XEN/PV - Bootstrapping Debian/Ubuntu

+--[ED25519 256]--+
|                 |
|      .          |
|     o           |
|      + .o. .    |
|    .o *So.o     |
|     oEO=*o.     |
|      B B.=...   |
|     o + +.B+=...|
|      . .oO=X=oo.|
+----[SHA256]-----+

Introduction

The kernel has to be either a freaking custom domU kernel or the official Ubuntu/xen one. In any case, NO INSTALL RAMDISK IS NEEDED.

Requirements

See Debootstrap Ready

As for the file-system, REISER4 is an invalid base for docker storage overlays. You need EXT4 or eventually XFS. Prepare the guest skeleton

guest=bionic

mkdir -p /data/guests/$guest/
cd /data/guests/$guest/

dd if=/dev/zero of=$guest.ext4 bs=1G count=0 seek=10
mkfs.ext4 $guest.ext4
#dd if=/dev/zero of=$guest.reiser4 bs=1G count=0 seek=10
#mkfs.reiser4 -yf $guest.reiser4

#dd if=/dev/zero of=ubuntu.swap bs=1G count=0 seek=1
#mkswap ubuntu.swap

mkdir lala/ && mount $guest.ext4 lala/
#mount $guest.reiser4 lala/

Debootstraping

bootstrap an Ubuntu system

mirror=ru
dist=bionic
#time debootstrap --arch=i386 $dist lala/ http://$mirror.archive.ubuntu.com/ubuntu/
time debootstrap --arch=amd64 $dist lala/ http://$mirror.archive.ubuntu.com/ubuntu/
#--print-debs
#--no-check-gpg

du -sh lala/
# trustyx32 242M
# xenial 248M, 247M
# artful 302M, 307M
# bionic 306M ??862M

cat lala/etc/hostname #noexist
echo $guest > lala/etc/hostname

bootstrap a Debian system

mirror=ru
dist=stretch
time debootstrap --arch=amd64 $dist lala/ http://ftp.$mirror.debian.org/debian/

du -sh lala/
# stretch 644M

echo stretch > lala/etc/hostname

Using xvda1 instead of xvda so in case grub gets installed, it will not be able to override anything on an absent area

cat lala/etc/fstab # UNCONFIGURED FSTAB FOR BASE SYSTEM
cat > lala/etc/fstab <<-EOF
proc /proc proc defaults 0 0
/dev/xvda1 / ext4 defaults 0 1
#/dev/xvdb1 none swap sw 0 0
EOF
#/dev/xvda1 / reiser4 defaults 0 1
cat lala/etc/fstab

Enable TMEM

mkdir lala/lib/modules/
ls -lF /data/kernels/lib.modules.*.tar.gz
tar xzf /data/kernels/lib.modules.5.2.14.domureiser4.tar.gz -C lala/lib/modules/
ls -lF lala/lib/modules/
echo tmem >> lala/etc/modules
cat lala/etc/modules

Prepare the system,

chroot lala/ /bin/bash

for ver in `ls -1 /lib/modules/`; do echo -n $ver...; depmod -a $ver && echo done; done; unset ver

console requires a password unless you play with getty, but disabling it instead,

passwd -d root
#usermod -p '*' root

# debian
#apt install locales

locale -a
locale-gen
update-locale LANG="C.UTF-8"
update-locale LANGUAGE="C.UTF-8"
update-locale LC_ALL="C.UTF-8"
#LANGUAGE="en_US.UTF-8"
#LC_ALL="en_US.UTF-8"
cat /etc/default/locale

#dpkg-reconfigure locales
#locale-gen en_US.UTF-8
#update-locale LANG=en_US.UTF-8

ubuntu

dist=bionic
mv /etc/apt/sources.list /etc/apt/sources.list.dist
cat > /etc/apt/sources.list <<-EOF
deb http://ru.archive.ubuntu.com/ubuntu $dist main restricted universe
deb http://ru.archive.ubuntu.com/ubuntu $dist-updates main restricted universe
deb http://ru.archive.ubuntu.com/ubuntu $dist-security main restricted universe
#multiverse
#$dist-backports
EOF
cat /etc/apt/sources.list

debian

mv /etc/apt/sources.list /etc/apt/sources.list.dist
cat > /etc/apt/sources.list <<-EOF
deb http://ftp.ru.debian.org/debian stretch main contrib
deb http://ftp.ru.debian.org/debian stretch-updates main contrib
#non-free
#stretch-backports
EOF
cat /etc/apt/sources.list

and proceed

vi /etc/apt/apt.conf.d/02proxy

Acquire::http { Proxy "http://x.x.x.x:3142"; };

apt update
apt -y full-upgrade
export DEBIAN_FRONTEND=noninteractive
apt -y install man-db manpages ifupdown resolvconf net-tools openssh-server openssh-client mlocate bsd-mailx
ls -lF /etc/postfix/main.cf
apt purge nplan netplan.io ntp
apt-get autoremove
dpkg -l | grep ^rc

