Xen

From Gentoo Linux Wiki

Jump to: navigation, search

Virtualization TOC


Virtual pc.png

Contents

[edit] Introduction

[edit] Purpose

Building xen for dom0 and domU. And getting the first domU running.

[edit] References

[edit] Overview

Xen is an open-source para-virtualizing virtual machine monitor (VMM), or 'hypervisor', for the x86 processor architecture. Xen can securely execute multiple virtual machines on a single physical system with close-to-native performance. Xen facilitates enterprise-grade functionality, including:

  • Virtual machines with performance close to native hardware.
  • Live migration of running virtual machines between physical hosts.
  • Up to 32 virtual CPUs per guest virtual machine, with VCPU hotplug.
  • x86/32, x86/32 with PAE, and x86/64 platform support.
  • Hardware virtualization support:
    • Intel Virtualization Technology (VT-x) for unmodified guest operating systems (including Microsoft Windows).
    • AMD Virtualization Technology (SVM aka Pacifica) on AM2 and F stepping Opterons (2006H2)
  • Excellent hardware support (supports almost all Linux device drivers).

[edit] Example Usage scenarios for Xen

Server Consolidation
Move multiple servers onto a single physical host with performance and fault isolation provided at the virtual machine boundaries.
Hardware Independence
Allow legacy applications and operating systems to exploit new hardware.
Multiple OS configurations
Run multiple operating systems simultaneously, for development or testing purposes.
Kernel Development
Test and debug kernel modifications in a sand-boxed virtual machine -- no need for a separate test machine.
Cluster Computing
Management at VM granularity provides more flexibility than separately managing each physical host, but better control and isolation than single-system image solutions, particularly by using live migration for load balancing.
Hardware support for custom OSes
Allow development of new OSes while benefiting from the wide-ranging hardware support of existing OSes such as Linux.


[edit] Installation Overview

These are the key items that you will need when setting up your system to use Xen.

Each VM you run is called a Domain in Xen terms. Domain 0 (aka Dom0) is the master domain and replaces your normal Linux kernel. Through it you use the management tools to control other VMs. Other domains are unprivileged and are termed Domain U or DomU.

A key point to remember is that Xen requires the DomU systems to use special drivers to access hardware. Dom0 manages the hardware and its drivers act as a "backend" and manage access to the actual hardware.

Remember that the Xen 3.0 User Manual provides a large amount of authoritative information. It will help you understand many things about Xen that are not described in this HOWTO.

From a standard Gentoo system you will need to do the following to start with Xen:

  • Build the hypervisor (Xen)
  • Switch to using kernel source patched with Xen code (xen-sources)
  • Install the Xen management tools (xm, xend etc)
  • Build a Xen aware Dom0 kernel
  • Configure your boot loader to start Xen, which will in turn start your dom0

The Dom0 kernel will effectively replace your normal Linux kernel and will reuse the environment that you already had setup.

Once you have your system running Xen and Dom0 you can start configuring various DomUs.

Note: Client kernels (DomU) must exist in the Dom0 filesystem in order for Xen to startup the VM. Xen is presently unable to read and boot a kernel from within a client disk image. While this has the advantage that a DomU kernel can be shared between VMs, it makes the setup a bit harder.

In the simple case your DomU OS will be the same as your Dom0 OS but running off a different file system. In this case you can make your kernel configuration identical except for the Xen specific drivers.

  • Build or acquire a DomU kernel (vmlinuz)
  • Install the DomU kernel in your Dom0 system /boot partition
  • Create or acquire a disk image for your DomU
  • Write a VM configuration file in /etc/xen/yourconfigfile
  • Start the client VM with the management tools "xm"

[edit] Preparing the System

[edit] Profile

Ensure the system is running the latest Gentoo profile (currently 2008.0). Using the latest profile will ensure you're using a recent version of glibc with nptl. You can use any 2006.1 or later profile (including desktop sub profile).

You can check what profile the system is using by checking the result of running:

eselect profile list
Code: Example profile list 
Available profile symlink targets:
  [1]   default-linux/x86/2007.0 *
  [2]   default-linux/x86/no-nptl
  [3]   default-linux/x86/no-nptl/2.4
  [4]   default-linux/x86/2007.0/desktop
  [5]   hardened/x86/2.6
  [6]   selinux/x86/2007.0

The currently selected profile is displayed with an asterisk (*) next to it. In the above example the selected profile is default-linux/x86/2007.0.

