Preparing the Xen host

Install a Debian System on the real hardware. We used the latest release of Debian etch.

For some reason, grub would not boot from hard disc on our test system. As this isn't about grub installation, we worked around the issue by booting from a grub floppy. Booting our system was done using the following grub commands:

root (hd2,5)
kernel /boot/vmlinuz-2.6.18-4-486 root=/dev/hde6 ro
initrd /boot/initrd.img-2.6.18-4-486
boot

For running Linux as a Xen Dom0 instead of on the bare hardware, we had to install a few Debian packages:

aptitude install xen-linux-system-2.6.18-6-xen-686

aptitude automatically picked the following packages for this virtual pacakge:

• bridge-utils
• iproute
• libc6-xen
• linux-image-2.6.18-6-xen-686
• linux-modules-2.6.18-6-xen-686
• xen-hypervisor-3.0.3-1-i386-pae
• xen-utils-3.0.3-1

For creating the Xen guest system you probably want to install the xen-tools package as well.

Next we had to adjust the xend configuration file /etc/xen/xend-config.sxp to enable the network bridge:

xend-config.sxp

@@ -68 +68 @@
 #
 # use
 #
-# (network-script network-bridge)
+(network-script network-bridge)
 #
 # Your default ethernet device is used as the outgoing interface, by default.
 # To use a different one (e.g. eth1) use

Booting this system is done with the following grub commands (which you would write into the file boot/grub/menu.lst if grub would boot from hard disc):

root (hd2,5)
kernel /boot/xen-3.0.3-1-i386-pae.gz
module /boot/vmlinuz-2.6.18-6-xen-686 root=/dev/hde6 ro
module /boot/initrd.img-2.6.18-6-xen-686
boot

Creating a Xen guest

We used the xen-tools for creating the guest, so you need to configure xen-tools first. We changed the xen-tools.conf file as follows - note especially, that the pre-configured distribution is indeed "sarge" while we expected "etch":

xen-tools.conf

@@ -24 +24 @@
 # hostnames.
 # 
 ##
-# dir = /home/xen
+dir = /var/local/xenguests
 #
 
 #
@@ -61 +61 @@
 ##
 # 
 # copy = /path/to/pristine/image
-# debootstrap = 1
+debootstrap = 1
 # rpmstrap = 1
 # tar = /path/to/img.tar
 #
@@ -95 +95 @@
 swap   = 128Mb    # Swap size
 # noswap = 1      # Don't use swap at all for the new system.
 fs     = ext3     # use the EXT3 filesystem for the disk image.
-dist   = sarge    # Default distribution to install.
+dist   = etch     # Default distribution to install.
 image  = sparse   # Specify sparse vs. full disk images.
 
 #
@@ -142 +142 @@
 # Uncomment the following line if you wish to interactively setup
 # a new root password for images.
 #
-# passwd = 1
+passwd = 1
 
 #
 # If you'd like all accounts on your host system which are not present
@@ -154 +154 @@
 #
 # Default kernel and ramdisk to use for the virtual servers
 #
-kernel = /boot/vmlinuz-2.6.16-2-xen-686
-initrd = /boot/initrd.img-2.6.16-2-xen-686
+kernel = /boot/vmlinuz-2.6.18-6-xen-686
+initrd = /boot/initrd.img-2.6.18-6-xen-686
 
 #
 #  The architecture to use when using debootstrap or rpmstrap.
@@ -170 +170 @@
 # The default mirror for debootstrap which can be used to install
 # Debian Sid, Sarge, and Etch.
 #
-mirror = http://ftp.us.debian.org/debian/
+mirror = http://ftp2.de.debian.org/debian/
 
 #
 # A mirror suitable for use when installing the Dapper release of Ubuntu.
@@ -181 +181 @@
 #  Uncomment if you wish newly created images to boot once they've been
 # created.
 #
-# boot = 1
+boot = 1

On our test system, we configured the path /var/local/xenguests for our guest images, so a Xen guest image can now be created with the following shell commands:

mkdir -p /var/local/xenguests
xen-create-image --ip=192.168.1.100 --netmask=255.255.255.0 --gateway=192.168.1.1 --hostname=vm01.local</pre>

Creation is logged in /var/log/xen-tools/vm01.local.log in this case, containing the same messages that are output interactively.

Beware: xen-create-image does not currently check if the Xen images folder exists. If you forgot to create it, the script will create the image in a temporary folder, only to delete it afterwards.

