Creating and installing a CentOS 5 domU instance
Note: This write-up is of a general nature for each successive point release of CentOS 5, and is not tied to or specific for any particular 'point' respin of CentOS in the 5 series. Setup and usage of KVM is covered elsewhere.
This howto describes how you can create a CentOS 5 Xen domU instance, without using virt-manager, or its console variant virt-install. Usually, instances require more customization than these tools provide, so it is often better to make instances using the tools that lie underneath. The last section of this howto describes how you can perform the same steps with virsh, a generic tool for management of virtualized domains.
This howto assumes that Xen is already installed, and that CentOS is running as dom0 (the privileged administrative domain). Put simply, this can be done by installing the xen and kernel-xen packages, and booting the Xen flavor of the kernel. The matter is covered in careful detail in the Virtualization Guide
Besides that this howto currently assumes that a disk image file will be used to hold the domU disk. Though, using a physical partition or volume should be trivial.
To clear up some terminology that is often confusing to new Xen users: dom0 is the privileged administrative domain of which only one can run. domU is an unprivileged domain, of which many can run at the same time. Although it is an incorrect analogy, it often helps to think of dom0 as the host system, and domU as a guest system.
2. Creating an image
The first step is to create an image that will hold the domU virtual disk. Since this can just be a raw zero-filled file, our usual friend dd becomes handy. In this howto we will put images in /srv/xen, although the semi-officially sanctioned location seems to be /var/lib/xen/images. If you would like to allocate disk blocks as the file grows, you can create a file with a hole. The following command will create a /srv/xen/mailserver.img file of 2048MB, although the actual data blocks are allocated in a lazy fashion:
# dd if=/dev/zero of=/srv/xen/mailserver.img oflag=direct bs=1M seek=2047 count=1
If you want to reserve all the data blocks right away, you can also do that:
# dd if=/dev/zero of=/srv/xen/mailserver.img oflag=direct bs=1M count=2048
This will avoid data block allocation problems if the volume that holds the image is full.
If you are using SELinux, it is important to check that the image has the correct security context (xen_image_t), or access to the virtual disk will be denied to the domU system. You can check this with ls:
# ls -Z /srv/xen/mailserver.img -rw-r--r-- root root user_u:object_r:xen_image_t /srv/xen/mailserver.img
If you are having trouble setting the right file context, please have a look at the Xen tips and tricks page. At any rate, turning off SELinux, as some howtos on this subject advise is a very poor workaround. Reading two manual pages (semanage(8) and restorecon(8)), for an extra layer of security is a good trade!
3. Preparing a Xen configuration file for the installation
Xen uses a configuration file per domain. The configuration for the domain will be slightly different during the installation, because we have to provide installation kernels, and possibly some boot parameters. You will need an domU installation initrd image and kernel. Depending on the machine architecture, both can be downloaded from:
You can put them in some sensible directory, and rename them appropriately. In this example, the kernel and initrd image will be named /boot/vmlinuz-xen-install and /boot/initrd-xen-install respectively.
With the images in place, you can create the installation configuration file, named /etc/xen/mailserver here:
kernel = "/boot/vmlinuz-xen-install" ramdisk = "/boot/initrd-xen-install" extra = "text ks=http://localserver/minimal-ks.cfg" name = "mailserver" memory = "256" disk = [ 'tap:aio:/srv/xen/mailserver.img,xvda,w', ] vif = [ 'bridge=xenbr0', ] vcpus=1 on_reboot = 'destroy' on_crash = 'destroy'
You may want to tune some of the parameters, like the amount of memory that is dedicated to the domU, or the name of the bridge, if you will be using a different bridge for this domU. Besides that, this configuration file uses a kickstart file to perform the installation automatically. Remove the ks=http://localserver/minimal-ks.cfg stanza if you would like to do an interactive installation. This example also explicitly uses a text installation - it is possible to do a graphical installation with a VNC viewer. But in my experience a text installation is much more comfortable, because you can attach a (text) console to the domain at any time, allowing you to use or watch Anaconda directly.
4. Example kickstart file
For reference, this is an example kickstart file. If you want to use it, you *should* modify it for your specific situation (and at the very least modify the root password). This kickstart file makes a very minimal installation, which is handy if you would like to make copies of an image to deploy new instances rapidly.
install url --url http://mirror.centos.org/centos/5/os/i386 lang en_US.UTF-8 network --device eth0 --bootproto dhcp # Bogus password, change to something sensible! rootpw bogus firewall --enabled --port= authconfig --enableshadow --enablemd5 selinux --enforcing −−port=22:tcp timezone --utc Europe/Amsterdam bootloader --location=mbr --driveorder=xvda --append="console=xvc0" reboot # Partitioning clearpart --all --initlabel --drives=xvda part /boot --fstype ext3 --size=100 --ondisk=xvda part pv.2 --size=0 --grow --ondisk=xvda volgroup VolGroup00 --pesize=32768 pv.2 logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=256 --grow --maxsize=512 %packages @core
5. Starting the installation
With the installation configuration set up, you can launch the domU instance:
# xm create mailserver
If you configured this domU correctly, the installation will happily start. If you chose to do a manual installation, or would like to see kickstart in action, you can attach a console to the domU:
# xm console mailserver
After the installation, the domU will be rebooted and destroyed (since that is the default action for reboots, we will change that later).
