The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "Xen"
m (gentoolkit and openssh are part of stage3) |
|||
(20 intermediate revisions by 3 users not shown) | |||
Line 7: | Line 7: | ||
'''Assumptions''' | '''Assumptions''' | ||
''We build a 64bit headless XEN hypervisor rockstable and rocket fast with a funtoo headless 64bit paravirt domU.'' | ''We build a 64bit headless XEN hypervisor rockstable and rocket fast with a funtoo headless 64bit paravirt domU.'' | ||
We are '''not''' building Xen with pvgrub or hvm (which is kinda slow and overhead as long as you don't want to install | We are '''not''' building Xen with pvgrub or hvm (which is kinda slow and overhead as long as you don't want to install Windows). | ||
== Buiding Funtoo Xen Host Dom0 == | == Buiding Funtoo Xen Host Dom0 == | ||
Line 24: | Line 24: | ||
Here is how I set up the system basics: | Here is how I set up the system basics: | ||
Disk is /dev/sda | Disk is <tt>/dev/sda</tt> | ||
<pre>/dev/sda1 is our / partition ca 20GB ext4 | |||
<pre> | |||
/dev/sda1 is our / partition ca 20GB ext4 | |||
/dev/sda2 is our swap partition ca 4GB | /dev/sda2 is our swap partition ca 4GB | ||
/dev/sda3 holds the lvm volume group vgxen | /dev/sda3 holds the lvm volume group vgxen | ||
</pre> | </pre> | ||
I am using volume groups over raid - which I strongly advice to everybody. | I am using volume groups over raid - which I strongly advice to everybody. | ||
Line 38: | Line 41: | ||
</pre> | </pre> | ||
Edit /etc/rc.conf and uncomment the line at the bottom for rc_sys | Edit <tt>/etc/rc.conf</tt> and uncomment the line at the bottom for rc_sys | ||
<pre>rc_sys="xen0"</pre> | <pre>rc_sys="xen0"</pre> | ||
== Configure and Build Xen Dom0 Kernel == | == Configure and Build Xen Dom0 Kernel == | ||
<console> | <console> | ||
emerge gentoo-sources | ###i## emerge gentoo-sources | ||
cd /usr/src/linux | ###i## cd /usr/src/linux | ||
make menuconfig | ###i## make menuconfig | ||
</console> | </console> | ||
These settings are current as of 3.2.1-gentoo-r2, other versions may vary: | These settings are current as of 3.2.1-gentoo-r2, other versions may vary: | ||
{{kernelop | |||
|title= | |||
|desc= | |||
General setup ---> | General setup ---> | ||
<*> Kernel .config support | <*> Kernel .config support | ||
Line 99: | Line 105: | ||
[*] Use ext4 for ext2/ext3 file systems (NEW) | [*] Use ext4 for ext2/ext3 file systems (NEW) | ||
[*] Ext4 extended attributes (NEW) | [*] Ext4 extended attributes (NEW) | ||
}} | |||
{{Fancyimportant|Don't forget to add the required drivers for your networking and sata cards. If you use RAID, make sure to add the correct CONFIG_MD_RAID* entries to your config.}} | |||
<console> | <console> | ||
make | ###i## make | ||
make modules_install | ###i## make modules_install | ||
</console> | </console> | ||
If you experience issues with connecting to the console ensure the module "xen_gntdev" (userspace grant access device driver) is loaded before the xenconsoled process is started (you may have to restart it after loading the module). | {{Fancynote| If you experience issues with connecting to the console ensure the module "xen_gntdev" (userspace grant access device driver) is loaded before the xenconsoled process is started (you may have to restart it after loading the module).}} | ||
== Configuring Grub == | == Configuring Grub == | ||
Work has been completed to automatically enable Xen Grub entries, so after you copy your dom0 kernel edit your /etc/boot.conf as follows: | Work has been completed to automatically enable Xen Grub entries, so after you copy your dom0 kernel edit your /etc/boot.conf as follows: | ||
<pre> | <pre> | ||
"Funtoo on Xen" { | "Funtoo on Xen" { | ||
Line 120: | Line 127: | ||
} | } | ||
</pre> | </pre> | ||
{{Fancynote| iommu is the paravirtualized instructions, if your motherboard or CPU does not support VT-d do, not enable it. Xsave saves the supported CPU instruction sets -- without it you're dom0 kernel may not boot. dom0_vcpus_pin permanatly assigns cpu's to dom0 -- increasing performance.}} | |||
== Basic Networking with the Dom0 == | == Basic Networking with the Dom0 == | ||
Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit." | Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit." | ||
We are going to set eth0 as the default interface to the outside world for now. eth1 will be part of a bridge (xenbr0) that is going to be used by various domU guests. | |||
Construct the interfaces: | Construct the interfaces: | ||
<console> | <console> | ||
cd /etc/init.d/ | ###i## cd /etc/init.d/ | ||
ln -s netif.tmpl | ###i## ln -s netif.tmpl net.xenbr0 | ||
ln -s netif.tmpl | ###i## ln -s netif.tmpl net.extbr0 | ||
ln -s netif.tmpl | ###i## ln -s netif.tmpl net.eth0 | ||
ln -s netif.tmpl | ###i## ln -s netif.tmpl net.eth1 | ||
rc-update add | ###i## rc-update add net.xenbr0 sysinit | ||
rc-update add | ###i## rc-update add net.extbr0 sysinit | ||
</console> | </console> | ||
Make sure dhcpcd, eth0 and eth1 don't start at boot: | Make sure dhcpcd, eth0 and eth1 don't start at boot: | ||
<console> | <console> | ||
rc-update del dhcpcd sysinit | ###i## rc-update del dhcpcd sysinit | ||
