XEN // Bootstrap Debian / Ubuntu / Kali

Introduction

The kernel has to be either a freaking custom domU kernel or the official Ubuntu/xen one. In any case, NO INSTALL RAMDISK IS NEEDED.

Note REISER4 is an invalid file-system for docker storage overlays. You need EXT4 or XFS.

Guest vdisk

Check for latest existing ubuntu (more) or debian releases and proceed

guest=buster
guest=bullseye
guest=bookworm

mirror=http://ftp.COUNTRY-CODE.debian.org/debian/

mkdir -p /data/guests/$guest/lala/
cd /data/guests/$guest/

–either– prepare a SPARSE FILE VDISK

# right below the tar and ustar format file size limits
# and for partclone, also needs to be smaller than destination block device anyhow

dd if=/dev/zero of=$guest.reiser4 bs=1M count=0 seek=8191
mkfs.reiser4 -dfy $guest.reiser4 && echo OK || echo FAIL
mount $guest.reiser4 lala/

dd if=/dev/zero of=$guest.btrfs bs=1M count=0 seek=8191
mkfs.btrfs $guest.btrfs
mount -o compress=lzo $guest.btrfs lala/

#dd if=/dev/zero of=$guest.swap bs=1G count=0 seek=1
#mkswap $guest.swap

–or– a DRBD/LVM TEMPLATE VDISK

dnc-list-slots.bash
dnc-new-resource-template.bash NODE2 NODE3 SLOT $guest
ls -lF /dev/drbd/by-res/$guest/0

mkfs.reiser4 -dy /dev/drbd/by-res/$guest/0
mount -o async,noatime,nodiratime,txmod=wa,discard /dev/drbd7 lala/

mkfs.btrfs /dev/drbd/by-res/$guest/0
mount -o compress=lzo /dev/drbd/by-res/$guest/0 lala/

Key-rings

debootstrap

Bootstrap

time debootstrap --arch=amd64 $rel lala/ $mirror
# cacher=http://x.x.x.x:3142
# $cacher/ftp.COUNTRY-CODE.debian.org/debian/
# --arch=i386
# --print-debs
# --no-check-gpg

du -sh lala/

we are using xvda1 instead of xvda so in case grub gets installed, it will not be able to override anything on an absent area

vi lala/etc/fstab

/dev/xvda1 / reiser4 defaults,noatime,nodiratime,txmod=wa,discard 0 1
#/dev/xvda1 / btrfs defaults,noatime,nodiratime,compress=lzo 0 0
proc /proc proc defaults 0 0
tmpfs /tmp tmpfs rw,nodev,nosuid,noatime,relatime 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0

#/dev/xvdb1 none swap sw 0 0

enable TMEM

mkdir lala/lib/modules/
tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/

cat lala/etc/modules # nothing yet
echo tmem >> lala/etc/modules

Sysprep

cd /data/guests/
wget https://pub.nethence.com/bin/xen/prep-debian.bash.txt
mv prep-debian.bash.txt prep-debian.bash
chmod +x prep-debian.bash

cd /data/guests/$guest/
vi network.conf

cidr=10.1.0.9/16
gw=10.1.255.254
dns="x.x.x.x x.x.x.x"

it is important that $guest here corresponds to a debian release name, as we are setting up sources.list repositories

echo $guest # needs to be a release name
../prep-debian.bash $guest

Guest skeleton & acceptance

or skip to template section already

cat > $guest <<-EOF
kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz"
root = "/dev/xvda1 ro console=hvc0 net.ifnames=0 biosdevname=0"
name = "$guest"
vcpus = 3
memory = 7168
disk = ['tap:tapdisk:aio:/data/guests/$guest/$guest.reiser4,xvda1,w']
#disk = ['phy:/dev/drbd/by-res/dnc9/0,xvda1,w']
vif = [ 'bridge=guestbr0, vifname=$guest' ]
EOF

#netcfg/do_not_use_netplan=true mitigations=off
#extra = "init=/bin/bash"
    #type = "pvh"

