Re: [CentOS-virt] Mixed dom0/domU usage? - virt

4 Feb 2009

----- "Kai Schaetzl" maillists@conactive.com wrote:
...
Ben Montanelli wrote on Wed, 04 Feb 2009 11:50:04 -0500:
...
I guess many of us want the optimized "grail" dom0.
There is none. It depends on your needs.
This is pretty close to one. :)  I also attached a trimmed down version of the kickstart config I use for dom0s.  Some of it is irrelevant to many people, but I figured someone would find something useful in it, like fixing some of the brokenness.  Some of the packages (like the ones for NTP, MD RAID, IPMI, LUKS, and iSCSI) can be removed if you don't need them.  ntpd and snmpd can be disabled if you don't need/use them, or for security policy reasons, as well.
dom0 services:
srv1:[1:13pm]:120:~# chkconfig --list | grep :on
acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
edac            0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
libvirtd        0:off   1:off   2:off   3:on    4:on    5:on    6:off
lm_sensors      0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:off   2:on    3:on    4:off   5:on    6:off
xend            0:off   1:off   2:on    3:on    4:on    5:on    6:off
xendomains      0:off   1:off   2:off   3:on    4:on    5:on    6:off
dom0 kickstart:
[...]
services --disabled=avahi-daemon,gpm,haldaemon,kudzu,messagebus,netfs --enabled=ntpd,snmpd
[...]
%packages --nobase
@core
xen
kernel-xen
libvirt
postfix
ntp
net-snmp
sudo
sysstat
rsync
tcpdump
tcsh
bzip2
man
lsof
smartmontools
mailx
screen
vim-enhanced
isns-utils
iscsi-initiator-utils
cryptsetup-luks
vconfig
acpid
audit
cpuspeed
mdadm
psacct
xorg-x11-xauth
edac-utils
memtest86+
patch
which
yum-protectbase
OpenIPMI
OpenIPMI-tools
%post
touch /.autorelabel
sed -i '/^[/aprotect=1' /etc/yum.repos.d/CentOS-Base.repo
cat << _EOF_ >> /etc/sysctl.conf
net.core.rmem_max = 1048576
net.core.rmem_default = 1048576
net.core.wmem_max = 1048576
net.core.wmem_default = 1048576
vm.swappiness = 1
_EOF_
cat << _EOF_ > /etc/snmp/snmpd.conf
[...]
# This is so SNMP reports correct interface rates
interface bond0 161 1000000000
interface bond0.10 135 1000000000
interface bond0.20 135 1000000000
interface bond0.30 135 1000000000
interface bond0.40 135 1000000000
interface bond0.101 135 1000000000
[...]
_EOF_
sed -i 's/^[ \t]*LoginGraceTime.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*PermitRootLogin.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*MaxAuthTries.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*PasswordAuthentication.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*MaxStartups.*/#&/g' /etc/ssh/sshd_config
cat << _EOF_ >> /etc/ssh/sshd_config
LoginGraceTime 1m
PermitRootLogin forced-commands-only
MaxAuthTries 2
PasswordAuthentication no
MaxStartups 2
_EOF_
sed -i 's#kernel /xen.*#& dom0_mem=2G#' /boot/grub/grub.conf
sed -i 's#module /vmlinuz.*#& elevator=deadline#' /boot/grub/grub.conf
cat << _EOF_ >> /etc/modprobe.conf
alias bond0 bonding
options bond0 mode=balance-rr miimon=100 updelay=1000
options netloop nloopbacks=64
options forcedeth max_interrupt_work=10
_EOF_
touch /etc/sysconfig/iptables
sed -i -r 's/^IPTABLES_MODULES=.*/#&/' /etc/sysconfig/iptables-config
sed -i -r '/^#IPTABLES_MODULES=.*/a \IPTABLES_MODULES=""' /etc/sysconfig/iptables-config
cat << _EOF_ > /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
_EOF_
cat << _EOF_ > /etc/sysconfig/network-scripts/ifcfg-bond0.10
DEVICE=bond0.10
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
VLAN=yes
BRIDGE=br10
_EOF_
cat << _EOF_ > /etc/sysconfig/network-scripts/ifcfg-br10
DEVICE=br10
TYPE=Bridge
BOOTPROTO=static
BROADCAST=<xxx>
IPADDR=<xxx>
NETMASK=<xxx>
NETWORK=<xxx>
IPV6INIT=yes
IPV6_AUTOCONF=yes
ONBOOT=yes
DELAY=0
STP=on
_EOF_
sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth0
cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_
sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth1
cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_
sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth2
cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth2
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_
sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth3
cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth3
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_
sed -i -r 's/(SYNC_HWCLOCK=).*/\1yes/' /etc/sysconfig/ntpd
cat << _EOF_ > /root/xendomains.patch

--- /etc/init.d/xendomains.dist 2008-11-04 09:57:48.000000000 -0600
+++ /etc/init.d/xendomains      2008-11-04 09:58:30.000000000 -0600
@@ -175,9 +175,9 @@
parseln()
 {
-    name=`echo "$1" | cut -c0-17`
+    name=`echo "$1" | cut -d' ' -f1`
     name=${name%% *}
-    rest=`echo "$1" | cut -c18- `
+    rest=`echo "$1" | cut -d' ' -f2-`
     read id mem cpu vcpu state tm < <(echo "$rest")
 }
_EOF_
patch -p0 < /root/xendomains.patch
mv /etc/xen/xend-config.sxp /etc/xen/xend-config.sxp.dist
cat << _EOF_ > /etc/xen/xend-config.sxp
# -*- sh -*-
(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-relocation-server yes)
(xend-relocation-port 8002)
(xend-relocation-address '<xxx>')
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$ ^<xxx>$')
(network-script /bin/true)
(vif-script vif-bridge)
(dom0-min-mem 768)
(dom0-cpus 1)
(vncpasswd '')
_EOF_
sed -i -r 's/^XENDOMAINS_SAVE=.*/#&/' /etc/sysconfig/xendomains
sed -i '/^#XENDOMAINS_SAVE=/a \XENDOMAINS_SAVE=' /etc/sysconfig/xendomains
rm -f /etc/libvirt/qemu/networks/autostart/default.xml
mkdir /root/.ssh
cat << _EOF_ > /root/.ssh/authorized_keys
command="/usr/bin/virt-manager" ssh-rsa <xxx> <xxx>
_EOF_
%end
-- 
Christopher G. Stach II



    