XEN // Debian & Ubuntu dom0 hosts

Deploy

lsb_release -a

apt update

# debian
apt install xen-linux-system-amd64

# ubuntu
apt install xen-system-amd64 bridge-utils vlan
apt install linux-image-extra-virtual
# linux-image-virtual
ls -lh /vmlinuz
ls -lh /boot/vmlinuz # goes generic

#apt install qemu
dpkg -l | grep qemu
dpkg -l | grep grub-xen

ls -lh /boot/xen*
ln -sf boot/xen-4.16-amd64.gz /xen.gz

on Ubuntu, XEN is set up as default already

#grub-install /dev/sda
#update-grub
ls -l /etc/default/grub.d/xen.cfg
grep default= /boot/grub/grub.cfg
grep 'menuentry ' /boot/grub/grub.cfg

on Debian, this might be required (setting up a higher boot priority for XEN)

#dpkg-divert --divert /etc/grub.d/08_linux_xen --rename /etc/grub.d/20_linux_xen
update-grub

casual serial console will be gone and will become hvc0

systemctl disable serial-getty@ttyS0

Network setup

see network-ubuntu

Allow NetBSD guests and switch to Debian network scripts

cp -i /etc/default/grub.d/xen.cfg /etc/default/grub.d/xen.cfg.dist
vi /etc/default/grub.d/xen.cfg

GRUB_CMDLINE_XEN="pv-linear-pt=true"

update-grub
grep linear /boot/grub/grub.cfg

and disable save/restore, which breaks NetBSD guests

systemctl stop xendomains.service
systemctl disable xendomains.service

Ready to go

shutdown -r now

and check once rebooted

cat /proc/cmdline
dmesg | grep xen
xl dmesg
xl info | grep xen_commandline
xl list

Operations

status

systemctl list-unit-files | grep xen
ls -lhF /etc/init.d/xen*
systemctl status xen.service
systemctl status xend.service
systemctl status xendomains.service
systemctl status xenstored.service

restart all

systemctl stop xen.service
systemctl stop xenstored.service
systemctl start xenstored.service
systemctl start xen.service

Resources

Xen Security Advisory CVE-2017-15595 / XSA-240 https://xenbits.xen.org/xsa/advisory-240.txt

Xen https://help.ubuntu.com/community/Xen

Xen https://wiki.debian.org/Xen

Trash

#GRUB_HIDDEN_TIMEOUT=0
#GRUB_HIDDEN_TIMEOUT_QUIET=true

Linux Bridge with Netplan

tested on artful/17.10

cp -pi /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.dist
vi /etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
   NIC1:
    dhcp4: no
    dhcp6: no
   NIC2:
    dhcp4: no
    dhcp6: no
  bridges:
   pubbr0:
    interfaces:
     - NIC2
    dhcp4: no
    dhcp6: no
   xenbr0:
    interfaces:
     - NIC1
    dhcp4: no
    dhcp6: no
    addresses:
     - x.x.x.x/xx
    gateway4: x.x.x.x

   # parameters:
   #  stp: no
   #  forward-delay: 0

vi /etc/rc.local

echo -n bringing up the public bridge...
ifconfig pubbr0 up && echo done

dpkg -l | grep ifupdown #should be empty
dpkg -l | grep netscript #should be empty
#systemctl restart systemd-networkd.service
netplan generate
netplan apply
ping -c1 opendns.com

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5
Copyright © 2022 Pierre-Philipp Braun