Difference between pages "Package:Mutt" and "Xen"

From Funtoo
(Difference between pages)
Jump to: navigation, search
(Mutt postfix setup)
 
(Basic Funtoo Xen Host Dom0 setup)
 
Line 1: Line 1:
Mutt is a popular mail reader for Linux systems. This page is being created as a good place for people to place their mutt configurations to share with others. These configuration settings go in the user's <tt>~/.muttrc</tt> file.
+
'''Funtoo Xen Fun'''
 +
We are talking about Xen on Funtoo Linux and how to setup Xen virtualization properly.
 +
Especially, we are going to show you how much fun it is to work with Xen hosts and domU's and
 +
setting up a Funtoo Xen Server without general clicky GUI's or other frontends. This is true hardcore OS Xen setup especially for NOC server systems, headless servers, etc..
  
== Essential Mutt ==
+
= Funtoo Xen Server with paravirt funtoo domU =
 +
'''Assumptions'''
 +
''We build a 64bit headless XEN hypervisor rockstable and rocket fast with a funtoo headless 64bit paravirt domU.''
 +
We are '''not''' building Xen with pvgrub or hvm (which is kinda slow and overhead as long as you don't want to install Windoze).
 +
 
 +
== Buiding Funtoo Xen Host Dom0 ==
 +
Most of the necessary steps are covered in the Installation Tutorial.
 +
We only do outline here the steps that are necessary to enjoy an easy and successful Dom0 setup or if something differs from the normal installation tutorial.
 +
 
 +
Please, open in a second tab the [[Installation (Tutorial)|Installation Tutorial]] and follow in both carefully the next steps!
 +
 
 +
=== Basic Funtoo Xen Host Dom0 setup ===
 +
 
 +
I recommend you use only stable packages for the host dom0 !
 +
 
 +
Please consider the decision carefully. I can't stress out enough, you will avoid a lot of problems taking the stable distrib as dom0.
 +
The domU guests could be either unstable or hardened, as you wish! There comes the true fun part ;-)
 +
That's why I first edit my make.conf befor building anything!
 +
 
 +
Here is how I set up the system basics:
 +
Disk is <tt>/dev/sda</tt>
  
 
<pre>
 
<pre>
set pager_stop
+
/dev/sda1 is our / partition ca 20GB ext4
 +
/dev/sda2 is our swap partition ca 4GB
 +
/dev/sda3 holds the lvm volume group vgxen
 
</pre>
 
</pre>
  
This turns off the default behavior of mutt where hitting space to scroll will automatically move to the next message when the end of the current message is reached. This is very annoying when scrolling in long emails like cron jobs, and the line above sets this behavior to off.
+
I am using volume groups over raid - which I strongly advice to everybody.
  
== angry_vincent's .muttrc ==
+
Store of xen stuff:
 +
<pre>/etc/xen/ --> xend configuration files
 +
/xen/configs/ --> my xen domU configuration files folder
 +
/xen/kernel/ --> my xen domU kernel folder
 +
/xen/disks/ --> my xen domU image files folder
 +
</pre>
 +
 
 +
Edit <tt>/etc/rc.conf</tt> and uncomment the line at the bottom for rc_sys
 +
<pre>rc_sys="xen0"</pre>
 +
 
 +
== Configure and Build Xen Dom0 Kernel ==
 +
<console>
 +
emerge gentoo-sources
 +
cd /usr/src/linux
 +
make menuconfig
 +
</console>
  
 +
These settings are current as of 3.2.1-gentoo-r2, other versions may vary:
 
<pre>
 
<pre>
# General config
+
General setup  --->
# ---------------
+
  <*> Kernel .config support
 +
      [*]  Enable access to .config through /proc/config.gz
  
set folder=~/Mail   # mail folder
+
Processor type and features  --->  
set alias_file=~/.mail_aliases    # alises file
+
   [*] Paravirtualized guest support  --->
set arrow_cursor   # cursor is '->'
+
      [*]  Xen guest support
set attribution="%d, %n wrote:"   # beginning of mail answer
+
set copy=yes   # save mail copies
+
set edit_headers   # edit mail header
+
set editor="vim"                               # editor
+
set folder_format="%t%N %-30.30f %8s"                        # folder list look
+
set index_format="%4C %Z %{%b %d} %-31.31F %N (%4c) %s"      # mail list look
+
set mailcap_path="~/.mailcap"                               # path to .mailcap
+
set menu_scroll # scroll list by one line
+
set mail_check=5 # mail check interval
+
set pager_stop # at the end of mail do not move to next message
+
set postponed=+drafts # postponed mails
+
set print=ask-yes # ask before print
+
set print_command=lpr # print command
+
set record=+sent # where to save sent mails
+
set signature="~/.signature" # signature file
+
set visual=vim                  # editor caled by  ~v
+
  
# mail sort
+
Bus options (PCI etc.)  --->
set sort=threads
+
  [*]  Xen PCI Frontend    
set sort_aux=reverse-date-received
+
set sort_browser=reverse-date
+
ignore *     # ignore headers so the mail body is not overloaded
+
unignore        from: subject to cc mail-followup-to \
+
                date x-mailer x-url user-agent reply-to   # fieids i like to see in mail body
+
  
# Colors
+
[*] Networking support  --->
color index brightcyan black ~N
+
  Networking options  --->
color index brightyellow black ~F
+
      <*> 802.1d Ethernet Bridging
color index black green ~T
+
color index brightred black ~D
+
mono index bold ~N
+
mono index bold ~F
+
mono index bold ~T
+
mono index bold ~D
+
  
# Highlights inside the body of a message.
+
Device Drivers  --->
 +
  [*] Block devices (NEW)  --->
 +
      <M>  DRBD Distributed Replicated Block Device support
 +
      < >  Xen virtual block device support
 +
      <*>  Xen block-device backend driver
  
# URLs
+
Device Drivers  --->
color body brightgreen black "(http|ftp|news|telnet|finger)://[^ \"\t\r\n]*"
+
  [*] Network device support  --->
color body brightgreen black "mailto:[-a-z_0-9.]+@[-a-z_0-9.]+"
+
      < >  Xen network device frontend driver
mono body bold "(http|ftp|news|telnet|finger)://[^ \"\t\r\n]*"
+
      <*>  Xen backend network device
mono body bold "mailto:[-a-z_0-9.]+@[-a-z_0-9.]+"
+
  
# email addresses
+
Device Drivers  --->
color body brightgreen black "[-a-z_0-9.%$]+@[-a-z_0-9.]+\\.[-a-z][-a-z]+"
+
  Graphics support  --->
mono body bold "[-a-z_0-9.%$]+@[-a-z_0-9.]+\\.[-a-z][-a-z]+"
+
      -*- Support for frame buffer devices  ---
 +
        < >  Xen virtual frame buffer support
  
# header
+
Device Drivers  --->
color header green black "^from:"
+
  Xen driver support  --->
color header green black "^to:"
+
      [*] Xen memory balloon driver (NEW)
color header green black "^cc:"
+
      [*]  Scrub pages before returning them to system (NEW)
color header green black "^date:"
+
      <*> Xen /dev/xen/evtchn device (NEW)
color header yellow black "^newsgroups:"
+
      [*] Backend driver support (NEW)
color header yellow black "^reply-to:"
+
      <*> Xen filesystem (NEW)
color header brightcyan black "^subject:"
+
      [*]  Create compatibility mount point /proc/xen (NEW)
color header red black "^x-spam-rule:"
+
      [*] Create xen entries under /sys/hypervisor (NEW)
color header green black "^x-mailer:"
+
      <M> userspace grant access device driver (NEW)
color header yellow black "^message-id:"
+
      <M> User-space grant reference allocator driver (NEW)
color header yellow black "^Organization:"
+
      <M> xen platform pci device driver (NEW)
color header yellow black "^Organisation:"
+
color header yellow black "^User-Agent:"
+
color header yellow black "^message-id: .*pine"
+
color header yellow black "^X-Fnord:"
+
color header yellow black "^X-WebTV-Stationery:"
+
color header yellow black "^X-Message-Flag:"
+
color header yellow black "^X-Spam-Status:"
+
color header yellow black "^X-SpamProbe:"
+
color header red black "^X-SpamProbe: SPAM"
+
  
# Coloring quoted text - coloring the first 7 levels:
+
File systems  --->
color quoted cyan black
+
  < > Ext3 journalling file system support
color quoted1 yellow black</pre>
+
  <*> The Extended 4 (ext4) filesystem
 +
  [*]  Use ext4 for ext2/ext3 file systems (NEW)
 +
  [*]  Ext4 extended attributes (NEW)
 +
</pre>
 +
* Don't forget to add the required drivers for your networking and sata cards
 +
* If you use RAID, make sure to add the correct CONFIG_MD_RAID* entries to your config
  
== Interesting Color Options ==
+
<console>
 +
make
 +
make modules_install
 +
</console>
  
http://github.com/altercation/mutt-colors-solarized
+
If you experience issues with connecting to the console ensure the module "xen_gntdev" (userspace grant access device driver) is loaded before the xenconsoled process is started (you may have to restart it after loading the module).
 +
== Configuring Grub ==
 +
Work has been completed to automatically enable Xen Grub entries, so after you copy your dom0 kernel edit your /etc/boot.conf as follows:
 +
<pre>
 +
"Funtoo on Xen" {
 +
  type xen
 +
  xenkernel xen.gz
 +
  xenparams loglvl=all guest_loglvl=all xsave=1 iommu=1 iommu_inclusive_mapping=1 dom0_max_vcpus=2 dom0_vcpus_pin dom0_mem=4096M
 +
  kernel kernel[-v]
 +
  params += quiet
 +
}
 +
</pre>
 +
To note a fiew things iommu is the paravirtualized instructions, if your motherboard or CPU does not support VT-d do not enable it. Xsave saves the supported CPU instruction sets, without it you're dom0 kernel may not boot. And finally dom0_vcpus_pin permanatly assigns cpu's to dom0, increasing performance.
  
== golodhrim's mutt config ==
+
== Basic Networking with the Dom0 ==
 +
Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit."
  
First I split up my muttconfig in several subfiles under <tt>~/.mutt</tt>. The resulting files will be:
+
There is given eth0 and eth1. We are going to set eth0 as the default interface to the outside world for now. eth1 will be part of a bridge (xenbr0) that is going to be used by various domU guests.
  
* ~/.mutt/account_hooks
+
Construct the interfaces:
* ~/.mutt/colors
+
<console>
* ~/.mutt/folder_hooks
+
cd /etc/init.d/
* ~/.mutt/gpg
+
ln -s netif.tmpl netif.xenbr0
* ~/.mutt/lists
+
ln -s netif.tmpl netif.extbr0
* ~/.mutt/macros
+
ln -s netif.tmpl netif.eth0
* ~/.mutt/mutt-alias
+
ln -s netif.tmpl netif.eth1
* ~/.mutt/muttrc
+
rc-update add netif.xenbr0 sysinit
* ~/.mutt/sidebar
+
rc-update add netif.extbr0 sysinit
* ~/.secret/.passwd.gpg
+
</console>
  
=== ~/.mutt/account_hooks ===
+
Make sure dhcpcd, eth0 and eth1 don't start at boot:
 +
<console>
 +
rc-update del dhcpcd sysinit
 +
rc-update del netif.eth0 sysinit
 +
rc-update del netif.eth1 sysinit
 +
</console>
 +
 
 +
Configure the slave interfaces:
 +
<console>
 +
cd /etc/conf.d/
 +
echo 'template="interface-noip"' > netif.eth0
 +
echo 'template="interface-noip"' > netif.eth1
 +
</console>
 +
Then we are going to prepare the bridges.
 +
<console>
 +
nano netif.xenbr0
 +
</console>
 +
here we set the internal Xen bridge:
 
<pre>
 
<pre>
#-------------------------------------------------------------------------     
+
template="bridge"
#
+
ipaddr="10.0.1.200/24"
# Account Hooks
+
gateway="10.0.1.1"
#-------------------------------------------------------------------------
+
nameservers="10.0.1.1 10.0.1.2"
account-hook . 'unset imap_user imap_pass'
+
domain="funtoo.org"
account-hook 'imap://user@imaphost/' "set imap_user=user imap_pass=$my_pass1 "
+
slaves="netif.eth0"
 
</pre>
 
</pre>
 
+
Then we are setting up the external interface:
=== ~/.mutt/colors ===
+
<console>
 +
nano netif.extbr0
 +
</console>
 +
this is looking quiet similar, please watch out for the correct slave setting!
 
<pre>
 
<pre>
#-------------------------------------------------------------------------     
+
template="bridge"
# Set colors
+
ipaddr="10.0.1.201/24"
#-------------------------------------------------------------------------
+
gateway="10.0.1.1"
color  attachment  brightmagenta      default
+
nameservers="10.0.1.1 10.0.1.2"
color  error      brightred          default
+
domain="funtoo.org"
color  hdrdefault  red                default
+
slaves="netif.eth1"
color  indicator  brightyellow        red
+
color  markers    brightcyan          default
+
color  message    brightcyan          default
+
color  normal      default            default
+
color  quoted      brightblue          default
+
color  search      default            green
+
color  signature  red                default
+
color  status      yellow              blue
+
color  tilde      magenta            default
+
color  tree        magenta            default
+
 
</pre>
 
</pre>
  
=== ~/.mutt/folder_hooks ===
+
This gives us the possibility to play around with various setups later, it's modular and easy to tweak and change.
 +
 
 +
Better you invoke with "rc" on the command line the openrc script and test if the network cards get initialized correctly.
 +
 
 +
== Basic Networking with domU ==
 +
 
 +
The easiest way is to let Xen set up the networking. But if everything is up and running it is not possible to change the routings, etc.
 +
Letting Xen do the bridges will be obsolete in the near future. So this is not the recommended way anymore. As we already set up the bridges in the previous section it may be enough to comment everything network related. If not, just un-comment the last lines.
 +
 
 +
We edit the /etc/xen/xend-config.sxp
 
<pre>
 
<pre>
#--------------------------------------------------------------------------   
+
#### Xen config from maiwald.tk - Xen 4.x Network in bridge mode
 +
 
 +
(logfile /var/log/xen/xend.log)
 +
(loglevel DEBUG)
 +
 
 +
(xend-relocation-server no)
 +
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
 +
 
 +
# The limit (in kilobytes) on the size of the console buffer
 +
(console-limit 1024)
 +
 
 +
(dom0-min-mem 384)
 +
(enable-dom0-ballooning no)
 +
 
 +
(total_available_memory 0)
 +
(dom0-cpus 0)
 +
 
 +
(vncpasswd 'geheim')
 +
 
 +
# let xen create the net
 +
# (network-script    network-bridge)
 +
# (vif-script        vif-bridge)
 +
 
 +
# we create the net - new default in Xen 4
 
#
 
#
# Folders, mailboxes and folder hooks
+
#(network-script 'network-bridge netdev=eth0 bridge=xenbr0 vifnum=0')
#--------------------------------------------------------------------------
+
#(vif-script vif-bridge bridge=xenbr0)
# Setup for imap-user in account_hooks
+
set folder="imap://user@imaphost/"
+
mailboxes =INBOX =INBOX/Archives =INBOX/Drafts =INBOX/Sent =INBOX/Trash
+
folder-hook 'imap://user@imaphost/' " \
+
    set folder=imap://user@imaphost/ \
+
        postponed=+INBOX/Drafts \
+
        record=+INBOX/Sent \
+
        smtp_url=smtp://user@smtphost \
+
        smtp_pass=$my_pass1 \
+
        #signature=~/.sig/pr.txt \
+
        from='Name Familyname <name@host> ' \
+
        realname='Realname' \
+
        pgp_sign_as='PGP-signature' \
+
        spoolfile='imap://user@imaphost/' "
+
 
</pre>
 
</pre>
  
=== ~/.mutt/gpg ===
+
= Building the Funtoo Xen DomU Container =
<pre>
+
# vim:syn=muttrc                                                               
+
##
+
  
set smime_decrypt_use_default_key=yes
+
We are going to build the DomU now, preparing first from outside the domU.
  
# Decode application/pgp attachments like so:
+
=== create lvm volume or partition or image file ===
set pgp_decode_command="/usr/bin/gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
+
  
# And use this to verify pgp signatures:
+
''This is a stub, please help completing this guide here!''
set pgp_verify_command="/usr/bin/gpg --no-verbose --batch --output - --verify %s %f"
+
  
# How to decrypt pgp encrypted messages:
+
<console>
set pgp_decrypt_command="/usr/bin/gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
+
# vgcreate vgxen /dev/sda3
 +
# lvcreate -L10G -n funtoo_root vgxen
 +
# lvcreate -L1G -n funtoo_swap vgxen
 +
# vgchange -a y
 +
# mkfs.ext4 -L funtoo_root /dev/vgxen/funtoo_root
 +
# mkswap -L funtoo_swap /dev/vgxen/funtoo_swap
 +
# rc-update add lvm boot
 +
</console>
 +
== Basic DomU System setup ==
 +
=== mount domU lvm volume or physical partition or image file===
 +
<console># mkdir /mnt/domu1
 +
# mount /dev/vgxen/funtoo_root /mnt/domu1
 +
# cd /mnt/domu1
 +
</console>
  
# How to pgp sign a message:
+
=== get stage3 ===
set pgp_sign_command="/usr/bin/gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
+
from a funtoo mirror near you, I suggest you look at the funtoo homepage
  
# How to pgp clearsign a message:
+
<console># links http://www.funtoo.org/wiki/Download </console>
set pgp_clearsign_command="/usr/bin/gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
+
Then choose a mirror near you ( I use Heanet in EU ) and look for the right stage3. I use XEON CPUs so I take the core2 distrib:
 +
 +
<console># wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/x86-64bit/core2_64/stage3-latest.tar.xz </console>
 +
Unfortunately I can't find md5sums or similar which is really unpleasant.
  
