Hive Awired wiki hive:system:home-network
http://hive.awired.net/
2010-09-01T00:57:09+02:00
Hive Awired wiki
http://hive.awired.net/
http://hive.awired.net/lib/images/favicon.ico
-
text/html
2010-02-28T12:23:28+02:00
G- Ad-prs
http://hive.awired.net/hive/system/home-network/ad-prs
<div class="level1">
</div>
<!-- SECTION "G- Ad-prs" [1-25] -->
<h2><a name="auto start vm" id="auto start vm">Auto start VM</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleSharp">#</span> cd /etc/xen/auto/
<span class="consoleSharp">#</span> ln -s /var/xen/ad-prs/fw-prs.conf 2-ad-prs.conf</pre>
</div>
<!-- SECTION "Auto start VM" [26-146] -->
<h2><a name="vm configuration" id="vm configuration">Vm configuration</a></h2>
<div class="level2">
<div class="code"><p class="codehead"><a name="varxenad-prsad-prs.conf">/var/xen/ad-prs/ad-prs.conf</a></p><pre class="code">
name="ad-prs"
builder='hvm'
kernel="/usr/lib/xen/boot/hvmloader"
memory=500
maxmem=600
vcpus=1
on_poweroff='destroy'
on_reboot='restart'
on_crash='restart'
#acpi=1
#apic=1
localtime=1
device_model='/usr/lib64/xen/bin/qemu-dm'
vif=[ 'type=ioemu,bridge=xengreen' ]
disk=[ 'file:/var/xen/ad-prs/ad-prs.img,hda,w', 'file:/usr/src/FR_WS03VL.iso,hdb:cdrom,r' ]
boot="d"
vnc=1
keymap='fr'</pre></div>
<p>
<p><div class="noteclassic">
</p>
<ul>
<li class="level1"><div class="li"> windows 2003 is working very well as a xen vm (my 2008 crash about once per month).</div>
</li>
<li class="level1"><div class="li"> use a 7G image disk to allow updates</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Vm configuration" [147-752] -->
<h2><a name="nameserver" id="nameserver">Nameserver</a></h2>
<div class="level2">
<p>
We are going to install a replicated nameserver on 2 green networks with a persistence in mysql
</p>
<pre class="console">
<span class="consoleSharp">#</span> emerge -a mysql</pre><div class="code"><p class="codehead"><a name="etcportagepackage.use">/etc/portage/package.use</a></p><pre class="code">
</pre></div><hr />
<p>
<p><div class="noteclassic">
sources :
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://en.gentoo-wiki.com/wiki/Bind_with_DLZ,_MySQL_and_replication" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Bind_with_DLZ,_MySQL_and_replication" rel="nofollow">http://en.gentoo-wiki.com/wiki/Bind_with_DLZ,_MySQL_and_replication</a></div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Nameserver" [753-] -->
-
text/html
2009-12-12T18:23:28+02:00
K- Ctrl-prs
http://hive.awired.net/hive/system/home-network/ctrl-prs
<div class="level1">
</div>
-
text/html
2010-06-01T02:11:24+02:00
H- Ex-prs
http://hive.awired.net/hive/system/home-network/ex-prs
<div class="level1">
</div>
<!-- SECTION "H- Ex-prs" [1-25] -->
<h2><a name="services" id="services">Services</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <acronym title="Domain Name System">DNS</acronym></div>
</li>
<li class="level1"><div class="li"> SAMBA (PDC)</div>
</li>
<li class="level1"><div class="li"> NFS</div>
</li>
<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym></div>
</li>
<li class="level1"><div class="li"> <acronym title="Dynamic Host Configuration Protocol">DHCP</acronym></div>
</li>
<li class="level1"><div class="li"> kerberos</div>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> apache?</div>
</li>
<li class="level1"><div class="li"> php</div>
</li>
<li class="level1"><div class="li"> mysql</div>
</li>
</ul>
<pre class="code">
kernel = "/usr/src/vmlinuz"
memory = 500
maxmem= 600
name = "ex-prs"
vcpus = 1
vif = [ 'bridge=xengreen' ]
disk = [ 'file:/var/xen/ex-prs/ex-prs.img,hda1,w', 'file:/var/xen/ex-prs/ex-prs.swap,hda2,w', 'phy:/dev/mapper/md3,hdb1,w' ]
root = "/dev/hda1 ro"
extra = "xencons=tty"</pre><pre class="console">
<span class="consoleSharp">#</span> mkdir /mnt/raid</pre><div class="code"><p class="codehead"><a name="etcfstab">/etc/fstab</a></p><pre class="code">
#/dev/BOOT /boot ext2 noauto,noatime 1 2
/dev/hda1 / ext3 noatime 0 1
/dev/hda2 none swap sw 0 0
/dev/hdb1 /mnt/raid ext3 noatime 0 1</pre></div><pre class="console">
<span class="consoleSharp">#</span> mount -a
<span class="consoleSharp">#</span> mount
...
/dev/hdb1 on /mnt/raid type ext3 (rw,noatime)
...</pre>
</div>
<!-- SECTION "Services" [26-911] -->
<h2><a name="bind" id="bind">bind</a></h2>
<div class="level2">
</div>
<!-- SECTION "bind" [912-928] -->
<h2><a name="dhcp" id="dhcp">dhcp</a></h2>
<div class="level2">
</div>
<!-- SECTION "dhcp" [929-945] -->
<h2><a name="mysql" id="mysql">mysql</a></h2>
<div class="level2">
</div>
<!-- SECTION "mysql" [946-963] -->
<h2><a name="php" id="php">php</a></h2>
<div class="level2">
</div>
<!-- SECTION "php" [964-979] -->
<h2><a name="apache" id="apache">apache</a></h2>
<div class="level2">
</div>
<!-- SECTION "apache" [980-998] -->
<h2><a name="samba" id="samba">samba</a></h2>
<div class="level2">
</div>
<!-- SECTION "samba" [999-] -->
-
text/html
2010-04-19T11:21:31+02:00
F- Fw-prs
http://hive.awired.net/hive/system/home-network/fw-prs
<div class="level1">
</div>
<!-- SECTION "F- Fw-prs" [1-25] -->
<h2><a name="auto start vm" id="auto start vm">Auto start VM</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleSharp">#</span> cd /etc/xen/auto/
<span class="consoleSharp">#</span> ln -s /var/xen/fw-prs/fw-prs.conf 1-fw-prs.conf</pre>
<p>
<p><div class="noteclassic">
The number at the beginning of the file is used to ordered vm starts
</div></p>
<p><div class="noteclassic">
<img src="http://hive.awired.net/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" />
How to wait between starts
<img src="http://hive.awired.net/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" />
</div></p>
</p>
<div class="code"><p class="codehead"><a name="varxenfw-prsfw-prs.conf">/var/xen/fw-prs/fw-prs.conf</a></p><pre class="code">
kernel = "/usr/src/vmlinuz"
memory = 200
maxmem = 350
name = "fw-prs"
vcpus = 1
vif = [ 'bridge=xendmz', 'bridge=xenred', 'bridge=xengreen' ]
disk = [ 'file:/var/xen/fw-prs/fw-prs.img,hda1,w', 'file:/var/xen/fw-prs/fw-prs.swap,hda2,w' ]
root = "/dev/hda1 ro"
extra = "xencons=tty"</pre></div>
</div>
<!-- SECTION "Auto start VM" [26-613] -->
<h2><a name="network" id="network">Network</a></h2>
<div class="level2">
<p>
Configure networks :
</p>
<div class="code"><p class="codehead"><a name="etcconf.dnet">/etc/conf.d/net</a></p><pre class="code">
config_eth0=("192.168.1.2")
config_eth1=("192.168.0.2")
config_eth2=("192.168.2.2")
routes_eth1=("default via 192.168.0.1")</pre></div>
<p>
Auto start networks :
</p>
<pre class="console">
<span class="consoleSharp">#</span> cd /etc/init.d/
<span class="consoleSharp">#</span> ln -s net.lo net.eth1
<span class="consoleSharp">#</span> ln -s net.lo net.eth2
<span class="consoleSharp">#</span> rc-update add net.eth0 default
<span class="consoleSharp">#</span> rc-update add net.eth1 default
<span class="consoleSharp">#</span> rc-update add net.eth2 default</pre>
</div>
<!-- SECTION "Network" [614-1027] -->
<h2><a name="install iptables" id="install iptables">install Iptables</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">fw-prs</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge -vp iptables</pre>
<p>
configure iptable :
</p>
<div class="code"><p class="codehead"><a name="rootfw.sh">/root/fw.sh</a></p><pre class="code">
#!/bin/sh -x
INET_IP="192.168.0.2"
INET_IFACE="eth1"
LAN_IP="192.168.2.2"
LAN_IFACE="eth2"
DMZ_IP="192.168.1.2"
DMZ_IFACE="eth0"
LO_IFACE="lo"
LO_IP="127.0.0.1"
#SERVERS
DMZ_GATE="192.168.1.4"
DMZ_AWIRED="192.168.1.6"
LAN_EX="192.168.2.4"
LAN_MNG="192.168.2.6"
IPTABLES="/sbin/iptables"
###########################################################################
#clean
iptables -F
iptables -t nat -F
iptables -X
# start drop all
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
# Create chain for bad tcp packets
$IPTABLES -N bad_tcp_packets
$IPTABLES -N allowed
$IPTABLES -N icmp_packets
# bad_tcp_packets chain
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
# allowed chain
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
##################################################################
# Bad TCP packets we don't want
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
# Packets from the Internet to this box
$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
# From DMZ Interface to DMZ firewall IP
$IPTABLES -A INPUT -p ALL -i $DMZ_IFACE -d $DMZ_IP -j ACCEPT
# From LAN Interface to LAN firewall IP
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -d $LAN_IP -j ACCEPT
# From Localhost interface to Localhost IP's
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
# Special rule for DHCP requests from LAN, which are not caught properly otherwise.
$IPTABLES -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT
# All established and related packets incoming from the internet to the firewall
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
# In Microsoft Networks you will be swamped by broadcasts. These lines will prevent them from showing up in the logs.
#$IPTABLES -A INPUT -p UDP -i $INET_IFACE -d $INET_BROADCAST --destination-port 135:139 -j DROP
# If we get DHCP requests from the Outside of our network, our logs will be swamped as well. This rule will block them from getting logged.
#$IPTABLES -A INPUT -p UDP -i $INET_IFACE -d 255.255.255.255 --destination-port 67:68 -j DROP
# If you have a Microsoft Network on the outside of your firewall, you may also get flooded by Multicasts. We drop them so we do not get flooded by logs
#$IPTABLES -A INPUT -i $INET_IFACE -d 224.0.0.0/8 -j DROP
# Log weird packets that don't match the above.
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
# Bad TCP packets we don't want
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
# DMZ General rules
$IPTABLES -A FORWARD -i $DMZ_IFACE -o $INET_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $INET_IFACE -o $DMZ_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_IFACE -o $DMZ_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $DMZ_IFACE -o $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
###############################################################################################
###############################################################################################
# LAN section
$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Log weird packets that don't match the above.
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT FORWARD packet died: "
# Bad TCP packets we don't want.
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
# Special OUTPUT rules to decide which IP's to allow.
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
# Log weird packets that don't match the above.
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
###############################################################################
## PREROUTING chain and FORWARD
###############################################################################
#$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $HTTP_IP --dport 80 -j DNAT --to-destination $DMZ_HTTP_IP
#$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $DNS_IP --dport 53 -j DNAT --to-destination $DMZ_DNS_IP
#$IPTABLES -t nat -A PREROUTING -p UDP -i $INET_IFACE -d $DNS_IP --dport 53 -j DNAT --to-destination $DMZ_DNS_IP
#dns
$IPTABLES -t nat -A PREROUTING -p tcp --dport 53 -i $INET_IFACE -j DNAT --to $DMZ_GATE
$IPTABLES -t nat -A PREROUTING -p udp --dport 53 -i $INET_IFACE -j DNAT --to $DMZ_GATE
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_GATE --dport 53 -j allowed
$IPTABLES -A FORWARD -p UDP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_GATE --dport 53 -j ACCEPT
#www
$IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -i $INET_IFACE -j DNAT --to $DMZ_GATE
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_GATE --dport 80 -j allowed
$IPTABLES -A FORWARD -p TCP -i $DMZ_IFACE -o $LAN_IFACE -d $LAN_EX --dport 80 -j allowed
#www ssl
$IPTABLES -t nat -A PREROUTING -p tcp --dport 443 -i $INET_IFACE -j DNAT --to $DMZ_GATE
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_GATE --dport 443 -j allowed
$IPTABLES -A FORWARD -p TCP -i $DMZ_IFACE -o $LAN_IFACE -d $LAN_EX --dport 443 -j allowed
#mail
$IPTABLES -t nat -A PREROUTING -p tcp --dport 25 -i $INET_IFACE -j DNAT --to $DMZ_GATE
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_GATE --dport 25 -j allowed
#################################################################################
# Enable simple IP Forwarding and Network Address Translation
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP</pre></div>
<p>
<p><div class="noteclassic">
<img src="http://hive.awired.net/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" />
use SNAT instead of MASQUARADE
<img src="http://hive.awired.net/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" />
</div></p>
</p>
<p>
run iptable configuration and save it as init.d
</p>
<pre class="console">
<span class="consoleSharp">#</span> chmod +x ~/fw.sh
<span class="consoleSharp">#</span> ~/fw.sh
<span class="consoleSharp">#</span> /etc/init.d/iptables save
<span class="consoleSharp">#</span> /etc/init.d/iptables start
<span class="consoleSharp">#</span> rc-update add iptables default</pre>
<p>
allow routing :
</p>
<pre class="code">
# echo 1 > /proc/sys/net/ipv4/ip_forward
#</pre><div class="code"><p class="codehead"><a name="etcsysctl.conf">/etc/sysctl.conf</a></p><pre class="code">
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Enable reverse path
net.ipv4.conf.all.rp_filter = 1</pre></div>
</div>
<!-- SECTION "install Iptables" [1028-] -->
-
text/html
2009-12-12T18:20:23+02:00
J- Gate-prs
http://hive.awired.net/hive/system/home-network/gate-prs
<div class="level1">
</div>
-
text/html
2010-03-30T16:47:07+02:00
B- Hardware
http://hive.awired.net/hive/system/home-network/hardware-selection
<div class="level1">
<p>
<img src="http://hive.awired.net/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" />
</p>
<ul>
<li class="level1"><div class="li"> processor (crypto)</div>
</li>
<li class="level1"><div class="li"> uninterrupted power supply</div>
</li>
<li class="level1"><div class="li"> md1:50M md2:2G md3:120G md4:<acronym title="Redundant Array of Inexpensive Disks">RAID</acronym></div>
</li>
<li class="level1"><div class="li"> core2</div>
</li>
<li class="level1"><div class="li"> 4G ram</div>
</li>
<li class="level1"><div class="li"> 2 or more network cards</div>
</li>
</ul>
<p>
<img src="http://hive.awired.net/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" />
</p>
</div>
<!-- SECTION "B- Hardware" [1-179] -->
<h2><a name="how my server will do raid " id="how my server will do raid ">How my server will do RAID ?</a></h2>
<div class="level2">
<p>
You can do raid by a software or directly by an hardware device.