rc-update del | ###i## rc-update del net.eth0 sysinit | ||
rc-update del | ###i## rc-update del net.eth1 sysinit | ||
</console> | </console> | ||
Configure the slave interfaces: | Configure the slave interfaces: | ||
<console> | <console> | ||
cd /etc/conf.d/ | ###i## cd /etc/conf.d/ | ||
echo 'template="interface-noip"' > | ###i## echo 'template="interface-noip"' > net.eth0 | ||
echo 'template="interface-noip"' > | ###i## echo 'template="interface-noip"' > net.eth1 | ||
</console> | </console> | ||
Now, we prepare the bridges: | |||
<console> | <console> | ||
nano | ###i## nano net.xenbr0 | ||
</console> | </console> | ||
here we set the internal Xen bridge: | here we set the internal Xen bridge by editing <code>/etc/conf.d/net.xenbr0</code>: | ||
<pre> | <pre> | ||
template="bridge" | template="bridge" | ||
Line 162: | Line 171: | ||
nameservers="10.0.1.1 10.0.1.2" | nameservers="10.0.1.1 10.0.1.2" | ||
domain="funtoo.org" | domain="funtoo.org" | ||
slaves=" | slaves="net.eth0" | ||
</pre> | </pre> | ||
Then we | |||
Then, we set up the external interface: | |||
<console> | <console> | ||
nano | ###i## nano net.extbr0 | ||
</console> | </console> | ||
{{Fancynote| This will look quite similar. Please watch out for the correct slave setting!}} | |||
Now, edit <code>/etc/conf.d/net.extbr0</code>: | |||
<pre> | <pre> | ||
template="bridge" | template="bridge" | ||
Line 175: | Line 188: | ||
nameservers="10.0.1.1 10.0.1.2" | nameservers="10.0.1.1 10.0.1.2" | ||
domain="funtoo.org" | domain="funtoo.org" | ||
slaves=" | slaves="net.eth1" | ||
</pre> | </pre> | ||
This gives us the possibility to play around with various setups later, it's modular and easy to tweak and change. | This gives us the possibility to play around with various setups later, it's modular and easy to tweak and change. | ||
{{Fancytip| It is probably a good idea to try starting the interfaces with rc before rebooting.}} | |||
== Basic Networking with domU == | == Basic Networking with domU == | ||
Line 188: | Line 201: | ||
We edit the /etc/xen/xend-config.sxp | We edit the /etc/xen/xend-config.sxp | ||
<pre> | <pre> | ||
#### Xen config from maiwald.tk - Xen 4.x Network in bridge mode | #### Xen config from maiwald.tk - Xen 4.x Network in bridge mode | ||
Line 227: | Line 241: | ||
<console> | <console> | ||
# vgcreate vgxen /dev/sda3 | ###i## vgcreate vgxen /dev/sda3 | ||
# lvcreate -L10G -n funtoo_root vgxen | ###i## lvcreate -L10G -n funtoo_root vgxen | ||
# lvcreate -L1G -n funtoo_swap vgxen | ###i## lvcreate -L1G -n funtoo_swap vgxen | ||
# vgchange -a y | ###i## vgchange -a y | ||
# mkfs.ext4 -L funtoo_root /dev/vgxen/funtoo_root | ###i## mkfs.ext4 -L funtoo_root /dev/vgxen/funtoo_root | ||
# mkswap -L funtoo_swap /dev/vgxen/funtoo_swap | ###i## mkswap -L funtoo_swap /dev/vgxen/funtoo_swap | ||
# rc-update add lvm boot | ###i## rc-update add lvm boot | ||
</console> | </console> | ||
== Basic DomU System setup == | == Basic DomU System setup == | ||
=== mount domU lvm volume or physical partition or image file=== | === mount domU lvm volume or physical partition or image file=== | ||
<console># mkdir /mnt/domu1 | <console> | ||
# mount /dev/vgxen/funtoo_root /mnt/domu1 | ###i## mkdir /mnt/domu1 | ||
# cd /mnt/domu1 | ###i## mount /dev/vgxen/funtoo_root /mnt/domu1 | ||
###i## cd /mnt/domu1 | |||
</console> | </console> | ||
Line 245: | Line 260: | ||
from a funtoo mirror near you, I suggest you look at the funtoo homepage | from a funtoo mirror near you, I suggest you look at the funtoo homepage | ||
<console># links http://www.funtoo.org/wiki/Download </console> | <console> | ||
###i## links http://www.funtoo.org/wiki/Download </console> | |||
Then choose a mirror near you ( I use Heanet in EU ) and look for the right stage3. I use XEON CPUs so I take the core2 distrib: | Then choose a mirror near you ( I use Heanet in EU ) and look for the right stage3. I use XEON CPUs so I take the core2 distrib: | ||
<console># wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/x86-64bit/core2_64/stage3-latest.tar.xz </console> | <console> | ||
###i## wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/x86-64bit/core2_64/stage3-latest.tar.xz </console> | |||
=== | === Get latest portage tree from the snapshots directory === | ||
<console> | <console> | ||
# tar xpf stage3-current.tar.xz | ###i## wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/snapshots/portage-latest.tar.xz </console> | ||
=== Extract the stage3 === | |||
<console> | |||
###i## tar xpf stage3-current.tar.xz | |||
</console> | </console> | ||
=== | === Extract Portage === | ||
<console># cd usr | |||
# tar xf ../portage- | <console> | ||
###i## cd usr | |||
###i## tar xf ../portage-latest.tar.xz | |||
</console> | |||
== Preparing the chroot environment == | == Preparing the chroot environment == | ||
=== Editing the make.conf === | |||
copy the <code>/etc/portage/make.conf</code> from dom0 and adjust it: | |||
<console> | <console> | ||
# cp /etc/portage/make.conf /mnt/domu1/etc/ | ###i## cp /etc/portage/make.conf /mnt/domu1/etc/ | ||
</console> | </console> | ||
make sure to adjust MAKEOPTS to your assigned CPUs (rule of thumb cpu cores +1 - yes, even in XEN) | make sure to adjust MAKEOPTS to your assigned CPUs (rule of thumb: cpu cores +1 - yes, even in XEN) | ||