# Import a pgp key from a message into my public keyring as follows:
+
=== then get latest portage tree from the snapshots firectory ===
set pgp_import_command="/usr/bin/gpg --no-verbose --import -v %f"
+
  
# Use this to export a key from my public keyring:
+
<console># wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/snapshots/portage-current.tar.xz </console>
set pgp_export_command="/usr/bin/gpg --no-verbose --export --armor %r"
+
=== extract stage3 ===
 +
<console>
 +
# tar xpf stage3-current.tar.xz
 +
</console>
  
# Verify key information (from the key selection menu):
+
=== extract portage ===
set pgp_verify_key_command="/usr/bin/gpg --verbose --batch --fingerprint --check-sigs %r"
+
<console># cd usr
 +
# tar xf ../portage-current.tar.xz </console>
  
# List my public keyring like so:
+
== Preparing the chroot environment ==
set pgp_list_pubring_command="/usr/bin/gpg --no-verbose --batch --with-colons --list-keys %r"
+
  
# List my private keyring like so:
+
=== Editing the make.conf ===
set pgp_list_secring_command="/usr/bin/gpg --no-verbose --batch --with-colons --list-secret-keys %r"
+
copy /etc/make.conf from dom0 and adjust it
 +
<console>
 +
# cp /etc/portage/make.conf /mnt/domu1/etc/
 +
</console>
  
# Automatically sign outgoing messages
+
make sure to adjust MAKEOPTS to your assigned CPUs (rule of thumb cpu cores +1 - yes, even in XEN)
set pgp_autosign=yes
+
<console>
 +
# nano -w /mnt/domu1/etc/portage/make.conf
 +
</console>
 +
out there the MAKEOPTS variable in:
 +
<pre>MAKEOPTS="-j2"</pre>
  
# Timeout (in seconds) for cached passphrases:
+
=== copy /etc/resolv.conf ===
set pgp_timeout=1800
+
<console># cp -L /etc/resolv.conf /mnt/domu1/etc/ </console>
  
# Text to show before a good signature:
+
=== mount proc and dev ===
set pgp_good_sign="^gpg: Good signature from"
+
<console># mount -t proc none /mnt/domu1/proc
</pre>
+
# mount --rbind /dev /mnt/domu1/dev </console>
  
=== ~/.mutt/lists ===
+
= Building Funtoo Xen Guest(s) DomU =
<pre>
+
#-------------------------------------------------------------------------     
+
# Mailinglist Subscriptions
+
#-------------------------------------------------------------------------
+
# Syntax:
+
# subscribe mailinglist@domain.com
+
</pre>
+
  
=== ~/.mutt/macros ===
+
== Final DomU System setup ==
<pre>
+
=== chroot ===  
# Macros to toggle the sidebar visibility                                     
+
<console># chroot /mnt/domu1 /bin/bash
macro index b '<enter-command>toggle sidebar_visible<enter><refresh>'
+
# env-update
macro pager b '<enter-command>toggle sidebar_visible<enter><redraw-screen>'
+
# source /etc/profile
 +
# export PS1="(domU-chroot) $PS1" </console>
  
# abook query
+
=== sync portage ===
macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"
+
<console>
macro generic,index,pager \Cb "abook" "launch abook"
+
# emerge --sync
 +
</console>
 +
 
 +
=== set locales ===
 +
<console># nano -w /etc/locale.gen
 +
# locale-gen
 +
</console>
 +
 
 +
=== set your timezone ===
 +
(choose your timezone in /usr/share/zoneinfo)
 +
<console># cp -L /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime</console>
 +
 
 +
=== edit /etc/fstab (see also gentoo handbook as reference) ===
 +
we assume that we name our root partition xvda1 and the swap partition xvda2 in our domU-xen-config (we will do that later)
 +
<console>
 +
# nano -w /etc/fstab</console>
 +
<pre>/dev/xvda1      /              ext4    noatime 0 1
 +
/dev/xvda2      none          swap    sw      0 0
 +
shm            /dev/shm      tmpfs  nodev,nosuid,noexec    0 0
 
</pre>
 
</pre>
  
=== ~/.mutt/alias ===
+
=== Now comes the most important stuff ===  
multiple lines like
+
please just copy this into your terminal:
 +
 
 
<pre>
 
<pre>
alias nick Realname <email@host.tld>
+
echo '
 +
                        Larry loves Funtoo
 +
                      _________________________
 +
                      < Have you mooed today? >
 +
                      -------------------------
 +
                        \  ^__^
 +
                        \  (oo)\_______
 +
                            (__)\      )\/\
 +
                                ||----w |
 +
                                ||    ||
 +
.::::::::::::::: WELCOME TO ^^^^^^^^^^^^^^^^^^^:::::::::::::..
 +
...............................................................
 +
:########:'##::::'##:'##::: ##:'########::'#######:::'#######::.
 +
:##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##::
 +
:##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##::
 +
:######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##::
 +
:##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##::
 +
:##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##::
 +
:##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′
 +
.::::::::::.......:::..::::..:::::..::::::.......::::.......::´
 +
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 +
'> /etc/motd
 
</pre>
 
</pre>
 +
We are using the echo instead of „emerge --moo „ as larry still moo's in gentoo'ish
  
=== ~/.mutt/muttrc ===
+
So that's it - almost.
<pre>
+
# Some minimal Mutt settings, Gentoo-style.  These reflect the Gentoo
+
# predilection for maildir folders.
+
#
+
# Please don't add settings to this file to change other user
+
# preferences (such as colors), since those can be hard for a user to
+
# undo if their preference doesn't match yours!  For example, it is
+
# *impossible* currently in mutt to remove color settings from objects
+
# other than the index.
+
  
#-------------------------------------------------------------------------
+
==== adding networking to the domU: ====
# Process the password file first
+
#-------------------------------------------------------------------------
+
set my_tmp=`gpg -o ~/.secret/.tmp -d ~/.secret/.passwd.gpg`                   
+
set my_pass1=`awk '/user:/ {print $2}' ~/.secret/.tmp`
+
set my_del=`rm -f ~/.secret/.tmp`
+
+
#-------------------------------------------------------------------------
+
# Further customisations
+
#-------------------------------------------------------------------------
+
set smart_wrap = yes
+
set sort = 'threads'
+
set sort_aux = 'last-date-received'
+
set imap_check_subscribed
+
  
ignore "Authentication-Results:"
+
<console>
ignore "DoaminKey-Signature:"
+
(domU-chroot) # cd /etc/init.d/
ignore "DKIM-Signature:"
+
(domU-chroot) # ln -sf netif.tmpl netif.eth0
hdr_order Date From To Cc
+
(domU-chroot) # rc-update add netif.eth0
 +
* service netif.eth0 added to runlevel sysinit
 +
</console>
  
#-------------------------------------------------------------------------
+
==== Now we are ready to do the last setups ====
# Configuration variables
+
<console>
#-------------------------------------------------------------------------
+
(domU-chroot) # emerge eix
set abort_nosubject=yes
+
</console>
set abort_unmodified=yes
+
set query_command="abook --mutt-query '%s'"
+
set alias_file="~/.mutt/mutt-alias"
+
set alias_format="%4n %t %a %r"
+
source $alias_file
+
set assumed_charset="utf-8"
+
set attach_charset="utf-8"
+
set charset="utf-8"
+
set date_format=""
+
set edit_headers=yes
+
set editor='vim + -c "set textwidth=72" -c "set wrap" -c "set nocp" -c "?^$"        '
+
set folder="~/.offlineimap"
+
set forward_quote=yes
+
set header_cache=~/.mutt/cache/headers
+
set message_cachedir=~/.mutt/cache/bodies
+
set certificate_file=~/.mutt/certificates
+
set help=yes
+
set imap_idle=yes
+
set imap_peek=yes
+
set imap_servernoise=no
+
set include=yes
+
set mail_check=60
+
set mbox_type=Maildir
+
set menu_move_off=no
+
set menu_scroll=no
+
set mime_forward=ask-no
+
set pager_context=2
+
set pager_stop=yes
+
set postponed="~/.mutt/mail/postponed"
+
set realname="Martin 'golodhrim' Scholz"
+
set record="~/.mutt/mail/sent"
+
set reply_regexp="^(re([\[0-9\]+])*|betr):[ \t]*"
+
#set reply_to=yes
+
set tilde=yes
+
  
#--------------------------------------------------------------------------
+
After that I am feeling better now, I do the rest..
# muttprint for printing
+
<console>
#--------------------------------------------------------------------------
+
(domU-chroot) # eix-update
set print_command="muttprint"
+
Reading Portage settings ..
 +
Building database (/var/cache/eix) ..
 +
[0] "gentoo" /usr/portage/ (cache: metadata-md5-or-flat)
 +
    Reading category 154|154 (100%) Finished           
 +
Applying masks ..
 +
Calculating hash tables ..
 +
Writing database file /var/cache/eix ..
 +
Database contains 15729 packages in 154 categories.
  
