The kernel has to be either a freaking custom domU kernel or the official Ubuntu/xen one. In any case, NO INSTALL RAMDISK IS NEEDED.
Note REISER4 is an invalid file-system for docker storage overlays. You need EXT4 or XFS.
Check for latest existing ubuntu (more) or debian releases and proceed
Prepare the guest skeleton
guest=jammy guest=bullseye mkdir -p /data/guests/$guest/lala/ cd /data/guests/$guest/ # right below the tar and ustar format file size limits # and for partclone, also needs to be smaller than destination block device anyhow dd if=/dev/zero of=$guest.btrfs bs=1M count=0 seek=8191 mkfs.btrfs $guest.btrfs mount -o compress=lzo $guest.btrfs lala/ #dd if=/dev/zero of=$guest.swap bs=1G count=0 seek=1 #mkswap $guest.swap
mirror=... # takes about 4 minutes time debootstrap --arch=amd64 $guest lala/ $mirror # cacher=http://x.x.x.x:3142 # $cacher/ftp.ru.debian.org/debian/ # --arch=i386 # --print-debs # --no-check-gpg du -sh lala/
Using xvda1
instead of xvda
so in case grub gets installed, it will not be able to override anything on an absent area
vi lala/etc/fstab /dev/xvda1 / btrfs compress=lzo 0 0 proc /proc proc defaults 0 0 tmpfs /tmp tmpfs rw,nodev,nosuid,noatime,relatime 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 #/dev/xvdb1 none swap sw 0 0
Enable TMEM
mkdir lala/lib/modules/ tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/ ls -lF lala/lib/modules/ echo tmem >> lala/etc/modules cat lala/etc/modules
ls -lF lala/etc/hostname # no exist echo $guest > lala/etc/hostname
To make Perl packages happy, you need to tweak bash.bashrc, not profile
cp -pi lala/etc/bash.bashrc lala/etc/bash.bashrc.dist cat >> lala/etc/bash.bashrc <<-EOF source /usr/share/bash-completion/bash_completion export LANGUAGE="en_US:en" export LC_ALL="C.UTF-8" export LC_COLLATE="C.UTF-8" export LANG="C.UTF-8" alias ll='ls --group-directories-first --color=auto -alh' alias ls='ls --group-directories-first --color=auto' alias cp='cp -i' alias mv='mv -i' alias rm='rm -i' EOF zone=Europe/Moscow ls -lF lala/etc/localtime ln -sf ../usr/share/zoneinfo/$zone lala/etc/localtime cat lala/etc/timezone echo $zone > lala/etc/timezone # override
point to the closest mirror
cat lala/etc/apt/sources.list
# ubuntu cat > lala/etc/apt/sources.list <<-EOF deb $mirror $guest main restricted universe multiverse deb $mirror $guest-updates main restricted universe multiverse deb $mirror $guest-security main restricted universe multiverse #deb $mirror $guest-backports main restricted universe multiverse EOF # debian cat > lala/etc/apt/sources.list <<-EOF deb $mirror $guest main contrib non-free deb $mirror $guest-updates main contrib non-free # $guest-backports EOF
eventually setup a package proxy
vi lala/etc/apt/apt.conf.d/02proxy Acquire::http { Proxy "http://x.x.x.x:3142"; };
mv lala/etc/hosts lala/etc/hosts.dist cat > lala/etc/hosts <<-EOF 127.0.0.1 localhost 192.168.122.1 gw 192.168.122.9 $guest ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters EOF rmdir lala/etc/network/interfaces.d/ cat > lala/etc/network/interfaces <<-EOF # override auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.122.9/24 gateway 192.168.122.1 EOF
moar options
#dns-nameservers 208.67.222.222 208.67.220.220 #dns-nameservers 62.210.16.6 62.210.16.7 #dns-search DOMAIN.TLD
we use our own stub-resolver
cat lala/etc/resolv.conf mv lala/etc/resolv.conf lala/etc/resolv.conf.dist echo nameserver 192.168.122.1 > lala/etc/resolv.conf echo nameserver 208.67.222.222 > lala/etc/resolv.conf echo nameserver 208.67.222.220 >> lala/etc/resolv.conf ls -lF lala/etc/resolv.conf*
now let’s proceed with the insider stuff
mount -o bind /dev/pts lala/dev/pts mount -o bind /proc lala/proc # rsyslog:systemd-tmpfiles chroot lala/ bash perl -e exit
console requires a password unless you tweak getty like hell – disabling it instead
passwd -d root #usermod -p '*' root
tune the guest userland serial console
systemctl get-default systemctl set-default multi-user # kvm-only #systemctl enable serial-getty@ttyS0.service
No NTP is required, this is a guest system
dpkg -l | grep ntp # not installed systemctl list-unit-files | grep ntp # not present # ubuntu systemctl disable systemd-timesyncd
also disable the stub-on-steroids
# not in use anymore dpkg -l | grep resolv systemctl list-unit-files | grep resolv systemctl disable systemd-resolved
perform a system upgrade before making a template out of it
export DEBIAN_FRONTEND=noninteractive apt update apt dist-upgrade apt autoremove --purge
you might also want those additional packages
apt install \ ifupdown \ net-tools \ man-db \ manpages \ openssh-server \ openssh-client \ mlocate \ wget \ elvis-tiny \ bash-completion ls -lF /usr/share/bash-completion/bash_completion #bsd-mailx would install postfix of exim #ls -lF /etc/postfix/main.cf #ls -lF /etc/exim4/
finally exit the chroot
updatedb history -c ^D
we’re done!
