Difference between revisions of "Fedora 13 Xen 4 Tutorial"

This page is marked out-of-date. Both Fedora 13, and Xen 4.0.1 are out-of-date

This is a step-by-step tutorial how to install Xen hypervisor 4.0.1 and the long-term maintained Linux pvops dom0 kernel 2.6.32.x on Fedora 13 (x86_64) Linux.

As a default Fedora 13 includes Xen 3.4.3 RPMs, but this tutorial explains how to install the newer Xen 4.0.1 version by downloading the RPMs from Fedora Koji.

Additionally, this tutorial will also cover the installation of a PVops dom0 kernel.

Note that this tutorial disables various security features to make sure everything works well without unexpected problems! After getting everything to work OK you should enable SElinux, iptables firewall etc. Follow this tutorial step-by-step and you'll get a working system.

The steps below also work for Fedora 14. Fedora 14 includes Xen 4.0.2 rpm binaries in the default repositories.

Hardware used in this tutorial:

• Intel Core2 Quad CPU.
• 8 GB of RAM.
• SATA harddisk (AHCI mode).
• DVDROM drive.
• Intel NIC (e1000), DHCP for Internet access.

For generic information about Xen 4.0 release please see Xen4.0 wiki page.

This tutorial is verified to work on 30th of October 2010.

Installing Fedora 13

Get Fedora, whether by burning a CD/DVD, running it from a USB drive, or doing a network install. You can follow the official Fedora Guide, available here for more information.

The installation is straight forward. There are no Xen specific options that have to be selected at install time, other than setting up your hard drive(s) for later use. Ideally, you should choose the "Minimal Installation" option, though it's not strictly necessary. These instructions are just guidelines, and don't have to be strictly adhered to. Feel free to modify them as necessary.

In general:

• Make /boot partition the primary (first) partition and choose "ext3" (not "ext4") as the filesystem type
• Make /boot big, say 2 GB, to fit all the development debug-enabled kernels and big initrd-images caused by debug-enabled kernel modules.
• With the rest of the space on the drive, create a second partition and format it as LVM PV (Physical Volume)
• Create a LVM Volume Group on your newly created LVM PV.
• Then create a new logical volume on the new volume group, and assign it the mount point / (the root). It should be at least 40 GB to fit all the development tools and source trees. The type of filesystem isn't important, though it's unlikely you'll need to change the default - ext4.
• Create a swap partition logical volume on the volume group as well.
• Important note about LVM volume group setup: You should leave free space in the LVM volume group for storing guest virtual disks!! If you don't do this, you'll need to find an alternate location to store the guest virtual disks.
• See this F13 installer screenshot for disk partitioning and LVM setup example:

Configuration after installation

After the installation login as "root" from the console.

Enable automatic start of networking and start the network (it's disabled by default in favor of NetworkManager):

# chkconfig network on
# chkconfig NetworkManager off
# /etc/init.d/network start

After starting the network you can log in from the network using SSH, if you prefer remotely configuring and setting up things. Use "ifconfig" to check the IP of the newly installed system (if using DHCP).

Then we continue and install some commonly used and needed tools:

# yum install screen vim wget tcpdump ntp ntpdate man smartmontools ethtool

Enable and start ntpd to keep time synchronized:

# chkconfig ntpd on
# chkconfig ntpdate on
# /etc/init.d/ntpdate start
# /etc/init.d/ntpd start

As a default (in F13) you don't get to choose the kernel - grub menu will be skipped. So you'll need to fix the timeout to be able to choose which kernel to boot during system startup.

Edit "/boot/grub/grub.conf" and modify "timeout=10" and comment out the "hiddenmenu" option, so it'll look like:

#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
#hiddenmenu
title Fedora (2.6.33.3-85.fc13.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.33.3-85.fc13.x86_64 ro root=/dev/mapper/vg_f13-lvroot rd_LVM_LV=vg_f13/lvroot rd_LVM_LV=vg_f13/lvswap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fi rhgb quiet
        initrd /initramfs-2.6.33.3-85.fc13.x86_64.img

SELinux doesn't play too well with Xen, and we want to make sure we don't get problems from too strict selinux policies at this point. So edit "/etc/selinux/config" and disable SELinux:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

We're going to be connecting to the dom0 by SSH/VNC for remote domU installs, so disable the Fedora default iptables firewall for now: (Properly configuring the firewall is out of scope for this tutorial, but it is recommended.)