#--------------------------------------------------------------------------
+
(domU-chroot) # exit
# Automatically process html mails
+
exit
#--------------------------------------------------------------------------
+
</console>
auto_view text/html
+
  
#--------------------------------------------------------------------------
+
From here you have to decide how you want to run your domU: with unpriviledged users and sudo ? or with a root account enabled? as a webserver or firewall?
# Other configuration files
+
#--------------------------------------------------------------------------
+
source ~/.mutt/account_hooks
+
source ~/.mutt/folder_hooks
+
source ~/.mutt/colors
+
source ~/.mutt/sidebar
+
source ~/.mutt/gpg
+
source ~/.mutt/macros
+
source ~/.mutt/lists
+
</pre>
+
  
=== ~/.mutt/sidebar ===
+
Me, personally, I always do install openssh server and just place my ssh keys in there. From there the steps differ.
<pre>
+
#--------------------------------------------------------------------------   
+
# Sidebar configuration
+
#--------------------------------------------------------------------------
+
set sidebar_width=30
+
set sidebar_visible=yes
+
set sidebar_delim='|'
+
color sidebar_new yellow default
+
  
#--------------------------------------------------------------------------
+
<console>
# Sidebar keys
+
(dom0-xen) # cp /root/.ssh/authorized_keys /mnt/domu1/root/.ssh/
#--------------------------------------------------------------------------
+
</console>
bind index \CP sidebar-prev
+
Also, don't forget here to enable PubKeyAuth in your sshd_config in your domU and set PermitRootLogin to yes!
bind index \CN sidebar-next
+
bind index \CO sidebar-open
+
bind pager \CP sidebar-prev
+
bind pager \CN sidebar-next
+
bind pager \CO sidebar-open
+
</pre>
+
  
=== ~/.secret/.passwd.gpg ===
+
Double checking! Does your domU kernel uses modules or not? If you haven't built a monolitic kernel you should copy the modules from the dom0 to the domU now:
For this file follow the next steps:
+
* Step 1:
+
Create a folder <tt>~/.secret</tt> and inside a file <tt>.passwd</tt> and enter the following into it:
+
<pre>
+
user1:    passwd1
+
user2:    passwd2
+
</pre>
+
where user1 and user2 are your identifiers for the accounts you added in account_hooks and folder_hooks and at the start of muttrc.
+
* Step 2:
+
Now encrypt the file with your gpg-key, if you don't have one execute <tt>gpg --gen-key</tt> and create one first. After that don't forget to delete your unencrypted passwordstorage.
+
<pre>
+
$ gpg -r 0x<Your-ID-fingerprint> -o .passwd.gpg --encrypt .passwd
+
$ rm -f .passwd
+
</pre>
+
=== Mutt postfix setup ===
+
Postfix is another popular and powerful mail transfer agent which somehow easier to configure than sendmail. Let's start a quick postfix mail transfer setup that will work with mutt. Set <tt>sasl,berkdb</tt> USE flags to <tt>mail-mta/potsfix</tt> and <tt>mail-client/mutt</tt>
+
 
<console>
 
<console>
# ##i##echo "mail-mta/postfix berkdb sasl" >> /etc/portage/package.use/mail
+
(dom0-xen) # mkdir /mnt/domu1/lib/modules
# ##i##echo "mail-client/mutt berkdb sasl" >> /etc/portage/package.use/mail
+
(dom0-xen) # rsync -aP /lib/modules/2.6.38-xen-maiwald.tk-dom0 /mnt/domu1/lib/modules/
# ##i##emerge -uN1 mutt postfix
+
 
</console>
 
</console>
Edit <tt>/etc/postfix/main.cf</tt> and add the following lines:
+
 
<pre>
+
Ok, that's it from here..
relayhost = smtp.gmail.com:587
+
 
smtp_use_tls = yes
+
Don't forget to clean up the mounts!
smtp_sasl_auth_enable = yes
+
 
smtp_sasl_password_maps = hash:/etc/postfix/gmail_passwd
+
smtp_sasl_security_options = noanonymous
+
</pre>
+
Create and edit above mentioned authorization file <tt>gmail_passwd</tt>
+
 
<console>
 
<console>
# ##i##touch /etc/postfix/gmail_passwd
+
(dom0-xen) # cd
# ##i##echo "smtp.gmail.com:587 my.name@gmail.com:password" >> /etc/postfix/gmail_passwd
+
(dom0-xen) # umount -l /mnt/domu1/proc
 +
(dom0-xen) # umount -l /mnt/domu1/dev
 +
(dom0-xen) # umount -l /mnt/domu1
 
</console>
 
</console>
Where <my.name> is gmail account and passwd is account password.
+
 
Convert <tt>gmail_passwd</tt> into Berkeley DB format, secure the file and finaly restart the postfix daemon
+
That's it! ;-)
 +
 
 +
=== Booting the Xen DomU Guest ===
 +
 
 +
Ok, let's try the first boot of the newly created Xen DomU in Funtoo!
 +
 
 
<console>
 
<console>
# ##i##postmap /etc/postfix/gmail_passwd
+
(dom0-xen) # cd /xen
# ##i##chown root:postfix /etc/postfix/gmail_passwd*
+
(dom0-xen) # xm create -c configs/funtoo.cfg
# ##i##chmod 0640 /etc/postfix/gmail_passwd*
+
# ##i##/etc/init.d/postfix restart
+
 
