Network/Procedures/Create a new VM

From Makers Local 256
Jump to: navigation, search

This setup will create two logical volumes on two different boxes, set up replication between them, create a new VM backed by the replicated storage, and put Debian stable on it. The example hosts I will be using are vm2 and vm3. I will be creating the newvpn VM.

  • Create the block devices (do this on both hosts, so vm2 and vm3 in this case):
vm2$ sudo lvcreate vm2_storage --name newvpn_root --size 10GiB
vm3$ sudo lvcreate vm3_storage --name newvpn_root --size 10GiB
    • Alternatively, to exactly match the size of an existing volume
root@vm4:~# lvdisplay /dev/vm4_storage/mail_disk --units=B | grep "LV Size"
  LV Size                8589934592 B
root@vm666:~# lvcreate 666 --name mail_disk --size 8589934592B

  • Create the drbd resource config on both boxes; for example, /etc/drbd.d/newvpn_root:
 resource newvpn_root { #change this to match the name of the volume
        protocol C;
        meta-disk internal;
        device /dev/drbd_newvpn_root minor 13; #change this. I like to make it match the IP the box will have
        syncer {
                verify-alg sha1;
                rate 5M;
        net {
                allow-two-primaries;# yes;
                cram-hmac-alg sha1;
                shared-secret "newvpn_root"; #change this
                after-sb-0pri discard-zero-changes;
                after-sb-1pri consensus;
                after-sb-2pri disconnect;
        on vm3 {
                disk /dev/vm3_storage/newvpn_root; #change this
                address; #change the port and such. I use 78xx where xx is the minor
        on vm2 {
                disk /dev/vm2_storage/newvpn_root; #change this
                address; #should match the other host, but address different
  • Set up the drbd resource (do this on both hosts):
sudo drbdadm create-md newvpn_root #creates metadata on underlying slice
sudo drbdadm adjust newvpn_root #set up the resource and connect to the other box
sudo drbd-overview | grep newvpn_root #make sure the states are Secondary/Secondary indicating connection
  • On only one of the hosts, invalidate the current state of the volume:
sudo drbdadm invalidate newvpn_root
  • Then, only on the other host, set the volume to primary:
sudo drbdadm primary newvpn_root

The volume will start replicating between hosts.

  • On the host you selected as primary, debootstrap a new install using xen-tools.
sudo xen-create-image --fs=ext4 --genpass_len=64 --image-dev=/dev/drbd_newvpn_root --memory=256M --pygrub --bridge=br.200 --ip= --gateway= --netmask= --hostname=newvpn --noswap --verbose

This part takes a LONG time (like 10-30 minutes depending on Internet download speeds). Note the root password provided!

  • Now the box exists. Try to start it:
sudo xl create newvpn.cfg
  • Copy /etc/xen/newvpn.cfg to the other VM host so that you could start it there if you had to.
  • Shell into your new VM and do what you need to do! Use the root password from the xen-create-image tool to log in. Make a username for yourself and then mind-wipe that root password.
  • Go edit Network/DMZ to add your new box to the list.
  • Don't forget to set up backups.

Things to try if stuff doesn't work

  • if a VM doesn't restart correctly, check its mode. "sudo drbd-overview"
    • the mode should be "Primary/Secondary" or "Primary/Unknown", if it's a standalone partition.
    • if its reporting as Secondary, change it back to Primary with "sudo drbdadm primary <PARTITION NAME HERE>/0"
  • then recheck it with "sudo drbd-overview"
  • If its right, you can kick off the vm with "sudo xl create /etc/xen/<NAME OF THE VM HERE>.cfg"
  • then verify its back with "sudo xl list"


  • To disconnect a partition so it is standalone
    • on both hosts, run "sudo drbdadm disconnect <PARTITION NAME HERE>"
  • To connect a partition, make sure its marked primary on one, and secondary on the other
    • on both "sudo drbd-overview"
    • on primary host "sudo drbdadm primary <PARTITION NAME HERE>"
    • on secondary host "sudo drbdadm secondary <PARTITION NAME HERE>"
    • on primary host "sudo drbdadm connect <PARTITION NAME HERE>"
    • on secondary host "sudo drbdadm connect --discard-my-data <PARTITION NAME HERE>" on secondary
    • on both "sudo drbd-overview" to verify sync is occurring
    • if sync didnt start, wait a few minutes, recheck it and then try this on secondary host "sudo drbdadm invalidate <PARTITION NAME HERE>"
    • if it starts giving errors like "Device is held open by someone" when you set the partition to secondary, reboot the host, and it will unlock it.
      • if this answer makes you sad, know that it makes me less sad, give me a better answer and I'll mend my ways.


  • kill it with "sudo xl shutdown zoneminder"