Xen Server

GitHub – ronivay/XenOrchestraInstallerUpdater: Xen Orchestra install/update script

Image

If you don’t want to first install a VM and then use xo-install.sh script on it, you have the possibility to import VM image which has everything already setup. Use xo-vm-import.sh to do this, it’ll download a prebuilt Debian 11 image which has Xen Orchestra and XenOrchestraInstallerUpdater installed.

Details of image build process here

Run on your Xenserver/XCP-ng host with root privileges:

sudo bash -c "$(curl -s https://raw.githubusercontent.com/ronivay/XenOrchestraInstallerUpdater/master/xo-vm-import.sh)"

Default username for UI is admin@admin.net with password admin

SSH is accessible with username xo with password xopass

Remember to change both passwords before putting the VM to actual use.

Xen Orchestra is installed to /opt/xo, it uses self-signed certificates from /opt/ssl which you can replace if you wish. Installation script is at /opt/XenOrchestraInstallerUpdater which you can use to update existing installation in the future.

xo-server runs as a systemd service.

xo user has full sudo access. Xen Orchestra updates etc should be ran with sudo.

This image is updated weekly. Latest build date and MD5/SHA256 checksum can be checked from here

Built and tested on XCP-ng 7.x

How to Introduce a Local Storage Repository in XenServer

# pvscan

PV /dev/sda3 VG VG_XenStorage-39baf126-a535-549f-58d6-feeda55f7801 lvm2 [66.87 GB / 57.87 GB free]

In this case, the UUID is 39baf126-a535-549f-58d6-feeda55f7801.

Introduce the SR with the following command:

# xe sr-introduce uuid=39baf126-a535-549f-58d6-feeda55f7801 type=lvm OR ext name-label=”Local storage” content-type=user

Locate the SCSI ID of the device or partition where the SR data is stored:

# ls -l /dev/disk/by-id/

xe sr-probe sr-uuid= can be used to determine the pbd in sr

lrwxrwxrwx 1 root root 10 Jan 15 09:44 scsi-SATAST380815AS6QZ5Z1AM-part3 -> ../../sda3

In this case, the SCSI ID of the device /dev/sda3 is scsi-SATAST380815AS6QZ5Z1AM-part3.

# xe host-list

uuid ( RO) : 83f2c775-57fc-457b-9f98-2b9b0a7dbcb5

# xe pbd-create sr-uuid=39baf126-a535-549f-58d6-feeda55f7801

device-config:device=/dev/disk/by-id/scsi-SATAST380815AS6QZ5Z1AM-part3 host-uuid=83f2c775-57fc-457b-9f98-2b9b0a7dbcb5

aec2c6fc-e1fb-0a27-2437-9862cffe213e

# xe pbd-plug uuid=aec2c6fc-e1fb-0a27-2437-9862cffe213e

Xenserver Hard Drive / Whole Disk Passthrough with XCP-NG

mkdir /srv/pass_drives

Create symbolic links to the drives within the created directory, this example uses sda and sdb. Be careful not to use a drive in use either XCP-NG or any other local storage setup.

ln -s /dev/sda /srv/pass_drives/sda
ln -s /dev/sdb /srv/pass_drives/sdb

Create the storage repository

xe sr-create name-label=PassDrives type=udev content-type=disk device-config:location=/srv/pass_drives

Disable IOMMU permanently

Run the following command within the domain 0 console to enable iommu on the host:

/opt/xensource/libexec/xen-cmdline –set-xen iommu=1

Reset Root Password

https://linuxconfig.org/how-to-reset-an-administrative-root-password-on-xenserver-7-linux

create local iso

https://r-pufky.github.io/docs/virtualization/hypervisors/xenserver-xcpng/index.html

ADD LOCAL DISK

xe sr-create content-type=user name-label=”SATADSK1_8TB” shared=false device-config:device=/dev/sdb type=ext

Disable CheckSum Offload:

The second fix you should try if you still have poor network performance is to Disable Checksum on the XenServer interfaces, both the Virtual (VIF) and the Physical (PIF). Be aware that you don’t need to restart the XenServer or the VM’s. This script will do this automatically on all you network interfaces in your XenServer Pool.

echo Setting checksum off on VIFs

VIFLIST=xe vif-list | grep "uuid ( RO) " | awk '{print $5}'

for VIF in $VIFLIST

do

echo Setting ethtool-tx=off and ethtool-rx=off on $VIF

xe vif-param-set uuid=$VIF other-config:ethtool-tx=”off”

xe vif-param-set uuid=$VIF other-config:ethtool-rx=”off”

done

echo Setting checksum off on PIFs

PIFLIST=xe pif-list | grep "uuid ( RO) " | awk '{print $5}'

for PIF in $PIFLIST

do

echo Setting ethtool-tx=off and ethtool-rx=off on $PIF

xe pif-param-set uuid=$PIF other-config:ethtool-tx=”off”

xe pif-param-set uuid=$PIF other-config:ethtool-rx=”off”

done

yum install nameofpackage –enablerepo=epel,base,updatesInstall guest utils, just do

adduser <newusername>

passwd [username]

sudo nano / etc/ ssh/ sshd_config

PermitRootLogin no

AllowUsers USERNAME

systemctl restart sshd

mv /opt/xensource/www/index.html /opt/xensource/www/index.html.bak

nano /etc/sysconfig/iptables

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT DROP [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -p udp -m udp –dport 67 –in-interface xenapi -j ACCEPT

-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -s 192.2.3.0/24 -j ACCEPT

COMMIT

XenServer basic security Tips – How do you secure your XenServer? | Burm.net

systemctl start sshd

systemctl restart sshd

systemctl status sshd

vi / etc / ssh / sshd_config

netstat -anp | grep xapi

netstat -anp | grep ssh

netstat -anp

vi / etc / hosts.deny

vi / etc / hosts.allow

-A INPUT -p udp -m udp –dport 67 –in-interface xenapi -j ACCEPT

-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -s 192.2.3.0/24 -j ACCEPT

/etc/sysconfig/iptables

systemctl reload iptables

fail2ban

systemctl restart fail2ban

iptables

nano /etc/sysconfig/iptables

vi /etc/sysconfig/iptables

iptables-restore –test [YOUR RULES AS A FILE]

systemctl restart iptables

Leave a Reply

Your email address will not be published. Required fields are marked *