Configuring Gentoo with Xen

1.  Introduction

The Xen technology allows you to run multiple operating systems on a single physical system, govern resource consumption and even migrate domains (which are the virtual environments in which a guest operating system runs) from one Xen-powered system to another. Xen requires the host operating system to support Xen (which, in this case, will be a Linux kernel) but guest operating systems can run unmodified if your hardware supports Intel Virtualization Technology (VT-x) or AMD Virtualization Technology (SVM). Otherwise your guest operating systems must also support Xen.

This guide will talk you through the configuration steps necessary to get Xen up and running on Gentoo Linux. We will not discuss Xen itself (the Xen project has decent documentation available) nor will we talk about specialized setups that might be very interesting for Xen setups but are not Xen-related (like exporting Portage through NFS, booting Linux using PXE, etc.)

2.  Preparing Domain0

Introduction

Domain0 is the primary domain under Xen, hosting the host operating system which governs all other domains. In this chapter we will prepare an existing Gentoo installation to become the host operating system in this domain and build the Xen-powered kernel so that Gentoo is ready to host other Xen domains.

Rebuilding the Gentoo Installation?

A dramatic change that might be necessary is to rebuild the entire Gentoo installation with a different CFLAGS setting. Guest operating systems running under Xen might otherwise see major performance degradation. If you, however, are planning on checking out Xen rather than installing it for production use and are not terribly fond of rebuilding all programs, you can skip this step. In this case you will notice performance degradation but you will still be able to use Xen.

~# nano -w /etc/portage/make.conf
(Add -mno-tls-direct-seg-refs ONLY if you have a 32-bit dom0)
(You don't need this flag if you have a 64-bit dom0)
CFLAGS="-O2 -march=pentium4 -pipe -mno-tls-direct-seg-refs"

~# emerge -e world

If you boot your system using an initial ramdisk (initrd) you need to rebuild the initrd as well (which is best done by running all steps you would do when you rebuild your kernel).

Installing Xen

Xen actually contains many components, so you'll need to install a few packages.

~# emerge xen xen-tools gentoo-sources

Building the Kernel

Next we'll build the Linux kernel with Xen support. This kernel, whose sources are available at /usr/src/linux, will be our main running kernel (i.e. the one running domain 0). In the XEN section you'll find drivers for all kinds of input/output, each driver having a backend and frontend implementation available. For the domain 0 kernel you need to select the backend implementation: these are used by the other domains (who use the frontend drivers) to communicate directly with the hardware. However, you should be able to configure the kernel to provide support for both frontend (guest) and backend (host) drivers.

If you're wondering about networking: each interface in a domain has a point-to-point link to an interface on domain 0 (called vifX.Y where X is the domain number and Y the Yth interface of that domain), so you can configure your network the way you want (bridging, NAT, etc.)

Processor type and features  --->
    [*] Paravirtualized guest support --->
        [*] Xen guest support

Bus options (PCI etc.)  --->
    [*] Xen PCI Frontend

[*] Networking support --->
    Networking options  --->
        <*> 802.1d Ethernet Bridging
	[*] Network packet filtering framework (Netfilter) --->
	    [*] Advanced netfilter configuration
	        [*] Bridged IP/ARP packets filtering

Device Drivers --->
    [*] Block devices (NEW) --->
        <*> Xen block-device backend driver
    [*] Network device support --->
        <*> Xen backend network device
    Xen driver support --->
        [*] Xen memory balloon driver (NEW)
	[*]   Scrub pages before returning them to system (NEW)
	<*> Xen /dev/xen/evtchn device (NEW)
	[*] Backend driver support (NEW)
	<*> Xen filesystem (NEW)
	[*]   Create compatibility mount point /proc/xen (NEW)
	[*] Create xen entries under /sys/hypervisor (NEW)
	<M> userspace grant access device driver (NEW)
	<M> user-space grant reference allocator driver (NEW)
	<M> xen platform pci device driver (NEW)

The shown kernel configuration should allow the kernel image to boot both as a host as well as a guest. However, if you want to, you can slim down the guest image kernel considerably. Refer to the Xen documentation for more information.

