INTRODUCTION

                                                                                                                                                                                                            XEN-Logo-Mockup-v2                                                                                

Xen lets you create guest operating systems , so called “virtual machines” , under a host operating system . Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers’ web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it’s more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.

I will use CentOS 6.3 (x86_64) for both the host OS  and the guest OS.

INSTALLATION

Make sure that SELinux is disabled or permissive

#vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing – SELinux security policy is enforced.

#  permissive – SELinux prints warnings instead of enforcing.

#  disabled – SELinux is fully disabled.

SELINUX=disabled

# SELINUXTYPE= type of policy in use. Possible values are:

#  targeted – Only targeted network daemons are protected.

#  strict – Full SELinux protection

SELINUXTYPE=targeted

If you had to modify /etc/sysconfig/selinux, please reboot the system

#reboot

We need to set up a network bridge on our server so that our virtual machines can be accessed from other hosts as if they were physical systems in the network.

To do this, we install the package bridge-utils

#yum install bridge-utils

and configure a bridge. Create the file /etc/sysconfig/network-scripts/ifcfg-br0 (please use the IPADDR, PREFIX, GATEWAY,  values from the/etc/sysconfig/network-scripts/ifcfg-eth0 file); make sure you use TYPE=Bridge, not TYPE=Ethernet

#vi /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=”br0″

NM_CONTROLLED=”yes”

ONBOOT=yes

TYPE=Bridge

BOOTPROTO=none

IPADDR=192.168.31.1

PREFIX=24

GATEWAY=192.168.31.1

DEFROUTE=yes

IPV4_FAILURE_FATAL=yes

IPV6INIT=no

NAME=”System br0″

Modify /etc/sysconfig/network-scripts/ifcfg-eth0 as follows (comment out BOOTPROTO, IPADDR, PREFIX, GATEWAY and add BRIDGE=br0)

#vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=”eth0″

#BOOTPROTO=none

NM_CONTROLLED=”yes”

ONBOOT=yes

TYPE=”Ethernet”

UUID=”73cb0b12-1f42-49b0-ad69-731e888276ff”

HWADDR=44:37:E6:26:E6:4F

#IPADDR=192.168.31.1

#PREFIX=24

#GATEWAY=192.168.31.1

DEFROUTE=yes

IPV4_FAILURE_FATAL=yes

IPV6INIT=no

NAME=”System eth0″

BRIDGE=br0

Restart the network

#/etc/init.d/network restart

run

#ifconfig

It should now show the network bridge (br0)

1

2

[root@sathish~]# ifconfig
br0       Link encap:Ethernet  HWaddr 00:1E:90:F3:F0:02
inet addr:192.168.31.1 Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::21e:90ff:fef3:f002/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:460 (460.0 b)  TX bytes:2298 (2.2 KiB)

eth0      Link encap:Ethernet  HWaddr 00:1E:90:F3:F0:02
inet6 addr: fe80::21e:90ff:fef3:f002/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:18455 errors:0 dropped:0 overruns:0 frame:0
TX packets:11861 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26163057 (24.9 MiB)  TX bytes:1100370 (1.0 MiB)
Interrupt:25 Base address:0xe000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2456 (2.3 KiB)  TX bytes:2456 (2.3 KiB)

3

 INSTALLING XEN

First check if your CPU supports hardware virtualization – if this is the case, the command

#egrep ‘(vmx|svm)’ –color=always /proc/cpuinfo

flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall
nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy misalignsse
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall
nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm extapic cr8_legacy misalignsse
If nothing is displayed, then your processor doesn’t support hardware virtualization. This means you can use only paravirtualization with Xen, but not hardware virtualization.

4

As CentOS 6 is based on RedHat 6, and RedHat has dropped support for Xen in version 6, we need to get Xen from a third-party repository. We can enable the repo as follows:

To install Xen, we now simply run

#yum install kernel-xen xen

This installs Xen and a Xen kernel on our CentOS system.

