Xen Dom0 Gentoo Linux Installation

From JMK Wiki
Jump to navigation Jump to search

create partitions 

fdisk /dev/cciss/c0d0

n, p, 1, <enter>, +256M, t, c, a, 1
n, p, 2, <enter>, <enter>, t, 2, 8e
p
w

partitions 

Device            Boot     Start       End    Blocks  Id System
/dev/cciss/c0d0p1 *         2048    526335    262144  83 Linux
/dev/cciss/c0d0p2         526336 286677119 143075392  8e Linux LVM

create pv 

pvcreate /dev/cciss/c0d0p2

create vg 

vgcreate xendomains /dev/cciss/c0d0p2

create lvs 

lvcreate -L2G -nhost-swap /dev/xendomains
lvcreate -L8G -nhost-root /dev/xendomains

vgs 

  VG         #PV #LV #SN Attr   VSize   VFree
  xendomains   1   2   0 wz--n- 136.45g 126.45g

lvs 

  LV        VG         Attr       LSize Pool Origin Data%  Move Log Cpy%Sync Convert
  host-root xendomains -wi-ao---- 8.00g
  host-swap xendomains -wi-a----- 2.00g

create filesystems 

mkfs.ext2 -Lhost-boot /dev/cciss/c0d0p1
mkswap -Lhost-swap /dev/xendomains/host-swap
mkfs.ext4 -Lhost-root /dev/xendomains/host-root

create and mount mountpoints 

mkdir -p /mnt/gentoo
mount /dev/xendomains/host-root /mnt/gentoo/
mkdir -p /mnt/gentoo/boot
mount /dev/cciss/c0d0p1 /mnt/gentoo/boot/

stage3 check for latest stage3 at http://gentoo.inode.at/releases/amd64/autobuilds/current-stage3-amd64-hardened/ 

cd /tmp/
wget -O stage3-amd64-hardened.tar.bz2 http://gentoo.inode.at/releases/amd64/autobuilds/current-stage3-amd64-hardened/stage3-amd64-hardened-20140522.tar.bz2
tar xjvpf stage3-amd64-hardened.tar.bz2 -C /mnt/gentoo/

portage 

cd /tmp/
wget http://distfiles.gentoo.org/snapshots/portage-latest.tar.bz2
tar xjvpf portage-latest.tar.bz2 -C /mnt/gentoo/usr

mount before chroot 

mount -t proc none /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev

chroot 

chroot /mnt/gentoo /bin/bash
source /etc/profile
export PS1="(chroot) ${PS1}"

make.conf 

nano -w /etc/portage/make.conf
mkdir -p /usr/local/portage/metadata/
echo "masters = gentoo" > /usr/local/portage/metadata/layout.conf

make.conf 

CHOST="x86_64-pc-linux-gnu"

CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer -mno-tls-direct-seg-refs"
CXXFLAGS="${CFLAGS}"

MAKEOPTS="-j5 -l5"
EMERGE_DEFAULT_OPTS="--jobs=5 --load-average=5.0 --with-bdeps y"
PORTAGE_NICENESS="10"

GENTOO_MIRRORS="ftp://ftp.fsn.hu/pub/linux/distributions/gentoo/ http://ftp.fsn.hu/pub/linux/distributions/gentoo/ ftp://gentoo.inode.at/source/ http://gentoo.inode.at/ ftp://gentoo.inf.elte.hu/ http://gentoo.inf.elte.hu/"

SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"

PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"

USE="hardened pic threads -alsa -cdr -cups -dvd -doc -gnome -gpm -gtk -gtk2 -kde -ldap -midi -oss -sound -qt -sdl -xorg -X -zeroconf"

LINGUAS="en en_US hu hu_HU"

POLICY_TYPES="strict"

PYTHON_TARGETS="python2_7"
PYTHON_SINGLE_TARGET="python2_7"
USE_PYTHON="2.7"

#source /var/lib/layman/make.conf

keymaps 

nano -w /etc/conf.d/keymaps

rc.conf 

nano -w /etc/rc.conf

rc.conf 

rc_parallel="NO"
rc_interactive="NO"
rc_depend_strict="NO"
rc_logger="YES"

localization, timezone 

cp /usr/share/zoneinfo/Europe/Budapest /etc/localtime
echo "Europe/Budapest" > /etc/timezone
nano -w /etc/conf.d/hwclock

locales 

nano -w /etc/locale.gen
locale-gen
eselect locale list
eselect locale set ...
eselect locale list
env-update
source /etc/profile
export PS1="(chroot) ${PS1}"

hostname 

nano -w /etc/conf.d/hostname

hosts 

nano -w /etc/hosts

net setup 

nano -w /etc/conf.d/net
nano -w /etc/resolv.conf

/etc/conf.d/net 

config_lan0="192.168.0.102/24 2a01:368:e10d::102/64"
routes_lan0="default via 192.168.0.1"

