Xen
From Funtoo Linux
THIS ARTICLE IS STILL NOT COMPLETE
Contents
|
Funtoo Xen Fun
We are talking about Xen on Funtoo Linux and how to setup Xen virtualization properly. Especially, we are going to show you how much fun it is to work with Xen hosts and domU's and setting up a Funtoo Xen Server without general clicky GUI's or other frontends.
Funtoo Xen Server with paravirt funtoo domU
Assumptions:
We build a 64bit headless XEN hypervisor rockstable and rocket fast with a funtoo headless 64bit paravirt domU. We are not building Xen with pvgrub!
Buiding Funtoo Xen Host Dom0
Most of the necassary steps are covered in the Installation Tutorial. We only do outline here the steps that are necessary to enjoy an easy and successful Dom0 setup or if something differs from the normal installation tutorial.
Please, open in a second tab the Installation Tutorial and follow in both carefully the next steps!
Basic Funtoo Xen Host Dom0 setup
I recommend you use only stable packages for the host dom0 !
Please consider the decision carefully. I can't stress out enough, you will avoid a lot of problems taking the stable distrib as dom0. The domU guests could be either unstable or hardened, as you wish! There comes the true fun part ;-) That's why I first edit my make.conf bevor building anything!
Here is how I set up the system basics: Disk is /dev/sda
/dev/sda1 is our / partition ca 20GB ext4 /dev/sda2 is our swap partition ca 4GB /dev/sda3 holds the lvm volume group vgxen
I did a raid 1, lvm2 install - which I strongly advice to everybody.
Store of xen stuff:
/etc/xen/ --> xend configuration files /xen/configs/ --> my xen domU configuration files folder /xen/kernel --> my xen domU kernel folder /xen/disks/ --> my xen domU image files folder
set Dom0 to stable
Don't forget to allow only stable packages! write it into your make.conf!
ACCEPT_KEYWORDS="amd64"
Basic DomU System setup
We are going to build the DomU now, preparing first from outside the domU.
create lvm volume or partition or image file
This is a stub, please help completing this guide here!
# vgcreate vgxen /dev/sda3 # lvcreate -L10G -n funtoo_root vgxen # lvcreate -L1G -n funtoo_swap vgxen # vgchange -a y # mkfs.ext4 -L funtoo_root /dev/vgxen/funtoo_root # mkswap -L funtoo_swap /dev/vgxen/funtoo_swap # rc-update add lvm boot
mount domU lvm volume or physical partition or image file
# mkdir /mnt/domu1 # mount /dev/vgxen/funtoo_root /mnt/domu1 # cd /mnt/domu1
get stage3
from a funtoo mirror near you, I suggest you look at the funtoo homepage
# links http://www.funtoo.org/wiki/Download
Then choose a mirror near you ( I use Heanet in EU ) and look for the right stage3. I use XEON CPUs so I take the core2 distrib:
# wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/x86-64bit/core2_64/stage3-current.tar.xz
Unfortunately I can't find md5sums or similar which is really unpleasant.
