Setting up a XEN host with Debian/Ubuntu

tested on Ubuntu/amd64 16.04, 17.04, 17.10, 18.04

Deploy

lsb_release -a
apt install xen-system-amd64
#debian: xen-linux-system-amd64
#apt install qemu
dpkg -l | grep qemu
dpkg -l | grep grub-xen

on Ubuntu, XEN is set up as default already,

#grub-install /dev/sda
#update-grub
ls -l /etc/default/grub.d/xen.cfg
grep default= /boot/grub/grub.cfg
grep 'menuentry ' /boot/grub/grub.cfg

on Debian, this might be required (setting up a higher boot priority for XEN),

#dpkg-divert --divert /etc/grub.d/08_linux_xen --rename /etc/grub.d/20_linux_xen
update-grub

Linux Bridge

apt install bridge-utils

clean-up

mv -i /etc/xen/xend-config.sxp /etc/xen/xend-config.sxp.dist
sed '/^#/d; /^$/d' /etc/xen/xend-config.sxp.dist > /etc/xen/xend-config.sxp

on the old XEND, define a decent bridge name (otherwise it is eth0 by default…)

vi /etc/xen/xend-config.sxp

(network-script 'network-bridge netdev=xenbr0')

now deal with the newer XL (also see networking)

cp -i /etc/xen/xl.conf /etc/xen/xl.conf.dist
vi /etc/xen/xl.conf

#autoballoon="auto"
vif.default.bridge="xenbr0"
vif.default.script="vif-bridge"

Back to the old school

systemctl status NetworkManager
#systemctl stop NetworkManager
#systemctl disable NetworkManager

make sure Debian network scripts are in place

apt install ifupdown
systemctl status networking | grep enabled

ifconfig -a
mv -i /etc/network/interfaces /etc/network/interfaces.dist
vi /etc/network/interfaces

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

auto xenbr0
iface xenbr0 inet static
    address x.x.x.x/xx
    gateway x.x.x.x
    bridge_ports enp1s0
    #bridge_fd 0
    #bridge_stp off
    #hwaddress ether xx:xx:xx:xx:xx:xx
    #bridge_maxwait 0

auto dummybr0
iface dummybr0 inet static
    address x.x.x.x/xx
    bridge_ports none

Allow NetBSD guests and switch to Debian network scripts

cp -i /etc/default/grub.d/xen.cfg /etc/default/grub.d/xen.cfg.dist
vi /etc/default/grub.d/xen.cfg

GRUB_CMDLINE_XEN="pv-linear-pt=true"

update-grub
grep linear /boot/grub/grub.cfg

and disable save/restore, which breaks NetBSD guests

systemctl stop xendomains.service
systemctl disable xendomains.service

Ready to go

shutdown -r now

and check once rebooted

cat /proc/cmdline
dmesg | grep xen
xl dmesg
xl info | grep xen_commandline
xl list

Operations

status

systemctl list-unit-files | grep xen
ls -lhF /etc/init.d/xen*
systemctl status xen.service
systemctl status xend.service
systemctl status xendomains.service
systemctl status xenstored.service

restart all

systemctl stop xen.service
systemctl stop xenstored.service
systemctl start xenstored.service
systemctl start xen.service

Resources

Xen Security Advisory CVE-2017-15595 / XSA-240 https://xenbits.xen.org/xsa/advisory-240.txt

Xen https://help.ubuntu.com/community/Xen

Xen https://wiki.debian.org/Xen

Trash

#GRUB_HIDDEN_TIMEOUT=0
#GRUB_HIDDEN_TIMEOUT_QUIET=true

Linux Bridge with Netplan

tested on artful/17.10

cp -pi /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.dist
vi /etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
   NIC1:
    dhcp4: no
    dhcp6: no
   NIC2:
    dhcp4: no
    dhcp6: no
  bridges:
   pubbr0:
    interfaces:
     - NIC2
    dhcp4: no
    dhcp6: no
   xenbr0:
    interfaces:
     - NIC1
    dhcp4: no
    dhcp6: no
    addresses:
     - x.x.x.x/xx
    gateway4: x.x.x.x

   # parameters:
   #  stp: no
   #  forward-delay: 0

vi /etc/rc.local

echo -n bringing up the public bridge...
ifconfig pubbr0 up && echo done

dpkg -l | grep ifupdown #should be empty
dpkg -l | grep netscript #should be empty
#systemctl restart systemd-networkd.service
netplan generate
netplan apply
ping -c1 opendns.com

---

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml