Weblog entry #126 for ajt
See all weblog entries made by ajt.
#126
New Home Server
Posted by ajt on Mon 10 Mar 2008 at 14:31
At the end of last week my new home server arrived (one day late). It's a basic AMD64-X2 based unit from Digital Networks UK. I could have got a cheaper box from other people, but I wanted a box with a three year warranty, from a UK based firm and from someone openly supporting Linux.
It came running Debian Etch. I'm going to reinstall from scratch as I don't like the current disk layout. I'll create drive 1 as a half of a RAID mirror and drive 2 as the other half. I'll put a simple /boot on the first mirrored partition, and then install GRUB on both disks. The remaining mirror will then end up as the base for the LVM, from where everything else will run.
I'll probably create a basic 10Gig root partition, on the LVM, the question thereafter is if I go down the path of some form of visualisation tool (KVM/Xen/Qemu/VirtualBox etc etc)? and if so which service goes into which VM.
Externally accessible services:
* SSH server
Internally accessible services:
* DNS/DHCP Server
* Apache2 web server (development and testing purposes)
* dappd server (Firefly)
* Dovecot IMAPd server + Fetchmail from external sources
* CVS then what ever that gets migrated into (Subversion, Git ..?)
* NFS Server (to allow work on the Apache content and read/write audio files)
Putting the SSH server in it's own VM is the most obvious solution, it's not really making it that much more secure, but it's logical and I can see how to do it.
The other services are muddied, I'd need to have some form of centralised user admin to ensure that my UID is the same on all the boxes so I can modify files that are served by a given server process.
Learning to set up a server environment VM, a deployment/maintenance system and learning LDAP would be interesting, but it's a lot of effort for a home system.
It came running Debian Etch. I'm going to reinstall from scratch as I don't like the current disk layout. I'll create drive 1 as a half of a RAID mirror and drive 2 as the other half. I'll put a simple /boot on the first mirrored partition, and then install GRUB on both disks. The remaining mirror will then end up as the base for the LVM, from where everything else will run.
I'll probably create a basic 10Gig root partition, on the LVM, the question thereafter is if I go down the path of some form of visualisation tool (KVM/Xen/Qemu/VirtualBox etc etc)? and if so which service goes into which VM.
Externally accessible services:
* SSH server
Internally accessible services:
* DNS/DHCP Server
* Apache2 web server (development and testing purposes)
* dappd server (Firefly)
* Dovecot IMAPd server + Fetchmail from external sources
* CVS then what ever that gets migrated into (Subversion, Git ..?)
* NFS Server (to allow work on the Apache content and read/write audio files)
Putting the SSH server in it's own VM is the most obvious solution, it's not really making it that much more secure, but it's logical and I can see how to do it.
The other services are muddied, I'd need to have some form of centralised user admin to ensure that my UID is the same on all the boxes so I can modify files that are served by a given server process.
Learning to set up a server environment VM, a deployment/maintenance system and learning LDAP would be interesting, but it's a lot of effort for a home system.
Comments on this Entry
Posted by Anonymous (89.16.xx.xx) on Mon 10 Mar 2008 at 15:22
I'd put the SSH accessible to the world on the host machine, and put all other services in the guests.
That way you can access the console, or start/stop guests via the ssh.
That way you can access the console, or start/stop guests via the ssh.
[ Parent | Reply to this comment ]
I just migrated our new Mail/Web server to xen and I also run a simillar server like you at home. I also though about virtualizing it.
I put the dovecot and apache each in a seperate vm and I allow ssh on a non standard port to the host and scponly to the webmachine.
For at home I plan on doing it almost the same way, in addition I thought about installing ubuntu or another etch with X for stuff like torrent. the only question what I came across is what to do with samba(or NFS), install it on the host (what would make sense to me, but for security not too good to run it on the host/router) or install it on seperate VM via lvm. I guess I will run it on the host.
with the problem of having the same UID on each system, configure it on the dom0 then us steves xen-tools to install the VMs and sync the passwd files to the new created images with it. if you have many family members or friends, modify the login shells on the VMs or delete the users.
Also thought about ldap, but to much work for at home, the only nice additional feature is you could use it for an Outlook and webmail adressbook for the mailserver.
Toby
I put the dovecot and apache each in a seperate vm and I allow ssh on a non standard port to the host and scponly to the webmachine.
For at home I plan on doing it almost the same way, in addition I thought about installing ubuntu or another etch with X for stuff like torrent. the only question what I came across is what to do with samba(or NFS), install it on the host (what would make sense to me, but for security not too good to run it on the host/router) or install it on seperate VM via lvm. I guess I will run it on the host.
with the problem of having the same UID on each system, configure it on the dom0 then us steves xen-tools to install the VMs and sync the passwd files to the new created images with it. if you have many family members or friends, modify the login shells on the VMs or delete the users.
Also thought about ldap, but to much work for at home, the only nice additional feature is you could use it for an Outlook and webmail adressbook for the mailserver.
Toby
[ Parent | Reply to this comment ]
BTW, I use shorewall to protect my servers/networks and routers. This might be interessting
http://www.shorewall.net/XenMyWay.html
http://www.shorewall.net/XenMyWay-Routed.html
http://www.shorewall.net/XenMyWay.html
http://www.shorewall.net/XenMyWay-Routed.html
[ Parent | Reply to this comment ]
Posted by Steve (80.68.xx.xx) on Tue 11 Mar 2008 at 12:14
[ Send Message | View Steve's Scratchpad | View Weblogs ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
If you have multiple guests running on a host, which has ssh access, you might like to look at my xen-shell...
