As a part of Security in Cloud course of my master’s degree, I have configured and installed Xen hyper-visor in Ubuntu 12.04. Hence I thought to blog about it
Xen is an open-source hypervisor (The hypervisor presents the guest operating systems with a virtual operating platform) and manages the execution of the guest operating systems), which makes it possible to run many instances of an operating system or indeed different operating systems in parallel on a single machine or a host machine.
Now, you might think that why I have used Xen hypervisor instead of VirtualBox or VMWare? The answer to that question is simple: The difference between Xen and VirtualBox is their usage or application. VirtualBox is to be used as a desktop application. So VirtualBox expects you to have a host OS pre-installed in your machine (say: Linux, Windows or Mac). Where as Xen is quite opposite, It can be thought of as the host OS even though you wouldn’t use it like a desktop environment. In terms of performance, Xen will probably edge out VirtualBox as it is a bare-metal (runs directly on host’s hardware to control the hardware and to manage the guest OS machine) hypervisor since the host OS is for Xen is tuned more for virtualization tasks rather than desktop duties. Another advantage of Xen is that it uses QEMU (which is a machine emulator and virtualizer). When used as a virtualizer, QEMU achieves near native performances by executing the guest code directly on the host CPU (especially when it is run under Xen hypervisor).
We need to check whether our system supports Intel – VT / AMD -V hardware virtualization extensions for host CPU. All the latest Intel and AMD processors supports full virtualization. It may not be supported by some old Intel/AMD CPUs.
Use the following commands to verify whether hardware virtualization is enabled or not
(in a root shell for Intel machine)
# grep --color vmx /proc/cpuinfo
if the output is having vmx flags then your Intel CPU supports hardware virtualization.
(in a root shell for AMD machine)
# grep --color svm /proc/cpuinfo
if the output is having svm flags then your AMD CPU supports hardware virtualization.
Check your BIOS settings
Checking Xen kernel
By default, if you booted into Xen kernel it will not display svm or vmx flag using the grep command. To see if it is enabled or not from xen, enter:
$ cat /sys/hypervisor/properties/capabilities
You must see hvm flags in the output. If not reboot the box and set Virtualization in the BIOS.
I am installing xen hypervisor and virtual machine manager, which is a desktop application for managing VM’s and its supporting tools.
$ sudo apt-get install xen-hypervisor-4.1-amd64 xen-utils-4.1 xenwatch xen-tools xen-utils-common xenstore-utils virtinst virt-viewer virt-manager
Now, reboot to Xen kernel (a new entry will be visible in your grub)
$ sudo reboot
And verify installation has succeeded
$ sudo xm list Name ID Mem VCPUs State Time(s) Domain-0 0 945 1 r----- 11.3
/etc/xen/xend-config.sxp and add this line at the end of the document. To enable the UNIX domain socket server.
We need to start/restart the xend server in-order to apply the changes
$ sudo service xend start
Edit the bashrc file in your home directory to add this line. This will set a value to the environment variable
Reboot your machine and then verify for libvirt installation:
$ sudo virsh version Compiled against library: libvir 0.9.8 Using library: libvir 0.9.8 Using API: QEMU 0.9.8 Running hypervisor: QEMU 1.0.0
Lets start the virtual machine manager
$ sudo virt-manager
Lets a create a virtual instance now.
$ sudo mkdir /usr/lib64/xen -p $ sudo cp /usr/lib/xen-4.1/* -r /usr/lib64/xen/ $ sudo mkdir /usr/share/qemu $ sudo cp -r /usr/share/qemu-linaro/keymaps /usr/share/qemu/
The system thew errors as it was expecting files in the specified directories which was not present in my machine. What I did was – I made the specified directories and copied files from the real directories.
We’ve fixed all the issues regarding creating the virtual instance. Lets start creating a virtual instance. You can follow the below given steps to do so:
You can follow the following steps to create so:
From now on you should install the guest from the ISO as if you were installing it on real hardware:
Install the bridge-utils package:
$ sudo apt-get install bridge-utils
We are going to change the network configuration1. To do it properly, you should first stop networking2:
$ sudo invoke-rc.d networking stop
To setup a bridge interface, edit
/etc/network/interface to look something like this (it works for me!):
auto lo iface lo inet loopback auto br0 iface br0 inet dhcp
This will create a virtual interface br0.
Now restart network:
$ sudo /etc/init.d/networking restart
Bridge br0 to eth0
$ sudo brctl addif br0 eth0
And change the default bridge name to the one which you have created just now (“br0”).
You may not be able to ping to any machines from your ethernet interface, but you will be able to do the same using the br0 interface. This is because your ethernet’s IP is assigned to your bridge interface and ethernet interface is given a new IP. Run this command (the below given results was from my machine and it varies from network to network)
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.30.8.1 0.0.0.0 UG 0 0 0 br0 10.30.8.0 0.0.0.0 255.255.252.0 U 0 0 0 br0 10.30.8.0 0.0.0.0 255.255.252.0 U 1 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
And find the default gateway of your network.
$ sudo route add default gw YOUR_GATEWAY dev br0
This will add the default gateway and associates with previously configured br0.
After executing the above mentioned steps, you should get something like this for getting the correct results:
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.30.8.1 0.0.0.0 UG 0 0 0 br0 0.0.0.0 10.30.8.1 0.0.0.0 UG 0 0 0 eth0 10.30.8.0 0.0.0.0 255.255.252.0 U 0 0 0 br0 10.30.8.0 0.0.0.0 255.255.252.0 U 1 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Download the ISO image of any operating system (I used Ubuntu 12.04 32 bit version’s ISO)
Create a virtual disk of size 10 GB (9.8 G approximately)
$ dd if=/dev/zero of=new.img bs=1M count=10000
Create a guest config file ubuntu.cfg
builder = "hvm" name = "ubuntu-hvm" memory = "512" vcpus = 1 vif = ['bridge=br0'] disk = ['file:/media/linux_data/Ubuntu.img,sda,w','file:/media/linux_data/ubuntu-12.04-desktop-i386.iso,hdc:cdrom,r'] vnc = 1 boot="dc" vncdisplay = 7
Then you could create that virtual instance using this command:
$ xm create Ubuntu.cfg
In-order to run this virtual instance, you have to install xvncviewer, A VNC client lets you connect to a desktop that’s been shared..
$ sudo apt-get install xnc4viewer $ xvncviewer localhost:7
Now you can install the ubuntu 12.04 in your hypervisor and enjoy!