If the system is not showing any recent profiles, then you need to update your local portage repository by running:
emerge --sync

For details on how to change the system profile, see the Gentoo Upgrading Guide

Note: If you plan to add hvm support on amd64, you will need to have multilib support. As long as you DON'T have "no-multilib" as your profile you're fine, as all other profiles support multilib. This gets confusing as "emerge -pv gcc glibc" will always show (-multilib) as a USE option. It just means the the option is locked, but does not indicate what it's set to. The only way I found to check this is to run "gcc -v" and check for the string "--enable-multilib" in the output. Another catch, once you change your profile to "no-multilib" there is apparently no way back.
Note: If the xen-sources kernel is significantly older than gentoo-sources kernel and coreutils is up to date, you may need to downgrade coreutils before installing xen-sources and xen-tools. Currently xen-sources is at 2.6.21, gentoo-sources is at 2.6.25, xen-tools is at 3.2.1, and coreutils must be downgraded from 6.12 to 6.11. (Networking will be strangely broken if you do not).
Warning: Warning: xen-sources greater than "xen-sources-2.6.18-r12" are currently hardmasked. You should only use them if your hardware is unsupported on xen-sources-2.6.18-r12.

See this post for more info [1] :

Code: See this post for more info: 
Available profile symlink targets:
  [1]   default-linux/amd64/2006.1
  [2]   default-linux/amd64/2006.1/desktop
  [3]   default-linux/amd64/2006.0/no-symlinks
  [4]   default-linux/amd64/2006.1/no-multilib
  [5]   default-linux/amd64/2007.0 *
  [6]   default-linux/amd64/2007.0/desktop
  [7]   default-linux/amd64/2007.0/no-multilib
  [8]   default-linux/amd64/2007.0/server
  [9]   hardened/amd64
  [10]  hardened/amd64/multilib
  [11]  selinux/2007.0/amd64
  [12]  selinux/2007.0/amd64/hardened

[edit] TLS and CFLAGS

Some software, in particular the glibc TLS library, is implemented in a way that will conflict with how Xen uses segment registers to circumvent a limitation of 32-bit x86 hardware platforms, causing poor performance whilst carrying out certain operations under Xen. This will result in a ~50% performance penalty running multi-threaded applications. To fix this, you must compile your system with the '-mno-tls-direct-seg-refs' flag.

Edit your /etc/make.conf and add '-mno-tls-direct-seg-refs' to your CFLAGS. This is similar to the Xen instructions to
mv /usr/lib/tls /usr/lib/tls.disabled
, but instead removes the trapped (slow) opcodes for every binary, not just glibc. If using the -Os flag (with any <gcc-4), change it to -O2, as the compiler is known to produce broken code otherwise.
Note: The '-mno-tls-direct-seg-refs' flag does not make sense on any 64bit system. For such systems you can skip the recompilation of the whole world and just recompile glibc

You will also need to fix the CFLAGS for each domain you install. In practice, however, you will do this only once and save the result as your 'skeleton base' for all your domain Us. Following this articles method of using binary packages built by the host will also save you time.

[edit] nptlonly USE flag

Note: From glibc-2.6, nptl is always enabled and the nptl and nptlonly USE flags are no longer available. So you can safely skip this section if you have glibc-2.6 or higher.
The system must be using the nptlonly USE flag. To check whether this USE flag is currently enabled, run:
emerge -pv glibc

If it shows the nptlonly USE flag as being off, then you need to add it to your global USE flags in /etc/make.conf

[edit] Activating buildpkg

Your system is about to be rebuilt entirely, but to save time later (when building the domU installs, assuming you're going to install Gentoo on them), activate the buildpkg portage feature by adding it to FEATURES in /etc/make.conf by running: 

echo 'FEATURES="${FEATURES} buildpkg"' >> /etc/make.conf
This feature tells portage to create a binary package from every package it compiles and stores it in /usr/portage/packages. For more information on this feature see
man make.conf
or
man quickpkg

[edit] Applying Changes

Note that this step may take quite some time as it will recompile every package on your system.

Update the system by running:
emerge -evat world
Warning: If you try to reboot your machine afterwards, you may experience a little problem: it may not boot any more. I just used grub to re-install grub's disk sectors and all was ok, again.
If you need an explanation of the flags used, run
emerge --help
or
man emerge

[edit] Windows and other Unmodified Guests in domU (a.k.a. HVM Guests)

If you have a processor with Intel Virtualization Technology (VT, previously known as Vanderpool) or AMD Secure Virtual Machine (SVM, previously known as Pacifica) technology, you can run unmodified guest operating systems like Windows XP, unmodified Linux distributions, *BSD, Solaris x86, etc. Processors with hardware virtualization capability include the Pentium D 9x0 series, Intel Core, Intel Core 2 and many AMD AM2 CPUs. (check for vmx flag (intel) and svm flag (amd) in /proc/cpuinfo!)