6. Post-install configuration
Now that the installation is finished, this can be a good time to make a copy of the instance image to use as a template. At this point the SSH keys are not generated yet, making it easier to give each instance a unique set of SSH keys.
The installation configuration should now be modified for non-install use. This is the modified configuration:
name = "mailserver" memory = "256" disk = [ 'tap:aio:/srv/xen/mailserver.img,xvda,w', ] vif = [ 'bridge=xenbr0', ] bootloader="/usr/bin/pygrub" vcpus=1 on_reboot = 'restart' on_crash = 'restart'
As you can see, this new configuration is not using the kernel and initrd images anymore. Instead, it is using pygrub as a bootloader. pygrub will try to look for a partition holding a filesystem that contains the GRUB configuration in the virtual disk image. If a GRUB configuration was found, this will be used to boot a kernel. This is very handy, because this will allow you to use/manage kernels in the domU. If yum update pulls in a security updated kernel in the domU, it will automatically be used during the next boot of the domain.
Another change is that we have changed how to handle crashes and reboots. You'll usually want to reboot a domain if a crash or reboot occurs.
With this configuration in place, you can test this domain:
# xm create mailserver
If you have installed SSH, you can log in to that domain through SSH, or you can use the Xen console:
# xm console mailserver
You can now administrate the domain as a usual CentOS machine. You can shut down the domain with:
# xm shutdown mailserver
For more information on the options that xm provides, please refer to the xm manual page.
7. Automatically starting domains
If you would like a domain to start automatically when the (dom0) system is started, move the domain configuration to the /etc/xen/auto directory. For instance:
# mv /etc/xen/mailserver /etc/xen/auto
This will also shut down the domain properly when the system is shut down.
8. Using virsh/libvirt
The libvirt library is being developed to provide an abstraction API for the various virtual machine technology that is out there. An older version of libvirt that supports Xen is included in CentOS 5. Newer versions also provide abstraction for KVM and qemu.
libvirt can be used from the shell with the virsh command. This command can be used to manage domains in a comparable fashion to xm. The domain creation and shutdown commands are the most important commands in the context of this article:
virsh create FILE virsh shutdown domain-name/id/uuid
libvirt uses XML descriptions for domains. The format of these domain descriptions is covered on the libvirt website. To get you started, here are the domain descriptions for respectively the installation configuration:
<domain type='xen'> <name>mailserver</name> <os> <type>linux</type> <kernel>/boot/vmlinuz-xen-install</kernel> <initrd>/boot/initrd-xen-install</initrd> <cmdline>text ks=http://localserver/minimal-ks.cfg</cmdline> </os> <memory>262144</memory> <vcpu>1</vcpu> <on_poweroff>destroy</on_poweroff> <on_reboot>destroy</on_reboot> <on_crash>destroy</on_crash> <devices> <interface type='bridge'> <source bridge='xenbr0'/> <script path='vif-bridge'/> </interface> <disk type='file' device='disk'> <driver name='tap' type='aio'/> <source file='/srv/xen/mailserver.img'/> <target dev='xvda'/> </disk> <console tty='/dev/pts/1'/> </devices> </domain>
and the run-time configuration:
<domain type='xen'> <name>mailserver</name> <bootloader>/usr/bin/pygrub</bootloader> <os> <type>linux</type> </os> <memory>262144</memory> <vcpu>1</vcpu> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <interface type='bridge'> <source bridge='xenbr0'/> <script path='vif-bridge'/> </interface> <disk type='file' device='disk'> <driver name='tap' type='aio'/> <source file='/srv/xen/mailserver.img'/> <target dev='xvda'/> </disk> <console tty='/dev/pts/1'/> </devices> </domain>
Suppose that these configuration files are named /srv/xen/mailserver.xml, you can create and shutdown the domain with:
# virsh create /srv/xen/mailserver.xml # virsh shutdown mailserver
9. See also
Other pages referring to the topic of xen virtualizationin this wiki include:
Xen Environment, including setting the SELinux security context
SELinux security booleans generally
The broader topic of Virtualization on CentOS generally