Notes on Life, ‘Puters and Hawaii

Xen Virtulization with Debian Linux 4 (It’s easy)

Install Debian 4 just like you normally would. Choose a minimal install with no tasksel features (No Desktop - No Standard). Your finished install OS from this point forward will be referred to as the Host while virtual images will be referred to as Guests (below). I’m just going to tear into the steps that follow a basic Debian 4 install. They are as follows:

# Installing Debian 4 & Xen 3
#
# NOTE: if your HOST is on qemu add '-redir tcp:2222::22' to the parameters
#
# HOST  = The base Debian Xen install OS that's hosts guests
# GUEST = The VMs you are within the Debian Xen HOST
#
# During install add a user called 'debian' for non-root access
#

# HOST: Update
cat > /etc/apt/sources.list << \EOF
deb http://debian.osuosl.org/debian/ etch main contrib non-free
deb http://security.debian.org/ etch/updates main contrib non-free
EOF
apt-get update && apt-get upgrade

# HOST: Tools
apt-get install pwgen deborphan symlinks less

# HOST: Mail
apt-get install exim4 mailx
echo root: tim@dysinger.net > /etc/aliases && newaliases
dpkg-reconfigure exim4-config ; # Choose "Internet Site"
date | mail -s test root@localhost ; # should see email @ tim@dysinger.net

# HOST: Ssh
apt-get install openssh-server
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cat > /etc/ssh/sshd_config << \EOF
Protocol 2
Port 54321
PermitRootLogin no
PasswordAuthentication no
UseDNS no
Subsystem sftp /usr/lib/openssh/sftp-server
EOF
rm /etc/ssh/*key*
dpkg-reconfigure openssh-server
# DESKTOP: Create SSH keys (if you don't have them already)
ssh-keygen -t dsa ; # just [Return] at all prompts
# HOST: Then paste the content of the DESKTOP ~/.ssh/id_dsa.pub
# into HOST /home/debian/.ssh/authorized_keys
su - debian
mkdir ~/.ssh
cat >> ~/.ssh/authorized_keys << \EOF
{{{{{ PUT YOUR ~/.ssh/id_dsa.pub KEY HERE }}}}}
EOF
chmod -R go-rwsx ~/.ssh
exit
# DESKTOP: Try the ssh login before you trust everything's OK
ssh -p 54321 debian@my.servers.host.name.com ; # should require no password

# HOST: Xen
apt-get install linux-image-2.6-xen-686 linux-headers-2.6-xen-686 \
xen-hypervisor-3.0.3-1-i386-pae xen-linux-system-2.6.18-4-xen-686 \
xen-ioemu-3.0.3-1 xen-tools libc6-xen bridge-utils
cat >> /etc/modules << \EOF
loop max_loop=64
EOF
cat > /etc/xen-tools/xen-tools.conf << \EOF
dir         = /xen
mirror      = http://ftp.us.debian.org/debian/
kernel      = /boot/vmlinuz-2.6.18-4-xen-686
initrd      = /boot/initrd.img-2.6.18-4-xen-686
debootstrap = 1
dist        = etch
image       = full
size        = 4Gb
memory      = 512Mb
swap        = 512Mb
dhcp        = 1
EOF
cat > /etc/xen/xend-config.sxp << \EOF
(network-script network-bridge)
(network-script network-dummy)
(vif-script vif-bridge)
(dom0-min-mem 196)
(dom0-cpus 0)
EOF
mkdir /xen

# HOST: Dhcp
apt-get install dhcp3-server
cat > /etc/dhcp3/dhcpd.conf << \EOF
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.248;
option broadcast-address 66.199.242.207;
option routers 66.199.242.201;
option domain-name-servers 4.2.2.1, 72.29.96.250, 207.210.212.202;
option domain-name "mysite.com";
subnet 66.199.242.200 netmask 255.255.255.248 {
  range 66.199.242.203 66.199.242.206;
}
host myserver {
  option host-name "myserver.mysite.com";
  hardware ethernet 00:16:3E:18:CF:B3;
  fixed-address 66.199.242.206;
}
EOF

# HOST: Sudo
apt-get install sudo
visudo ; # make sure the bottom line has 'debian  ALL=(ALL) ALL'

# HOST: Cleanup
reboot ; # after reboot - login as 'debian' (NOT ROOT EVER AGAIN ON THIS HOST!)
sudo uname -r ; # running xen kernel ?
sudo dpkg --purge linux-image-2.6-686 linux-image-2.6.18-4-686

# HOST: Harden
# Read http://www.debian.org/doc/manuals/securing-debian-howto/
sudo apt-get install nmap
sudo nmap -p 1-65535 -T4 -sS `hostname` ; # have a look at your open ports
sudo apt-get install harden harden-clients harden-tools tiger chkrootkit lsof

# HOST: Firewall ( leave open eth0 port 54321 & add xenbr0 w/o NAT )
sudo apt-get install arno-iptables-firewall

# HOST: Guest
sudo xen-create-image --hostname image
sudo xm create /etc/xen/image.cfg
sudo xm list
sudo xm console image ; # Ctrl-] is exit

# GUEST: Prepare
passwd root ; # Change the password!!!
echo 127.0.0.1 localhost localhost.localdomian > /etc/hosts
adduser debian
usermod -G staff,src debian

# GUEST: Setup
#   1. Update (same as above)
#   2. Tools (same as above)
#   3. Mail (same as above)
#   4. Ssh (same as above)
#   5. Sudo (same as above)
#   6. Harden (same as above)
#   7. Firewall ( same as above but leave open eth0 ports 80 443 54321 )

# HOST: Cloning GUESTS

# HOST: Create a new Xen image (xen-create above)
# HOST: Copy the 'image' disk to the clone
#   'image' must be shut down then
#     (cp /xen/domians/image/disk.img /xen/domains/mynewdomain/ )
# HOST: Boot your new xen guest (xm create above)
# GUEST: Change password (as debian user)
# GUEST: Reconfigure the new guests hostname
sudo su -
hostname dev.ec2.sonianarchive.com
echo `hostname` > /etc/hostname
exit
# GUEST: Reconfigure mail (above)
# GUEST: Configure services as needed (as debian user)
sudo invoke-rc.d nginx stop && sudo update-rc.d -f nginx remove ; # example
sudo invoke-rc.d mongrel stop && sudo update-rc.d -f mongrel remove ; # example
sudo invoke-rc.d mysql stop && sudo update-rc.d -f mysql remove ; # example

Posted on June 14th, 2007 by dysinger
Filed under: Uncategorized

Comments are closed.

« NetBeans Ruby IDE Debugging for Ruby and Rails Using modules with RESTful controllers »