<console> | <console> | ||
# nano -w /mnt/domu1/etc/portage/make.conf | ###i## nano -w /mnt/domu1/etc/portage/make.conf | ||
</console> | </console> | ||
out there the MAKEOPTS variable in: | out there the MAKEOPTS variable in: | ||
<pre>MAKEOPTS="-j2"</pre> | <pre> | ||
MAKEOPTS="-j2" | |||
</pre> | |||
=== | === Copy <tt>/etc/resolv.conf</tt> === | ||
<console># cp -L /etc/resolv.conf /mnt/domu1/etc/ </console> | <console> | ||
###i## cp -L /etc/resolv.conf /mnt/domu1/etc/ | |||
</console> | |||
=== mount proc and dev === | === mount proc and dev === | ||
<console># mount -t proc none /mnt/domu1/proc | <console> | ||
# mount --rbind /dev /mnt/domu1/dev </console> | ###i## mount -t proc none /mnt/domu1/proc | ||
###i## mount --rbind /dev /mnt/domu1/dev | |||
</console> | |||
= Building Funtoo Xen Guest(s) DomU = | == Building Funtoo Xen Guest(s) DomU == | ||
== Final DomU System setup == | == Final DomU System setup == | ||
=== chroot === | === chroot === | ||
<console># chroot /mnt/domu1 /bin/bash | <console> | ||
# env-update | ###i## chroot /mnt/domu1 /bin/bash | ||
# source /etc/profile | ###i## env-update | ||
# export PS1="(domU-chroot) $PS1" </console> | ###i## source /etc/profile | ||
###i## export PS1="(domU-chroot) $PS1" | |||
</console> | |||
=== sync portage === | === sync portage === | ||
<console> | <console> | ||
# emerge --sync | ###i## emerge --sync | ||
</console> | </console> | ||
=== set locales === | === set locales === | ||
<console># nano -w /etc/locale.gen | <console> | ||
# locale-gen | ###i## nano -w /etc/locale.gen | ||
###i## locale-gen | |||
</console> | </console> | ||
=== | === Set your timezone === | ||
(choose your timezone in /usr/share/zoneinfo) | (choose your timezone in <tt>/usr/share/zoneinfo</tt>) | ||
<console># | <console> | ||
###i## ln -v -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime | |||
</console> | |||
=== | === Edit <tt>/etc/fstab</tt> (see also gentoo handbook as reference) === | ||
We assume that we name our root partition <tt>xvda1</tt> and the swap partition <tt>xvda2</tt> in our <tt>domU-xen-</tt> config (we will do that later) | |||
<console> | <console> | ||
# nano -w /etc/fstab</console> | ###i## nano -w /etc/fstab | ||
<pre>/dev/xvda1 / ext4 noatime 0 1 | </console> | ||
<pre> | |||
/dev/xvda1 / ext4 noatime 0 1 | |||
/dev/xvda2 none swap sw 0 0 | /dev/xvda2 none swap sw 0 0 | ||
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 | shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 | ||
</pre> | </pre> | ||
=== | === The most important stuff === | ||
Copy this into your terminal: | |||
<pre> | <pre> | ||
Line 348: | Line 383: | ||
So that's it - almost. | So that's it - almost. | ||
==== | ==== Adding networking to the domU: ==== | ||
<console> | <console> | ||
(domU-chroot) # cd /etc/init.d/ | (domU-chroot) ###i## cd /etc/init.d/ | ||
(domU-chroot) # ln -sf netif.tmpl | (domU-chroot) ###i## ln -sf netif.tmpl net.eth0 | ||
(domU-chroot) # rc-update add | (domU-chroot) ###i## rc-update add net.eth0 | ||
* service | * service net.eth0 added to runlevel sysinit | ||
</console> | </console> | ||
==== Now we are ready | ==== Now we are ready for the final setups ==== | ||
<console> | <console> | ||
(domU-chroot) # emerge eix | (domU-chroot) ###i## emerge eix | ||
(domU-chroot) ###i## eix-update | |||
(domU-chroot) # eix-update | |||
Reading Portage settings .. | Reading Portage settings .. | ||
Building database (/var/cache/eix) .. | Building database (/var/cache/eix) .. | ||
Line 378: | Line 409: | ||
</console> | </console> | ||
From here you have to decide how you want to run your domU: with unpriviledged users and sudo | From here you have to decide how you want to run your domU: with unpriviledged users and sudo or with a root account enabled or as a webserver or firewall. | ||
I always install the openssh server and just place my ssh keys in there. From there the steps differ. | |||
<console> | <console> | ||
(dom0-xen) # cp /root/.ssh/authorized_keys /mnt/domu1/root/.ssh/ | (dom0-xen) ###i## cp /root/.ssh/authorized_keys /mnt/domu1/root/.ssh/ | ||
</console> | </console> | ||
Also, don't forget | Also, don't forget to enable PubKeyAuth in your sshd_config in your domU and set <tt>PermitRootLogin</tt> to yes! | ||
Double checking | '''Double checking''': Does your domU use kernel modules or not? If you haven't built a monolitic kernel you should copy the modules from the dom0 to the domU now: | ||
<console> | <console> | ||
(dom0-xen) # mkdir /mnt/domu1/lib/modules | (dom0-xen) ###i## mkdir /mnt/domu1/lib/modules | ||
(dom0-xen) # rsync -aP /lib/modules/2.6.38-xen-maiwald.tk-dom0 /mnt/domu1/lib/modules/ | (dom0-xen) ###i## rsync -aP /lib/modules/2.6.38-xen-maiwald.tk-dom0 /mnt/domu1/lib/modules/ | ||
</console> | </console> | ||
Don't forget to clean up the mounts! | Don't forget to clean up the mounts! | ||
<console> | <console> | ||
(dom0-xen) # cd | (dom0-xen) ###i## cd | ||
(dom0-xen) # umount -l /mnt/domu1/proc | (dom0-xen) ###i## umount -l /mnt/domu1/proc | ||
(dom0-xen) # umount -l /mnt/domu1/dev | (dom0-xen) ###i## umount -l /mnt/domu1/dev | ||
