Tuesday, August 10, 2010
Quick CentOS domu install on LVM on CentOS dom0 host
Overview
This process depends on the Xen host being CentOS. It could be made to work somewhere else but this is easy and happens to be where I do installs often.
Volumes are created in LVM not image files. Config file will need to be updated to point to the correct VG.
The domu created is a very minimal CentOS 5.4 install.
The create script
#!/bin/bash
if [ "$1" = "" ] ; then
echo "usage: $0"
exit
elif [ ! -f "$1" ] ; then
echo "Could not open $1"
exit
fi
config="$1"
. $config
echo "This script only works when ran on a CentOS system for the moment"
echo -n "Type YES if you want to create $SYSVOL and $SWAPVOL: "
read resp
if [ ! "$resp" = "YES" ] ; then
exit
fi
set -x
lvcreate --size $SYSVOLSIZE --name $SYSVOL ${VG}
lvcreate --size $SWAPVOLSIZE --name $SWAPVOL ${VG}
mkfs.ext3 /dev/${VG}/$SYSVOL
mkswap /dev/${VG}/$SWAPVOL
mkdir /mnt/server
mount /dev/${VG}/$SYSVOL /mnt/server
mkdir -p /mnt/server/dev /mnt/server/etc /mnt/server/proc /mnt/server/var/lock/rpm /mnt/server/var/lib/rpm /mnt/server/var/log
MAKEDEV -d /mnt/server/dev -x random
MAKEDEV -d /mnt/server/dev -x console
MAKEDEV -d /mnt/server/dev -x zero
MAKEDEV -d /mnt/server/dev -x null
mount -t proc none /mnt/server/proc
wget $CENTOSRPM
rpm --initdb --root=/mnt/server
rpm -ivh --root=/mnt/server --nodeps centos-release*.rpm
#yum groupinstall Core --installroot=/mnt/server
#yum groupinstall Core --installroot=/mnt/server
yum groupinstall $CENTOSGROUPS --installroot=/mnt/server --disableplugin=protectbase --disableplugin=fastestmirror
cp -a base/* /mnt/server
cd /mnt/server
vi etc/fstab etc/resolv.conf etc/sysconfig/network etc/sysconfig/network-scripts/ifcfg-eth0 etc/hosts
Config file
- By default the install is minimal.
- mirror can be set to something local
- volume group can be set per dom0 as needed
- choose memory size etc...
Currently some config options are not being used as I have not ported an old script to create the xen config
Config example:
VG=vg0
SYSVOL=www1-root
SWAPVOL=www1-swap
SYSVOLSIZE=3G
SWAPVOLSIZE=1G
MEMORY=512
VCPUS=1
CENTOSRPM="http://mirror.centos.org/centos/5.4/os/x86_64/CentOS/centos-release-5-4.el5.centos.1.x86_64.rpm"
CENTOSGROUPS="Core"
KERNEL="/var/lib/xen/boot/vmlinuz-2.6.18-164.el5xen.img"
Sample xen config
kernel = "/var/lib/xen/boot/vmlinuz-2.6.18-164.el5xen"
ramdisk = "/var/lib/xen/boot/initrd-2.6.18-164.el5xen.img"
memory = 512
vcpus = 1
name = "www1"
vif = [ '' ]
disk = ['phy:vg0/www1-root,sda1,w', 'phy:vg0/www1-swap,sda2,w']
root = "/dev/sda1"
extra = "fastboot"
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'
Using Kickstart is nice too as well as using some of the built in install stuff for Xen. CentOS has a nice wiki page - Installing CentOS DomU
Initial install of OpenSSH 5.x on CentOS 5.4 with jailed sftp root enabled
Install CentOS with only Base group (keep it minimal)
Install some RPM packages required to get and build OpenSSH
Download newest 5.x OpenSSH from ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/. Example
Replace subsystem lines with
Restart ssh and make sure it you see 5.x for the version
This guide was based on the one at on http://adamsworld.name/chrootjailv5.php
Most modifications were to fit my auto-install for xen virtual host and other little bits like that. Plus I'd rather use built in packages like zlib-dev where possible. Hopefully next CentOS release the openssl lib build will not be needed either (mabye even OpenSSH).
Install some RPM packages required to get and build OpenSSH
yum install -y gcc wget zlib-devel perl make xauthGet newest source from openssl.org. Example
pushd /tmpBuild it
wget http://openssl.org/source/openssl-0.9.8o.tar.gz
tar zxvf openssl-*
cd openssl-*
./config --prefix=/opt/depot/`basename $(pwd)` --openssldir=/opt/depot/`basename $(pwd)`
make
make install
pushd /opt/depot
ln -s openssl* openssl
popd
Download newest 5.x OpenSSH from ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/. Example
wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.5p1.tar.gzBuild it
tar zxvf openssh*Update /etc/init.d/sshd to point to the correct paths
cd openssh-*
./configure --prefix=/opt/depot/`basename $(pwd)` --with-ssl-dir=/opt/depot/openssl
make
make install
mkdir -p /opt/depot/openssh/var/run
pushd /opt/depot
ln -s openssh* openssh
KEYGEN=/opt/depot/openssh/bin/ssh-keygen
SSHD=/opt/depot/openssh/sbin/sshd
RSA1_KEY=/opt/depot/openssh/etc/ssh_host_key
RSA_KEY=/opt/depot/openssh/etc/ssh_host_rsa_key
DSA_KEY=/opt/depot/openssh/etc/ssh_host_dsa_key
PID_FILE=/opt/depot/openssh/var/run/sshd.pid
Replace subsystem lines with
Subsystem sftp internal-sftpAdd the following group config lines
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTcpForwarding no
Restart ssh and make sure it you see 5.x for the version
service sshd restartCreate system group info
groupadd sftponlyCreate some sftp only users
chown root:root /srv
chmod 755 /srv
useradd -g sftponly -d /srv/user1 -s /bin/false user1
This guide was based on the one at on http://adamsworld.name/chrootjailv5.php
Most modifications were to fit my auto-install for xen virtual host and other little bits like that. Plus I'd rather use built in packages like zlib-dev where possible. Hopefully next CentOS release the openssl lib build will not be needed either (mabye even OpenSSH).
