I believe that yum-cron now comes package with, but if it doesn’t this do the trick.

Upgrade yum first
# yum upgrade yum
Reboot
Check to see if you already have yum-cron – the cron job for updating
# rpm -qa|grep yum-cron
 yum-cron-0.6-1.el5.centos
If you need to get yum-cron do
# yum install yum-cron.noarch
To configure yum-cron do
# /etc/init.d/yum-cron start
Check it’s running
# /etc/init.d/yum-cron status
Configure it to run at boot
# /sbin/chkconfig yum-cron on

Guest prep

For this guide the guest Xen VM is named “foo”

Check current kernel version (XEN)

$uname -a 
2.6.18-194.11.4.el5xen

Install kernel

$yum install kernel
Downloading Packages:
Kernel-2.6.18-308.16.1.el5.x86_64.rpm

The new kernel will now show up in /boot

 $lst -ltr /boot
 initrd-2.6.18-308.16.1.el5.img

Now edit the grub menu.lst

 $vi /boot/grub/menu.lst

and set initrd-2.6.18-308.16.1.el5.img to be default, this is the new NON Xen kernel you’ve just downloaded and installed.

# grub.conf generated by anaconda
  #
  # Note that you do not have to rerun grub after making changes to this file
  # NOTICE:  You have a /boot partition.  This means that
  #          all kernel and initrd paths are relative to /boot/, eg.
  #          root (hd0,0)
  #          kernel /vmlinuz-version ro root=/dev/xvda2
  #          initrd /initrd-version.img
  #boot=/dev/xvda
  default=1   <===== Change to "0"
  timeout=5
  splashimage=(hd0,0)/grub/splash.xpm.gz
  hiddenmenu
  title CentOS (2.6.18-308.16.1.el5)
  root (hd0,0)
  kernel /vmlinuz-2.6.18-308.16.1.el5 ro root=LABEL=/
  initrd /initrd-2.6.18-308.16.1.el5.img
  title CentOS (2.6.18-194.11.4.el5xen)
  root (hd0,0)
  kernel /vmlinuz-2.6.18-194.11.4.el5xen ro root=LABEL=/
  initrd /initrd-2.6.18-194.11.4.el5xen.img

Edit /etc/modeprobe.conf from this

 alias eth0 xennet
 alias scsi_hostadapter xenblk

To this

 alias eth0 e1000
 alias scsi_hostadapter mptbase
 alias scsi_hostadapter1 mptspi
 alias scsi_hostadapter2 ata_piix

Edit /etc/sysconfig/network-scripts/ifcfg-eth0, remove HWADDR line

# Xen Virtual Ethernet
  DEVICE=eth0
  BOOTPROTO=static
  HWADDR=00:18:3E:45:BA:71  <==== Remove this
  IPADDR=10.1.200.10
  NETMASK=255.255.0.0
  ONBOOT=yes

Edit the /etc/inittab and comment out the line “co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav“

# Run gettys in standard runlevels
  # xen
 #co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav <==== Comment out
 1:2345:respawn:/sbin/mingetty --noclear tty1
 1:2345:respawn:/sbin/mingetty tty1
 2:2345:respawn:/sbin/mingetty tty2
 3:2345:respawn:/sbin/mingetty tty3
 4:2345:respawn:/sbin/mingetty tty4
 5:2345:respawn:/sbin/mingetty tty5
 6:2345:respawn:/sbin/mingetty tty6

Create new initrd file

$mkinitrd -f /boot/initrd-2.6.18-308.16.1.el5.img 2.6.18-308.16.1.el5

If it complains about “no module xenblk found – aborting” then do this:

 $mkinitrd --builtin=xenblk  -f /boot/initrd-2.6.18-308.16.1.el5.img 2.6.18-308.16.1.el5

Now poweroff the guest

Host

Now go to the host where the old Xen VM use to run

Check the Xen VM is off, the VM should NOT be listed

 xm list

Note LV paths

 grep -RniI foo /etc/xen/config

Convert the image

 qemu-img convert -f raw /dev/xend_vg/foo.lv -O vmdk ./foo.vmdk

Create the vmdk, a quick explanation of the options used:

-r (the source disk)
-t 4 (Specify the virtual disk type)

0 – create a growable virtual disk contained in a single file (monolithic sparse).
1 – create a growable virtual disk split into 2GB files (split sparse).
2 – create a preallocated virtual disk contained in a single file (monolithic flat).
3 – create a preallocated virtual disk split into 2GB files (split flat).
4 – create a preallocated virtual disk compatible with ESX server (VMFS flat).
5 – create a compressed disk optimized for streaming.