Before installing xen and xen-tools you will need to add hvm to your USE Flags. This is at least required with the current xen-3.1.2 ebuilds.

More information can be found at Xen: MS Windows systems as guest.

Note: If you intend to run Windows (or any other guest that needs to think it has access to "real VGA" hardware) in DomU, then you need to make sure that you add sdl to your USE Flags and
emerge media-libs/libsdl
before you emerge xen and xen-tools (recent ebuilds have 'sdl' use flag for xen). (This seems to have changed from sdl to hvm in recent ebuilds)
Note: For HVM guests to be able to start, it is important that you create the appropriate tap device(s). Thus, the sys-apps/usermode-utilities package is required (tunctl), and support for TUN/TAP devices must be activated in the kernel configuration. Kernel Location: ->Device Drivers -> Network device support
Note: For Windows HVM guests to be able to track mouse cursor correctly, it is important that you set the line: usbdevice=tablet in your guest config file. For linux HVM see the xen 3.0 docs, Appendix A.4.3: http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user/user.html

[edit] Building the hypervisor and applications

Xen is still ~arch masked. Unmask it:

File: /etc/portage/package.keywords
app-emulation/xen
app-emulation/xen-tools
sys-kernel/xen-sources

On amd64 you will also need to add sys-devel/dev86 if you plan on using hvm.

Install the hypervisor and applications by running:
emerge -av app-emulation/xen app-emulation/xen-tools
Add the xen daemon to the default runlevel with:
rc-update add xend default

The xen ebuild installs the hypervisor (/boot/xen.gz), while the xen-tools package installs both the xend daemon for controlling the virtual machines, and various command line tools.

To configure the network, make your changes in /etc/conf.d/net but DO NOT add net.eth0 to runlevel default. /etc/init.d/xend will start and configure your network at boot time. (While testing the initial kernel build on a machine on a remote net connection it may be useful to leave net.eth0 enabled and NOT autostart xend)

Note: This is incorrect at least since xen-tools-3.4. Probably already from xen-3.2 up, the default behavior of xend has changed. The default xend config now expects a physical network device like eth0 to be properly configured when it starts. It then proceeds by renaming it to peth0 and creating a bridge called eth0, which is then set up with the config of the previous physical eth0. This means that contrary to what's stated above you *need* to have net.eth0 in the default runlevel together with xend. For details, see /etc/xen/scripts/network-bridge.

Newer Gentoo automaticly loads net.eth0 even if it is disabled in the default runlevel. You can disable this behaviour by changing RC_PLUG_SERVICES variable in /etc/conf.d/rc:

File: /etc/conf.d/rc
RC_PLUG_SERVICES="!net.*"

[edit] Building the kernel

There are two ways to build the kernel. You can do it manually, or you can have sys-kernel/genkernel do it for you. Genkernel will also build an initrd for you, which is where you activate LVM, EVMS and DMRAID volumes.

Install the Xen kernel sources with:
emerge sys-kernel/xen-sources

In /usr/src/linux-2.6.x.y-xen you will now find the sources required to build the kernel for a Xen domain.

It is recommended to build two separate kernels, one for domain 0, and one for domain U. You can use modules, but all drivers required to boot must be builtin.


[edit] Manually building the kernel

The Xen kernel can be difficult to configure - there are many options, some of which will cause your dom0 or domU kernels to fail on booting (eg. with errors opening the root device).

[edit] Separating dom0 and domU

So the xen-sources ebuilds only install one copy of the kernel-sources, but you have 2 separate configurations to maintain: one for dom0 and one for domU. So you might want to have 2 different ".config" files and two different trees of compiled binaries.

This can be achieved with the following aliases defined in:

File: ~/.bash_profile
alias make0="mkdir -p _dom0 && make O=_dom0"
alias makeU="mkdir -p _domU && make O=_domU"

From now on, you use "make0" or "makeU" instead of "make". For example makeU menuconfig will create the directory _domU and will store the ".config"-file in that subdirectory. "makeU all" will compile your domU kernel, and will store all binaries in that subdirectory. The same applies for make0 and the directory _dom0.

That way, you can manage both configuration with only one copy of the sources.

Now, for easy upgrading from one kernel to another, we create the script ~/bin/copy-config with the following content:

File: ~/bin/copy-config
#!/bin/sh

DIR="$1"
DIR0=_dom0
DIRU=_domU

mkdir -p "${DIR0}" "${DIRU}" && \
cp "$DIR/${DIR0}/.config" "${DIR0}/"
cp "$DIR/${DIRU}/.config" "${DIRU}/"

With that script, we can easily upgrade from let's say xen-sources-2.6.20-xen-r2 to xen-sources-2.6.20-xen-r3 with the following steps:

/usr/src # cd linux-2.6.20-xen-r3/

/usr/src/linux-2.6.20-xen-r3 # ~/bin/copy-config ../linux-2.6.20-xen-r2/

/usr/src/linux-2.6.20-xen-r3 # make0 oldconfig && makeU oldconfig
Warning: Since we modified the output directory of the kernel, we also need to inform portage about it so that we can emerge kernel modules. Add the following two lines to /etc/make.conf:
File: /etc/make.conf
KERNEL_DIR=/usr/src/linux
KBUILD_OUTPUT=${KERNEL_DIR}/_dom0

[edit] Domain 0 Kernel Configuration

The domain 0 kernel should contain drivers for Xen backend devices, and all of your usual hardware. That is, the dom0 configuration should enable all the options for backend drivers and disable all options for building in the frontend drivers. The frontend driver configuration options will be used when building the domU kernel so take note of them for later. In effect the backend driver allows the dom0 to talk directly to the hardware. Conversely, the frontend driver is a stub driver allowing the domU to efficiently call through to the dom0 to ask its backend driver to do the actual work.

Ethernet bridging support is required in order to bridge domain U kernels to a domain 0 /dev/ethX device, as well as Network-device loopback driver. This is the default set by /etc/xen/scripts/vif-bridge when a domain is created.

An alternative is to use IP routing in domain 0 if you want to keep domain U isolated from the external ethernet.

To even get at the Xen configuration options, you must make an appropriate selection under Processor type and features:

Note: The "Enable Xen compatible kernel" flag is specific to x86_64 and ia64 architectures. In i386 you need to set the "Subarchitecture Type" to "Xen-compatible" instead.
Note: Do not select the "Subarchitecture Type" of "ScaleMP vSMP" as this setting is not compatible with Xen. [2]
Linux Kernel Configuration: Enabling Xen (64 bit) 
Processor type and features  --->
      Subarchitecture Type (PC-compatible)
  [*] Enable Xen compatible kernel
Linux Kernel Configuration: Enabling Xen (32 bit) 
Processor type and features  --->
  Subarchitecture Type (Xen-compatible)  --->

The configuration dialogue for the Xen kernel options has changed quite a bit since this tutorial was written. I'm posting the new stuff with a sample of a (not thoroughly tested) configuration based on this section and the notes added to it.

Linux Kernel Configuration: Dialogue For Xen (as of 2.6.20-xen-r4) 
Device Drivers  --->
     XEN --->
       [*] Privileged Guest (domain 0)
       <*> Backend driver support
       <*>   Block-device backend driver
       <*>   Block-device tap backend driver
       <*>   Network-device backend driver
       [ ]     Pipelined transmitter (DANGEROUS)
       <*>     Network-device loopback driver
       <*>   PCI-device backend driver
               PCI Backend Mode (Virtual PCI)  --->
       [ ]     PCI Backend Debugging
       < >   TPM-device backend driver
       < > Block-device frontend driver
       < > Network-device frontend driver
       < > Framebuffer-device frontend driver
       [*] Scrub memory before freeing it to Xen
       [*] Disable serial port drivers
       <*> Export Xen attributes in sysfs
           Xen version compatibility (no compatibility code)  --->
Linux Kernel Configuration: Dialogue For Xen (old) 
  [*] Privileged Guest (domain 0)
  < > PCI device backend driver
  <*> Block-device backend driver
  < >   Block Tap support for backend driver (DANGEROUS)
  <*> Network-device backend driver
  [ ]   Pipelined transmitter (DANGEROUS)
  <*>   Network-device loopback driver
  < > TPM-device backend driver
  < > Block-device frontend driver
  < > Network-device frontend driver
  < > Block device tap driver
  < > TPM-device frontend driver
  [*] Scrub memory before freeing it to Xen
  [ ] Disable serial port drivers
  <*> Export Xen attributes in sysfs

Other options are the same as they were the day this tutorial was written.

