Skip to content

Instantly share code, notes, and snippets.

@IronSavior

IronSavior/README.md

Last active September 5, 2018 21:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save IronSavior/e2676246df9c91a7381836cff4ad37d3 to your computer and use it in GitHub Desktop.
Save IronSavior/e2676246df9c91a7381836cff4ad37d3 to your computer and use it in GitHub Desktop.
Download ZIP
Xen Dom0 on Debian Stretch with VLAN (with and without Open vSwitch)
Raw
README.md

Xen Dom0 on Debian Stretch

Version 2018-01-17: Erik Elmore :octocat: erik@elmore.io

Install Dom0 System

Use the conventional Debian installer to install the base system. Disk layout:

  • 256M boot ext4. Needs to be big enough for all kernel versions and modules for guests
  • Rest of the disk to LVM2. Create logical volumes for:
    • root ext4 (8G-16G)
    • swap (optional, whatever size you like)

Install Xen and Dom0 Software

apt-get install xen-linux-system-amd64 xen-tools screen vim

Configure Xen

vim /etc/xen/xl.conf

Add or update these settings:

# If using OVS bridging and VLAN
vif.default.script="vif-openvswitch"
vif.default.bridge="ovsbr0"

# If using Linux bridging and VLAN
vif.default.script="vif-bridge"
vif.default.bridge="vlan3"

Configure Networks

  • 172.20.2.0/24 Infrastructure network on VLAN2
  • 172.20.3.0/24 DomU network on VLAN3

Clean up base network config

vim /etc/network/interfaces:

source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback

Dom0 network

vim /etc/network/interfaces.d/eth0:

auto eth0
iface eth1 inet manual

auto vlan2
iface vlan2 inet static
        bridge_ports eth0.2
        address 172.20.2.1
        netmask 255.255.255.0
        post-up bridge vlan del dev $IFACE vid 1 self
        post-up echo 1 >/sys/class/net/$IFACE/bridge/vlan_filtering

auto vlan3
iface vlan3 inet static
        bridge_ports eth0.3
        address 172.20.3.1
        netmask 255.255.255.0
        post-up bridge vlan del dev $IFACE vid 1 self
        post-up echo 1 >/sys/class/net/$IFACE/bridge/vlan_filtering

Guest Network via Open vSwitch Bridging and VLAN

⚠️ This is an alternative to using Linux bridging and VLAN.

Install Open vSwitch Software

apt-get install openvswitch-switch

Install fixed version of OVS ifupdown.sh

The ifupdown.sh script provided by openvswitch-switch depends on ifconfig, which won't be installed in this case.

ovs_path='/usr/share/openvswitch/scripts/ifupdown.sh'
uri='https://raw.githubusercontent.com/openvswitch/ovs/76c0528f/debian/ifupdown.sh'
dpkg-divert --add --rename --divert ${ovs_path}.dist $ovs_path
wget $uri -O $ovs_path
chmod 0755 $ovs_path

Install fixed version of OVS init script

The init script seems to create a deadlock caused by a recursive ifup command on the same interface, causing it to wait for a lock that never comes. Source

ovs_path='/etc/init.d/openvswitch-switch'
uri='https://raw.githubusercontent.com/openvswitch/ovs/69f7e92f/debian/openvswitch-switch.init'
dpkg-divert --add --rename --divert ${ovs_path}.dist $ovs_path
wget $uri -O $ovs_path
chmod 0755 $ovs_path

Configure OVS Bridge Interfaces

vim /etc/network/interfaces.d/ovsbr0:

allow-ovs ovsbr0
iface ovsbr0 inet manual
        ovs_type OVSBridge
        ovs_ports eth1 ivlan3

allow-ovsbr0 ivlan2
iface ivlan3 inet static
        ovs_type OVSIntPort
        ovs_bridge ovsbr0
        ovs_options tag=2
        address 172.20.2.1
        netmask 255.255.255.0

allow-ovsbr0 ivlan3
iface ivlan3 inet static
        ovs_type OVSIntPort
        ovs_bridge ovsbr0
        ovs_options tag=3
        address 172.20.3.1
        netmask 255.255.255.0

allow-ovsbr0 eth1
iface eth1 inet manual
        ovs_type OVSPort
        ovs_bridge ovsbr0

Guest Network via Linux Bridging and VLAN

⚠️ This is an alternative to using Open vSwitch bridging and VLAN

Install Linux VLAN Software

apt-get install vlan

Configure Linux Bridging and VLAN

vim /etc/network/interfaces.d/vlan3:

auto eth1
iface eth1 inet manual

auto vlan3
iface vlan3 inet static
        bridge_ports eth1.3
        address 172.20.3.1
        netmask 255.255.255.0
        # If it's really important to isolate VMs from the host (including from the vlan3 interface):
        post-up bridge vlan del dev $IFACE vid 1 self
        post-up echo 1 >/sys/class/net/$IFACE/bridge/vlan_filtering

Create DomU Virtual Machine(s)

Set Xen-Tools Defaults

Review the default DomU settings like LVM volume group, switch, and system resources.

vim /etc/xen-tools/xen-tools.conf

Bootstrap Guest System

xen-create-image \
  --hostname vm0 \
  --dist stretch \
  --ip 172.20.3.10 \
  --netmask 255.255.255.0

Review guest config

vim /etc/xen/vm0.cfg

# For OVS only, you may need to add ".3" to the bridge name.
vif = [ 'mac=XX:XX:XX:XX:XX:XX,bridge=ovsbr0.3' ]

# For Linux bridging, the bridge name should already be correct
vif = [ 'mac=XX:XX:XX:XX:XX:XX,bridge=vlan3' ]

Guest VM Controls

Boot VM

xl create /etc/xen/vm0.cfg

Connect to VM Console

xl console vm0

CTRL+] to disconnect console and return to Dom0 (does not log out of DomU)

Get VM Status

xl list

Notes

Fix network interface naming:

https://lists.debian.org/debian-user/2017/07/msg01453.html

@guhahn
Copy link

guhahn commented Sep 5, 2018

auto eth0 iface eth1 inet manual

should be:

auto eth0 iface eth0 inet manual

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment