Make XenServer 7 do meaningful things# Nov 14 2016 by will
Update Jan 31, 2018
This is verified (by me, at least) to work on both the official XenServer 7.2, and with the experimental xcp-ng. I've also semi-automated the process with these Ansible bits for new hardware / pool upgrades.
Don’t get me wrong, XenServer 7 is a huge improvement over previous versions, and still my product of choice for those that don’t want to pay a literal fortune for vmWare licensing. There are however a few places that the default config / included softwares are a bit lacking, so here’s what I do to build out a new Xen host, after doing all the hardware-specific stuff like RAID config and of course actually installing XenServer:
- Install Dell OpenManage (makes remotely managing Dell hardware, my favorite, a little easier)
wget -q -O - http://linux.dell.com/repo/hardware/dsu/bootstrap.cgi | bashThis runs the Dell OM repository configuration, as well as imports the necessary GPG keys etc.
- Fix the broken base CentOS repository line in
baseurl=http://mirrors.kernel.org/centos/7/os/x86_64/. This step is necessary because the Dell software has some requirements that are in the CentOS base repo; it’s nothing that conflicts with the standard XenServer installation packages, though. I like the kernel.org mirror, you can use whichever one is your favorite.
- Install OpenManage:
yum --enablerepo=base install srvadmin-all– Note that this only enables the base repo for this one installation, and that I didn’t enable it across the board above; this helps avoid future issues if an update later on supercedes a XenServer core package.
- Update iptables to allow the incoming connections to the web UI by adding this line:
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 1311 -j ACCEPTto
/etc/sysconfig/iptablesafter the line that has ESTABLISHED,RELATED in it. Don’t forget to restart iptables after making the changes.
- Enable and start the OpenManage services:
/opt/dell/srvadmin/sbin/srvadmin-services.sh enable && /opt/dell/srvadmin/sbin/srvadmin-services.sh start
- verify login works via https://[server_ip]:1311 – Note the httpS; login will be whatever your XenServer root login was set to during installation.
- Enable SNMP for monitoring systems etc
- Add the following line to the same
/etc/sysconfig/iptableswe edited above, I typically put it above the last line in the file:
-A RH-Firewall-1-INPUT -s [monitoring_IP] -p udp -m udp --dport 161 -j ACCEPT. Replace the[<monitoring_IP] bit with the IP of your monitoring system, to only allow that system to access SNMP.
/etc/snmp/snmpd.confto meet your monitoring needs; however the defaults of CPU, memory, and FS usage work just fine for most of my cases.
- Add the following line to the same
- Update all the things
- Every time I install a new XS host, the most time consuming thing I have to do is get all the updates since the ISO was made installed. Sure, there’s time savers like cloning etc, if you have to do many at once, but for more one-off setups one of the fastest ways I’ve found is to use Xen Orchestra‘s app in lieu of the standard XenCenter to apply updates in bulk to new hosts. It’s a little different experience, but makes the initial bulk apply much easier, especially if the hosts aren’t part of a pool.
That’s really about it; other than environment-specific stuff like remote storage repositories for disk images or setting up domain authentication for management users, XenServer should now just quietly sit in the back and do its job, like all good software tools. I recommend setting up some kind of recurring maintenance schedule to install updates etc, in particular on production systems, but if you’re reading this you honestly should have that going already.
If you have a post-install thing you do that helps with Xen management or monitoring, feel free to add it below to help spread the word.