This article explains briefly how to move a native CentOS-4 installation into a paravirtualized Xen3 guest. The Xen3 host may be any OS - even NetBSD - but this HowTo assumes it to be a redhatish linux like RHEL5, CentOS-5 or FC6


This HowTo is experimental and not well tested, it just works for me. So if this breaks your system, don't blame, but mail me: centos-mail at nils dot toedtmann dot net.

Network setup, NFS root or X are beyond the scope of this article, RTFM:


Get prepared

If CentOS-4.5 is released: upgrade!

CentOS-4.4 is not really prepared for being a DomU. So if you find out that CentOS-4.5 is already released while you read this upgrade your CentOS-4. As you'll see, that makes things easier.


Install a RH based Domain-0 OS (FC6/RHEL5/CentOS-5 with the software group Virtualization) on the hardware containing the CentOS-4 you intend to virtualize. Boot that Dom0 and make sure the service xend is running.

Domain-U alignment

Blockdevice mapping

Let's assume your CentOS-4 installation ist called C4 and is installed on some blockdevices like /dev/mapper/VolGroup00-C4. You need to make some changes to the C4-tree, so mount it somewhere:

[root@dom0 ~]# mount /dev/mapper/VolGroup00-C4 /mnt
[root@dom0 ~]# mount /dev/whatever             /mnt/whereever
[root@dom0 ~]# mount -o bind /proc             /mnt/proc
[root@dom0 ~]# mount -o sys  /sys              /mnt/sys

If your C4 had a separate /boot partition ignore it, you can proceed with an empty /boot directory (you could even remove all kernel and grub rpm packages). Keep it if you plan to dual-boot the C4 natively and virtualized, otherwise abandon it. If you are unsure, copy it's contents:

[root@dom0 ~]# mount  /dev/hda1 /mnt2
[root@dom0 ~]# cp -a  /mnt2/* /mnt/boot
[root@dom0 ~]# umount /mnt2

Map your (old) native C4 blockdevices to (new) virtual SCSI-devices. Example:

mount point















Change C4's filesystem table /mnt/etc/fstab accordingly:

#obsolete   /boot       ext3    defaults   1 1
/dev/sda1   /           ext3    defaults   1 1
/dev/sda2   swap        swap    defaults   0 0
/dev/sda3   /whereever  ext3    defaults   1 1

DomU kernel

Read the notes on kernels below!

CentOS-4.5 only: Should be easy

[root@dom0 ~]# chroot /mnt yum install kernel-xenU

CentOS-4.4 only: fetch one of the experimental DomU kernels for RHEL4 or CentOS4, e.g.

[root@dom0 ~]# wget -P /mnt/tmp/ \
[root@dom0 ~]# chroot /mnt rpm -ivh /tmp/kernel-xenU-2.6.9-44.EL.i686.rpm

In any case you should generate an initial ramdisk - the rpm installation likes to forget xenblk.ko:

[root@dom0 ~]# chroot /mnt mkinitrd --preload xenblk \
               /boot/myinitrd-2.6.9-44.ELxenU.img 2.6.9-44.ELxenU


The grub-alike bootloader PyGrub will reside outside the DomU, it's part of Dom0's Xen3 distribution. It will read DomU's /mnt/boot/grub/menu.lst, so create it according to the DomU kernel you installed (mkdir -p /mnt/boot/grub if /mnt/boot is empty):

default         0
timeout         3
title           CentOS 4 (2.6.9-44.ELxenU)
  kernel        /boot/vmlinuz-2.6.9-44.ELxenU root=/dev/sda1 ro 3
  initrd        /boot/myinitrd-2.6.9-44.ELxenU.img


CentOS-4.4 on i386/x86_32 only: Replace some libraries with their Xen-friendly versions from Xensource. Find out which libs you have installed and their arch-flavour

[root@dom0 ~]# chroot /mnt rpm -q --qf "%{name} %{arch}\n" \
  glibc{{,-debuginfo}{,-common},-devel,-headers,-profile,-utils} nptl-devel nscd

and replace them. For example

[root@dom0 ~]# wget -P /mnt/tmp/ \
[root@dom0 ~]# wget -P /mnt/tmp/ \ 
[root@dom0 ~]# chroot /mnt rpm -Fvh /tmp/*rpm

Warning: Unfortunately, Xensource does not provide a Yum repository. Do if there are CentOS updates for glibc, a yum update will overwirte the Xen friendly versions, resulting in a slower system. Some software (like OpenLDAP, Cyrus-IMAPd) may even break!


(Maybe applicable to CentOS-4.4 only) The Xen-Console will work on the DomU's /dev/console, so you should have a getty on it in /mnt/etc/inittab:

# Run gettys in standard runlevels
0:2345:respawn:/sbin/mingetty --noclear console
1:2345:respawn:/sbin/mingetty tty1


The driver for the DomU's ethX will be xennet.ko, so adjust your DomU's /mnt/etc/modprobe.conf:

alias eth0 xennet

(Maybe CentOS-4.4 only) Some DomU-kernels (like the above experimental ones) have a bug in their xennet driver and mess up TCP and UDP checksums. You can avoid running into that by disabling TX checksumming on the ethX devices. Create an executable shell script /mnt/sbin/ifup-local:

ethtool -K ${1} tx off


You may chroot in your C4 and do some personal custumization (e.g. setup networking in /etc/sysconfig/network{,-scripts/ifcfg-eth*}):

[root@dom0 ~]# chroot /mnt
$ ... do some interesting stuff here ...
$ exit
[root@dom0 ~]#

If your are done, unmount your C4:

[root@dom0 ~]# umount /mnt/{sys,proc,whereever,} 

Boot it!

