Xen DomU Gentoo Linux Installation

From JMK Wiki
Jump to navigation Jump to search

create lvs 

lvcreate -L2G -ndomu-swap /dev/xendomains
lvcreate -L8G -ndomu-root /dev/xendomains

create filesystems 

mkswap -Ldomu-swap /dev/xendomains/domu-swap
mkfs.ext4 -Ldomu-root /dev/xendomains/domu-root

add mountpoint to /etc/fstab 

/dev/xendomains/domu-root       /mnt/domu-root          ext4            defaults,noatime,noauto                                                                 0       1

mount partitions 

mkdir -p /mnt/domu-root
mount /dev/xendomains/domu-root
cd /mnt/domu-root

get hardened stage3 

wget ftp://ftp.fsn.hu/pub/linux/distributions/gentoo/releases/amd64/autobuilds/current-stage3-amd64-hardened/stage3-amd64-hardened-$(date +%Y%m%d).tar.bz2
wget ftp://ftp.fsn.hu/pub/linux/distributions/gentoo/releases/amd64/autobuilds/current-stage3-amd64-hardened/stage3-amd64-hardened-$(date +%Y%m%d).tar.bz2.CONTENTS
wget ftp://ftp.fsn.hu/pub/linux/distributions/gentoo/releases/amd64/autobuilds/current-stage3-amd64-hardened/stage3-amd64-hardened-$(date +%Y%m%d).tar.bz2.DIGESTS

get latest portage snapshot 

wget ftp://ftp.fsn.hu/pub/linux/distributions/gentoo/snapshots/portage-latest.tar.bz2
wget ftp://ftp.fsn.hu/pub/linux/distributions/gentoo/snapshots/portage-latest.tar.bz2.md5sum

check stage3/portage checksums 

shasum -c stage3-*.tar.bz2.DIGESTS
md5sum -c portage-latest.tar.bz2.md5sum

extract stage3/portage 

tar xvjpf stage3-*.tar.bz2
tar xvjf /mnt/domu-root/portage-latest.tar.bz2 -C /mnt/domu-root/usr

clean up stage3/portage 

rm stage3-*.tar.bz2*
rm portage-latest.tar.bz2*

copy kernel and modules 

cp /home/xen/kernels/linux-4.1.7-hardened-r1-jmk-selinux/boot/bzImage /mnt/domu-root/boot/linux-4.1.7-hardened-r1-jmk-selinux
mkdir -p /mnt/domu-root/lib/modules/
cp -R /home/xen/kernels/linux-4.1.7-hardened-r1-jmk-selinux/lib/modules/* /mnt/domu-root/lib/modules/

create grub configuration 

mkdir -p /mnt/domu-root/boot/grub
echo -e "default 0\ntimeout 3" > /mnt/domu-root/boot/grub/grub.conf
echo -e "\ntitle Gentoo Linux 4.1.7-hardened-r1-jmk-selinux\nroot (hd0,0)\nkernel /boot/linux-4.1.7-hardened-r1-jmk-selinux root=/dev/xvda1" >> /mnt/domu-root/boot/grub/grub.conf

copy configuration files 

cp /etc/portage/make.conf /mnt/domu-root/etc/portage/make.conf
cp /etc/rc.conf /mnt/domu-root/etc/rc.conf
cp /etc/resolv.conf /mnt/domu-root/etc/resolv.conf
cp /etc/ssh/sshd_config /mnt/domu-root/etc/ssh/sshd_config
cp /etc/locale.gen /mnt/domu-root/etc/locale.gen
cp /etc/env.d/02locale /mnt/domu-root/etc/env.d/02locale

create portage configuration files 

echo -e "app-admin/setools\t\t\tpython" > /mnt/domu-root/etc/portage/package.use/setools
echo -e "net-analyzer/munin\t\t\tminimal" >> /mnt/domu-root/etc/portage/package.use/munin

setup network 

echo "config_xen0=\"192.168.0./24 2a01:368:e10d::/64\"" > /mnt/domu-root/etc/conf.d/net
echo "routes_xen0=\"default via 192.168.0.1\"" >> /mnt/domu-root/etc/conf.d/net
nano -w /mnt/domu-root/etc/conf.d/net
nano -w /mnt/domu-root/etc/conf.d/hostname