</console>
 
</console>
 +
Huuuuiiiii......
 +
<pre>
 +
Using config file "./configs/funtoo.cfg".
 +
Started domain funtoo (id=4)
 +
[    0.000000] Linux version 2.6.38-xen-maiwald.tk-domU (root@xen) (gcc version 4.4.5 (Gentoo 4.4.5 p1.0, pie-0.4.5) ) #4 SMP Wed Feb 8 17:30:33 CET 2012
 +
[    0.000000] Command line: root=/dev/xvda1 ro ip=217.x.x.211:127.0.255.255:217.x.x.1:255.255.255.0:domU:eth0:off xencons=tty console=xvc0 raid=noautodetect
 +
[    0.000000] Xen-provided physical RAM map:
 +
[    0.000000]  Xen: 0000000000000000 - 0000000040800000 (usable)
 +
[    0.000000] NX (Execute Disable) protection: active
 +
[    0.000000] last_pfn = 0x40800 max_arch_pfn = 0x80000000
 +
[    0.000000] init_memory_mapping: 0000000000000000-0000000040800000
 +
[    0.000000] Zone PFN ranges:
 +
[    0.000000]  DMA      0x00000000 -> 0x00001000
 +
[    0.000000]  DMA32    0x00001000 -> 0x00100000
 +
[    0.000000]  Normal  empty
 +
[    0.000000] Movable zone start PFN for each node
 +
[    0.000000] early_node_map[2] active PFN ranges
 +
[    0.000000]    0: 0x00000000 -> 0x00040000
 +
[    0.000000]    0: 0x00040800 -> 0x00040800
 +
[    0.000000] setup_percpu: NR_CPUS:16 nr_cpumask_bits:16 nr_cpu_ids:1 nr_node_ids:1
 +
[    0.000000] PERCPU: Embedded 18 pages/cpu @ffff88003efc0000 s42304 r8192 d23232 u73728
 +
[    0.000000] Swapping MFNs for PFN 6d6 and 3efc7 (MFN 15deb0 and 1223bf)
 +
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 256109
 +
[    0.000000] Kernel command line: root=/dev/xvda1 ro ip=217.171.190.211:127.0.255.255:217.171.190.1:255.255.255.0:alyx1:eth0:off xencons=tty console=xvc0 raid=noautodetect
 +
[    0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
 +
[    0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
 +
[    0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
 +
[    0.000000] Software IO TLB disabled
 +
[    0.000000] Memory: 1022732k/1056768k available (3657k kernel code, 8192k absent, 25844k reserved, 1261k data, 264k init)
 +
[    0.000000] SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
 +
[    0.000000] Hierarchical RCU implementation.
 +
[    0.000000] NR_IRQS:96
 +
[    0.000000] Xen reported: 2992.570 MHz processor.
 +
[    0.000000] Console: colour dummy device 80x25
 +
[    0.000000] console [tty-1] enabled
 +
[    0.150003] Calibrating delay using timer specific routine.. 6018.63 BogoMIPS (lpj=30093193)
 +
[    0.150008] pid_max: default: 32768 minimum: 301
 +
[    0.150034] Mount-cache hash table entries: 256
 +
[    0.150173] SMP alternatives: switching to UP code
 +
[    0.170232] Freeing SMP alternatives: 20k freed
 +
[    0.170342] Brought up 1 CPUs
 +
[    0.170377] devtmpfs: initialized
 +
[    0.170601] xor: automatically using best checksumming function: generic_sse
 +
[    0.220004]    generic_sse:  7325.200 MB/sec
 +
[    0.220008] xor: using function: generic_sse (7325.200 MB/sec)
 +
[    0.220091] NET: Registered protocol family 16
 +
[    0.220186] Brought up 1 CPUs
 +
[    0.220217] bio: create slab <bio-0> at 0
 +
[    0.390014] raid6: int64x1  2353 MB/s
 +
[    0.560003] raid6: int64x2  2964 MB/s
 +
[    0.730026] raid6: int64x4  2357 MB/s
 +
[    0.900012] raid6: int64x8  2116 MB/s
 +
[    1.070007] raid6: sse2x1    5349 MB/s
 +
[    1.240009] raid6: sse2x2    5404 MB/s
 +
[    1.410005] raid6: sse2x4    8597 MB/s
 +
[    1.410008] raid6: using algorithm sse2x4 (8597 MB/s)
 +
[    1.410022] suspend: event channel 6
 +
[    1.410022] xen_mem: Initialising balloon driver.
 +
[    1.410096] Switching to clocksource xen
 +
[    1.410125] FS-Cache: Loaded
 +
[    1.410152] CacheFiles: Loaded
 +
[    1.410268] NET: Registered protocol family 2
 +
[    1.410288] IP route cache hash table entries: 32768 (order: 6, 262144 bytes)
 +
[    1.410391] TCP established hash table entries: 131072 (order: 9, 2097152 bytes)
 +
[    1.410951] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
 +
[    1.411180] TCP: Hash tables configured (established 131072 bind 65536)
 +
[    1.411183] TCP reno registered
 +
[    1.411186] UDP hash table entries: 512 (order: 2, 16384 bytes)
 +
[    1.411192] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
 +
[    1.411229] NET: Registered protocol family 1
 +
[    1.411290] platform rtc_cmos: registered platform RTC device (no PNP device found)
 +
[    1.411401] Intel AES-NI instructions are not detected.
 +
[    1.411437] audit: initializing netlink socket (disabled)
 +
[    1.411444] type=2000 audit(1330014455.606:1): initialized
 +
[    1.412612] fuse init (API version 7.16)
 +
[    1.412674] msgmni has been set to 2048
 +
[    1.412990] NET: Registered protocol family 38
 +
[    1.413018] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
 +
[    1.413024] io scheduler noop registered (default)
 +
[    1.413026] io scheduler deadline registered
 +
[    1.413049] io scheduler cfq registered
 +
[    1.413079] Non-volatile memory driver v1.3
 +
[    1.413088] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
 +
[    1.413090] Hangcheck: Using getrawmonotonic().
 +
[    1.419520] Switched to NOHz mode on CPU #0
 +
[    1.423394] brd: module loaded
 +
[    1.423665] loop: module loaded
 +
[    1.423771] nbd: registered device at major 43
 +
[    1.426180] Xen virtual console successfully installed as tty1
 +
[    1.426216] Event-channel device installed.
 +
[    1.441658] netfront: Initialising virtual ethernet driver.
 +
[    1.444972] xen-vbd: registered block device major 202
 +
[    1.444988] blkfront: xvda1: barriers enabled
 +
[    1.450287] Setting capacity to 20971520
 +
[    1.450294] xvda1: detected capacity change from 0 to 10737418240
 +
[    1.450677] blkfront: xvda2: barriers enabled
 +
[    1.451661] Setting capacity to 2097152
 +
[    1.451665] xvda2: detected capacity change from 0 to 1073741824
 +
[    1.452020] bonding: Ethernet Channel Bonding Driver: v3.7.0 (June 2, 2010)
 +
[    1.452023] bonding: Warning: either miimon or arp_interval and arp_ip_target module parameters must be specified, otherwise bonding will not detect link failures! see bonding.txt for details.
 +
[    1.453016] i8042: No controller found
 +
[    1.453066] mousedev: PS/2 mouse device common for all mice
 +
[    1.453113] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
 +
[    1.453145] rtc_cmos: probe of rtc_cmos failed with error -38
 +
[    1.453155] md: linear personality registered for level -1
 +
[    1.453158] md: raid0 personality registered for level 0
 +
[    1.453161] md: raid1 personality registered for level 1
 +
[    1.453163] md: raid6 personality registered for level 6
 +
[    1.453166] md: raid5 personality registered for level 5
 +
[    1.453168] md: raid4 personality registered for level 4
 +
[    1.453224] device-mapper: uevent: version 1.0.3
 +
[    1.453273] device-mapper: ioctl: 4.19.1-ioctl (2011-01-07) initialised: dm-devel@redhat.com
 +
[    1.453340] device-mapper: multipath: version 1.2.0 loaded
 +
[    1.453343] device-mapper: multipath round-robin: version 1.0.0 loaded
 +
[    1.453345] device-mapper: multipath queue-length: version 0.1.0 loaded
 +
[    1.453347] device-mapper: multipath service-time: version 0.2.0 loaded
 +
[    1.453396] Netfilter messages via NETLINK v0.30.
 +
[    1.453410] nf_conntrack version 0.5.0 (8192 buckets, 32768 max)
 +
[    1.453478] ctnetlink v0.93: registering with nfnetlink.
 +
[    1.453486] IPv4 over IPv4 tunneling driver
 +
[    1.453548] TCP westwood registered
 +
[    1.453550] TCP highspeed registered
 +
[    1.453552] TCP htcp registered
 +
[    1.453553] TCP vegas registered
 +
[    1.453555] Initializing XFRM netlink socket
 +
[    1.453630] NET: Registered protocol family 10
 +
[    1.453803] IPv6 over IPv4 tunneling driver
 +
[    1.453863] NET: Registered protocol family 17
 +
[    1.453868] NET: Registered protocol family 15
 +
[    1.453870] Registering the dns_resolver key type
 +
[    1.550094] /usr/src/linux-2.6.38-xen/drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
 +
[    3.070104] IP-Config: Complete:
 +
[    3.070109]      device=eth0, addr=217.171.190.211, mask=255.255.255.0, gw=217.171.190.1,
 +
[    3.070116]      host=alyx1, domain=, nis-domain=(none),
 +
[    3.070119]      bootserver=127.0.255.255, rootserver=127.0.255.255, rootpath=
 +
[    3.070212] md: Skipping autodetection of RAID arrays. (raid=autodetect will force)
 +
[    3.107309] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: (null)
 +
[    3.107321] VFS: Mounted root (ext2 filesystem) readonly on device 202:1.
 +
[    3.140059] devtmpfs: mounted
 +
[    3.140239] Freeing unused kernel memory: 264k freed
 +
INIT: version 2.88 booting
 +
 +
  OpenRC 0.8.3 is starting up Funtoo Linux (x86_64)
 +
 +
* Mounting /proc ...
 +
[ ok ]
 +
* WARNING: rc_sys not defined in rc.conf. Falling back to automatic detection
 +
* Caching service dependencies ...
 +
[ ok ]
 +
* Mounting /sys ...
 +
[ ok ]
 +
* udev: /dev already mounted, skipping...
 +
* Mounting /dev/pts ...
 +
[ ok ]
 +
* Mounting /dev/shm ...
 +
[ ok ]
 +
* Bringing up network interface lo ...
 +
RTNETLINK answers: File exists
 +
[ ok ]
 +
* Bringing up network interface lo ...
 +
RTNETLINK answers: File exists
 +
RTNETLINK answers: File exists
 +
[ ok ]
 +
* Starting udevd daemon ...
 +
* Populating /dev with existing devices through uevents ...
 +
[ ok ]
 +
* Autoloaded 0 module(s)
 +
* Checking local filesystems  ...
 +
funtoo_root: Superblock last write time is in the future.
 +
        (by less than a day, probably due to the hardware clock being incorrectly set).  FIXED.
 +
funtoo_root: clean, 173796/655360 files, 436917/2621440 blocks
 +
[ ok ]
 +
* Remounting root filesystem read/write ...
 +
[ ok ]
 +
* Updating /etc/mtab ...
 +
[ ok ]
 +
* Mounting local filesystems ...
 +
[ ok ]
 +
* Configuring kernel parameters ...
 +
[ ok ]
 +
* Creating user login records ...
 +
[ ok ]
 +
* Cleaning /var/run ...
 +
[ ok ]
 +
* Wiping /tmp directory ...
 +
[ ok ]
 +
* Setting hostname to localhost ...
 +
[ ok ]
 +
* Activating swap devices ...
 +
[ ok ]
 +
* udev: storing persistent rules ...
 +
[ ok ]
 +
* Initializing random number generator ...
 +
[ ok ]
 +
INIT: Entering runlevel: 3
 +
* Mounting network filesystems ...
 +
[ ok ]
 +
* Generating dsa host key ...
 +
Generating public/private dsa key pair.
 +
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
 +
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
 +
The key fingerprint is:
 +
25:e0:a8:05:xxxxxxxxxxxx:1c:1f:ba root@localhost
 +
The key's randomart image is:
 +
+--[ DSA 1024]----+
 +
|  ooo.B.o        |
 +
| o o *.B o .    |
 +
|  . + + = =      |
 +
|  o  + *      |
 +
|  .  E S        |
 +
|                |
 +
|                |
 +
|                |
 +
|                |
 +
+-----------------+
 +
[ ok ]
 +
* Generating rsa host key ...
 +
Generating public/private rsa key pair.
 +
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
 +
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
 +
The key fingerprint is:
 +
22:e3:46:28:67:xxxxxxxxxxxxxxxxxxxxx:e5:c3 root@localhost
 +
The key's randomart image is:
 +
+--[ RSA 2048]----+
 +
|.    o. ..      |
 +
|oo  o ..o        |
 +
|=oo  o  E      |
 +
|.*oo.    .      |
 +
|o *.+ . S        |
 +
| + o o .        |
 +
|    o            |
 +
|  .            |
 +
|                |
 +
+-----------------+
 +
[ ok ]
 +
* Starting sshd ...
 +
[ ok ]
 +
* Starting local
 +
[ ok ]
 +
 +
 +
                        Larry loves Funtoo
 +
                      _________________________
 +
                      < Have you mooed today? >
 +
                      -------------------------
 +
                          ^__^
 +
                          (oo)_______
 +
                            (__)      )/
 +
                                ||----w |
 +
                                ||    ||
 +
.::::::::::::::::::::: WELCOME TO ::::::::::::::::::::::::::..
 +
...............................................................
 +
:########:'##::::'##:'##::: ##:'########::'#######:::'#######::.
 +
:##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##::
 +
:##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##::
 +
:######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##::
 +
:##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##::
 +
:##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##::
 +
:##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′
 +
.::::::::::.......:::..::::..:::::..::::::.......::::.......::´
 +
This is localhost.unknown_domain (Linux x86_64 2.6.38-xen-maiwald.tk-domU) 17:27:40
 +
 +
localhost login:
 +
</pre>
 +
 +
=== Finalizing the setup ===
 +
Now we test if we can reach the DomU from our Desktop:
 +
<console>
 +
(2034)-~% ssh -lroot 217.x.x.211 
 +
The authenticity of host '217.x.x.211 (217.x.x.211)' can't be established.
 +
RSA key fingerprint is 22:e3:xxxxxxxx:b0:3c:xxxxx:d6:e5:c3.
 +
Are you sure you want to continue connecting (yes/no)? yes
 +
Warning: Permanently added '217.x.x.211' (RSA) to the list of known hosts.
 +
Enter passphrase for key '/home/mm/.ssh/id_rsa':
 +
localhost ~ # uname -a
 +
Linux localhost 2.6.38-xen-maiwald.tk-domU #4 SMP Wed Feb 8 17:30:33 CET 2012 x86_64 Intel(R) Xeon(R) CPU E3110 @ 3.00GHz GenuineIntel GNU/Linux
 +
localhost ~ #
 +
</console>
 +
All seems good for now.
 +
 +
Now switch back to the Funto [[Installation (Tutorial)|Installation Tutorial]] and go on with setting up your new domU guest like a normal funtoo linux system!
 +
 +
'''Please consider to help supporting this Wiki with editing this page and keeping it current!'''
 +
 +
Funtoo is a perfect Xen Host and I can really recommend it to everybody as an alternative to .deb/.rpm Systems.
  