(dom0-xen) # umount -l /mnt/domu1 | (dom0-xen) ###i## umount -l /mnt/domu1 | ||
</console> | </console> | ||
=== Booting the Xen DomU Guest === | === Booting the Xen DomU Guest === | ||
Line 411: | Line 438: | ||
<console> | <console> | ||
(dom0-xen) # cd /xen | (dom0-xen) ###i## cd /xen | ||
(dom0-xen) # xm create -c configs/funtoo.cfg | (dom0-xen) ###i## xm create -c configs/funtoo.cfg | ||
</console> | </console> | ||
Huuuuiiiii | Huuuuiiiii..... | ||
<pre> | <pre> | ||
Using config file "./configs/funtoo.cfg". | Using config file "./configs/funtoo.cfg". | ||
Line 692: | Line 719: | ||
localhost ~ # | localhost ~ # | ||
</console> | </console> | ||
Now switch back to the | Now switch back to the Funtoo [[Installation (Tutorial)|Installation Tutorial]] and go on with setting up your new domU guest like a normal funtoo linux system! | ||
'''Please consider | '''Please consider supporting this Wiki by editing this page and keeping it current!''' | ||
Funtoo is a perfect Xen Host and I | Funtoo is a perfect Xen Host and I recommend it to everybody as an alternative to .deb/.rpm Systems. | ||
Have fun! | Have fun! | ||
[[Category:Virtualization]] | [[Category:Virtualization]] | ||
Latest revision as of 15:52, April 9, 2017
Funtoo Xen Fun We are talking about Xen on Funtoo Linux and how to setup Xen virtualization properly. Especially, we are going to show you how much fun it is to work with Xen hosts and domU's and setting up a Funtoo Xen Server without general clicky GUI's or other frontends. This is true hardcore OS Xen setup especially for NOC server systems, headless servers, etc..
Funtoo Xen Server with paravirt funtoo domU
Assumptions We build a 64bit headless XEN hypervisor rockstable and rocket fast with a funtoo headless 64bit paravirt domU. We are not building Xen with pvgrub or hvm (which is kinda slow and overhead as long as you don't want to install Windows).
Buiding Funtoo Xen Host Dom0
Most of the necessary steps are covered in the Installation Tutorial. We only do outline here the steps that are necessary to enjoy an easy and successful Dom0 setup or if something differs from the normal installation tutorial.
Please, open in a second tab the Installation Tutorial and follow in both carefully the next steps!
Basic Funtoo Xen Host Dom0 setup
I recommend you use only stable packages for the host dom0 !
Please consider the decision carefully. I can't stress out enough, you will avoid a lot of problems taking the stable distrib as dom0. The domU guests could be either unstable or hardened, as you wish! There comes the true fun part ;-) That's why I first edit my make.conf befor building anything!
Here is how I set up the system basics: Disk is /dev/sda
/dev/sda1 is our / partition ca 20GB ext4 /dev/sda2 is our swap partition ca 4GB /dev/sda3 holds the lvm volume group vgxen
I am using volume groups over raid - which I strongly advice to everybody.
Store of xen stuff:
/etc/xen/ --> xend configuration files /xen/configs/ --> my xen domU configuration files folder /xen/kernel/ --> my xen domU kernel folder /xen/disks/ --> my xen domU image files folder
Edit /etc/rc.conf and uncomment the line at the bottom for rc_sys
rc_sys="xen0"
Configure and Build Xen Dom0 Kernel
root # emerge gentoo-sources root # cd /usr/src/linux root # make menuconfig
These settings are current as of 3.2.1-gentoo-r2, other versions may vary:
General setup ---> <*> Kernel .config support [*] Enable access to .config through /proc/config.gz Processor type and features ---> [*] Paravirtualized guest support ---> [*] Xen guest support Bus options (PCI etc.) ---> [*] Xen PCI Frontend [*] Networking support ---> Networking options ---> <*> 802.1d Ethernet Bridging Device Drivers ---> [*] Block devices (NEW) ---> <M> DRBD Distributed Replicated Block Device support < > Xen virtual block device support <*> Xen block-device backend driver Device Drivers ---> [*] Network device support ---> < > Xen network device frontend driver <*> Xen backend network device Device Drivers ---> Graphics support ---> -*- Support for frame buffer devices --- < > Xen virtual frame buffer support Device Drivers ---> Xen driver support ---> [*] Xen memory balloon driver (NEW) [*] Scrub pages before returning them to system (NEW) <*> Xen /dev/xen/evtchn device (NEW) [*] Backend driver support (NEW) <*> Xen filesystem (NEW) [*] Create compatibility mount point /proc/xen (NEW) [*] Create xen entries under /sys/hypervisor (NEW) <M> userspace grant access device driver (NEW) <M> User-space grant reference allocator driver (NEW) <M> xen platform pci device driver (NEW) File systems ---> < > Ext3 journalling file system support <*> The Extended 4 (ext4) filesystem [*] Use ext4 for ext2/ext3 file systems (NEW) [*] Ext4 extended attributes (NEW)
Don't forget to add the required drivers for your networking and sata cards. If you use RAID, make sure to add the correct CONFIG_MD_RAID* entries to your config.
root # make root # make modules_install
If you experience issues with connecting to the console ensure the module "xen_gntdev" (userspace grant access device driver) is loaded before the xenconsoled process is started (you may have to restart it after loading the module).