# /etc/init.d/iptables stop
# chkconfig iptables off

Next, disable ksmtuned so that it won't flood the console with errors (it's not compatible with Xen currently):

# /etc/init.d/ksmtuned stop
# chkconfig ksmtuned off

If you're going to use X11 forwarding over ssh session, install "xorg-x11-xauth"

# yum install xorg-x11-xauth

Install the latest Fedora package updates, any security fixes, etc:

# yum update

And at this point it's best to reboot the system, to get the newest kernel in use, and make sure everything works so far.

# reboot

After the system reboots it's good to verify the firewall got disabled properly and there are no iptables rules in use anymore:

# iptables -L -n -v
Chain INPUT (policy ACCEPT 99 packets, 11467 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 97 packets, 9805 bytes)
 pkts bytes target     prot opt in     out     source               destination

Also verify SElinux is disabled:

# getenforce
Disabled

Now all the basic setup is done and you can move forward.

Installing Xen 4

For Fedora 14 (and later), RPMs are pre-compiled and included in the Fedora repos. As such, it is possible to do yum install xen to get all the necessary xen components.

For Fedora 13, the latest and greatest updates for all versions of Fedora are available for download directly from Fedora Koji. In theory, the RPMs built for later distributions (ie Fedora 15) can work with Fedora 13/14 - however, this has not been tested. Instead, download the RPMs built for Fedora 14, then do a

yum localinstall *.rpm

If you want to download & compile Xen yourself, see Compiling Xen for a step by step guide.

Download or compile Linux 2.6.32.x pvops Xen dom0 kernel

For more information about pvops dom0 kernels and why it's necessary to use a special kernel, please see XenParavirtOps wiki page.

The easiest way to get the kernel is to download a pre-built "xendom0" kernel rpm. You can get them from Fedora developer M A Young's site:

• http://repos.fedorapeople.org/repos/myoung/dom0-kernel/

As of 14th Apr 2011, the compiled kernels were last updated on 3rd May 2011, and were built for Fedora 13 according to the filename. However, they should work on Fedora 14. You can compile the kernel yourself to get the latest updates, or choose to download the kernel RPMs.

Prepare to reboot into Xen

First we have to set up a new grub entry to boot the Xen hypervisor with the pvops dom0 kernel. We do so by editing "/boot/grub/grub.conf" to make it look like this:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/vg_f13-lvroot
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
#hiddenmenu
title Fedora (2.6.33.6-147.2.4.fc13.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.33.6-147.2.4.fc13.x86_64 ro root=/dev/mapper/vg_f13-lvroot rd_LVM_LV=vg_f13/lvroot rd_LVM_LV=vg_f13/lvswap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fi rhgb quiet
        initrd /initramfs-2.6.33.6-147.2.4.fc13.x86_64.img
title Fedora (2.6.33.3-85.fc13.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.33.3-85.fc13.x86_64 ro root=/dev/mapper/vg_f13-lvroot rd_LVM_LV=vg_f13/lvroot rd_LVM_LV=vg_f13/lvswap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fi rhgb quiet
        initrd /initramfs-2.6.33.3-85.fc13.x86_64.img
title Fedora Xen 4.0 with Linux 2.6.32.25 pvops dom0
        root (hd0,0)
        kernel /xen.gz dom0_mem=1024M loglvl=all guest_loglvl=all
        module /vmlinuz-2.6.32.25 ro root=/dev/mapper/vg_f13-lvroot nomodeset
        module /initramfs-2.6.32.25.img

Note the last entry: The kernel you're booting is actually Xen, and we're using the 'module' keywords to tell Xen to start the actual kernel and initrd once Xen starts up.

Important: Make sure the "root=/dev/something/here" parameter matches what you have for the normal Fedora kernel entries! If they don't match, your system will not boot.

Finally, verify that Xen services/daemons are properly configured to start automatically:

# chkconfig --list | grep xen
xenconsoled     0:off   1:off   2:off   3:on    4:on    5:on    6:off
xend            0:off   1:off   2:off   3:on    4:on    5:on    6:off
xendomains      0:off   1:off   2:off   3:on    4:on    5:on    6:off
xenstored       0:off   1:off   2:off   3:on    4:on    5:on    6:off

And now you're ready to reboot into Xen.

# reboot

Remember: When the system restarts select the Xen entry from Grub boot menu! We haven't changed the default grub entry yet.

Verifying the Xen setup after reboot

When your system is done rebooting log in as root and run the following commands to verify everything is working properly.