[[Category:HOWTO]]
+
Have fun!
 +
[[Category:Virtualization]]
 
[[Category:Featured]]
 
[[Category:Featured]]

Revision as of 02:16, 31 January 2014

Funtoo Xen Fun We are talking about Xen on Funtoo Linux and how to setup Xen virtualization properly. Especially, we are going to show you how much fun it is to work with Xen hosts and domU's and setting up a Funtoo Xen Server without general clicky GUI's or other frontends. This is true hardcore OS Xen setup especially for NOC server systems, headless servers, etc..

Funtoo Xen Server with paravirt funtoo domU

Assumptions We build a 64bit headless XEN hypervisor rockstable and rocket fast with a funtoo headless 64bit paravirt domU. We are not building Xen with pvgrub or hvm (which is kinda slow and overhead as long as you don't want to install Windoze).

Buiding Funtoo Xen Host Dom0

Most of the necessary steps are covered in the Installation Tutorial. We only do outline here the steps that are necessary to enjoy an easy and successful Dom0 setup or if something differs from the normal installation tutorial.

Please, open in a second tab the Installation Tutorial and follow in both carefully the next steps!

Basic Funtoo Xen Host Dom0 setup

I recommend you use only stable packages for the host dom0 !

Please consider the decision carefully. I can't stress out enough, you will avoid a lot of problems taking the stable distrib as dom0. The domU guests could be either unstable or hardened, as you wish! There comes the true fun part ;-) That's why I first edit my make.conf befor building anything!

Here is how I set up the system basics: Disk is /dev/sda

/dev/sda1 is our / partition ca 20GB ext4 
/dev/sda2 is our swap partition ca 4GB
/dev/sda3 holds the lvm volume group vgxen

I am using volume groups over raid - which I strongly advice to everybody.

Store of xen stuff:

/etc/xen/ --> xend configuration files
/xen/configs/ --> my xen domU configuration files folder 
/xen/kernel/ --> my xen domU kernel folder 
/xen/disks/ --> my xen domU image files folder

Edit /etc/rc.conf and uncomment the line at the bottom for rc_sys

rc_sys="xen0"

Configure and Build Xen Dom0 Kernel

emerge gentoo-sources
cd /usr/src/linux
make menuconfig

These settings are current as of 3.2.1-gentoo-r2, other versions may vary:

General setup  --->
   <*> Kernel .config support
      [*]   Enable access to .config through /proc/config.gz

Processor type and features  ---> 
   [*] Paravirtualized guest support  ---> 
      [*]   Xen guest support

Bus options (PCI etc.)  --->
   [*]   Xen PCI Frontend   

[*] Networking support  --->
   Networking options  --->
      <*> 802.1d Ethernet Bridging

Device Drivers  ---> 
   [*] Block devices (NEW)  --->
      <M>   DRBD Distributed Replicated Block Device support
      < >   Xen virtual block device support
      <*>   Xen block-device backend driver

Device Drivers  ---> 
   [*] Network device support  ---> 
      < >   Xen network device frontend driver 
      <*>   Xen backend network device

Device Drivers  --->
   Graphics support  --->
      -*- Support for frame buffer devices  ---
         < >   Xen virtual frame buffer support

Device Drivers  ---> 
   Xen driver support  ---> 
      [*] Xen memory balloon driver (NEW) 
      [*]   Scrub pages before returning them to system (NEW) 
      <*> Xen /dev/xen/evtchn device (NEW) 
      [*] Backend driver support (NEW) 
      <*> Xen filesystem (NEW) 
      [*]   Create compatibility mount point /proc/xen (NEW) 
      [*] Create xen entries under /sys/hypervisor (NEW) 
      <M> userspace grant access device driver (NEW) 
      <M> User-space grant reference allocator driver (NEW) 
      <M> xen platform pci device driver (NEW)

File systems  --->
   < > Ext3 journalling file system support
   <*> The Extended 4 (ext4) filesystem
   [*]   Use ext4 for ext2/ext3 file systems (NEW)
   [*]   Ext4 extended attributes (NEW)
  • Don't forget to add the required drivers for your networking and sata cards
  • If you use RAID, make sure to add the correct CONFIG_MD_RAID* entries to your config
make
make modules_install

If you experience issues with connecting to the console ensure the module "xen_gntdev" (userspace grant access device driver) is loaded before the xenconsoled process is started (you may have to restart it after loading the module).

Configuring Grub

Work has been completed to automatically enable Xen Grub entries, so after you copy your dom0 kernel edit your /etc/boot.conf as follows:

"Funtoo on Xen" {
  type xen
  xenkernel xen.gz
  xenparams loglvl=all guest_loglvl=all xsave=1 iommu=1 iommu_inclusive_mapping=1 dom0_max_vcpus=2 dom0_vcpus_pin dom0_mem=4096M 
  kernel kernel[-v]
  params += quiet
}

To note a fiew things iommu is the paravirtualized instructions, if your motherboard or CPU does not support VT-d do not enable it. Xsave saves the supported CPU instruction sets, without it you're dom0 kernel may not boot. And finally dom0_vcpus_pin permanatly assigns cpu's to dom0, increasing performance.

Basic Networking with the Dom0

Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit."

There is given eth0 and eth1. We are going to set eth0 as the default interface to the outside world for now. eth1 will be part of a bridge (xenbr0) that is going to be used by various domU guests.

Construct the interfaces:

cd /etc/init.d/
ln -s netif.tmpl netif.xenbr0
ln -s netif.tmpl netif.extbr0
ln -s netif.tmpl netif.eth0
ln -s netif.tmpl netif.eth1
rc-update add netif.xenbr0 sysinit
rc-update add netif.extbr0 sysinit

Make sure dhcpcd, eth0 and eth1 don't start at boot:

rc-update del dhcpcd sysinit
rc-update del netif.eth0 sysinit
rc-update del netif.eth1 sysinit

Configure the slave interfaces:

cd /etc/conf.d/
echo 'template="interface-noip"' > netif.eth0
echo 'template="interface-noip"' > netif.eth1

Then we are going to prepare the bridges.

nano netif.xenbr0

here we set the internal Xen bridge:

template="bridge"
ipaddr="10.0.1.200/24"
gateway="10.0.1.1"
nameservers="10.0.1.1 10.0.1.2"
domain="funtoo.org"
slaves="netif.eth0"

Then we are setting up the external interface:

nano netif.extbr0

this is looking quiet similar, please watch out for the correct slave setting!

template="bridge"
ipaddr="10.0.1.201/24"
gateway="10.0.1.1"
nameservers="10.0.1.1 10.0.1.2"
domain="funtoo.org"
slaves="netif.eth1"

This gives us the possibility to play around with various setups later, it's modular and easy to tweak and change.

Better you invoke with "rc" on the command line the openrc script and test if the network cards get initialized correctly.

Basic Networking with domU

The easiest way is to let Xen set up the networking. But if everything is up and running it is not possible to change the routings, etc. Letting Xen do the bridges will be obsolete in the near future. So this is not the recommended way anymore. As we already set up the bridges in the previous section it may be enough to comment everything network related. If not, just un-comment the last lines.

We edit the /etc/xen/xend-config.sxp

#### Xen config from maiwald.tk - Xen 4.x Network in bridge mode

(logfile /var/log/xen/xend.log)
(loglevel DEBUG)

(xend-relocation-server no)
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')

# The limit (in kilobytes) on the size of the console buffer
(console-limit 1024)

(dom0-min-mem 384)
(enable-dom0-ballooning no)

(total_available_memory 0)
(dom0-cpus 0)

(vncpasswd 'geheim')

# let xen create the net
# (network-script    network-bridge)
# (vif-script        vif-bridge)

# we create the net - new default in Xen 4
#
#(network-script 'network-bridge netdev=eth0 bridge=xenbr0 vifnum=0')
#(vif-script vif-bridge bridge=xenbr0)

Building the Funtoo Xen DomU Container

We are going to build the DomU now, preparing first from outside the domU.

create lvm volume or partition or image file

This is a stub, please help completing this guide here!

