Book/HelloXenProject/5-Chapter

From Xen
Revision as of 08:08, 18 April 2017 by Lars.kurth (talk | contribs)

Chapter 5: Have fun with The Xen Project

Have fun with The Xen Project

Welcome to the final chapter of our book. In this chapter, we want show you some extra works that you can doing with the Xen Project.



Converting VirtualBox VM to The Xen Project

Open the VirtualBox and select your VM in VB. Right click on your VM and select “Settings...”. The Settings windows opened and after it click on “Storage” :


Figure 41 : Settings Window.


In “Controller” section you can see your Virtual HDD name and in the right panel you can see its location. For example, My Virtual HDD name is “Windows 7.vdi” and location is “/home/mohsen/VirtualBox VMs/Windows 7”. You have two options : 1) Install VirtualBox on your Xen Server and then convert your VM on your Xen 2) Convert file locally and move it to your Xen Server. OK, If you like the first options then Navigate to the location and copy *.vdi file to your Xen Server via “scp” command or any tools that you are being comfortable with it. Your .vdi file maybe large so it is better to compress it via “zip” command. After copying then you must doing steps that we introduced below :

We assume you installed VirtualBox on your local computer or Xen Server and everything is OK. We will show you how you can convert your VM. The VB provide a command with the name “VboxManage” and we will use it for Clone our HDD. Use below command :

# VBoxManage clonehd YourVDIName.vdi OutPut.img -format RAW

For example :

mohsen@Keep-calm-and-use-Linux:~/VirtualBox VMs/Windows$ VBoxManage clonehd Windows7.vdi Windows7.img --format RAW

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Clone medium created in format 'RAW'. UUID: df5344f3-4756-4d04-9395-90a88431c0d3

mohsen@Keep-calm-and-use-Linux:~/VirtualBox VMs/Windows$


As you see, Converting Done and we must move it to our Xen Server (I choice option 2).

We assume you moved it your Xen Server and everything is OK. After it, We must create a config file for our new VM. I used “touch” command for create a config file as below :

# touch /etc/xen/windows.via.virtualbox.cfg

Open your config file via an editor like “nano” and fill it :

name = "Windows Converted"

builder = "hvm"

uuid = "df5344f3-4756-4d04-9395-90a88431c0d3"

memory = 1024

vcpus = 2

interface=['br0']

vif = [ "mac=00:16:3e:46:e6:fb,bridge=br0" ]

disk = [ "file:/home/mohsen/Windows7.img,xvda,w" ]

vnc=”1”

vnclisten=”172.30.9.20”

on_poweroff = "destroy"

on_reboot = "restart"

on_crash = "restart"


If you pay attention then you see a section with the name “ UUID” in the output of “ VboxManage” command. We must copy and paste it exactly in our Xen config file as above. The “Disk” option is like older config and you must specific your .img file. Finally, just run below command :

# xl create /etc/xen/YourConfigName.cfg

Don't forget, Migration VMs between Virtualization Platforms is not a very good idea and you may got some problems. For example, Windows show your Blue Page or...


Selinux and Xen Project

The SElinux Project is a Linux Kernel module that provide a security mechanism for supporting mandatory access controls (MAC). It is a very good tool for enhanced security under Linux and added to various Linux Distros. The main sponsors of this project are NSA and Red Hat. We don't like cover All aspects of Selinux here because its need a Bible book but as NSA team said : The Selinux is a set of patches to Linux kernel that provide flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. The Selinux provide a mechanism that by help it malicious or flawed applications can't bypass security mechanisms. By default, Selinux provide a set of sample security policy configuration files for general-purpose security goals.

We just want to show you some good options for use Selinux under your Xen Project. You can see your Selinux status via “sestatus” command :

 
[root@localhost ~]# sestatus

SELinux status: enabled

SELinuxfs mount: /sys/fs/selinux

SELinux root directory: /etc/selinux

Loaded policy name: targeted

Current mode: enforcing

Mode from config file: enforcing

Policy MLS status: enabled

Policy deny_unknown status: allowed

Max kernel policy version: 30


The Selinux, provide three modes :* Enforcing : It is the default mode that enable and enforce the SELinux security policy on your system and based on Selinux policy rules denied your access.

  • Permissive : In this mode, Selinux enabled but will not enforce the security policy and just show you warning messages and log actions. This mode is very good for troubleshooting SELinux problems.
  • Disabled : Needless to say.


For change between modes you can use “setenforce” command :

[root@localhost ~]# setenforce

usage: setenforce [ Enforcing | Permissive | 1 | 0 ]


Please note that when you use “setenforce” command, changes do not persist across reboots. To change Selinux to enforcing mode run “setenforce 1” and to change permissive mode just run “ setenforce 0”. the “1” mean “ Enforcing” and the “0” mean “ Permissive” :

setenforce 1 == setenforce Enforcing

Finally, To view the current SELinux mode just use “getenforce” command :

[root@localhost ~]# getenforce

Enforcing

For Disable Selinux you can edit “/etc/sysconfig/selinux” and change “SELINUX=permissive” to “SELINUX=disabled”.

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of these three values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted



You can see a list of Selinux modules by running “semodule -l” :

[root@localhost ~]# semodule -l

BackupPC

abrt

accountsd

acct

afs

aiccu

aide

ajaxterm

alsa

amanda

amtu

anaconda

antivirus

apache

...


Selinux provide a Policy with the name “Booleans”. With “Booleans” you can change the policy without any knowledge about Selinux policy writing. Booleans provide a good feature and it is that you can change setting without reloading or recompiling SELinux policy.

For see a list of Booleans you can use below command :

# semanage boolean -l

For example :

[root@localhost ~]# semanage boolean -l | grep xen

xend_run_qemu (on , on) Allow xend to run qemu

xend_run_blktap (on , on) Allow xend to run blktap

xen_use_nfs (off , off) Allow xen to use nfs


As you see, By default the Xen Project denied to use “nft” and you can enable it :

# setsebool -P xen_use_nfs on

and if you see the booleans again then :

[root@localhost ~]# semanage boolean -l | grep xen

xen_use_nfs (on , on) Allow xen to use nfs

xend_run_blktap (on , on) Allow xend to run blktap

xend_run_qemu (on , on) Allow xend to run qemu


As you see, Options changed to “on”. This allow The Xen Project to use “nfs”. We used “-P” option because with this option our changes remain after reboot.

As we said, We don't like to dive into Selinux and just ant to show you how you can doing Virtualization with Selinux enabled. If you remember we setup LVM for our Xen Project VM :

[root@localhost ~]# lvdisplay

--- Logical volume ---

LV Path /dev/Xen/OpenSUSE

LV Name OpenSUSE

VG Name Xen

LV UUID dt4UiA-66k5-dd51-2AQ9-CLob-PyR3-Uvcy7u

LV Write Access read/write

LV Creation host, time localhost.localdomain, 2016-05-08 04:33:19 -0400

LV Status available

# open 0

LV Size 20.00 GiB

Current LE 5120

Segments 1

Allocation inherit

Read ahead sectors auto

- currently set to 256

Block device 253:2

...


