Fedora 13 Xen 4 Tutorial
This is a step-by-step tutorial how to install Xen hypervisor 4.0.1 and the long-term maintained Linux pvops dom0 kernel 2.6.32.x on Fedora 13 (x86_64) Linux.
As a default Fedora 13 includes Xen 3.4.3 RPMs, but this tutorial explains how to install the newer Xen 4.0.1 version by downloading the RPMs from Fedora Koji.
Additionally, this tutorial will also cover the installation of a PVops dom0 kernel.
Note that this tutorial disables various security features to make sure everything works well without unexpected problems! After getting everything to work OK you should enable SElinux, iptables firewall etc. Follow this tutorial step-by-step and you'll get a working system.
The steps below also work for Fedora 14. Fedora 14 includes Xen 4.0.2 rpm binaries in the default repositories.
Hardware used in this tutorial:
- Intel Core2 Quad CPU.
- 8 GB of RAM.
- SATA harddisk (AHCI mode).
- DVDROM drive.
- Intel NIC (e1000), DHCP for Internet access.
For generic information about Xen 4.0 release please see Xen4.0 wiki page.
This tutorial is verified to work on 30th of October 2010.
Installing Fedora 13
Get Fedora, whether by burning a CD/DVD, running it from a USB drive, or doing a network install. You can follow the official Fedora Guide, available here for more information.
The installation is straight forward. There are no Xen specific options that have to be selected at install time, other than setting up your hard drive(s) for later use. Ideally, you should choose the "Minimal Installation" option, though it's not strictly necessary. These instructions are just guidelines, and don't have to be strictly adhered to. Feel free to modify them as necessary.
- Make /boot partition the primary (first) partition and choose "ext3" (not "ext4") as the filesystem type
- Make /boot big, say 2 GB, to fit all the development debug-enabled kernels and big initrd-images caused by debug-enabled kernel modules.
- With the rest of the space on the drive, create a second partition and format it as LVM PV (Physical Volume)
- Create a LVM Volume Group on your newly created LVM PV.
- Then create a new logical volume on the new volume group, and assign it the mount point / (the root). It should be at least 40 GB to fit all the development tools and source trees. The type of filesystem isn't important, though it's unlikely you'll need to change the default - ext4.
- Create a swap partition logical volume on the volume group as well.
- Important note about LVM volume group setup: You should leave free space in the LVM volume group for storing guest virtual disks!! If you don't do this, you'll need to find an alternate location to store the guest virtual disks.
- See this F13 installer screenshot for disk partitioning and LVM setup example:
Configuration after installation
After the installation login as "root" from the console.
Enable automatic start of networking and start the network (it's disabled by default in favor of NetworkManager):
# chkconfig network on # chkconfig NetworkManager off # /etc/init.d/network start
After starting the network you can log in from the network using SSH, if you prefer remotely configuring and setting up things. Use "ifconfig" to check the IP of the newly installed system (if using DHCP).
Then we continue and install some commonly used and needed tools:
# yum install screen vim wget tcpdump ntp ntpdate man smartmontools ethtool
Enable and start ntpd to keep time synchronized:
# chkconfig ntpd on # chkconfig ntpdate on # /etc/init.d/ntpdate start # /etc/init.d/ntpd start
As a default (in F13) you don't get to choose the kernel - grub menu will be skipped. So you'll need to fix the timeout to be able to choose which kernel to boot during system startup.
Edit "/boot/grub/grub.conf" and modify "timeout=10" and comment out the "hiddenmenu" option, so it'll look like:
#boot=/dev/sda default=0 timeout=10 splashimage=(hd0,0)/grub/splash.xpm.gz #hiddenmenu title Fedora (22.214.171.124-85.fc13.x86_64) root (hd0,0) kernel /vmlinuz-126.96.36.199-85.fc13.x86_64 ro root=/dev/mapper/vg_f13-lvroot rd_LVM_LV=vg_f13/lvroot rd_LVM_LV=vg_f13/lvswap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fi rhgb quiet initrd /initramfs-188.8.131.52-85.fc13.x86_64.img
SELinux doesn't play too well with Xen, and we want to make sure we don't get problems from too strict selinux policies at this point. So edit "/etc/selinux/config" and disable SELinux:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
We're going to be connecting to the dom0 by SSH/VNC for remote domU installs, so disable the Fedora default iptables firewall for now: (Properly configuring the firewall is out of scope for this tutorial, but it is recommended.)
