[CentOS-virt] Mixed dom0/domU usage?

Wed Feb 4 16:50:04 UTC 2009
Ben Montanelli <montanelli at rivint.com>

Thank you Henric, exactly what I was looking for. I hope to try this
tweek over the weekend.

I guess many of us want the optimized "grail" dom0. (Please forgive me
if this is in the archive, I find nothing to little on this topic.)

Does this look like a decent summary of your suggestions:






-yum-updatesd (oh yeah)


-portmap (hmnn, not needed on new domUs, NIC configs as well as
migration for xend? Truly do not know the answer here.)


I'm only slightly above noob on Xen and I still like to do a bit in gui,
(fluxbox or Gnome/XFCE4), so I can see right away if there are any balks
in the service window. I do know that dropping windows manager(s) opens
up some resources, but I still need the assist.

I'm weak in dom0 configuration and securing. I am relying on a separate
NIC (private IP, tight ingress/egress) for dom0 with profound hardware
firewalling and monitoring until I get this aspect comfortably nailed
down. I just don't trust my knowledge of inherent linux firewalling for
servers yet.

I doubt I will ever drop the separate NIC and firewall setup on dom0 though.

Henrik Holmboe wrote:
> ++ 04/02/09 16:56 +0100 - Henrik Holmboe:
> [...]
>> And in addition to that I also run this in Centos 5.x dom0's:
>> for svc in bluetooth gpm pcscd cups avahi-daemon yum-updatesd; \
>>     do chkconfig $svc off; \
>>     service $svc stop; \
>> done
> Oh, I forgot this for dom0's:
>  for svc in nfslock portmap rpcidmapd cups yum-updatesd; \
>       do chkconfig $svc off; \
>       service $svc stop; \
>  done