</p>
<p>
Hardware raid devices are very expensive, have compatibility probleme with drives, and is not usefull because you can do it easily by the motherboard processor.
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
motherboard raid <strong>is not</strong> hardware raid and is useless for a linux server so disable it in the bios.
</div></p>
</p>
<p>
So you do not need to buy anything special to do your raid, linux will do it for you :)
</p>
</div>
<!-- SECTION "How my server will do RAID ?" [180-665] -->
<h2><a name="which raid will i use " id="which raid will i use ">Which RAID will I use ?</a></h2>
<div class="level2">
<p>
this is simple :
</p>
<ul>
<li class="level1"><div class="li"> if you already have 4 to 6 small drives (~200G) with about the same size, you should use raid6</div>
</li>
<li class="level1"><div class="li"> if you have big drives or if you do not by them yet, you should use raid1 with 2 drives</div>
</li>
</ul>
<p>
<p><div class="noteclassic">
</p>
<ul>
<li class="level1"><div class="li"> why RAID6 and not RAID5 ?</div>
<ul>
<li class="level2"><div class="li">nowerdays hard drives are too big, and a block failure could happen on a second drive while reconstruction</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> why RAID1 ? : </div>
<ul>
<li class="level2"><div class="li"> if you have a problem with your raid you can take only one drive and plug it in another computer and take your data back.</div>
</li>
<li class="level2"><div class="li"> RAID1 will be faster than raid6</div>
</li>
<li class="level2"><div class="li"> you have to do backup so keep you money to buy backup drives</div>
</li>
</ul>
</li>
</ul>
<p>
</div></p>
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
<acronym title="Redundant Array of Inexpensive Disks">RAID</acronym> <strong>is not</strong> backup, you also have to backup your data ! this is why you do not have to build a very big <acronym title="Redundant Array of Inexpensive Disks">RAID</acronym>.
</div></p>
</p>
</div>
<!-- SECTION "Which RAID will I use ?" [666-1465] -->
<h2><a name="i have to buy drives to build my raid" id="i have to buy drives to build my raid">I have to buy drives to build my RAID</a></h2>
<div class="level2">
<p>
if you readed well :), you are going to buy 2 drives to create a RAID1.
</p>
<p>
<strong>Do not buy same drive model (and better: not the same brand)</strong>, with same drives you have a big chance to have a failure at the same time on both drives.
</p>
</div>
<!-- SECTION "I have to buy drives to build my RAID" [1466-] -->
-
text/html
2010-05-09T02:10:22+02:00
L- Htpc-prs
http://hive.awired.net/hive/system/home-network/htpc-prs
<div class="level1">
<p>
<a href="http://www.gentoo.org/doc/en/gentoo-x86-quickinstall.xml" class="urlextern" title="http://www.gentoo.org/doc/en/gentoo-x86-quickinstall.xml" rel="nofollow">http://www.gentoo.org/doc/en/gentoo-x86-quickinstall.xml</a>
</p>
<p>
after that :
</p>
<p>
<a href="http://www.gentoo.org/doc/en/nvidia-guide.xml" class="urlextern" title="http://www.gentoo.org/doc/en/nvidia-guide.xml" rel="nofollow">http://www.gentoo.org/doc/en/nvidia-guide.xml</a> part 2 !
</p>
<p>
install xorg :
</p>
<p>
<a href="http://www.gentoo.org/doc/en/xorg-config.xml" class="urlextern" title="http://www.gentoo.org/doc/en/xorg-config.xml" rel="nofollow">http://www.gentoo.org/doc/en/xorg-config.xml</a>
</p>
<p>
emerge xterm
</p>
<p>
nvidia-configure
</p>
</div>
-
text/html
2009-12-12T18:19:33+02:00
I- Mng-prs
http://hive.awired.net/hive/system/home-network/mng-prs
<div class="level1">
</div>
-
text/html
2009-12-06T13:05:47+02:00
A- Network map
http://hive.awired.net/hive/system/home-network/network-map
<div class="level1">
<p>
home.loc
</p>
<p>
srv-prs
</p>
</div>
-
text/html
2010-07-19T12:01:34+02:00
Z- Server installation-xen
http://hive.awired.net/hive/system/home-network/server-installation-xen
<div class="level1">
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Using Xen is deprecated and not modified anymore (too many problems)
</div></p>
</p>
<p>
<p><div class="noteclassic">
Here we are going to install a linux server composed of :
</p>
<ul>
<li class="level1"><div class="li"> A gentoo 64 Bit</div>
</li>
<li class="level1"><div class="li"> Xen for paravirualisation and virtualisation</div>
</li>
<li class="level1"><div class="li"> 5 hard drives as raid6 for / and datas</div>
</li>
<li class="level1"><div class="li"> Full encrypted partitions on different drives with AES</div>
</li>
<li class="level1"><div class="li"> An initramfs to boot on and asking for decryption passwords</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Z- Server installation-xen" [1-444] -->
<h2><a name="bios configuration" id="bios configuration">Bios configuration</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Do not overclock your server, with a full time running overclocked computer you have good chance to have crash after few days running.</div>
</li>
<li class="level1"><div class="li"> Configure your ATA with <strong>AHCI</strong>, you should have better performance.</div>
</li>
<li class="level1"><div class="li"> Enable Intel Virtualization technology (for xen)</div>
</li>
<li class="level1"><div class="li"> Set restore on power loss to <strong>Power On</strong> to reboot automaticaly</div>
</li>
<li class="level1"><div class="li"> Set all your raid drives as boot sequence even if you boot on cdrom first (needed for grub configuration)</div>
</li>
</ul>
<p>
<p><div class="notetip"><span class="type">tip: </span>
On my I7 the computer crash on xen kernel boot, I had to disable USB legacy in the bios to be able to use xen (but USB legacy is needed to boot on USB during installation if you have a USB CD drive)
</div></p>
</p>
</div>
<!-- SECTION "Bios configuration" [445-1141] -->
<h2><a name="installation" id="installation">Installation</a></h2>
<div class="level2">
<p>
Download an iso of the latest version of gentoo (<a href="http://distfiles.gentoo.org/releases/amd64/autobuilds/current-iso/" class="urlextern" title="http://distfiles.gentoo.org/releases/amd64/autobuilds/current-iso/" rel="nofollow">link</a>). Burn it and boot on it.
</p>
<p>
<p><div class="noteclassic">
For this exemple I'will use 5 drives of about 200G for RAID6
the target partition sizes :
</p>
<ul>
<li class="level1"><div class="li"> <strong>md1 :</strong> 50M as RAID1 for /boot (we don't need raid6 for 50M)</div>
</li>
<li class="level1"><div class="li"> <strong>md2 :</strong> 150G as RAID6 for / and XEN drives</div>
</li>
<li class="level1"><div class="li"> <strong>md3 :</strong> to the end of drives as RAID6 for data</div>
</li>
</ul>
<p>
</div></p>
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
If you have more than 1 controller for your drives spread your drive on different controller, like that if a controller become crazy it will not destroy all drives.
</div></p>
</p>
<p>
<p><div class="noteclassic">
My / takes about 8G.
</p>
<p>
My VMs are composed of (with swap files and data) :
</p>
<ul>
<li class="level1"><div class="li"> <strong>ad :</strong> 10G</div>
</li>
<li class="level1"><div class="li"> <strong>ex :</strong> 7G</div>
</li>
<li class="level1"><div class="li"> <strong>fw :</strong> 5G</div>
</li>
<li class="level1"><div class="li"> <strong>gate :</strong> 6G</div>
</li>
<li class="level1"><div class="li"> <strong>mng :</strong> 20G</div>
</li>
<li class="level1"><div class="li"> <strong>websrv1 :</strong> 11G</div>
</li>
<li class="level1"><div class="li"> <strong>websrv2 :</strong> 27G</div>
</li>
</ul>
<p>
So we need about 100G for / and VMs (I put 150G to be sur ;))
</div></p>
</p>
<p>
open ssh server to <kbd>Ctrl</kbd>+<kbd>C</kbd> <kbd>Ctrl</kbd>+<kbd>V</kbd> commands :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> loadkeys fr
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> passwd
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/sshd start
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> ifconfig</pre>
<p>
now you can connect from an other computer
</p>
</div>
<!-- SECTION "Installation" [1142-2303] -->
<h2><a name="prepare hard drives" id="prepare hard drives">Prepare hard drives</a></h2>
<div class="level2">
<p>
A visual representation of hard drives levels :
</p>
<table class="inline">
<tr class="row0">
<th class="col0 rightalign"> Devices </th><td class="col1"> hdX </td><td class="col2"> hdY </td><td class="col3"> sdZ </td>
</tr>
<tr class="row1">
<th class="col0 rightalign"> Raid</th><td class="col1 centeralign" colspan="3"> RAID6 </td>
</tr>
<tr class="row2">
<th class="col0 rightalign"> Crypto</th><td class="col1 centeralign" colspan="3"> AES </td>
</tr>
<tr class="row3">
<th class="col0 rightalign"> File System</th><td class="col1 centeralign" colspan="3"> EXT3 </td>
</tr>
<tr class="row4">
<th class="col0 rightalign"> Mount Point</th><td class="col1 centeralign" colspan="3"> / </td>
</tr>
</table>
<p>
First you have to find your smallest HDD to create raid based on his size :
</p>
<pre class="console">
<span class="consoleSharp">#</span> fdisk -l
Disk /dev/hda: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hdb: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hdc: 251.0 GB, 251000193024 bytes
255 heads, 63 sectors/track, 30515 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hde: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hdf: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/sdb: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System</pre>
<p>
I will use :
</p>
<ul>
<li class="level1"><div class="li"> <strong>hda</strong> : PATA controller 1</div>
</li>
<li class="level1"><div class="li"> <strong>hde</strong>, <strong>hdf</strong> : PATA controller 2</div>
</li>
<li class="level1"><div class="li"> <strong>sda</strong>, <strong>sdb</strong> : SATA controller 1</div>
</li>
</ul>
<p>
For me sda is the smallest drive, so i will start with this one:
</p>
<p>
<p><div class="noteclassic">
to calculate raid6 size :
<strong>C = (n - 2) * c</strong>
</div></p>
</p>
<p>
150 = (5 - 2) * c
</p>
<p>
c = 150 / 3
</p>
<p>
c = 50G for /dev/sda2
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> fdisk /dev/sda
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-24321, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-24321, default 24321): +50M
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (8-24792, default 8):
Using default value 8
Last cylinder, +cylinders or +size{K,M,G} (8-24321, default 24321): +1G
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (140-24792, default 140):
Using default value 140
Last cylinder, +cylinders or +size{K,M,G} (140-24321, default 24321): +50G
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Selected partition 4
First cylinder (6668-24792, default 6668):
Using default value 6668
Last cylinder, +cylinders or +size{K,M,G} (6668-24321, default 24321):
Using default value 24321
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): fd
Changed system type of partition 2 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): fd
Changed system type of partition 3 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 4
Hex code (type L to list codes): fd
Changed system type of partition 4 to fd (Linux raid autodetect)
Command (m for help): a
Partition number (1-4): 1
Command (m for help): p
Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x48ee7660
Device Boot Start End Blocks Id System
/dev/sda1 * 1 7 56196 fd Linux raid autodetect
/dev/sda2 8 72 522112+ fd Linux raid autodetect
/dev/sda3 73 6600 52436160 fd Linux raid autodetect
/dev/sda4 6601 24321 142343932+ fd Linux raid autodetect
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
<p>
For other disks you have to do the same thing except for the 3rd partition.
Instead of just press enter for final size set smallest drive 3rd partition size.