then get latest portage tree from the snapshots firectory
# wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/snapshots/portage-current.tar.xz
extract stage3
# cd /mnt/domU1/ # tar xvfpJ stage3-current.tar.xz
extract portage
# cd usr # tar xfvpJ ../portage-current.tar.xz
Preparing the chroot environment
Editing the make.conf =
copy /etc/make.conf from dom0 and adjust it
# cp /etc/make.conf /mnt/domu1/etc/
make sure to adjust MAKEOPTS to your assigned CPUs (rule of thumb cpu cores +1 - yes, even in XEN)
# nano -w /mnt/domu1/etc/make.conf
out there the MAKEOPTS variable in:
MAKEOPTS="-j2"
If you want to build domUs with newer packages set the distrib to testing:
ACCEPT_KEYWORDS="~amd64"
copy /etc/resolv.conf
# cp -L /etc/resolv.conf /mnt/domu1/etc/
mount proc and dev
# mount -t proc none /mnt/domu1/proc # mount --rbind /dev /mnt/domu1/dev
Building Funtoo Xen Guest(s) DomU
Final DomU System setup
chroot
# chroot /mnt/domu1 /bin/bash # env-update # source /etc/profile # export PS1="(domU-chroot) $PS1"
sync portage
# cd /usr/portage/ # git branch # git checkout funtoo.org # emerge –-sync
profile
show available profiles and check if the server profile is selected, marked by *
# eselect profile list
Zitat:
Available profile symlink targets: [1] default/linux/amd64/2008.0 * [2] default/linux/amd64/2008.0/desktop [3] default/linux/amd64/2008.0/developer [4] default/linux/amd64/2008.0/server
(optional) if you want another profile -> choose it by setting the number displayed in front of the profile list output above (I took server)
# eselect profile set 4
double check if the right profile was set
# eselect profile show Current /etc/make.profile symlink: default/linux/amd64/2008.0/server
set locales
# nano -w /etc/locale.gen # locale-gen
set your timezone
(choose your timezone in /usr/share/zoneinfo)
# cp -L /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
edit /etc/fstab (see also gentoo handbook as reference)
we assume that we name our root partition xvda1 and the swap partition xvda2 in our domU-xen-config (we will do that later)
# nano -w /etc/fstab
/dev/xvda1 / ext4 noatime 0 1 /dev/xvda2 none swap sw 0 0 shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
Now comes the most important stuff
please just copy this into your terminal:
echo '
Larry loves Funtoo
_________________________
< Have you mooed today? >
-------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
.::::::::::::::: WELCOME TO ^^^^^^^^^^^^^^^^^^^:::::::::::::..
...............................................................
:########:'##::::'##:'##::: ##:'########::'#######:::'#######::.
:##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##::
:##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##::
:######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##::
:##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##::
:##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##::
:##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′
.::::::::::.......:::..::::..:::::..::::::.......::::.......::´
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
'> /etc/motd
We are using the echo instead of „emerge --moo „ as larry still moo's in gentoo'ish
So that's it - almost.
adding networking to the domU:
(domU-chroot) # cd /etc/init.d/ (domU-chroot) # ln -sf netif.lo netif.eth0 (domU-chroot) # rc-update add netif.eth0 * service netif.eth0 added to runlevel sysinit
Now we are ready to do the last setups
First I always do setup ssh server:
(domU-chroot) # emerge gentoolkit eix openssh (domU-chroot) # rc-update add sshd default * service sshd added to runlevel default
After that I am feeling better and do the rest..
(domU-chroot) # eix-update
Reading Portage settings ..
Building database (/var/cache/eix) ..
[0] "gentoo" /usr/portage/ (cache: metadata-md5-or-flat)
Reading category 154|154 (100%) Finished
Applying masks ..
Calculating hash tables ..
Writing database file /var/cache/eix ..
Database contains 15729 packages in 154 categories.
(domU-chroot) # exit
exit
From here you have to decide how you want to run your domU: with unpriviledged users and sudo ? or with a root account enabled? as a webserver or firewall?
Me, personally, I always do install openssh server and just place my ssh keys in there. From there the steps differ.
(dom0-xen) # cp /root/.ssh/authorized_keys /mnt/domu1/root/.ssh/
Double checking! Does your domU kernel uses modules or not? If you haven't built a monolitic kernel you should copy the modules from the dom0 to the domU now:
(dom0-xen) # mkdir /mnt/domu1/lib/modules (dom0-xen) # rsync -aP /lib/modules/2.6.38-xen-maiwald.tk-dom0 /mnt/domu1/lib/modules/
Ok, that's it from here..
Don't forget to clean up the mounts!
(dom0-xen) # cd (dom0-xen) # umount -l /mnt/domu1/proc (dom0-xen) # umount -l /mnt/domu1/dev (dom0-xen) # umount -l /mnt/domu1
That's it!
Booting the Xen DomU Guest
Ok, let's try the first boot of the newly created Xen DomU in Funtoo!
(dom0-xen) # cd /xen (dom0-xen) # xm create -c configs/funtoo.cfg
Huuuuiiiii......
Using config file "./configs/funtoo.cfg".
