From Telecomix Crypto Munitions Bureau
XEN is a paravirtualizer, meaning that the guests kernels will often need to be modified to run on it. Paravirtualizing is a tiny bit faster than ordinary virtualization.
This is for someone who wants to install xen 3 on an apt-friendly operating system such as Debian GNU/Linux.
- You need to modify your kernel
- aptitude install xen-..something xen-tools (For example: linux-image-X-xen-amd64 linux-modules-X-xen-amd6 xen-hypervisor-X-amd64 xen-shell xen-tools xen-utils-X xen-utils-common xenstore-utils. Replace all X with something sane.)
- if it fails, boot with your old kernel and fix the problem
- goto /etc/xen/ and edit the xen-config.cfg file
- it should say (network-script network-bridge) instead of (network-script network-dummy) if you want networking to exist.. READ THE COMMENTS for more info.
- You need to create a domU (= virtualized host, the operating system that runs on the real hardware is called dom0.)
- type "man xen-create-image" and read how the /etc/xen-tools/xen-tools.cfg file should be written. _you need to understand this_.
- edit your /etc/xen-tools/xen-tools.cfg file
- xen-create-image --hostname meh --ip 10.0.0.128 --gateway 10.0.0.1 --netmask 255.255.255.0 --broadcast 10.0.0.255 --memory 512M --passwd --size 10G -fs ext2
- ..will create a computer with hostname meh, ip 10.0.0.128, RAM=512M, hdd=10G with ext2 file system (read the man page for more info on how to tweak.)
- enter the root password when you are prompted for it
- goto /etc/xen/
- add extra = 'xencons=tty' to the bottom of /etc/xen/meh.cfg (meh is the hostname)
- xm create meh.cfg
- xm console meh
- install udev at the machine and reboot it ("aptitude install udev")
- Might need to echo "none /dev/pts devpts defaults 0 0" >> /etc/fstab also.
- ssh to it
(I guess I have missed something in some config file, going in afterwards and chaning stuff seems strange.)
Fixes for random problems i encountered..
 you want guests to start when the xen hosts boots up
Put symbolic links to the guests startup scripts in /etc/xen/auto/, you might need to create the directory.
ln -s /etc/xen/domU-name.cfg /etc/xen/auto/domU-name
 /dev/loop runs out after 4 virtual guests
in debian: create the file /etc/modprobe.d/local-loop if it does not exists, then add "options loop max_loop=256" to the bottom of the file. (lets hope it works, i have not restarted the xen host yet..... Edit: It did work XD)
to fix the problem without reboots, put this in a file and run it:
#!/bin/bash for ((i=8;i<255;i++)); do [ -e /dev/loop$i ] || mknod -m 0600 /dev/loop$i b 7 $i done
 terminal fuckup at login
IFF it fails because it complains about stty not existing, or something similiar:
- xm shutdown meh
- edit /etc/xen/meh.cfg, add extra = 'xencons=tty' to the bottom of the file.
- mount -o loop /path/to/your/disk/disk.img (default: /home/xen/domains/meh/disk.img)
- vim /mnt/etc/fstab
- add "none /dev/pts devpts defaults 0 0" to the file, without the "
- mkdir /dev/pts (sometimes the installer forgets to create this directory?)
- umount /mnt
- cd /etc/xen/; xm create meh.cfg; xm console meh
- xm console meh brings you inside the domU/guest..
- aptitude install udev (this is really important if you want ssh to work..)
- DONE. Now, you should be able to log into it with ssh too.
 Regular usage
- xm list --- shows what virtual machines are running
- xm shutdown meh --- shuts down machine meh
- xm destroy meh --- pulls the power plug for machine meh, shuts it down immediately
- xm create meh.cfg --- starts the machine described in ./meh.cfg (domU scripts are located in /etc/xen/, go there first.)
- xm console meh --- gives you a console to machine meh (detaching from that console is rather difficult. use ssh if you can.)
- xmtop --- lists virtual machines, their CPU-usage and networking info.
 Virtual networks
By default, xen does not provide any networking. By changing that as described above, all machines will be connected to a virtual ethernet bridge (ie. all guests are connected to a virtual switch inside your machine.)
 Default looks something like this
(Default does not look like this, but I assume that you changed to the configuration described above.. The real default is a desolate place, where only the host machine is connected to any network.)
peth0 <--> veth0 | +-- host machine | +-- virtual machine 0 | +-- virtual machine 1 | +-- virtual machine 2 | (etc)
All machines, including the host (dom0) is connected to the virtual bridge. But the host has control over peth0, veth0, and all the virtual machines interfaces, vifX.Y. (where X is machine ID and Y is its ethY that the guest will see. vif5.3 is virtual machine 5's eth3 interface, as seen by the host.)
 This is a real example from legion.
brctl is a program for handling OSI2-networking in linux. It shows the ASCII graph just above as seen from the host machine.
# brctl show bridge name bridge id STP enabled interfaces eth0 8000.0023545e6a18 no peth0 vif10.0 vif11.0 vif18.0 vif21.0 vif47.0 vif51.0 vif52.0 vif54.0 vif56.0
 Adding more virtual OSI2-networks
It is possible to set up NAT, routing and bridging networks with the default scripts. I have only tried bridging.. And when I open the script it is filled with very complex stuff. One almost has to master the program sed to know what it does, it seems.
I need to learn:
- moar sed (again!)
- brctl (omg, just found this program. can be used to create virtual bridges on the fly. bridges are used to handle OSI2-layer networking and operates on ethernet frames. like a switch. linux bridging supports STP, the spanning tree protocol, so it is compatible with other hardware equipment.)