setup udev network rule 

echo "# This file was automatically generated by the /lib/udev/write_net_rules" > /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "# program, run by the persistent-net-generator.rules rules file." >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "#" >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "# You can modify it, as long as you keep each rule on a single" >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "# line, and change only the value of the NAME= key." >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "" >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "# PCI device xen0" >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"00:00:00:00:00:\", ATTR{dev_id}==\"0x0\", ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"xen0\"" >> /mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules
nano -w mnt/domu-root/etc/udev/rules.d/70-persistent-net.rules

localization, timezone 

cp /mnt/domu-root/usr/share/zoneinfo/Europe/Budapest /mnt/domu-root/etc/localtime
echo "Europe/Budapest" > /mnt/domu-root/etc/timezone

create fstab 

echo -e "# <fs>\t\t\t\t<mountpoint>\t\t<type>\t\t<opts>\t\t\t\t\t\t\t\t\t\t\t<dump/pass>" > /mnt/domu-root/etc/fstab
echo -e "# Xen" >> /mnt/domu-root/etc/fstab
echo -e "/dev/xvda1\t\t\t/\t\t\text4\t\tdefaults,noatime\t\t\t\t\t\t\t\t\t0\t0" >> /mnt/domu-root/etc/fstab
echo -e "/dev/xvda2\t\t\tnone\t\t\tswap\t\tsw\t\t\t\t\t\t\t\t\t\t\t0\t0" >> /mnt/domu-root/etc/fstab
nano -w /mnt/domu-root/etc/fstab

workaround for hanging at "starting local" 

echo -e "\nhvc0:2345:respawn:/sbin/agetty -L 9600 hvc0" >> /mnt/domu-root/etc/inittab
echo -e "\nhvc0" >> /mnt/domu-root/etc/securetty

mount proc/dev/sys for chroot 

mount -t proc proc /mnt/domu-root/proc
mount --rbind /sys /mnt/domu-root/sys
mount --make-rslave /mnt/domu-root/sys
mount --rbind /dev /mnt/domu-root/dev
mount --make-rslave /mnt/domu-root/dev

chroot 

chroot /mnt/domu-root /bin/bash
env-update
source /etc/profile
export PS1="(chroot) ${PS1}"

set root password 

passwd

create user 

groupadd -g 1000 cyla
useradd -d /home/cyla -m -s /bin/bash -u 1000 -g 1000 -G cyla,wheel cyla
passwd cyla

locale-gen 

locale-gen

set up networking 

cd /etc/init.d
ln -s net.lo net.xen0
rc-update add net.xen0 default

autostart ssh 

rc-update add sshd default

exit chroot 

exit

umount proc/dev/sys for chroot 

umount -l /mnt/domu-root/dev
umount -l /mnt/domu-root/sys
umount -l /mnt/domu-root/proc

umount filesystem 

cd /mnt
umount /mnt/domu-root

boot into the vm

emerge sync 

mkdir -p /usr/local/portage/metadata
echo "masters = gentoo" > /usr/local/portage/metadata/layout.conf
mkdir -p /var/lib/layman
touch /var/lib/layman/make.conf
emerge --sync

check profile 

eselect profile set hardened/linux/amd64

select python2 

eselect python set python2.7

update fstab 

echo -e "\n# SELinux" >> /etc/fstab
echo -e "tmpfs\t\t\t\t/tmp\t\t\ttmpfs\t\tdefaults,noexec,nosuid,rootcontext=system_u:object_r:tmp_t\t\t\t\t0\t0" >> /etc/fstab
echo -e "tmpfs\t\t\t\t/run\t\t\ttmpfs\t\tmode=0755,nosuid,nodev,rootcontext=system_u:object_r:var_run_t\t\t\t\t0\t0" >> /etc/fstab
echo -e "none\t\t\t\t/selinux\t\tselinuxfs\tdefaults\t\t\t\t\t\t\t\t\t\t0\t0" >> /etc/fstab
mkdir /selinux

