- Détails
- Écrit par Philippe
'windows' + 'shift' + r (windows+Rà
- Détails
- Écrit par Philippe
Pour généré une clé publique ssh à partir d'une clé privé il faut connaitre la passe phrase de la clé privé
la commande est :
ssh-keygen -y -f /chemin_de_la_clé_privé/nom_de_la_clé_privé >/chemin_de_la_clé_publique/nom_de_la_clé_publique
- Détails
- Écrit par Philippe
Pour avoir un utilisateur dédié pour les sauvegarde il faut :
- créer un utilisateur super user
- commande : create user <nom_de_l_utilisateur> superuser with encrypted password 'votre_mot_de_passe';
- donner uniquement la permission de lire les bases :
- commande : alter user <nom_de_l_utilisateur> set default_transaction_read_only = on;
Valable pour les version 9 et 10 , non testé pour les versions 8 et 11
- Détails
- Écrit par Philippe
Il faut que les interfaces réseaux soient en ethx. Pour rappel les interfaces maintenant porte le nom du driver depuis la Debian 9 stretch
dans le fichier /etc/default/grub, la variable GRUB_CMDLINE_LINUX doit avoir net.ifnames=0 bosdevname=0 , ce qui peut donner :
GRUB_CMDLINE_LINUX="console=tty0 console=hvc0 net.ifnames=0 bosdevname=0"
Voici le contenu de mes fichiers de conf pour avoir sur dom0 1 cpu, 1G de RAM
fichier : /etc/default/grub :
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
# info -f grub -n 'Simple configuration'GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="console=hvc0 earlyprintk=xen"
# partie pour xen
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1"
GRUB_CMDLINE_XEN="dom0_mem=1024M,max:2048M dom0_max_vcpus=1 dom0_vcpus_pin=true loglvl=all guest_loglvl=all com1=9600,8n1 console=com1,vga"
GRUB_TERMINAL="console serial"
GRUB_CMDLINE_LINUX="console=tty0 console=hvc0"
# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"
fichier /etc/xen/xend-config.sxp
# -*- sh -*-
#
# Xend configuration file.
## This example configuration is appropriate for an installation that
# utilizes a bridged network configuration. Access to xend via http
# is disabled.# Commented out entries show the default for that entry, unless otherwise
# specified.#(logfile /var/log/xen/xend.log)
#(loglevel DEBUG)# Uncomment the line below. Set the value to flask, acm, or dummy to
# select a security module.#(xsm_module_name dummy)
# The Xen-API server configuration.
#
# This value configures the ports, interfaces, and access controls for the
# Xen-API server. Each entry in the list starts with either unix, a port
# number, or an address:port pair. If this is "unix", then a UDP socket is
# opened, and this entry applies to that. If it is a port, then Xend will
# listen on all interfaces on that TCP port, and if it is an address:port
# pair, then Xend will listen on the specified port, using the interface with
# the specified address.
#
# The subsequent string configures the user-based access control for the
# listener in question. This can be one of "none" or "pam", indicating either
# that users should be allowed access unconditionally, or that the local
# Pluggable Authentication Modules configuration should be used. If this
# string is missing or empty, then "pam" is used.
#
# The final string gives the host-based access control for that listener. If
# this is missing or empty, then all connections are accepted. Otherwise,
# this should be a space-separated sequence of regular expressions; any host
# with a fully-qualified domain name or an IP address that matches one of
# these regular expressions will be accepted.
#
# Example: listen on TCP port 9363 on all interfaces, accepting connections
# only from machines in example.com or localhost, and allow access through
# the unix domain socket unconditionally:
#
# (xen-api-server ((9363 pam '^localhost$ example\\.com$')
# (unix none)))
#
# Optionally, the TCP Xen-API server can use SSL by specifying the private
# key and certificate location:
#
# (9367 pam '' xen-api.key xen-api.crt)
#
# Default:
# (xen-api-server ((unix)))
#(xend-http-server no)
#(xend-unix-server no)
#(xend-tcp-xmlrpc-server no)
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
#(xend-relocation-ssl-server no)
#(xend-udev-event-server no)#(xend-unix-path /var/lib/xend/xend-socket)
# Address and port xend should use for the legacy TCP XMLRPC interface,
# if xend-tcp-xmlrpc-server is set.
#(xend-tcp-xmlrpc-server-address 'localhost')
#(xend-tcp-xmlrpc-server-port 8006)# SSL key and certificate to use for the legacy TCP XMLRPC interface.