systemctl disable systemd-resolved.service
systemctl disable systemd-timesyncd
systemctl enable resolvconf.service
systemctl set-default multi-user

no NTP needed, as this is XEN/PV, but timezone will help

ls -lF /etc/localtime
ln -sf ../usr/share/zoneinfo/Europe/Moscow /etc/localtime
cat /etc/timezone
echo Europe/Moscow > /etc/timezone

template network

rm -rf /etc/network/interfaces.d/
rm -f /etc/network/interfaces
vi /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address IP_ADDRESS/24
        gateway GATEWAY_IP
        dns-nameservers x.x.x.x
        #208.67.222.222 208.67.220.220
        #dns-search sne.lan
EOF

vi /etc/hosts

x.x.x.x       bionic
x.x.x.x       gw

revert back to sane defaults

mv -i /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
sed '/^#/d; /^$/d; s/HashKnownHosts yes/HashKnownHosts no/; s/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config
cat /etc/ssh/ssh_config

cd ~/
mkdir .ssh/
chmod 700 .ssh/
vi .ssh/authorized_keys
PASTE YOUR PUB KEYS HERE
chmod 600 .ssh/authorized_keys

^D
umount lala/ && rmdir lala/

Guest Configuration

cat > $guest <<-EOF
kernel = "/data/kernels/vmlinuz"
root = "/dev/xvda1 ro console=hvc0 netcfg/do_not_use_netplan=true ipv6.disable=1 net.ifnames=0 biosdevname=0 mitigations=off"
memory = 8192
name = "$guest"
vcpus = 16
maxvcpus = 16
disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.ext4,xvda1,w']
#disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.reiser4,xvda1,w']
#disk = ['phy:/dev/drbd1,xvda1,w']
vif = [ 'bridge=xenbr0, vifname=$guest.0' ]
EOF
vi $guest
cd ../

Acceptance

xl create $guest -c

login and check that everything is fine

cat /sys/devices/system/clocksource/*/current_clocksource
systemctl get-default
ifconfig
ls -lF /etc/resolv.conf*
ping opendns.com

cat /etc/resolv.conf
lsmod | grep tmem
free -m

poweroff

Template

eventually make a template out of it, and avoid doing this on an NFS share

fsck.ext4 $guest/$guest.ext4
#xfs_repair $guest.xfs
tar czSf ../templates/bionic.tar.gz bionic/

then while deploying it (cloning the template), regenerate host-keys first

mkdir lala
mount $guest.ext4 lala
echo NEW-HOST > lala/etc/hostname
ls -lF lala/etc/ssh/ssh_host_*
rm -f lala/etc/ssh/ssh_host_*
ssh-keygen -q -t ed25519 -f lala/etc/ssh/ssh_host_ed25519_key -C "root@$guest" -N ""
#chroot lala dpkg-reconfigure openssh-server
umount lala
rmdir lala

Debian/Ubuntu // xen-tools & debootstrap & LVM2

apt install lvm2 xen-tools
pvcreate /dev/sdaX
vgcreate guestsvg /dev/sdaX
vi /etc/xen-tools/xen-tools.conf

lvm = guestsvg
install-method = debootstrap
size = 10Gb
memory = 2Gb
swap = 1Gb
fs = ext4
ext4_options = noatime,nodiratime,errors=remount-ro
dist = `xt-guess-suite-and-mirror --suite`
image = sparse
kernel = /boot/vmlinuz-`uname -r`
initrd = /boot/initrd.img-`uname -r`
pygrub = 1
mirror = `xt-guess-suite-and-mirror --mirror`

ready to build a guest,

guest=GUEST-NAME

xen-create-image --hostname $guest --ip x.x.x.x --netmask x.x.x.x --gateway x.x.x.x --vcpus 2 --dist stretch

vi /etc/xen/$guest.cfg

vif = [ 'script=vif-bridge, bridge=xenbr0' ]

xl create /etc/xen/$guest.cfg -c

References

overall

• https://www.virtuatopia.com/index.php/Building_a_Xen_Virtual_Guest_Filesystem_on_a_Physical_Disk_Partition_(Cloning_Host_System)

sysprep

• https://superuser.com/questions/1318220/ubuntu-18-04-disable-dnsmasq-base-and-enable-full-dnsmasq
• https://unix.stackexchange.com/questions/197670/how-to-disable-a-service-without-using-systemctl-disable
• https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian

syntax

• https://xenbits.xen.org/docs/unstable/SUPPORT.html#blkback
• https://xenbits.xen.org/docs/unstable/man/xen-vbd-interface.7.html
• https://xenbits.xen.org/docs/unstable/man/xl-disk-configuration.5.html

---

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml