Network/Procedures/Create a new VM
From Makers Local 256
< Network
This setup will create two logical volumes on two different boxes, set up replication between them, create a new VM backed by the replicated storage, and put Debian stable on it. The example hosts I will be using are vm2 and vm3. I will be creating the newvpn VM.
- Create the block devices (do this on both hosts, so vm2 and vm3 in this case):
vm2$ sudo lvcreate vm2_storage --name newvpn_root --size 10GiB
vm3$ sudo lvcreate vm3_storage --name newvpn_root --size 10GiB
- Alternatively, to exactly match the size of an existing volume
root@vm4:~# lvdisplay /dev/vm4_storage/mail_disk --units=B | grep "LV Size" LV Size 8589934592 B
root@vm666:~# lvcreate 666 --name mail_disk --size 8589934592B
- Create the drbd resource config on both boxes; for example, /etc/drbd.d/newvpn_root:
resource newvpn_root { #change this to match the name of the volume protocol C; meta-disk internal; device /dev/drbd_newvpn_root minor 13; #change this. I like to make it match the IP the box will have syncer { verify-alg sha1; rate 5M; } net { allow-two-primaries;# yes; cram-hmac-alg sha1; shared-secret "newvpn_root"; #change this after-sb-0pri discard-zero-changes; after-sb-1pri consensus; after-sb-2pri disconnect; } on vm3 { disk /dev/vm3_storage/newvpn_root; #change this address 10.56.0.30:7813; #change the port and such. I use 78xx where xx is the minor } on vm2 { disk /dev/vm2_storage/newvpn_root; #change this address 10.56.0.20:7813; #should match the other host, but address different } }
- Set up the drbd resource (do this on both hosts):
sudo drbdadm create-md newvpn_root #creates metadata on underlying slice sudo drbdadm adjust newvpn_root #set up the resource and connect to the other box sudo drbd-overview | grep newvpn_root #make sure the states are Secondary/Secondary indicating connection
- On only one of the hosts, invalidate the current state of the volume:
sudo drbdadm invalidate newvpn_root
- Then, only on the other host, set the volume to primary:
sudo drbdadm primary newvpn_root
The volume will start replicating between hosts.
- On the host you selected as primary, debootstrap a new install using xen-tools.
sudo xen-create-image --fs=ext4 --genpass_len=64 --image-dev=/dev/drbd_newvpn_root --memory=256M --pygrub --bridge=br.200 --ip=10.56.0.13 --gateway=10.56.0.1 --netmask=255.255.255.0 --hostname=newvpn --noswap --verbose
This part takes a LONG time (like 10-30 minutes depending on Internet download speeds). Note the root password provided!
- Now the box exists. Try to start it:
sudo xl create newvpn.cfg
- Copy /etc/xen/newvpn.cfg to the other VM host so that you could start it there if you had to.
- Shell into your new VM and do what you need to do! Use the root password from the xen-create-image tool to log in. Make a username for yourself and then mind-wipe that root password.
- Go edit Network/DMZ to add your new box to the list.
- Don't forget to set up backups.
Things to try if stuff doesn't work
- if a VM doesn't restart correctly, check its mode. "sudo drbd-overview"
- the mode should be "Primary/Secondary" or "Primary/Unknown", if it's a standalone partition.
- if its reporting as Secondary, change it back to Primary with "sudo drbdadm primary <PARTITION NAME HERE>/0"
- then recheck it with "sudo drbd-overview"
- If its right, you can kick off the vm with "sudo xl create /etc/xen/<NAME OF THE VM HERE>.cfg"
- then verify its back with "sudo xl list"
OTHER FUN DRBD NOTES:
- To disconnect a partition so it is standalone
- on both hosts, run "sudo drbdadm disconnect <PARTITION NAME HERE>"
- To connect a partition, make sure its marked primary on one, and secondary on the other
- on both "sudo drbd-overview"
- on primary host "sudo drbdadm primary <PARTITION NAME HERE>"
- on secondary host "sudo drbdadm secondary <PARTITION NAME HERE>"
- on primary host "sudo drbdadm connect <PARTITION NAME HERE>"
- on secondary host "sudo drbdadm connect --discard-my-data <PARTITION NAME HERE>" on secondary
- on both "sudo drbd-overview" to verify sync is occurring
- if sync didnt start, wait a few minutes, recheck it and then try this on secondary host "sudo drbdadm invalidate <PARTITION NAME HERE>"
- if it starts giving errors like "Device is held open by someone" when you set the partition to secondary, reboot the host, and it will unlock it.
- if this answer makes you sad, know that it makes me less sad, give me a better answer and I'll mend my ways.
SOMETIMES THE ZONEMINDER VM RESTARTS ON VM2 (if i restart VM2)
- kill it with "sudo xl shutdown zoneminder"