====== KVM_Setup_on_Debian_Jessie ====== = Setup Base OS = I used hetzner's "installimage" to create RAID + LVM. installimage -> Debian -> Debian-86-jessie-64-minimal -> Hostname enterservername -> PART /boot ext3 512M -> PART lvm vg0 all -> LV vg0 root / ext4 10G -> LV vg0 swap swap swap 4G reboot Sanity checks free lvscan cat /proc/mdstat cat /etc/apt/sources.list apt-get update apt-get upgrade mdadm --examine --scan df -h cat /proc/cpuinfo Some strange reason apt didn't work with ipv6 after the initial update. So to force apt to use ipv4 vi /etc/apt/apt.conf.d/99hetzner #add in the line Acquire::ForceIPv4 "true"; = Install KVM = aptitude install qemu-kvm libvirt-bin #source: https://wiki.debian.org/KVM apt-get install virtinst virsh list = Network Config = vi /etc/network/interfaces auto br1 iface br1 inet static address 192.168.1.1 netmask 255.255.255.0 bridge_stp off bridge_fd 0 pre-up brctl addbr br1 pre-up echo 1 > /proc/sys/net/ipv4/ip_forward post-down brctl delbr br1 if up br1 #or reboot ====== Firewall Config ====== vi /etc/firewall.sh IPTABLES=/sbin/iptables EXTBR=br0 INTBR=br1 PRIVATE=192.168.1.0/24 $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F POSTROUTING -t nat $IPTABLES -F PREROUTING -t nat #################### # FORWARDS ################### $IPTABLES -A FORWARD -d $PRIVATE -o $INTBR -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -s $PRIVATE -i $INTBR -j ACCEPT $IPTABLES -A FORWARD -i $INTBR -o $INTBR -j ACCEPT $IPTABLES -A FORWARD -i $EXTBR -o $EXTBR -j ACCEPT ################### # NATTING ################### $IPTABLES -t nat -A POSTROUTING ! -d $PRIVATE -s $PRIVATE -j MASQUERADE $IPTABLES -t nat -A POSTROUTING ! -s $PRIVATE -d $PRIVATE -j MASQUERADE ################### # PORT FORWARDING (Remote Desktop) ################### $IPTABLES -t nat -A PREROUTING -p tcp --dport 9123 -j DNAT --to 192.168.1.2:3389 ################### # BLOCKING ################### #$IPTABLES -A FORWARD -j REJECT --reject-with icmp-port-unreachable ====== Call Firewall Script on boot ====== Reference -> https://wiki.debian.org/DebianFirewall vi /etc/network/interfaces # device: eth0 auto eth0 iface eth0 inet static #under this section, add -> pre-up /bin/sh /etc/firewall.sh = Setup VM = lvcreate -n lin01-boot --size 250m vg0 lvcreate -n lin01-swap --size 1g vg0 lvcreate -n lin01-root --size 5g vg0 mkfs.ext4 /dev/vg0/lin01-root mkswap /dev/vg0/lin01-swap wget -4 http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/mini.iso virt-install -d --name=lin01 --ram 512 --disk path=/dev/vg0/lin01-boot,bus=virtio,cache=none --disk path=/dev/vg0/lin01-root,bus=virtio,cache=none --disk path=/dev/vg0/lin01-swap,bus=virtio,cache=none --network bridge=br1,model=virtio --vnc --accelerate --cdrom /srv/os-images/debian-jessie-netinst.iso = Other Notes = apt-get install smartmontools smartctl -a /dev/sda | less smartctl -a /dev/sdb | less apt-get install munin-node apt-get install munin-libvirt-plugins munin-libvirt-plugins-detect apt-get install fail2ban ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sda ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sdb If you copy an xml file from libvirt from another PC and drop it in, you need to go: virsh define win01-win7.xml ====== DD Virtual Disk from one Server to new Server ====== #On new server: nc -l -p 7000 | dd of=/dev/vg0/win01-win7 bs=2M #The on old server: dd if=/dev/vg0/win02-win7 bs=2M | nc 88.xx.xx.x 7000 -q 10 ====== Replacement Hard Drive in Hetzner ====== https://wiki.hetzner.de/index.php/Festplattenaustausch_im_Software-RAID/en sfdisk -d /dev/sda | sfdisk /dev/sdb #where /dev/sda is the source drive and /dev/sdb is the target drive. grub-install /dev/sdb cat /proc/mdstat mdadm /dev/md0 -a /dev/sdb1