This page is part 4/6 in our A server with DTC-Xen tutorial.
(Make sure you follow the step one after the other)
1. Mail server
You might want to setup a mail server on the dom0 to receive mails about raid1 array problems. Setting-up something like munin-node is not a bad idea either.
2. Firewall on the dom0
dtc-xen now includes a simple, optional firewall script. Simply do apt-get install dtc-xen-firewall, and make sure you read the included dtc-xen-firewall.init file to understand how it works. It is NOT a closed-by-default firewall, but a very basic anti-DoS thing that will rate limit connections to your dom0 and domUs.
Note that in most case you wont NEED this, but it's a fair protection against stupid flood if you don't have a CISCO router to do the job before your dom0.
3. Check for BIOS stuff (supermicro)
If like us, you use Supermicro PDSMI+ motherboard, here are what you should do to get max performances on it:
- Power loss mode: resume
- Pentium VM mode: VT On
To flash the supermicro IPMI do: select IPMI 2.0, then using RCMP first, then RCMP+, flash the PDSMI+ firmware.
Check that ipnmac.x86_64 is working under Linux. The IPMI kernel extensions should NOT be present in the kernel, otherwise it might make the IPMI card fail (what I experiment with Didier Roux).
4. Other things to do
Under Xen, your users wont be able to set the hardware clock (rights will deny it). So best option is to setup the clock of your dom0 to UTC, and sync it using ntpdate. So apt-get install ntpdate, then edit the /etc/crontab and write something like:
1 4 * * * root ntpdate pool.ntp.org > /dev/null
This will do the sync everyday at 4:01 am.
Note that ntp.org has many pools that you can use:
- Worldwide: pool.ntp.org
- Asia: asia.pool.ntp.org
- Europe: europe.pool.ntp.org
- North America: north-america.pool.ntp.org
- Oceania: oceania.pool.ntp.org
- South America: south-america.pool.ntp.org
Get the closest possible to you.
5. Adding the /var/lib/rpm folder
dtc-xen now uses yum, and by default the /var/lib/rpm folder is missing. Create it if you want to be able to setup CentOS.
5. Monitoring HDD with smartd
Because you want to do proactive monitoring of your hard drive (know in advance that it's going to die soon), you want to setup smartd. I'm not jocking on that one, you really NEED it because hard drive do fail, it's only a mater of time. Here we go:
apt-get install smartmontools
Then edit /etc/smartd.conf. Comment out DEVICESCAN, you know what you want to monitor, no need to have silly scanning that doesn't work. Then add the drives you want to monitor like this:
/dev/sda -d ata -H -l error -l selftest -f -m firstname.lastname@example.org,email@example.com
/dev/sdb -d ata -H -l error -l selftest -f -m firstname.lastname@example.org,email@example.com
that way, smartd will send you a mail whenever it detects that S.M.A.R.T inside your HDDs is reporting some errors. Note that the -d ata parameter is needed ONLY if you are using SATA disks. Last thing, in /etc/defaults/smartmontools, you need to uncomment the following:
then you can start smartd:
and then you'll get the warning emails.
If you got a funky eth on PDSMI / PDSME / PDSMU, this might help:
ethtool -K eth0 tso off
and if you are running Xen, eth0 has been renamed in peth0, so it becomes:
ethtool -K peth0 tso off
Also, it's a very good idea to limit the number of processes in Apache to 3, you don't need to have more.
5. Moving to the data center
Here you go! :)