Schulung-Teil2-Server mit Xen aufsetzen

From revampedia
Jump to: navigation, search

Preface

This training session took place on 11-17-2016. It is the continuation of ersten Teil. Today we learned how to setup a Xen-Server. With a Xen-Server we can create virtual machines, that we can use for various purposes. The first virtual machine will be a webserver (Apache). jr

If there are still questions open after these instructions, please go to "Views" and then "Discussion" to leave your feedback, so I can add more Details to this page. jr

Remotely start the server

Our teacher installed the program "wakeonlan" on the LTSP-System we have for our training sessions. So, all our clients also get to use this program. With "wakenonlan" we can turn on our server through the LAN connection. In our training session the server is only a few meters away from us, but if there are several floors between us and the server or even several kilometers, this is a very handy tool, so we don't have to be on-site to power up the server. We do this with the following command:

wakeonlan -i 192.168.67.255 00:21:5a:6d:6d:42

-i states that an IP address follows
192.168.67.255 is the broadcast address of our network. Most likely this will be differnt in your case. For a little introduction into IPv4 I made this page.
00:21:5a:6d:6d:42 is the MAC address of my server's network card. This must be unique, so your's will be different

So, the general synthax for this is:

wakeonlan -i "broadcast IP" "MAC address"

To be able to do an SSH session to our server, we had to find out the IP address our servers received. Our teacher did this by viewing the following:

less /var/lib/dhcp/dhcpd.leases

This file only exists on a DHCP server. It won't exist on a DHCP client. The path /var/lib/dhcp/ will exist on a server and a client.

How to login on the server

In my case I had to enter the following command to login to my server:

ssh user1@192.168.67.68

A more general synthax is

ssh "username"@"remote computer"

Username is the user you wish to use to login to the server. The user "root" can't login through SSH on the server for security reasons. Remote computer can be either an IP address or a DNS name.

When you connect the first time to a remote computer, it sends you it's finger print. To continue, you need to write out the answer. A simple "y" isn't enough.

Are you sure you want to continue connecting (yes/no)? yes

Update packages

Before we start installing a new program, we want to update the list of available packages for our Debian Jessie. If we're logged in as a regular user we do this with the following command:

sudo apt update

If you do this as "root", the "sudo" isn't necessary

Install packages for Xen-Hypervisor

For our Xen-server, we need the packages xen-linux-system and xen-tools. So, we enter the following command on the CLI:

user1@server1:~$ sudo apt install xen-linux-system xen-tools

An outdated version of this installation can be found in german in our wiki. We can copy some things from there, so we don't have to type too much.

We have to enter the following command:

sudo dpkg-divert --divert /etc/grub.d/08_linux_xen --rename /etc/grub.d/20_linux_xen

We change the name of the file, so it won't be overwritten with the next update of the package. My own understanding of Linux isn't well enough to give a better explanation of what we do with the command. If that ever changes, I'll update this text.

Since I got tired of having to enter sudo at the beginning of each command, I changed to the root user. I did this by entering

sudo -i

Next we have to update our boot loader GRUB. For that we need to enter:

update-grub

To test if our changes were successful, we rebooted the server. We can do this with the following command:

reboot

Reconfigure the network connection

Since the connection to the server was lost with the reboot, we need to reconnect to it with:

 ssh "username"@"remote computer" (in my case ssh user1@192.168.67.68)

and changed again to root user

sudo -i

To check if the server started with the new parameters, we used the program "dmesg". The computer shows a lot of information. As it's more than the console can show at once on the screen, we redirect the output to the programm "less", so we can also use PageUp and PageDown to look at the text.

 dmesg | less

Here we found our entries to Xen. To leave the progam "less" you need to press "q".