Configuring Grub
Work has been completed to automatically enable Xen Grub entries, so after you copy your dom0 kernel edit your /etc/boot.conf as follows:
"Funtoo on Xen" { type xen xenkernel xen.gz xenparams loglvl=all guest_loglvl=all xsave=1 iommu=1 iommu_inclusive_mapping=1 dom0_max_vcpus=2 dom0_vcpus_pin dom0_mem=4096M kernel kernel[-v] params += quiet }
iommu is the paravirtualized instructions, if your motherboard or CPU does not support VT-d do, not enable it. Xsave saves the supported CPU instruction sets -- without it you're dom0 kernel may not boot. dom0_vcpus_pin permanatly assigns cpu's to dom0 -- increasing performance.
Basic Networking with the Dom0
Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit."
We are going to set eth0 as the default interface to the outside world for now. eth1 will be part of a bridge (xenbr0) that is going to be used by various domU guests.
Construct the interfaces:
root # cd /etc/init.d/ root # ln -s netif.tmpl net.xenbr0 root # ln -s netif.tmpl net.extbr0 root # ln -s netif.tmpl net.eth0 root # ln -s netif.tmpl net.eth1 root # rc-update add net.xenbr0 sysinit root # rc-update add net.extbr0 sysinit
Make sure dhcpcd, eth0 and eth1 don't start at boot:
root # rc-update del dhcpcd sysinit root # rc-update del net.eth0 sysinit root # rc-update del net.eth1 sysinit
Configure the slave interfaces:
root # cd /etc/conf.d/ root # echo 'template="interface-noip"' > net.eth0 root # echo 'template="interface-noip"' > net.eth1
Now, we prepare the bridges:
root # nano net.xenbr0
here we set the internal Xen bridge by editing /etc/conf.d/net.xenbr0
:
template="bridge" ipaddr="10.0.1.200/24" gateway="10.0.1.1" nameservers="10.0.1.1 10.0.1.2" domain="funtoo.org" slaves="net.eth0"
Then, we set up the external interface:
root # nano net.extbr0
This will look quite similar. Please watch out for the correct slave setting!
Now, edit /etc/conf.d/net.extbr0
:
template="bridge" ipaddr="10.0.1.201/24" gateway="10.0.1.1" nameservers="10.0.1.1 10.0.1.2" domain="funtoo.org" slaves="net.eth1"
This gives us the possibility to play around with various setups later, it's modular and easy to tweak and change.
It is probably a good idea to try starting the interfaces with rc before rebooting.
Basic Networking with domU
The easiest way is to let Xen set up the networking. But if everything is up and running it is not possible to change the routings, etc. Letting Xen do the bridges will be obsolete in the near future. So this is not the recommended way anymore. As we already set up the bridges in the previous section it may be enough to comment everything network related. If not, just un-comment the last lines.
We edit the /etc/xen/xend-config.sxp
#### Xen config from maiwald.tk - Xen 4.x Network in bridge mode (logfile /var/log/xen/xend.log) (loglevel DEBUG) (xend-relocation-server no) (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$') # The limit (in kilobytes) on the size of the console buffer (console-limit 1024) (dom0-min-mem 384) (enable-dom0-ballooning no) (total_available_memory 0) (dom0-cpus 0) (vncpasswd 'geheim') # let xen create the net # (network-script network-bridge) # (vif-script vif-bridge) # we create the net - new default in Xen 4 # #(network-script 'network-bridge netdev=eth0 bridge=xenbr0 vifnum=0') #(vif-script vif-bridge bridge=xenbr0)
Building the Funtoo Xen DomU Container
We are going to build the DomU now, preparing first from outside the domU.
create lvm volume or partition or image file
This is a stub, please help completing this guide here!