With below command we can set the SELinux context for the underlying block device and volume group :

[root@localhost ~]# semanage fcontext -a -t xen_image_t -f b /dev/Xen/OpenSUSE

After it, When you run “semanage fcontext -l | grep 'OpenSUSE'” then :

[root@localhost ~]# semanage fcontext -l | grep 'OpenSUSE'

/dev/Xen/OpenSUSE block device system_u:object_r:xen_image_t:s0


[root@localhost ~]# ls -Z /dev/Xen/OpenSUSE

system_u:object_r:device_t:s0 /dev/Xen/OpenSUSE


You can use “restorecon” command to restore file(s) default SELinux security contexts :

# restorecon /dev/Xen/OpenSUSE


After this Selinux protection, other process can't access to our device and just VM managers can access to our device. It is True that Selinux is not an Antivirus but it can protect the Linux system a lot. For example, A big Xen Vulnerability that released recently was “VENOM” (http://venom.crowdstrike.com/), It is fixed very soon in Xen and all new Xen versions are protected but you can use Selinux for protect your Xen too. For more information, Please see http://danwalsh.livejournal.com/71489.html . For more information about Xen Project security and hardening it, Please look at http://wiki.xenproject.org/wiki/Securing_Xen .

OK, Now a good time for speaking about Citrix XenServer.

Citrix XenServer

If you remember, We spoke something about XenServer. The Citrix XenServer is the leader of open source virtualization platform that using for managing Cloud and Server Virtualization. Installing XenServer is so easy even easier than OS and just take some minutes. A company with XenServer can launch a Virtualization server in some minutes and XenServer will meet all your needs. XenServer is so fast and have a Good flexibility, performance and Most importantly have a low cost. If you used other products like VMWare ESXi then I recommend install the XenServer and test it. I bet you will surprise.

For download XenServer go to “http://xenserver.org/open-source-virtualization-download.html” and click on “XenServer Installation ISO” and a file about 633 MB in .iso format will be download. After it you should download “XenCenter” that is a Windows Management Console for XenServer. For download the XenCenter just click on “XenCenter Windows Management Console“ on above link. For other OS like Linux you can use “SSH” and other management tool like “OpenXenManager” (https://sourceforge.net/projects/openxenmanager/). The XenCenter is written in .Net programming language and it is true that Microsoft open sourced .Net programming language and this language can run in Linux too but The Citrix not produced XenCenter for Linux till now, But we hope to see it under linux very soon.

OK, I suppose that you downloaded XenServer and write it on a CD or make a bootable USB for install it. As I said, Install it is so easy and don't need any special knowledge. I just want to show some steps that you will see them :

Figure 42 : Main screen of XenServer.
Figure 43 : Select your Keymap.


Figure 44 : Read the text and if you are Agree then Click OK.
Figure 45 : Accept the License.
Figure 46 : Select your Storage and click OK.

Note : XenServer will remove all your data on HDD and create one partition as your storage. If you use RAID then you can tell XenServer to install on specific partition and not remove all of your data.

Figure 47 : Select your Installation Source.
Figure 48 : If you have External packages then Click Yes otherwise click No.


Figure 49 : Select the prepare option.


Figure 50 : Set “root” password.


Figure 51 : Select the prepare option for obtain the IP address.


Note : Server must have Static IP and select “DHCP” is not a good option.


Figure 52 : Select correct Time Zone.


Figure 53 : Select “Install XenSever” to start installation.


Figure 54 : XenSever installation.
Figure 55 : Select prepare option.


Note : If you don't have “Supplemental Pack” then select “Skip”

OK, You installed XenServer successfully. It was not hard, Is it ?

When you reboot you server then you will see something like below :


Figure 56 : Loading XenServer.
Figure 56 : XenServer is ready to use.

I assume you installed “XenCenter” on Windows or “OpenXenManager” on Linux. Installing “XenCenter” is easy and just doing with some clicks but for install “ OpenXenManager” you should doing some steps :# Install “git” if your system not have it.

  1. Install package dependencies. Packages are “python-gtk2 glade python-gtk-vnc python-glade2 python-configobj”.
  2. Clone the repo from GitHub :


# git clone https://github.com/OpenXenManager/openxenmanager.git

# Install “OpenXenManager” :


# cd openxenmanager
# sudo python setup.py install

# Run the OpenXenManager


$ openxenmanager
Figure 57 : Open XenManager.


Figure 58 : Citrix XenCenter.


Once Everything is ready, you can connect to your XenServer via these tools.

We will show you how you can manage your XenServer but not deeply because it need another book. Firs of all, write “openxenmanager” in your terminal and press Enter key. The OpenXenManager window become apparent then select “Server” menu and then click on “add”. A window become apparent and you must fill the information that it needs:


Figure 59 : Open XenManager.

After it, Click on “Connect”. As you see, Your XenServer added.

In Citrix XenCenter you can do similar task. Open XenCenter then click on “Add New Server” and you will see a similar windows as below :


Figure 60 : XenCenter.

Then click on “Add”. As you see, A windows show a security warning and you just click on “Accept”.



Figure 61 : XenCenter security warning.


After it, You can see your XenServer and can work with it :


Figure 62 : OpenXenManager.


Figure 63 : XenCenter.


You can see your XenServer in the left panel. Let's start and create our Vms. We will focus on “OpenXenManager” more because you can run it under Linux.

Open “OpenXenManager” and click on “New VM” or from “VM” menu click on “New”. You can see a Windows like below :

Figure 64 : New VM Window.


As you see, Some OS templates are listed and you can select your OS that you want install it. If your OS not listed here then you can select “Other install media”. Select your “Template” and click “Next”. In the next window select a Name for your VM and you can write a description about it too. After it, Click “Next”. In the “Location” section you can select your method for installation OS. If you like install your OS via CD\DVD drive on Server then select “Physical DVD drive” and if you have .ISO file from your OS the select “ISO Image” option, But you must upload your .ISO file to your XenServer. In the Citrix XenCenter you can run “Windows File Sharing” for do it. Let me to upload my .ISO file to XenSever server. You can use “scp” command for do it.

I created a directory in “/var/opt/xen/ISO”. Then you must open your XenServer console. You can do it by click on “Console” tab or SSH to your XenServer. When you on Xenserver, doing below command :

# mkdir /var/opt/xen/ISO

# xe sr-create name-label=LocalISO type=iso device-config:location=/var/opt/xen/ISO device-config:legacy_mode=true content-type=iso

[root@xenserver home]# xe sr-create name-label=LocalISO type=iso device-config:location=/var/opt/xen/ISO device-config:legacy_mode=true content-type=iso

2cb6a58b-2c4f-21fa-f58b-a1fca665cc38


After it, You must put .ISO file in “/var/opt/xen/ISO”. After it in the main windows you can see the new SR :


Figure 65 : Local ISO.

Lets see what happened in “Location” option:


Figure 66 : .ISO file.


As you see, Our .ISO file appear there.

If you don't like command line then you can use “New Storage” option in the main window of “OpenXenManager”. Click on it and you see a Windows like below:

Figure 67 : New Storage Window.

In this window, Select “Windows File Sharing (CIFS)” and click next. In the next windows, specific the folder patch that .ISO file is in it and if your network use domain then select “use different user name” and fill the fields with correct information. Don't forget, use “yourdomainname\username” :


Figure 68 : specific the correct path.

Then click “Finish” and in the main Window you can see a new SR with the name “CIFS ISO library”. Click on it and select “storage” tab. In this tab you can see all .ISO file that exist in the path that you specified:


Figure 69 : Storage tab.

In other pages you can select the number of CPU, Size of Memory and Disk. In “Virtual Interfaces” section you can add your NIC by click on “add” button. At the end, by click on “Finish” our VM will be created. If you like your VM started automatically after it created then click select “Start VM automatically”.

OK, After your VM created then in the main window you can see a Blue button with the name “Start” :


Figure 70 : “Start” button.


click on it and at the end of main window you can see something like percent and when your VM launched completely then you can see that this strip show you a “completed” text like below :

Figure 71 : main window strip.

Click on “Console” tab and you can start installation progress :

Figure 72 : “Console” tab.

When your OS installation started, Please click on “General” tab. What do you see? You can see some information about your VM that created but a read text flaunted :

Figure 73 : General tab.


It tell you that “Tools not installed” and it is the first job that we must do it when OS installed. According to the XenServer documentation : “XenServer Tools provides high performance Windows drivers and a management agent, enhancing disk and network performance for XenServer Vms”. As you see, It is mandatory and help us to get a better performance. Other tab show you some useful information like Performance and…. We will speak about “Snapshots” later. OK, Our OS installed and we must install “XenServer Tools”. You can do it by click on “VM” menu and select “Install XenServer Tools” but first of all Please eject the previous CD\DVD (OS). For do it, Click on “Storage” tab and and select “<empty>” for “DVD drive:”. If you select “xs-tools.iso” instead of “<empty>” then you are ready for install XenServer Tools. When you select “ xs-tools.iso” and open “My computer” on Windows then you will see something like below:


Figure 74 : Install XenServer Tools.


Just click on “CD Drive” and install progress will start.

You can all of the stuff via “xe” command too. We never dive into this because it is very vast and need another book but will will cover something that you need it.

For create a new vm via command line do below steps :

# xe template-list

then select your template name and :

# xe vm-install template="Debian Squeeze 6.0 (32-bit)" new-name-label="My Debian" sr-uuid= Your SR UUID

For find SR UUID use below command :

# xe sr-list

[root@xenserver ~]# xe sr-list

uuid ( RO) : 30f0541d-eb20-ab50-ba41-94eeb92eb104

name-label ( RW): Removable storage

name-description ( RW):

host ( RO): xenserver

type ( RO): udev

content-type ( RO): disk


uuid ( RO) : 09b22fe6-df17-2fc3-333f-43f559f7a2e5

name-label ( RW): CIFS ISO library

name-description ( RW): CIFS ISO Library [\\172.30.9.3\programs\os]

host ( RO): xenserver

type ( RO): iso

content-type ( RO): iso

uuid ( RO): f6bc99a1-070a-2470-c091-ee89fe2bae7e

name-label ( RW): DVD drives

name-description ( RW): Physical DVD drives

host ( RO): xenserver

type ( RO): udev

content-type ( RO): iso

uuid ( RO): dc2d6d43-b60b-097d-22c6-5275d185d8e7

name-label ( RW): Local storage

name-description ( RW):

host ( RO): xenserver

type ( RO): ext

content-type ( RO): user

uuid ( RO): 6972a5fc-f265-d32c-52ff-47bf96221309

name-label ( RW): XenServer Tools

name-description ( RW): XenServer Tools ISOs

host ( RO): xenserver

type ( RO): iso

content-type ( RO): iso


You must use your “Local Storage” ID thus our full command is :

# xe vm-install template="Debian Squeeze 6.0 (32-bit)" new-name-label="My Debian" sr-uuid=dc2d6d43-b60b-097d-22c6-5275d185d8e7

[root@xenserver ~]# xe vm-install template="Debian Squeeze 6.0 (32-bit)" new-name-label="My Debian" sr-uuid=dc2d6d43-b60b-097d-22c6-5275d185d8e7

e3ac9c9f-07be-96ca-ebb7-b5304cd45f50


After it, If you check your “OpenXenManager” then you will see a new VM with the name “My Debian”.

You can change your VM setting via “xe” too. For example, By default, XenServer assigned 1 CPU to our VM and we want change it to 4 CPUs :

# xe vm-list

[root@xenserver ~]# xe vm-list

uuid ( RO) : e3ac9c9f-07be-96ca-ebb7-b5304cd45f50

name-label ( RW): My Debian

power-state ( RO): halted



uuid ( RO) : 35462d0b-938d-7658-5878-496f180b2027

name-label ( RW): Windows 7 (32-bit) (2016-08-13)

power-state ( RO): halted



uuid ( RO) : 51c9e0e0-f2b0-4bec-806d-1f632437c474

name-label ( RW): Control domain on host: xenserver

power-state ( RO): running


Then :

# xe vm-param-set VCPUs-max=4 uuid= Your VM UUID

xe vm-param-set VCPUs-max=4 uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50


Then :

# xe vm-param-set VCPUs-at-startup=4 uuid= Your VM UUID

xe vm-param-set VCPUs-at-startup=4 uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50


After it, If you see the VM properties then you can see that our VCPU changed :

Figure 75 : Change VCPU.

You can change memory setting too. The commands that you must use are :# xe vm-param-set memory-static-max=”Maximum size for static memory” uuid=replace_with_uuid

  1. xe vm-param-set memory-dynamic-max=”Maximum size for dynamic memory” uuid=replace_with_uuid
  2. xe vm-param-set memory-dynamic-min=”Minimum size for dynamic memory” uuid=replace_with_uuid
  3. xe vm-param-set memory-static-min=”Minimum size for static memory” uuid=replace_with_uuid


For example :

[root@xenserver ~]# xe vm-param-set memory-static-max=

2147483648 268435456 788529152

[root@xenserver ~]# xe vm-param-set memory-static-max=788529152 uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50

[root@xenserver ~]# xe vm-param-set memory-dynamic-max=788529152 uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50

[root@xenserver ~]# xe vm-param-set memory-dynamic-min=

2147483648 268435456 788529152

[root@xenserver ~]# xe vm-param-set memory-dynamic-min=268435456 uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50

[root@xenserver ~]# xe vm-param-set memory-static-min= uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50

1024 1073741824 306184192

[root@xenserver ~]# xe vm-param-set memory-static-min=1024 uuid=e3ac9c9f-07be-96ca-ebb7-b5304cd45f50


After it you can see that your memory setting changed :

Figure 76 : Memory setting.

Sometimes you need to attach your removable storage to your VM and We will show you how you can do it. Please Plug your removable storage to your server, I suppose it is a Pen Drive. After it, SSH to your XenServer :


$ ssh root@XenServer IP

mohsen@Keep-calm-and-use-Linux:~$ ssh root@172.30.9.20

root@172.30.9.20's password:

Last login: Sat Aug 13 14:31:34 2016 from 172.30.10.18


XenServer dom0 configuration is tuned for maximum performance and reliability.


Configuration changes which are not explicitly documented or approved by Citrix

Technical Support, may not have been tested and are therefore not supported. In

addition, configuration changes may not persist after installation of a hotfix

or upgrade, and could also cause a hotfix or upgrade to fail.


Third party tools, which require modification to dom0 configuration, or

installation into dom0, may cease to function correctly after upgrade or hotfix

installation. Please consult Citrix Technical Support for advice regarding

specific tools.


Type "xsconsole" for access to the management console.

[root@xenserver ~]#


Then, Execute “dmesg” command. The output of this command is long but at the end of output you can see something about your removable storage that plugged :

[root@xenserver ~]# dmesg

[75290.601990] usb 2-1.5: new high-speed USB device number 3 using ehci-pci

[75290.853090] usb-storage 2-1.5:1.0: USB Mass Storage device detected

[75290.853174] scsi4 : usb-storage 2-1.5:1.0

[75290.853228] usbcore: registered new interface driver usb-storage

[75292.355579] scsi 4:0:0:0: Direct-Access HP v210w 1100 PQ: 0 ANSI: 0 CCS

[75292.355791] scsi 4:0:0:0: alua: supports implicit and explicit TPGS

[75292.356368] scsi 4:0:0:0: alua: No target port descriptors found

[75292.356371] scsi 4:0:0:0: alua: not attached

[75292.356473] sd 4:0:0:0: Attached scsi generic sg2 type 0

[75292.357107] sd 4:0:0:0: [sdb] 31703040 512-byte logical blocks: (16.2 GB/15.1 GiB)

[75292.357944] sd 4:0:0:0: [sdb] Write Protect is off

[75292.357946] sd 4:0:0:0: [sdb] Mode Sense: 43 00 00 00

[75292.358813] sd 4:0:0:0: [sdb] No Caching mode page found

[75292.358817] sd 4:0:0:0: [sdb] Assuming drive cache: write through

[75292.361987] sd 4:0:0:0: [sdb] No Caching mode page found

[75292.361992] sd 4:0:0:0: [sdb] Assuming drive cache: write through

[75292.363072] sdb: sdb1 sdb2

[75292.365816] sd 4:0:0:0: [sdb] No Caching mode page found

[75292.365819] sd 4:0:0:0: [sdb] Assuming drive cache: write through

[75292.365823] sd 4:0:0:0: [sdb] Attached SCSI removable disk


It this example, Our Pen Drive model is “HP v210w”. The Removable storage passtrought is so easy in XenServer and Citrix do it for your automatically and no command need. If you open “OpenXenManager” program and click on “Storage” tab in the main page then you can see that XenServer did it for you automatically :

Figure 77 : Removable storage.


For add it to your VM just click on your VM name on the main window then click on “Storage” tab and click on “Attach” button and select “Removable Storage” and click on “Attach” button :

Figure 78 : USB Pass-through.

After it, If you go to your VM then you can see that you Pen Drive mounted.

For unplug a Removable storage you can select it and click on “Detach” button.

You can do it by command line too. Do below steps :

1- fdisk -l

[root@xenserver ~]# fdisk -l


WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk doesn't support GPT. Use GNU Parted.


Disk /dev/sda: 1000.2 GB, 1000204886016 bytes

256 heads, 63 sectors/track, 121126 cylinders

Units = cylinders of 16128 * 512 = 8257536 bytes


Device Boot Start End Blocks Id System

/dev/sda1 * 1 121127 976762583+ ee EFI GPT


Disk /dev/sdc: 16.2 GB, 16231956480 bytes

255 heads, 63 sectors/track, 1973 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes


Device Boot Start End Blocks Id System

/dev/sdc1 1 1974 15850496 b W95 FAT32


As you see, “/dev/sdc1” is my Pen Drive.

2- cd /dev/disk/by-id/

3- ls

[root@xenserver ~]# cd /dev/disk/by-id/

[root@xenserver by-id]# ls

scsi-SATA_ST1000DL002-9TT_W1V0RX1H scsi-SATA_ST1000DL002-9TT_W1V0RX1H-part3

scsi-SATA_ST1000DL002-9TT_W1V0RX1H-part1 usb-HP_v210w_AA00000000000238

scsi-SATA_ST1000DL002-9TT_W1V0RX1H-part2 usb-HP_v210w_AA00000000000238-part1

[root@xenserver by-id]#


4- doing below command :

xe sr-create type=lvm content-type=user device-config:device=/dev/disk/by-id/scsi-SATA_ST1000DL002-9TT_W1V0RX1H-part1 usb-HP_v210w_AA00000000000238 name-label=”Local USB Storage”


5- After it you can see that it appear in your main window of “OpenXenManager” as “ Local USB Storage”.



Snapshots

Sometimes you need test a software of update packages but it may harm your VM and you don't like to reinstall and configure your OS. The Snapshot is a good option for you and you can back to the previous state. Let me to show you that how you can do it.

In the main window on “OpenXenManager” click your VM that you like create a snapshot of it, Then click on “Snapshots” tab. After it, click on “Take Snapshot” button and you can see a window that asked you to write a name for your snapshot :


Figure 79 : VM Snapshot.


After it, You can see that a Snapshot is created :

Figure 80 : Snapshot created.


You can see it in Citrix XenCenter too and XenCenter show it more understandable:

Figure 81 : Snapshot Diagram.


As you see, XenCenter show it in a good diagram and you can select your snapshot and right click on it and the Select “Revert To” for back to the previous state. When you select “Revert To” the XenCenter show you a message like below :


Figure 82 : Warning Message.


XenCenter ask you that are you sure to back to this Snapshot or not, If you are sure then click “Yes”. After it, XenCenter show you a window like below:


Figure 83 : Take Snapshot Window.

The XenCenter like to create another Snapshot and Enter a name for your Snapshot, For example, I enter “My snapshot”. After it our diagram is something like below :

Figure 84 : XenCenter Snapshots tab.


After it, My VM back to the previous state and as you can see in the diagram, the Green arrow point to the “Now”. If I right click on “My snapshot” and select “Revert To” then The XenCenter show me a same window like “Figure 82” but I deselect “Take a snapshot of...” and click yes because I don't like to create another snapshot of my current state. After it, You can see that your VM back to the state that you did change to your VM. The current Diagram is something like below :

Figure 85 : Back to “My snapshot”.


You can do all of these via “xe” too.

SSH to your XenServer and do below steps :

xe vm-snapshot vm=Your VM name new-name-label="Your Label"

[root@xenserver ~]# xe vm-snapshot vm=Windows\ 7\ \(32-bit\)\ \(2016-08-13\) new-name-label="My Snapshot"

7f562a5f-7614-9991-5952-d8106cb10433


In “vm” parameter select the name of your VM that you want create a Snapshot from it.

After it, You can see that a Snapshot created for you and you can doing changes. For Revert to your Snapshot use below command :

xe snapshot-revert snapshot-uuid=UUID

xe snapshot-revert snapshot-uuid=7f562a5f-7614-9991-5952-d8106cb10433


After it, You can see that your VM back to the previous state. For list the snapshot you can use below command :

xe snapshot-list

[root@xenserver ~]# xe snapshot-list

uuid ( RO) : 7f562a5f-7614-9991-5952-d8106cb10433

name-label ( RW): My Snapshot

name-description ( RW):


For remove a snapshot use below command :

xe snapshot-uninstall snapshot-uuid=UUID

[root@xenserver ~]# xe snapshot-uninstall snapshot-uuid=7f562a5f-7614-9991-5952-d8106cb10433

The following items are about to be destroyed

VM : 7f562a5f-7614-9991-5952-d8106cb10433 (My Snapshot)

VDI: f0ad2781-5c8b-4202-898c-44f9cde4e9e1 (0)

Type 'yes' to continue

yes

All objects destroyed



Join your Citrix XenServer to Windows Domain

You can join your XenServer to the Windows Domain and use Active Directory accounts for work with XenServer. For do it, In the main window of “OpenXenManager” click on “Users” tab and then click on “Join Domain” button. In the Citrix XenCenter you can do it with the same steps but let us explain it via CLI.

SSH to your XenServer and execute below command :

xe pool-enable-external-auth auth-type=AD service-name=”Your Domain name” config:user=”Your Active Directory User name” config:pass=”Your Active Directory Password”

[root@xenserver ~]# xe pool-enable-external-auth auth-type=AD service-name=mydomain.com config:user=mohsen config:pass=XenServer


After it, You can see that “Join Domain” button in “Users” tab is disabled and “Leave Domain” enabled.

