Xen

Here are some of my notes about things I did with Xen and Centos, now that Centos 5 is out, Xen is included. That will make your life a lot easier.

Contents

  1. Install Centos 4.x
  2. Installing Xen
  3. dom0
  4. domUs
  5. Links

Installation on Centos 4.x

From this document I started using Centos 4.x as my dom0.

[WWW] http://www.colug.net/pipermail/colug432/2005-July/001040.html

I decided to recompile the kernel because all of the firewalling modules required to run the base Centos Firewall were not present.

Install Centos 4.x

Install the OS with minimal configuration as this will be your dom0 and have the "Development Tools" group available. 

yum -y groupinstall "Development Tools"

I actually build my Xen installs inside a domU guest Centos 4.x image so you can remove the Development Tools after you are done installing and do your future development in a guest domU.

Install the Centos GPG Key

Should no longer be required 

rpm --import /usr/share/doc/centos-release-4/RPM-GPG-KEY

Dev86

If you are on x86_64 you'll have to get Dev86 out of the i386 branch

This will change over time but somewhere like: 

http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/dev86-0.16.16-1.i386.rpm

LibVNCServer

[WWW] http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=169877&release_id=371858 

wget http://easynews.dl.sourceforge.net/sourceforge/libvncserver/LibVNCServer-0.8pre-1.x86_64.rpm

Building it 

wget http://libvncserver.sourceforge.net/LibVNCServer-0.8pre.tar.gz
tar -xvzf LibVNCServer-0.8pre.tar.gz
cd LibVNCServer-0.8pre
./configure
make

Install the RpmForge repository

[WWW] http://wiki.centos.org/Repositories/RPMForge

Install the Centos Extras repository

In order to get mercurial [WWW] http://centos.karan.org/kbsingh-CentOS-Extras.repo

Install utilites required by Xen

yum install python-twisted python-devel zlib-devel curl bridge-utils mercurial SDL SDL-devel

Installing Xen

Building the kernels

You can download a release version, or a testing version if you prefer, but I want the newest available kernel so that I can have more recent HVM patches.

Download xen-unstable 

cd /usr/src/
# hg clone http://xenbits.xensource.com/xen-3.0-unstable.hg
# cd xen-unstable.hg
# make prep-kernels
xen
cd linux-2.6.16.13-xen
make menuconfig

turn all the firewalling options on except for the experimental and debugging ones Networking  -> Networking Options -> Network packet filtering ->

Dell/LSI Megaraid controller Device Drivers -> SCSI Device support -> SCSI low-level drivers -> LSI Logic Management Module -> LSI Logic MegaRAID Driver

I2C support for lm_sensors 

Device Drivers -> I2O device support
Device Drivers -> I2C support
Device Drivers -> Hardware Monitoring Support

SUNRPC module Change NFS file system support to a modules <M>  File systems -> Network File Systems -> NFS file system support 

Make a distribution copy of the installer: 

make dist
mv dist xen-unstable-firewall-install
tar -cvzf xen-unstable-firewall-install.tar.gz xen-unstable-firewall-install

dom0

patch vif-common.sh for RH Firewall

Out of date, but the idea is right. 

--- /etc/xen/scripts/vif-common.sh.orig 2005-11-30 19:41:44.000000000 -0700
+++ /etc/xen/scripts/vif-common.sh      2005-11-30 19:42:09.000000000 -0700
@@ -62,11 +62,13 @@
     local c="-D"
   fi

+  iptables -D FORWARD -j RH-Firewall-1-INPUT
   iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT ||
     [ "$c" == "-D" ] ||
     log err \
      "iptables $c FORWARD -m physdev --physdev-in $vif $@ -j ACCEPT failed.
 If you are using iptables, this may affect networking for guest domains."
+  iptables -A FORWARD -j RH-Firewall-1-INPUT
 }

Make dhcp dhclient work in dom0 and domU. I added them to /etc/sysconfig/iptables on dom0: 

---- /etc/sysconfig/iptables.orig        2005-12-01 12:18:03.000000000 -0700
+++ /etc/sysconfig/iptables     2005-12-01 12:18:32.000000000 -0700
@@ -6,6 +6,8 @@
 :OUTPUT ACCEPT [0:0]
 :RH-Firewall-1-INPUT - [0:0]
 -A INPUT -j RH-Firewall-1-INPUT
+-A FORWARD -m physdev --physdev-in peth0 -j ACCEPT
+-A FORWARD -m physdev --physdev-in vif0.0 -j ACCEPT
 -A FORWARD -j RH-Firewall-1-INPUT
 -A RH-Firewall-1-INPUT -i lo -j ACCEPT