Once the kernel is built you'll find the kernel image immediately in the build directory (not inside arch/ or any other directory) called vmlinuz. Copy it to /boot and then configure your bootloader to use the Xen hypervisor (one of the components installed previously) which is stored as /boot/xen.gz. In the bootloader configuration, add your newly built kernel as the kernel that Xen should boot. For instance, for GRUB:

title Xen Gentoo Linux 3.5
root (hd0,0)
kernel /boot/xen.gz
module /boot/kernel-3.5.x.y-xen0 root=/dev/sda3

Now reboot your system into Xen and check if you can do whatever you normally do on your system. If this is the case, you can edit your bootloader configuration to always boot into Xen.

3.  Creating an Unpriviledged Domain

Building the Kernel

Go to the Xen-powered Linux kernel source and, if necessary, update the configuration. It is wise to keep as many topics as possible similar to the main kernel. Then build the kernel and place the resulting vmlinuz file where you want (we assume this is /mnt/data/xen/kernel):

~# make O=~/build/domU
~# cp ~/build/domU/vmlinuz /mnt/data/xen/kernel/kernel-3.5.x.y-xen

Creating the Domain Disks

For best performance, it is best to dedicate a partition (or logical volume) to a domain rather than a file based filesystem. However, if you are going to use Xen primarily for tests using a file based filesystem does have its advantages (especially regarding maintenance).

You can create a file based filesystem using dd and mke2fs (or any other file system creation tool). For instance, to create a 4 Gbyte ext4 filesystem:

~# dd if=/dev/zero of=/mnt/data/xen/disks/ext4root.img bs=1M count=4096
~# mkfs.ext4 /mnt/data/xen/disks/ext4root.img

Configuring a Domain

Next we create a Xen configuration file for a domain. You can store these configuration files where you want, for instance at /mnt/data/xen/configs. As an example, we create a configuration file for a small Gentoo environment which uses the disk image we created previously:

~# nano -w /mnt/data/xen/configs/gentoo

kernel = "/mnt/data/xen/kernel/kernel-3.5.x.y-xen"
memory = 512
name   = "gentoo"
(Map the disk image to the virtual /dev/sda1)
disk   = ['file:/mnt/data/xen/disks/ext4root.img,sda1,w']
root   = "/dev/sda1 ro"

If you are using a block device (such as an lvm volume or partition) for the disk use 'phy:' instead of 'file:' and leave off /dev. For example:

(LVM Volume)
disk = [ 'phy:lvm/xen-guest-root,sda1,w' ]

(Physical Partition)
disk = [ 'phy:sdb6,sda1,w' ]

You can find example configuration files in /etc/xen.

Launching the New Domain

Now we're all set and we can launch the new domain. If the disk image contained an operating system, we could just create and attach the domain using the xl command:

~# xl create /mnt/data/xen/configs/gentoo -c

The domain would be booted inside the terminal in which you executed the command. However, in our case, the disk image is empty so the domain won't boot up in anything useful. To fix this, you can loop-mount the image and install Gentoo as you're used to.

If you want to disconnect from the domain, press Ctrl+]. You can always reconnect to the domains' console using xl console gentoo. However, there is only one console per domain, so only use it when you can't access the domain otherwise (for instance, through SSH).

4.  Networking on Unpriviledged Domains

Introduction

Xen works best when using a bridged mode network configuration. This means that your default network interface on the administrative domain becomes a bridge which accepts connections to the virtual domains as well as to the IP address your administrative domain has.

Bridged Interfaces

Create a bridge interface by creating a new link to the networking init script as provided by Gentoo:

# cd /etc/init.d
# ln -s net.lo net.br0

Next, edit /etc/conf.d/net and setup the bridge:

# nano -w /etc/conf.d/net

bridge_br0="eth0"
config_br0="192.168.1.200 netmask 255.255.255.0 brd 192.168.1.255"
routes_br0="default via 192.168.1.1"

Finally, install the net-misc/bridge-utils package, and make sure the net.br0 init script is loaded at boot.

# emerge net-misc/bridge-utils
# rc-update add net.br0 default

5.  Further Resources

Xen Documentation

• Official Xen documentation
• Xen Wiki

Xen Tools

• app-emulation/virt-manager is a graphical tool for administering virtual machines

The contents of this document, unless otherwise expressly stated, are licensed under the CC-BY-SA-2.5 license. The Gentoo Name and Logo Usage Guidelines apply.