This post is part of a series of posts on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor.
This first step in our quest to build our authentication server, actually has little to to with YubiRadius but a lot with running a para-virtual guest domain. We will then use the resulting Guest domain as template and source of some files that we will need to input the YubiRadius ready made appliance and make it run under the Xen Hypervisor. It is required for several reasons, the main one is ensure that you Xen installation works and make the files we will need for a subsequent step are available. By doing it this way we will run YubiRadius in para-virtual mode (modified kernel) rather than providing it with a Hardware Virtual Machine (HVM). The main advantage is speed and resource requirement.
If you have a running DomU based on Squeeze and using pygrub for boot, you can skip this section and jump to b.
In order to create your DomU you will need to have xen-tools installed: http://www.xen-tools.org you can check to have them installed with:
Automatically installed: no
Aptitude will show if the package is installed and would install it if necessary. Once the tools are there build your image very easily as follows (careful for the backslash continuation: it is a single line):
xen-create-image –memory=384M \
–hostname whatever_you_like \
After a lot of downloading and a disk activity you will get a summary of the created image. Ensure it works by launching it with XM create. Please note that xen-create-image also creates a hostname.cfg file in the default directory /etc/xen this file will need to be edited since we did not specify above the broadcast and default gateway of the host. Also the /etc/network/interfaces file needs to be adjusted and the root password changed (the xen-create-image output and logfile contain the automatically generated password).
Just remember to thank those who spent their time in putting Xen-tools together (Steve Kemp and Axel Beckert) making them available for free for you to issue a command and create an host ….
You can now boot the DomU you created and SSH into it. Once inside the DomU which is up and running, you need to package the boot directory for future use so you can issue:
tar –c boot > /root/boot_dir.tar
Since you need these files outside the DomU, you can SFTP to the Dom0 and put the tarred file:
The above commands will tar the boot dir and sftp the resulting file to Dom0 ready for the future use we will need to make. Your DomU kernel should be the same as the Dom0. You can verify this by issuing
Linux Lithium-Dom0 2.6.32-5-xen-amd64 #1 SMP Mon Jan 16 20:48:30 UTC 2012 x86_64 GNU/Linux
root@indian:~# uname -a
Linux indian 2.6.32-5-xen-amd64 #1 SMP Mon Jan 16 20:48:30 UTC 2012 x86_64 GNU/Linux
As a result of the above you have a good working DomU (somethime it comes handy …), a tarred file containing your boot directory files uploaded in you Dom0 host and therefore accessible to you for consumption when building the YubiRadius host. Feel free to shutdown the created host (or maybe let it run: it doe not run up your real electric bill only the virtual one).