After the guest image has been created, you will be asked for a new root password for that system. After defining the root password, the system should report success with the message All done. The virtual machine should be startet automatically at that point.

If everything went okay, you can now login to the new machine with ssh (ssh -l root 192.168.1.100).

Adding OpenVZ support to the kernel of the Xen guest

For our installation, we used the following OpenVZ kernel:

Repository-URL	git://git.openvz.org/pub/linux-2.6.24-openvz
Last commit	b9f72ff552da04eb5f741f0a7d81c24affa5ce55
Date	Thu Apr 10 18:35:29 2008 +0400
Configuration	Use this .config file

If you have git installed, you can reproduce this exact kernel source with the commands

git clone git://git.openvz.org/pub/linux-2.6.24-openvz
cd linux-2.6.24-openvz/
git checkout b9f72ff552da04eb5f741f0a7d81c24affa5ce55

After building the kernel, we copied the file vmlinux from the kernel build to /boot/vmlinux-2.6.24-openvz om the Xen Dom0. To activate the new kernel, we change its configuration file /etc/xen/vm01.local.cfg as follows:

vm01.local.cfg

@@ -7 +7 @@
 #
 #  Kernel + memory size
 #
-kernel  = '/boot/vmlinuz-2.6.18-6-xen-686'
-ramdisk = '/boot/initrd.img-2.6.18-6-xen-686'
+kernel = '/boot/vmlinux-2.6.24-openvz'
+extra = 'console=hvc0'
+# kernel  = '/boot/vmlinuz-2.6.18-6-xen-686'
+# ramdisk = '/boot/initrd.img-2.6.18-6-xen-686'
 
 memory  = '128'
 
@@ -16 +18 @@
 #
 #  Disk device(s).
 #
-root    = '/dev/sda1 ro'
+root    = '/dev/xvda1 ro'
 
 disk    = [ 'file:/var/local/xenguests/domains/vm01.local/disk.img,sda1,w', 'file:/var/local/xenguests/domains/vm01.local/swap.img,sda2,w' ]

These changes are explained as follows:

• Select the new kernel by changing the kernel=... assignment.
• The option extra = 'console=hvc0' tells Xen to pass console=hvc0 to the kernel. This sets the console to the hypervisor virtual console 0, so that the Xen hypervisor can intercept it. The original Xen patch did this automatically when running in a Xen environment, but this did not make in into the vanilla kernel pv_ops implementation.
• The root setting needs changing as well. With the vanilla kernel, Xen disks are supported via a Xen virtual disk driver (xvda1 means Xen virtual disk A, partition 1).

Inside the Xen guest, we need to install the OpenVZ userspace tools (aptitude install vzctl vzquota) and the modules of the new kernel. After that, we can safely stop the guest and start it again to load the new kernel:

xm shutdown vm01.local
xm create /etc/xen/vm01.local.cfg

Creating an OpenVZ guest

Creating a guest is really easy when using a template. We used the Debian 4.0 minimal installation provided by OpenVZ. Run inside the Xen guest:

cd /var/lib/vz/template/cache
wget http://download.openvz.org/template/precreated/debian-4.0-i386-minimal.tar.gz
vzctl create 500 --ostemplate debian-4.0-i386-minimal
vzctl start 500

Beware: The Debian image used here contains a flaw in the OpenSSL implementation making ssh and anything else using SSL insecure. You absolutely have to upgrade the virtual machine after installation (see below). This is a good practice anyway.

We use wget here to download the precreated Debian 4.0 image into the template cache (needed only for the first OpenVZ guest). The vzctl commands are for creating the Debian installation (which will go into /var/lib/vz/private/500) and for starting the OpenVZ guest respectively. As you can see, the command names are not consistent between Xen and OpenVZ...

You should now be able to enter into the OpenVZ guest with the following command:

vzctl enter 500

Networking for the OpenVZ guest

You can assign a (private) IP to the OpenVZ guest with the following command (inside the Xen guest/OpenVZ host):

vzctl set 500 --ipadd 10.0.1.1 --save

This will output a note that you need to enter the following command to enable proxy-arp (which will make the new IP available on the Xen bridge), which you should probably do:

sysctl -w net.ipv4.conf.eth0.proxy_arp=1

Now you should be able to ping the OpenVZ guest from the OpenVZ host (ping 10.0.1.1).