The Perfect Xen 3.0.1 Setup For Debian - Page 6

5 Create A Virtual Local Network From The Virtual Machines (Optional)

(This chapter is optional. What is described here works regardless of if you installed Xen 3 from the sources or the Xen binary.)

In this chapter I want to create a virtual network with my virtual machines, i.e. a network that is different from the network of dom0.

You can find a drawing of what I want to do here: http://wiki.xensource.com/xenwiki/XenNetworkingUsecase#head-7f23d0f2248cb0c70458f9339b4405e2b1bfc271

I did the same with Xen 2.0.7 here: http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6. However, the way to achieve this with Xen 3 has changed completely. Xen 3 configures all the firewall rules, gateways, etc. automatically. Furthermore, we don't need any dummy network interface anymore for our virtual network. It is important to know that Xen 3 assigns gateways from the 10.x.x.x net to our virtual machines, so it is a good idea to also assign IP addresses from the 10.x.x.x net to our virtual machines. If you give them IP addresses from the 192.168.3.x net (as we did with Xen 2.0.7 on http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6), then your virtual machines will have no access to the internet.

So we will give vm01 the IP address 10.0.0.1 and vm02 the IP address 10.0.0.2.

First we edit /etc/xen/xend-config.sxp and disable bridging and enable NAT (network address translation) instead:

vi /etc/xen/xend-config.sxp

#(network-script network-bridge)
#(vif-script vif-bridge)

(network-script network-nat)
(vif-script vif-nat)

Then we change the configuration files of vm01 and vm02:

/etc/xen/vm01-config.sxp:

vi /etc/xen/vm01-config.sxp

name="vm01"
kernel="/boot/vmlinuz-2.6.12.6-xenU"
root="/dev/hda1"
memory=128
disk=['file:/vserver/images/vm01.img,hda1,w','file:/vserver/images/vm01-swap.img,hda2,w']

vif=[ 'ip=10.0.0.1' ]
dhcp="off"
hostname="vm01.example.com"
ip="10.0.0.1"
netmask="255.0.0.0"
gateway="10.0.0.254"

extra="3"

/etc/xen/vm02-config.sxp:

vi /etc/xen/vm02-config.sxp

name="vm02"
kernel="/boot/vmlinuz-2.6.12.6-xenU"
root="/dev/hda1"
memory=64
disk=['file:/vserver/images/vm02.img,hda1,w','file:/vserver/images/vm02-swap.img,hda2,w']

vif=[ 'ip=10.0.0.2' ]
dhcp="off"
ip="10.0.0.2"
netmask="255.0.0.0"
gateway="10.0.0.254"
hostname="vm02.example.com"

extra="3"

Afterwards shut down vm01 and vm02:

xm shutdown vm01
xm shutdown vm02

Wait a few seconds and control with xm list that vm01 and vm02 have shut down. Then reboot the system:

shutdown -r now

If vm01 and vm02 aren't started automatically at boot time, start them now:

xm create /etc/xen/vm01-config.sxp
xm create /etc/xen/vm02-config.sxp

Now you should be able to ping vm02 from vm01 and vice versa, and you also be able to ping dom0 and hosts on the internet!

Now let's assume we have a web server on port 80 in vm01 and a mail server on port 25 in vm02. As they are in their own network (10.x.x.x), we cannot access them from the outside unless we forward these ports to the appropriate vm. We can create the necessary port forwarding rules on dom0 with the help of iptables:

iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.1:80
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 25 -j DNAT --to 10.0.0.2:25

If we connect to dom0 now on port 80, we are forwarded to vm01. The same goes for port 25 and vm02.

Of course, the forwarding rules are lost when we reboot dom0. Therefore we put the rules into /etc/network/if-up.d/iptables, which is executed automatically when the system boots:

vi /etc/network/if-up.d/iptables

#!/bin/sh

### Port Forwarding ###
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.1:80
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 25 -j DNAT --to 10.0.0.2:25

Now we have to make that script executable:

chmod 755 /etc/network/if-up.d/iptables

Whenever you need additional port forwarding rules, execute them on dom0's shell and then append them to /etc/network/if-up.d/iptables so that they are available even after a reboot.

Have fun!


Links

Xen: http://www.xensource.com/xen/

Debian: http://www.debian.org/

Share this page:

13 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-04-07 08:46:05

Good tutorial - like most here; thanks.