# Setting these will mean that this port serves only SSL connections as
# opposed to plaintext ones.
#(xend-tcp-xmlrpc-server-ssl-key-file xmlrpc.key)
#(xend-tcp-xmlrpc-server-ssl-cert-file xmlrpc.crt)
# Port xend should use for the HTTP interface, if xend-http-server is set.
#(xend-port 8000)# Port xend should use for the relocation interface, if xend-relocation-server
# is set.
#(xend-relocation-port 8002)# Port xend should use for the ssl relocation interface, if
# xend-relocation-ssl-server is set.
#(xend-relocation-ssl-port 8003)# SSL key and certificate to use for the ssl relocation interface, if
# xend-relocation-ssl-server is set.
#(xend-relocation-server-ssl-key-file xmlrpc.key)
#(xend-relocation-server-ssl-cert-file xmlrpc.crt)# Whether to use ssl as default when relocating.
#(xend-relocation-ssl no)# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
# Specifying the empty string '' (the default) allows all connections.
#(xend-address '')
#(xend-address localhost)# Address xend should listen on for relocation-socket connections, if
# xend-relocation-server is set.
# Meaning and default as for xend-address above.
# Also, interface name is allowed (e.g. eth0) there to get the
# relocation address to be bound on.
#(xend-relocation-address '')# The hosts allowed to talk to the relocation port. If this is empty (the
# default), then all connections are allowed (assuming that the connection
# arrives on a port and interface on which we are listening; see
# xend-relocation-port and xend-relocation-address above). Otherwise, this
# should be a space-separated sequence of regular expressions. Any host with
# a fully-qualified domain name or an IP address that matches one of these
# regular expressions will be accepted.
#
# For example:
# (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
#
#(xend-relocation-hosts-allow '')# The limit (in kilobytes) on the size of the console buffer
#(console-limit 1024)##
# NOTE:
# Please read /usr/share/doc/xen-utils-common/README.Debian for Debian specific
# informations about the network setup.##
# To bridge network traffic, like this:
#
# dom0: ----------------- bridge -> real eth0 -> the network
# |
# domU: fake eth0 -> vifN.0 -+
#
# use
#
# (network-script network-bridge)
#
# Your default ethernet device is used as the outgoing interface, by default.
# To use a different one (e.g. eth1) use
#
# (network-script 'network-bridge netdev=eth1')
#
# The bridge is named eth0, by default (yes, really!)
## It is normally much better to create the bridge yourself in
# /etc/network/interfaces. network-bridge start does nothing if you
# already have a bridge, and network-bridge stop does nothing if the
# default bridge name (normally eth0) is not a bridge. See
# bridge-utils-interfaces(5) for full information on the syntax in
# /etc/network/interfaces, but you probably want something like this:
# iface xenbr0 inet static
# address [etc]
# netmask [etc]
# [etc]
# bridge_ports eth0
#
# To have network-bridge create a differently-named bridge, use:
# (network-script 'network-bridge bridge=<name>')
#
# It is possible to use the network-bridge script in more complicated
# scenarios, such as having two outgoing interfaces, with two bridges, and
# two fake interfaces per guest domain. To do things like this, write
# yourself a wrapper script, and call network-bridge from it, as appropriate.
## The script used to control virtual interfaces. This can be overridden on a
# per-vif basis when creating a domain or a configuring a new vif. The
# vif-bridge script is designed for use with the network-bridge script, or
# similar configurations.
#
# If you have overridden the bridge name using
# (network-script 'network-bridge bridge=<name>') then you may wish to do the
# same here. The bridge name can also be set when creating a domain or
# configuring a new vif, but a value specified here would act as a default.
#
# If you are using only one bridge, the vif-bridge script will discover that,
# so there is no need to specify it explicitly. The default is to use
# the bridge which is listed first in the output from brctl.
#
(vif-script vif-bridge)
## Use the following if network traffic is routed, as an alternative to the
# settings for bridged networking given above.
#(network-script network-route)
#(vif-script vif-route)
## Use the following if network traffic is routed with NAT, as an alternative
# to the settings for bridged networking given above.
#(network-script network-nat)
#(vif-script vif-nat)# dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
# This is a minimum both for auto-ballooning (as enabled by
# enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
#(dom0-min-mem 196)
(dom0-min-mem 1024)# Whether to enable auto-ballooning of dom0 to allow domUs to be created.