Option 4 fitted my environment, so do the following:

$vmware-vdiskmanager -r foo_ide.vmdk -t 4 ./fo_t4.vmdk
 Creating disk './n01_t4.vmdk'
  Convert: 16% done.mware-vdiskmanager -r n01_ide.vmdk -t 4 ./n01_t4.vmdk
  Virtual disk conversion successful.

Edit foo_t4.vmdk to change the adapter type from “ide” to “lsilogic”

 # Disk DescriptorFile
 version=1
 CID=4fbd3245
 parentCID=ffffffff
 createType="vmfs"
 # Extent description
 RW 25165824 VMFS "foo_t4-flat.vmdk" 0
 # The Disk Data Base
 #DDB
 ddb.virtualHWVersion = "4"
 ddb.encoding = "UTF-8"
 ddb.uuid = "60 00 C2 94 ec 00 b0 4f-bd b4 02 3d e6 c5 09 c5"
 ddb.geometry.cylinders = "24966"
 ddb.geometry.heads = "16"
 ddb.geometry.sectors = "63"
 ddb.adapterType = "lsilogic"  <==== change this

This worked fine on version:
Sending host CentOS 6.2 final 64-bit to receiving host CentOS 5.6 final 64-bit

Sending
To send logs to remote server (central log server et-al) add the following to the end of the /etc/syslog.conf/rsyslog.conf, best to explicity specify the port number as there is some sort of bug in certain version of syslog with port handling.

*.* @ ip_of_remote_server:514

then restart syslog
service syslog restart

That is it, if you are running newer versions of rsyslog, older version version are configured in a slightly different way.

You can change the syslogd compatabilty modes by editing /etc/sysconfig/rsyslog file, you change the “-c 4″ option to the version you want to use, the example below shows the lastest , if you want compatabilty with older versions change “-c 4″ to “-c 2″, or whatever version you want to use, lots caveats using older versions so I recommend reading the man pages. Also note, the compatabilty option always has to be the first option specified.

SYSLOGD_OPTIONS=”-c 4″

Receiving
For a Linux machine (central log server et-al) to receive the logs file do the following:

Open UDP port 514
iptables -I RH-Firewall-1-INPUT -s 10.1.250.0/24 -m udp -p udp –dport 514 -j ACCEPT

Then save it to make it persistent after reboots:
/etc/initit.d/iptables save

Restart iptables
service iptables restart

Check it has done what you expect
iptables -L -v

Check /etc/sysconfig/rsyslog is as follows (this is usually the default)
SYSLOGD_OPTIONS=”-c 4″

Add the following 2 lines to /etc/rsyslog.conf, these appear not to be presnt on a standard Linux install – note, the order is important
$UDPServerAddress *
$UDPServerRun 514

You may have to uncomment a bunch of stuff, for

A bunch of other stuff needs to be there as well, below is a copy of my modified rsyslog.conf

# Note since version 3 rsyslog requires to load plug-in modules to perform useful work (more about compatibilty notes v3).
# To load the most common plug-ins, add the following to the top of rsyslog.conf:

$ModLoad immark # provides –MARK– message capability   <===uncomment this
$ModLoad imudp # provides UDP syslog reception   <===uncomment this
$ModLoad imtcp # provides TCP syslog reception and GSS-API (if compiled to support it)   <===uncomment this

# Provides UDP syslog reception
$ModLoad imudp.so   <===uncomment this
$UDPServerAddress *    <==== add this
$UDPServerRun 514    <==== add this

# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
# Provides UDP forwarding. The IP is the server’s IP address

Changing some of the options may break compatibility with Windows XP and older versions of Samba may not support some of the above options.

 Optimal settings overview
a) lanman auth = No (prevents use of weak password hashes, breaks compatibility with XP, unless XP registry hack has been applied)
b) encrypt passwords = Yes (encrypts password, hash is easy to crack, this is why we set lanman auth, see above, to No)
c) ntlm auth = No (If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permitted Not all clients support NTLMv2, and most will require special configuration to use it.)
d) client NTLMv2 auth = Yes (setting this means only NTLMv2 logins will be attempted & disables NTLMv1, client lanman & client plaintext )
e) client lanman auth = No (prevents smb clients  & tools from using weak password hash, disabling this option will also disable the client plaintext auth option below.)
f) client plaintext auth = No (this will be disabled when client NTLMv2 auth is enabled)
g) workgroup = xxx
h) realm = xxx.LOCAL
i) security = ADS
j) bind interfaces only = Yes (When set, you specify the interface/s with interfaces = 10.1.250.9 for example)
k) hosts allow = xxx.xx.xxx. xxx.xx.xxx. 127. 10. 192.168.

From:
encrypt passwords = Yes
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes

To:
encrypt passwords = Yes
lanman auth = No
ntlm auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
bind interfaces only = yes
interfaces = xx.xx.xx.xx
hosts allow = xxx.xx.xxx. xxx.xx.xxx. 127. 10. 192.168.