Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick

Xen, again

I can't stop talking about how cool Xen is.

Try out a new program? Use a whole new operating system... a new operating system (Debian sarge) only takes 114 MB, so why not?

Paranoid some program might have an exploit? It probably does... new operating system!
bepo:~# xm list
Name              Id  Mem(MB)  CPU  State  Time(s)  Console
Domain-0           0      507    0  r----   3069.9        
danga             11      511    1  -b---   2899.0    9611
danga-cvs         10      255    3  -b---   3133.8    9610
mail              13      511    3  -b---  14273.3    9613
personal_web      16      255    3  -b---      3.8    9616
rtzilla           14      255    1  -b---    260.7    9614
I wrote this fun tool:

# xen-create --name='personal_web' --size=10G --ip= --mem=256

Which does exactly what you'd think. Creates a new LVM2 LV, makes a filesystems, rsyncs from my base system's skeleton, sets up hostname, network interfaces, unmounts, and starts up xen (after putting conf in /etc/xen/auto/, so it auto-starts on boot).

About 30 seconds after running that and a new Debian sarge machine (with latest security updates) is pinging on the net, and I can ssh in to it at root, since I initialize the machine's authorized_keys file to include my own.

And each machine has its own ssh host keys, thanks to this one-liner, which runs once on boot, right before ssh starts:

bepo:~# cat /var/xen-skel/etc/rc2.d/S15ssh-setup 
# one-time configuration of ssh:

/var/lib/dpkg/info/ssh.postinst configure && rm /etc/rc2.d/S15ssh-setup
Fun stuff.
Tags: tech, xen
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.