But a few questions remain open, like

1. Partitioning

For a shared production host, do you really think that one /vserver Partition is enough? And only *one* (well two, counting the swap) file per virtual machine? How about logfiles, fragmentation & all that stuff? I'd rather have a setup with separate *real* /usr, /var, /home etc. partitions for each virtual machine; not only performance-wise.

2. Memory

Since Xen3.0, should you really define an absolute memory size per virtual machine? Wouldn't it be far better to let Xen decide about that and dynamically allocate memory, maybe with a max-mem parameter?

3. Installation

To make all this work with for instance shared hosting, where you usually rent a box which you will never see, you should maybe expand this Howto with a debootstrap variant (and the right fixed IP) right from the start - otherwise you won't be able to access that box anymore after the first reboot.

But, like I said in the beginning: a nice tutorial - thanks again!

cheers,

wjl

From: Anonymous at: 2006-06-15 07:20:56

apt-get install python-dev

because xen does not compile without it

libsdl1.2-dev is also required for a graphical output of something but I cannot tell now about it (I should test)...

From: Anonymous at: 2006-06-15 08:42:24

apt-get install libgpmg1-dev is required also, because qemu fails with the test for static SDL library.

From: at: 2007-04-14 20:11:25

Maybe the title for this should be changed to be more specific.  Instead of "The Perfect Xen 3.0.1 Setup For Debian", how about "Install Xen from source on Debian Sarge".

In 2007 it's not normally necessary to download and compile Xen from source, although this might have been the way to go when this was written back in early 2006.

 

From: Anonymous at: 2006-07-31 18:47:40

I just installed the lastest version of Xen and there are a couple additional steps necessary (in at least some configurations).

Specifically, I needed to create an initrd that didn't use devfs.

How I did it; After step 3.1.1:

Install yaird from backports.org
     see http://www.backports.org/instructions.html for how to use backportd.org
      and http://www.backports.org/package.php?search=yaird for specifics of yaird

 

depmod 2.6.16-xen

 

yaird -o /boot/initrd.img-2.6.16-xen 2.6.16-xen

 

Then the /boot/grub/menu.lst should look like

title Xen 3.0 / XenLinux 2.6.12
kernel /xen.gz dom0_mem=64000
module /vmlinuz-2.6.12-xen0 root=/dev/hda6 ro console=tty0
module /initrd.img-2.6.16-xen

--
-billy- warnold@virginiainteractive.org

From: spetersons at: 2008-12-11 20:34:19

I was just using your tutorial and just though one small adjustment needs to be made just to update to xen-3.02. Here is the link I found  http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads/xen-3.0.2-install-x86_32.tgz everything else so far seems to be the same except needing to change the 1 to a 2 on each step that has xen-3.01.

From: Anonymous at: 2006-04-17 03:31:19

I got this tip from the how to at: http://mark.foster.cc/wiki/index.php/Xen_3.0.x_on_Debian_Sarge

That howto is a little less detailed than yours but is the only one I found that allows large memory systems which I figure are common in the Xen world.

Alternatively, if your box has 4GB or more RAM, you will want to enable PAE so the Xen kernel can see the extra memory. So replace the make world with

 make XEN_TARGET_X86_PAE=y world
and the make install with
 make XEN_TARGET_X86_PAE=y install

From: Anonymous at: 2006-06-06 19:24:49

dont forget install latex package to install xen docs.

bruno taranto

From: Anonymous at: 2006-04-03 19:07:10

If you get a warning like this: umount: /vserver/vm_base: device is busy don't worry about it, it's not important.

Are you sure? It at least means it hasn't been umounted. At least try
umount -l /vservrer/vm_base

or

umount -fl /vservrer/vm_base

but -f could be dangerous depending why it failed

If you want to know why the umount failed:

fuser -m /vserver/vm_base

to see which processes are using files on that mount point.

From: Anonymous at: 2006-04-26 10:51:50

it is because of the atd daemon. Maybe it is launched by base-config. You have to kill this daemon and then umount the filesystem. Then you can restart the daemon.

From: Anonymous at: 2006-05-02 16:58:36

When I run base-config I get the error:

Terminated

I resolved executing these commands:

mount -t proc proc /proc
cd /dev
./MAKEDEV generic

From: Anonymous at: 2006-06-08 23:27:18

Also need:

mount -t devpts none /dev/pts

From: Anonymous at: 2006-03-22 13:35:27

I prefer to use LVM2 for domU partitions, how about the others?