The kernel has to be either a freaking custom domU kernel or the official Ubuntu/xen one. In any case, NO INSTALL RAMDISK IS NEEDED.
Note REISER4 is an invalid file-system for docker storage overlays. You need EXT4 or XFS.
Check for latest existing ubuntu (more) or debian releases and proceed
Prepare the guest skeleton
guest=jammy guest=bullseye mkdir -p /data/guests/$guest/lala/ cd /data/guests/$guest/ # right below the tar and ustar format file size limits # and for partclone, also needs to be smaller than destination block device anyhow dd if=/dev/zero of=$guest.btrfs bs=1M count=0 seek=8191 mkfs.btrfs $guest.btrfs mount -o compress=lzo $guest.btrfs lala/ #dd if=/dev/zero of=$guest.swap bs=1G count=0 seek=1 #mkswap $guest.swap
mirror=... # takes about 4 minutes time debootstrap --arch=amd64 $guest lala/ $mirror # cacher=http://x.x.x.x:3142 # $cacher/ftp.ru.debian.org/debian/ # --arch=i386 # --print-debs # --no-check-gpg du -sh lala/
Using xvda1 instead of xvda so in case grub gets installed, it will not be able to override anything on an absent area
vi lala/etc/fstab /dev/xvda1 / btrfs compress=lzo 0 0 proc /proc proc defaults 0 0 tmpfs /tmp tmpfs rw,nodev,nosuid,noatime,relatime 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 #/dev/xvdb1 none swap sw 0 0
Enable TMEM
mkdir lala/lib/modules/ tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/ ls -lF lala/lib/modules/ echo tmem >> lala/etc/modules cat lala/etc/modules
ls -lF lala/etc/hostname # no exist
echo $guest > lala/etc/hostname
To make Perl packages happy, you need to tweak bash.bashrc, not profile
cp -pi lala/etc/bash.bashrc lala/etc/bash.bashrc.dist
cat >> lala/etc/bash.bashrc <<-EOF
source /usr/share/bash-completion/bash_completion
export LANGUAGE="en_US:en"
export LC_ALL="C.UTF-8"
export LC_COLLATE="C.UTF-8"
export LANG="C.UTF-8"
alias ll='ls --group-directories-first --color=auto -alh'
alias ls='ls --group-directories-first --color=auto'
alias cp='cp -i'
alias mv='mv -i'
alias rm='rm -i'
EOF
zone=Europe/Moscow
ls -lF lala/etc/localtime
ln -sf ../usr/share/zoneinfo/$zone lala/etc/localtime
cat lala/etc/timezone
echo $zone > lala/etc/timezone # override
point to the closest mirror
cat lala/etc/apt/sources.list
# ubuntu
cat > lala/etc/apt/sources.list <<-EOF
deb $mirror $guest main restricted universe multiverse
deb $mirror $guest-updates main restricted universe multiverse
deb $mirror $guest-security main restricted universe multiverse
#deb $mirror $guest-backports main restricted universe multiverse
EOF
# debian
cat > lala/etc/apt/sources.list <<-EOF
deb $mirror $guest main contrib non-free
deb $mirror $guest-updates main contrib non-free
# $guest-backports
EOF
eventually setup a package proxy
vi lala/etc/apt/apt.conf.d/02proxy
Acquire::http { Proxy "http://x.x.x.x:3142"; };
mv lala/etc/hosts lala/etc/hosts.dist
cat > lala/etc/hosts <<-EOF
127.0.0.1 localhost
192.168.122.1 gw
192.168.122.9 $guest
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF
rmdir lala/etc/network/interfaces.d/
cat > lala/etc/network/interfaces <<-EOF # override
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.122.9/24
gateway 192.168.122.1
EOF
moar options
#dns-nameservers 208.67.222.222 208.67.220.220
#dns-search DOMAIN.TLD
we use our own stub-resolver
cat lala/etc/resolv.conf
mv lala/etc/resolv.conf lala/etc/resolv.conf.dist
# kvm
echo nameserver 192.168.122.1 > lala/etc/resolv.conf
# dedibox
echo 62.210.16.6 > lala/etc/resolv.conf
echo 62.210.16.7 >> lala/etc/resolv.conf
# opendns
echo nameserver 208.67.222.222 > lala/etc/resolv.conf
echo nameserver 208.67.222.220 >> lala/etc/resolv.conf
ls -lF lala/etc/resolv.conf*
now let’s proceed with the insider stuff
mount -o bind /dev/pts lala/dev/pts
mount -o bind /proc lala/proc # rsyslog:systemd-tmpfiles
chroot lala/ bash
perl -e exit
console requires a password unless you tweak getty like hell – disabling it instead
passwd -d root
#usermod -p '*' root
tune the guest userland serial console
systemctl get-default
systemctl set-default multi-user
# kvm-only
#systemctl enable serial-getty@ttyS0.service
No NTP is required, this is a guest system
dpkg -l | grep ntp # not installed
systemctl list-unit-files | grep ntp # not present
# ubuntu
systemctl disable systemd-timesyncd
also disable the stub-on-steroids
# not in use anymore
dpkg -l | grep resolv
systemctl list-unit-files | grep resolv
systemctl disable systemd-resolved
perform a system upgrade before making a template out of it
export DEBIAN_FRONTEND=noninteractive
apt update
apt dist-upgrade
apt autoremove --purge
you might also want those additional packages
apt install \
ifupdown \
net-tools \
man-db \
manpages \
openssh-server \
openssh-client \
mlocate \
wget \
elvis-tiny \
bash-completion
ls -lF /usr/share/bash-completion/bash_completion
#bsd-mailx would install postfix of exim
#ls -lF /etc/postfix/main.cf
#ls -lF /etc/exim4/
finally exit the chroot
updatedb
history -c
^D
we’re done!