Linux Kernel Configuration: Miscellaneous Dom0 Options 
Networking --->
  Networking options --->
    TCP/IP networking
      <*> IP: tunneling
    <*> 802.1d Ethernet Bridging

Device Drivers  --->
  Block devices  --->
    <*> Loopback device support
Note: If you want to be able to let a DomU have direct access for specific hardware e.g. a soundcard you should activate XEN ---> < > PCI device backend driver.
Note: On Dell poweredge server you may need to disable USB support if your machine freezes constantly.
Note: If you won't get any output when you run xm console, activating "Disable serial port drivers" helped me.
Note: In Xen 3.0.4 support for VBDs (virtual block devices) has changed. To get this new support make sure to include "Block Tap support for backend driver" in your kernel configuration.

Now compile and install the Domain 0 kernel:

make0 && make0 modules_install cp _dom0/vmlinuz /boot/vmlinuz-2.6.x.y-xen0

Note: You won't be able to make bzImage. The Xen hypervisor takes care of booting from the Domain 0 vmlinuz image.

[edit] Domain U Kernel Configuration

The domain U kernel should contain only Xen frontend drivers since it has no real hardware. It is recommended that only the Xen specific items are different between the Dom0 and DomU kernel configuration files.

Linux Kernel Configuration: DomU Configuration (as of 2.6.20-xen-r4) 
Processor type and features  --->
  Subarchitecture Type (Xen-compatible)  --->

Bus options (PCI etc.)  --->
  [*] Xen PCI Frontend

XEN --->
  [ ] Privileged Guest (domain 0)
  < > Backend driver support
  <*> Block-device frontend driver
  <*> Network-device frontend driver
  <*> Framebuffer-device frontend driver
  <*>   Keyboard-device frontend driver
  [*] Scrub memory before freeing it to Xen
  [*] Disable serial port drivers
  <*> Export Xen attributes in sysfs
      Xen version compatibility (no compatibility code)  --->
Linux Kernel Configuration: DomU Configuration (old) 
Processor type and features  --->
  [*] Enable Xen compatible kernel

XEN --->
  [ ] Privileged Guest (domain 0)
  [ ]  Block-device backend driver
  [ ]  Network-device backend driver
  [*] Block-device frontend driver
  [*] Network-device frontend driver
  [ ]   Piplined transmitter (DANGEROUS)
  [*] Disable serial port drivers
  [*] Scrub memory before freeing it to Xen
      Processor Type (X86)  --->
Note: You must enable framebuffer device support for the Framebuffer-device frontend driver option to appear]
Note: You may also need to disable SCSI in the domU kernel, as the block frontend needs to register that device ID space
Note: Disabling the serial port drivers allows Dom0 to attach to a running unprivileged domain's serial port

You can also use gentoo-sources, hardened-sources or another kernel >= 2.6.23, they have XEN client support included. You can find XEN-Drivers at Device Drivers ---> Block Devices ---> Xen virtual block device support and Device Drivers ---> Network device support ---> Xen network device frontend driver after you enabled Processor type and features ---> Paravirtualized guest support ---> Xen guest support

Now compile and install the Domain U kernel:

makeU

cp _domU/vmlinuz /boot/vmlinuz-2.6.x.y-xenU

At the moment Xen can't boot from kernel images stored inside virtual machines, so you need to store them inside the domain 0 virtual machine. In this example they are stored in /boot/ but since they aren't necessary to boot domain 0 you can put them anywhere in the Dom0 filesystem.

[edit] Only one domain 0 kernel

Most of this is taken from the Xen Wiki. Except the stuff about depmod.

Many users will be better off using the "-xen" kernel instead of "-xen0" and "-xenU" kernels. The -xen0/U kernels are used to achieve faster compile times in the dev process. Each kernel can be compiled independently and since only a small subset of kernel components are compiled the overall process can save a great deal of developer time. The -xen kernel is more like the kernels that come with many distributions (Redhat/Fedora, SuSE, Debian Etch). These kernels ship with a large number of components, like drivers for devices and file systems, compiled as modules. This allows these kernels to run on more hardware than the type of stripped down custom kernel you would find on an appliance. The -xen kernel will take longer to compile and will require a initrd but once built it will work on more hardware and "play well" with more distributions. Many of the recent problems reported on the user list would have been avoided by using the -xen kernel.

