#
mv /etc/grub.d/20_linux_xen /etc/grub.d/09_linux_xen
#
update-grub
xen-create-image
command, which largely automates the task. The only mandatory parameter is --hostname
, giving a name to the domU; other options are important, but they can be stored in the /etc/xen-tools/xen-tools.conf
configuration file, and their absence from the command line doesn't trigger an error. It is therefore important to either check the contents of this file before creating images, or to use extra parameters in the xen-create-image
invocation. Important parameters of note include the following:
--memory
, to specify the amount of RAM dedicated to the newly created system;
--size
and --swap
, to define the size of the “virtual disks” available to the domU;
--debootstrap
, to cause the new system to be installed with debootstrap
; in that case, the --dist
option will also most often be used (with a distribution name such as squeeze).
--dhcp
states that the domU's network configuration should be obtained by DHCP while --ip
allows defining a static IP address.
--dir
option, is to create one file on the dom0 for each device the domU should be provided. For systems using LVM, the alternative is to use the --lvm
option, followed by the name of a volume group; xen-create-image
will then create a new logical volume inside that group, and this logical volume will be made available to the domU as a hard disk drive.
#
xen-create-image --hostname=testxen
General Information -------------------- Hostname : testxen Distribution : squeeze Mirror : http://ftp.us.debian.org/debian/ Partitions : swap 128Mb (swap) / 4Gb (ext3) Image type : sparse Memory size : 128Mb Kernel path : /boot/vmlinuz-2.6.32-5-xen-686 Initrd path : /boot/initrd.img-2.6.32-5-xen-686 [...] Logfile produced at: /var/log/xen-tools/testxen.log Installation Summary --------------------- Hostname : testxen Distribution : squeeze IP-Address(es) : dynamic RSA Fingerprint : 25:6b:6b:c7:84:03:9e:8b:82:da:84:c0:08:cd:29:94 Root Password : 52emxRmM
vif*
, veth*
, peth*
and xenbr0
. The Xen hypervisor arranges them in whichever layout has been defined, under the control of the user-space tools. Since the NAT and routing models are only adapted to particular cases, we will only address the bridging model.
xend
daemon is configured to integrate virtual network interfaces into any pre-existing network bridge (with xenbr0
taking precedence if several such bridges exist). We must therefore set up a bridge in /etc/network/interfaces
(which requires installing the bridge-utils package, which is why the xen-utils-4.0 package recommends it) to replace the existing eth0 entry:
auto xenbr0 iface xenbr0 inet dhcp bridge_ports eth0 bridge_maxwait 0
xm
command. This command allows different manipulations on the domains, including listing them and, starting/stopping them.
#
xm list
Name ID Mem VCPUs State Time(s) Domain-0 0 940 1 r----- 3896.9 #
xm create testxen.cfg
Using config file "/etc/xen/testxen.cfg". Started domain testxen (id=1) #
xm list
Name ID Mem VCPUs State Time(s) Domain-0 0 873 1 r----- 3917.1 testxen 1 128 1 -b---- 3.7
testxen
domU uses real memory taken from the RAM that would otherwise be available to the dom0, not simulated memory. Care should therefore be taken, when building a server meant to host Xen instances, to provision the physical RAM accordingly.
hvc0
console, with the xm console
command:
#
xm console testxen
[...] Starting enhanced syslogd: rsyslogd. Starting periodic command scheduler: cron. Starting OpenBSD Secure Shell server: sshd. Debian GNU/Linux 6.0 testxen hvc0 testxen login:
xm pause
and xm unpause
commands. Note that even though a paused domU does not use any processor power, its allocated memory is still in use. It may be interesting to consider the xm save
and xm restore
commands: saving a domU frees the resources that were previously used by this domU, including RAM. When restored (or unpaused, for that matter), a domU doesn't even notice anything beyond the passage of time. If a domU was running when the dom0 is shut down, the packaged scripts automatically save the domU, and restore it on the next boot. This will of course involve the standard inconvenience incurred when hibernating a laptop computer, for instance; in particular, if the domU is suspended for too long, network connections may expire. Note also that Xen is so far incompatible with a large part of ACPI power management, which precludes suspending the host (dom0) system.
shutdown
command) or from the dom0, with xm shutdown
or xm reboot
.
init
process, and the resulting set looks very much like a virtual machine. The official name for such a setup is a “container” (hence the LXC moniker: LinuX Containers), but a rather important difference with “real” virtual machines such as provided by Xen or KVM is that there's no second kernel; the container uses the very same kernel as the host system. This has both pros and cons: advantages include the total lack of overhead and therefore performance costs, and the fact that the kernel has a global vision of all the processes running on the system, so the scheduling can be more efficient than it would be if two independent kernels were to schedule different task sets. Chief among the inconveniences is the impossibility to run a different kernel in a container (whether a different Linux version or a different operating system altogether).
