I’ve been playing with Xen quite a bit over the past few weeks, and I must say that I’m becoming a fanboy. I’ve got it set up both on a machine home, and my colocated server at work. I am using it to break up my existing monolithic Gentoo server environments. I’ve got a couple main reasons for this.

First off, I’m just tired of having Gentoo in a server environment. It’s pretty neat in theory, but in practice, its a beast to maintain. Compiling packages from source takes forever. Gentoo is very much bleeding edge, and because of that, things change often, and said changes aren’t always painless. Binary distributions like CentOS definitely are at the opposite end of the spectrum. I’ve got a lot less free time these days to dink around with this and that, so I’ll definitely take the ease of use of a binary distribution, and the relative stabiility in the software environment provided by an enterprise-level OS.

The second benefit to Xen is that I can use it to “disassemble” my current server installs one piece at a time instead of just migrating everything in one fell swoop. I’ve been slowly taking pieces of functionality out of main Gentoo environment and placing them into smaller single-purpose CentOS environments. This allows for the transition to be much easier, since testing one or two pieces of software at a time is much easier than ten or more. Currently I have separate environments for mysql, jabber, shoutcast, and a communal system logger along with the Gentoo environment I’m working to replace. Eventually, there will be environments for apache, DNS, and email services as well.

The third benefit is an added layer of security. With each service in its own Xen environment, the chances of the entire server being compromised via a single vulnerable service essentially goes away. It also allows for me to set up environments for family or friends without having to worry about them getting into things that they shouldn’t be seeing.

Since Xen uses standard linux bridging to handle its internal networking, some pretty neat things are possible. I’ve got two network interfaces in my colocated box at work. One is connected to the internet, the other is connected to a private network. I only have the environments that require access to the internet connected to the public network bridge, but all of the environments are connected to the private network bridge interface. This allows all of the environments to communicate privately amongst themselves without the traffic ever leaving the physical server. As mentioned before, the second network interface is also connected to the private bridge, so I can (and do) connect other physical machines into the private network, and they see the Xen environments as if they were physical servers.

I was also able to do some more neat networking utilizing ssh and pppd. I found an article a few weeks back when I was looking into some ssh networking tricks, and it described a one-line command to create a ppp connection between two machines with ssh as its transport mechanism. This allowed me to create a tunnel that connected my home network to my private network inside (and outside) my colo box at work. The connection isn’t very fast, but it’s secure, and pretty stable. Its transparent to my machines at home since the tunnel is initiated by my gateway machine. The Xen environments only need a few static routes added for things to work properly, which is trivial. The only thing I’m doing with it so far is capturing usage statistics from all of the Xen environments via SNMP using Cacti. The slow speed of the tunnel doesn’t affect that at all. I might try to set up mysql replication between my mysql environment in the colo box and the mysql environment at home for backup purposes. Who knows. There’s a lot of possibility.

I’m thinking of setting up a personal wiki on the site here for various implementation notes, procedures, scripts, and other things. If/when I set that up, I’ll post my notes on setting things up there.

Edit: I’ve documented the SSH PPP scripts in the wiki.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>