To build the -xen kernel edit the top level Makefile so that this line:

KERNELS ?= linux-2.6-xen0 linux-2.6-xenU

looks like this

KERNELS ?= linux-2.6-xen

Warning: The line mentioned above does not appear in a recent source tree: 
  # pwd
  /usr/src/linux-2.6.20-xen-r3
  # find . -name 'Makefile' | xargs egrep 'KERNELS'
  # echo $?
  123

Then build with:

make world

You will get a single kernel and modules which can be used for both Domain0 and all DomainUs. Copy the modules directory /lib/modules/2.6.<version>-xen to the /lib/modules directory of your VM and make an initrd with mkinitrd but first you have to create the dependencies for the module:

depmod 2.6.<version>-xen

Next run mkinitrd as explained (mkinitrd is currently masked ~ in amd64, I merged it anyway and it "seems" to works):

mkinitrd /boot/initrd-xen-3.0.img 2.6.<version>-xen

You will need to add the initrd to your grub config under the -xen kernel line. It looks something like this (more on grub.conf below. Please also see the note on gunzipping the generated image below):

File: /boot/grub/grub.conf
module /vmlinuz-2.6-xen <your config here>
module /initrd-xen-3.0.img

The same initrd can be used for the VM by adding the following to its config file.

ramdisk = "/boot/initrd-xen-3.0.img"


[edit] Using genkernel

There are a few kinks to work out if you wish to use genkernel to generate your kernel and initrd images.

emerge genkernel

When building >=sys-kernel/xen-sources-2.6.16 the current version of genkernel (3.4.0) fails due to a change in Xen that genkernel hasn't been updated to deal with. Fortunately, there's an easy fix from bug #120236: 

wget http://bugs.gentoo.org/attachment.cgi?id=94540 -O x86-xen0.tar.bz2
tar -xvjf x86-xen0.tar.bz2 -C /usr/share/genkernel/
rm x86-xen0.tar.bz2

The patch is not perfect. If you have trouble while booting your kernel and get a message saying that the switch_root applet could not be found just execute

echo "CONFIG_SWITCH_ROOT=y" >> /usr/share/genkernel/x86-xen0/busy-config

to enable this applet. After that you have to rebuild your initial ramdisk.

You might need to adjust your /usr/src/linux symlink in order for genkernel to choose the right kernel.

Set the following options in genkernel.conf:

File: /etc/genkernel.conf

MENUCONFIG="yes"

# Force genkernel-3.4 to use the arch-specific kernel config file from /usr/share/genkernel/${ARCH}
CLEAN="yes"

# Bootsplash doesn't work with Xen
BOOTSPLASH="no"

# Force use of Xen-specific genkernel profile in /usr/share/genkernel/x86-xen0
ARCH_OVERRIDE="x86-xen0"

# Necessary if you previously encountered the "mdev not found" error
CLEAR_CPIO_CACHE="yes"
CLEAR_CACHE_DIR="yes"

Now run genkernel all to build and install your kernel and initrd. You might need extra arguments to genkernel if you're using EVMS, LVM, DMRAID or similar - refer to man genkernel.

When the menu configuration pops up, you'll want to:

  • Choose the proper Processor family (under Processor type and features).
  • Enable support for your particular hardware.
  • Disable support for hardware you don't own.
  • Choose to build backend (xen0) or frontend (xenU) drivers or both (multi-dom kernel).
  • Enable 802.1d Ethernet Bridging in your xen0 kernel if you wish to bridge the virtual interfaces from your domU kernel to your external network interface (this is the default).
  • Otherwise, you probably want to make sure that IP routing is enabled.
  • Xen-sources 2.6.16.49 or greater may fail to compile when SCTP is enabled; disable it if you're not going to use it.

If it still won't compile (happened for me on AMD64 with xen-sources-2.6.16.49) read this Bugreport: http://bugs.gentoo.org/show_bug.cgi?id=177142

You need to choose a good place to put the domU vmlinuz images. At the moment Xen can't boot from kernel images stored inside virtual machines, so you need to store them in dom0. I just put them in /boot/, but since they aren't necessary to boot dom0 you can put them anywhere.

