Create Centos5 DomU on Debian Etch Dom0

From Wiki

Jump to: navigation, search

This article will show you how to setup, install and config a Guest Centos5 Xen Virtual Server ontop of a Debian Etch Xen Install. This setup presumes you have a working Xen install (xen3) on a Debian Etch Server

Contents

Setup and Install Centos domU on Etch dom0

Xen-tools/rmpstrap Method - Problematic

Although xen-tools will create centos4 guest Xen VM's, it did not work well. Just as a debian system can be debootstrap'd Debian Etch has a "rpmstrap" package on apt which is meant to make creating a new install easier. There were problems providing a correct Centos mirror along with other issues. There was also little information on rpmstrapping Centos on Etch. The only guide available was: http://mark.foster.cc/wiki/index.php/Centos-4_on_Xen and was a little outdated.

Chosen Method - Centos5 Xen Install image

Either xen-tools or a manual xen domU creation (manually using rpmstrap) didn't work. As a result, a prebuilt minimal Xen domU install image was chosen. http://jailtime.org provides Virtual filesystems for Xen and worked a treat. Note: The Xen images are file based Xen Images which are not intended for production use. The http://jailtime.org website has instructions for moving a file based domU to a LVM/Disk based partition.

cd /xens/name_of_new_server_to_be/
links http://jailtime.org/download:centos:v5.0
#choose to download "download:centos:centos.5-0.20070424.img.tar.bz2" as there is no direct URL link to the download.
 
bunzip2 centos.5-0.20070424.img.tar.bz2
tar -xvf centos.5-0.20070424.img.tar
#if you like: rm centos.5-0.20070424.img.tar (its ~1gb)

Config Centos DomU Xen Config

#rm centos.5-0.xen2.cfg
#Its only a basic config. The following config will suffice:
vi /etc/xens/domains/name_of_new_server_to_be
kernel = "/boot/vmlinuz-2.6.18-4-xen-686"
ramdisk = "/boot/initrd.img-2.6.18-4-xen-686"
memory = 64
name = "name_of_new_server_to_be"
vif = ['bridge=xenbr0']
disk = ['file:/xens/name_of_new_server_to_be/centos.5-0.img,sda1,w','file:/xens/name_of_new_server_to_be/centos.swap,sda2,w']
ip = "ip.address"
gateway = "gateway"
netmask = "255.255.255.0"
root = "/dev/sda1 ro"
extra = '4'

ln -s /etc/xen/domains/name_of_new_server_to_be /etc/xen/auto/
xm create name_of_new_server_to_be -c
# The -c is to attach a console. Very handy for when booting for the first time.

Config Centos domU

Note: vi is not installed by default. The "nano" text editor is installed and can be used instead of vi for the time being.

Change Default Password

The default login is:

username: root
password: password

Although root is not permitted to ssh in via Centos default, the above password needs to be changed asap. Use "passwd" to change it.

Change Network from DHCP to Manual IP

The Network settings and location of eth0 configs in Centos (as in redhat and fedora) are something which is different to that of Debian and Ubuntu. All system settings are kept in /etc/sysconfig rather than as individual files in /etc (as with debian and ubuntu).

nano /etc/sysconfig/network-scripts/ifcfg-eth0
#change to the following:
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=none
#BOOTPROTO=dhcp
ONBOOT=yes
IPADDR=ip.address
NETMASK=255.255.0.0
GATEWAY=gateway.ip

ifdown eth0
ifup eth0

Change sshd to allow root to login

Note: This is only for convience, and is not recommended on production machines.

nano /etc/ssh/sshd_config
#find and change the appropriate line to below:
PermitRootLogin yes
/etc/init.d/sshd restart

Change Host Name of Centos Server and add /etc/resolv.conf

nano /etc/sysconfig/network
#change:
HOSTNAME=centos_pristine
#to:
HOSTNAME=server_name

nano /etc/resolv.conf
#add the following:
domain yourdomain.com
search yourdomain.com
nameserver ip.of.dns.server

SCP/Copy Across Kernel Modules

If this was a debian domU, we would "apt-get install linux-image-2.6-xen-686" to provide the correct kernel modules in /lib/modules/. In this case, I done:

ssh root@debian_domU
cd /lib/modules/
tar -cvf 2.6.18-4-xen-686.tar 2.6.18-4-xen-686/
scp 2.6.18-4-xen-686.tar root@new_centos_server:
ssh root@new_centos_server
mv /root/2.6.18-4-xen-686.tar /lib/modules/
cd /lib/modules/
tar -xvf 2.6.18-4-xen-686.tar

Reboot the Centos Xen machine, and watch it reboot to see if there are any complaints.

Check Disks and Swap

free
df -h

If you get an error such as "df: `/dev/pts': No such file or directory", you need to edit the /etc/fstab to make sure everything is ok. I had to remove the "/dev/pts" offending line from /etc/fstab, reboot and then "df -h" showed up cleanly.

