CSR Geomatics Server Setup

A dedicated server has been setup in CSR, for hosting the software and database.

Here below, technical information about the setup.

dream.csr.av (

- Debian 9
- Xen hypervisor
- libvirt for the orchestration of VMs
- management with ansible



Found minor issues with the installation (eg. issues with HDDs, Dell EFI boot).
This document starts from a working Debian Xen server.

Installed on a mirror of 2*2TB drives with btrfs.

Update (see #7156): re-installed the OS on /dev/sdc2, ext4, without RAID/LVM.

Storage for domUs

A LVM dream.csr has been created for the domUs.


With systemd.networkd: bridge "br0" to the physical ethernet.

Create a VM

Adjust the parameters from:

export vm_name=infra.csr.av
export vm_ip_addr=
export vm_password=foobar

Create the domU:

root@dream:~# xen-create-image --broadcast= --dist=stretch --fs=ext4 --gateway= --hostname ${vm_name} --ip=${vm_ip_addr} --lvm=dream.csr --maxmem=512M --memory=256M --mirror= --netmask= --password=${vm_password} --size=10G --swap=1G --vcpus=1 --bridge=br0

Note that IP address will be set in the VM, and the vm_ip_addr isn't actually used.


Migrate XL to libvirt

After creation using xen-create-image, migrate the definition of the domU to libvirt:

virsh -c xen:/// domxml-from-native xen-xm /etc/xen/${vm_name}.cfg > /tmp/${vm_name}.xml
virsh define /tmp/${vm_name}.xml

From this point onward, one can log out from the dom0's console and use virsh or "Virtual Machine Manager" from your computer to administer the VM, eg:

  • Set "Auto start" on dom0 boot
  • Set memory limits, etc

Start the domU

Use "Virtual Machine Manager" or the command:

virsh -c xen+ssh://root@dream.csr.av/ start ${vm_name}

To do in a libvirt shell

Start a libvirt shell, with "Virtual Machine Manager" or with the command:

virsh -c xen+ssh://root@dream.csr.av/ console ${vm_name}

Log in as root in the libvirt console.

Network config

Add /etc/systemd/network/ (adjust the IP):




systemctl enable --now systemd-networkd.socket
systemctl enable --now systemd-networkd.service
systemctl disable --now networking.service

Post-install ssh config

Allow ssh root login with password in /etc/ssh/sshd_config:

sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart ssh.service

From this point onwards, one can close the console session opened via libvirt.


Log in to the local DNS server with:

ssh root@infra.csr.av

Update the 2 files in /etc/bind/zones (zones/db.csr.av zones/db.192.168.0) and reload the DNS with:

rndc reload


Log in to the local DNS server, update the 2 files in /etc/bind9/zones, and run:

rndc reload

Allow yourself to log in easily with your ssh key

Copy your ssh key to the domU: run from your own computer:

ssh-copy-id root@${ip_addr}


Using the Ansible project developed in Blue Light:

%{color:#2369ff;font-size: 1.1em;} Prepare the host

Install Python

apt install -y python


The Postgis database runs on its specific domU (gisdb.csr.av,


After installing the Postgis package (eg. assign the "postgis" Ansible's role), follow up to Db-support


The Jupyter server runs on its specific domU (jupyter.csr.av,


See #6990 .