</p>
<pre class="console">
Partition number (1-4): 3
First cylinder (6536-24321, default 6536):
Using default value 6536
Last cylinder, +cylinders or +size{K,M,G} (6536-24792, default 24792): 24321
Command (m for help):</pre>
</div>
<!-- SECTION "Prepare hard drives" [2304-7382] -->
<h2><a name="creating raid" id="creating raid">Creating raid</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> modprobe raid1
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> modprobe raid6
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> modprobe dm-mod</pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
see modules :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> lsmod | grep raid</pre>
<p>
</div></p>
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md1 b 9 1
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md2 b 9 2
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md3 b 9 3
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md4 b 9 4
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md1 --level=1 --raid-devices=6 /dev/sda1 /dev/sdb1 /dev/hda1 /dev/hdb1 /dev/hde1 /dev/hdf1
mdadm: array /dev/md1 started.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md2 --level=1 --raid-devices=6 /dev/sda2 /dev/sdb2 /dev/hda2 /dev/hdb2 /dev/hde2 /dev/hdf2
mdadm: array /dev/md2 started.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md3 --level=6 --raid-devices=5 /dev/sda3 /dev/sdb3 /dev/hda3 /dev/hdb3 /dev/hde3
mdadm: array /dev/md3 started.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md4 --level=6 --raid-devices=5 /dev/sda4 /dev/sdb4 /dev/hda4 /dev/hdb4 /dev/hde4
mdadm: array /dev/md4 started.</pre>
<p>
add spare :
</p>
<pre class="code">
livecd ~ # mdadm --add /dev/md3 /dev/sdf3
livecd ~ # mdadm --add /dev/md4 /dev/sdf4</pre>
<p>
now wait for raid sync :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> watch cat /proc/mdstat
Every 2.0s: cat /proc/mdstat Fri Nov 13 21:49:39 2009
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md3 : active raid6 hdf3[4] hde3[3] hda3[2] sdb3[1] sda3[0]
428597760 blocks level 6, 64k chunk, algorithm 2 [5/5] [UUUUU]
resync=DELAYED
md2 : active raid6 hdf2[4] hde2[3] hda2[2] sdb2[1] sda2[0]
157308288 blocks level 6, 64k chunk, algorithm 2 [5/5] [UUUUU]
[==>..................] resync = 10.4% (5496896/52436096) finish=36.8min speed=21227K/sec
md1 : active raid1 hdf1[4] hde1[3] hda1[2] sdb1[1] sda1[0]
56128 blocks [5/5] [UUUUU]
unused devices: <none></pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
<kbd>Ctrl</kbd>+<kbd>C</kbd> to quit
</div></p>
</p>
<p>
Crypt partitions :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup luksFormat -c aes-xts-plain -h sha512 -s 512 -y /dev/md3
WARNING!
========
This will overwrite data on /dev/md3 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup luksFormat -c aes-xts-plain -s 512 -y /dev/md4
WARNING!
========
This will overwrite data on /dev/md4 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
<p>
Open encrypted partitions
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup luksOpen /dev/md3 md3
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup luksOpen /dev/md4 md4
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.</pre>
<p>
Format partitions
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mke2fs -j /dev/md1
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 33 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkfs.ext4 /dev/mapper/md3
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkfs.ext4 /dev/mapper/md4
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.</pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
Do not use LVM as it “may” degrade (<a href="http://mbhtech.blogspot.com/2009/09/software-raid-vs-lvm-quick-speed-test_08.html" class="urlextern" title="http://mbhtech.blogspot.com/2009/09/software-raid-vs-lvm-quick-speed-test_08.html" rel="nofollow">see</a>) performance and is very unnecessary if you create well sized partitions
</div></p>
</p>
<p>
mount drives (md4 will only be used in xen later)
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mount /dev/mapper/md3 /mnt/gentoo/
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /mnt/gentoo/boot
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mount /dev/md1 /mnt/gentoo/boot/</pre>
</div>
<!-- SECTION "Creating raid" [7383-11121] -->
<h2><a name="installation of " id="installation of ">Installation of /</a></h2>
<div class="level2">
</div>
<!-- SECTION "Installation of /" [11122-11152] -->
<h3><a name="swap" id="swap">swap</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup -d /dev/urandom create swap /dev/md2
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkswap /dev/mapper/swap
Setting up swapspace version 1, size = 1023996 KiB
no label, UUID=11c45e43-4a60-43a6-8a99-352b5b1dc939
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> swapon /dev/mapper/swap
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> swapon -s
Filename Type Size Used Priority
/mnt/gentoo/swap.img file 1023992 0 -1</pre>
</div>
<!-- SECTION "swap" [11153-11601] -->
<h3><a name="stage3" id="stage3">Stage3</a></h3>
<div class="level3">
<p>
Download stage3
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /mnt/gentoo/
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> links http://www.gentoo.org/main/en/mirrors.xml</pre>
<p>
select a mirror and download stage3 tar.gz file for your arch (amd64 for me)
</p>
<p>
<p><div class="notetip"><span class="type">tip: </span>
direct download:
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/releases/amd64/current-stage3/stage3-amd64-*.tar.bz2</pre>
<p>
</div></p>
</p>
<p>
Extract stage3
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> time tar xjpf stage3*
real 1m10.811s
user 0m32.000s
sys 0m3.230s</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Be sur to mount boot partition before extracting stage3 or you will have problems with grub.
</div></p>
</p>
</div>
<!-- SECTION "Stage3" [11602-12251] -->
<h3><a name="portage" id="portage">Portage</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> cd /mnt/gentoo/usr
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> links http://www.gentoo.org/main/en/mirrors.xml</pre>
<p>
select a mirror and download latest portage
</p>
<p>
<p><div class="notetip"><span class="type">tip: </span>
direct download :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/snapshots/portage-latest.tar.bz2</pre>
<p>
</div></p>
</p>
<p>
Extract portage
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> time tar xjf portage-lat*
real 1m31.991s
user 0m14.500s
sys 0m5.790s</pre>
</div>
<!-- SECTION "Portage" [12252-12720] -->
<h3><a name="chroot and prepare system" id="chroot and prepare system">Chroot and prepare system</a></h3>
<div class="level3">
</div>
<h4><a name="chroot" id="chroot">Chroot</a></h4>
<div class="level4">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> cd /
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> mount -t proc proc /mnt/gentoo/proc
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> mount -o bind /dev /mnt/gentoo/dev
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> cp -L /etc/resolv.conf /mnt/gentoo/etc/
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> chroot /mnt/gentoo /bin/bash
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> source /etc/profile && env-update
>>> Regenerating /etc/ld.so.cache...</pre>
</div>
<h4><a name="root password" id="root password">Root password</a></h4>
<div class="level4">
<p>
change root password
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> passwd
New UNIX password:
Retype new UNIX password:
passwd: password updated successfully</pre>
</div>
<h4><a name="keyboard map" id="keyboard map">Keyboard map</a></h4>
<div class="level4">
<div class="code"><p class="codehead"><a name="etcconf.dkeymaps">/etc/conf.d/keymaps</a></p><pre class="code">
...
KEYMAP="fr"
...</pre></div>
</div>
<h4><a name="fstab" id="fstab">fstab</a></h4>
<div class="level4">
<div class="code"><p class="codehead"><a name="etcfstab">/etc/fstab</a></p><pre class="code">
...
/dev/md1 /boot ext3 noauto,noatime 1 2
/dev/mapper/md3 / ext4 noatime 0 1
/dev/mapper/swap none swap sw 0 0
/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
...</pre></div>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not forget /boot filesystem as ext3
</div></p>
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> mkdir /etc/portage</pre>
</div>
<h4><a name="compilation optimization" id="compilation optimization">Compilation optimization</a></h4>
<div class="level4">
<p>
Have a look on <a href="http://en.gentoo-wiki.com/wiki/Safe_Cflags" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Safe_Cflags" rel="nofollow">flags for your processor</a> and populate your make.conf
</p>
<p>
exemple for my core2
</p>
<div class="code"><p class="codehead"><a name="etcmake.conf">/etc/make.conf</a></p><pre class="code">
CHOST="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j3"
USE="mmx sse sse2 -X unicode ipv6 -fortran"</pre></div>
<p>
<p><div class="notetip"><span class="type">tip: </span>
MAKEOPTS should be : number_of_processor_core + 1
</div></p>
</p>
</div>
<!-- SECTION "Chroot and prepare system" [12721-14222] -->
<h2><a name="xen kernel" id="xen kernel">XEN kernel</a></h2>
<div class="level2">
<p>
unmask xen packages :
</p>
<div class="code"><p class="codehead"><a name="etcportagepackage.keywords">/etc/portage/package.keywords</a></p><pre class="code">
app-emulation/xen ~amd64
app-emulation/xen-tools ~amd64
sys-kernel/xen-sources ~amd64</pre></div>
<p>
set flags :
</p>
<div class="code"><p class="codehead"><a name="etcportagepackage.use">/etc/portage/package.use</a></p><pre class="code">
app-emulation/xen-tools hvm</pre></div>
<p>
install packages :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> emerge -a xen-sources xen xen-tools</pre>
</div>
<!-- SECTION "XEN kernel" [14223-14579] -->
<h3><a name="kernel configuration" id="kernel configuration">Kernel configuration</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> cd /usr/src/linux
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make menuconfig</pre><pre class="code">
Processor type and features --->
[*] Enable Xen compatible kernel
Processor family (Core 2/newer Xeon) --->
Bus options (PCI etc.) --->
[*] PCI support
[*] Xen PCI Frontend
[*] Networking support --->
Networking options --->
<*> 802.1d Ethernet Bridging
Device Drivers --->
[*] Network device support --->
<*> Universal TUN/TAP device driver support
[*] Block devices --->
<M> Loopback device support
[*] Multiple devices driver support (RAID and LVM) --->
<*> RAID support
<*> RAID-1 (mirroring) mode
<*> RAID-4/RAID-5/RAID-6 mode
<*> Device mapper support
<M> Crypt target support
XEN --->
[*] Privileged Guest (domain 0)
<*> Backend driver support
<*> Block-device backend driver
<*> Network-device backend driver
<*> PCI-device backend driver
PCI Backend Mode (Virtual PCI) --->
[*] Scrub memory before freeing it to Xen
[*] Disable serial port drivers
Xen version compatibility (3.3.0 and later)
File systems --->
<*> The Extended 4 (ext4) filesystem
[*] Ext4 extended attributes
[*] Ext4 POSIX Access Control Lists
[ ] Ext4 Security Labels
-*- Cryptographic API --->
<M> XTS support (EXPERIMENTAL)
<M> SHA224 and SHA256 digest algorithm
<M> SHA384 and SHA512 digest algorithms
{M} AES cipher algorithms (x86_64)
<M> AES cipher algorithms (AES-NI)</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not forget to set your devices drivers !
</p>
<ul>
<li class="level1"><div class="li"> network devices</div>
</li>
<li class="level1"><div class="li"> HDD controller</div>
</li>
</ul>
<p>
# lspci in livecd will tell you
</div></p>
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make -j3
...
Kernel: arch/x86/boot/vmlinuz is ready (#1)
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make modules_install
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp arch/x86/boot/vmlinuz /boot/</pre>
</div>
<!-- SECTION "Kernel configuration" [14580-16466] -->
<h2><a name="initramfs" id="initramfs">InitRamFs</a></h2>
<div class="level2">
<p>
Follow this link to build your initramfs :
</p>
<p>
<a href="http://hive.awired.net/hive/system/gentoo/initramfs" class="wikilink1" title="hive:system:gentoo:initramfs">Initramfs</a>
</p>
</div>
<!-- SECTION "InitRamFs" [16467-16568] -->
<h2><a name="install grub" id="install grub">Install grub</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">initramfs</span> <span class="consoleSharp">#</span> emerge grub
<span class="consoleName">livecd</span> <span class="consolePath">initramfs</span> <span class="consoleSharp">#</span> grub
grub> root (hd0,0)
grub> setup (hd0)
grub> root (hd1,0)
grub> setup (hd1)
grub> root (hd2,0)
grub> setup (hd2)
grub> root (hd3,0)
grub> setup (hd3)
grub> root (hd4,0)
grub> setup (hd4)
grub> root (hd5,0)
grub> setup (hd5)
grub> quit</pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
hdX in grub corresponds to bios hard drive boot sequences, drives have to be set in bios
</div></p>
</p>
<div class="code"><p class="codehead"><a name="bootgrubgrub.conf">/boot/grub/grub.conf</a></p><pre class="code">
title GLX
root (hd0,0)
kernel /boot/xen.gz dom0_mem=300M
module /boot/vmlinuz root=/dev/mapper/md3 netloop.nloopbacks=32
module /boot/initramfs.gz</pre></div>
</div>
<!-- SECTION "Install grub" [16569-17202] -->
<h2><a name="finished" id="finished">Finished!</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">initramfs</span> <span class="consoleSharp">#</span> exit
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> umount /mnt/gentoo/proc/ /mnt/gentoo/dev /mnt/gentoo/boot /mnt/gentoo</pre><hr />
<p>
<p><div class="noteclassic">
<strong>sources:</strong>
</p>
<p>
for installation:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml" class="urlextern" title="http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml" rel="nofollow">http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml</a></div>
</li>
</ul>
<p>
for xen:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.gentoo.org/doc/en/xen-guide.xml" class="urlextern" title="http://www.gentoo.org/doc/en/xen-guide.xml" rel="nofollow">http://www.gentoo.org/doc/en/xen-guide.xml</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://en.gentoo-wiki.com/wiki/Xen" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Xen" rel="nofollow">http://en.gentoo-wiki.com/wiki/Xen</a></div>
</li>
</ul>
<p>
for initramfs:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://en.gentoo-wiki.com/wiki/Initramfs" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Initramfs" rel="nofollow">http://en.gentoo-wiki.com/wiki/Initramfs</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://hive.awired.net/_media/system-administration/gentoo/gentoo-wiki/initramfs.htm" class="urlextern" title="http://hive.awired.net/_media/system-administration/gentoo/gentoo-wiki/initramfs.htm" rel="nofollow">http://hive.awired.net/_media/system-administration/gentoo/gentoo-wiki/initramfs.htm</a></div>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> lots of internet search ;)</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Finished!" [17203-17779] -->
<h1><a name="d- system config" id="d- system config">D- System config</a></h1>
<div class="level1">
</div>
<!-- SECTION "D- System config" [17780-17812] -->
<h2><a name="network configuration" id="network configuration">Network Configuration</a></h2>
<div class="level2">
<p>
<p><div class="noteclassic">
For the moment we don't have router vm so we will be connected directly to the internet box.
</div></p>
</p>
<div class="code"><p class="codehead"><a name="etcconf.dnet">/etc/conf.d/net</a></p><pre class="code">
config_eth0=("192.168.0.3/24")
routes_eth0=("default via 192.168.0.1")</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/net.eth0 restart
* Caching service dependencies ...
* Starting eth0
* Bringing up eth0
* 192.168.0.3/24
* Adding routes
* default via 192.168.0.1
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
<p>
Now add ssh deamon to runlevels
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add sshd default
* sshd added to runlevel default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/sshd start
Generating public/private rsa1 key pair.
...
* Starting sshd ...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
</div>
<!-- SECTION "Network Configuration" [17813-18553] -->
<h2><a name="hostname configuration" id="hostname configuration">Hostname configuration</a></h2>
<div class="level2">
<div class="code"><p class="codehead"><a name="etchosts">/etc/hosts</a></p><pre class="code">
...
127.0.0.1 srv-prs.home.loc srv-prs localhost
...</pre></div><div class="code"><p class="codehead"><a name="etcconf.dhostname">/etc/conf.d/hostname</a></p><pre class="code">
HOSTNAME="srv-prs"</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> hostname srv-prs
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> hostname -f
srv-prs.home.loc
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
</div>
<!-- SECTION "Hostname configuration" [18554-18849] -->
<h2><a name="timezone" id="timezone">Timezone</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cp /usr/share/zoneinfo/Europe/Paris /etc/localtime</pre><div class="code"><p class="codehead"><a name="etcconf.dclock">/etc/conf.d/clock</a></p><pre class="code">
...
TIMEZONE="Europe/Paris"
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge ntp
...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add ntp-client default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/ntp-client start</pre>
</div>
<!-- SECTION "Timezone" [18850-19172] -->
<h2><a name="rebuild for optimisation" id="rebuild for optimisation">Rebuild for optimisation</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> time emerge -vae world
...
real 183m54.743s
user 155m45.326s
sys 86m24.708s</pre>
</div>
<!-- SECTION "Rebuild for optimisation" [19173-19336] -->
<h2><a name="installation of basic softwares" id="installation of basic softwares">Installation of basic softwares</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge syslog-ng vixie-cron sendmail logrotate cryptsetup mdadm htop
...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add syslog-ng default
* syslog-ng added to runlevel default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add vixie-cron default
* vixie-cron added to runlevel default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add sendmail default
* sendmail added to runlevel default</pre>
</div>
<!-- SECTION "Installation of basic softwares" [19337-19749] -->
<h2><a name="hdparm" id="hdparm">Hdparm</a></h2>
<div class="level2">
<p>
To save power and hard drive life you can configure your hard drive to Spindown after a time without using it :
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge -v hdparm</pre>
<p>
The Time (in seconds) after which the Drive spins down is the value of your x multiplied with 5 From the manpage:
</p>
<p>
A value of zero means “timeouts are disabled”: the device will not automatically enter standby mode.
Values from 1 to 240 specify multiples of 5 seconds, yielding timeouts from 5 seconds to 20 minutes.
Values from 241 to 251 specify from 1 to 11 units of 30 minutes, yielding timeouts from 30 minutes to 5.5 hours.
A value of 252 signifies a timeout of 21 minutes.
A value of 253 sets a vendor-defined timeout period between 8 and 12 hours.
A value of 255 is interpreted as 21 minutes plus 15 seconds.
The value 254 is reserved.
Note that some older drives may have very different interpretations of these values.
</p>
<div class="code"><p class="codehead"><a name="etcconf.dhdparm">/etc/conf.d/hdparm</a></p><pre class="code">
...
sda_args="-S241"
sdd_args="-S241"
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/hdparm start
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add hdparm default</pre>
</div>
<!-- SECTION "Hdparm" [19750-20856] -->
<h2><a name="xen network configuration" id="xen network configuration">Xen network configuration</a></h2>
<div class="level2">
<p>
We are going to configure 3 networks :
</p>
<ul>
<li class="level1"><div class="li"> eth0 → xen-red → red network (will be removed when we will install router)</div>
</li>
<li class="level1"><div class="li"> eth1 → xen-green → green network</div>
</li>
<li class="level1"><div class="li"> br0 → xen-dmz → dmz network</div>
</li>
</ul>
</div>
<!-- SECTION "Xen network configuration" [20857-21091] -->
<h3><a name="removing eth0 from auto plug" id="removing eth0 from auto plug">Removing eth0 from auto plug</a></h3>
<div class="level3">
<p>
Remove eth0 from auto plug
</p>
<div class="code"><p class="codehead"><a name="etcconf.drc">/etc/conf.d/rc</a></p><pre class="code">
...
RC_PLUG_SERVICES="!net.*"
...</pre></div>
</div>
<!-- SECTION "Removing eth0 from auto plug" [21092-21229] -->
<h3><a name="network configuration1" id="network configuration1">Network configuration</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="etcconf.dnet">/etc/conf.d/net</a></p><pre class="code">
config_xendmz=("192.168.1.3/24")
brctl_xendmz=(
"setfd 0"
"stp off"
)
config_xenred=("192.168.0.3/24")
bridge_xenred=("peth0")
brctl_xenred=(
"setfd 0"
"stp off"
)
routes_xenred=("default via 192.168.0.1")
config_xengreen=("192.168.2.3/24")
bridge_xengreen=("peth1")
brctl_xengreen=(
"setfd 0"
"stp off"
)
routes_xengreen=("default via 192.168.2.2")</pre></div>
<p>
Creation of network scripts and adding dmz to runlevels
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /etc/init.d/
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> ln -s net.lo net.xenred
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> ln -s net.lo net.xengreen
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> ln -s net.lo net.xendmz
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add net.xendmz default</pre>
</div>
<!-- SECTION "Network configuration" [21230-21971] -->
<h3><a name="home server script" id="home server script">Home server script</a></h3>
<div class="level3">
<p>
We need peth0 that is the virtual version of eth0 to mount xenred network bridge. This bridge will be created by xen but peth0 too. A problem in the sequence cause that the first time we start xen it will fail to create bridges.
This is why i created a runlevel script that restart xen sequence a second time.
I actually don't know how to solve this problem.
</p>
<p>
Add a runlevel script to reload networks
</p>
<div class="code"><p class="codehead"><a name="etcinit.dhomesrv">/etc/init.d/homesrv</a></p><pre class="code">
#!/sbin/runscript
depend() {
need net
after xend
}
start() {
ebegin "Starting home server :)"
/etc/init.d/xend restart
/etc/init.d/net.xenred restart
/etc/init.d/net.xengreen restart
/etc/init.d/xendomains restart
}</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> chmod +x /etc/init.d/homesrv
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add homesrv default</pre>
</div>
<!-- SECTION "Home server script" [21972-22827] -->
<h3><a name="xen network scripts" id="xen network scripts">Xen network scripts</a></h3>
<div class="level3">
<p>
We are going to create script that mount red and green network at same times by xen :
</p>
<div class="code"><pre class="code">
#!/bin/sh
XENDIR="/etc/xen/scripts"
$XENDIR/network-bridge "$@" netdev=eth0 bridge=xenred vifnum=1
$XENDIR/network-bridge "$@" netdev=eth1 bridge=xengreen vifnum=2</pre><p class="codefoot"><a name="h etcxenscriptsmy-network-bridge">h /etc/xen/scripts/my-network-bridge</a></p></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> chmod +x /etc/xen/scripts/my-network-bridge</pre>
<p>
Now tell xen configuration use this script instead of default one
</p>
<div class="code"><p class="codehead"><a name="etcxenxend-config.sxp">/etc/xen/xend-config.sxp</a></p><pre class="code">
...
(network-script my-network-bridge)
...</pre></div>
<p>
tell gentoo to load loop modules on start
</p>
<div class="code"><p class="codehead"><a name="nano etcmodules.autoload.dkernel-2.6">nano /etc/modules.autoload.d/kernel-2.6</a></p><pre class="code">
...
loop
...</pre></div>
</div>
<!-- SECTION "Xen network scripts" [22828-23517] -->
<h3><a name="xen daemon" id="xen daemon">Xen daemon</a></h3>
<div class="level3">
<p>
Add xend to runlevels
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add xend default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/xend start</pre>
</div>
<!-- SECTION "Xen daemon" [23518-23664] -->
<h2><a name="guest paravirtualization kernel compilation" id="guest paravirtualization kernel compilation">Guest paravirtualization Kernel compilation</a></h2>
<div class="level2">
</div>
<!-- SECTION "Guest paravirtualization Kernel compilation" [23665-23721] -->
<h3><a name="separation of dom0 and domu kernels" id="separation of dom0 and domu kernels">Separation of dom0 and domU kernels</a></h3>
<div class="level3">
<p>
We are going to create 2 scripts to compile the domU and dom0.
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /usr/src/linux/
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> echo "mkdir -p _dom0 && make O=_dom0 \$@" > make0.sh
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> echo "mkdir -p _domU && make O=_domU \$@" > makeU.sh
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> chmod +x make?.sh
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./make0.sh menuconfig</pre>
<p>
Just Exit and Save.
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./makeU.sh menuconfig
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp .config _dom0/
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp .config _domU/
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make mrproper</pre>
<p>
Same thing, Exit and save.
</p>
<p>
now you can compile :
</p>
<ul>
<li class="level1"><div class="li"> your dom0 kernel by doing <strong>./make0.sh …</strong> in <strong>/usr/src/linux</strong> and take the kernel in <strong>/usr/src/linux/_dom0</strong></div>
</li>
<li class="level1"><div class="li"> your domU kernel by doing <strong>./makeU.sh …</strong> in <strong>/usr/src/linux</strong> and take the kernel in <strong>/usr/src/linux/_domU</strong></div>
</li>
</ul>
</div>
<!-- SECTION "Separation of dom0 and domU kernels" [23722-24585] -->
<h3><a name="domu compilation" id="domu compilation">domU compilation</a></h3>
<div class="level3">
<pre class="code">
Device Drivers --->
XEN --->
[ ] Privileged Guest (domain 0)
< > Backend driver support
<*> Block-device frontend driver
<*> Network-device frontend driver
<M> Network-device frontend driver acceleration for Solarflare
<M> SCSI frontend driver
<M> USB frontend driver
[*] Taking the HCD statistics (for debug)
<*> User-space granted page access driver
<*> Framebuffer-device frontend driver
<*> Keyboard-device frontend driver
[*] Disable serial port drivers
<*> Export Xen attributes in sysfs
(256) Number of guest devices
Xen version compatibility (no compatibility code) --->
[*] Place shared vCPU info in per-CPU storage</pre>
<p>
Now compile :
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./makeU.sh -j3
...
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp _domU/arch/x86/boot/vmlinuz ../</pre>
</div>
<!-- SECTION "domU compilation" [24586-25405] -->
<h1><a name="e- guest installation" id="e- guest installation">E- Guest installation</a></h1>
<div class="level1">
</div>
<!-- SECTION "E- Guest installation" [25406-25442] -->
<h2><a name="paravirtualization installation" id="paravirtualization installation">Paravirtualization installation</a></h2>
<div class="level2">
<p>
Creation of vm directory :
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /var/xen/def-gentoo
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> dd if=/dev/zero of=/var/xen/def-gentoo/def-gentoo.img bs=1M count=3500
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> dd if=/dev/zero of=/var/xen/def-gentoo/def-gentoo.swap bs=1M count=1000
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkfs.ext4 -N 600000 /var/xen/def-gentoo/def-gentoo.img
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkswap /var/xen/def-gentoo/def-gentoo.swap</pre>
<p>
This will create a disk image of 3G and a swap of 1G.
</p>
</div>
<!-- SECTION "Paravirtualization installation" [25443-25931] -->
<h3><a name="configuration file" id="configuration file">Configuration file</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="varxendef-gentoodef-gentoo.conf">/var/xen/def-gentoo/def-gentoo.conf</a></p><pre class="code">
kernel = "/usr/src/vmlinuz"
memory = 500
maxmem = 650
name = "def-gentoo"
vcpus = 2
vif = [ 'bridge=xenred' ]
disk = [ 'file:/var/xen/def-gentoo/def-gentoo.img,hda1,w', 'file:/var/xen/def-gentoo/def-gentoo.swap,hda2,w' ]
root = "/dev/hda1 ro"
extra = "xencons=tty"</pre></div>
</div>
<!-- SECTION "Configuration file" [25932-26281] -->
<h3><a name="install " id="install ">install /</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /mnt/gentoo
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mount -o loop /var/xen/def-gentoo/def-gentoo.img /mnt/gentoo
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /mnt/gentoo
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/releases/amd64/current-stage3/stage3-amd64-*.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> tar xjpf stage3-amd64-*.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> rm stage3-amd64-*.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> cd usr/
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/snapshots/portage-latest.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> tar xjf portage-latest.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> rm portage-latest.tar.bz2</pre><div class="code"><p class="codehead"><a name="mntgentooetcfstab">/mnt/gentoo/etc/fstab</a></p><pre class="code">
...
#/dev/BOOT /boot ext2 noauto,noatime 1 2
/dev/hda1 / ext4 noatime 0 1
/dev/hda2 none swap sw 0 0
/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
#/dev/fd0 /mnt/floppy auto noauto 0 0
...</pre></div>
<p>
Now we are going to copy the kernel to the vm.
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> rm -Rf /mnt/gentoo/usr/src/*
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> cp -R /usr/src/linux-2.6.31-xen-r7/ /mnt/gentoo/usr/src/
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> cd /mnt/gentoo/usr/src
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> ln -s linux-2.6.31-xen-r7 linux
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> chroot /mnt/gentoo /bin/bash
<span class="consoleName">localhost</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> env-update && source /etc/profile
<span class="consoleName">localhost</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> passwd
New password:
Retype new password:
passwd: password updated successfully
<span class="consoleName">localhost</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> cd /usr/src/linux
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./makeU.sh modules_install
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> exit
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> cd
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> umount /mnt/gentoo</pre>
<p>
boot the kernel
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> xm create -c /var/xen/def-gentoo/def-gentoo.conf
...
This is localhost.unknown_domain (Linux x86_64 2.6.31-xen-r7) 17:24:49
localhost login: root
Password:</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
To detach the vm screen :
</p>
<ul>
<li class="level1"><div class="li"> ctrl + ] (on english keyboard)</div>
</li>
<li class="level1"><div class="li"> ctrl + $ (on french keyboard)</div>
</li>
</ul>
<p>
To be attached back to the screen :
</p>
<pre class="console">
<span class="consoleSharp">#</span> xm console def-gentoo</pre>
<p>
</div></p>
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not use <strong>less</strong> on vm console it will crash return lines in your current shell, use an ssh connection instread.
</div></p>
</p>
</div>
<!-- SECTION "install /" [26282-28492] -->
<h3><a name="set network" id="set network">Set network</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="etcconf.dnet">/etc/conf.d/net</a></p><pre class="code">
config_eth0=("192.168.0.254/24")
routes_eth0=("default via 192.168.0.1")</pre></div><div class="code"><p class="codehead"><a name="etcresolv.conf">/etc/resolv.conf</a></p><pre class="code">
nameserver 212.27.40.240
nameserver 212.27.40.241</pre></div>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
use your provider dns servers
</div></p>
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/net.eth0 start</pre>
</div>
<!-- SECTION "Set network" [28493-28828] -->
<h3><a name="rebuild" id="rebuild">rebuild</a></h3>
<div class="level3">
<p>
configure make.conf
</p>
<div class="code"><p class="codehead"><a name="etcmake.conf">/etc/make.conf</a></p><pre class="code">
CFLAGS="-march=core2 -O2 -pipe"
CXXFLAGS="${CFLAGS}"
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="x86_64-pc-linux-gnu"
MAKEOPTS="-j3"
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="mmx sse sse2 -X unicode ipv6 -fortran"</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge -vae world</pre><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rm -Rf /usr/portage/distfiles/
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add sshd default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge syslog-ng vixie-cron logrotate
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add syslog-ng default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add vixie-cron default</pre>
</div>
<!-- SECTION "rebuild" [28829-29621] -->
<h3><a name="timezone1" id="timezone1">Timezone</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cp /usr/share/zoneinfo/Europe/Paris /etc/localtime</pre><div class="code"><p class="codehead"><a name="etcconf.dclock">/etc/conf.d/clock</a></p><pre class="code">
...
TIMEZONE="Europe/Paris"
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge ntp
...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add ntp-client default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/ntp-client start</pre>
</div>
<!-- SECTION "Timezone" [29622-29943] -->
<h3><a name="set hostname" id="set hostname">Set hostname</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="etchosts">/etc/hosts</a></p><pre class="code">
...
127.0.0.1 VMNAME.home.loc VMNAME localhost
...</pre></div><div class="code"><p class="codehead"><a name="etcconf.dhostname">/etc/conf.d/hostname</a></p><pre class="code">
HOSTNAME="VMNAME"</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> hostname VMNAME</pre>
<p>
<p><div class="noteclassic">
fw-prs.img 4000
fw-prs.swap 1024
</p>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Set hostname" [29944-30213] -->
<h2><a name="virtualization installation" id="virtualization installation">Virtualization installation</a></h2>
<div class="level2">
<p>
Virtualisation is for unmodified guest like windows :
</p>
<pre class="console">
<span class="consoleName">srv-mvl</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /var/xen/def-2003/
<span class="consoleName">srv-mvl</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> dd if=/dev/zero of=/var/xen/def-2003/def-2003.img bs=1M count=15000</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
I dit not found a solution to resize virtual drive after installation, so you need to give a good size to your img file
</div></p>
</p>
<p>
Copy an iso of 2003 from an other computer to your host using scp:
</p>
<pre class="console">
<span class="consoleSharp">#</span> scp FR_WS03VL.iso 192.168.0.3:/usr/src/</pre>
<p>
Configure your VM
</p>
<div class="code"><p class="codehead"><a name="varxendef-2003def-2003.conf">/var/xen/def-2003/def-2003.conf</a></p><pre class="code">
kernel = "/usr/lib/xen/boot/hvmloader"
builder='hvm'
memory = 512
#maxmem=600
vcpus=1
on_poweroff='destroy'
on_reboot='restart'
on_crash='restart'
##acpi=1
##apic=1
name = "mng-mvl"
vif = [ 'type=ioemu, mac=aa:00:b0:00:00:11, bridge=xenred' ]
disk = [ 'file:/var/xen/def-2003/def-2003.img,hda,w', 'file:/usr/src/FR_WS03VL.iso,hdb:cdrom,r' ]
device_model = '/usr/lib64/xen/bin/qemu-dm'
cdrom="file:/usr/src/FR_WS03VL.iso,hdb:cdrom,r"
boot="d"
sdl=0
vnc=1
vncviewer=0
ne2000=0
keymap='fr'
usbdevice='tablet'</pre></div>
<p>
Configure your xen vnc password :
</p>
<div class="code"><p class="codehead"><a name="etcxenxend-config.sxp">/etc/xen/xend-config.sxp</a></p><pre class="code">
...
(vnc-listen '0.0.0.0')
(vncpasswd 'yourpassword')
...</pre></div><pre class="console">
<span class="consoleName">srv-mvl</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/xend restart
<span class="consoleName">srv-mvl</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> xm create /var/xen/def-2003/def-2003.conf</pre>
<p>
now use a vnc client to connect to your vm on 192.168.0.3:5900
and follow installation of windows
</p>
</div>
<!-- SECTION "Virtualization installation" [30214-] --><span class="plugin_feedmod_comments">
<a href="http://hive.awired.net/hive/system/home-network/server-installation-xen#discussion__section" title="Read or add comments to this article">Read or add comments to this article</a>
</span>
-
text/html
2010-07-28T12:03:05+02:00
C- Server installation
http://hive.awired.net/hive/system/home-network/server-installation
<div class="level1">
<p>
<p><div class="noteclassic">
Here we are going to install a linux server composed of :
</p>
<ul>
<li class="level1"><div class="li"> A gentoo 64 Bit</div>
</li>
<li class="level1"><div class="li"> KVM for paravirualisation and virtualisation</div>
</li>
<li class="level1"><div class="li"> 5 hard drives as raid6 for / and datas</div>
</li>
<li class="level1"><div class="li"> Full encrypted partitions on different drives with AES</div>
</li>
<li class="level1"><div class="li"> An initramfs to boot on and asking for decryption passwords</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "C- Server installation" [1-347] -->
<h2><a name="bios configuration" id="bios configuration">Bios configuration</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Do not overclock your server, with a full time running overclocked computer you have good chance to have crash after few days running.</div>
</li>
<li class="level1"><div class="li"> Configure your ATA with <strong>AHCI</strong>, you should have better performance.</div>
</li>
<li class="level1"><div class="li"> Enable Intel Virtualization technology (for kvm)</div>
</li>
<li class="level1"><div class="li"> Set restore on power loss to <strong>Power On</strong> to reboot automaticaly</div>
</li>
<li class="level1"><div class="li"> Set all your raid drives as boot sequence even if you boot on cdrom first (needed for grub configuration)</div>
</li>
</ul>
</div>
<!-- SECTION "Bios configuration" [348-825] -->
<h2><a name="installation" id="installation">Installation</a></h2>
<div class="level2">
<p>
Download an iso of the latest version of gentoo (<a href="http://distfiles.gentoo.org/releases/amd64/autobuilds/current-iso/" class="urlextern" title="http://distfiles.gentoo.org/releases/amd64/autobuilds/current-iso/" rel="nofollow">link</a>). Burn it and boot on it.
</p>
<p>
<p><div class="noteclassic">
For this exemple I'will use 5 drives of about 200G for RAID6
the target partition sizes :
</p>
<ul>
<li class="level1"><div class="li"> <strong>md1 :</strong> 50M as RAID1 for /boot (we don't need raid6 for 50M)</div>
</li>
<li class="level1"><div class="li"> <strong>md2 :</strong> 150G as RAID6 for / and KVM drives</div>
</li>
<li class="level1"><div class="li"> <strong>md3 :</strong> to the end of drives as RAID6 for data</div>
</li>
</ul>
<p>
</div></p>
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
If you have more than 1 controller for your drives spread your drive on different controller, like that if a controller become crazy it will not destroy all drives.
</div></p>
</p>
<p>
<p><div class="noteclassic">
My / takes about 8G.
</p>
<p>
My VMs are composed of (with swap files and data) :
</p>
<ul>
<li class="level1"><div class="li"> <strong>ad :</strong> 10G</div>
</li>
<li class="level1"><div class="li"> <strong>ex :</strong> 7G</div>
</li>
<li class="level1"><div class="li"> <strong>fw :</strong> 5G</div>
</li>
<li class="level1"><div class="li"> <strong>gate :</strong> 6G</div>
</li>
<li class="level1"><div class="li"> <strong>mng :</strong> 20G</div>
</li>
<li class="level1"><div class="li"> <strong>websrv1 :</strong> 11G</div>
</li>
<li class="level1"><div class="li"> <strong>websrv2 :</strong> 27G</div>
</li>
</ul>
<p>
So we need about 100G for / and VMs (I set 150G to be sur ;))
</div></p>
</p>
<p>
open ssh server to <kbd>Ctrl</kbd>+<kbd>C</kbd> <kbd>Ctrl</kbd>+<kbd>V</kbd> commands :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> loadkeys fr
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> passwd
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/sshd start
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> ifconfig</pre>
<p>
now you can connect from an other computer
</p>
</div>
<!-- SECTION "Installation" [826-1987] -->
<h2><a name="prepare hard drives" id="prepare hard drives">Prepare hard drives</a></h2>
<div class="level2">
<p>
A visual representation of hard drives levels :
</p>
<table class="inline">
<tr class="row0">
<th class="col0 rightalign"> Devices </th><td class="col1"> hdX </td><td class="col2"> hdY </td><td class="col3"> sdZ </td>
</tr>
<tr class="row1">
<th class="col0 rightalign"> Raid</th><td class="col1 centeralign" colspan="3"> RAID6 </td>
</tr>
<tr class="row2">
<th class="col0 rightalign"> Crypto</th><td class="col1 centeralign" colspan="3"> AES </td>
</tr>
<tr class="row3">
<th class="col0 rightalign"> File System</th><td class="col1 centeralign" colspan="3"> EXT3 </td>
</tr>
<tr class="row4">
<th class="col0 rightalign"> Mount Point</th><td class="col1 centeralign" colspan="3"> / </td>
</tr>
</table>
<p>
First you have to find your smallest HDD to create raid based on his size :
</p>
<pre class="console">
<span class="consoleSharp">#</span> fdisk -l
Disk /dev/hda: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hdb: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hdc: 251.0 GB, 251000193024 bytes
255 heads, 63 sectors/track, 30515 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hde: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/hdf: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
Disk /dev/sdb: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System</pre>
<p>
I will use :
</p>
<ul>
<li class="level1"><div class="li"> <strong>hda</strong> : PATA controller 1</div>
</li>
<li class="level1"><div class="li"> <strong>hde</strong>, <strong>hdf</strong> : PATA controller 2</div>
</li>
<li class="level1"><div class="li"> <strong>sda</strong>, <strong>sdb</strong> : SATA controller 1</div>
</li>
</ul>
<p>
For me sda is the smallest drive, so i will start with this one:
</p>
<p>
<p><div class="noteclassic">
to calculate raid6 size :
<strong>C = (n - 2) * c</strong>
</p>
<ul>
<li class="level1"><div class="li"> <strong>C</strong> : total capacity of your raid</div>
</li>
<li class="level1"><div class="li"> <strong>n</strong> : number of disks</div>
</li>
<li class="level1"><div class="li"> <strong>c</strong> : single disk partition capacity</div>
</li>
</ul>
<p>
</div></p>
</p>
<p>
150 = (5 - 2) * c
</p>
<p>
c = 150 / 3
</p>
<p>
c = 50G for /dev/sda2
</p>
<p>
So we have to create partitions of 50G on each drives to have a raid6 of 150G
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> fdisk /dev/sda
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-24321, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-24321, default 24321): +50M
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (8-24792, default 8):
Using default value 8
Last cylinder, +cylinders or +size{K,M,G} (8-24321, default 24321): +50G
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (140-24792, default 140):
Using default value 140
Last cylinder, +cylinders or +size{K,M,G} (140-24321, default 24321):
Using default value 24321
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): fd
Changed system type of partition 2 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): fd
Changed system type of partition 3 to fd (Linux raid autodetect)
Command (m for help): a
Partition number (1-4): 1
Command (m for help): p
Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x48ee7660
Device Boot Start End Blocks Id System
/dev/sda1 * 1 7 56196 fd Linux raid autodetect
/dev/sda2 8 6600 52958272 fd Linux raid autodetect
/dev/sda3 6601 24321 142343932+ fd Linux raid autodetect
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
<p>
For other disks you have to do the same thing except for the 3rd partition.
Instead of just press enter for final size set smallest drive 3rd partition size.
</p>
<pre class="console">
Partition number (1-4): 3
First cylinder (6536-24321, default 6536):
Using default value 6536
Last cylinder, +cylinders or +size{K,M,G} (6536-24792, default 24792): 24321
Command (m for help):</pre>
</div>
<!-- SECTION "Prepare hard drives" [1988-6774] -->
<h2><a name="creating raid" id="creating raid">Creating raid</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> modprobe raid1
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> modprobe raid6
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> modprobe dm-mod</pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
see modules :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> lsmod | grep raid</pre>
<p>
</div></p>
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md1 b 9 1
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md2 b 9 2
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mknod /dev/md3 b 9 3
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md1 --level=1 --raid-devices=6 /dev/sda1 /dev/sdb1 /dev/hda1 /dev/hdb1 /dev/hde1 /dev/hdf1
mdadm: array /dev/md1 started.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md2 --level=6 --raid-devices=5 /dev/sda2 /dev/sdb2 /dev/hda2 /dev/hdb2 /dev/hde2
mdadm: array /dev/md2 started.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --create /dev/md3 --level=6 --raid-devices=5 /dev/sda3 /dev/sdb3 /dev/hda3 /dev/hdb3 /dev/hde3
mdadm: array /dev/md3 started.</pre>
<p>
add spare :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --add /dev/md2 /dev/sdf2
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mdadm --add /dev/md3 /dev/sdf3</pre>
<p>
now wait for raid sync :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> watch cat /proc/mdstat
Every 2.0s: cat /proc/mdstat Fri Nov 13 21:49:39 2009
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md3 : active raid6 hdf3[4] hde3[3] hda3[2] sdb3[1] sda3[0]
428597760 blocks level 6, 64k chunk, algorithm 2 [5/5] [UUUUU]
resync=DELAYED
md2 : active raid6 hdf2[4] hde2[3] hda2[2] sdb2[1] sda2[0]
157308288 blocks level 6, 64k chunk, algorithm 2 [5/5] [UUUUU]
[==>..................] resync = 10.4% (5496896/52436096) finish=36.8min speed=21227K/sec
md1 : active raid1 hdf1[4] hde1[3] hda1[2] sdb1[1] sda1[0]
56128 blocks [5/5] [UUUUU]
unused devices: <none></pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
<kbd>Ctrl</kbd>+<kbd>C</kbd> to quit
</div></p>
</p>
<p>
Crypt partitions :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup -y -v -c aes-xts-benbi:sha512 -h sha512 -s 512 luksFormat /dev/md2
WARNING!
========
This will overwrite data on /dev/md2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup -y -v -c aes-xts-benbi:sha512 -h sha512 -s 512 luksFormat /dev/md3
WARNING!
========
This will overwrite data on /dev/md3 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
<p>
Open encrypted partitions
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup luksOpen /dev/md2 md2
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cryptsetup luksOpen /dev/md3 md3
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.</pre>
<p>
Format partitions
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mke2fs -j /dev/md1
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 33 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkfs.ext4 /dev/mapper/md2
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkfs.ext4 /dev/mapper/md3
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.</pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
Do not use LVM as it “may” degrade (<a href="http://mbhtech.blogspot.com/2009/09/software-raid-vs-lvm-quick-speed-test_08.html" class="urlextern" title="http://mbhtech.blogspot.com/2009/09/software-raid-vs-lvm-quick-speed-test_08.html" rel="nofollow">see</a>) performance and is very unnecessary if you create well sized partitions
</div></p>
</p>
<p>
mount drives (md3 will only be used in xen later)
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mount /dev/mapper/md2 /mnt/gentoo/
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /mnt/gentoo/boot
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mount /dev/md1 /mnt/gentoo/boot/</pre>
</div>
<!-- SECTION "Creating raid" [6775-10366] -->
<h2><a name="installation of " id="installation of ">Installation of /</a></h2>
<div class="level2">
</div>
<!-- SECTION "Installation of /" [10367-10397] -->
<h3><a name="swap" id="swap">swap</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> dd if=/dev/zero of=/mnt/gentoo/swap.img bs=1M count=1000
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkswap /mnt/gentoo/swap.img
Setting up swapspace version 1, size = 1023996 KiB
no label, UUID=11c45e43-4a60-43a6-8a99-352b5b1dc939
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> swapon /mnt/gentoo/swap.img
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> swapon -s
Filename Type Size Used Priority
/mnt/gentoo/swap.img file 1023992 0 -1</pre>
</div>
<!-- SECTION "swap" [10398-10863] -->
<h3><a name="stage3" id="stage3">Stage3</a></h3>
<div class="level3">
<p>
Download stage3
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /mnt/gentoo/
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> links http://www.gentoo.org/main/en/mirrors.xml</pre>
<p>
select a mirror and download stage3 tar.gz file for your arch (amd64 for me)
</p>
<p>
<p><div class="notetip"><span class="type">tip: </span>
direct download:
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/releases/amd64/current-stage3/stage3-amd64-*.tar.bz2</pre>
<p>
</div></p>
</p>
<p>
Extract stage3
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> time tar xjpf stage3*
real 1m10.811s
user 0m32.000s
sys 0m3.230s</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Be sur to mount boot partition before extracting stage3 or you will have problems with grub.
</div></p>
</p>
</div>
<!-- SECTION "Stage3" [10864-11513] -->
<h3><a name="portage" id="portage">Portage</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> cd /mnt/gentoo/usr
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> links http://www.gentoo.org/main/en/mirrors.xml</pre>
<p>
select a mirror and download latest portage
</p>
<p>
<p><div class="notetip"><span class="type">tip: </span>
direct download :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/snapshots/portage-latest.tar.bz2</pre>
<p>
</div></p>
</p>
<p>
Extract portage
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> time tar xjf portage-lat*
real 1m31.991s
user 0m14.500s
sys 0m5.790s</pre>
</div>
<!-- SECTION "Portage" [11514-11982] -->
<h3><a name="chroot and prepare system" id="chroot and prepare system">Chroot and prepare system</a></h3>
<div class="level3">
</div>
<h4><a name="chroot" id="chroot">Chroot</a></h4>
<div class="level4">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> cd /
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> mount -t proc proc /mnt/gentoo/proc
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> mount -o bind /dev /mnt/gentoo/dev
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> cp -L /etc/resolv.conf /mnt/gentoo/etc/
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> chroot /mnt/gentoo /bin/bash
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> source /etc/profile && env-update
>>> Regenerating /etc/ld.so.cache...</pre>
</div>
<h4><a name="root password" id="root password">Root password</a></h4>
<div class="level4">
<p>
change root password
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> passwd
New UNIX password:
Retype new UNIX password:
passwd: password updated successfully</pre>
</div>
<h4><a name="keyboard map" id="keyboard map">Keyboard map</a></h4>
<div class="level4">
<div class="code"><p class="codehead"><a name="etcconf.dkeymaps">/etc/conf.d/keymaps</a></p><pre class="code">
...
KEYMAP="fr"
...</pre></div>
</div>
<h4><a name="fstab" id="fstab">fstab</a></h4>
<div class="level4">
<div class="code"><p class="codehead"><a name="etcfstab">/etc/fstab</a></p><pre class="code">
...
/dev/md1 /boot ext3 noauto,noatime 1 2
/dev/mapper/md2 / ext4 noatime 0 1
/swap.img none swap sw 0 0
/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
...</pre></div>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not forget /boot filesystem as ext3 and / as ext4
</div></p>
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> mkdir /etc/portage</pre>
</div>
<h4><a name="compilation optimization" id="compilation optimization">Compilation optimization</a></h4>
<div class="level4">
<p>
Have a look on <a href="http://en.gentoo-wiki.com/wiki/Safe_Cflags" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Safe_Cflags" rel="nofollow">flags for your processor</a> and populate your make.conf
</p>
<p>
exemple for my core2
</p>
<div class="code"><p class="codehead"><a name="etcmake.conf">/etc/make.conf</a></p><pre class="code">
CHOST="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j3"
USE="mmx sse sse2 -X unicode ipv6 -fortran"</pre></div>
<p>
<p><div class="notetip"><span class="type">tip: </span>
MAKEOPTS should be : number_of_processor_core + 1
</div></p>
</p>
</div>
<!-- SECTION "Chroot and prepare system" [11983-13498] -->
<h2><a name="kernel" id="kernel">Kernel</a></h2>
<div class="level2">
<p>
Install package :
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> emerge -a gentoo-sources</pre>
</div>
<!-- SECTION "Kernel" [13499-13598] -->
<h3><a name="kernel configuration" id="kernel configuration">Kernel configuration</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> cd /usr/src/linux
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make menuconfig</pre><pre class="code">
Processor type and features --->
[*] Paravirtualized guest support --->
[ ] Xen guest support
[*] KVM paravirtualized clock
[*] KVM Guest support
-*- Enable paravirtualization code
[*] Paravirtualization layer for spinlocks
Processor family (Core 2/newer Xeon) --->
[*] Networking support --->
Networking options --->
<*> 802.1d Ethernet Bridging
Device Drivers --->
[*] Network device support --->
<*> Universal TUN/TAP device driver support
<*> Virtio network driver (EXPERIMENTAL)
[*] Block devices --->
<*> Loopback device support
<*> Virtio block driver (EXPERIMENTAL)
Character devices --->
<*> Virtio console
<*> VirtIO Random Number Generator support
[*] Multiple devices driver support (RAID and LVM) --->
<*> RAID support
<*> RAID-1 (mirroring) mode
<*> RAID-4/RAID-5/RAID-6 mode
<*> Device mapper support
<*> Crypt target support
<M> I2C support --->
<M> I2C device interface
I2C Hardware Bus support --->
# Activate everything
<M> Hardware Monitoring Support --->
# Activate everything
File systems --->
<*> The Extended 4 (ext4) filesystem
[*] Ext4 extended attributes
[*] Ext4 POSIX Access Control Lists
[*] Ext4 Security Labels
<*> FUSE (Filesystem in Userspace) support
-*- Cryptographic API --->
<*> XTS support (EXPERIMENTAL)
<*> SHA224 and SHA256 digest algorithm
<*> SHA384 and SHA512 digest algorithms
-*- AES cipher algorithms (x86_64)
<*> AES cipher algorithms (AES-NI)
[*] Virtualization --->
--- Virtualization
<*> Kernel-based Virtual Machine (KVM) support
<*> KVM for Intel processors support
< > KVM for AMD processors support
<*> Host kernel accelerator for virtio net (EXPERIMENTAL)
<*> PCI driver for virtio devices (EXPERIMENTAL)
<*> Virtio balloon driver (EXPERIMENTAL)</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not forget to set your devices drivers !
</p>
<ul>
<li class="level1"><div class="li"> network devices</div>
</li>
<li class="level1"><div class="li"> HDD controller</div>
</li>
</ul>
<p>
# lspci in livecd will tell you
</div></p>
</p>
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make -j3
...
Kernel: arch/x86/boot/vmlinuz is ready (#1)
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make modules_install
<span class="consoleName">livecd</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp arch/x86/boot/bzImage /boot/kernel</pre>
</div>
<!-- SECTION "Kernel configuration" [13599-16048] -->
<h2><a name="initramfs" id="initramfs">InitRamFs</a></h2>
<div class="level2">
<p>
<strong>Follow this link to build your initramfs :</strong>
</p>
<p>
<strong><a href="http://hive.awired.net/hive/system/gentoo/initramfs" class="wikilink1" title="hive:system:gentoo:initramfs">build your initramfs</a></strong>
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
<strong>we have to use an initramfs to open encrypted drive during boot</strong>
</div></p>
</p>
</div>
<!-- SECTION "InitRamFs" [16049-16273] -->
<h2><a name="install grub" id="install grub">Install grub</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">initramfs</span> <span class="consoleSharp">#</span> emerge grub
<span class="consoleName">livecd</span> <span class="consolePath">initramfs</span> <span class="consoleSharp">#</span> grub
grub> root (hd0,0)
grub> setup (hd0)
grub> root (hd1,0)
grub> setup (hd1)
grub> root (hd2,0)
grub> setup (hd2)
grub> root (hd3,0)
grub> setup (hd3)
grub> root (hd4,0)
grub> setup (hd4)
grub> root (hd5,0)
grub> setup (hd5)
grub> quit</pre>
<p>
<p><div class="notetip"><span class="type">tip: </span>
hdX in grub corresponds to bios hard drive boot sequences, drives have to be set in bios
</div></p>
</p>
<div class="code"><p class="codehead"><a name="bootgrubgrub.conf">/boot/grub/grub.conf</a></p><pre class="code">
title GLK
root (hd0,0)
kernel /boot/kernel root=/dev/mapper/md2
module /boot/initramfs.gz</pre></div>
</div>
<!-- SECTION "Install grub" [16274-16850] -->
<h2><a name="finished" id="finished">Finished!</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">livecd</span> <span class="consolePath">initramfs</span> <span class="consoleSharp">#</span> exit
<span class="consoleName">livecd</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> umount /mnt/gentoo/proc/ /mnt/gentoo/dev /mnt/gentoo/boot /mnt/gentoo</pre><hr />
<p>
<p><div class="noteclassic">
<strong>sources:</strong>
</p>
<p>
for installation:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml" class="urlextern" title="http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml" rel="nofollow">http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml</a></div>
</li>
</ul>
<p>
for xen:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.gentoo.org/doc/en/xen-guide.xml" class="urlextern" title="http://www.gentoo.org/doc/en/xen-guide.xml" rel="nofollow">http://www.gentoo.org/doc/en/xen-guide.xml</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://en.gentoo-wiki.com/wiki/Xen" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Xen" rel="nofollow">http://en.gentoo-wiki.com/wiki/Xen</a></div>
</li>
</ul>
<p>
for initramfs:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://en.gentoo-wiki.com/wiki/Initramfs" class="urlextern" title="http://en.gentoo-wiki.com/wiki/Initramfs" rel="nofollow">http://en.gentoo-wiki.com/wiki/Initramfs</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://hive.awired.net/_media/system-administration/gentoo/gentoo-wiki/initramfs.htm" class="urlextern" title="http://hive.awired.net/_media/system-administration/gentoo/gentoo-wiki/initramfs.htm" rel="nofollow">http://hive.awired.net/_media/system-administration/gentoo/gentoo-wiki/initramfs.htm</a></div>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> lots of internet search ;)</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Finished!" [16851-] --><span class="plugin_feedmod_comments">
<a href="http://hive.awired.net/hive/system/home-network/server-installation#discussion__section" title="Read or add comments to this article">Read or add comments to this article</a>
</span>
-
text/html
2010-07-20T15:08:38+02:00
D- System config
http://hive.awired.net/hive/system/home-network/system-configuration
<div class="level1">
</div>
<!-- SECTION "D- System config" [1-33] -->
<h2><a name="network configuration" id="network configuration">Network Configuration</a></h2>
<div class="level2">
<div class="code"><p class="codehead"><a name="etcconf.dnet">/etc/conf.d/net</a></p><pre class="code">
config_eth0=("null")
config_eth1=("null")
config_red=("192.168.0.3/24")
bridge_red=("eth0")
rc_need_red="net.eth0"
brctl_red=(
"setfd 0"
"stp off"
)
routes_red=("default via 192.168.0.2")
config_green=("192.168.2.3/24")
bridge_green=("eth1")
rc_need_green="net.eth1"
brctl_green=(
"setfd 0"
"stp off"
)
config_dmz=("null")
brctl_dmz=(
"setfd 0"
"stp off"
)</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /etc/init.d
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> ln -s net.lo net.eth1
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> ln -s net.lo net.red
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> ln -s net.lo net.green
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> ln -s net.lo net.dmz
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> rc-update add net.eth0 default
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> rc-update add net.eth1 default
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> rc-update add net.red default
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> rc-update add net.green default
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> rc-update add net.dmz default
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> /etc/init.d/net.eth0 start
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> /etc/init.d/net.eth1 start
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> /etc/init.d/net.red start
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> /etc/init.d/net.green start
<span class="consoleName">localhost</span> <span class="consolePath">init.d</span> <span class="consoleSharp">#</span> /etc/init.d/net.dmz start</pre>
<p>
Now add ssh deamon to runlevels
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add sshd default
* sshd added to runlevel default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/sshd start
Generating public/private rsa1 key pair.
...
* Starting sshd ...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
</div>
<!-- SECTION "Network Configuration" [34-1455] -->
<h2><a name="hostname configuration" id="hostname configuration">Hostname configuration</a></h2>
<div class="level2">
<div class="code"><p class="codehead"><a name="etchosts">/etc/hosts</a></p><pre class="code">
...
127.0.0.1 srv-prs.home.loc srv-prs localhost
...</pre></div><div class="code"><p class="codehead"><a name="etcconf.dhostname">/etc/conf.d/hostname</a></p><pre class="code">
HOSTNAME="srv-prs"</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> hostname srv-prs
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> hostname -f
srv-prs.home.loc
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> </pre>
</div>
<!-- SECTION "Hostname configuration" [1456-1751] -->
<h2><a name="timezone" id="timezone">Timezone</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cp /usr/share/zoneinfo/Europe/Paris /etc/localtime</pre><div class="code"><p class="codehead"><a name="etcconf.dclock">/etc/conf.d/clock</a></p><pre class="code">
...
TIMEZONE="Europe/Paris"
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge ntp
...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add ntp-client default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/ntp-client start</pre>
</div>
<!-- SECTION "Timezone" [1752-2074] -->
<h2><a name="rebuild for optimisation" id="rebuild for optimisation">Rebuild for optimisation</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> time emerge -vae world
...
real 183m54.743s
user 155m45.326s
sys 86m24.708s</pre>
</div>
<!-- SECTION "Rebuild for optimisation" [2075-2238] -->
<h2><a name="installation of basic softwares" id="installation of basic softwares">Installation of basic softwares</a></h2>
<div class="level2">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge -a syslog-ng vixie-cron sendmail logrotate cryptsetup mdadm bridge-utils usermode-utilities htop pci-utils usbutils
...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add syslog-ng default
* syslog-ng added to runlevel default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add vixie-cron default
* vixie-cron added to runlevel default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add sendmail default
* sendmail added to runlevel default</pre>
<p>
<p><div class="noteclassic">
</p>
<ul>
<li class="level1"><div class="li"> <em>syslog-ng</em> log system</div>
</li>
<li class="level1"><div class="li"> <em>vixie-cron</em> cron system</div>
</li>
<li class="level1"><div class="li"> <em>sendmail</em> to send administration mails</div>
</li>
<li class="level1"><div class="li"> <em>logrotate</em> rotate logs to prevend hard drive fill</div>
</li>
<li class="level1"><div class="li"> <em>cryptsetup</em> to manage encrypted drives</div>
</li>
<li class="level1"><div class="li"> <em>mdadm</em> to manage raid</div>
</li>
<li class="level1"><div class="li"> <em>htop</em> a better <em>top</em></div>
</li>
<li class="level1"><div class="li"> <em>pci-utils</em> to privide lspci</div>
</li>
<li class="level1"><div class="li"> <em>usbutils</em> to provide lsusb</div>
</li>
<li class="level1"><div class="li"> <em>bridge-utils</em> to manage bridge if we have to do things by hand</div>
</li>
<li class="level1"><div class="li"> <em>usermode-utilities</em> to manage tun(tunctl) if we have to do things by hand</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Installation of basic softwares" [2239-3208] -->
<h2><a name="hdparm" id="hdparm">Hdparm</a></h2>
<div class="level2">
<p>
To save power and hard drive life you can configure your hard drive to Spindown after a time without using it :
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge -v hdparm</pre>
<p>
The Time (in seconds) after which the Drive spins down is the value of your x multiplied with 5 From the manpage:
</p>
<p>
A value of zero means “timeouts are disabled”: the device will not automatically enter standby mode.
Values from 1 to 240 specify multiples of 5 seconds, yielding timeouts from 5 seconds to 20 minutes.
Values from 241 to 251 specify from 1 to 11 units of 30 minutes, yielding timeouts from 30 minutes to 5.5 hours.
A value of 252 signifies a timeout of 21 minutes.
A value of 253 sets a vendor-defined timeout period between 8 and 12 hours.
A value of 255 is interpreted as 21 minutes plus 15 seconds.
The value 254 is reserved.
Note that some older drives may have very different interpretations of these values.
</p>
<div class="code"><p class="codehead"><a name="etcconf.dhdparm">/etc/conf.d/hdparm</a></p><pre class="code">
...
sda_args="-S241"
sdd_args="-S241"
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/hdparm start
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add hdparm default</pre>
</div>
<!-- SECTION "Hdparm" [3209-4315] -->
<h2><a name="iptables" id="iptables">Iptables</a></h2>
<div class="level2">
<p>
As you can see in network configuration the server has 2 legs in 2 networks : red and green.
</p>
<p>
the green one will be the default one and the red one is an admin interface to the world(next to red network), where we are going to allow only ssh access :
</p>
<pre class="console">
<span class="consoleSharp">#</span> emerge -va iptables</pre><div class="code"><pre class="code">
#!/bin/bash -x
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --source-port 22 -j ACCEPT
iptables -A INPUT -i eth0 -j REJECT
iptables -A OUTPUT -o eth0 -j REJECT
# IPV6
ip6tables -F INPUT
ip6tables -F OUTPUT
ip6tables -F FORWARD
ip6tables -F
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP
echo "0" >/proc/sys/net/ipv6/conf/all/forwarding</pre><p class="codefoot"><a name="rootfw.sh">/root/fw.sh</a></p></div><pre class="console">
<span class="consoleSharp">#</span> chmod +x /root/fw.sh
<span class="consoleSharp">#</span> rc-update add iptables default
<span class="consoleSharp">#</span> rc-update add ip6tables default
<span class="consoleSharp">#</span> /etc/init.d/iptables start
<span class="consoleSharp">#</span> /etc/init.d/ip6tables start
<span class="consoleSharp">#</span> /root/fw.sh
<span class="consoleSharp">#</span> /etc/init.d/iptables save
<span class="consoleSharp">#</span> /etc/init.d/ip6tables save</pre>
</div>
<!-- SECTION "Iptables" [4316-5585] -->
<h2><a name="kvm" id="kvm">KVM</a></h2>
<div class="level2">
<p>
Layers used by to manage virtualisation :
</p>
<table class="inline">
<tr class="row0">
<th class="col0 centeralign" colspan="3"> LAYERS </th>
</tr>
<tr class="row1">
<td class="col0 centeralign" colspan="3"> Hardware </td>
</tr>
<tr class="row2">
<td class="col0 centeralign" colspan="3"> KVM </td>
</tr>
<tr class="row3">
<td class="col0 centeralign" colspan="3"> qemu </td>
</tr>
<tr class="row4">
<td class="col0 centeralign" colspan="3"> libvirt </td>
</tr>
<tr class="row5">
<td class="col0 rightalign"> virsh </td><td class="col1 centeralign"> virt-manager </td><td class="col2 centeralign"> archipel? </td>
</tr>
<tr class="row6">
<td class="col0 centeralign"> cli </td><td class="col1 centeralign"> client </td><td class="col2 centeralign"> web? </td>
</tr>
</table>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
We are currently not going to install the web part of administration
</div></p>
</p>
<div class="code"><p class="codehead"><a name="etcportagepackage.use">/etc/portage/package.use</a></p><pre class="code">
app-emulation/libvirt qemu udev
x11-libs/cairo X</pre></div><pre class="console">
<span class="consoleSharp">#</span> emerge -va cairo dbus qemu-kvm libvirt virt-manager
<span class="consoleSharp">#</span> rc-update add libvirtd default
<span class="consoleSharp">#</span> rc-update add dbus default
<span class="consoleSharp">#</span> /etc/init.d/libvirtd start
<span class="consoleSharp">#</span> /etc/init.d/dbus start</pre>
</div>
<!-- SECTION "KVM" [5586-6215] -->
<h2><a name="guest kernel compilation" id="guest kernel compilation">Guest Kernel compilation</a></h2>
<div class="level2">
<p>
May not be needed…
</p>
<p>
<!--
</p>
</div>
<!-- SECTION "Guest Kernel compilation" [6216-6294] -->
<h3><a name="separation of dom0 and domu kernels" id="separation of dom0 and domu kernels">Separation of dom0 and domU kernels</a></h3>
<div class="level3">
<p>
We are going to create 2 scripts to compile the domU and dom0.
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /usr/src/linux/
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> echo "mkdir -p _dom0 && make O=_dom0 \$@" > make0.sh
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> echo "mkdir -p _domU && make O=_domU \$@" > makeU.sh
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> chmod +x make?.sh
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./make0.sh menuconfig</pre>
<p>
Just Exit and Save.
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./makeU.sh menuconfig
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp .config _dom0/
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp .config _domU/
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> make mrproper</pre>
<p>
Same thing, Exit and save.