Initrd for dom0

My dom0 filesystem is on a raid controller, Centos will require an initrd file. 

cd /boot
depmod -a -v 2.6.16.13-xen
mkinitrd -v initrd-2.6.16.13-xen.img 2.6.16.13-xen
ln -s initrd-2.6.16.13-xen.img initrd-2.6-xen.img

Configure Grub

title Xen 3.0-unstable / XenLinux 2.6
        root (hd0,0)
        kernel /xen-3.0.gz console=vga
        module /vmlinuz-2.6-xen ro root=LABEL=/ console=tty0
        module /initrd-2.6-xen.img

Add Services

chkconfig --add xend
chkconfig --add xendomains

Make a directory for xen saves

mkdir -p /var/lib/xen/save/

Disable TLS (not required on x86_64)

mv /lib/tls /lib/tls.disabled

Turn off Microcode_ctl

chkconfig microcode_ctl off

domUs

Creating LVM partitions for a Xen guest

My PV is called pv00 and my VG is called vg00 

lvcreate -L 5G -n xen00 vg00
lvcreate -L 512M -n xen00-swap vg00
mkfs.ext3 /dev/vg00/xen00
mkswap /dev/vg00/xen00-swap

Copy in the guestOS from a http://jailtime.org/ image

This was only x86 last time I checked 

wget centos.4-2.20051017.img.tgz
wget centos.4-2.20051017.img.tgz.md5
md5sum -c centos.4-2.20051017.img.tgz.md5
tar -xvzf centos.4-2.20051017.img.tgz

mkdir /mnt/tmp
mount /dev/vg00/xen00 /mnt/tmp
mkdir /mnt/image
mount -o loop centos.4-2.img /mnt/image
rsync -av /mnt/image/ /mnt/tmp/
umount /mnt/tmp /mnt/image

fstab for domU

# This file is edited by fstab-sync - see 'man fstab-sync' for details
/dev/sda1               /                       ext3    defaults 1 1
/dev/sda2               none                    swap    sw       0 0
none                    /dev/pts                devpts  gid=5,mode=620 0 0
none                    /dev/shm                tmpfs   defaults 0 0
none                    /proc                   proc    defaults 0 0
none                    /sys                    sysfs   defaults 0 0

Xen configuration file

kernel = "/boot/vmlinuz-2.6-xen"
ramdisk = "/boot/initrd-2.6-xen.img"
memory = 512
name = "xen00"
vif = [ '' ]
dhcp = "dhcp"
disk = ['phy:/dev/vg00/xen00,sda1,w', 'phy:/dev/vg00/xen00-swap,sda2,w']
root = "/dev/sda1 ro"

Disable TLS (not required on x86_64)

mv /lib/tls /lib/tls.disabled

Remove unneeded packages

yum remove gpm

Turn off microcode_ctl and smartd

chkconfig microcode_ctl off
chkconfig smartd off

Links

Preconfigured images (x86 last time I checked)

[WWW] http://jailtime.org/

[WWW] http://www.xen-get.org/

Xen cluster

[WWW] http://ian.blenke.com/xen/

Xen domU as a firewall

[WWW] http://lists.xensource.com/archives/html/xen-users/2005-07/msg00558.html

General Links

[WWW] http://www.howtoforge.com/archive/2005/11/9

[WWW] http://www.xmlvalidation.com/xen_howto_sarge.0.html

[WWW] http://www.option-c.com/xwiki/Xen_Debian_Quick_Start

[WWW] http://wiki.xensource.com/xenwiki/XenFaq

[WWW] http://xenfr.org/tiki-index.php?page=T%C3%A9l%C3%A9chargement

[WWW] http://ooo.sivit.fr/contrib/XEN/vm/

[WWW] http://project-xen.web.cern.ch/project-xen/xen/howto.html

[WWW] http://howto.x-tend.be/AutomatingVirtualMachineDeployment/

[WWW] http://www-128.ibm.com/developerworks/linux/library/l-xen/

[WWW] http://www.option-c.com/xwiki/Xen_Debian_Quick_Start

[WWW] http://wiki.xensource.com/xenwiki/UbuntuHoaryHowTo

[WWW] http://members.liwest.at/howzit/xen/

[WWW] http://www.hpl.hp.com/techreports/2004/HPL-2004-207R1.pdf

[WWW] http://www.colug.net/pipermail/colug432/2005-July/001040.html

Redhat Xen Mercurial Repository [WWW] http://hg.et.redhat.com/kernel/

last edited 2007-03-29 22:16:27 by MichaelBest