If you wish to see the first or last lines, you can use the program "head" or "tail". Without further parameters it will show 10 lines:

dmesg | head

-> Shows the first 10 lines

dmesg | tail

-> Shows the last 10 lines

As we're planing on changing a file, we first make a copy of it for backup purposes:

root@server1:~# cp /etc/network/interfaces /etc/network/interfaces.orig

And we open the file with the editor "nano":

root@server1:~# nano /etc/network/interfaces

If you don't want to write out a long path, you can first change into the directory by typing the following:

cd /etc/network/

and make the copy of the file:

cp interfaces interfaces.orig

that you can go and edit the original:

nano interfaces

Here you can find my private tries on a laptop without ethernet and only WLAN

We commented the existing entries out:

# allow-hotplug eth0
# iface eth0 inet dhcp

Lines that start with a # are considered a comment and everything that follows it is ignored.
And added the folloing:

iface eth0 inet manual
auto xenbr0
iface xenbr0 inet dhcp
bridge_ports eth0

To save the changes press Ctrl+o and to leave the nano-editor press Ctrl+x. The commands are also listed at the bottom of the editor.

Here's an explanation what we do with the new settings. iface eth0 inet manual -> Interface für Internet is configured manually
auto xenbr0 -> When the computer starts up it automatically enables the Xen-Bridge
iface xenbr0 inet dhcp -> Xen-Bridge uses DHCP
bridge_ports eth0 -> Bridge to Interface eth0

The purpose of the Xen-Bridge is to be able to communicate with the virtual machine, as we only have one physical network interface. For more details follow this link. I hope that the picture I copied helps a bit to understand what the bridge does.

Xen-network-basic.png


After the editing we reboot once more by typing:

reboot

Create a virtual machine

Our teacher checked if the IP addresses changed due to the reboot.

Now we go back to the server by typing

ssh "username"@"remote computer"

Now we can see the changes we did to /etc/network/interfaces. We use the command "ip address". We don't have to write the full command, the system knows what do when we type the following:

ip a

Here is what it showed on my test machine:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master xenbr0 state UP group default qlen 1000
    link/ether 00:21:5a:6d:6d:42 brd ff:ff:ff:ff:ff:ff

3: xenbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 00:21:5a:6d:6d:42 brd ff:ff:ff:ff:ff:ff
    inet 192.168.67.68/24 brd 192.168.67.255 scope global xenbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::221:5aff:fe6d:6d42/64 scope link 
       valid_lft forever preferred_lft forever

We can see that there is no address on eth0 and that Xen manages the address. If you wish to know a little more to IPv4, there is a short introduction to it under this link.

Next we have to change into a different folder:

cd /etc/xen-tools/partitions.d/

Here is what's currently in this folder:

root@server1:/etc/xen-tools/partitions.d# ls -la
insgesamt 12
drwxr-xr-x 2 root root 4096 Nov 17 14:29 .
drwxr-xr-x 6 root root 4096 Nov 17 14:29 ..
-rw-r--r-- 1 root root  463 Okt 26  2014 sample-server

We could make a copy of "sample-server" and modify it, but that's not what we're going to do. We'll create a new file and we're going to use the nano-editor

nano vm1 (chose the same number as your server)

With Ctrl+Shift+V we can paste something in the console that we've copied in the browser. Ctrl+Shift+C can copy something in the console. Unfortunately this key combination doesn't work in all consoles. I use the program "Terminator" where this works.

Here is the text that we pasted into the file vm1:

[root]
size=20G
type=ext4
mountpoint=/

[swap]
size=5G
type=swap

Ctrl+o to save the file and Ctrl+x to leave the nano-editor.

