User Tools

Site Tools


kvm_setup_on_debian_jessie

KVM_Setup_on_Debian_Jessie

= Setup Base OS = I used hetzner's “installimage” to create RAID + LVM.

installimage → Debian → Debian-86-jessie-64-minimal → Hostname enterservername → PART /boot ext3 512M → PART lvm vg0 all → LV vg0 root / ext4 10G → LV vg0 swap swap swap 4G

reboot

Sanity checks free lvscan cat /proc/mdstat cat /etc/apt/sources.list apt-get update apt-get upgrade mdadm –examine –scan df -h cat /proc/cpuinfo

Some strange reason apt didn't work with ipv6 after the initial update. So to force apt to use ipv4 vi /etc/apt/apt.conf.d/99hetzner #add in the line Acquire::ForceIPv4 “true”;

= Install KVM = aptitude install qemu-kvm libvirt-bin #source: https://wiki.debian.org/KVM apt-get install virtinst

virsh list

= Network Config = vi /etc/network/interfaces auto br1 iface br1 inet static

      address 192.168.1.1
      netmask 255.255.255.0
      bridge_stp off
      bridge_fd 0
      pre-up brctl addbr br1
      pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
      post-down brctl delbr br1

if up br1 #or reboot

Firewall Config

vi /etc/firewall.sh IPTABLES=/sbin/iptables

EXTBR=br0 INTBR=br1

PRIVATE=192.168.1.0/24

$IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F POSTROUTING -t nat $IPTABLES -F PREROUTING -t nat

#################### # FORWARDS ################### $IPTABLES -A FORWARD -d $PRIVATE -o $INTBR -m state –state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -s $PRIVATE -i $INTBR -j ACCEPT $IPTABLES -A FORWARD -i $INTBR -o $INTBR -j ACCEPT $IPTABLES -A FORWARD -i $EXTBR -o $EXTBR -j ACCEPT

################### # NATTING ################### $IPTABLES -t nat -A POSTROUTING ! -d $PRIVATE -s $PRIVATE -j MASQUERADE $IPTABLES -t nat -A POSTROUTING ! -s $PRIVATE -d $PRIVATE -j MASQUERADE

################### # PORT FORWARDING (Remote Desktop) ################### $IPTABLES -t nat -A PREROUTING -p tcp –dport 9123 -j DNAT –to 192.168.1.2:3389

################### # BLOCKING ################### #$IPTABLES -A FORWARD -j REJECT –reject-with icmp-port-unreachable

Call Firewall Script on boot

Reference → https://wiki.debian.org/DebianFirewall vi /etc/network/interfaces # device: eth0 auto eth0 iface eth0 inet static #under this section, add → pre-up /bin/sh /etc/firewall.sh

= Setup VM = lvcreate -n lin01-boot –size 250m vg0 lvcreate -n lin01-swap –size 1g vg0 lvcreate -n lin01-root –size 5g vg0

mkfs.ext4 /dev/vg0/lin01-root mkswap /dev/vg0/lin01-swap

wget -4 http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/mini.iso

virt-install -d –name=lin01 –ram 512 –disk path=/dev/vg0/lin01-boot,bus=virtio,cache=none –disk path=/dev/vg0/lin01-root,bus=virtio,cache=none –disk path=/dev/vg0/lin01-swap,bus=virtio,cache=none –network bridge=br1,model=virtio –vnc –accelerate –cdrom /srv/os-images/debian-jessie-netinst.iso

= Other Notes = apt-get install smartmontools smartctl -a /dev/sda | less smartctl -a /dev/sdb | less apt-get install munin-node apt-get install munin-libvirt-plugins munin-libvirt-plugins-detect apt-get install fail2ban ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sda ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sdb

If you copy an xml file from libvirt from another PC and drop it in, you need to go: virsh define win01-win7.xml

DD Virtual Disk from one Server to new Server

#On new server: nc -l -p 7000 | dd of=/dev/vg0/win01-win7 bs=2M

#The on old server: dd if=/dev/vg0/win02-win7 bs=2M | nc 88.xx.xx.x 7000 -q 10

Replacement Hard Drive in Hetzner

https://wiki.hetzner.de/index.php/Festplattenaustausch_im_Software-RAID/en

sfdisk -d /dev/sda | sfdisk /dev/sdb #where /dev/sda is the source drive and /dev/sdb is the target drive. grub-install /dev/sdb

cat /proc/mdstat mdadm /dev/md0 -a /dev/sdb1

kvm_setup_on_debian_jessie.txt · Last modified: 2022/07/19 20:13 by 127.0.0.1