[ale] Xen Server adding a virtual disk to a VM
Raj Wurttemberg
rajaw at c64.us
Wed Oct 19 09:28:21 EDT 2016
Hey Guys,
I spin up many servers a week and I have to follow a (US) Federal Security Technical Implementation Guide (STIG). They don’t always let me use a server template so I made this Red Hat kickstart file to help me deploy the servers with the correct partitions and use LVM at build time. No keyboard input is required. Using this kickstart file, it takes about five minutes to deploy a Red Hat server.
Hope this helps someone.
#########
lang en_US
keyboard us
timezone Etc/UTC --isUtc
rootpw xxxxxxxxxxxxxxxxxxxxxxxxxxx --iscrypted
#platform x86, AMD64, or Intel EM64T
reboot
cdrom
#########
bootloader --location=mbr --append="vga=771"
zerombr
clearpart --all --initlabel
#########
part /boot --fstype ext4 --size=4096 --ondisk=sda
part pv.01 --size=4096 --grow --ondisk=sda
#
volgroup vg_root pv.01
logvol / --fstype ext4 --name=root --vgname=vg_root --size=30720 --grow
logvol swap --fstype swap --name=swap --vgname=vg_root --size=2048
#
part pv.02 --size=1 --ondisk=sdb --grow
volgroup vg_var pv.02
logvol /var --fstype ext4 --vgname=vg_var --size=10240 --name=lv_var
logvol /var/log --fstype ext4 --vgname=vg_var --size=10240 --name=lv_varlog
logvol /var/log/audit --fstype ext4 --vgname=vg_var --size=10240 --name=lv_varlogaudit
logvol /var/tmp --fstype ext4 --vgname=vg_var --size=10240 --name=lv_vartmp
#
part pv.03 --size=1 --ondisk=sdc --grow
volgroup vg_tmp pv.03
logvol /tmp --fstype ext4 --vgname=vg_tmp --size=10240 --name=lv_tmp
#
part pv.04 --size=1 --ondisk=sdd --grow
volgroup vg_opt pv.04
logvol /opt --fstype ext4 --vgname=vg_opt --size=10240 --name=lv_opt
#
part pv.05 --size=1 --ondisk=sde --grow
volgroup vg_home pv.05
logvol /home --fstype ext4 --vgname=vg_home --size=10240 --name=lv_home
##########
auth --passalgo=sha512 --useshadow
selinux --enforcing
firewall --enabled --http --ftp --ssh
skipx
firstboot --disable
%packages
@performance
@network-file-system-client
@large-systems
@base
@security-tools
@system-admin-tools
@development
expect
%end
Kind regards,
/Raj
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Lightner, Jeffrey
Sent: Wednesday, October 19, 2016 8:42 AM
To: Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] Xen Server adding a virtual disk to a VM
+1
LVM makes your life simple. We do LVM on both bare metal and virtual systems. People often treat LVM like it is unnecessarily complicated but once you use it you wonder how you ever lived without it.
That being said I do recall first meeting LVM on HP-UX in the mid-90s and asking the question:
Why would I combine all my disks together (into VGs) just to break them up again (into LVs)?
I now know the answer is because I can add (and even remove) disks (or partitions thereof) after the fact and/or can make the LVs any size I want. I can also have an unlimited number of LVs (space limited of course) which can be added, deleted or resized without any consideration of other LVs.
From: ale-bounces at ale.org <mailto:ale-bounces at ale.org> [mailto:ale-bounces at ale.org] On Behalf Of Jim Kinney
Sent: Monday, October 17, 2016 4:12 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Xen Server adding a virtual disk to a VM
I use LVM for vm disks as well as physical ones. I am often needing to expand the virtual disk space and LVM makes is easy.
On Oct 17, 2016 2:51 PM, "Scott Plante" <splante at insightsys.com <mailto:splante at insightsys.com> > wrote:
Thanks guys. This thread has been very informative.
So you don't LVM inside a VM, but do you partition? I've always partitioned because it's how I was taught (pre-VM), but suppose you have a Linux VM, and you want to add a 200GB partition for some application. You go into your VM software and create the virtual disk and attach it to the VM. Inside the VM it appears as a new device, say /dev/xvde. You could create a partition and /dev/xvde1 would appear and you could mkfs /dev/xvde1 or you could skip the partitioning and just mkfs /dev/xvde. One reason you generally partition is for the sector alignment stuff, but (correct me if I'm wrong) that doesn't apply to a virtual disk. The sector alignment would be taken care of when you partition the drive inside XenServer, VMWare or whatever's running on the bare metal. Another reason you might normally partition a drive is to separate your OS from your data, to make sure run-away log files don't crash your database, etc., but that doesn't apply here because you've already created a separate virtual disk for that purpose.
I asked a friend at the pub Friday night who works with lots of VMs and he says he partitions just as a reminder to himself that he has or hasn't done something with the virtual disk. So he might go add a new disk to a half-dozen VMs, and when he goes into each one he can more easily tell whether he has taken care of it yet or something like that. If I add or remove a disk once a month it's a lot, so that's not a big selling point for me. Still, I suppose it could be useful as some longer term "documentation" kind of thing.
So those of you on the list who deal with VMs: do you partition your virtual disks?
Scott
p.s. my recent VM experience is mostly with XenServer, so forgive me if my question and/or terminology doesn't make sense for ESXi, KVM, or other VM environments.
_____
From: "Phil Turmel" <philip at turmel.org <mailto:philip at turmel.org> >
To: ale at ale.org <mailto:ale at ale.org>
Sent: Saturday, October 15, 2016 11:08:35 AM
Subject: Re: [ale] Xen Server adding a virtual disk to a VM
On 10/14/2016 05:13 PM, DJ-Pfulio wrote:
> Ok, so fdisk was patched, but I'm still waiting for that patch to
> actually make it into every distro I see. I keep seeing fdisk complain
> about GPT disks - easier to just use parted, IMHO. Parted also aligns
> partitions correctly, as does gparted. fdisk does not. If you use only
> SSDs, don't think that it matters, but on spinning disks, there can be a
> real, noticeable, performance hit.
Interesting. I've been using 'gdisk' for quite some time now. Same
style of interface but supports GPT, plus conversions to/from MBR and
BSD. I thought is was packaged with util-linux, but I just found out
otherwise.
It is part of the base install of Ubuntu Server at least since 14.04.
It came in as a default dependency of udisks on my gentoo systems, which
is pulled in by a variety of things. So I assumed it was part of the
system set.
I like gdisk *way* more than parted.
> GPT has many upgrades over MBR, like duplication at the front/end of the
> storage, not only at the beginning. Plus not having to deal with
> "logical/extended" partitions ever again is nice. Wikipdeia has more.
>
> Inside a VM, I don't don't use LVM. Only outside on the hostOS. There
> are multiple pros/cons to either method. I can understand if folks want
> LVM inside a VM and why they wouldn't. Do some research.
I do the same. LVM on bare metal, not in VMs. All of my VM disks are
LVs, not files. Virt-manager makes that easy, btw -- you can make any
volume group in a host a "pool" for VM allocations. It was one of the
final straws that got me off of virtualbox.
> Haven't touched btrfs. Seems there is always some "issue" that is
> important to me with it. Whether that is true or not is completely
> irrelevant. It is a hassle that I don't need. Understand many people
> love btrfs, which is great. More users will eventually fix the issues I
> have! Thanks!
Yup. I played with it once. Haven't touched it since.
> lsblk is nice. Plus, it doesn't need sudo to work (at least not on any
> systems I manage).
I wrote lsdrv[1] because I didn't like the way lsblk repeated trees when
raid arrays were present, and I wanted something that would document
controller ports, device SNs, and UUIDs for later recovery tasks.
Basically lsblk + blkid + lspci + lsusb in one report.
Phil
[1] https://github.com/pturmel/lsblk
_______________________________________________
Ale mailing list
Ale at ale.org <mailto:Ale at ale.org>
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
Ale at ale.org <mailto:Ale at ale.org>
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20161019/d650d1e3/attachment.html>
More information about the Ale
mailing list