Before we can boot the system with the Xen kernel, please check your GRUB bootloader configuration. We open /boot/grub/menu.lst

#vi /boot/grub/menu.lst

title CentOS (2.6.32.57-2.el6xen.x86_64)

root (hd0,0)

kernel /vmlinuz-2.6.32.57-2.el6xen.x86_64 ro root=/dev/mapper/vg_www-lv_root   rd_NO_LUKS LANG=en_US.UTF-8  rd_NO_MD  SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc   KEYTABLE=de rd_LVM_LV=vg_www/lv_swap rd_LVM_LV=vg_www/lv_root   rd_NO_DM   rhgb   quiet

initrd /initramfs-2.6.32.57-2.el6xen.x86_64.img

We need to modify that section so that the Xen hypervisor gets loaded first. In the kernel /vmlinuz… line, replace the first word kernel with module. Do the same in the next line – replace the first word initrd with module in the initrd /initramfs… line. Then add the line kernel /xen.gz dom0_mem=1024M    cpufreq=xen dom0_max_vcpus=1     dom0_vcpus_pin after the root line and before the first module line (if you have more than one CPU core, you can specify another number than 1 for dom0_max_vcpus). The final kernel section should look like this:

title CentOS (2.6.32.57-2.el6xen.x86_64)

root (hd0,0)

kernel /xen.gz dom0_mem=1024M cpufreq=xen dom0_max_vcpus=1 dom0_vcpus_pin

module /vmlinuz-2.6.32.57-2.el6xen.x86_64 ro root=/dev/mapper/vg_www-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=de rd_LVM_LV=vg_www/lv_swap rd_LVM_LV=vg_www/lv_root rd_NO_DM rhgb quiet

module /initramfs-2.6.32.57-2.el6xen.x86_64.img

Change the value of default to 0 (so that the first kernel (the Xen kernel) will be booted by default)

5

Before we reboot, we install the libvirt and python-virtinst (which contains the virt-install tool which we will use later on to install Xen VMs) packages

#yum install libvirt python-virtinst

Because the libvirt package from CentOS 6/RedHat 6 has no support for Xen, we must rebuild it with Xen support. To do this, we install a few prerequisites now

#yum groupinstall ‘Development Tools’

#yum install python-devel xen-devel libxml2-devel xhtml1-dtds readline-devel ncurses-devel libtasn1-devel gnutls-devel augeas libudev-devel libpciaccess-devel yajl-devel sanlock-devel libpcap-devel libnl-devel avahi-devel libselinux-devel cyrus-sasl-devel parted-devel device-mapper-devel numactl-devel libcap-ng-devel netcf-devel libcurl-devel audit-libs-devel systemtap-sdt-devel libblkid-devel scrub

Let’s find out our libvirt version:

# rpm -qa | grep libvirt
libvirt-client-0.9.10-21.el6_3.3.x86_64

libvirt-0.9.10-21.el6_3.3.x86_64

libvirt-python-0.9.10-21.el6_3.3.x86_64

It’s 0.9.10, so we download the appropriate src.rpm package into /root/src and install it

#mkdir /root/src
#cd /root/src
#wget http://vault.centos.org/6.3/os/Source/SPackages/libvirt-0.9.10-21.el6.src.rpm
#rpm -i libvirt-0.9.10-21.el6.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root

Next we patch Xen support into the libvirt sources

#wget http://pasik.reaktio.net/xen/patches/libvirt-spec-rhel6-enable-xen.patch
#cd /root/rpmbuild/SPECS
#cp -a libvirt.spec libvirt.spec.orig
#patch -p0 < ~/src/libvirt-spec-rhel6-enable-xen.patch

Now we build a new libvirt package:

#rpmbuild -bb libvirt.spec

Go to the directory where the new packages have been created (/root/rpmbuild/RPMS/x86_64/ in this case)

#cd /root/rpmbuild/RPMS/x86_64/

and install the new libvirt packages (with Xen support) as follows

#rpm -Uvh –force libvirt-0.9.10-21.el6.x86_64.rpm libvirt-client-0.9.10-21.el6.x86_64.rpm libvirt-python-0.9.10-21.el6.x86_64.rpm

Afterwards, we reboot the system:

#reboot

The system should now automatically boot the new Xen kernel. After the system has booted, we can check that by running

#uname -r

We can now run

#xm list

Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0  1024     1     r—–     32.4

Instead of using the xm command, I will from now on use the virsh command to manage Xen VMs. This is the preferred way as we are using libvirt.

#virsh list

 Id    Name                           State
—————————————————-
0     Domain-0                       running

6