# maxvcpus = 16
# ipv6.disable=1
# extra = "init=/bin/bash"
# memory = 7168 8192 10240 12288 16384 32768
# disk = ['phy:/dev/vdisks/thin1,xvda1,w']

proceed for a test run

xl create $guest -c

login and check that everything is fine

ifconfig
netstat -rn
ls -lF /etc/resolv.conf*
cat /etc/resolv.conf
ping -c3 opendns.com

cat /sys/devices/system/clocksource/clocksource0/available_clocksource
cat /sys/devices/system/clocksource/clocksource0/current_clocksource
dpkg -l | grep ntp # no exist
systemctl get-default
lsmod | grep tmem
free -m
updatedb
rm -f .bash_history
history -c
#poweroff
^]

xl shu $guest

Template

for the old way with sparse files, here we go

cd /data/guests/

either do it manually

(avoid doing this on an NFS share)

fsck.reiser4 -y $guest.reiser4
#xfs_repair $guest.xfs
tar cSf /data/templates/$guest.tar $guest/

–or– proceed with the script (does the same)

newtemplate.bash $guest

and get rid of the temporary guest, or rename it to something useful already

rm -rf $guest/
#renameguest.bash $guest NEW-NAME

Re-deploy

while deploying it, regenerate host-keys first

mkdir lala
mount $guest.ext4 lala
echo NEW-HOST > lala/etc/hostname
ls -lF lala/etc/ssh/ssh_host_*
rm -f lala/etc/ssh/ssh_host_*
ssh-keygen -q -t ed25519 -f lala/etc/ssh/ssh_host_ed25519_key -C "root@$guest" -N ""
#chroot lala dpkg-reconfigure openssh-server
umount lala
rmdir lala

you might even consider re-creating the snakeoil cert

openssl x509 -text -noout < lala/etc/ssl/certs/ssl-cert-snakeoil.pem
...

Additional notes

xen-tools & debootstrap & lvm2

apt install lvm2 xen-tools
pvcreate /dev/sdaX
vgcreate guestsvg /dev/sdaX
vi /etc/xen-tools/xen-tools.conf

lvm = guestsvg
install-method = debootstrap
size = 10Gb
memory = 2Gb
swap = 1Gb
fs = ext4
ext4_options = noatime,nodiratime,errors=remount-ro
dist = `xt-guess-suite-and-mirror --suite`
image = sparse
kernel = /boot/vmlinuz-`uname -r`
initrd = /boot/initrd.img-`uname -r`
pygrub = 1
mirror = `xt-guess-suite-and-mirror --mirror`

ready to build a guest,

xen-create-image --hostname $guest --ip x.x.x.x --netmask x.x.x.x --gateway x.x.x.x --vcpus 2 --dist stretch

vi /etc/xen/$guest.cfg

vif = [ 'script=vif-bridge, bridge=xenbr0' ]

xl create /etc/xen/$guest.cfg -c

netplan

vi lala/etc/netplan/nethence.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
      addresses:
       - $ip/24
      gateway4: ${ip%\.*}.254
      nameservers:
    addresses: [62.210.16.6, 62.210.16.7]
    search: [nethence.com]

Troubleshooting

W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg

==> Double-check debootstrap.

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LC_COLLATE = "C",
    LANG = "en_US.UTF-8"
    are supported and installed on your system.

and also

Setting up resolvconf (1.79) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

==> Define those missing variables in bashrc and not profile, as seen above.

References

overall

https://www.virtuatopia.com/index.php/Building_a_Xen_Virtual_Guest_Filesystem_on_a_Physical_Disk_Partition_(Cloning_Host_System)

https://wiki.debian.org/DebianKeyring#Obtaining_Keys

https://askubuntu.com/questions/958795/how-to-use-the-mirror-option-of-apt-cacher-ng-for-debootstrap

sysprep

https://superuser.com/questions/1318220/ubuntu-18-04-disable-dnsmasq-base-and-enable-full-dnsmasq

https://unix.stackexchange.com/questions/197670/how-to-disable-a-service-without-using-systemctl-disable

https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian

syntax

https://xenbits.xen.org/docs/unstable/SUPPORT.html#blkback

https://xenbits.xen.org/docs/unstable/man/xen-vbd-interface.7.html

https://xenbits.xen.org/docs/unstable/man/xl-disk-configuration.5.html

locales

https://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue

pts

https://www.linuxsecrets.com/discussions/5940-howto-linux-mount-devpts-file-system-on-dev-pts

https://wiki.debian.org/chroot#A.2Fdev.2Fpts

https://www.cyberciti.biz/faq/linux-mount-devpts/

TODO

even more minimalistic https://sabotage-linux.neocities.org/blog/12/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun