CentOS kernel-xen dom0 setup

From PrgmrWiki

Xen dom0 setup

   Do a normal os install.
   Remove some packages autofs bluez-libs avahi cups-libs pcsc-lite wireless-tools NetworkManager

the change to /boot/grub/menu.lst:

        kernel /boot/xen.gz-2.6.18-274.17.1.el5 dom0_mem=1024m com1=38400,8n1 console=com1 dom0_max_vcpus=1 dom0_vcpus_pin=true nomce

the full menu.lst:

default=0
timeout=5
serial --unit=0 --speed=38400
terminal --timeout=5 serial console
title CentOS (2.6.18-274.17.1.el5xen)
        root (hd0,0)
        kernel /boot/xen.gz-2.6.18-274.17.1.el5 dom0_mem=1024m com1=38400,8n1 console=com1 dom0_max_vcpus=1 dom0_vcpus_pin=true nomce
        module /boot/vmlinuz-2.6.18-274.17.1.el5xen ro root=/dev/md0 console=ttyS0,38400n8
        module /boot/initrd-2.6.18-274.17.1.el5xen.img
title CentOS (2.6.18-274.17.1.el5)
        root (hd0,0)

we will make the .ks file do this later)

The dom0 memory setting with the hypervisor should be the same as the dom0_min_mem setting in /etc/xen/xend-config.sxp. Turn off ballooning.

edit /etc/xen/xend-config.sxp

(dom0-min-mem 1024)
(dom0-cpus 1)


(auto-balloon-dom0 no)


here is the firewall rules for the prgmr xen stuff: need to update for the RHEL5 xen stuff.

Remove the redhat firewall rules and make the policy DROP for the FORWARD chain. This is so that what is coming from the inside and doesn't match the dhcp or antispoofing rules doesn't get let out.

iptables -F FORWARD iptables -A FORWARD -m physdev --physdev-in peth0 -j ACCEPT iptables -P FORWARD DROP ip6tables -F FORWARD

and save the rules

/etc/init.d/iptables save /etc/init.d/ip6tables save

Setting up disks for lvm in the dom0

   Make linux raid partitions for the mirror that will be the physical volume of lvm. (linux raid autodetect, type fd)
   Create the raid array with mdadm:
   mdadm -C /dev/md1 -n 2 -l 1 /dev/sda2 /dev/sdb2
   Raid should finish synchronizing the array before it goes in production but the rest can be done meanwhile.
   Make the mdadm.conf with
   $mdadm --brief --detail /dev/md1
   I like to put the actual devices of the raid array in mdadm.conf also to avoid confusion when there is more than one array:
   ARRAY /dev/md1 level=raid1 num-devices=3 UUID=e63ebfd4:e9817db6:52ff6fa8:a569f42a devices=/dev/sda2,/dev/sdb2
   Create the physical volume on the raid array:
   pvcreate --metadatasize=2048k --metadatacopies=2 /dev/md1
   Create the volume group on the physical volume:
   vgcreate -A y -s 128M --alloc contiguous -v guests /dev/md1

Setup rescue disk with partitions 1 and 2.

mkfs.ext3 -L RESCUE /dev/mapper/guests-rescue1 mkfs.ext3 -L DISTROS /dev/mapper/guests-rescue2

   Setup /xen/bin/xencontrol
   Setup the keys for dhcp and dns setup
   Setup domucreate and the distro images
   Setup smartd like 

Tar over /usr/local/prgmr /usr/prgmr /usr/local/bin /usr/local/etc others?

/dev/sda -d ata -a -s (S/../.././02|L/../../6/03) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sdb -d ata -a -s (S/../.././03|L/../../6/04) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sdc -d ata -a -s (S/../.././04|L/../../6/05) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sdd -d ata -a -s (S/../.././05|L/../../6/06) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sde -d ata -a -s (S/../.././06|L/../../6/07) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sdf -d ata -a -s (S/../.././07|L/../../6/08) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sdg -d ata -a -s (S/../.././08|L/../../6/09) -l selftest -l error -m lsc@prgmr.com -M daily -M test /dev/sdh -d ata -a -s (S/../.././09|L/../../6/10) -l selftest -l error -m lsc@prgmr.com -M daily -M test