Started domain funtoo (id=4)
[ 0.000000] Linux version 2.6.38-xen-maiwald.tk-domU (root@xen) (gcc version 4.4.5 (Gentoo 4.4.5 p1.0, pie-0.4.5) ) #4 SMP Wed Feb 8 17:30:33 CET 2012
[ 0.000000] Command line: root=/dev/xvda1 ro ip=217.x.x.211:127.0.255.255:217.x.x.1:255.255.255.0:domU:eth0:off xencons=tty console=xvc0 raid=noautodetect
[ 0.000000] Xen-provided physical RAM map:
[ 0.000000] Xen: 0000000000000000 - 0000000040800000 (usable)
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] last_pfn = 0x40800 max_arch_pfn = 0x80000000
[ 0.000000] init_memory_mapping: 0000000000000000-0000000040800000
[ 0.000000] Zone PFN ranges:
[ 0.000000] DMA 0x00000000 -> 0x00001000
[ 0.000000] DMA32 0x00001000 -> 0x00100000
[ 0.000000] Normal empty
[ 0.000000] Movable zone start PFN for each node
[ 0.000000] early_node_map[2] active PFN ranges
[ 0.000000] 0: 0x00000000 -> 0x00040000
[ 0.000000] 0: 0x00040800 -> 0x00040800
[ 0.000000] setup_percpu: NR_CPUS:16 nr_cpumask_bits:16 nr_cpu_ids:1 nr_node_ids:1
[ 0.000000] PERCPU: Embedded 18 pages/cpu @ffff88003efc0000 s42304 r8192 d23232 u73728
[ 0.000000] Swapping MFNs for PFN 6d6 and 3efc7 (MFN 15deb0 and 1223bf)
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 256109
[ 0.000000] Kernel command line: root=/dev/xvda1 ro ip=217.171.190.211:127.0.255.255:217.171.190.1:255.255.255.0:alyx1:eth0:off xencons=tty console=xvc0 raid=noautodetect
[ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.000000] Software IO TLB disabled
[ 0.000000] Memory: 1022732k/1056768k available (3657k kernel code, 8192k absent, 25844k reserved, 1261k data, 264k init)
[ 0.000000] SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] NR_IRQS:96
[ 0.000000] Xen reported: 2992.570 MHz processor.
[ 0.000000] Console: colour dummy device 80x25
[ 0.000000] console [tty-1] enabled
[ 0.150003] Calibrating delay using timer specific routine.. 6018.63 BogoMIPS (lpj=30093193)
[ 0.150008] pid_max: default: 32768 minimum: 301
[ 0.150034] Mount-cache hash table entries: 256
[ 0.150173] SMP alternatives: switching to UP code
[ 0.170232] Freeing SMP alternatives: 20k freed
[ 0.170342] Brought up 1 CPUs
[ 0.170377] devtmpfs: initialized
[ 0.170601] xor: automatically using best checksumming function: generic_sse
[ 0.220004] generic_sse: 7325.200 MB/sec
[ 0.220008] xor: using function: generic_sse (7325.200 MB/sec)
[ 0.220091] NET: Registered protocol family 16
[ 0.220186] Brought up 1 CPUs
[ 0.220217] bio: create slab <bio-0> at 0
[ 0.390014] raid6: int64x1 2353 MB/s
[ 0.560003] raid6: int64x2 2964 MB/s
[ 0.730026] raid6: int64x4 2357 MB/s
[ 0.900012] raid6: int64x8 2116 MB/s
[ 1.070007] raid6: sse2x1 5349 MB/s
[ 1.240009] raid6: sse2x2 5404 MB/s
[ 1.410005] raid6: sse2x4 8597 MB/s
[ 1.410008] raid6: using algorithm sse2x4 (8597 MB/s)
[ 1.410022] suspend: event channel 6
[ 1.410022] xen_mem: Initialising balloon driver.
[ 1.410096] Switching to clocksource xen
[ 1.410125] FS-Cache: Loaded
[ 1.410152] CacheFiles: Loaded
[ 1.410268] NET: Registered protocol family 2
[ 1.410288] IP route cache hash table entries: 32768 (order: 6, 262144 bytes)
[ 1.410391] TCP established hash table entries: 131072 (order: 9, 2097152 bytes)
[ 1.410951] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
[ 1.411180] TCP: Hash tables configured (established 131072 bind 65536)
[ 1.411183] TCP reno registered
[ 1.411186] UDP hash table entries: 512 (order: 2, 16384 bytes)
[ 1.411192] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[ 1.411229] NET: Registered protocol family 1
[ 1.411290] platform rtc_cmos: registered platform RTC device (no PNP device found)
[ 1.411401] Intel AES-NI instructions are not detected.
