XEN/PV - Bootstrapping Debian/Ubuntu

Introduction

The kernel has to be either a freaking custom domU kernel or the official Ubuntu/xen one. In any case, NO INSTALL RAMDISK IS NEEDED.

Note REISER4 is an invalid file-system for docker storage overlays. You need EXT4 or XFS.

Requirements

Check for latest existing ubuntu (more) or debian releases and proceed.

Prepare the guest skeleton

guest=focal
guest=buster

cd /data/guests/
mkdir -p $guest/lala/
cd $guest/

#right below the tar and ustar format file size limits
dd if=/dev/zero of=$guest.ext4 bs=1M count=0 seek=8191

mkfs.ext4 $guest.ext4
mount $guest.ext4 lala/

#dd if=/dev/zero of=ubuntu.swap bs=1G count=0 seek=1
#mkswap ubuntu.swap

Key-rings

See debootstrap

Debootstraping

Ubuntu

# RUSSIA
mirror=http://ru.archive.ubuntu.com/ubuntu/

# FRANCE
#mirror=http://fr.archive.ubuntu.com/ubuntu/
#mirror=http://ftp.free.fr/mirrors/ftp.ubuntu.com/
mirror=http://mirrors.online.net/ubuntu/

Debian

# RUSSIA
mirror=http://ftp.ru.debian.org/debian/

# FRANCE
#mirror=http://ftp.fr.debian.org/debian/
#mirror=http://ftp.free.fr/mirrors/ftp.debian.org/
mirror=http://mirrors.online.net/debian/

proceed

dist=$guest
#cacher=http://x.x.x.x:3142

time debootstrap --arch=amd64 $dist lala/ $mirror
#$cacher/ftp.ru.debian.org/debian/
#--arch=i386
#--print-debs
#--no-check-gpg

#real    8m14.002s // pro5s1
#real    7m56.284s // pro5s1
#real    4m18.475s // pro5s1 without fetch and while GFS2 is in use
#focal 2m20.461s from online mirror

du -sh lala/
# trustyx32 242M
# xenial 248M, 247M
# artful 302M, 307M
# bionic 306M ??862M
# stretch 644M
# buster 653M // 278M sep2020
# focal 340M sep2020

cat lala/etc/hostname #noexist
echo $guest > lala/etc/hostname

Using xvda1 instead of xvda so in case grub gets installed, it will not be able to override anything on an absent area

vi lala/etc/fstab

/dev/xvda1 / ext4 defaults 0 1
proc /proc proc defaults 0 0
tmpfs /tmp tmpfs rw,nodev,nosuid,noatime,relatime 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0

#/dev/xvdb1 none swap sw 0 0

Enable TMEM

mkdir lala/lib/modules/
tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/
ls -lF lala/lib/modules/
echo tmem >> lala/etc/modules
cat lala/etc/modules

#for ver in `ls -1 /lib/modules/`; do
#       echo -n $ver...
#       depmod -a $ver && echo done
#done; unset ver

Packages

echo $dist
echo $mirror

cat lala/etc/apt/sources.list

Ubuntu

cat > lala/etc/apt/sources.list <<-EOF
deb $mirror $dist main restricted universe
deb $mirror $dist-updates main restricted universe
deb $mirror $dist-security main restricted universe
#multiverse
#$dist-backports
EOF

Debian

cat > lala/etc/apt/sources.list <<-EOF
    deb $mirror buster main contrib
    deb $mirror buster-updates main contrib

#deb $mirror stable main contrib
#deb $mirror stable-updates main contrib

#non-free
#stable-backports
EOF

eventually setup a package proxy

vi /etc/apt/apt.conf.d/02proxy

Acquire::http { Proxy "http://x.x.x.x:3142"; };

Ubuntu network

vi lala/etc/netplan/nethence.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
      addresses:
       - $ip/24
      gateway4: ${ip%\.*}.1
      nameservers:
    search: [nethence.com]
    addresses: [62.210.16.6, 62.210.16.7]

Debian network

rmdir lala/etc/network/interfaces.d/
vi lala/etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address IP_ADDRESS/24
        gateway GATEWAY_IP
        dns-search nethence.com
        dns-nameservers 62.210.16.6 62.210.16.7
        #208.67.222.222 208.67.220.220

cat lala/etc/hosts
cat > lala/etc/hosts <<-EOF
127.0.0.1       localhost $guest
::1             localhost ip6-localhost ip6-loopback $guest
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
EOF

Sysprep

No NTP is required, as this is XEN/PV, but a timezone will help

ls -lF lala/etc/localtime
ln -sf ../usr/share/zoneinfo/Europe/Moscow lala/etc/localtime
ln -sf ../usr/share/zoneinfo/Europe/Paris lala/etc/localtime
cat lala/etc/timezone
echo Europe/Moscow > lala/etc/timezone
echo Europe/Paris > lala/etc/timezone

To make Perl packages happy, you need to tweak bash.bashrc, not profile

cat >> lala/etc/bash.bashrc <<-EOF

    export LANGUAGE="en_US:en"
    export LC_ALL="C.UTF-8"
    export LC_COLLATE="C.UTF-8"
    export LANG="C.UTF-8"

    alias ll='ls -alhF'
    alias cp='cp -i'
    alias mv='mv -i'
    alias rm='rm -i'

EOF

console requires a password unless you play with getty – disabling it instead

chroot lala/ /bin/bash

passwd -d root
#usermod -p '*' root

and proceed with package updates

export DEBIAN_FRONTEND=noninteractive
apt update
apt -y full-upgrade
apt autoremove --purge
apt -y install man-db manpages openssh-server openssh-client mlocate

#bsd-mailx
#ls -lF /etc/postfix/main.cf
#ls -lF ll /etc/exim4/

    systemctl get-default
    systemctl set-default multi-user

Ubuntu only

systemctl disable systemd-timesyncd

Debian needs this

dpkg -l ifupdown
apt -y install resolvconf

and it does not hurt an Ubuntu system either

    apt -y install net-tools

that’s right, you’re done!