Set the Date, Time and Timezone

Install NTPd (Network Time Protocol Daemon)

yum install ntp
nano /etc/ntp.conf #not required
/etc/init.d/ntpd start
Set Run Levels for NTP
chkconfig --list
chkconfig --level 2345 ntpd on

chkconfig --list should now look like: "ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off"

Set the Timezone

rm /etc/localtime
ln -s /usr/share/zoneinfo/Eire /etc/localtime

See: http://wiki.vpslink.com/index.php?title=How_to_Centos

Install vim editor

Vim is my default editor, and comes as standard with debian.

yum search vim
yum install vim-enhanced

#as vim is default, and vi is nothing, I chose to symlink it.
which vim (didnt work :-/)
whereis vim
ln -s /usr/bin/vim /usr/bin/vi

Add User

adduser username
passwd username

Note: When su 'ing in as root, you must go:

su -

otherwise the root file paths will be that of the users.

Install Extra Packages

yum install mailx
#this gives mail on the cmdline.

Install Default Centos Firewall

yum install system-config-securitylevel-tui

system-config-securitylevel-tui
#tab down to "customise" and open up ssh etc.

http://www.centos.org/modules/newbb/print.php?form=1&topic_id=8099&forum=32&order=ASC&start=0


Centos Package Information & Installation

In order to get an idea of "yum" (Yellowdog Updater Modified), the following guide/how-to should be read: http://www.centos.org/docs/5/html/yum/index.html

The following are some basic commands for the searching, installation, updating and removal of packages from the default repositories for Centos5.

yum list    #provides a list of all available packages

yum list | grep httpd    #search for httpd/apache packages

yum info httpd     #gives a brief overview of the main package

yum search httpd     #searches for packages with any reference to httpd. Returns an untidy long list of packages.

yum update     #updates Centos5 Packages.

Install Apache2 (httpd) on Centos5

yum install httpd
/etc/init.d/httpd start

chkconfig --list
chkconfig --level 2345 httpd on
#the above adds httpd so it will start on boot.

system-config-securitylevel-tui
#add http to the firewall for incoming

Install SNMP on Centos5

Read Snmpd_&_mrtg firstly.

yum list | grep snmp
yum install net-snmp.i386
/etc/init.d/snmpd start
Config for Start on Boot
chkconfig --list
chkconfig --level 2345 snmpd on
Config snmpd

The main config I wanted was to allow an ip on my network access the snmp information. The simplest solution was to mv the original snmpd.conf and create a basic new one. Feel free to simply add in the single line and test.

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf_orig
vi /etc/snmp/snmpd.conf
 #add the following line only.
 rocommunity public ip.address.of.snmp.server

/etc/init.d/snmpd restart
netstat -a | more

#The following is an automatic snmpd.conf config maker. I didnt get very far with it though. The above 1 line config worked fine.
snmpconf -g basic_setup
snmpconf
/etc/init.d/snmpd restart
Open up Firewall to allow incomming snmp
system-config-securitylevel-tui
Other ports: snmp:tcp snmp:udp
iptables -L
Testing using snmpwalk from Localhost

Basic snmp tools need to be installed. This package includes snmpwalk.

yum install net-snmp-utils.i386
snmpwalk -v 1 -OS -c public localhost
snmpwalk -v2c -OS -c public localhost

Links:
http://www.cassatt.com/infocentral/collage/3.4/docs/RedHatOSOutput/index.php
http://www.schemathings.com/?p=11

General Centos Setup Links and How-to's

http://wiki.vpslink.com/index.php?title=How_to_Centos

http://www.enterprisenetworkingplanet.com/netos/article.php/3665371

SELinux

I wanted to get selinux working. It took a little bit of tweaking, the biggest part was getting a proper kernel on dom0 to run CentOs with selinux extensions, but essentially here is how:

1. ssh into centos box and go: yum install kernel-xen.i686
2. mkinitrd --omit-scsi-modules --with=xennet --with=xenblk --preload=xenblk initrd-$(uname -r)-no-scsi.img 2.6.18-128.1.16.el5xen
   http://www.virtuatopia.com/index.php/A_Xen_Guest_OS_fails_to_boot_with_a_%22switchroot:_mount_failed:_No_such_file_or_directory_error_message%22_error_message.
3. Copy the following files to dom0:
   initrd-2.6.18-6-xen-686-no-scsi.img
   /boot/vmlinuz-2.6.18-128.1.16.el5xen
4. Edit the domU startup script to include the above.
5. Boot up CentOS. It gave out about SELinux in enforcing mode, and it paniked. I mounted the centos drive and edited: /etc/selinux/config to change it to permissive.
6. Booted up ok then. More issues however with "PTY allocation request failed on channel 0". Reading http://www.asteriosk.gr/blog/2009/02/20/pty-allocation-request-failed-on-channel-0/ including the comments got that resolved. I could ssh in ok, but the xm console did not work. More to do later on sorting this.

A few things in CentOS then:

yum list installed | grep selinux
libselinux.i386                         1.33.4-5.1.el5                 installed
yum install selinux-policy.noarch

-bash-3.2# sestatus
SELinux status:                 disabled
should be enabled once the correct kernel in dom0 boots the centos domU.


SELinux Links

http://koltsoff.com/pub/securing-centos/

http://docs.fedoraproject.org/selinux-faq-fc3/index.html#using-s-c-securitylevel

Personal tools