/sys/fs/cgroup
. The /etc/fstab
should therefore include the following entry:
# /etc/fstab: static file system information. [...] cgroup /sys/fs/cgroup cgroup defaults 0 0
/sys/fs/cgroup
will then be mounted automatically at boot time; if no immediate reboot is planned, the filesystem should be manually mounted with mount /sys/fs/cgroup
.
/etc/network/interfaces
, moving the configuration for the physical interface (for instance eth0
) to a bridge interface (usually br0
), and configuring the link between them. For instance, if the network interface configuration file initially contains entries such as the following:
auto eth0 iface eth0 inet dhcp
#auto eth0 #iface eth0 inet dhcp auto br0 iface br0 inet dhcp bridge-ports eth0
eth0
as well as the interfaces defined for the containers.
/etc/network/interfaces
file then becomes:
# Interface eth0 is unchanged auto eth0 iface eth0 inet dhcp # Virtual interface auto tap0 iface tap0 inet manual vde2-switch -t tap0 # Bridge for containers auto br0 iface br0 inet static bridge-ports tap0 address 10.0.0.1 netmask 255.255.255.0
br0
interface.
root@scouzmir:~#
mkdir /var/lib/lxc/testlxc/
root@scouzmir:~#
/usr/lib/lxc/templates/lxc-debian -p /var/lib/lxc/testlxc/
debootstrap is /usr/sbin/debootstrap Checking cache download in /var/cache/lxc/debian/rootfs-i386 ... Downloading debian minimal ... I: Retrieving Release I: Retrieving Packages [...] Removing any system startup links for /etc/init.d/hwclockfirst.sh ... /etc/rcS.d/S08hwclockfirst.sh Root password is 'root', please change ! root@scouzmir:~#
/var/cache/lxc
, then moved to its destination directory. This allows creating identical containers much more quickly, since only copying is then required.
lxc-debian
command as shipped in Squeeze unfortunately creates a Lenny system, and not a Squeeze system as one could expect. This problem can be worked around by simply installing a newer version of the package (starting from 0.7.3-1).
/var/lib/lxc/testlxc/rootfs/etc/network/interfaces
file will need some modifications; more important, though, is that the network interface that the container sees must not be the host's physical interface. This can be configured by adding a few lxc.network.*
entries to the container's configuration file, /var/lib/lxc/testlxc/config
:
lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 4a:49:43:49:79:20
br0
bridge on the host; and that its MAC address will be as specified. Should this last entry be missing or disabled, a random MAC address will be generated.
root@scouzmir:~#
lxc-start --name=testlxc
INIT: version 2.86 booting Activating swap...done. Cleaning up ifupdown.... Checking file systems...fsck 1.41.3 (12-Oct-2008) done. Setting kernel variables (/etc/sysctl.conf)...done. Mounting local filesystems...done. Activating swapfile swap...done. Setting up networking.... Configuring network interfaces...Internet Systems Consortium DHCP Client V3.1.1 Copyright 2004-2008 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/52:54:00:99:01:01 Sending on LPF/eth0/52:54:00:99:01:01 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 DHCPOFFER from 192.168.1.2 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.2 bound to 192.168.1.243 -- renewal in 1392 seconds. done. INIT: Entering runlevel: 3 Starting OpenBSD Secure Shell server: sshd. Debian GNU/Linux 5.0 scouzmir console scouzmir login:
root
Password: Linux scouzmir 2.6.32-5-686 #1 SMP Tue Mar 8 21:36:00 UTC 2011 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. scouzmir:~#
ps auxwf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 1984 680 ? Ss 08:44 0:00 init [3] root 197 0.0 0.1 2064 364 ? Ss 08:44 0:00 dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclien root 286 0.1 0.4 2496 1256 console Ss 08:44 0:00 /bin/login -- root 291 0.7 0.5 2768 1504 console S 08:46 0:00 \_ -bash root 296 0.0 0.3 2300 876 console R+ 08:46 0:00 \_ ps auxwf root 287 0.0 0.2 1652 560 tty1 Ss+ 08:44 0:00 /sbin/getty 38400 tty1 linux root 288 0.0 0.2 1652 560 tty2 Ss+ 08:44 0:00 /sbin/getty 38400 tty2 linux root 289 0.0 0.2 1652 556 tty3 Ss+ 08:44 0:00 /sbin/getty 38400 tty3 linux root 290 0.0 0.2 1652 560 tty4 Ss+ 08:44 0:00 /sbin/getty 38400 tty4 linux scouzmir:~#
/var/lib/lxc/testlxc/rootfs
), in which root's password is initially set to root
.
lxc-start
with the --daemon
option. We can then interrupt the container with a command such as lxc-kill --name=testlxc
.