Create a Xen configuration file /etc/xen/C4

name       = 'C4'
bootloader = '/usr/bin/pygrub'
memory     = 128
vif        = [ '' ]
disk       = [ 'phy:mapper/VolGroup00-C4,sda1,w',
               'phy:whatever,sda3,w' ]

and boot it:

[root@dom0 ~]# xm create -c C4

If your DomU uses SELinux you have to restore the contexts of the files you replaced or created since the last (native) boot:

[root@C4 ~]# setenforce 0
[root@C4 ~]# restorecon -v -R /etc
[root@C4 ~]# restorecon -v -R /boot
[root@C4 ~]# restorecon -v /sbin/ifup-local
[root@C4 ~]# fixfiles -R kernel-xenU,glibc,glibc-common,... relabel
[root@C4 ~]# reboot

If you don't remember which files have broken context let instead CentOS relabel the hole system:

[root@C4 ~]# touch /.autorelabel
[root@C4 ~]# reboot


Kernel & hypervisor

Your paravirtualized DomU-Kernel must be able to run on your Xen3 hypervisor. The hypervisor ABI for Xen3 is not really stable yet, but since Xen-3.0.2 there is a backward compatibility mode most hypervisors and kernels know. But there are still three incompatible types of hypervisors, and a paravirtualized DomU-kernel must match this type:

Look at the first value (xen-3.0-*) in Dom0's /sys/hypervisor/properties/capabilities to find out the type of your Hypervisor/Dom0 combo. The binary 32bit hypervisors and kernels you get from Fedora/RH/CentOS have PAE, those from Cambridge or XenSource have not. (sure? verify!)

Kernel & bootloader

The advantage of using PyGrub is that kernel, LKMs and initrd are completly maintained inside the DomU. Upgrading the kernel just needs a rpm -i or (CentOS-4.5) yum update in DomU.

If you want move the control over kernel selection to Dom0, copy kernel and initrd to Dom0

[root@dom0 ~]# cp /mnt/boot/vmlinuz-2.6.9-44.ELxenU       /boot
[root@dom0 ~]# cp /mnt/boot/myinitrd-2.6.9-44.ELxenU.img  /boot

and replace the bootloader option in the Xen config file /etc/xen/C4 with

kernel  = "/boot/vmlinuz-2.6.9-44.ELxenU"
root    = "/dev/sda1 ro"
extra   = "3"
ramdisk = "/boot/myinitrd-2.6.9-44.ELxenU.img"

But having kernel and initrd in Dom0 but LKMs in DomU is not very upgrade friendly.

If you run a bunch of lean "appliance"-DomUs which need the same set of kernel features, and if Dom0 does all the GNBD/RAID/LVM/DM work (see below, Blockdevices) you should consider building a static kernel with builtin xenblk and xennet: No initrd, no LKMs, kernel for all DomUs is kept in one place.


(to be done)


As blockdevices are often layered, you have multiple options how to map them into the DomU. Let's assume there are two harddrives (hda, hdc), two partitions bundled to a Raid1 (hda3+hdc4=md0) which contains the DomU's rootfs on a LVM-volume (VolGroup00-C4).

disk = [ 'phy:hda,sda,w', 'phy:hdc,sdb,w' ]

disk = [ 'phy:hda3,sda1,w', 'phy:hdc4,sdb1,w' ]

disk = [ 'phy:md0,sda1,w' ]

disk = [ 'phy:mapper/VolGroup00-C4,sda1,w' ]

I prefer the latter, doing all GNBD/LVM/Raid/DM stuff in Domain-0. Keep in mind that a blockdevice mapped to a DomU cannot be used by any other domain!


If you don't like xend messing up your Dom0's network settings, edit Dom0's /etc/xen/xend-config.sxp, the key options are network-script and vif-script.

I prefer setting up my own bridges using /etc/sysconfig/network-scripts/brX, adjusting /etc/xen/xend-config.sxp to a mixed "routed bridges" setup:

(network-script network-route)
(vif-script vif-bridge)

and putting

vif = [ 'bridge=brX' ]

into xen's DomU-configs. So the guests get bundled via bridges, and the Dom0 routes these bridges to the outside world.


There are several options:

X forwarding

You can run X apps via SSH X-forwarding:

[alice@client ~]# ssh -X domU-hostname xterm

If that's enough for you, there is no need for a X or display manager running on the DomU.

Virtual framebuffer

(to be done)


(to be done)


(to be done)

GDM + remote X

(to be done)


Assume DomU's user alice wants to run a Xvnc server. She should set herself a VNC password

[alice@domU ~]# vncpasswd

DomU's admin configures that VNC server in /etc/sysconfig/vncservers

VNCSERVERARGS[1]="-geometry 800x600"

and starts it

[root@domU ~]# /etc/init.d/vncserver restart

Now Alice can connect from outside to her VNC server:

[alice@client ~]# vncviewer domU-hostname:5901

Document Roadmap

HowTos/Xen/MoveNative2DomU (last edited 2008-10-01 19:34:13 by RussHerrold)