# vgcreate vgxen /dev/sda3
# lvcreate -L10G -n funtoo_root vgxen
# lvcreate -L1G -n funtoo_swap vgxen
# vgchange -a y
# mkfs.ext4 -L funtoo_root /dev/vgxen/funtoo_root
# mkswap -L funtoo_swap /dev/vgxen/funtoo_swap
# rc-update add lvm boot

Basic DomU System setup

mount domU lvm volume or physical partition or image file

# mkdir /mnt/domu1
# mount /dev/vgxen/funtoo_root /mnt/domu1
# cd /mnt/domu1

get stage3

from a funtoo mirror near you, I suggest you look at the funtoo homepage

# links http://www.funtoo.org/wiki/Download 

Then choose a mirror near you ( I use Heanet in EU ) and look for the right stage3. I use XEON CPUs so I take the core2 distrib:

# wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/x86-64bit/core2_64/stage3-latest.tar.xz 

Unfortunately I can't find md5sums or similar which is really unpleasant.

then get latest portage tree from the snapshots firectory

# wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/snapshots/portage-current.tar.xz 

extract stage3

# tar xpf stage3-current.tar.xz

extract portage

# cd usr
# tar xf ../portage-current.tar.xz 

Preparing the chroot environment

Editing the make.conf

copy /etc/make.conf from dom0 and adjust it

# cp /etc/portage/make.conf /mnt/domu1/etc/

make sure to adjust MAKEOPTS to your assigned CPUs (rule of thumb cpu cores +1 - yes, even in XEN)

# nano -w /mnt/domu1/etc/portage/make.conf

out there the MAKEOPTS variable in:

MAKEOPTS="-j2"

copy /etc/resolv.conf

# cp -L /etc/resolv.conf /mnt/domu1/etc/ 

mount proc and dev

# mount -t proc none /mnt/domu1/proc
# mount --rbind /dev /mnt/domu1/dev 

Building Funtoo Xen Guest(s) DomU

Final DomU System setup

chroot

# chroot /mnt/domu1 /bin/bash
# env-update
# source /etc/profile
# export PS1="(domU-chroot) $PS1" 

sync portage

 
# emerge --sync

set locales

# nano -w /etc/locale.gen
# locale-gen

set your timezone

(choose your timezone in /usr/share/zoneinfo)

# cp -L /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime

edit /etc/fstab (see also gentoo handbook as reference)

we assume that we name our root partition xvda1 and the swap partition xvda2 in our domU-xen-config (we will do that later)

# nano -w /etc/fstab
/dev/xvda1      /              ext4    noatime 0 1
/dev/xvda2      none           swap    sw      0 0
shm             /dev/shm       tmpfs   nodev,nosuid,noexec     0 0

Now comes the most important stuff

please just copy this into your terminal:

echo '
                         Larry loves Funtoo
                      _________________________
                      < Have you mooed today? >
                      -------------------------
                        \   ^__^
                         \  (oo)\_______
                            (__)\       )\/\
                                 ||----w |
                                 ||     ||
.::::::::::::::: WELCOME TO ^^^^^^^^^^^^^^^^^^^:::::::::::::..
...............................................................
:########:'##::::'##:'##::: ##:'########::'#######:::'#######::.
:##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##::
:##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##::
:######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##::
:##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##::
:##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##::
:##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′
.::::::::::.......:::..::::..:::::..::::::.......::::.......::´ 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
'> /etc/motd

We are using the echo instead of „emerge --moo „ as larry still moo's in gentoo'ish

So that's it - almost.

adding networking to the domU:

(domU-chroot) # cd /etc/init.d/
(domU-chroot) # ln -sf netif.tmpl netif.eth0
(domU-chroot) # rc-update add netif.eth0
 * service netif.eth0 added to runlevel sysinit

Now we are ready to do the last setups

(domU-chroot) # emerge eix

After that I am feeling better now, I do the rest..

(domU-chroot) # eix-update 
Reading Portage settings ..
Building database (/var/cache/eix) ..
[0] "gentoo" /usr/portage/ (cache: metadata-md5-or-flat)
     Reading category 154|154 (100%) Finished             
Applying masks ..
Calculating hash tables ..
Writing database file /var/cache/eix ..
Database contains 15729 packages in 154 categories.

(domU-chroot) # exit 
exit

From here you have to decide how you want to run your domU: with unpriviledged users and sudo ? or with a root account enabled? as a webserver or firewall?

Me, personally, I always do install openssh server and just place my ssh keys in there. From there the steps differ.

(dom0-xen) # cp /root/.ssh/authorized_keys /mnt/domu1/root/.ssh/

Also, don't forget here to enable PubKeyAuth in your sshd_config in your domU and set PermitRootLogin to yes!

Double checking! Does your domU kernel uses modules or not? If you haven't built a monolitic kernel you should copy the modules from the dom0 to the domU now:

(dom0-xen) # mkdir /mnt/domu1/lib/modules
(dom0-xen) # rsync -aP /lib/modules/2.6.38-xen-maiwald.tk-dom0 /mnt/domu1/lib/modules/

Ok, that's it from here..

Don't forget to clean up the mounts!

(dom0-xen) # cd
(dom0-xen) # umount -l /mnt/domu1/proc
(dom0-xen) # umount -l /mnt/domu1/dev
(dom0-xen) # umount -l /mnt/domu1

That's it! ;-)

Booting the Xen DomU Guest

Ok, let's try the first boot of the newly created Xen DomU in Funtoo!

(dom0-xen) # cd /xen
(dom0-xen) # xm create -c configs/funtoo.cfg

Huuuuiiiii......