After it, You must give access to your AD users or Groups :

xe subject-add subject-name=”Your AD user name or group name”

[root@xenserver ~]# xe subject-add subject-name=jokar

fc21d498-1a35-b24c-9d27-c6f2153dde56


For remove a User access use below command :

xe subject-remove subject-uuid=”User UUID”

[root@xenserver ~]# xe subject-remove subject-uuid=fc21d498-1a35-b24c-9d27-c6f2153dde56


For see your current list you can use below command :

xe subject-list


[root@xenserver ~]# xe subject-list

uuid ( RO) : fc21d498-1a35-b24c-9d27-c6f2153dde56

subject-identifier ( RO): S-1-5-21-3570103376-2371597222-4282842042-1303

other-config (MRO): subject-name: MYDOMAINN\jokar; subject-upn: JOKAR@MYDOMAIN.COM; subject-uid: 128451863; subject-gid: 128451073; subject-sid: S-1-5-21-3570103376-2371597222-4282842042-1303; subject-gecos: MOHSEN JOKAR; subject-displayname: MOHSEN JOKAR; subject-is-group: false; subject-account-disabled: false; subject-account-expired: false; subject-account-locked: false; subject-password-expired: false

roles (SRO): pool-admin


But, When you add a user you can't do anything with the user in XenServer. Why? It is because you must give a role to the user. In below table, You can see the permissions for each role :


Role permissions Pool Admin Pool Operator VM Power Admin VM Admin VM Operator Read Only
Assign/modify roles *


Log in to (physical) server consoles (through SSH and XenCenter) *


Server backup/restore *


Import/export OVF/OVA packages and disk images *


Convert virtual machines using XenServer Conversion Manager *


Log out active user connections *


*


Create and dismiss alerts *


*


Cancel task of any user *


*


Pool management *


*


Switch port locking *


*


VM advanced operations *


*


*


VM create/destroy operations *


*


*


*


VM change CD media *


*


*


*


*


View VM consoles *


*


*


*


*


XenCenter view mgmt ops *


*


*


*


*


Cancel own tasks *


*


*


*


*


*


Read audit logs *


*


*


*


*


*


Connect to pool and read all pool metadata *


*


*


*


*


*




For give a role to a user name or group do below step :

xe subject-role-add uuid=”User name or Group UUID” role-name=

role-name is :

✔pool-admin

✔pool-operator

✔vm-power-admin

✔vm-admin

✔vm-operator

✔read-only


For example :

[root@xenserver ~]# xe subject-role-add uuid=fc21d498-1a35-b24c-9d27-c6f2153dde56 role-name=pool-admin


After it, Your user become a “Pool admin” and according to the above table can do anything with your XenServer.

For use the user name that you grant it access just use the user name instead of “root”.



Backup and Restore

For create a Backup from your VM in XenServer. You can use command line and Third party. We just show you CLI but if you like an automate system that Backup your VM then you can look at “http://www.acronis.com/en-us/business/backup-advanced/citrix/” , “http://www.xenserver-backup.com/” , “https://xen-orchestra.com/” and “https://www.veritas.com/support/en_US/article.TECH74309”. Some free Scripts are exist too : “https://github.com/NAUbackup/VmBackup” and “https://github.com/aviadra/Xen-pocalypse”.

OK, For create a Backup from a VM you must Shutdown your VM by default but some of third party let you to create a backup without shutdown. Let's start!

SSH to your XenServer or use “Console” tab in the main window of “OpenXenManager” or “Citrix XenCenter” :

xe vm-list

After it, You can see a list of your Vms. For example :

[root@xenserver ~]# xe vm-list

uuid ( RO) : e3ac9c9f-07be-96ca-ebb7-b5304cd45f50

name-label ( RW): My Debian

power-state ( RO): halted



uuid ( RO) : 35462d0b-938d-7658-5878-496f180b2027

name-label ( RW): Windows 7 (32-bit) (2016-08-13)

power-state ( RO): running



uuid ( RO) : 51c9e0e0-f2b0-4bec-806d-1f632437c474

name-label ( RW): Control domain on host: xenserver

power-state ( RO): running


In this example, I want create a backup from my “Windows 7” VM. First of all, I must shutdown the VM :

xe vm-shutdown uuid=”UUID of your VM”

[root@xenserver ~]# xe vm-shutdown uuid=35462d0b-938d-7658-5878-496f180b2027

[root@xenserver ~]#


Then, You should use below command with a path. Don't forget, Never use “/” of your XenServer for copy files and… Because if “/” become full then it cause your XenServer crashed.

If you like mount a directory via a remote IP the you must use “mount” command. First of all, Share the folder on remote computer and then execute below command on your XenServer :

# mkdir /home/share

# mount -t cifs //”IP Address of remote computer” -o username=”Username”,password=”Password” /home/share/

For example :

# mount -t cifs //192.168.1.1/MyDIR -o username=”Username”,password=”Password” /home/share/


Now, I can create a backup and export my VM to “/home/share/” directory :

xe vm-export uuid=”UUID of your vm” filename=”Path and file name with .xva”

xe vm-export uuid=35462d0b-938d-7658-5878-496f180b2027 filename=/home/share/myback.xva


For Restoring a backup you can use below command :

xe vm-import filename=”Path and file name with .xva”

xe vm-import filename=/home/share/myback.xva

Hotfix

It is an important part of XenServer and via Hotfixes you can solve security holes and other XenServer problems.

When a security hole or bug found in XenServer then Citrix company provide patch for solve it. We want to show you that how you can patch your XenServe.

Firs of all, Go to “http://support.citrix.com/article/CTX138115” and select your XenServer Version. After it you can find some patches that started with “CTX” words. When you click on a Hotfix then Citrix show you some information about the hotfix and tell you that which problems solved by this hotfix.

Download the Hotfix and it is a .zip file. When download completed, You must extract this .zip file and move update file to your XenServer. You can extract it on your client or move it to XenServer and extract there. When you unzip the file then you have two files. A file with .xsupdate and a file with .tar.bz2. The .xsupdate file is your update file and another file that is compressed(.tar.bz2) is the source code of the update file. Don't forget, Citrix open sourced XenServer in 2013 and must provide the source code. For more information you can read “https://www.citrix.com/blogs/2013/06/25/xenserver-6-2-is-now-fully-open-source/”. I move the file via “scp” command to my XenServer and extracted it there.

For update your XenServer you must use below command :

xe patch-upload file-name=”The file with .xsupdate”

[root@xenserver home]# xe patch-upload file-name=XS65ESP1.xsupdate

7f2e4a3a-4098-4a71-84ff-b0ba919723c7

[root@xenserver home]#


Then :

xe patch-apply uuid=<UUID of the patch> host-uuid=<UUID of the host>

[root@xenserver home]# xe patch-apply uuid=7f2e4a3a-4098-4a71-84ff-b0ba919723c7 host-uuid=638b5767-3ef5-4fed-9553-06f1c2f61f52

6972a5fc-f265-d32c-52ff-47bf96221309 is the local tools SR: scanning

Done

Preparing... ##################################################

xen-device-model ##################################################

Preparing... ##################################################

xen-hypervisor ##################################################

Preparing... ##################################################

xen-tools ##################################################

Preparing... ##################################################

xen-libs ##################################################

Preparing... ##################################################

xen-dom0-tools ##################################################

Preparing... ##################################################

xen-dom0-libs ##################################################

Preparing... ##################################################

xen-ocaml-libs ##################################################

Preparing... ##################################################

guest-templates ##################################################

Preparing... ##################################################

lvm2 ##################################################

Preparing... ##################################################

upgrade-plugin ##################################################

Preparing... ##################################################

xapi-core ##################################################

Preparing... ##################################################

xapi-xenopsd ##################################################

Preparing... ##################################################

xapi-rrdd ##################################################

Preparing... ##################################################

Stopping XCP RRDD plugin xcp-rrdd-iostat: [ OK ]

Stopping XCP RRDD plugin xcp-rrdd-squeezed: [ OK ]

Stopping XCP RRDD plugin xcp-rrdd-xenpm: [ OK ]

rrdd-plugins ##################################################

Starting XCP RRDD plugin xcp-rrdd-iostat: [ OK ]

Starting XCP RRDD plugin xcp-rrdd-squeezed: [ OK ]

Starting XCP RRDD plugin xcp-rrdd-xenpm: [ OK ]

