Debian Squeeze XEN basic setup

Install Xen:

#> aptitude install xen-hypervisor-4.0-amd64 linux-image-xen-amd64 xen-tools

Sqeeuze use Grub 2 - the defaults are wrong for Xen.
Xen hypervisor should be the first entry, so you should do this:

#> mv /etc/grub.d/10_linux /etc/grub.d/100_linux

After that disable the OS prober, so that you don’t have entries for virtual machines installed on a LVM partition.

#> echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub
#> update-grub2

Xen tries to save-state the VM’s when doing Dom0 shutdown.
This save/restore has never been successful for me, so I disable it in /etc/default/xendomains to make sure machines gets shut down too:

XENDOMAINS_RESTORE=false
XENDOMAINS_SAVE=""

Enable the network bridge in /etc/xen/xend-config.sxp (uncomment existing line).
I also set some other useful params (for me):

(network-script network-bridge)
(dom0-min-mem 128)
(dom0-cpus 1)
(vnc-listen '127.0.0.1')
(vncpasswd '')


Add independent wallclocl in sysctl dom0

#> echo xen.independent_wallclock=1 >> /etc/sysctl.conf

and also in the domUs. Setup ntpdate update at 1hour for example in domUs.
This will save you a lot of clocksync headachecs.

Config /etc/xen-tools/xen-tools.conf contains default values the xen-create-image script will use. Most important are:

# Virtual machine disks are created as logical volumes in volume group universe (LVM storage is much faster than file)
lvm = vg001

install-method = debootstrap

size = 20Gb # Disk image size.
memory = 256Mb # Memory size
swap = 4Gb # Swap size
fs = ext3 # use the EXT3 filesystem for the disk image.
dist = `xt-guess-suite-and-mirror --suite` # Default distribution to install.

gateway = 1.2.3.4
netmask = 255.255.255.0

# When creating an image, interactively setup root password
passwd = 1

# I think this option was this per default, but it doesn't hurt to mention.
mirror = `xt-guess-suite-and-mirror --mirror`

mirror_squeeze = http://ftp.bg.debian.org/debian/

# let xen-create-image use pygrub, so that the grub from the VM is used, which means you no longer need to store kernels outside the VM's. Keeps this very flexible.
pygrub=1

scsi=1

Script to create vms (copied from http://blog.bigsmoke.us/):

#!/bin/bash

dist=$1
hostname=$2
ip=$3

if [ -z "$hostname" -o -z "$ip" -o -z "$dist" ]; then
echo "No dist, hostname or ip specified"
echo "Usage: $0 dist hostname ip"
exit 1
fi

# --scsi is specified because when creating maverick for instance, the xvda disk that is used can't be accessed.
# The --scsi flag causes names like sda to be used.
xen-create-image --hostname $hostname --ip $ip --vcpus 2 --pygrub --dist $dist


Usage of the script should be simple. When creating a VM named ‘host’, start it and attach console:

xm create -c /etc/xen/host.cfg

You can go back to Dom0 console with ctrl-].
Place a symlink in /etc/xen/auto to start the VM on boot.

As a sidenote: when creating a lenny, the script installs a xen kernel in the VM.
When installing maverick, it installs a normal kernel.
Normals kernels since version 2.6.32 (I believe) support pv_ops, meaning they can run on hypervisors like Xen’s.

Ubuntu encrypted home - lvm way

1. Create lvm partition. (sdaXX)
# fdisk /dev/sda
and then create 1 partition for root, swap and the rest for home.

2. Create physical extend.

# pvcreate /dev/sda3

3. Create logical volume
# lvcreate -n crypted-home -L 200G vg0
(you can leave free space if you want to be able to add additional partitions later)

4. Install needed tools
# aptitude -y install cryptsetup initramfs-tools hashalot lvm2
# modprobe dm-crypt
# modprobe dm-mod

5. Check for bad blocks (optional)
# /sbin/badblocks -c 10240 -s -w -t random -v /dev/vg0/crypted-home

6. Setup crytped home partition with luks
# cryptsetup -y --cipher serpent-xts-essiv:sha256 --hash sha512 --key-size 512 -i 50000 luksFormat /dev/vg0/crypted-home
enter uppercase YES!!

7. Open the created crypted partition
# cryptsetup luksOpen /dev/vg0/crypted-home home

8. Create filesystem on the crypted home device
# mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/home

9. Mount and copy home files.
# mount -t ext3 /dev/mapper/home /mnt
# cp -axv /home/* /mnt/
# umount /mnt

10. Setup the system to open/mount crypted home.
Insert in /etc/fstab :
#
/dev/mapper/home /home ext3 defaults 1 2

After that, add an entry in /etc/crypttab:

#
home /dev/vg0/crypted-home none luks