December 4th, 2005


Xen, again

I can't stop talking about how cool Xen is.

Try out a new program? Use a whole new operating system... a new operating system (Debian sarge) only takes 114 MB, so why not?

Paranoid some program might have an exploit? It probably does... new operating system!
bepo:~# xm list
Name              Id  Mem(MB)  CPU  State  Time(s)  Console
Domain-0           0      507    0  r----   3069.9        
danga             11      511    1  -b---   2899.0    9611
danga-cvs         10      255    3  -b---   3133.8    9610
mail              13      511    3  -b---  14273.3    9613
personal_web      16      255    3  -b---      3.8    9616
rtzilla           14      255    1  -b---    260.7    9614
I wrote this fun tool:

# xen-create --name='personal_web' --size=10G --ip= --mem=256

Which does exactly what you'd think. Creates a new LVM2 LV, makes a filesystems, rsyncs from my base system's skeleton, sets up hostname, network interfaces, unmounts, and starts up xen (after putting conf in /etc/xen/auto/, so it auto-starts on boot).

About 30 seconds after running that and a new Debian sarge machine (with latest security updates) is pinging on the net, and I can ssh in to it at root, since I initialize the machine's authorized_keys file to include my own.

And each machine has its own ssh host keys, thanks to this one-liner, which runs once on boot, right before ssh starts:

bepo:~# cat /var/xen-skel/etc/rc2.d/S15ssh-setup 
# one-time configuration of ssh:

/var/lib/dpkg/info/ssh.postinst configure && rm /etc/rc2.d/S15ssh-setup
Fun stuff.