Preparing... ##################################################

blktap ##################################################

Preparing... ##################################################

sm ##################################################

Preparing... ##################################################

tzdata ##################################################

Preparing... ##################################################

kernel ##################################################

unable to stat /sys/class/block//var/swap/swap.001: No such file or directory

Preparing... ##################################################

vgpu ##################################################

Preparing... ##################################################

linux-guest-loader-data ##################################################

Preparing... ##################################################

hwdata ##################################################

Preparing... ##################################################

xenserver-transfer-vm ##################################################

Preparing... ##################################################

openvswitch ##################################################

Preparing... ##################################################

v6d ##################################################

Preparing... ##################################################

glibc ##################################################

Preparing... ##################################################

glibc-common ##################################################

Waiting for xapi to signal init complete

Removing any existing built-in templates

Regenerating built-in templates


[root@xenserver home]#


After it, You can use “xe patch-list” for see a list of patches :

[root@xenserver home]# xe patch-list

uuid ( RO) : 5200911d-5f79-4149-abca-0556af77b14d

name-label ( RO): XS65E003

name-description ( RO): Public Availability: security fixes to glibc

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO): restartHost



uuid ( RO) : 30d3992b-ac0a-45e8-9e93-d4b2e9bb235f

name-label ( RO): XS65E006

name-description ( RO): Public Availability: security fixes to Xen

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO): restartHost



uuid ( RO) : 9f9d57ff-3a04-4385-9744-f961b44a1db4

name-label ( RO): XS65E001

name-description ( RO): Public Availability: XenCenter fixes for XS 6.5

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO):



uuid ( RO) : 7f2e4a3a-4098-4a71-84ff-b0ba919723c7

name-label ( RO): XS65ESP1

name-description ( RO): Public Availability: XenServer 6.5 Service Pack 1 (SP1)

size ( RO): 254832812

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO): restartHost



uuid ( RO) : 0fedb090-7d7a-4dce-afac-34d56d4c9aff

name-label ( RO): XS65E002

name-description ( RO): Public Availability: XenTools fixes

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO): restartXAPI



uuid ( RO) : 70ef547a-125c-44fc-9cc3-1b709c9b7431

name-label ( RO): XS65E007

name-description ( RO): Public Availability: Security fixes for Xen Device Model

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO): restartHost



uuid ( RO) : d3c08fcb-daa0-4410-bdb2-c298109e88ad

name-label ( RO): XS65E008

name-description ( RO): Public Availability: Fix for Dom0 kernel

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO): restartHost



uuid ( RO) : 492ca007-bf7b-454f-8e5c-63a991a52449

name-label ( RO): XS65E005

name-description ( RO): Storage fixes to prevent disk corruption

size ( RO): 0

hosts (SRO): 638b5767-3ef5-4fed-9553-06f1c2f61f52

after-apply-guidance (SRO):



[root@xenserver home]#


Done.

When the update completed, Don't forget to remove the Hotfix files. The “/” must not full.

You can use Citrix XenCenter for do it too. Open XenCenter and from the left side click on “Notifications” then click on “Update” and after it click on “Check for Update Now” :

Figure 86 : Update.


After it, If any update exist then a list of updates show:

Figure 87 : List of updates.


Select a update and from “Actions” section click on Down arrow and then click on “Download and Install”. XenCenter Detect your XenServer(s) and when you select your XenServer Download start :

Figure 88 : Download completed.

When Download completed, Click on “Next” and XenServer check the server for apply update :

Figure 89 : Checking Server.

When everything is OK, Click on “Next”:

Figure 90 : Ready for install the update.

Click on “Install update” For start installing :

Figure 91 : Installing update.


When installing done then XenCenter rebooted XenServer automatically and waiting for XenServer to become ready(Go up) :

Figure 92 : Update applied.

Everything is OK, Click on “Finish” and do these steps for other updates too.



Citrix XenConvert

According to the Citrix website : Citrix® XenConvert™ is a physical-to-virtual (P2V) conversion tool for converting a Windows operating system, applications, and data from a physical machine to a XenServer virtual machine, Provisioning Services vDisk, virtual appliance in the Open Virtualization Format (OVF), or disk image in the Virtual Hard Disk format.

We want to show you that how you can use this tool. First of all, Download the XenConvert from “https://www.citrix.com/go/products/xenserver/xenserver-xenconvert-free.html” and install it on a Machine that you want convert it. XenConvert need .NET Framework 4. If it a VM that exist on VMWare or VirtualBox then Please remove additional tools on your VM : “Guest Additions” for VirtualBox, “Integration Services” for Microsoft Hyper-V and “VMWare Tools” for ESXi . After it, Execute XenConvert. You will see a window like below :



Figure 93 : XenConvert.


As you see, The “From” option is selected as “This Machine” and in “To” option you can select the destination of conversation. If you like your Machine moved to the XenServer directly then select “XenServer” and if you like your VM convert to a package then select OVF. The Citrix XenConvert provide other options too :


Figure 94 : “To” options.

For more information about “OVF” format you can read “https://en.wikipedia.org/wiki/Open_Virtualization_Format”.

After it, Click “Next”.

In the next windows, You must select the the Volume(Partition) that you want converted to the VM. We just like Drive C converted thus selected “C:” in the “Source Volume”.

Figure 95 : Select the Volume.


In the next window, You must enter your XenServer information like the Citrix XenServer IP address, User name that have properly privilege(root) and Password for User name. In the “Workspace” you must specify a location that XenConvert store the OS on it and then move it to the Citrix XenServer. Click on “Browse...” button and specify a location. For example, We selected drive D.

Figure 96 : provide XenServer information.

After it, Click on “Next” button and XenConvert check the User name and password that you entered. If the User name and Password are correct then you see another window like below :

Figure 97 : Select “VM Name” and “Storage Repository”.

By default, XenConvert select your Computer name as “VM Name” but you can modify it. In “Storage Repository” you can select your XenServer storage that you like the machine store on it.

Click on “Next” button. You can see a window like below :

Figure 98 : Information about our job.

If you like XenConvert save the result of the convert then select “Log names of...” option. Click on “Convert” button.

After a few seconds, A message like below showing and Citrix wants to create a Virtual partition and you must format this Virtual Partition :

Figure 99 : Format Virtual Partition.

After it, Converting started.

Figure 100 : Converting started.

The Virtual partition that XenConvert created has the same size of partition that you selected in Figure 96 as “Workspace”.

Install other packages in XenServer

Sometimes you need to install other package on your XenServer that not exist in XenServer repository. For example, Some users like “traceroute” but if you use “yum install traceroute” then you got an error like below :

[root@xenserver ~]# yum install traceroute

Loaded plugins: fastestmirror

Determining fastest mirrors

citrix | 951 B 00:00

Setting up Install Process

No package traceroute available.

Nothing to do


How you can install other packages in XenServer? We will show you.

XenServer use Citrix yum repository by default :

[root@xenserver ~]# yum repolist enabled

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

repo id repo name status

citrix XenServer 6.5.0 updates 0

repolist: 0


We must disable it but you have two ways : 1- Disable it temporary 2- Disable it permanently

For disable it temporary you can use below command :

yum --enablerepo=base --disablerepo=citrix install “Your Package name”


For example :

yum --enablerepo=base --disablerepo=citrix install traceroute


For disable it permanently you can use below command :

sed -i -e "s/enabled=0/enabled=1/" /etc/yum.repos.d/CentOS-Base.repo


Then install your package :

Yum install traceroute


Don't forget, It is not a normal way and you must not install third party on your XenServer.




Clone VM

Fortunately, Clone a Xen VM is so easy and with “dd” command you can do it in one step. We use “dd” command if our VM use “LVM” and if our VM is a file (.img) then it is so easy and just copy your image to other place.