root # vgcreate vgxen /dev/sda3 root # lvcreate -L10G -n funtoo_root vgxen root # lvcreate -L1G -n funtoo_swap vgxen root # vgchange -a y root # mkfs.ext4 -L funtoo_root /dev/vgxen/funtoo_root root # mkswap -L funtoo_swap /dev/vgxen/funtoo_swap root # rc-update add lvm boot
Basic DomU System setup
mount domU lvm volume or physical partition or image file
root # mkdir /mnt/domu1 root # mount /dev/vgxen/funtoo_root /mnt/domu1 root # cd /mnt/domu1
get stage3
from a funtoo mirror near you, I suggest you look at the funtoo homepage
root # links http://www.funtoo.org/wiki/Download
Then choose a mirror near you ( I use Heanet in EU ) and look for the right stage3. I use XEON CPUs so I take the core2 distrib:
root # wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/x86-64bit/core2_64/stage3-latest.tar.xz
Get latest portage tree from the snapshots directory
root # wget -cv http://ftp.heanet.ie/mirrors/funtoo/funtoo-stable/snapshots/portage-latest.tar.xz
Extract the stage3
root # tar xpf stage3-current.tar.xz
Extract Portage
root # cd usr root # tar xf ../portage-latest.tar.xz
Preparing the chroot environment
Editing the make.conf
copy the /etc/portage/make.conf
from dom0 and adjust it:
root # cp /etc/portage/make.conf /mnt/domu1/etc/
make sure to adjust MAKEOPTS to your assigned CPUs (rule of thumb: cpu cores +1 - yes, even in XEN)
root # nano -w /mnt/domu1/etc/portage/make.conf
out there the MAKEOPTS variable in:
MAKEOPTS="-j2"
Copy /etc/resolv.conf
root # cp -L /etc/resolv.conf /mnt/domu1/etc/
mount proc and dev
root # mount -t proc none /mnt/domu1/proc root # mount --rbind /dev /mnt/domu1/dev
Building Funtoo Xen Guest(s) DomU
Final DomU System setup
chroot
root # chroot /mnt/domu1 /bin/bash root # env-update root # source /etc/profile root # export PS1="(domU-chroot) $PS1"
sync portage
root # emerge --sync
set locales
root # nano -w /etc/locale.gen root # locale-gen
Set your timezone
(choose your timezone in /usr/share/zoneinfo)
root # ln -v -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
Edit /etc/fstab (see also gentoo handbook as reference)
We assume that we name our root partition xvda1 and the swap partition xvda2 in our domU-xen- config (we will do that later)
root # nano -w /etc/fstab
/dev/xvda1 / ext4 noatime 0 1 /dev/xvda2 none swap sw 0 0 shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
The most important stuff
Copy this into your terminal:
echo ' Larry loves Funtoo _________________________ < Have you mooed today? > ------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || .::::::::::::::: WELCOME TO ^^^^^^^^^^^^^^^^^^^:::::::::::::.. ............................................................... :########:'##::::'##:'##::: ##:'########::'#######:::'#######::. :##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##:: :##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##:: :######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##:: :##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##:: :##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##:: :##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′ .::::::::::.......:::..::::..:::::..::::::.......::::.......::´ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . '> /etc/motd
We are using the echo instead of „emerge --moo „ as larry still moo's in gentoo'ish
So that's it - almost.
Adding networking to the domU:
(domU-chroot) # cd /etc/init.d/ (domU-chroot) # ln -sf netif.tmpl net.eth0 (domU-chroot) # rc-update add net.eth0 * service net.eth0 added to runlevel sysinit
Now we are ready for the final setups
(domU-chroot) # emerge eix (domU-chroot) # eix-update Reading Portage settings .. Building database (/var/cache/eix) .. [0] "gentoo" /usr/portage/ (cache: metadata-md5-or-flat) Reading category 154|154 (100%) Finished Applying masks .. Calculating hash tables .. Writing database file /var/cache/eix .. Database contains 15729 packages in 154 categories. (domU-chroot) # exit exit
From here you have to decide how you want to run your domU: with unpriviledged users and sudo or with a root account enabled or as a webserver or firewall.
I always install the openssh server and just place my ssh keys in there. From there the steps differ.
(dom0-xen) # cp /root/.ssh/authorized_keys /mnt/domu1/root/.ssh/
Also, don't forget to enable PubKeyAuth in your sshd_config in your domU and set PermitRootLogin to yes!
Double checking: Does your domU use kernel modules or not? If you haven't built a monolitic kernel you should copy the modules from the dom0 to the domU now:
(dom0-xen) # mkdir /mnt/domu1/lib/modules (dom0-xen) # rsync -aP /lib/modules/2.6.38-xen-maiwald.tk-dom0 /mnt/domu1/lib/modules/
Don't forget to clean up the mounts!
(dom0-xen) # cd (dom0-xen) # umount -l /mnt/domu1/proc (dom0-xen) # umount -l /mnt/domu1/dev (dom0-xen) # umount -l /mnt/domu1
Booting the Xen DomU Guest
Ok, let's try the first boot of the newly created Xen DomU in Funtoo!
(dom0-xen) # cd /xen (dom0-xen) # xm create -c configs/funtoo.cfg
Huuuuiiiii.....
