=xenbr1
"$dir/network-bridge" start vifnum=2 netdev=eth2 bridge=xenbr2
  • Made script executable
    • chmod +x /etc/xen/scripts/networks-cslabs
  • Edited /etc/xen/xend-config.sxp
(xend-unix-server yes)

(xend-unix-path /var/lib/xend/xend-socket)

(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')

(network-script networks-cslabs)

(vif-script vif-bridge)

(dom0-min-mem 256)

(dom0-cpus 0)

(vncpasswd '')

Configured Hosts

  • Edited /etc/hosts
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
128.153.145.42  xen2.cslabs.clarkson.edu xen2.cslabs xen2
10.0.1.38       xen2.sr.cslabs.clarkson.edu xen2.sr.cslabs xen2.sr
10.0.0.17       xen2.int.cslabs.clarkson.edu xen2.int.cslabs xen2.int

Configured DNS Servers

  • Edited /etc/resolv.conf
search clarkson.edu
nameserver 128.153.0.254
nameserver 128.153.5.254

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
  • Restarted iptables
    • /etc/init.d/iptables restart

Configured SSH

  • Edited /etc/ssh/sshd_config
Due to the sensitivity of this material, this config file has been left off.
  • Restarted sshd
    • /etc/init.d/sshd restart

Set Up SSH Login Banner

  • Edited /etc/issue.net
                ___ 
 __ _____ ___  |_  |
 \ \ / -_) _ \/ __/ 
/_\_\\__/_//_/____/

Configured Password Requirements

  • Edited /etc/login.defs
MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   360
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   60

UID_MIN                   500
UID_MAX                 60000

GID_MIN                   500
GID_MAX                 60000

CREATE_HOME     yes

UMASK           077

USERGROUPS_ENAB yes

MD5_CRYPT_ENAB yes

ENCRYPT_METHOD MD5

Added Custom PATH Variables

  • Added the following to /etc/profile
PATH=$PATH:/usr/sbin:/sbin
export PATH

Modified Root's Crontab

  • crontab -e
# Used to update locate database
0 * * * * /usr/bin/updatedb

Set Up & Configured NTP

  • Installed NTP
    • yum install ntp
  • Edited /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery

server tick.clarkson.edu
server tock.clarkson.edu

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift

keys /etc/ntp/keys
  • Edited /etc/ntp/step-tickers
tick.clarkson.edu
tock.clarkson.edu
  • Configured ntpd to start on boot
    • /sbin/chkconfig --levels 2345 ntpd on
  • Started ntpd
    • /etc/init.d/ntpd start

Configured ntpd to Sync Hardware Clock

  • Edited /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes

# Additional options for ntpdate
NTPDATE_OPTIONS=""

Installed and Configured APCUPSD

This package is used to monitor the UPS which Xen2 is plugged into and is used to shutdown the system in the event of a power failure.

Configured to Power On when Power is Restored

  • Edited the BIOS to have Restore on AC/Power Loss set to Power On.

Installed and configured apcupsd

  • Checked that the UPS was detected
    • cat /proc/bus/usb/devices
T:  Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor=051d ProdID=0002 Rev= 1.01
S:  Manufacturer=American Power Conversion
S:  Product=Back-UPS RS 1500 LCD FW:839.H7 .D USB FW:H7
S:  SerialNumber=JB0802018526
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  2mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms
  • Installed apcupsd
    • yum install apcupsd
  • Edited /etc/apcupsd/apcupsd.conf
## apcupsd.conf v1.1 ##

UPSNAME ups4

UPSCABLE usb

UPSTYPE usb
DEVICE

LOCKFILE /var/lock

SCRIPTDIR /etc/apcupsd

PWRFAILDIR /etc/apcupsd

NOLOGINDIR /etc

ONBATTERYDELAY 6

BATTERYLEVEL 7

MINUTES 10

TIMEOUT 0

ANNOY 300

ANNOYDELAY 60

NOLOGON disable

KILLDELAY 0

NETSERVER on

NISIP 0.0.0.0

NISPORT 3551

EVENTSFILE /var/log/apcupsd.events

EVENTSFILEMAX 10

UPSCLASS standalone

UPSMODE disable

STATTIME 0

STATFILE /var/log/apcupsd.status

LOGSTATS off

DATATIME 0

SELFTEST 336
  • Edited /etc/apcupsd/offbattery
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when the
# UPS goes back on to the mains after a power failure.
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Power has returned"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/onbattery
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when the UPS
# goes on batteries.
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Power Failure !!!"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/commfailure
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when apcupsd
# loses contact with the UPS (i.e. the serial connection is not responding).
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Communications with UPS lost"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/commok
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when apcupsd
# restores contact with the UPS (i.e. the serial connection is restored).
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME Communications with UPS restored"
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Edited /etc/apcupsd/changeme
#!/bin/sh
#
# This shell script if placed in /etc/apcupsd
# will be called by /etc/apcupsd/apccontrol when apcupsd
# detects that the battery should be replaced.
# We send an email message to root to notify him.
#
SYSADMIN=mccarrms@gmail.com,emergency@cslabs.clarkson.edu
APCUPSD_MAIL="/bin/mail"

HOSTNAME=`hostname`
MSG="$HOSTNAME UPS battery needs changing NOW."
#
(
   echo "Subject: $MSG"
   echo " "
   echo "$MSG"
   echo " "
   /sbin/apcaccess status
) | $APCUPSD_MAIL -s "$MSG" $SYSADMIN
exit 0
  • Configured apcupsd to start on boot
    • /sbin/chkconfig --levels 2345 apcupsd on
  • Started apcupsd
    • /etc/init.d/apcupsd start

Configured Xen Domains to Shutdown on System Shutdown

  • Edited the following lines in /etc/sysconfig/xendomains
XENDOMAINS_SAVE=""

XENDOMAINS_RESTORE=false

Installed Debootstrap

  • Installed debootstrap
    • rpm -Uvh debootstrap-1.0.10-1.fc10.noarch.rpm
Retrieved from "http://docs.cslabs.clarkson.edu/mediawiki/index.php?title=Xen2_Setup_Process&oldid=2465"