^D
umount lala/
rmdir lala/

Skeleton

INTERNAL NETWORK (br0)

cat > $guest <<-EOF
kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz"
root = "/dev/xvda1 ro console=hvc0 net.ifnames=0 biosdevname=0 mitigations=off"
memory = 7168
name = "$guest"
vcpus = 3
maxvcpus = 8
disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.ext4,xvda1,w']
vif = [ 'bridge=br0, vifname=$guest.0' ]
    type = "pvh"
EOF

#netcfg/do_not_use_netplan=true ipv6.disable=1
#extra = "init=/bin/bash"
    #memory = 8192
#memory = 10240
    #memory = 12288
    #memory = 16384
    #memory = 32768
#disk = ['phy:/dev/drbd1,xvda1,w']
#disk = ['phy:/dev/vdisks/thin1,xvda1,w']

Acceptance

xl create $guest -c

login and check that everything is fine

ifconfig
netstat -rn
ls -lF /etc/resolv.conf*
cat /etc/resolv.conf
ping -c3 opendns.com

cat /sys/devices/system/clocksource/clocksource0/current_clocksource
dpkg -l | grep ntp #noexist
systemctl get-default
lsmod | grep tmem
free -m
updatedb
history -c
#poweroff
^]

xl shu $guest

Template

It’s time to make a template out of it

cd ../
newtemplate.bash $guest
rm -rf $guest/
#renameguest.bash $guest NEW-NAME

–OR– eventually do it manually and avoid doing this on an NFS share

#fsck.ext4 $guest/$guest.ext4
fsck.reiser4 -y $guest.reiser4
#xfs_repair $guest.xfs
cd ../
tar czSf /data/templates/$guest.tar.gz $guest/

Re-deploy

while deploying it, regenerate host-keys first

mkdir lala
mount $guest.ext4 lala
echo NEW-HOST > lala/etc/hostname
ls -lF lala/etc/ssh/ssh_host_*
rm -f lala/etc/ssh/ssh_host_*
ssh-keygen -q -t ed25519 -f lala/etc/ssh/ssh_host_ed25519_key -C "root@$guest" -N ""
#chroot lala dpkg-reconfigure openssh-server
umount lala
rmdir lala

you might even consider re-creating the snakeoil cert

openssl x509 -text -noout < lala/etc/ssl/certs/ssl-cert-snakeoil.pem
...

Debian/Ubuntu // xen-tools & debootstrap & LVM2

apt install lvm2 xen-tools
pvcreate /dev/sdaX
vgcreate guestsvg /dev/sdaX
vi /etc/xen-tools/xen-tools.conf

lvm = guestsvg
install-method = debootstrap
size = 10Gb
memory = 2Gb
swap = 1Gb
fs = ext4
ext4_options = noatime,nodiratime,errors=remount-ro
dist = `xt-guess-suite-and-mirror --suite`
image = sparse
kernel = /boot/vmlinuz-`uname -r`
initrd = /boot/initrd.img-`uname -r`
pygrub = 1
mirror = `xt-guess-suite-and-mirror --mirror`

ready to build a guest,

xen-create-image --hostname $guest --ip x.x.x.x --netmask x.x.x.x --gateway x.x.x.x --vcpus 2 --dist stretch

vi /etc/xen/$guest.cfg

vif = [ 'script=vif-bridge, bridge=xenbr0' ]

xl create /etc/xen/$guest.cfg -c

Troubleshooting

W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg

==> Double-check debootstrap.

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LC_COLLATE = "C",
    LANG = "en_US.UTF-8"
    are supported and installed on your system.

and also

Setting up resolvconf (1.79) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

==> Define those missing variables in bashrc and not profile, as seen above.

References

overall

https://www.virtuatopia.com/index.php/Building_a_Xen_Virtual_Guest_Filesystem_on_a_Physical_Disk_Partition_(Cloning_Host_System)

https://wiki.debian.org/DebianKeyring#Obtaining_Keys

https://askubuntu.com/questions/958795/how-to-use-the-mirror-option-of-apt-cacher-ng-for-debootstrap

sysprep

https://superuser.com/questions/1318220/ubuntu-18-04-disable-dnsmasq-base-and-enable-full-dnsmasq

https://unix.stackexchange.com/questions/197670/how-to-disable-a-service-without-using-systemctl-disable

https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian

syntax

https://xenbits.xen.org/docs/unstable/SUPPORT.html#blkback

https://xenbits.xen.org/docs/unstable/man/xen-vbd-interface.7.html

https://xenbits.xen.org/docs/unstable/man/xl-disk-configuration.5.html

locales

https://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue

pts

https://www.linuxsecrets.com/discussions/5940-howto-linux-mount-devpts-file-system-on-dev-pts

https://wiki.debian.org/chroot#A.2Fdev.2Fpts

https://www.cyberciti.biz/faq/linux-mount-devpts/


HOME | GUIDES | BENCHMARKS | html