====== Create_Centos5_DomU_on_Debian_Etch_Dom0 ======
This article will show you how to setup, install and config a Guest Centos5 Xen Virtual Server ontop of a Debian Etch Xen Install.
** This setup presumes you have a working Xen install (xen3) on a Debian Etch Server**
====== Setup and Install Centos domU on Etch dom0 ======
===== Xen-tools/rmpstrap Method - Problematic =====
Although xen-tools will create centos4 guest Xen VM's, it did not work well. Just as a debian system can be debootstrap'd Debian Etch has a "rpmstrap" package on apt which is meant to make creating a new install easier. There were problems providing a correct Centos mirror along with other issues. There was also little information on rpmstrapping Centos on Etch. The only guide available was: http://mark.foster.cc/wiki/index.php/Centos-4_on_Xen and was a little outdated.
===== Chosen Method - Centos5 Xen Install image =====
Either xen-tools or a manual xen domU creation (manually using rpmstrap) didn't work. As a result, a prebuilt minimal Xen domU install image was chosen. http://jailtime.org provides Virtual filesystems for Xen and worked a treat. Note: The Xen images are file based Xen Images which are not intended for production use. The http://jailtime.org website has instructions for moving a file based domU to a LVM/Disk based partition.
cd /xens/name_of_new_server_to_be/
links http://jailtime.org/download:centos:v5.0
#choose to download "download:centos:centos.5-0.20070424.img.tar.bz2" as there is no direct URL link to the download.
bunzip2 centos.5-0.20070424.img.tar.bz2
tar -xvf centos.5-0.20070424.img.tar
#if you like: rm centos.5-0.20070424.img.tar (its ~1gb)
===== Config Centos DomU Xen Config =====
#rm centos.5-0.xen2.cfg
#Its only a basic config. The following config will suffice:
vi /etc/xens/domains/name_of_new_server_to_be
kernel = "/boot/vmlinuz-2.6.18-4-xen-686"
ramdisk = "/boot/initrd.img-2.6.18-4-xen-686"
memory = 64
name = "name_of_new_server_to_be"
vif = [['bridge=xenbr0']]
disk = [['file:/xens/name_of_new_server_to_be/centos.5-0.img,sda1,w','file:/xens/name_of_new_server_to_be/centos.swap,sda2,w']]
ip = "ip.address"
gateway = "gateway"
netmask = "255.255.255.0"
root = "/dev/sda1 ro"
extra = '4'
ln -s /etc/xen/domains/name_of_new_server_to_be /etc/xen/auto/
xm create name_of_new_server_to_be -c
# The -c is to attach a console. Very handy for when booting for the first time.
====== Config Centos domU ======
Note: vi is not installed by default. The "nano" text editor is installed and can be used instead of vi for the time being.
===== Change Default Password =====
The default login is:
username: root
password: password
Although root is not permitted to ssh in via Centos default, the above password needs to be changed asap. Use "passwd" to change it.
===== Change Network from DHCP to Manual IP =====
The Network settings and location of eth0 configs in Centos (as in redhat and fedora) are something which is different to that of Debian and Ubuntu. All system settings are kept in /etc/sysconfig rather than as individual files in /etc (as with debian and ubuntu).
nano /etc/sysconfig/network-scripts/ifcfg-eth0
#change to the following:
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=none
#BOOTPROTO=dhcp
ONBOOT=yes
IPADDR=ip.address
NETMASK=255.255.0.0
GATEWAY=gateway.ip
ifdown eth0
ifup eth0
===== Change sshd to allow root to login =====
**Note: This is only for convience, and is not recommended on production machines.**
nano /etc/ssh/sshd_config
#find and change the appropriate line to below:
PermitRootLogin yes
/etc/init.d/sshd restart
===== Change Host Name of Centos Server and add /etc/resolv.conf =====
nano /etc/sysconfig/network
#change:
HOSTNAME=centos_pristine
#to:
HOSTNAME=server_name
nano /etc/resolv.conf
#add the following:
domain yourdomain.com
search yourdomain.com
nameserver ip.of.dns.server
===== SCP/Copy Across Kernel Modules =====
If this was a debian domU, we would "apt-get install linux-image-2.6-xen-686" to provide the correct kernel modules in /lib/modules/. In this case, I done:
ssh root@debian_domU
cd /lib/modules/
tar -cvf 2.6.18-4-xen-686.tar 2.6.18-4-xen-686/
scp 2.6.18-4-xen-686.tar root@new_centos_server:
ssh root@new_centos_server
mv /root/2.6.18-4-xen-686.tar /lib/modules/
cd /lib/modules/
tar -xvf 2.6.18-4-xen-686.tar
Reboot the Centos Xen machine, and watch it reboot to see if there are any complaints.
===== Check Disks and Swap =====
free
df -h
If you get an error such as "df: `/dev/pts': No such file or directory", you need to edit the /etc/fstab to make sure everything is ok. I had to remove the "/dev/pts" offending line from /etc/fstab, reboot and then "df -h" showed up cleanly.