[ Parent | Reply to this comment ]
I don't see the point of xen-shell in this case, I've looked at it before. Isn't xen-shell more for hosting, to have users login on the host machine to manipulate their xen session without root?
[ Parent | Reply to this comment ]
Posted by Steve (80.68.xx.xx) on Tue 11 Mar 2008 at 13:17
[ Send Message | View Steve's Scratchpad | View Weblogs ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I guess mostly.
Still I tend to have an "admin" login which I can use to jump into that, to allow me to easily start/stop/reboot guests remotely.
Moderately faster than ssh'ing to the host, and then using "xm ..." .
[ Parent | Reply to this comment ]
I knew that Steve had written the xen-* but not bothered to look at them properly. That may be the solution I need. I can set my host system up on a 10Gig LVM logical system, then create various Xen guest systems on LVM pieces as I go along. I can see at least some logical systems.
* Remote access SSH system, just something to SSH into from outside, from where I'd SSH to somewhere else on my LAN.
* DNS/DHCP server I don't know if a DHCP server can run inside a Xen guest, can it still pick up DHCP requests? but it's a single logical service that could go in it's own VM.
* Music server, which would be an DAPPd (Firefly) server and NFS export. This is probably the biggest VM by filesystem space requirement, but see below.
* Apache web server. I'll only be using this for internal use, the current server is external but I'm retiring that function.
* Mail VM. Dovecot IMAP and Fetchmail system for in-bound and possibly a single Exim forwarder to my ISP.
* Another option is to have a big NFS server exporting most of the disks and have the VMs mount the exported space.
I don't need to use Xen or other VM, I'm quite happy with the box running as one big Debian Lenny box, but learning Xen is a useful transferable skill and it could be fun.
--
"It's Not Magic, It's Work"
Adam
* Remote access SSH system, just something to SSH into from outside, from where I'd SSH to somewhere else on my LAN.
* DNS/DHCP server I don't know if a DHCP server can run inside a Xen guest, can it still pick up DHCP requests? but it's a single logical service that could go in it's own VM.
* Music server, which would be an DAPPd (Firefly) server and NFS export. This is probably the biggest VM by filesystem space requirement, but see below.
* Apache web server. I'll only be using this for internal use, the current server is external but I'm retiring that function.
* Mail VM. Dovecot IMAP and Fetchmail system for in-bound and possibly a single Exim forwarder to my ISP.
* Another option is to have a big NFS server exporting most of the disks and have the VMs mount the exported space.
I don't need to use Xen or other VM, I'm quite happy with the box running as one big Debian Lenny box, but learning Xen is a useful transferable skill and it could be fun.
--
"It's Not Magic, It's Work"
Adam
[ Parent | Reply to this comment ]
I wouldn't make it to complex for a home server. I see the point to seperate mail, web and sql, also to seperate dns and dhcp but for a internal use only its not a big deal in my point of view. so what I would do (and what I would feel comfortable with and kinda responsible)....
* Hostsystem:
- Put the NFS and music server on, in case you play with the VMs you can still listen to music and won't have to sit in a quiet room. plus I think its just stupid in that case to export NFS/LVMs from a VM (I didn't say it makes no sense!) its just alot easier and you are more flexible to play with your system(s).
- Put DNS and DHCP on the HOST so your Network will still run without xens up and your family members wont complain, and yes, you can put dhcp in a VM, why not. (I run dnsmasq with addfilter for dns and dhcp at home and I love it)
* One Mailserver domU
* One Webserver/sql domU
Another question what I cam across is: LVM or Xen container... for my taste I go with the container, I jsut like the idea of it and I feel its easier to move them arround. Example: I run a private xen server on an office root server, so when I decide to quite that job, shut it down, copy it to another server and start it again. with lvm there are some more steps involved (I didnt try the xen backup/export option yet, it might be as easy). there is also a roumer out there that the loopimages might be slower the lvm guests. I heard people saying its bull*. Steve goes with lvm what gave me reason to think about it.
Yes, I am also very new to xen and I absolutly love it. I also think about buying new and bigger hardware for at home with AMD-V or VT to install MS servers to destroy and experiment with. I just didn't like the vmware server.
Toby
* Hostsystem:
- Put the NFS and music server on, in case you play with the VMs you can still listen to music and won't have to sit in a quiet room. plus I think its just stupid in that case to export NFS/LVMs from a VM (I didn't say it makes no sense!) its just alot easier and you are more flexible to play with your system(s).
- Put DNS and DHCP on the HOST so your Network will still run without xens up and your family members wont complain, and yes, you can put dhcp in a VM, why not. (I run dnsmasq with addfilter for dns and dhcp at home and I love it)
* One Mailserver domU
* One Webserver/sql domU
Another question what I cam across is: LVM or Xen container... for my taste I go with the container, I jsut like the idea of it and I feel its easier to move them arround. Example: I run a private xen server on an office root server, so when I decide to quite that job, shut it down, copy it to another server and start it again. with lvm there are some more steps involved (I didnt try the xen backup/export option yet, it might be as easy). there is also a roumer out there that the loopimages might be slower the lvm guests. I heard people saying its bull*. Steve goes with lvm what gave me reason to think about it.
Yes, I am also very new to xen and I absolutly love it. I also think about buying new and bigger hardware for at home with AMD-V or VT to install MS servers to destroy and experiment with. I just didn't like the vmware server.
Toby
[ Parent | Reply to this comment ]