Note: (hint) if you use the current genkernel, dont forget to unzip the initrd and copy vmlinuz from /usr/src/linux as kernel to /boot. genkernel still produces bzimage and gzipped initrd! /nemster 9/9/2007

[edit] Updating your boot loader

[edit] GRUB

The hypervisor is installed into /boot/xen.gz. It is booted in the same way as a kernel bzImage. Edit your GRUB config (you can just modify your old entry, replace kernel with module and add a kernel line pointing to xen.gz):

File: /boot/grub/grub.conf
title  Xen 3.0 / Linux 2.6.x.y
root   (hd0,0)
kernel /xen.gz dom0_mem=98M
module /vmlinuz-2.6.x.y-xen0 root=/dev/md2

The dom0_mem hypervisor option sets the amount of memory to be allocated to domain0 (in this case 98MB). In Xen 3.x the parameter may be specified with a B, K, M or G suffix, representing bytes, kilobytes, megabytes and gigabytes respectively; if no suffix is specified, the parameter defaults to kilobytes. Note: 98M lead to insufficient memory errors with 2.6.16.18

Note: For xen 3 the dom0_mem parameter may be omitted. In this case all memory is allocated to dom0, and then taken away when domU's are created. This is probably a better technique to use for xen 3

The module line is used to select the domain 0 kernel image you want the hypervisor to run, and to pass in options to the kernel command line.

If your domain 0 uses an initrd, you can load that by adding another module line (xen wont work with genkernel initrd images. You literally need to gunzip then gzip the initrd file again to get it to boot. This is because the default image has a few bytes of garbage beyond the end of the file). For example to boot a non-enforcing SELinux system with EVMS on the root disk then try:

File: /boot/grub/grub.conf
title  Xen 3.0 / Linux 2.6.12.6
root   (hd0,0)
kernel /xen.gz dom0_mem=98M
module /vmlinuz-x86-2.6.12.6-xen0 root=/dev/ram0 real_root=/dev/evms/sda5 udev doevms2 selinux=1 enabled=0
module /initramfs-genkernel-x86-2.6.12.6-xen.gz

[edit] Alternative: LILO

For those who use lilo, which does not support the "module" directive of grub, there is still a way of achieving the desired functionality. An utility called mbootpack has to be used, in order to glue together the xen hypervisor with the dom0 kernel and the initrd image.

Initially, the xen hypervisor and dom0 kernel images have to be decompressed:

gzip -dc /boot/xen-3.0.gz > /boot/xen-3.0 gzip -dc /boot/vmlinuz-2.6.x.y-xen0 > /boot/vmlinux-2.6.x.y-xen0

Afterwards, combine these two with the initrd image with the aid of mbootpack:

cd /boot mbootpack -o vmlinuz-2.6.x.y-xen0-mpack -m vmlinux-2.6.x.y-xen0 -m initrd-2.6.x.y-xen.img xen-3.0

You should now have a compatible bzImage containing the xen hypervisor, the xen dom0 kernel and the initrd. Lastly, update your lilo configuration by adding the appropriate entry:

File: /etc/lilo.conf
image=/boot/vmlinuz-2.6.x.y-xen0-mpack
   label=xen
   root=/dev/ram0
   append="dom0_mem=96M"

And lastly, don't forget to update the changes:

lilo

[edit] Alternative: PXELinux

Network booting (possibly with nfsroot file system) can ease setup and maintenance in some environments, such as a homogeneous cluster.

The Xen hypervisor and a domain 0 kernel can be booted using PXE. sys-boot/syslinux contains the PXELinux boot program; support for booting xen has been present since syslinux-3.08.

Follow the instructions in HOWTO Gentoo Diskless Install and Diskless Nodes with Gentoo to set up a boot server running dhcp and tftp.

You need to serve the following via tftp:

  • The Xen PXELinux binary, (Which will be installed to /usr/lib/syslinux/mboot.c32, if you emerge syslinux).
  • Xen hypervisor (xen.gz)
  • Your Xen domain 0 vmlinuz
  • initrd if you need to load modules

In your pxelinux config file add a single line like:

File: /diskless/pxelinux.cfg/default
DEFAULT mboot.c32 xen.gz dom0_mem=258048 --- vmlinuz-2.6.12.5-xen0 ro console=ttyS0 root=/dev/nfs --- initrd-2.6.12.5-xen0

The three dashes --- are important and used to seperate the different modules.

You can omit the --- initrd- bit if you aren't using a ram disk for modules. Also you can use a hard disk rather than nfsroot by changing the root= to point to a block device (eg. root=/dev/hda, or root=/dev/md2 for raid).

Configure the BIOS of your Xen host to boot from the network via PXE (this can be well hidden - on a Dell PowerEdge server I had to enable Onboard Devices -> NIC w/PXE and reboot before Network Controller appeared in the Boot Sequence menu).

On booting you should see the BIOS screen, followed by the PXE loader doing DHCP and fetching PXELinux, then PXELinux booting and fetching the hypervisor and kernel, then the hypervisor booting, and finally the kernel booting and mounting the nfsroot fs from the server. Phew!