Using config file "./configs/funtoo.cfg". Started domain funtoo (id=4) [ 0.000000] Linux version 2.6.38-xen-maiwald.tk-domU (root@xen) (gcc version 4.4.5 (Gentoo 4.4.5 p1.0, pie-0.4.5) ) #4 SMP Wed Feb 8 17:30:33 CET 2012 [ 0.000000] Command line: root=/dev/xvda1 ro ip=217.x.x.211:127.0.255.255:217.x.x.1:255.255.255.0:domU:eth0:off xencons=tty console=xvc0 raid=noautodetect [ 0.000000] Xen-provided physical RAM map: [ 0.000000] Xen: 0000000000000000 - 0000000040800000 (usable) [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] last_pfn = 0x40800 max_arch_pfn = 0x80000000 [ 0.000000] init_memory_mapping: 0000000000000000-0000000040800000 [ 0.000000] Zone PFN ranges: [ 0.000000] DMA 0x00000000 -> 0x00001000 [ 0.000000] DMA32 0x00001000 -> 0x00100000 [ 0.000000] Normal empty [ 0.000000] Movable zone start PFN for each node [ 0.000000] early_node_map[2] active PFN ranges [ 0.000000] 0: 0x00000000 -> 0x00040000 [ 0.000000] 0: 0x00040800 -> 0x00040800 [ 0.000000] setup_percpu: NR_CPUS:16 nr_cpumask_bits:16 nr_cpu_ids:1 nr_node_ids:1 [ 0.000000] PERCPU: Embedded 18 pages/cpu @ffff88003efc0000 s42304 r8192 d23232 u73728 [ 0.000000] Swapping MFNs for PFN 6d6 and 3efc7 (MFN 15deb0 and 1223bf) [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 256109 [ 0.000000] Kernel command line: root=/dev/xvda1 ro ip=217.171.190.211:127.0.255.255:217.171.190.1:255.255.255.0:alyx1:eth0:off xencons=tty console=xvc0 raid=noautodetect [ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes) [ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes) [ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes) [ 0.000000] Software IO TLB disabled [ 0.000000] Memory: 1022732k/1056768k available (3657k kernel code, 8192k absent, 25844k reserved, 1261k data, 264k init) [ 0.000000] SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 [ 0.000000] Hierarchical RCU implementation. [ 0.000000] NR_IRQS:96 [ 0.000000] Xen reported: 2992.570 MHz processor. [ 0.000000] Console: colour dummy device 80x25 [ 0.000000] console [tty-1] enabled [ 0.150003] Calibrating delay using timer specific routine.. 6018.63 BogoMIPS (lpj=30093193) [ 0.150008] pid_max: default: 32768 minimum: 301 [ 0.150034] Mount-cache hash table entries: 256 [ 0.150173] SMP alternatives: switching to UP code [ 0.170232] Freeing SMP alternatives: 20k freed [ 0.170342] Brought up 1 CPUs [ 0.170377] devtmpfs: initialized [ 0.170601] xor: automatically using best checksumming function: generic_sse [ 0.220004] generic_sse: 7325.200 MB/sec [ 0.220008] xor: using function: generic_sse (7325.200 MB/sec) [ 0.220091] NET: Registered protocol family 16 [ 0.220186] Brought up 1 CPUs [ 0.220217] bio: create slab <bio-0> at 0 [ 0.390014] raid6: int64x1 2353 MB/s [ 0.560003] raid6: int64x2 2964 MB/s [ 0.730026] raid6: int64x4 2357 MB/s [ 0.900012] raid6: int64x8 2116 MB/s [ 1.070007] raid6: sse2x1 5349 MB/s [ 1.240009] raid6: sse2x2 5404 MB/s [ 1.410005] raid6: sse2x4 8597 MB/s [ 1.410008] raid6: using algorithm sse2x4 (8597 MB/s) [ 1.410022] suspend: event channel 6 [ 1.410022] xen_mem: Initialising balloon driver. [ 1.410096] Switching to clocksource xen [ 1.410125] FS-Cache: Loaded [ 1.410152] CacheFiles: Loaded [ 1.410268] NET: Registered protocol family 2 [ 1.410288] IP route cache hash table entries: 32768 (order: 6, 262144 bytes) [ 1.410391] TCP established hash table entries: 131072 (order: 9, 2097152 bytes) [ 1.410951] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes) [ 1.411180] TCP: Hash tables configured (established 131072 bind 65536) [ 1.411183] TCP reno registered [ 1.411186] UDP hash table entries: 512 (order: 2, 16384 bytes) [ 1.411192] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes) [ 1.411229] NET: Registered protocol family 1 [ 1.411290] platform rtc_cmos: registered platform RTC device (no PNP device found) [ 1.411401] Intel AES-NI instructions are not detected. [ 1.411437] audit: initializing netlink socket (disabled) [ 1.411444] type=2000 audit(1330014455.606:1): initialized [ 1.412612] fuse init (API version 7.16) [ 1.412674] msgmni has been set to 2048 [ 1.412990] NET: Registered protocol family 38 [ 1.413018] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253) [ 1.413024] io scheduler noop registered (default) [ 1.413026] io scheduler deadline registered [ 1.413049] io scheduler cfq registered [ 1.413079] Non-volatile memory driver v1.3 [ 1.413088] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds). [ 1.413090] Hangcheck: Using getrawmonotonic(). [ 1.419520] Switched to NOHz mode on CPU #0 [ 1.423394] brd: module loaded [ 1.423665] loop: module loaded [ 1.423771] nbd: registered device at major 43 [ 1.426180] Xen virtual console successfully installed as tty1 [ 1.426216] Event-channel device installed. [ 1.441658] netfront: Initialising virtual ethernet driver. [ 1.444972] xen-vbd: registered block device major 202 [ 1.444988] blkfront: xvda1: barriers enabled [ 1.450287] Setting capacity to 20971520 [ 1.450294] xvda1: detected capacity change from 0 to 10737418240 [ 1.450677] blkfront: xvda2: barriers enabled [ 1.451661] Setting capacity to 2097152 [ 1.451665] xvda2: detected capacity change from 0 to 1073741824 [ 1.452020] bonding: Ethernet Channel Bonding Driver: v3.7.0 (June 2, 2010) [ 1.452023] bonding: Warning: either miimon or arp_interval and arp_ip_target module parameters must be specified, otherwise bonding will not detect link failures! see bonding.txt for details. [ 1.453016] i8042: No controller found [ 1.453066] mousedev: PS/2 mouse device common for all mice [ 1.453113] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0 [ 1.453145] rtc_cmos: probe of rtc_cmos failed with error -38 [ 1.453155] md: linear personality registered for level -1 [ 1.453158] md: raid0 personality registered for level 0 [ 1.453161] md: raid1 personality registered for level 1 [ 1.453163] md: raid6 personality registered for level 6 [ 1.453166] md: raid5 personality registered for level 5 [ 1.453168] md: raid4 personality registered for level 4 [ 1.453224] device-mapper: uevent: version 1.0.3 [ 1.453273] device-mapper: ioctl: 4.19.1-ioctl (2011-01-07) initialised: dm-devel@redhat.com [ 1.453340] device-mapper: multipath: version 1.2.0 loaded [ 1.453343] device-mapper: multipath round-robin: version 1.0.0 loaded [ 1.453345] device-mapper: multipath queue-length: version 0.1.0 loaded [ 1.453347] device-mapper: multipath service-time: version 0.2.0 loaded [ 1.453396] Netfilter messages via NETLINK v0.30. [ 1.453410] nf_conntrack version 0.5.0 (8192 buckets, 32768 max) [ 1.453478] ctnetlink v0.93: registering with nfnetlink. [ 1.453486] IPv4 over IPv4 tunneling driver [ 1.453548] TCP westwood registered [ 1.453550] TCP highspeed registered [ 1.453552] TCP htcp registered [ 1.453553] TCP vegas registered [ 1.453555] Initializing XFRM netlink socket [ 1.453630] NET: Registered protocol family 10 [ 1.453803] IPv6 over IPv4 tunneling driver [ 1.453863] NET: Registered protocol family 17 [ 1.453868] NET: Registered protocol family 15 [ 1.453870] Registering the dns_resolver key type [ 1.550094] /usr/src/linux-2.6.38-xen/drivers/rtc/hctosys.c: unable to open rtc device (rtc0) [ 3.070104] IP-Config: Complete: [ 3.070109] device=eth0, addr=217.171.190.211, mask=255.255.255.0, gw=217.171.190.1, [ 3.070116] host=alyx1, domain=, nis-domain=(none), [ 3.070119] bootserver=127.0.255.255, rootserver=127.0.255.255, rootpath= [ 3.070212] md: Skipping autodetection of RAID arrays. (raid=autodetect will force) [ 3.107309] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: (null) [ 3.107321] VFS: Mounted root (ext2 filesystem) readonly on device 202:1. [ 3.140059] devtmpfs: mounted [ 3.140239] Freeing unused kernel memory: 264k freed INIT: version 2.88 booting OpenRC 0.8.3 is starting up Funtoo Linux (x86_64) * Mounting /proc ... [ ok ] * WARNING: rc_sys not defined in rc.conf. Falling back to automatic detection * Caching service dependencies ... [ ok ] * Mounting /sys ... [ ok ] * udev: /dev already mounted, skipping... * Mounting /dev/pts ... [ ok ] * Mounting /dev/shm ... [ ok ] * Bringing up network interface lo ... RTNETLINK answers: File exists [ ok ] * Bringing up network interface lo ... RTNETLINK answers: File exists RTNETLINK answers: File exists [ ok ] * Starting udevd daemon ... * Populating /dev with existing devices through uevents ... [ ok ] * Autoloaded 0 module(s) * Checking local filesystems ... funtoo_root: Superblock last write time is in the future. (by less than a day, probably due to the hardware clock being incorrectly set). FIXED. funtoo_root: clean, 173796/655360 files, 436917/2621440 blocks [ ok ] * Remounting root filesystem read/write ... [ ok ] * Updating /etc/mtab ... [ ok ] * Mounting local filesystems ... [ ok ] * Configuring kernel parameters ... [ ok ] * Creating user login records ... [ ok ] * Cleaning /var/run ... [ ok ] * Wiping /tmp directory ... [ ok ] * Setting hostname to localhost ... [ ok ] * Activating swap devices ... [ ok ] * udev: storing persistent rules ... [ ok ] * Initializing random number generator ... [ ok ] INIT: Entering runlevel: 3 * Mounting network filesystems ... [ ok ] * Generating dsa host key ... Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: 25:e0:a8:05:xxxxxxxxxxxx:1c:1f:ba root@localhost The key's randomart image is: +--[ DSA 1024]----+ | ooo.B.o | | o o *.B o . | | . + + = = | | o + * | | . E S | | | | | | | | | +-----------------+ [ ok ] * Generating rsa host key ... Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: 22:e3:46:28:67:xxxxxxxxxxxxxxxxxxxxx:e5:c3 root@localhost The key's randomart image is: +--[ RSA 2048]----+ |. o. .. | |oo o ..o | |=oo o E | |.*oo. . | |o *.+ . S | | + o o . | | o | | . | | | +-----------------+ [ ok ] * Starting sshd ... [ ok ] * Starting local [ ok ] Larry loves Funtoo _________________________ < Have you mooed today? > ------------------------- ^__^ (oo)_______ (__) )/ ||----w | || || .::::::::::::::::::::: WELCOME TO ::::::::::::::::::::::::::.. ............................................................... :########:'##::::'##:'##::: ##:'########::'#######:::'#######::. :##.....:: ##:::: ##: ###:: ##:... ##..::'##.... ##:'##.... ##:: :##::::::: ##:::: ##: ####: ##:::: ##:::: ##:::: ##: ##:::: ##:: :######::: ##:::: ##: ## ## ##:::: ##:::: ##:::: ##: ##:::: ##:: :##...:::: ##:::: ##: ##. ####:::: ##:::: ##:::: ##: ##:::: ##:: :##::::::: ##:::: ##: ##:. ###:::: ##:::: ##:::: ##: ##:::: ##:: :##:::::::. #######:: ##::. ##:::: ##::::. #######::. #######::′ .::::::::::.......:::..::::..:::::..::::::.......::::.......::´ This is localhost.unknown_domain (Linux x86_64 2.6.38-xen-maiwald.tk-domU) 17:27:40 localhost login:
Finalizing the setup
Now we test if we can reach the DomU from our Desktop:
(2034)-~% ssh -lroot 217.x.x.211 The authenticity of host '217.x.x.211 (217.x.x.211)' can't be established. RSA key fingerprint is 22:e3:xxxxxxxx:b0:3c:xxxxx:d6:e5:c3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '217.x.x.211' (RSA) to the list of known hosts. Enter passphrase for key '/home/mm/.ssh/id_rsa': localhost ~ # uname -a Linux localhost 2.6.38-xen-maiwald.tk-domU #4 SMP Wed Feb 8 17:30:33 CET 2012 x86_64 Intel(R) Xeon(R) CPU E3110 @ 3.00GHz GenuineIntel GNU/Linux localhost ~ #
Now switch back to the Funtoo Installation Tutorial and go on with setting up your new domU guest like a normal funtoo linux system!
Please consider supporting this Wiki by editing this page and keeping it current!
Funtoo is a perfect Xen Host and I recommend it to everybody as an alternative to .deb/.rpm Systems.
Have fun!