# /etc/init.d/iptables stop # chkconfig iptables off
Next, disable ksmtuned so that it won't flood the console with errors (it's not compatible with Xen currently):
# /etc/init.d/ksmtuned stop # chkconfig ksmtuned off
If you're going to use X11 forwarding over ssh session, install "xorg-x11-xauth"
# yum install xorg-x11-xauth
Install the latest Fedora package updates, any security fixes, etc:
# yum update
And at this point it's best to reboot the system, to get the newest kernel in use, and make sure everything works so far.
After the system reboots it's good to verify the firewall got disabled properly and there are no iptables rules in use anymore:
# iptables -L -n -v Chain INPUT (policy ACCEPT 99 packets, 11467 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 97 packets, 9805 bytes) pkts bytes target prot opt in out source destination
Also verify SElinux is disabled:
# getenforce Disabled
Now all the basic setup is done and you can move forward.
Installing Xen 4
For Fedora 14 (and later), RPMs are pre-compiled and included in the Fedora repos. As such, it is possible to do
yum install xen to get all the necessary xen components.
For Fedora 13, the latest and greatest updates for all versions of Fedora are available for download directly from Fedora Koji. In theory, the RPMs built for later distributions (ie Fedora 15) can work with Fedora 13/14 - however, this has not been tested. Instead, download the RPMs built for Fedora 14, then do a
yum localinstall *.rpm
If you want to download & compile Xen yourself, see Compiling Xen for a step by step guide.
Download or compile Linux 2.6.32.x pvops Xen dom0 kernel
For more information about pvops dom0 kernels and why it's necessary to use a special kernel, please see XenParavirtOps wiki page.
The easiest way to get the kernel is to download a pre-built "xendom0" kernel rpm. You can get them from Fedora developer M A Young's site:
As of 14th Apr 2011, the compiled kernels were last updated on 3rd May 2011, and were built for Fedora 13 according to the filename. However, they should work on Fedora 14. You can compile the kernel yourself to get the latest updates, or choose to download the kernel RPMs.
Prepare to reboot into Xen
First we have to set up a new grub entry to boot the Xen hypervisor with the pvops dom0 kernel. We do so by editing "/boot/grub/grub.conf" to make it look like this:
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/mapper/vg_f13-lvroot # initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=10 splashimage=(hd0,0)/grub/splash.xpm.gz #hiddenmenu title Fedora (184.108.40.206-147.2.4.fc13.x86_64) root (hd0,0) kernel /vmlinuz-220.127.116.11-147.2.4.fc13.x86_64 ro root=/dev/mapper/vg_f13-lvroot rd_LVM_LV=vg_f13/lvroot rd_LVM_LV=vg_f13/lvswap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fi rhgb quiet initrd /initramfs-18.104.22.168-147.2.4.fc13.x86_64.img title Fedora (22.214.171.124-85.fc13.x86_64) root (hd0,0) kernel /vmlinuz-126.96.36.199-85.fc13.x86_64 ro root=/dev/mapper/vg_f13-lvroot rd_LVM_LV=vg_f13/lvroot rd_LVM_LV=vg_f13/lvswap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fi rhgb quiet initrd /initramfs-188.8.131.52-85.fc13.x86_64.img title Fedora Xen 4.0 with Linux 184.108.40.206 pvops dom0 root (hd0,0) kernel /xen.gz dom0_mem=1024M loglvl=all guest_loglvl=all module /vmlinuz-220.127.116.11 ro root=/dev/mapper/vg_f13-lvroot nomodeset module /initramfs-18.104.22.168.img
Note the last entry: The kernel you're booting is actually Xen, and we're using the 'module' keywords to tell Xen to start the actual kernel and initrd once Xen starts up.
Important: Make sure the "root=/dev/something/here" parameter matches what you have for the normal Fedora kernel entries! If they don't match, your system will not boot.
Finally, verify that Xen services/daemons are properly configured to start automatically:
# chkconfig --list | grep xen xenconsoled 0:off 1:off 2:off 3:on 4:on 5:on 6:off xend 0:off 1:off 2:off 3:on 4:on 5:on 6:off xendomains 0:off 1:off 2:off 3:on 4:on 5:on 6:off xenstored 0:off 1:off 2:off 3:on 4:on 5:on 6:off
And now you're ready to reboot into Xen.
Remember: When the system restarts select the Xen entry from Grub boot menu! We haven't changed the default grub entry yet.
Verifying the Xen setup after reboot
When your system is done rebooting log in as root and run the following commands to verify everything is working properly.
