= Setup Base OS = I used hetzner's “installimage” to create RAID + LVM.
installimage → Debian → Debian-86-jessie-64-minimal → Hostname enterservername → PART /boot ext3 512M → PART lvm vg0 all → LV vg0 root / ext4 10G → LV vg0 swap swap swap 4G
reboot
Sanity checks free lvscan cat /proc/mdstat cat /etc/apt/sources.list apt-get update apt-get upgrade mdadm –examine –scan df -h cat /proc/cpuinfo
Some strange reason apt didn't work with ipv6 after the initial update. So to force apt to use ipv4 vi /etc/apt/apt.conf.d/99hetzner #add in the line Acquire::ForceIPv4 “true”;
= Install KVM = aptitude install qemu-kvm libvirt-bin #source: https://wiki.debian.org/KVM apt-get install virtinst
virsh list
= Network Config = vi /etc/network/interfaces auto br1 iface br1 inet static
address 192.168.1.1
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
pre-up brctl addbr br1
pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-down brctl delbr br1
if up br1 #or reboot
vi /etc/firewall.sh IPTABLES=/sbin/iptables
EXTBR=br0 INTBR=br1
PRIVATE=192.168.1.0/24
$IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F POSTROUTING -t nat $IPTABLES -F PREROUTING -t nat
#################### # FORWARDS ################### $IPTABLES -A FORWARD -d $PRIVATE -o $INTBR -m state –state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -s $PRIVATE -i $INTBR -j ACCEPT $IPTABLES -A FORWARD -i $INTBR -o $INTBR -j ACCEPT $IPTABLES -A FORWARD -i $EXTBR -o $EXTBR -j ACCEPT
################### # NATTING ################### $IPTABLES -t nat -A POSTROUTING ! -d $PRIVATE -s $PRIVATE -j MASQUERADE $IPTABLES -t nat -A POSTROUTING ! -s $PRIVATE -d $PRIVATE -j MASQUERADE
################### # PORT FORWARDING (Remote Desktop) ################### $IPTABLES -t nat -A PREROUTING -p tcp –dport 9123 -j DNAT –to 192.168.1.2:3389
################### # BLOCKING ################### #$IPTABLES -A FORWARD -j REJECT –reject-with icmp-port-unreachable
Reference → https://wiki.debian.org/DebianFirewall vi /etc/network/interfaces # device: eth0 auto eth0 iface eth0 inet static #under this section, add → pre-up /bin/sh /etc/firewall.sh
= Setup VM = lvcreate -n lin01-boot –size 250m vg0 lvcreate -n lin01-swap –size 1g vg0 lvcreate -n lin01-root –size 5g vg0
mkfs.ext4 /dev/vg0/lin01-root mkswap /dev/vg0/lin01-swap
wget -4 http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/mini.iso
virt-install -d –name=lin01 –ram 512 –disk path=/dev/vg0/lin01-boot,bus=virtio,cache=none –disk path=/dev/vg0/lin01-root,bus=virtio,cache=none –disk path=/dev/vg0/lin01-swap,bus=virtio,cache=none –network bridge=br1,model=virtio –vnc –accelerate –cdrom /srv/os-images/debian-jessie-netinst.iso
= Other Notes = apt-get install smartmontools smartctl -a /dev/sda | less smartctl -a /dev/sdb | less apt-get install munin-node apt-get install munin-libvirt-plugins munin-libvirt-plugins-detect apt-get install fail2ban ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sda ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sdb
If you copy an xml file from libvirt from another PC and drop it in, you need to go: virsh define win01-win7.xml
#On new server: nc -l -p 7000 | dd of=/dev/vg0/win01-win7 bs=2M
#The on old server: dd if=/dev/vg0/win02-win7 bs=2M | nc 88.xx.xx.x 7000 -q 10
https://wiki.hetzner.de/index.php/Festplattenaustausch_im_Software-RAID/en
sfdisk -d /dev/sda | sfdisk /dev/sdb #where /dev/sda is the source drive and /dev/sdb is the target drive. grub-install /dev/sdb
cat /proc/mdstat mdadm /dev/md0 -a /dev/sdb1