Check that the Xen hypervisor is running by asking it for information:

[root@f13 ~]# xm info
host                   : f13.localdomain
release                : 2.6.32.25
version                : #3 SMP Sat Oct 30 15:24:53 EEST 2010
machine                : x86_64
nr_cpus                : 4
nr_nodes               : 1
cores_per_socket       : 4
threads_per_core       : 1
cpu_mhz                : 2826
hw_caps                : bfebfbff:20100800:00000000:00000940:0408e3fd:00000000:00000001:00000000
virt_caps              : hvm
total_memory           : 8190
free_memory            : 7076
node_to_cpu            : node0:0-3
node_to_memory         : node0:7076
node_to_dma32_mem      : node0:3259
max_node_id            : 0
xen_major              : 4
xen_minor              : 0
xen_extra              : .1
xen_caps               : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64
xen_scheduler          : credit
xen_pagesize           : 4096
platform_params        : virt_start=0xffff800000000000
xen_changeset          : unavailable
xen_commandline        : dom0_mem=1024M loglvl=all guest_loglvl=all
cc_compiler            : gcc version 4.4.4 20100630 (Red Hat 4.4.4-10) (GCC)
cc_compile_by          : root
cc_compile_domain      :
cc_compile_date        : Sat Oct 16 00:13:54 EEST 2010
xend_config_format     : 4

Check the list of running domUs:

# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0  1017     4     r-----     23.1

Make sure the "Mem" field for Domain-0 is around the same amount that you specified in grub.conf in "dom0_mem" parameter.

Finally, check the dom0 Linux kernel version:

# uname -a
Linux f13.localdomain 2.6.32.25 #3 SMP Sat Oct 30 15:24:53 EEST 2010 x86_64 x86_64 x86_64 GNU/Linux

The basic setup is now done. You should now go back to the grub menu file and change the default=0 line to read default=2 (or whatever line your new entry is at) to automatically boot into Xen.

Installing libvirtd and graphical virt-manager

If you want to install new Xen guests (virtual machines) with the graphical virt-manager GUI, install it like this:

# yum install virt-manager libvirt virt-viewer

Note that libvirt (libvirtd) is also required for text-based guest VM network installations!

Verify "libvirtd" is set to automatically start so the "virbr0" bridge nat/dhcp service provided by dnsmasq works ok for guest (vm) network installations. Also start it now:

# chkconfig --list libvirtd
libvirtd        0:off   1:off   2:off   3:on    4:on    5:on    6:off

# /etc/init.d/libvirtd start

Verify there's the "virbr0" bridge and "dnsmasq" process running:

# brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       yes

# ps aux | grep -i dnsmasq
nobody    1966  0.0  0.0  12784   708 ?        S    23:27   0:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file=  --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253

Verify the IP settings libvirtd/dnsmasq configured for the "virbr0" network interface:

# ifconfig virbr0
virbr0    Link encap:Ethernet  HWaddr 12:57:62:0E:3F:9E
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:933 (933.0 b)

Also verify libvirtd/dnsmasq has added the required iptables NAT rule ("MASQUERADE") to enable Internet access from the virbr0 bridge:

# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 23 packets, 5301 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain POSTROUTING (policy ACCEPT 116 packets, 8764 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24
Chain OUTPUT (policy ACCEPT 116 packets, 8764 bytes)
 pkts bytes target     prot opt in     out     source               destination

And that IP forwarding (routing) is enabled:

# cat /proc/sys/net/ipv4/ip_forward
1

Note that to run the graphical virt-manager you don't have to run X server on the Xen system (dom0), you can run virt-manager in dom0 but tunnel the X11 GUI over ssh and display the graphical tools on your remote workstation/laptop!

Using ssh X11 forwarding

Install "xorg-x11-xauth" on your Fedora 13 Xen system to be able to use X11 forwarding over ssh session from your desktop/laptop:

# yum install xorg-x11-xauth

If you're connecting from a Linux workstation/laptop enable ssh X11 forwarding like this:

# ssh -X root@<f13_host_ip>

If you're using Putty on Windows you need to enable X11 forwarding in Putty settings, and also install X-server to Windows, such as Xming, and start it before trying to run graphical applications from ssh session.

This is what you should see when logging in for the first time with ssh, when X11 forwarding is enabled in your ssh client. Note the ssh server system (Fedora 13 Xen host) needs to have "xorg-x11-xauth" rpm package installed:

Last login: Mon Aug 23 21:50:49 2010 from <your_workstation_ip>
/usr/bin/xauth:  creating new authority file /root/.Xauthority

Now you can run graphical (X11) applications and the GUI will be displayed on your local workstation/laptop X, tunneled over the secure ssh connection. Try running "virt-manager", or any other graphical (X11) tool as an example.