switch to selinux profile 

eselect profile set hardened/linux/amd64/selinux

install selinux #1 

emerge -av1 checkpolicy policycoreutils
FEATURES="-selinux" emerge -av1 selinux-base

configure selinux set SELINUX=permissive set SELINUXTYPE=strict 

nano -w /etc/selinux/config

install selinux #2 

FEATURES="-selinux" emerge -av1 selinux-base
FEATURES="-selinux" emerge -av selinux-base-policy

emerge world 

emerge -avuDN @world

reboot 

reboot

relabel 

rlpkg -a -r

reboot 

reboot

selinux booleans 

setsebool -P global_ssp on

add user 

semanage login -a -s staff_u cyla
restorecon -R -F /home/cyla

set roles 

semanage user -m -R "staff_r sysadm_r system_r" root
semanage user -m -R "staff_r sysadm_r system_r" staff_u

rebuild everything 

emerge --sync
emerge -ave @world
emerge --depclean

install neccessary tools 

emerge -av dstat syslog-ng vixie-cron app-misc/screen app-misc/mc munin colordiff layman subversion dev-vcs/git eix gentoolkit

setup layman and the jmk.hu gentoo overlay 

echo -e "PORTDIR_OVERLAY=\"\n\$PORTDIR_OVERLAY\n\"" > /var/lib/layman/make.conf
layman -o https://overlay.jmk.hu/repositories.xml -f -a jmk
emerge --sync && layman -S

autostarting services 

rc-update add syslog-ng default
rc-update add vixie-cron default
rc-update add munin-node default

copy mc settings for user 

mkdir -p ~/.cache/mc
mkdir -p ~/.config/mc
mkdir -p ~/.local/share/mc
scp -r mir:/home/cyla/.cache/mc/* .cache/mc
scp -r mir:/home/cyla/.config/mc/* .config/mc
scp -r mir:/home/cyla/.local/share/mc/* .local/share/mc

copy mc settings for root 

mkdir -p ~/.cache/mc
mkdir -p ~/.config/mc
mkdir -p ~/.local/share/mc
cp -a /home/cyla/.cache/mc/* .cache/mc
cp -a /home/cyla/.config/mc/* .config/mc
cp -a /home/cyla/.local/share/mc/* .local/share/mc
chown -R 0:0 ~/.cache/mc
chown -R 0:0 ~/.config/mc
chown -R 0:0 ~/.local/share/mc

copy csd 

scp cyla@mir:/usr/local/bin/csd /usr/local/bin

update configurations 

cd /etc
find /etc -iname '._cfg????_*'

cloning the DomU (domu => domu2)

create lvs 

lvcreate -L2G -ndomuclone-swap /dev/xendomains
lvcreate -L8G -ndomuclone-root /dev/xendomains

create filesystems 

mkswap -Ldomuclone-swap /dev/xendomains/domuclone-swap
mkfs.ext4 -Ldomuclone-root /dev/xendomains/domuclone-root

add mountpoint to /etc/fstab 

/dev/xendomains/domuclone-root       /mnt/domuclone-root          ext4            defaults,noatime,noauto                                                                 0       1

shut down domu 

xl shutdown domu

mount partitions 

mount /mnt/domu-root
mkdir -p /mnt/domuclone-root
mount /mnt/domuclone-root

copy partition 

cp -a /mnt/domu-root/* /mnt/domuclone-root

change the hostname 

nano -w /mnt/domuclone-root/etc/conf.d/hostname

change the mac address 

nano -w /mnt/domuclone-root/etc/udev/rules.d/70-persistent-net.rules

change the ip address 

nano /mnt/domuclone-root/etc/conf.d/net

set up partitions 

nano /mnt/domuclone-root/etc/fstab

umount partitions 

umount /mnt/domu-root /mnt/domuclone-root

start vms 

xl create domu
xl create domuclone

relabel everything 

rlpkg -a -r
Retrieved from "https://wiki.jmk.hu/w/index.php?title=Xen_DomU_Gentoo_Linux_Installation&oldid=1474"