/etc/default/lxc
, is relatively straightforward; note that the container configuration files need to be stored in /etc/lxc/
; many users may prefer symbolic links, such as can be created with ln -s /var/lib/lxc/testlxc/config /etc/lxc/testlxc.config
.
qemu-*
commands: it's still about KVM.
/proc/cpuinfo
.
virtual-manager
is a graphical interface that uses libvirt to create and manage virtual machines.
apt-get install qemu-kvm libvirt-bin virtinst virt-manager virt-viewer
. libvirt-bin provides the libvirtd
daemon, which allows (potentially remote) management of the virtual machines running of the host, and starts the required VMs when the host boots. In addition, this package provides the virsh
command-line tool, which allows controlling the libvirtd
-managed machines.
virt-install
, which allows creating virtual machines from the command line. Finally, virt-viewer allows accessing a VM's graphical console.
eth0
physical interface and a br0
bridge, and that the former is connected to the latter.
/var/lib/libvirt/images/
) is fine.
#
virsh pool-create-as srv-kvm dir --target /srv/kvm
virt-install
's most important options. This command registers the virtual machine and its parameters in libvirtd, then starts it so that its installation can proceed.
#
virt-install --connect qemu:///system --virt-type kvm --name testkvm --ram 1024 --disk /srv/kvm/testkvm.qcow,format=qcow2,size=10 --cdrom /srv/isos/debian-6.0.0-amd64-DVD-1.iso --network bridge=br0 --vnc --os-type linux --os-variant debiansqueeze
Starting install... Allocating 'testkvm.qcow' | 10 GB 00:00 Creating domain... | 0 B 00:00 Cannot open display: Run 'virt-viewer --help' to see a full list of available command line options. Domain installation still in progress. You can reconnect to the console to complete the installation process.
The --connect option specifies the “hypervisor” to use. Its form is that of an URL containing a virtualization system (xen:// , qemu:// , lxc:// , openvz:// , vbox:// , and so on) and the machine that should host the VM (this can be left empty in the case of the local host). In addition to that, and in the QEMU/KVM case, each user can manage virtual machines working with restricted permissions, and the URL path allows differentiating “system” machines (/system ) from others (/session ).
| |
Since KVM is managed the same way as QEMU, the --virt-type kvm allows specifying the use of KVM even though the URL looks like QEMU.
| |
The --name option defines a (unique) name for the virtual machine.
| |
The --ram option allows specifying the amount of RAM (in MB) to allocate for the virtual machine.
| |
The --disk specifies the location of the image file that is to represent our virtual machine's hard disk; that file is created, unless present, with a size (in GB) specified by the size parameter. The format parameter allows choosing among several ways of storing the image file. The default format (raw ) is a single file exactly matching the disk's size and contents. We picked a more advanced format here, that is specific to QEMU and allows starting with a small file that only grows when the virtual machine starts actually using space.
| |
The --cdrom option is used to indicate where to find the optical disk to use for installation. The path can be either a local path for an ISO file, an URL where the file can be obtained, or the device file of a physical CD-ROM drive (i.e. /dev/cdrom ).
| |
The --network specifies how the virtual network card integrates in the host's network configuration. The default behavior (which we explicitly forced in our example) is to integrate it into any pre-existing network bridge. If no such bridge exists, the virtual machine will only reach the physical network through NAT, so it gets an address in a private subnet range (192.168.122.0/24).
| |
--vnc states that the graphical console should be made available using VNC. The default behavior for the associated VNC server is to only listen on the local interface; if the VNC client is to be run on a different host, establishing the connection will require setting up an SSH tunnel (see Section 9.2.2.3, “Creating Encrypted Tunnels with Port Forwarding”). Alternatively, the --vnclisten=0.0.0.0 can be used so that the VNC server is accessible from all interfaces; note that if you do that, you really should design your firewall accordingly.
| |
The --os-type and --os-variant options allow optimizing a few parameters of the virtual machine, based on some of the known features of the operating system mentioned there.
|
virt-viewer
can be run from any graphical environment to open the graphical console (note that the root password of the remote host is asked twice because the operation requires 2 SSH connections):
$
virt-viewer --connect qemu+ssh://root@
server
/system testkvmroot@server's password: root@server's password:
libvirtd
for the list of the virtual machines it manages:
#
virsh -c qemu:///system list --all Id Name State ---------------------------------- - testkvm shut off
#
virsh -c qemu:///system start testkvm
Domain testkvm started
vncviewer
):
#
virsh -c qemu:///system vncdisplay testkvm
:0
virsh
subcommands include:
reboot
to restart a virtual machine;
shutdown
to trigger a clean shutdown;
destroy
, to stop it brutally;
suspend
to pause it;
resume
to unpause it;
autostart
to enable (or disable, with the --disable
option) starting the virtual machine automatically when the host starts;
undefine
to remove all traces of the virtual machine from libvirtd
.