Debian Squeeze XEN basic setup

Install Xen:

#> aptitude install xen-hypervisor-4.0-amd64 linux-image-xen-amd64 xen-tools

Sqeeuze use Grub 2 - the defaults are wrong for Xen.
Xen hypervisor should be the first entry, so you should do this:

#> mv /etc/grub.d/10_linux /etc/grub.d/100_linux

After that disable the OS prober, so that you don’t have entries for virtual machines installed on a LVM partition.

#> echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub
#> update-grub2

Xen tries to save-state the VM’s when doing Dom0 shutdown.
This save/restore has never been successful for me, so I disable it in /etc/default/xendomains to make sure machines gets shut down too:


Enable the network bridge in /etc/xen/xend-config.sxp (uncomment existing line).
I also set some other useful params (for me):

(network-script network-bridge)
(dom0-min-mem 128)
(dom0-cpus 1)
(vnc-listen '')
(vncpasswd '')

Add independent wallclocl in sysctl dom0

#> echo xen.independent_wallclock=1 >> /etc/sysctl.conf

and also in the domUs. Setup ntpdate update at 1hour for example in domUs.
This will save you a lot of clocksync headachecs.

Config /etc/xen-tools/xen-tools.conf contains default values the xen-create-image script will use. Most important are:

# Virtual machine disks are created as logical volumes in volume group universe (LVM storage is much faster than file)
lvm = vg001

install-method = debootstrap

size = 20Gb # Disk image size.
memory = 256Mb # Memory size
swap = 4Gb # Swap size
fs = ext3 # use the EXT3 filesystem for the disk image.
dist = `xt-guess-suite-and-mirror --suite` # Default distribution to install.

gateway =
netmask =

# When creating an image, interactively setup root password
passwd = 1

# I think this option was this per default, but it doesn't hurt to mention.
mirror = `xt-guess-suite-and-mirror --mirror`

mirror_squeeze =

# let xen-create-image use pygrub, so that the grub from the VM is used, which means you no longer need to store kernels outside the VM's. Keeps this very flexible.


Script to create vms (copied from



if [ -z "$hostname" -o -z "$ip" -o -z "$dist" ]; then
echo "No dist, hostname or ip specified"
echo "Usage: $0 dist hostname ip"
exit 1

# --scsi is specified because when creating maverick for instance, the xvda disk that is used can't be accessed.
# The --scsi flag causes names like sda to be used.
xen-create-image --hostname $hostname --ip $ip --vcpus 2 --pygrub --dist $dist

Usage of the script should be simple. When creating a VM named ‘host’, start it and attach console:

xm create -c /etc/xen/host.cfg

You can go back to Dom0 console with ctrl-].
Place a symlink in /etc/xen/auto to start the VM on boot.

As a sidenote: when creating a lenny, the script installs a xen kernel in the VM.
When installing maverick, it installs a normal kernel.
Normals kernels since version 2.6.32 (I believe) support pv_ops, meaning they can run on hypervisors like Xen’s.

Ubuntu encrypted home - lvm way

1. Create lvm partition. (sdaXX)
# fdisk /dev/sda
and then create 1 partition for root, swap and the rest for home.

2. Create physical extend.

# pvcreate /dev/sda3

3. Create logical volume
# lvcreate -n crypted-home -L 200G vg0
(you can leave free space if you want to be able to add additional partitions later)

4. Install needed tools
# aptitude -y install cryptsetup initramfs-tools hashalot lvm2
# modprobe dm-crypt
# modprobe dm-mod

5. Check for bad blocks (optional)
# /sbin/badblocks -c 10240 -s -w -t random -v /dev/vg0/crypted-home

6. Setup crytped home partition with luks
# cryptsetup -y --cipher serpent-xts-essiv:sha256 --hash sha512 --key-size 512 -i 50000 luksFormat /dev/vg0/crypted-home
enter uppercase YES!!

7. Open the created crypted partition
# cryptsetup luksOpen /dev/vg0/crypted-home home

8. Create filesystem on the crypted home device
# mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/home

9. Mount and copy home files.
# mount -t ext3 /dev/mapper/home /mnt
# cp -axv /home/* /mnt/
# umount /mnt

10. Setup the system to open/mount crypted home.
Insert in /etc/fstab :
/dev/mapper/home /home ext3 defaults 1 2

After that, add an entry in /etc/crypttab:

home /dev/vg0/crypted-home none luks