rm -f lala/root/.bash_history
umount -R lala/
rmdir lala/
du -sh $guest.btrfs
# 948M jammy.btrfs w/ lzo
# 990M bullseye.btrfs
unless you want a disk template
cat > $guest <<-EOF
kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz"
root = "/dev/xvda1 ro console=hvc0 net.ifnames=0 biosdevname=0 netcfg/do_not_use_netplan=true mitigations=off"
#extra = "init=/bin/bash"
name = "$guest"
memory = 1024
vcpus = 2
disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.ext4,xvda1,w']
#disk = ['phy:/dev/drbd/by-res/dnc9/0,xvda1,w']
vif = [ 'bridge=guestbr0, vifname=$guest' ]
#type = "pvh"
EOF
# maxvcpus = 16
# ipv6.disable=1
# extra = "init=/bin/bash"
# memory = 7168 8192 10240 12288 16384 32768
# disk = ['phy:/dev/vdisks/thin1,xvda1,w']
or skip to template section already
xl create $guest -c
login and check that everything is fine
ifconfig netstat -rn ls -lF /etc/resolv.conf* cat /etc/resolv.conf ping -c3 opendns.com cat /sys/devices/system/clocksource/clocksource0/available_clocksource cat /sys/devices/system/clocksource/clocksource0/current_clocksource dpkg -l | grep ntp # no exist systemctl get-default lsmod | grep tmem free -m updatedb rm -f .bash_history history -c #poweroff ^] xl shu $guest
see tpl for new kind of DRBD thin volume templates.
for the old way with sparse files, here we go
cd /data/guests/
either do it manually
(avoid doing this on an NFS share)
fsck.reiser4 -y $guest.reiser4 #xfs_repair $guest.xfs tar cSf /data/templates/$guest.tar $guest/
–or– proceed with the script (does the same)
newtemplate.bash $guest
and get rid of the temporary guest, or rename it to something useful already
rm -rf $guest/ #renameguest.bash $guest NEW-NAME
while deploying it, regenerate host-keys first
mkdir lala mount $guest.ext4 lala echo NEW-HOST > lala/etc/hostname ls -lF lala/etc/ssh/ssh_host_* rm -f lala/etc/ssh/ssh_host_* ssh-keygen -q -t ed25519 -f lala/etc/ssh/ssh_host_ed25519_key -C "root@$guest" -N "" #chroot lala dpkg-reconfigure openssh-server umount lala rmdir lala
you might even consider re-creating the snakeoil cert
openssl x509 -text -noout < lala/etc/ssl/certs/ssl-cert-snakeoil.pem ...
apt install lvm2 xen-tools pvcreate /dev/sdaX vgcreate guestsvg /dev/sdaX vi /etc/xen-tools/xen-tools.conf lvm = guestsvg install-method = debootstrap size = 10Gb memory = 2Gb swap = 1Gb fs = ext4 ext4_options = noatime,nodiratime,errors=remount-ro dist = `xt-guess-suite-and-mirror --suite` image = sparse kernel = /boot/vmlinuz-`uname -r` initrd = /boot/initrd.img-`uname -r` pygrub = 1 mirror = `xt-guess-suite-and-mirror --mirror`
ready to build a guest,
xen-create-image --hostname $guest --ip x.x.x.x --netmask x.x.x.x --gateway x.x.x.x --vcpus 2 --dist stretch vi /etc/xen/$guest.cfg vif = [ 'script=vif-bridge, bridge=xenbr0' ] xl create /etc/xen/$guest.cfg -c
vi lala/etc/netplan/nethence.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
dhcp6: no
addresses:
- $ip/24
gateway4: ${ip%\.*}.254
nameservers:
addresses: [62.210.16.6, 62.210.16.7]
search: [nethence.com]
W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg
==> Double-check debootstrap.
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_COLLATE = "C",
LANG = "en_US.UTF-8"
are supported and installed on your system.
and also
Setting up resolvconf (1.79) ... locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory
==> Define those missing variables in bashrc and not profile, as seen above.
https://www.virtuatopia.com/index.php/Building_a_Xen_Virtual_Guest_Filesystem_on_a_Physical_Disk_Partition_(Cloning_Host_System)
https://wiki.debian.org/DebianKeyring#Obtaining_Keys
https://askubuntu.com/questions/958795/how-to-use-the-mirror-option-of-apt-cacher-ng-for-debootstrap
https://superuser.com/questions/1318220/ubuntu-18-04-disable-dnsmasq-base-and-enable-full-dnsmasq
https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian
https://xenbits.xen.org/docs/unstable/SUPPORT.html#blkback
https://xenbits.xen.org/docs/unstable/man/xen-vbd-interface.7.html
https://xenbits.xen.org/docs/unstable/man/xl-disk-configuration.5.html
https://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue
https://www.linuxsecrets.com/discussions/5940-howto-linux-mount-devpts-file-system-on-dev-pts
https://wiki.debian.org/chroot#A.2Fdev.2Fpts
https://www.cyberciti.biz/faq/linux-mount-devpts/
even more minimalistic https://sabotage-linux.neocities.org/blog/12/