Storage layout

[usb:p1:fat32] @host:/mnt/boot
------------------------
d0.buntu
d0.centos
d0.gentoo -> @host:/boot (bind-mount)
efi
syslinux


[usb:p2:lvm] @host:vgusb
------------------------
d0.buntu
d0.centos
d0.gentoo -> @host:/
dS.nw
dS.zfs
root -> @host:/root
		/dR.d
		/dS.d
		/dU.d
		/members.d
		/scripts
		/notes
		/xen-auto
		
------------------------------------------------


[zpool:zfs]
------------------------
io	/linux	
		/src		-> @host:/usr/src*
		/portage	-> @host:/usr/portage*
		/log		-> @host:/var/log (gzip-7, wo logrotate)
		/backups	--> rsync offsite
	/infra
		/dR		# Container runtimes
			/..
		/dS		# "Fat" service / driver domains
		/dU		# xen domU's running vpslab services directly
			/..
		/vm.block	# VM zvols
		/vm.fs		# VM Datasets exported to container runtimes
	/members
		/{ID}
			/home	-> @member-lxc-host:/storage/home
			/vm.block/vgvm01	-> @member-lxc-host:@LVM:vgvm01
			/vm.fs	-> @member-lxc-host:/storage/vm
			/rt.lxc	#internal use
			/rt.xen	#internal use

	/pub	# To be moved to a dedicated NAS node
		/iso		-> @member-lxc-host:/storage/ISO
		/templates	-> @member-lxc-host:/storage/templates
		/install	-> @member-lxc-host:/storage/install
		/..

xen-specific configs


# /etc/xen/xl.conf
autoballoon="off"
lockfile="/var/lock/xl"
blkdev_start="xvda"
vif.default.backend="dS.nw"

# /etc/conf.d/xendomains
AUTODIR=/root/xen-auto
PARALLEL_SHUTDOWN=yes

# /etc/default/xendomains
XENDOMAINS_SYSRQ=""
XENDOMAINS_USLEEP=100000
XENDOMAINS_CREATE_USLEEP=5000000
XENDOMAINS_MIGRATE=""
XENDOMAINS_SAVE=/io/infra/xen-save
XENDOMAINS_SHUTDOWN="--wait"
XENDOMAINS_SHUTDOWN_ALL="--all --wait"
XENDOMAINS_RESTORE=true
XENDOMAINS_AUTO=/root/xen-auto
XENDOMAINS_AUTO_ONLY=true
XENDOMAINS_STOP_MAXWAIT=300

d0.gentoo fstab

# /etc/fstab: static file system information.
#                                           
/dev/mapper/vgusb-d0.gentoo     /               xfs     rw,relatime,attr2,inode64,noquota	0	0
/dev/mapper/vgusb-root          /root           xfs     rw,relatime,attr2,inode64,noquota	0	0

LABEL="USBOOT"                  /mnt/boot	vfat    defaults                                0	0
/mnt/boot/d0.gentoo             /boot           none    defaults,bind                           0	0
tmpfs                           /tmp            tmpfs   nodev,nosuid,size=512M                  0	0
tmpfs                           /var/tmp        tmpfs   nodev,nosuid,size=1G                    0	0

syslinux.cfg

# Credit where credit is due, colors based on the Arch Linux boot loader
UI vesamenu.c32
DEFAULT xen-gentoo
PROMPT 0
MENU TITLE Boot Menu
MENU BACKGROUND splash.png
TIMEOUT 50

MENU WIDTH 78
MENU MARGIN 4
MENU ROWS 5
MENU VSHIFT 10
MENU TIMEOUTROW 10
MENU TABMSGROW 11
MENU CMDLINEROW 11
MENU HELPMSGROW 16
MENU HELPMSGENDROW 29

MENU COLOR border	30;44   #40ffffff #a0000000 std
MENU COLOR title        1;36;44 #9033ccff #a0000000 std
MENU COLOR sel          7;37;40 #e0ffffff #20ffffff all
MENU COLOR unsel        37;44   #50ffffff #a0000000 std
MENU COLOR help         37;40   #c0ffffff #a0000000 std
MENU COLOR timeout_msg  37;40   #80ffffff #00000000 std
MENU COLOR timeout	1;37;40 #c0ffffff #00000000 std
MENU COLOR msg07        37;40   #90ffffff #a0000000 std
MENU COLOR tabmsg	31;40   #30ffffff #00000000 std

# [..] Truncated
LABEL xen-gentoo
        MENU LABEL XEN Gentoo
        KERNEL mboot.c32
        APPEND /d0.gentoo/xen.gz console=com2 console=vga dom0_mem=8192M,max:8192M iommu=no-intremap dom0_max_vcpus=4 dom0_vcpus_pin --- /d0.gentoo/4.8.17-r2.kernel root=/dev/vgusb/d0.gentoo dolvm rootfstype=xfs rw console=hvc0 console=tty0 iommu=soft softlevel=xen xen-pciback.hide=(1a:00.0)(1a:00.1) --- /d0.gentoo/4.8.17-r2.initrd

vpslab->init()

Oook, I won’t say that this [wordpress blog-site] is a temporary solution because most of you know how “temporary” these ad-hoc solutions usually turn out to be.

Anyway, regardless of what systems we’ll use to run this project, it would be good to have a sort-of unified member ID so that at least from the identity/access management side of things we’ll have a common-ground so to speak.

Currently, we need to enable all members to:

  • post on blog.vpslab.org (whatever system it’ll run on)
  • add “business-cards” for their projects running on VPSLAB servers to vpslab.org (built on laravel 5.4 as of 04/2017)
  • access all management tools within the environment without going through a painful registration process for each-and-every one of them

The least common denominator for the above use-case turned out to be openldap/389DS, which wordpress can be easily piped into via one of several ldap-auth plugins freely available. Suggestions are welcome so don’t hesitate to contact us / leave a comment below.

We are still evaluating which LDAP DB will suite our needs the best. Both, openldap and 389DS, are very good pieces of FOSS with couple of decades of production use behind them. Freeipa(based on 389DS) is also on the to-test list – albeit not being (only) a LDAP DB per-se. Personally, whenever I tried to setup freeipa for production use, I encountered 100s of issues and hiccups that rendered this option a no-go but my last ldap project was several years ago so I’ll definitely give it a try.

OK Folks, so much on that part,  this first _ever_ VPSLAB blog post is now over, have a great stress-less day ahead 😉

 

Upade (20170604): After a rough night of testing, 389DS with the core packages only is the clear winner. Next step is to deploy a master-master test setup and start piping all VPSLAB services into it(pve, gitlab, kolab, wp & co)

idnc_sk
Co-founder