Using config file "./configs/funtoo.cfg".
Started domain funtoo (id=4)
[    0.000000] Linux version 2.6.38-xen-maiwald.tk-domU (root@xen) (gcc version 4.4.5 (Gentoo 4.4.5 p1.0, pie-0.4.5) ) #4 SMP Wed Feb 8 17:30:33 CET 2012
[    0.000000] Command line: root=/dev/xvda1 ro ip=217.x.x.211:127.0.255.255:217.x.x.1:255.255.255.0:domU:eth0:off xencons=tty console=xvc0 raid=noautodetect
[    0.000000] Xen-provided physical RAM map:
[    0.000000]  Xen: 0000000000000000 - 0000000040800000 (usable)
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] last_pfn = 0x40800 max_arch_pfn = 0x80000000
[    0.000000] init_memory_mapping: 0000000000000000-0000000040800000
[    0.000000] Zone PFN ranges:
[    0.000000]   DMA      0x00000000 -> 0x00001000
[    0.000000]   DMA32    0x00001000 -> 0x00100000
[    0.000000]   Normal   empty
[    0.000000] Movable zone start PFN for each node
[    0.000000] early_node_map[2] active PFN ranges
[    0.000000]     0: 0x00000000 -> 0x00040000
[    0.000000]     0: 0x00040800 -> 0x00040800
[    0.000000] setup_percpu: NR_CPUS:16 nr_cpumask_bits:16 nr_cpu_ids:1 nr_node_ids:1
[    0.000000] PERCPU: Embedded 18 pages/cpu @ffff88003efc0000 s42304 r8192 d23232 u73728
[    0.000000] Swapping MFNs for PFN 6d6 and 3efc7 (MFN 15deb0 and 1223bf)
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 256109
[    0.000000] Kernel command line: root=/dev/xvda1 ro ip=217.171.190.211:127.0.255.255:217.171.190.1:255.255.255.0:alyx1:eth0:off xencons=tty console=xvc0 raid=noautodetect
[    0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[    0.000000] Software IO TLB disabled
[    0.000000] Memory: 1022732k/1056768k available (3657k kernel code, 8192k absent, 25844k reserved, 1261k data, 264k init)
[    0.000000] SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000] NR_IRQS:96
[    0.000000] Xen reported: 2992.570 MHz processor.
[    0.000000] Console: colour dummy device 80x25
[    0.000000] console [tty-1] enabled
[    0.150003] Calibrating delay using timer specific routine.. 6018.63 BogoMIPS (lpj=30093193)
[    0.150008] pid_max: default: 32768 minimum: 301
[    0.150034] Mount-cache hash table entries: 256
[    0.150173] SMP alternatives: switching to UP code
[    0.170232] Freeing SMP alternatives: 20k freed
[    0.170342] Brought up 1 CPUs
[    0.170377] devtmpfs: initialized
[    0.170601] xor: automatically using best checksumming function: generic_sse
[    0.220004]    generic_sse:  7325.200 MB/sec
[    0.220008] xor: using function: generic_sse (7325.200 MB/sec)
[    0.220091] NET: Registered protocol family 16
[    0.220186] Brought up 1 CPUs
[    0.220217] bio: create slab <bio-0> at 0
[    0.390014] raid6: int64x1   2353 MB/s
[    0.560003] raid6: int64x2   2964 MB/s
[    0.730026] raid6: int64x4   2357 MB/s
[    0.900012] raid6: int64x8   2116 MB/s
[    1.070007] raid6: sse2x1    5349 MB/s
[    1.240009] raid6: sse2x2    5404 MB/s
[    1.410005] raid6: sse2x4    8597 MB/s
[    1.410008] raid6: using algorithm sse2x4 (8597 MB/s)
[    1.410022] suspend: event channel 6
[    1.410022] xen_mem: Initialising balloon driver.
[    1.410096] Switching to clocksource xen
[    1.410125] FS-Cache: Loaded
[    1.410152] CacheFiles: Loaded
[    1.410268] NET: Registered protocol family 2
[    1.410288] IP route cache hash table entries: 32768 (order: 6, 262144 bytes)
[    1.410391] TCP established hash table entries: 131072 (order: 9, 2097152 bytes)
[    1.410951] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
[    1.411180] TCP: Hash tables configured (established 131072 bind 65536)
[    1.411183] TCP reno registered
[    1.411186] UDP hash table entries: 512 (order: 2, 16384 bytes)
[    1.411192] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[    1.411229] NET: Registered protocol family 1
[    1.411290] platform rtc_cmos: registered platform RTC device (no PNP device found)
[    1.411401] Intel AES-NI instructions are not detected.
[    1.411437] audit: initializing netlink socket (disabled)
[    1.411444] type=2000 audit(1330014455.606:1): initialized
[    1.412612] fuse init (API version 7.16)
[    1.412674] msgmni has been set to 2048
[    1.412990] NET: Registered protocol family 38
[    1.413018] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
[    1.413024] io scheduler noop registered (default)
[    1.413026] io scheduler deadline registered
[    1.413049] io scheduler cfq registered
[    1.413079] Non-volatile memory driver v1.3
[    1.413088] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[    1.413090] Hangcheck: Using getrawmonotonic().
[    1.419520] Switched to NOHz mode on CPU #0
[    1.423394] brd: module loaded
[    1.423665] loop: module loaded
[    1.423771] nbd: registered device at major 43
[    1.426180] Xen virtual console successfully installed as tty1
[    1.426216] Event-channel device installed.
[    1.441658] netfront: Initialising virtual ethernet driver.
[    1.444972] xen-vbd: registered block device major 202
[    1.444988] blkfront: xvda1: barriers enabled
[    1.450287] Setting capacity to 20971520
[    1.450294] xvda1: detected capacity change from 0 to 10737418240
[    1.450677] blkfront: xvda2: barriers enabled
[    1.451661] Setting capacity to 2097152
[    1.451665] xvda2: detected capacity change from 0 to 1073741824
[    1.452020] bonding: Ethernet Channel Bonding Driver: v3.7.0 (June 2, 2010)
[    1.452023] bonding: Warning: either miimon or arp_interval and arp_ip_target module parameters must be specified, otherwise bonding will not detect link failures! see bonding.txt for details.
[    1.453016] i8042: No controller found
[    1.453066] mousedev: PS/2 mouse device common for all mice
[    1.453113] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
[    1.453145] rtc_cmos: probe of rtc_cmos failed with error -38
[    1.453155] md: linear personality registered for level -1
[    1.453158] md: raid0 personality registered for level 0
[    1.453161] md: raid1 personality registered for level 1
[    1.453163] md: raid6 personality registered for level 6
[    1.453166] md: raid5 personality registered for level 5
[    1.453168] md: raid4 personality registered for level 4
[    1.453224] device-mapper: uevent: version 1.0.3
[    1.453273] device-mapper: ioctl: 4.19.1-ioctl (2011-01-07) initialised: dm-devel@redhat.com
[    1.453340] device-mapper: multipath: version 1.2.0 loaded
[    1.453343] device-mapper: multipath round-robin: version 1.0.0 loaded
[    1.453345] device-mapper: multipath queue-length: version 0.1.0 loaded
[    1.453347] device-mapper: multipath service-time: version 0.2.0 loaded
[    1.453396] Netfilter messages via NETLINK v0.30.
[    1.453410] nf_conntrack version 0.5.0 (8192 buckets, 32768 max)
[    1.453478] ctnetlink v0.93: registering with nfnetlink.
[    1.453486] IPv4 over IPv4 tunneling driver
[    1.453548] TCP westwood registered
[    1.453550] TCP highspeed registered
[    1.453552] TCP htcp registered
[    1.453553] TCP vegas registered
[    1.453555] Initializing XFRM netlink socket
[    1.453630] NET: Registered protocol family 10
[    1.453803] IPv6 over IPv4 tunneling driver
[    1.453863] NET: Registered protocol family 17
[    1.453868] NET: Registered protocol family 15
[    1.453870] Registering the dns_resolver key type
[    1.550094] /usr/src/linux-2.6.38-xen/drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
[    3.070104] IP-Config: Complete:
[    3.070109]      device=eth0, addr=217.171.190.211, mask=255.255.255.0, gw=217.171.190.1,
[    3.070116]      host=alyx1, domain=, nis-domain=(none),
[    3.070119]      bootserver=127.0.255.255, rootserver=127.0.255.255, rootpath=
[    3.070212] md: Skipping autodetection of RAID arrays. (raid=autodetect will force)
[    3.107309] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: (null)
[    3.107321] VFS: Mounted root (ext2 filesystem) readonly on device 202:1.
[    3.140059] devtmpfs: mounted
[    3.140239] Freeing unused kernel memory: 264k freed
INIT: version 2.88 booting

   OpenRC 0.8.3 is starting up Funtoo Linux (x86_64)

 * Mounting /proc ...
 [ ok ]
 * WARNING: rc_sys not defined in rc.conf. Falling back to automatic detection
 * Caching service dependencies ...
 [ ok ]
 * Mounting /sys ...
 [ ok ]
 * udev: /dev already mounted, skipping...
 * Mounting /dev/pts ...
 [ ok ]
 * Mounting /dev/shm ...
 [ ok ]
 * Bringing up network interface lo ...
RTNETLINK answers: File exists
 [ ok ]
 * Bringing up network interface lo ...
RTNETLINK answers: File exists
RTNETLINK answers: File exists
 [ ok ]
 * Starting udevd daemon ...
 * Populating /dev with existing devices through uevents ...
 [ ok ]
 * Autoloaded 0 module(s)
 * Checking local filesystems  ...
funtoo_root: Superblock last write time is in the future.
        (by less than a day, probably due to the hardware clock being incorrectly set).  FIXED.
funtoo_root: clean, 173796/655360 files, 436917/2621440 blocks
 [ ok ]
 * Remounting root filesystem read/write ...
 [ ok ]
 * Updating /etc/mtab ...
 [ ok ]
 * Mounting local filesystems ...
 [ ok ]
 * Configuring kernel parameters ...
 [ ok ]
 * Creating user login records ...
 [ ok ]
 * Cleaning /var/run ...
 [ ok ]
 * Wiping /tmp directory ...
 [ ok ]
 * Setting hostname to localhost ...
 [ ok ]
 * Activating swap devices ...
 [ ok ]
 * udev: storing persistent rules ...
 [ ok ]
 * Initializing random number generator ...
 [ ok ]
INIT: Entering runlevel: 3
 * Mounting network filesystems ...
 [ ok ]
 * Generating dsa host key ...
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
25:e0:a8:05:xxxxxxxxxxxx:1c:1f:ba root@localhost
The key's randomart image is:
+--[ DSA 1024]----+
|  ooo.B.o        |
| o o *.B o .     |
|  . + + = =      |
|   o   + *       |
|  .   E S        |
|                 |
|                 |
|                 |
|                 |
+-----------------+
 [ ok ]
 * Generating rsa host key ...
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
22:e3:46:28:67:xxxxxxxxxxxxxxxxxxxxx:e5:c3 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|.    o. ..       |
|oo  o ..o        |
|=oo  o   E       |
|.*oo.     .      |
|o *.+ . S        |
| + o o .         |
|    o            |
|   .             |
|                 |
+-----------------+
 [ ok ]
 * Starting sshd ...
 [ ok ]
 * Starting local
 [ ok ]


                         Larry loves Funtoo
                      _________________________
                      < Have you mooed today? >
                      -------------------------
                           ^__^
                           (oo)_______
                            (__)       )/
                                 ||----w |
                                 ||     ||
 .::::::::::::::::::::: WELCOME TO ::::::::::::::::::::::::::..
 ...............................................................
 :########:'##::::'##:'##::: ##:'########::'#######:::'#######::.
 :##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##::
 :##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##::
 :######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##::
 :##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##::
 :##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##::
 :##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′
.::::::::::.......:::..::::..:::::..::::::.......::::.......::´
This is localhost.unknown_domain (Linux x86_64 2.6.38-xen-maiwald.tk-domU) 17:27:40

localhost login: 

Finalizing the setup

Now we test if we can reach the DomU from our Desktop:

(2034)-~% ssh -lroot 217.x.x.211  
The authenticity of host '217.x.x.211 (217.x.x.211)' can't be established.
RSA key fingerprint is 22:e3:xxxxxxxx:b0:3c:xxxxx:d6:e5:c3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '217.x.x.211' (RSA) to the list of known hosts.
Enter passphrase for key '/home/mm/.ssh/id_rsa': 
localhost ~ # uname -a
Linux localhost 2.6.38-xen-maiwald.tk-domU #4 SMP Wed Feb 8 17:30:33 CET 2012 x86_64 Intel(R) Xeon(R) CPU E3110 @ 3.00GHz GenuineIntel GNU/Linux
localhost ~ # 

All seems good for now.

Now switch back to the Funto Installation Tutorial and go on with setting up your new domU guest like a normal funtoo linux system!

Please consider to help supporting this Wiki with editing this page and keeping it current!

Funtoo is a perfect Xen Host and I can really recommend it to everybody as an alternative to .deb/.rpm Systems.

Have fun!