I hope you can remember our “LVM” scheme but don't worry if you can't remember it. Just use “lvdisplay” command :

[root@localhost ~]# lvdisplay

--- Logical volume ---

LV Path /dev/Xen/OpenSUSE

LV Name OpenSUSE

VG Name Xen

LV UUID dt4UiA-66k5-dd51-2AQ9-CLob-PyR3-Uvcy7u

LV Write Access read/write

LV Creation host, time localhost.localdomain, 2016-05-08 04:33:19 -0400

LV Status available

# open 0

LV Size 20.00 GiB

Current LE 5120

Segments 1

Allocation inherit

Read ahead sectors auto

- currently set to 256

Block device 253:2


--- Logical volume ---

LV Path /dev/Xen/linux

LV Name linux

VG Name Xen

LV UUID ryXghI-gXCq-S4qp-FIhF-q9Fx-GgM3-1Sfe2N

LV Write Access read/write

LV Creation host, time localhost.localdomain, 2016-05-10 09:11:19 -0400

LV Status available

# open 0

LV Size 20.00 GiB

Current LE 5120

Segments 1

Allocation inherit

Read ahead sectors auto

- currently set to 256

Block device 253:3


In this example, I like to create a clone of “/dev/Xen/linux” and as you it is about 20.00 GiB :

“dd” Syntax is : dd if=<source file name> of=<target file name> [Options]

# dd if=/dev/Xen/linux of=/home/mohsen/myclone.img bs=1K


[root@localhost ~]# dd if=/dev/Xen/linux of=/home/mohsen/myclone.img bs=1K

20971520+0 records in

20971520+0 records out

21474836480 bytes (21 GB) copied, 381.062 s, 56.4 MB/s


OK, Command finished and on other server that you like clone your VM on it you should create a “LVM” similar to current server. If you look at “Storage and Networking” part then you will find the instruction of it via “pvcreate” , “vgcreate” and “lvcreate” commands.

I assume that you copy your .img file from current server to other server via “scp” command and create your Volume Group and everything is ready for run “ lvcreate” command :

# lvcreate -L 20G -v -n linux Xen


After it, You must use “dd” command for clone it on your new Volume on your new server :

# dd if=/home/mohsen/myclone.img of=/dev/Xen/linux bs=1k

[root@localhost ~]# dd if=/home/mohsen/myclone.img of=/dev/Xen/linux bs=1k

20971520+0 records in

20971520+0 records out

21474836480 bytes (21 GB) copied, 2004.95 s, 10.7 MB/s


Everything is OK and you can config your Xen VM to use this “LVM”.




Recovery

We spoke something about cloning a VM and I guess you thinking about how you can Fix or recover a VM when it is corrupted. To be honest, The best way for it is make a backup from your VM. If your VM use .img then you can copy it to other place as a backup if your VM use LVM then you can cloning and keep it as a backup.

In Linux, You can use “testdisk” utility that it is a free and open source data recovery tool for recovery .img files or partitions. It is installed by default but if your Dom0 not have it then you can install it manually. Our Dom0 is Fedora and we use below command :

# dnf install testdisk

OK, When installing complete then you can use “testdisk” command. According to “http://www.cgsecurity.org/” the full syntax is :

# testdisk [/debug] [/log] [/logname file.log] /cmd [file.dd|file.e01|device] cmd

For example, I like to recovery my VM image and I use below command :

# testdisk /home/mohsen/Windows7.img

Work with this tool is easy. “testdisk” will show you the number of partition that your VM has and you can select your Intended partition and after it select suitable options and recovery will start :

Figure 101 : TestDisk.


How to auto start XEN VMs after reboot of DOM0

A good option for your Xen server is auto start. Sometimes your Server crashed or you have Power problem or for any reason your server rebooted or powered off. Suppose, You have a lot of Vms on your Dom0 and all of your Vms must be start immediately. What you should do? A system administrator answer this question with a Script that start all Xen Vms or specific Vms after each reboot but Xen Project provide a good option for your in this conditions.

It is so easy and Let me to explain it.

If you look at “/etc/xen/” directory then you will find a directory with the name “auto”. If you put a link of your VM configuration file in this photo then your VM started automatically any time that your Dom0 rebooted. We use “ln” command in Linux for create a Link :

# cd /etc/xen/auto/

# ln -s /etc/xen/windows.cfg

In this example, I created a Link of “windows.cfg” and this VM started automatically any time that my Dom0 rebooted.

OK, I rebooted Dom0 intentional and after it my DomU started automatically :

[root@localhost ~]# xl list

Name ID Mem VCPUsStateTime(s)

Domain-0 0 3659 8 r----- 53.4

Windows10 2 4096 4 -b---- 48.7


As you see, My VM with the name “Windows10 “ started.



Monitoring Via Nagios

Nagios is a free and open source software that help system administrators for monitoring Systems, Networks, services and… Nagios now known as “Nagios Core”. It is true that The Xen project provide a monitoring tool by default and you can install other Linux monitoring tools too but a product like Nagios can help you in some situations.

We want to show you that how you can install Nagios from source code.

First of all, You should install some packages. We use Fedora server and Dom0 so :

# dnf install -y httpd php gcc glibc glibc-common gd gd-devel make net-snmp


After it, We should create a user with the name “nagios” and a group with the name “nagcmd” :

# useradd nagios

# groupadd nagcmd


Then :

# usermod -G nagcmd nagios

# usermod -G nagcmd apache

After it, We create a directory for download “Nagios core” source code :

# mkdir /root/nagios


Then, use “cd” command for change directory as below :

# cd /root/nagios/

After it, We use “wget” tool for download “Nagios core” and “Nagios Plugins” source code. At the time of writing this book, the Nagios version was 4.0.1 and the URL to download it was as below :

# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.1.tar.gz

# wget https://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz



OK,When download finished,we use “gunzip” and “tar -xf” commands for extract the packages. When packages extracted, we use “cd” command for change to the “nagios-4.0.1” directory and issue below commands :



# ./configure –with-command-group=nagcmd

# make all

# make install

# make install-init

# make install-commandmode

# make install-config


If you like receiving email alerts then open below file via an editor like “nano” and set the “email address” with the correct email address :

# nano /usr/local/nagios/etc/objects/contacts.cfg

When everything is done the we use below command for configure web interface for nagios :

# make install-webconf


After it, we use below command for Create password for “nagiosadmin” account :

# htpasswd -s -c /usr/local/nagios/etc/htpasswd.users nagiosadmin


Now, We must start “httpd” service :

# systemctl start httpd.service


OK, “Nagios Core” installed successfully and we must install “Plugins”. I hope you extracted “nagios-plugins-1.5” package in the first step and we are ready to install it. Use “cd” command for change to “nagios-plugins-1.5” directory and issue below commands :


# ./configure --with-nagios-user=nagios --with-nagios-group=nagios

# make && make install


OK, Everything is done and we must check our configuration file :

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

[root@localhost nagios]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg


Nagios Core 4.0.1

Copyright (c) 2009-present Nagios Core Development Team and Community Contributors

Copyright (c) 1999-2009 Ethan Galstad

Last Modified: 10-15-2013

License: GPL


Website: http://www.nagios.org

Reading configuration data...

Read main config file okay...

Read object config files okay...


Running pre-flight check on configuration data...


Checking objects...

Checked 9 services.

Checked 2 hosts.

Checked 1 host groups.

Checked 0 service groups.

Checked 1 contacts.

Checked 1 contact groups.

Checked 25 commands.

Checked 5 time periods.

Checked 0 host escalations.

Checked 0 service escalations.

Checking for circular paths...

Checked 2 hosts

Checked 0 service dependencies

Checked 0 host dependencies

Checked 5 timeperiods

Checking global event handlers...