[ 1.411437] audit: initializing netlink socket (disabled)
[ 1.411444] type=2000 audit(1330014455.606:1): initialized
[ 1.412612] fuse init (API version 7.16)
[ 1.412674] msgmni has been set to 2048
[ 1.412990] NET: Registered protocol family 38
[ 1.413018] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
[ 1.413024] io scheduler noop registered (default)
[ 1.413026] io scheduler deadline registered
[ 1.413049] io scheduler cfq registered
[ 1.413079] Non-volatile memory driver v1.3
[ 1.413088] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[ 1.413090] Hangcheck: Using getrawmonotonic().
[ 1.419520] Switched to NOHz mode on CPU #0
[ 1.423394] brd: module loaded
[ 1.423665] loop: module loaded
[ 1.423771] nbd: registered device at major 43
[ 1.426180] Xen virtual console successfully installed as tty1
[ 1.426216] Event-channel device installed.
[ 1.441658] netfront: Initialising virtual ethernet driver.
[ 1.444972] xen-vbd: registered block device major 202
[ 1.444988] blkfront: xvda1: barriers enabled
[ 1.450287] Setting capacity to 20971520
[ 1.450294] xvda1: detected capacity change from 0 to 10737418240
[ 1.450677] blkfront: xvda2: barriers enabled
[ 1.451661] Setting capacity to 2097152
[ 1.451665] xvda2: detected capacity change from 0 to 1073741824
[ 1.452020] bonding: Ethernet Channel Bonding Driver: v3.7.0 (June 2, 2010)
[ 1.452023] bonding: Warning: either miimon or arp_interval and arp_ip_target module parameters must be specified, otherwise bonding will not detect link failures! see bonding.txt for details.
[ 1.453016] i8042: No controller found
[ 1.453066] mousedev: PS/2 mouse device common for all mice
[ 1.453113] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
[ 1.453145] rtc_cmos: probe of rtc_cmos failed with error -38
[ 1.453155] md: linear personality registered for level -1
[ 1.453158] md: raid0 personality registered for level 0
[ 1.453161] md: raid1 personality registered for level 1
[ 1.453163] md: raid6 personality registered for level 6
[ 1.453166] md: raid5 personality registered for level 5
[ 1.453168] md: raid4 personality registered for level 4
[ 1.453224] device-mapper: uevent: version 1.0.3
[ 1.453273] device-mapper: ioctl: 4.19.1-ioctl (2011-01-07) initialised: dm-devel@redhat.com
[ 1.453340] device-mapper: multipath: version 1.2.0 loaded
[ 1.453343] device-mapper: multipath round-robin: version 1.0.0 loaded
[ 1.453345] device-mapper: multipath queue-length: version 0.1.0 loaded
[ 1.453347] device-mapper: multipath service-time: version 0.2.0 loaded
[ 1.453396] Netfilter messages via NETLINK v0.30.
[ 1.453410] nf_conntrack version 0.5.0 (8192 buckets, 32768 max)
[ 1.453478] ctnetlink v0.93: registering with nfnetlink.
[ 1.453486] IPv4 over IPv4 tunneling driver
[ 1.453548] TCP westwood registered
[ 1.453550] TCP highspeed registered
[ 1.453552] TCP htcp registered
[ 1.453553] TCP vegas registered
[ 1.453555] Initializing XFRM netlink socket
[ 1.453630] NET: Registered protocol family 10
[ 1.453803] IPv6 over IPv4 tunneling driver
[ 1.453863] NET: Registered protocol family 17
[ 1.453868] NET: Registered protocol family 15
[ 1.453870] Registering the dns_resolver key type
[ 1.550094] /usr/src/linux-2.6.38-xen/drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
[ 3.070104] IP-Config: Complete:
[ 3.070109] device=eth0, addr=217.171.190.211, mask=255.255.255.0, gw=217.171.190.1,
[ 3.070116] host=alyx1, domain=, nis-domain=(none),
[ 3.070119] bootserver=127.0.255.255, rootserver=127.0.255.255, rootpath=
[ 3.070212] md: Skipping autodetection of RAID arrays. (raid=autodetect will force)
[ 3.107309] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: (null)
[ 3.107321] VFS: Mounted root (ext2 filesystem) readonly on device 202:1.
