Alright! It took me a while, but I’ve finally gotten this Xen thing up and running on my server. It took a lot of searching around for bug fixes and information, but I think the end result is working alright so far. Of course I haven’t done anything beyond getting the Dom0 up and running, and set up four DomU virtual server for different intended purposes so there’s still a lot to go on that. I’ll walk through the setting up of the Doms today, then start tackling each DomU after that. I’ve reached a point now that I’m doing things, then posting about it the day after I actually get it all worked out so I doubt that I’ll be posting daily or anything, but I am hoping to get this whipped out as quickly as possible so that I can get on with other things 
As in previous articles about this server I am doing this through a SSH connection and switching to a root shell ( sudo -i ) right off the bat, though I do advise that anytime you need to restart the machine you should have actual access to the physical console attached to it..
Okay, to get things started we just need to install the Xen server package, like this: apt-get install ubuntu-xen-server This will pull in all the dependencies that we need. An important note here! If you have been following the rest of these walk throughs then when this installs it will ask what to do about the menu.lst that we modified in an earlier step. You must tell it to install the package maintainers version, the first time through I told it to keep the altered version and I could not get grub to see the xen kernel. After purging everything that was installed with this, and reinstalling with the ‘use package maintainers version’ it all worked fine, and it kept the changes that I had already made. Read More »
By Krusty Ruffle
|
Posted in Ubuntu
|
Tagged encrypted, firewall, install, Linux, LVM, OpenSSH, server, Ubuntu, ufw, virtual machine, xen
|
Today I’m installing and configuring an NTP (Network Time Protocol) server, and configuring syslog to be able to log network stuff. NTP is needed to keep the workstations on the network synced up so that kerberos can work properly, kerberos will be used for network wide authentication and may, hopefully, allow me to achieve single sign on from the workstations. The syslog network capabilities are just useful for my current router logs and possibly to keep a centralized logging plan for those times that my children come crying “Dad! I can’t do this thing that I want to do so that I don’t have to go outside and have a real life….” For these steps I am now logging in through a SSH connection and switching to root with sudo -i it’s a lot easier this way… 
Read More »
Alright, in this post I’m trying to get the base system set up with a decent GRUB configuration, a very simple firewall, the OpenSSH server, and getting encryption keys to work on an USB stick. I will include some links to further information in each section. You will need to be root for most of this, so log in and do sudo -i to switch to a root console.
But first! If you get the dreaded GRUB error 17 cannot mount selected drive:
On the screen that says “press any key to continue”, umm.. press any key and continue
On the GRUB menu screen highlight the default boot line and press ‘e’ to edit, highlight the line that looks like: root (hd3,0) though it may have different numbers in there, change it to look like: root (hd0,0) and hit enter. back on the boot menu press ‘b’ to boot. Hopefully that will get you booted up and ready to go. Once booted you will need to fix the /boot/grub/menu.lst to match the correct boot drive. switch to root with sudo -i and do:
vim /boot/grub/menu.lst
change all of the references in there to match what you used to boot successfully (most likely (hd0,0)). I’m assuming you know how to use vim… Read More »
This is a rather large complicated project for me. I’m putting these posts here mostly as a record of what worked for me, or possibly what didn’t work. If you use these pages to attempt this yourself then I hope that these pages are helpful, but I cannot guarantee any certain results. If you encounter any problems while following these instructions then feel free to leave a comment and I’ll try to see if I can help, but you shouldn’t expect much as I am just some guy with a weird hobby and not a real IT professional. In other words, good luck, but your mostly on your own…
Also, if you follow this guide then please notice that I have not used any means of backing up anything on the server. When using encrypted drived there is always the threat of lost data, especially in multi disk LVM arrays due to the fact that any problems with the disks will make the entire disk array unreadable and unrecoverable. I would hope that anyone doing this with information that is important would be sure to have a suitable backup solution in place.
Before doing this you may want to consider running DBAN or some other hard drive wiping software, this will fill the drives in your computer with random data which makes it harder for someone to tell where the actual data is. It’s not a nessecary step, but it is another small layer of protection. Whether you opt to DBAN or not you need to download the server image for Ubuntu Hardy Heron and burn it to a disk. Once that is done I set my BIOS to boot from CD first, and HDD0 second. The procedure for this is different on every computer, but it’s not hard to figure out. Now, make sure that any drives you intend to use are hooked up/enabled/plugged in/etc… including USB sticks or other external media. Then put the cd in the computer and boot into the install. The install is not really complicated, most of it is obvious and easy to figure out, I’ll be skipping over most of it and only hitting on the parts that are important to me. Read More »
I’m hoping to accomplish:
- Encrypted root file system, as well as a fully encrypted large LVM2 array of three 250 gig disks for data storage.
- Encryption keys stored on an external USB stick, leaving the option to use the stick as a key for the encrypted drives, or manually input passphrases to boot the machine.
- Xen virtual machines for various tasks:
- Base machine with SSH, NTP, and kerberos servers, as well as network logging capabilities.
- DHCP/DynamicDNS server, and possibly a caching squid proxy server, to make internal networking easy and cache external DNS queries as well as maybe pages.
- OpenLDAP/SAMBA server with CUPS, for user management and file/printer sharing across my network.
- LAMP server for a private web development environment.
- Apt-catcher and PXE install server for network maintenance needs.
- Earning more geek points than either of my two friends can ever dream of
I’m going to do all of this using Ubuntu 8.04 Hardy Heron, both server and, eventually PXE installs for most of the computers in my house…
I’ll be back tomorrow with the first part, installing the base server on encrypted drives.