I've been working on migrating existing Sarge based domU's to Etch. I have decided to do everything from scratch instead of trying to migrate the domU's.

It is a home based system I'm running, with mail server, webservers, db servers, dns servers etc. So basically each server type gets it's domU, or in some cases more. These domU's is running on 3 computers, and I am the only lucky administrator.

As a preparation I have prepped a domU template with all common stuff as a base image for the domU's. I can then use Xen-Tools to use the image when creating the ordinary domU's. When the domU's are created, the actual server software is installed and configured.

What I have included/configured as a common base in the template image after the base etch debootstrap install is

SSH

• Copied nesecarry keys to authorized keys
• Disabled root login
• Enabled only specific users
• Enabled only specific ip addresses
• Disabled password based logins

RSYNC

Used for backup of the server image ( over ssh )

SUDO

Used to handle the backup user, and limiting what it can do

MUNIN

Installed munin agent for basic monitoring

SYSLOG-NG

Replaced sysklogd with syslog-Ng

STUNNEL

Installed stunnel for use with syslog-ng and central logserver, and copied the logserver certificate.

APT-CACHER

Configured aptitude to go through an apt-cacher proxy instance

NULLMAILER

Installed and configured nullmailer to forward all system mail to my admin address

CRON-APT

Installed cron-apt to check for security updates , and send mail when updated packages are updated

MAILX

Installed mailx to get cron-apt to send mail.

OSSEC-HIDS

Installed an ossec-hids agent, binary install. No debian packages for this one.

FIREHOL

Installed Firehol to handle the firewall stuff

Any suggestions to what I have forgotten , that should be a part of such a base image ?

Last weekend I started to convert my home systems to Etch and Xen. My present Xen setup is based on Ubuntu for the dom0's and Debian Sarge for the domU's.

Reading through the Etch release notes indicated that the package maintainers have done some job on integrating Xen into the Etch release. This should give me the tools needed to go Debian Etch all the way.

And Etch delivers ! The installation of Xen, after a base install, is as simple as

# aptitude install xen-linux-system-2.6.18-4-xen-686

and voila, the system is Xen enabled. A big thanks to the package maintainers !!

The only thing I've found that needs manual configuration is the networking part. Its easy. If using bridging like I do, then edit the Xen config file

# nano /etc/xen/xend-config.sxp

locate the line

(network-script network-dummy)

and replace network-dummy whith network-bridge. Like

(network-script network-bridge)

Reboot and you are ready to create domU's with the excellent Xen-Tools package, installed with aptitude naturally.