[Pkg-xen-devel] xen+chroot
Henning Sprang
henning.sprang at gmail.com
Wed Dec 17 15:36:14 UTC 2008
2008/12/15 Amit Agarwal <kahnoie at gmail.com>:
> I have some questions regarding xen:
> My setup is like this: 2 1TB disks with each with /boot and LVM. These two
> are in RAID1 configuration on the two disks.Also, I have installed Debian
> 4.0r5 (etch) with kernel 2.6.18.
> So here are some concerns:
> Shall I create a new user, chroot it and then create the VMs under this
> user?
> I need to check if this is possible. If it would, then would it
> provide additional security?
Why do you think that's necessary?
> If not, would there be other ways to secure my server and the virtual
> machines?
I think this depends heavily on how you use the things - but as you
only write about your hardware setup, not much about your usage, it's
hard to say.
> Also is it good to configure /etc/network/interfaces as
> auto lo
> iface lo inet loopback
>
> auto xenbr0
> iface xenbr0 inet static
> address 192.168.0.100
> netmask 255.255.255.0
> gateway 192.168.0.1
> bridge_ports eth0
> bridge_maxwait 0
That's the way it is often done in debian.
It has the advantage of not doing all the complicated things that the
upstream xen bridge script does.
It has the disadvantage that, when you restart the networking on dom0,
all guests lose their bridge...
> Finally, what is the best process to migrate an exisiting linux server into
> a VM?
Again, depends on what kind of system you want to migrate.
In my opinion, a new installationof the base system, and then a
recovery from backup is always the cleanest solution - while doing
that, you will automatically check if your installation process is
well documented and if your backup really brings you to a good system
state :)
> For our first vm we made an image of the partitions sans /boot using dd.
> I then created a partition in the LV and mounted it under /mnt, and
> formatted this to reiserfs. then did a mount -o loop old.img /mnt/X
> But is there a standard way to do it?
I don't think so, it's a matter of taste and details of how your system works.
I like the xen-tools package a lot for general setup.
But using it usually involves also handing only single partitions to
the guest, not whole block devices.
There are many ways how you could migrate your system - dumping the
whole block devices of the real system, doing rsync of / and so on. As
I said, all of those should work in most situations, but might be
better or worse for some cases.
Henning
More information about the Pkg-xen-devel
mailing list