</p>
<p>
now you can compile :
</p>
<ul>
<li class="level1"><div class="li"> your dom0 kernel by doing <strong>./make0.sh …</strong> in <strong>/usr/src/linux</strong> and take the kernel in <strong>/usr/src/linux/_dom0</strong></div>
</li>
<li class="level1"><div class="li"> your domU kernel by doing <strong>./makeU.sh …</strong> in <strong>/usr/src/linux</strong> and take the kernel in <strong>/usr/src/linux/_domU</strong></div>
</li>
</ul>
</div>
<!-- SECTION "Separation of dom0 and domU kernels" [6295-7158] -->
<h3><a name="domu compilation" id="domu compilation">domU compilation</a></h3>
<div class="level3">
<pre class="code">
Processor type and features --->
[*] Paravirtualized guest support --->
[ ] Xen guest support
[*] KVM paravirtualized clock
[*] KVM Guest support
-*- Enable paravirtualization code
[*] Paravirtualization layer for spinlocks
Processor family (Core 2/newer Xeon) --->
[*] Networking support --->
Networking options --->
<*> 802.1d Ethernet Bridging
Device Drivers --->
[*] Network device support --->
<*> Universal TUN/TAP device driver support
<*> Virtio network driver (EXPERIMENTAL)
[*] Block devices --->
<*> Loopback device support
<*> Virtio block driver (EXPERIMENTAL)
Character devices --->
<*> Virtio console
<*> VirtIO Random Number Generator support
[*] Multiple devices driver support (RAID and LVM) --->
<*> RAID support
<*> RAID-1 (mirroring) mode
<*> RAID-4/RAID-5/RAID-6 mode
<*> Device mapper support
<*> Crypt target support
File systems --->
<*> The Extended 4 (ext4) filesystem
[*] Ext4 extended attributes
[*] Ext4 POSIX Access Control Lists
[*] Ext4 Security Labels
<*> FUSE (Filesystem in Userspace) support
-*- Cryptographic API --->
<*> XTS support (EXPERIMENTAL)
<*> SHA224 and SHA256 digest algorithm
<*> SHA384 and SHA512 digest algorithms
-*- AES cipher algorithms (x86_64)
<*> AES cipher algorithms (AES-NI)
[*] Virtualization --->
--- Virtualization
<*> Kernel-based Virtual Machine (KVM) support
<*> KVM for Intel processors support
< > KVM for AMD processors support
<*> Host kernel accelerator for virtio net (EXPERIMENTAL)
<*> PCI driver for virtio devices (EXPERIMENTAL)
<*> Virtio balloon driver (EXPERIMENTAL)</pre>
<p>
Now compile :
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> ./makeU.sh -j3
...
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> cp _domU/arch/x86/boot/bzImage ../</pre>
<p>
-->
</p>
</div>
<!-- SECTION "domU compilation" [7159-] -->
-
text/html
2010-07-20T20:09:06+02:00
E- Guest installation
http://hive.awired.net/hive/system/home-network/xen-guest-installation
<div class="level1">
</div>
<!-- SECTION "E- Guest installation" [1-37] -->
<h2><a name="vm supervision" id="vm supervision">VM supervision</a></h2>
<div class="level2">
<p>
go to <a href="http://people.redhat.com/~rjones/virt-top/download.html" class="urlextern" title="http://people.redhat.com/~rjones/virt-top/download.html" rel="nofollow"> virt-top</a> and download a binary package of the virt-top
</p>
</div>
<!-- SECTION "VM supervision" [38-188] -->
<h2><a name="gentoo installation" id="gentoo installation">Gentoo installation</a></h2>
<div class="level2">
<p>
Creation of vm directory :
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /var/vm/
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /var/vm/def-gentoo
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> dd if=/dev/zero of=/var/vm/def-gentoo/def-gentoo.img bs=1M count=3500
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> dd if=/dev/zero of=/var/vm/def-gentoo/def-gentoo.swap bs=1M count=1000
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkfs.ext4 -N 600000 /var/vm/def-gentoo/def-gentoo.img
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkswap /var/vm/def-gentoo/def-gentoo.swap</pre>
<p>
<p><div class="noteclassic">
We provide a huge inode size during ext4 format to be prepare to resize disk
</div></p>
</p>
<p>
This will create a disk image of 3.5G and a swap of 1G.
</p>
</div>
<!-- SECTION "Gentoo installation" [189-789] -->
<h3><a name="configuration file" id="configuration file">Configuration file</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="varvmdef-gentoodef-gentoo.xml">/var/vm/def-gentoo/def-gentoo.xml</a></p><pre class="code">
<domain type='kvm'>
<name>def-gentoo</name>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>2</vcpu>
<os>
<type arch='x86_64'>hvm</type>
<boot dev='hd'/>
<kernel>/usr/src/bzImage</kernel>
<!--<initrd>/usr/src/initrd</initrd>-->
<cmdline>root=/dev/vda console=ttyS0</cmdline>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu>
<topology sockets='1' cores='2' threads='1' />
</cpu>
<clock offset='localtime' />
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm</emulator>
<!-- DRIVES -->
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none' />
<source file='/var/vm/def-gentoo/def-gentoo.img'/>
<!--<shareable/>-->
<target dev='vda' bus='virtio'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' />
<source file='/var/vm/def-gentoo/def-gentoo.swap'/>
<target dev='vdb' bus='virtio'/>
</disk>
<!-- NETWORK -->
<interface type='bridge'>
<mac address='52:54:00:2a:00:02' />
<source bridge='red'/>
<model type='virtio' />
</interface>
<interface type='bridge'>
<mac address='52:54:00:2a:02:02' />
<source bridge='green'/>
<model type='virtio' />
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target port='0'/>
</console>
<graphics type='vnc' port='-1' keymap='fr' listen='127.0.0.1' />
</devices>
</domain></pre></div>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not forget to update mac addresses of network interfaces
</div></p>
</p>
</div>
<!-- SECTION "Configuration file" [790-2564] -->
<h3><a name="install " id="install ">install /</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mkdir /mnt/gentoo
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> mount -o loop /var/vm/def-gentoo/def-gentoo.img /mnt/gentoo
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cd /mnt/gentoo
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/releases/amd64/current-stage3/stage3-amd64-*.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> tar xjpf stage3-amd64-*.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> rm stage3-amd64-*.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">gentoo</span> <span class="consoleSharp">#</span> cd usr/
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/snapshots/portage-latest.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> tar xjf portage-latest.tar.bz2
<span class="consoleName">localhost</span> <span class="consolePath">usr</span> <span class="consoleSharp">#</span> rm portage-latest.tar.bz2</pre><div class="code"><p class="codehead"><a name="mntgentooetcfstab">/mnt/gentoo/etc/fstab</a></p><pre class="code">
...
#/dev/BOOT /boot ext2 noauto,noatime 1 2
/dev/vda / ext4 noatime 0 1
/dev/vdb none swap sw 0 0
/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
#/dev/fd0 /mnt/floppy auto noauto 0 0
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> chroot /mnt/gentoo /bin/bash
<span class="consoleName">localhost</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> env-update && source /etc/profile
<span class="consoleName">localhost</span> <span class="consolePath">/</span> <span class="consoleSharp">#</span> passwd
New password:
Retype new password:
passwd: password updated successfully</pre>
<p>
Now we are going to add serial output console (uncomment serial console)
</p>
<div class="code"><p class="codehead"><a name="etcinittab">/etc/inittab</a></p><pre class="code">
...
# SERIAL CONSOLES
s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">linux</span> <span class="consoleSharp">#</span> exit
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> cd
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> umount /mnt/gentoo</pre>
<p>
add vm to libvirt
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> ln -s /var/vm/def-gentoo.xml /etc/libvirt/qemu/def-gentoo.xml
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> ln -s /etc/libvirt/qemu/def-gentoo.xml /etc/libvirt/qemu/autostart/def-gentoo.xml
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> /etc/init.d/libvirtd reload
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> virsh list --all
Id Name State
----------------------------------
- def-gentoo shut off
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> virsh create def-gentoo
<span class="consoleName">localhost</span> <span class="consolePath">src</span> <span class="consoleSharp">#</span> virsh console def-gentoo
...
This is localhost.unknown_domain (Linux x86_64 2.6.31-xen-r7) 17:24:49
localhost login: root
Password:</pre>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
To detach the vm screen :
</p>
<ul>
<li class="level1"><div class="li"> ctrl + ] (on english keyboard)</div>
</li>
<li class="level1"><div class="li"> ctrl + $ (on french keyboard)</div>
</li>
</ul>
<p>
</div></p>
</p>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
Do not use <strong>less</strong> on vm console it will crash return lines in your current shell, use an ssh connection instread.
</div></p>
</p>
</div>
<!-- SECTION "install /" [2565-4932] -->
<h3><a name="set network" id="set network">Set network</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="etcconf.dnet">/etc/conf.d/net</a></p><pre class="code">
config_eth0=("192.168.0.254/24")
routes_eth0=("default via 192.168.0.1")</pre></div><div class="code"><p class="codehead"><a name="etcresolv.conf">/etc/resolv.conf</a></p><pre class="code">
nameserver 212.27.40.240
nameserver 212.27.40.241</pre></div>
<p>
<p><div class="notewarning"><span class="type">warning: </span>
use your provider dns servers
</div></p>
</p>
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/net.eth0 start</pre>
</div>
<!-- SECTION "Set network" [4933-5268] -->
<h3><a name="rebuild" id="rebuild">rebuild</a></h3>
<div class="level3">
<p>
configure make.conf
</p>
<div class="code"><p class="codehead"><a name="etcmake.conf">/etc/make.conf</a></p><pre class="code">
CFLAGS="-march=core2 -O2 -pipe"
CXXFLAGS="${CFLAGS}"
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="x86_64-pc-linux-gnu"
MAKEOPTS="-j3"
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="mmx sse sse2 -X unicode ipv6 -fortran"</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge -vae world</pre><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rm -Rf /usr/portage/distfiles/
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add sshd default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge syslog-ng vixie-cron logrotate
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add syslog-ng default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add vixie-cron default</pre>
</div>
<!-- SECTION "rebuild" [5269-6061] -->
<h3><a name="timezone" id="timezone">Timezone</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> cp /usr/share/zoneinfo/Europe/Paris /etc/localtime</pre><div class="code"><p class="codehead"><a name="etcconf.dclock">/etc/conf.d/clock</a></p><pre class="code">
...
TIMEZONE="Europe/Paris"
...</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> emerge ntp
...
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> rc-update add ntp-client default
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> /etc/init.d/ntp-client start</pre>
</div>
<!-- SECTION "Timezone" [6062-6383] -->
<h3><a name="set hostname" id="set hostname">Set hostname</a></h3>
<div class="level3">
<div class="code"><p class="codehead"><a name="etchosts">/etc/hosts</a></p><pre class="code">
...
127.0.0.1 VMNAME.home.loc VMNAME localhost
...</pre></div><div class="code"><p class="codehead"><a name="etcconf.dhostname">/etc/conf.d/hostname</a></p><pre class="code">
HOSTNAME="VMNAME"</pre></div><pre class="console">
<span class="consoleName">localhost</span> <span class="consolePath">~</span> <span class="consoleSharp">#</span> hostname VMNAME</pre>
<p>
<p><div class="noteclassic">
fw-prs.img 4000
fw-prs.swap 1024
</p>
<p>
</div></p>
*/
</p>
</div>
<!-- SECTION "Set hostname" [6384-6656] -->
<h2><a name="virtualization installation" id="virtualization installation">Virtualization installation</a></h2>
<div class="level2">
<pre class="code">
<domain type='kvm' id='2'>
<name>2003-def</name>
<memory>262144</memory>
<currentMemory>162144</currentMemory>
<vcpu>2</vcpu>
<os>
<type arch='x86_64'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu>
<topology sockets='1' cores='2' threads='1' />
</cpu>
<clock offset='localtime' />
<on_poweroff>destroy</on_poweroff>
<on_reboot>destroy</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none' />
<source file='/var/vm/2003-def/2003-def.img'/>
<target dev='hda' bus='virtio'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' />
<source file='/var/vm/2003-def/d.img'/>
<target dev='hdb' bus='virtio'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' />
<source file='/root/FR_WS03VL.iso' />
<target dev='hdc' bus='ide' />
<readonly/>
</disk>
<interface type='bridge'>
<!--<mac address='.......' />-->
<source bridge='red'/>
<target dev='tap0'/>
<model type='virtio' />
</interface>
<serial type='pty'>
<source path='/dev/pts/1'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target port='0'/>
<alias name='serial0'/>
</console>
<sound model='ac97'>
</sound>
<input type='tablet' bus='usb'/>
<graphics type='vnc' port='-1' keymap='fr' listen='127.0.0.1'/>
</devices>
</domain></pre>
<p>
localhost src # virsh vncdisplay def-gentoo
127.0.0.1:1
</p>
<p>
Now we are going to connect to vnc display using ssh to redirect ports :
</p>
</div>
<!-- SECTION "Virtualization installation" [6657-9921] -->
<h3><a name="using putty" id="using putty">Using Putty</a></h3>
<div class="level3">
<p>
In putty configuration settings :
</p>
<p>
Connection → <acronym title="Secure Shell">SSH</acronym> → tunnels
</p>
<ul>
<li class="level1"><div class="li"> <strong>port :</strong> 59001</div>
</li>
<li class="level1"><div class="li"> <strong>destination :</strong> localhost:5901</div>
</li>
</ul>
<p>
Then use vncviewer.exe to connect to 127.0.0.1:59001
</p>
</div>
<!-- SECTION "Using Putty" [9922-10121] -->
<h3><a name="using linux client" id="using linux client">Using Linux client</a></h3>
<div class="level3">
<pre class="console">
<span class="consoleSharp">#</span> ssh -L59001:192.168.0.3:5901</pre>
<p>
and in an other term
</p>
<pre class="console">
<span class="consoleSharp">#</span> vinagre 127.0.0.1:59001</pre>
<p>
<p><div class="noteclassic">
Using vnc this way allow to not care about vnc security (with svn listening only on local) while always have vnc accessible on each vm and give access only to the root user with the security of ssh
</div></p>
</p>
</div>
<!-- SECTION "Using Linux client" [10122-] -->