[edit] Quick Build method

Based on:

  • xen-sources: linux-2.6.34-xen


  1. emerge -v gentoolkit
    • Getting the revdep-rebuild tool
  2. emerge -v xen
    • This should get you xen, xen-sources and xen-tools
  3. nano /etc/make.conf
    • add '-mno-tls-direct-seg-refs' to CFLAGS
    • According to a note higher up, this should only be needed on a 32 bit cpu.
  4. emerge -v world
  5. revdep-rebuild
  6. grub-install --no-floppy /dev/sda
  7. eselect kernel list
  8. eselect set (xen)
  9. ls -l /usr/src
    • linux should point to the xen source
  10. cd /usr/src/linux
  11. make rmproper
  12. mkdir -p ~/build/dom0 ~/build/domU
  13. make O=~/build/dom0 mrproper
  14. make O=~/build/dom0 menuconfig
  15. make O=~/build/dom0 && make O=~/build/dom0 modules_install
  16. cp ~/build/dom0/vmlinux /boot
  17. Update /boot/grub/menu.lst
    • See below.
  18. make O=~/build/domU mrproper
  19. make O=~/build/domU menuconfig
  20. make O=~/build/domU
  21. mkdir /var/xen/kernel
  22. cp ~/build/domU/vmlinux /var/xen/kernel/gentoo
  23. mkdir /var/xen/data
  24. edit /var/xen/data/gentoo
    • See below.
File: /boot/grub/menu.lst
default 1
timeout 10
splashimage=(hd0,0)/boot/grub/splash.xpm.gz

title Gentoo Linux 2.6.32-gentoo-r7
root (hd0,0)
kernel /boot/kernel-2.6.32-gentoo-r7 root=/dev/sda1

title Xen 3.4 / Gentoo Linux 2.6.x.y
root (hd0,0)
kernel /boot/xen.gz
module /boot/vmlinux root=/dev/sda1
Linux Kernel Configuration: DomU Configuration (as of 2.6.34-xen) 
 Processor type and features  --->  
    [*] Enable Xen compatible kernel

Bus options (PCI etc.)  --->
  [*] Xen PCI Frontend
  [ ] PCI Express support 
  < > PCCard (PCMCIA/CardBus) support  ---> 

Device Drivers  --->
  XEN  --->
    [ ] Privileged Guest (domain 0) (NEW) 
    < > Backend driver support (NEW) 
    <*> Block-device frontend driver (NEW) 
    <*> Network-device frontend driver (NEW)
    <M>   Network-device frontend driver acceleration for Solarflare NICs (NEW)
    <M> SCSI frontend driver (NEW)  
    <M> USB frontend driver (NEW)  
     [*]   Taking the HCD statistics (for debug) (NEW)   
     [ ]   HCD suspend/resume support (DO NOT USE) (NEW)  
     <*> Framebuffer-device frontend driver (NEW)  
     <*>   Keyboard-device frontend driver (NEW)
     [*] Disable serial port drivers (NEW)
     <*> Export Xen attributes in sysfs (NEW)
     (16) Number of guest devices (NEW) 
         Xen version compatibility (no compatibility code)  --->      
  Xen driver support  --->  
     [*] Scrub memory before freeing it to Xen (NEW) 
    <M> Xen /dev/xen/evtchn device (NEW)


File: /var/xen/data/gentoo
kernel = "/var/xen/kernel/gentoo"
memory = 512
name   = "gentoo"
#(Map the disk image to the virtual /dev/sda1)
disk   = ['phy:sda5,sda1,w']
root   = "/dev/sda1 ro"

[edit] Troubleshooting

[edit] Build

[edit] zconf.tab.c: No such file or directory

Fix: Run first: 

make O=~/build/dom0 mrproper

make O=~/build/dom0 menuconfig GEN /root/build/dom0/Makefile HOSTCC scripts/kconfig/zconf.tab.o gcc: /usr/src/linux-2.6.18-xen-r12/scripts/kconfig/zconf.tab.c: No such file or directory gcc: no input files make[2]: *** [scripts/kconfig/zconf.tab.o] Error 1 make[1]: *** [menuconfig] Error 2 make: *** [menuconfig] Error 2

[edit] Boot

[edit] root-nfs: no nfs server available giving up

Solution: go to a newer version of xen-sources.

linux-2.6.18-xen-r12 seems to not have support for SATA.

Retrieved from "http://en.gentoo-wiki.com/wiki/Xen"
Personal tools
In other languages