/etc/resolv.conf 

search jmk.hu
nameserver 192.168.0.1
nameserver 8.8.8.8

emerge sync 

emerge --sync

python 2 

emerge -av '<=dev-lang/python-3.0'
eselect python list
eselect python set 1
eselect python list
source /etc/profile
export PS1="(chroot) ${PS1}"

profile 

eselect profile list
eselect profile set ...
eselect profile list
source /etc/profile
export PS1="(chroot) ${PS1}"

fstab 

echo -e "# <fs>\t\t\t\t<mountpoint>\t\t<type>\t\t<opts>\t\t\t\t\t\t\t\t\t\t\t<dump/pass>" > /etc/fstab
echo -e "# Disk 0" >> /etc/fstab
echo -e "/dev/disk/by-label/host-boot\t/boot\t\t\text2\t\tdefaults,noatime,noauto\t\t\t\t\t\t\t\t\t1\t2" >> /etc/fstab
echo -e "\n# LVM" >> /etc/fstab
echo -e "/dev/xendomains/host-swap\tnone\t\t\tswap\t\tsw\t\t\t\t\t\t\t\t\t\t\t0\t0" >> /etc/fstab
echo -e "/dev/xendomains/host-disk\t/\t\t\text4\t\tdefaults,noatime\t\t\t\t\t\t\t\t\t0\t1" >> /etc/fstab
echo -e "\n# SELinux" >> /etc/fstab
echo -e "none\t\t\t\t/selinux\t\tselinuxfs\tdefaults\t\t\t\t\t\t\t\t\t\t0\t0" >> /etc/fstab
nano -w /etc/fstab

get hardened kernel sources 

emerge -av hardened-sources
emerge -av '<=sys-kernel/hardened-sources-3.3'

compile and install 

make -j5 -l5 menuconfig
make -j5 -l5 && make -j5 -l5 modules_install
cp -v arch/x86_64/boot/bzImage /boot/linux-${KERNEL_LONG_NAME}

root setup 

passwd

user setup 

groupadd -g 1000 cyla
useradd -d /home/cyla -m -s /bin/bash -u 1000 -g 1000 -G cyla,wheel cyla
passwd cyla

autostart ssh 

rc-update add sshd default

hardening 

emerge -av1 binutils gcc virtual/libc

grub 

emerge -av grub:0
nano -w /boot/grub/grub.conf
grub

merge static stuff for initramfs 

USE="static static-libs" emerge -av lvm2 e2fsprogs busybox

configure initramfs 

mount /boot
mkdir -p /usr/src/initramfs
cd /usr/src/initramfs
nano -w /usr/src/initramfs/init
nano -w /usr/src/initramfs/initramfs_list

compile and install initramfs 

cd /usr/src/linux
chmod +x usr/gen_init_cpio scripts/gen_initramfs_list.sh
scripts/gen_initramfs_list.sh -o /boot/initrd.cpio.gz /usr/src/initramfs/initramfs_list

network naming 

nano -w /etc/udev/rules.d/70-persistent-net.rules
ln -s /etc/init.d/net.lo /etc/init.d/net.lan0

autostart lvm 

rc-update add lvm boot

umount 

umount /boot
exit
umount -l /mnt/gentoo/{dev,proc,sys,}

reboot 

reboot

pray

selinux 

emerge -1av checkpolicy policycoreutils
FEATURES="-selinux" emerge -av selinux-base-policy
emerge -avuND world
emerge -av setools sepolgen checkpolicy

reboot 

reboot

relabel 

mkdir -p /mnt/gentoo
mount -o bind / /mnt/gentoo

setfiles -r /mnt/gentoo /etc/selinux/strict/contexts/files/file_contexts /mnt/gentoo/dev
setfiles -r /mnt/gentoo /etc/selinux/strict/contexts/files/file_contexts /mnt/gentoo/lib
umount /mnt/gentoo

rlpkg -a -r

reboot 

reboot


selinux booleans 

setsebool -P global_ssp on

add selinux user 

semanage login -a -s staff_u cyla
restorecon -R -F /home/cyla

emerge sync, update, clean 

emerge --sync
emerge -avuND world
emerge --depclean

install neccessary services and tools 

emerge -av syslog-ng vixie-cron app-misc/screen app-misc/mc munin colordiff layman subversion dev-vcs/git eix gentoolkit

setup layman, jmk-layout 

echo -e "\nsource /var/lib/layman/make.conf" > /etc/portage/make.conf
layman -f -o http://overlay.jmk.hu/repositories.xml
layman -a jmk-overlay -o http://overlay.jmk.hu/repositories.xml
emerge --sync && layman -S -o http://overlay.jmk.hu/repositories.xml

autostart services 

rc-update add syslog-ng default
rc-update add vixie-cron default
rc-update add munin-node default

install xen configure grub reboot recompile everything

Retrieved from "https://wiki.jmk.hu/w/index.php?title=Xen_Dom0_Gentoo_Linux_Installation&oldid=1432"