Now follows a very long command to create the virtual machine:

root@server1:/etc/xen-tools/partitions.d# xen-create-image --hostname=vm1 --memory=2gb --vcpus=1 --dhcp --lvm=vg01 --dist=jessie --partitions=/etc/xen-tools/partitions.d/vm1 --pygrub --verbose --password=****

Here's the explanation of what we entered here:

xen-create-image -> This is the command we use to create the virtual machine
--hostname=vm1 -> The name that the virtual machine will have
--memory=2gb -> How much RAM will be available to the virtual machine
--vcpus=1 -> wieviele Processoren die virtuelle Maschine brauchen darf
--dhcp -> IP address will be obtained through DHCP
--lvm=vg01 -> The partition where the virtual machine will be created. In the first training session we activated LVM and created vg01
--dist=jessie -> What Debian distribution will be installed on the virtual machine.
--partitions=/etc/xen-tools/partitions.d/vm1 -> Information for what partitions will be created. It has the path to the file we've created previously.
--pygrub -> alternative boot loader for our virtual machine
--verbose -> we receive more information from the system while the virtual machine is being created
--password=**** -> root password for the virtual machine

At the end of the installation we receive a little summary from the xen-create-image-tool:

Installation Summary
---------------------
Hostname        :  vm1
Distribution    :  jessie
MAC Address     :  00:16:3E:98:82:D7
IP Address(es)  :  dynamic
RSA Fingerprint :  31:75:57:0d:c9:f2:8e:79:b6:ef:bb:85:04:ea:75:b4
Root Password   :  ****
cd /etc/xen
-rw-r--r--  1 root root  651 Nov 17 15:30 vm1.cfg

This file was created by xen-create-image. To see it's context we enter:

less vm1.cfg

#
# Configuration file for the Xen instance vm1, created
# by xen-tools 4.5 on Thu Nov 17 15:30:28 2016.
#

#
#  Kernel + memory size
#

bootloader = '/usr/lib/xen-4.4/bin/pygrub'

vcpus       = '1'
memory      = '2048'

#
#  Disk device(s).
#
root        = '/dev/xvda2 ro'
disk        = [
                  'phy:/dev/vg01/vm1-root,xvda2,w',
                  'phy:/dev/vg01/vm1-swap,xvda1,w',
              ]

#
#  Physical volumes
#

#
#  Hostname
#
name        = 'vm1'

#
#  Networking
#
dhcp        = 'dhcp'
vif         = [ 'mac=00:16:3E:98:82:D7' ]

#
#  Behaviour
#
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

With q we can end the program "less"

root@server1:/etc/xen# xl list
Name                                        ID   Mem VCPUs    State      Time(s)
Domain-0                                     0  1853     2     r-----     187.2

The virtual machine hasn't been started yet.

root@server1:/etc/xen# free -h
             total       used       free     shared    buffers     cached
 Mem:          1.7G       217M       1.5G       5.0M        12M       139M
-/+ buffers/cache:        65M       1.6G
Swap:         4.7G         0B       4.7G

The free command showed us that my server doesn't have enough RAM. So, it's necessary to edit the configuration file that xen-create-image created:

root@server1:/etc/xen# nano vm1.cfg 
memory      = '1024'

Login to the virtual machine

Now we can start the virtual server

root@server1:/etc/xen# xl create -c /etc/xen/vm1.cfg

xl -> The program we use
create -> A subcommand that will require a .cfg file. Here a link to the man page of the xl command
-c -> we wish to have a console for the virtual machine
/etc/xen/vm1.cfg -> path to the configuration file of the virtual machine

Since no other users have been created to far we need to login as root with the password we entered during the xen-create-image command (the long line).
That we're able to login to the virtual machine with SSH in the future, we need to create a new user. For security purposes the user root isn't allowed to login via SSH. In my case I chose "user1":

adduser user1

So the newly created user will also have administrative rights we need to installl the program "sudo":

apt install sudo

That we get those right, we also need to add the username to the group sudo:

adduser user1 sudo

To be able to login directly through SSH it's best to quickly check the IP address we have on our network interface. The command for it is:

ip a

As the hard drive of our LTSP server for training purposes crashed, we had to stop here. The continuation will be in Teil3


Automatically boot the virtual machine

On 02-16-2017 we learned how to automatically start the virtual machine when the server is turned on. Thematically it belongs here, so I wanted to at least add a link on this page.,