rm -f lala/root/.bash_history umount -R lala/ rmdir lala/ du -sh $guest.btrfs # 948M jammy.btrfs w/ lzo # 990M bullseye.btrfs
unless you want a disk template
cat > $guest <<-EOF kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz" root = "/dev/xvda1 ro console=hvc0 net.ifnames=0 biosdevname=0 netcfg/do_not_use_netplan=true mitigations=off" #extra = "init=/bin/bash" name = "$guest" memory = 1024 vcpus = 2 disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.ext4,xvda1,w'] #disk = ['phy:/dev/drbd/by-res/dnc9/0,xvda1,w'] vif = [ 'bridge=guestbr0, vifname=$guest' ] #type = "pvh" EOF # maxvcpus = 16 # ipv6.disable=1 # extra = "init=/bin/bash" # memory = 7168 8192 10240 12288 16384 32768 # disk = ['phy:/dev/vdisks/thin1,xvda1,w']
or skip to template section already
xl create $guest -c
login and check that everything is fine
ifconfig netstat -rn ls -lF /etc/resolv.conf* cat /etc/resolv.conf ping -c3 opendns.com cat /sys/devices/system/clocksource/clocksource0/available_clocksource cat /sys/devices/system/clocksource/clocksource0/current_clocksource dpkg -l | grep ntp # no exist systemctl get-default lsmod | grep tmem free -m updatedb rm -f .bash_history history -c #poweroff ^] xl shu $guest
see tpl for new kind of DRBD thin volume templates.
for the old way with sparse files, here we go
cd /data/guests/
either do it manually
(avoid doing this on an NFS share)
fsck.reiser4 -y $guest.reiser4 #xfs_repair $guest.xfs tar cSf /data/templates/$guest.tar $guest/
–or– proceed with the script (does the same)
newtemplate.bash $guest
and get rid of the temporary guest, or rename it to something useful already
rm -rf $guest/ #renameguest.bash $guest NEW-NAME
while deploying it, regenerate host-keys first
mkdir lala mount $guest.ext4 lala echo NEW-HOST > lala/etc/hostname ls -lF lala/etc/ssh/ssh_host_* rm -f lala/etc/ssh/ssh_host_* ssh-keygen -q -t ed25519 -f lala/etc/ssh/ssh_host_ed25519_key -C "root@$guest" -N "" #chroot lala dpkg-reconfigure openssh-server umount lala rmdir lala
you might even consider re-creating the snakeoil cert
openssl x509 -text -noout < lala/etc/ssl/certs/ssl-cert-snakeoil.pem ...
apt install lvm2 xen-tools pvcreate /dev/sdaX vgcreate guestsvg /dev/sdaX vi /etc/xen-tools/xen-tools.conf lvm = guestsvg install-method = debootstrap size = 10Gb memory = 2Gb swap = 1Gb fs = ext4 ext4_options = noatime,nodiratime,errors=remount-ro dist = `xt-guess-suite-and-mirror --suite` image = sparse kernel = /boot/vmlinuz-`uname -r` initrd = /boot/initrd.img-`uname -r` pygrub = 1 mirror = `xt-guess-suite-and-mirror --mirror`
ready to build a guest,
xen-create-image --hostname $guest --ip x.x.x.x --netmask x.x.x.x --gateway x.x.x.x --vcpus 2 --dist stretch vi /etc/xen/$guest.cfg vif = [ 'script=vif-bridge, bridge=xenbr0' ] xl create /etc/xen/$guest.cfg -c
vi lala/etc/netplan/nethence.yaml network: version: 2 renderer: networkd ethernets: eth0: dhcp4: no dhcp6: no addresses: - $ip/24 gateway4: ${ip%\.*}.254 nameservers: addresses: [62.210.16.6, 62.210.16.7] search: [nethence.com]
W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg
==> Double-check debootstrap.
perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_COLLATE = "C", LANG = "en_US.UTF-8" are supported and installed on your system.
and also
Setting up resolvconf (1.79) ... locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory
==> Define those missing variables in bashrc and not profile, as seen above.
https://www.virtuatopia.com/index.php/Building_a_Xen_Virtual_Guest_Filesystem_on_a_Physical_Disk_Partition_(Cloning_Host_System)
https://wiki.debian.org/DebianKeyring#Obtaining_Keys
https://askubuntu.com/questions/958795/how-to-use-the-mirror-option-of-apt-cacher-ng-for-debootstrap
https://superuser.com/questions/1318220/ubuntu-18-04-disable-dnsmasq-base-and-enable-full-dnsmasq
https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian
https://xenbits.xen.org/docs/unstable/SUPPORT.html#blkback
https://xenbits.xen.org/docs/unstable/man/xen-vbd-interface.7.html
https://xenbits.xen.org/docs/unstable/man/xl-disk-configuration.5.html
https://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue
https://www.linuxsecrets.com/discussions/5940-howto-linux-mount-devpts-file-system-on-dev-pts
https://wiki.debian.org/chroot#A.2Fdev.2Fpts
https://www.cyberciti.biz/faq/linux-mount-devpts/