Checking obsessive compulsive processor commands...

Checking misc settings...


Total Warnings: 0

Total Errors: 0


Things look okay - No serious problems were detected during the pre-flight check


As use see, “Things look okay - No serious problems were detected during the pre-flight check”, Then :

# chkconfig --add nagios

# chkconfig --level 35 nagios on

# systemctl enable httpd.service

# systemctl start httpd

# systemctl start nagios


The “Nagios Core” use port “5666” and we must open this port via “iptables” for remote control :

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT

# iptables-save


If you remember, We spoke about “Selinux” and told you that you must not disable it, But the Selinux can cause problems and show you an error message like “Internal Server Error” when you attempt to access the Nagios CGIs. You can put Selinux in Enforcing mode :

# getenforce

But Instead of disabling SELinux or setting it to permissive mode, you can use the following command to run the CGIs under SELinux enforcing/targeted mode:

# chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/

# chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

OK, All steps finished and we are ready for logging to the “Nagios”. Open a web browser and write your server IP address in URL as below :

http://172.30.9.20/nagios


In this example, Our server IP address is “172.30.9.20”.



Figure 102 : Nagios logging.


In “User Name” write “nagiosadmin” and in “Password” write a password that you choice. After it, We will see the “Nagios Core” page as below :

Figure 103 : Nagios.


OK, If you click on “Hosts” and “Services” then you can see the current situation of your machine.

For some reasons, You don't like to install Nagios on your Xen Project machine and like to dedicate a server for it and just like to monitor your Xen Project. In this situation, You must install “Nagios Core” and “Nagios Plugin” on a server as we learned and install NRPE on your Xen Project server as below :

First of all, Install necessary packages :


# yum install -y gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel perl

# yum install xinetd


Then, Create a directory as below and download necessary packages :


# mkdir /root/nagios

# wget https://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz


Download NRPE from below URL :

https://sourceforge.net/projects/nagios/files/nrpe-2.x/


When download complete, You must create a “nagios” user :

# useradd nagios

# passwd nagios


Now, We must compile and install downloaded packages :


# tar xvfz nagios-plugins-1.4.11.tar.gz

# cd nagios-plugins-1.4.11

# ./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu

# make

# make install


Then, Change directory permission via below commands :


# chown nagios.nagios /usr/local/nagios

# chown -R nagios.nagios /usr/local/nagios/libexec/


Nagios Plugins installed and now we must install NRPE package. Extract package and do below steps :

# cd nrpe-2.12

# ./configure --enable-command-args

# make all

# make install

# make install-config

# echo >> /etc/services

# echo '# Nagios services' >> /etc/services

# echo 'nrpe 5666/tcp' >> /etc/services

# make install-init


You can see the output of commands here :


[root@localhost nrpe-3.0]# make all

cd ./src/; make

make[1]: Entering directory `/root/nagios/nrpe-3.0/src'

gcc -g -O2 -I/usr/include/krb5 -DHAVE_CONFIG_H -I ../include -I ./../include -o nrpe ./nrpe.c ./utils.c ./acl.c -lssl -lcrypto -lnsl

gcc -g -O2 -I/usr/include/krb5 -DHAVE_CONFIG_H -I ../include -I ./../include -o check_nrpe ./check_nrpe.c ./utils.c -lssl -lcrypto -lnsl

make[1]: Leaving directory `/root/nagios/nrpe-3.0/src'


*** Compile finished ***


You can now continue with the installation or upgrade process.


Read the PDF documentation (NRPE.pdf) for information on the next

steps you should take to complete the installation or upgrade.



[root@localhost nrpe-3.0]# make install

cd ./src/; make install

make[1]: Entering directory `/root/nagios/nrpe-3.0/src'

make install-plugin

make[2]: Entering directory `/root/nagios/nrpe-3.0/src'

/usr/bin/install -c -m 755 -d /usr/local/nagios/bin

/usr/bin/install -c -m 755 ../uninstall /usr/local/nagios/bin/nrpe-uninstall

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec

/usr/bin/install -c -m 775 -o nagios -g nagios check_nrpe /usr/local/nagios/libexec

make[2]: Leaving directory `/root/nagios/nrpe-3.0/src'

make install-daemon

make[2]: Entering directory `/root/nagios/nrpe-3.0/src'

/usr/bin/install -c -m 755 -d /usr/local/nagios/bin

/usr/bin/install -c -m 755 ../uninstall /usr/local/nagios/bin/nrpe-uninstall

/usr/bin/install -c -m 755 nrpe /usr/local/nagios/bin

/usr/bin/install -c -m 644 ../startup/tmpfile.conf /usr/lib/tmpfiles.d/nrpe.conf

make[2]: Leaving directory `/root/nagios/nrpe-3.0/src'

make[1]: Leaving directory `/root/nagios/nrpe-3.0/src'


[root@localhost nrpe-3.0]# make install-config

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc

/usr/bin/install -c -m 644 -o nagios -g nagios sample-config/nrpe.cfg /usr/local/nagios/etc


After it, We must enable nrpe service :


# systemctl enable nrpe.service


I'm sure, for some security reasons you don't like to disable iptables then for this reason you must let Nagios core and NRPE Communicate with each other :


# iptables -I INPUT -p tcp --destination-port 5666 -j ACCEPT

# iptables-save


OK. The next is step is edit “nrpe.cfg” file via an editor like “nano” :

# nano /usr/local/nagios/etc/nrpe.cfg


Then , find below lines and add your nagios server IP address and change value from “0” to “1” :


allowed_hosts=127.0.0.1,NAGIOS SERVER IP ADDRESS

dont_blame_nrpe=1


Then :

# systemctl start nrpe.service


Now, It's time to do the test :


# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1


[root@localhost nrpe-3.0]# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1

NRPE vnrpe-3.0



OK, After it we must introduce our client to our Nagios server, So On Nagios server do below steps :

# touch /usr/local/nagios/etc/hosts.cfg

# touch /usr/local/nagios/etc/services.cfg

Open “hosts.cfg” file with nano editor and write below lines to it :

# nano hosts.cfg

define host{

name linux-box ; Name of this template

use generic-host ; Inherit default values

check_period 24x7

check_interval 5

retry_interval 1

max_check_attempts 10

check_command check-host-alive

notification_period 24x7

notification_interval 30

notification_options d,r

contact_groups admins

register 0 ; DONT REGISTER THIS - ITS A TEMPLATE

}

## Default

define host{

use linux-box ; Inherit default values from a template

host_name our-boy ; The name we're giving to this server

alias CentOS 7 ; A longer name for the server

address IP ADDRESS ; IP address of Remote Linux host

}


Open “services.cfg” file with nano editor and write below lines to it :

# nano services.cfg

define service{

use generic-service

host_name our-boy

service_description CPU Load

check_command check_nrpe!check_load

}

define service{

use generic-service

host_name our-boy

service_description SSH Monitoring

check_command check_nrpe!check_ssh

}

define service{

use generic-service

host_name our-boy

service_description FTP Monitoring

check_command check_nrpe!check_ftp

}


Then, Open “nagios.cfg” and add below line to it :

cfg_file=/usr/local/nagios/etc/hosts.cfg

cfg_file=/usr/local/nagios/etc/services.cfg


After it :

# nano /usr/local/nagios/etc/objects/commands.cfg

define command{

command_name check_nrpe

command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$

}


You can install NRPE package on your Nagios Core too and check the connection between Nagios core and your client. For example :

[root@localhost nrpe-3.0]# /root/nagios/nrpe-3.0/src/check_nrpe -H “CLIENT IP ADDRESS”

NRPE vnrpe-3.0


Now, if you restart nagios service on Nagios core server then you can see your client on “Hosts” section.