Check that the Xen hypervisor is running by asking it for information:
[root@f13 ~]# xm info host : f13.localdomain release : 22.214.171.124 version : #3 SMP Sat Oct 30 15:24:53 EEST 2010 machine : x86_64 nr_cpus : 4 nr_nodes : 1 cores_per_socket : 4 threads_per_core : 1 cpu_mhz : 2826 hw_caps : bfebfbff:20100800:00000000:00000940:0408e3fd:00000000:00000001:00000000 virt_caps : hvm total_memory : 8190 free_memory : 7076 node_to_cpu : node0:0-3 node_to_memory : node0:7076 node_to_dma32_mem : node0:3259 max_node_id : 0 xen_major : 4 xen_minor : 0 xen_extra : .1 xen_caps : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 xen_scheduler : credit xen_pagesize : 4096 platform_params : virt_start=0xffff800000000000 xen_changeset : unavailable xen_commandline : dom0_mem=1024M loglvl=all guest_loglvl=all cc_compiler : gcc version 4.4.4 20100630 (Red Hat 4.4.4-10) (GCC) cc_compile_by : root cc_compile_domain : cc_compile_date : Sat Oct 16 00:13:54 EEST 2010 xend_config_format : 4
Check the list of running domUs:
# xm list Name ID Mem VCPUs State Time(s) Domain-0 0 1017 4 r----- 23.1
Make sure the "Mem" field for Domain-0 is around the same amount that you specified in grub.conf in "dom0_mem" parameter.
Finally, check the dom0 Linux kernel version:
# uname -a Linux f13.localdomain 126.96.36.199 #3 SMP Sat Oct 30 15:24:53 EEST 2010 x86_64 x86_64 x86_64 GNU/Linux
The basic setup is now done. You should now go back to the grub menu file and change the
default=0 line to read
default=2 (or whatever line your new entry is at) to automatically boot into Xen.
Installing libvirtd and graphical virt-manager
If you want to install new Xen guests (virtual machines) with the graphical virt-manager GUI, install it like this:
# yum install virt-manager libvirt virt-viewer
Note that libvirt (libvirtd) is also required for text-based guest VM network installations!
Verify "libvirtd" is set to automatically start so the "virbr0" bridge nat/dhcp service provided by dnsmasq works ok for guest (vm) network installations. Also start it now:
# chkconfig --list libvirtd libvirtd 0:off 1:off 2:off 3:on 4:on 5:on 6:off # /etc/init.d/libvirtd start
Verify there's the "virbr0" bridge and "dnsmasq" process running:
# brctl show bridge name bridge id STP enabled interfaces virbr0 8000.000000000000 yes # ps aux | grep -i dnsmasq nobody 1966 0.0 0.0 12784 708 ? S 23:27 0:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253
Verify the IP settings libvirtd/dnsmasq configured for the "virbr0" network interface:
# ifconfig virbr0 virbr0 Link encap:Ethernet HWaddr 12:57:62:0E:3F:9E inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:933 (933.0 b)
Also verify libvirtd/dnsmasq has added the required iptables NAT rule ("MASQUERADE") to enable Internet access from the virbr0 bridge:
# iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 23 packets, 5301 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 116 packets, 8764 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24 Chain OUTPUT (policy ACCEPT 116 packets, 8764 bytes) pkts bytes target prot opt in out source destination
And that IP forwarding (routing) is enabled:
# cat /proc/sys/net/ipv4/ip_forward 1
Note that to run the graphical virt-manager you don't have to run X server on the Xen system (dom0), you can run virt-manager in dom0 but tunnel the X11 GUI over ssh and display the graphical tools on your remote workstation/laptop!
Using ssh X11 forwarding
Install "xorg-x11-xauth" on your Fedora 13 Xen system to be able to use X11 forwarding over ssh session from your desktop/laptop:
# yum install xorg-x11-xauth
If you're connecting from a Linux workstation/laptop enable ssh X11 forwarding like this:
# ssh -X root@<f13_host_ip>
If you're using Putty on Windows you need to enable X11 forwarding in Putty settings, and also install X-server to Windows, such as Xming, and start it before trying to run graphical applications from ssh session.
This is what you should see when logging in for the first time with ssh, when X11 forwarding is enabled in your ssh client. Note the ssh server system (Fedora 13 Xen host) needs to have "xorg-x11-xauth" rpm package installed:
Last login: Mon Aug 23 21:50:49 2010 from <your_workstation_ip> /usr/bin/xauth: creating new authority file /root/.Xauthority
Now you can run graphical (X11) applications and the GUI will be displayed on your local workstation/laptop X, tunneled over the secure ssh connection. Try running "virt-manager", or any other graphical (X11) tool as an example.