# If enable-dom0-ballooning = no, dom0 will never balloon out.
#(enable-dom0-ballooning yes)
(enable-dom0-ballooning no)# 32-bit paravirtual domains can only consume physical
# memory below 168GB. On systems with memory beyond that address,
# they'll be confined to memory below 128GB.
# Using total_available_memory (in GB) to specify the amount of memory reserved
# in the memory pool exclusively for 32-bit paravirtual domains.
# Additionally you should use dom0_mem = <-Value> as a parameter in
# xen kernel to reserve the memory for 32-bit paravirtual domains, default
# is "0" (0GB).
(total_available_memory 0)# In SMP system, dom0 will use dom0-cpus # of CPUS
# If dom0-cpus = 0, dom0 will take all cpus available
#(dom0-cpus 0)
(dom0-cpus 1)# Whether to enable core-dumps when domains crash.
#(enable-dump no)# The tool used for initiating virtual TPM migration
#(external-migration-tool '')# The interface for VNC servers to listen on. Defaults
# to 127.0.0.1 To restore old 'listen everywhere' behaviour
# set this to 0.0.0.0
#(vnc-listen '127.0.0.1')# The default password for VNC console on HVM domain.
# Empty string is no authentication.
(vncpasswd '')# The VNC server can be told to negotiate a TLS session
# to encryption all traffic, and provide x509 cert to
# clients enabling them to verify server identity. The
# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
# all support the VNC extension for TLS used in QEMU. The
# TightVNC/RealVNC/UltraVNC clients do not.
#
# To enable this create x509 certificates / keys in the
# directory ${XEN_CONFIG_DIR} + vnc
#
# ca-cert.pem - The CA certificate
# server-cert.pem - The Server certificate signed by the CA
# server-key.pem - The server private key
#
# and then uncomment this next line
# (vnc-tls 1)# The certificate dir can be pointed elsewhere..
#
# (vnc-x509-cert-dir vnc)# The server can be told to request & validate an x509
# certificate from the client. Only clients with a cert
# signed by the trusted CA will be able to connect. This
# is more secure the password auth alone. Passwd auth can
# used at the same time if desired. To enable client cert
# checking uncomment this:
#
# (vnc-x509-verify 1)# The default keymap to use for the VM's virtual keyboard
# when not specififed in VM's configuration
#(keymap 'en-us')# Script to run when the label of a resource has changed.
#(resource-label-change-script '')# Rotation count of qemu-dm log file.
#(qemu-dm-logrotate-count 10)# Path where persistent domain configuration is stored.
# Default is /var/lib/xend/domains/
#(xend-domains-path /var/lib/xend/domains)# Number of seconds xend will wait for device creation and
# destruction
#(device-create-timeout 100)
#(device-destroy-timeout 100)# When assigning device to HVM guest, we use the strict check for HVM guest by
# default. (For PV guest, we use loose check automatically if necessary.)
# When we assign device to HVM guest, if we meet with the co-assignment
# issues or the ACS issue, we could try changing the option to 'no' -- however,
# we have to realize this may incur security issue and we can't make sure the
# device assignment could really work properly even after we do this.
#(pci-passthrough-strict-check yes)# If we have a very big scsi device configuration, start of xend is slow,
# because xend scans all the device paths to build its internal PSCSI device
# list. If we need only a few devices for assigning to a guest, we can reduce
# the scan to this device. Set list list of device paths in same syntax like in
# command lsscsi, e.g. ('16:0:0:0' '15:0')
# (pscsi-device-mask ('*'))
On a modifié :
(dom0-min-mem 1024)
(enable-dom0-ballooning no)
(dom0-cpus 1)
Mettre le démarrage automatique sur 'xen' en utilisant la commande dpkg-divert --divert /etc/grub.d/08_linux_xen --rename /etc/grub.d/20_linux_xen , pour revenir à l'origine utiliser la commande : dpkg-divert --rename --remove /etc/grub.d/20_linux_xen
penser à updater votre grub avact la commande : update-grub ou update-grub2
La commande xm est remplacée par la commande xl depuis la version 4..
Page 2 sur 14