[ 3.140059] devtmpfs: mounted
[ 3.140239] Freeing unused kernel memory: 264k freed
INIT: version 2.88 booting
OpenRC 0.8.3 is starting up Funtoo Linux (x86_64)
* Mounting /proc ...
[ ok ]
* WARNING: rc_sys not defined in rc.conf. Falling back to automatic detection
* Caching service dependencies ...
[ ok ]
* Mounting /sys ...
[ ok ]
* udev: /dev already mounted, skipping...
* Mounting /dev/pts ...
[ ok ]
* Mounting /dev/shm ...
[ ok ]
* Bringing up network interface lo ...
RTNETLINK answers: File exists
[ ok ]
* Bringing up network interface lo ...
RTNETLINK answers: File exists
RTNETLINK answers: File exists
[ ok ]
* Starting udevd daemon ...
* Populating /dev with existing devices through uevents ...
[ ok ]
* Autoloaded 0 module(s)
* Checking local filesystems ...
funtoo_root: Superblock last write time is in the future.
(by less than a day, probably due to the hardware clock being incorrectly set). FIXED.
funtoo_root: clean, 173796/655360 files, 436917/2621440 blocks
[ ok ]
* Remounting root filesystem read/write ...
[ ok ]
* Updating /etc/mtab ...
[ ok ]
* Mounting local filesystems ...
[ ok ]
* Configuring kernel parameters ...
[ ok ]
* Creating user login records ...
[ ok ]
* Cleaning /var/run ...
[ ok ]
* Wiping /tmp directory ...
[ ok ]
* Setting hostname to localhost ...
[ ok ]
* Activating swap devices ...
[ ok ]
* udev: storing persistent rules ...
[ ok ]
* Initializing random number generator ...
[ ok ]
INIT: Entering runlevel: 3
* Mounting network filesystems ...
[ ok ]
* Generating dsa host key ...
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
25:e0:a8:05:xxxxxxxxxxxx:1c:1f:ba root@localhost
The key's randomart image is:
+--[ DSA 1024]----+
| ooo.B.o |
| o o *.B o . |
| . + + = = |
| o + * |
| . E S |
| |
| |
| |
| |
+-----------------+
[ ok ]
* Generating rsa host key ...
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
22:e3:46:28:67:xxxxxxxxxxxxxxxxxxxxx:e5:c3 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|. o. .. |
|oo o ..o |
|=oo o E |
|.*oo. . |
|o *.+ . S |
| + o o . |
| o |
| . |
| |
+-----------------+
[ ok ]
* Starting sshd ...
[ ok ]
* Starting local
[ ok ]
Larry loves Funtoo
_________________________
< Have you mooed today? >
-------------------------
^__^
(oo)_______
(__) )/
||----w |
|| ||
.::::::::::::::::::::: WELCOME TO ::::::::::::::::::::::::::..
...............................................................
:########:'##::::'##:'##::: ##:'########::'#######:::'#######::.
:##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##::
:##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##::
:######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##::
:##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##::
:##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##::
:##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′
.::::::::::.......:::..::::..:::::..::::::.......::::.......::´
This is localhost.unknown_domain (Linux x86_64 2.6.38-xen-maiwald.tk-domU) 17:27:40
localhost login:
Now we test if we can reach the DomU from our Desktop:
(2034)-~% ssh -lroot x.x.x.x The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established. RSA key fingerprint is 22:e3:xxxxxxxx:b0:3c:xxxxx:d6:e5:c3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'x.x.x.x' (RSA) to the list of known hosts. Enter passphrase for key '/home/mm/.ssh/id_rsa': localhost ~ # uname -a Linux localhost 2.6.38-xen-maiwald.tk-domU #4 SMP Wed Feb 8 17:30:33 CET 2012 x86_64 Intel(R) Xeon(R) CPU E3110 @ 3.00GHz GenuineIntel GNU/Linux localhost ~ #