===== Set the Date, Time and Timezone =====
==== Install NTPd (Network Time Protocol Daemon) ====
yum install ntp
nano /etc/ntp.conf #not required
/etc/init.d/ntpd start
=== Set Run Levels for NTP ===
chkconfig --list
chkconfig --level 2345 ntpd on
chkconfig --list should now look like:
"ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off"
==== Set the Timezone ====
rm /etc/localtime
ln -s /usr/share/zoneinfo/Eire /etc/localtime
See: http://wiki.vpslink.com/index.php?title=How_to_Centos
===== Install vim editor =====
Vim is my default editor, and comes as standard with debian.
yum search vim
yum install vim-enhanced
#as vim is default, and vi is nothing, I chose to symlink it.
which vim (didnt work :-/)
whereis vim
ln -s /usr/bin/vim /usr/bin/vi
===== Add User =====
adduser username
passwd username
Note: When su 'ing in as root, you must go:
su -
otherwise the root file paths will be that of the users.
===== Install Extra Packages =====
yum install mailx
#this gives mail on the cmdline.
===== Install Default Centos Firewall =====
yum install system-config-securitylevel-tui
system-config-securitylevel-tui
#tab down to "customise" and open up ssh etc.
http://www.centos.org/modules/newbb/print.php?form=1&topic_id=8099&forum=32&order=ASC&start=0
----
====== Centos Package Information & Installation ======
In order to get an idea of "yum" (Yellowdog Updater Modified), the following guide/how-to should be read: http://www.centos.org/docs/5/html/yum/index.html
The following are some basic commands for the searching, installation, updating and removal of packages from the default repositories for Centos5.
yum list #provides a list of all available packages
yum list | grep httpd #search for httpd/apache packages
yum info httpd #gives a brief overview of the main package
yum search httpd #searches for packages with any reference to httpd. Returns an untidy long list of packages.
yum update #updates Centos5 Packages.
===== Install Apache2 (httpd) on Centos5 =====
yum install httpd
/etc/init.d/httpd start
chkconfig --list
chkconfig --level 2345 httpd on
#the above adds httpd so it will start on boot.
system-config-securitylevel-tui
#add http to the firewall for incoming
===== Install SNMP on Centos5 =====
Read [[Snmpd_%26_mrtg]] firstly.
yum list | grep snmp
yum install net-snmp.i386
/etc/init.d/snmpd start
=== Config for Start on Boot ===
chkconfig --list
chkconfig --level 2345 snmpd on
=== Config snmpd ===
The main config I wanted was to allow an ip on my network access the snmp information. The simplest solution was to mv the original snmpd.conf and create a basic new one. Feel free to simply add in the single line and test.
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf_orig
vi /etc/snmp/snmpd.conf
#add the following line only.
rocommunity public ip.address.of.snmp.server
/etc/init.d/snmpd restart
netstat -a | more
#The following is an automatic snmpd.conf config maker. I didnt get very far with it though. The above 1 line config worked fine.
snmpconf -g basic_setup
snmpconf
/etc/init.d/snmpd restart
=== Open up Firewall to allow incomming snmp ===
system-config-securitylevel-tui
Other ports: snmp:tcp snmp:udp
iptables -L
=== Testing using snmpwalk from Localhost ===
Basic snmp tools need to be installed. This package includes snmpwalk.
yum install net-snmp-utils.i386
snmpwalk -v 1 -OS -c public localhost
snmpwalk -v2c -OS -c public localhost
**Links:**
http://www.cassatt.com/infocentral/collage/3.4/docs/RedHatOSOutput/index.php
http://www.schemathings.com/?p=11
====== General Centos Setup Links and How-to's ======
http://wiki.vpslink.com/index.php?title=How_to_Centos
http://www.enterprisenetworkingplanet.com/netos/article.php/3665371
====== SELinux ======
I wanted to get selinux working. It took a little bit of tweaking, the biggest part was getting a proper kernel on dom0 to run CentOs with selinux extensions, but essentially here is how:
1. ssh into centos box and go: yum install kernel-xen.i686
2. mkinitrd --omit-scsi-modules --with=xennet --with=xenblk --preload=xenblk initrd-$(uname -r)-no-scsi.img 2.6.18-128.1.16.el5xen
http://www.virtuatopia.com/index.php/A_Xen_Guest_OS_fails_to_boot_with_a_%22switchroot:_mount_failed:_No_such_file_or_directory_error_message%22_error_message.
3. Copy the following files to dom0:
initrd-2.6.18-6-xen-686-no-scsi.img
/boot/vmlinuz-2.6.18-128.1.16.el5xen
4. Edit the domU startup script to include the above.
5. Boot up CentOS. It gave out about SELinux in enforcing mode, and it paniked. I mounted the centos drive and edited: /etc/selinux/config to change it to permissive.
6. Booted up ok then. More issues however with "PTY allocation request failed on channel 0". Reading http://www.asteriosk.gr/blog/2009/02/20/pty-allocation-request-failed-on-channel-0/ including the comments got that resolved. I could ssh in ok, but the xm console did not work. More to do later on sorting this.
A few things in CentOS then:
yum list installed | grep selinux
libselinux.i386 1.33.4-5.1.el5 installed
yum install selinux-policy.noarch
-bash-3.2# sestatus
SELinux status: disabled
should be enabled once the correct kernel in dom0 boots the centos domU.
===== SELinux Links =====
http://koltsoff.com/pub/securing-centos/
http://docs.fedoraproject.org/selinux-faq-fc3/index.html#using-s-c-securitylevel