Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Copyright 2016 by Assured Information Security, Inc. Created by Martin Osterloh <osterlohm@ainfosec.com>. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.

This section highlights how to install the current LibXL (plus associated XL binary) in OpenXT and how to use it. 

Installation of LibXL and XL

Firstly, we will make sure that LibXL and its associated binary will be compiled as part of the xen-tools package. In order to do so, we edit the file build/repos/xenclient-oe/recipes-extended/xen/xen-tools.bb  to contain:

oe_runmake -C tools subdir-all-libaio
oe_runmake -C tools subdir-all-blktap2
oe_runmake -C tools subdir-all-libxl

within the function do_compile() and 

oe_runmake -C tools subdir-install-blktap2
oe_runmake -C tools subdir-install-libxl

within the function do_install(). This will compile and install the necessary libraries and binaries to use LibXL. Next step is ensuring that the previously used blktap library is no longer in use. There are four recipes that reference the blktap library. They are:  

Removing the occurences of blktap (and making sure that xen-tools is listed) will guarantee that Xen's blktap library is being used from now on.

The interface is the new blktap library has slightly changed, so we need to make a few changes to the install scripts to accommodate for the changes.

In the xenclient-installer directory, edit the file:

part2/stages/Functions/install-main 

and replace tap-ctl destroy calls with:

tap-ctl destroy -p $UIVM_GCONF_DEV_PID -m $UIVM_GCONF_DEV_TRUNC >&2

The complete source can be found on my github page.

Once the installer is edited, we can make a new build via 

./do_build.sh -s dom0,installer,installer2,ship.

You will notice that uivm will not come up. That is because our blktap binary still works with the old blktap library interface. We can circumvent that particular problem by moving /usr/sbin/tap-ctl to /usr/sbin/tap-ctl.bak and instead, pasting the following wrapper as /usr/sbin/tap-ctl 

#!/bin/ash

if echo $@ | grep "create" > /dev/null 2>/dev/null; then
tmp="`echo $@ | sed 's/-R//'`"
/usr/sbin/tap-ctl.bak $tmp
elif echo $@ | grep "destroy" > /dev/null 2>/dev/null; then
MINOR=`echo $@ | sed -e 's/\(^.*\)\(.$\)/\2/'`
PID=$(/usr/sbin/tap-ctl.bak list -m ${MINOR} | grep "pid=" | awk '{print $1}' | sed -r 's/^.{4}//')
/usr/sbin/tap-ctl.bak destroy -p $PID -m $MINOR
else
/usr/sbin/tap-ctl.bak $@
fi

At this point, we need to make modifications to the running OpenXT system to allow XL to operate. In particular, we need to disable flask in /boot/system/grub/grub.cfg. After a reboot, we can proceed to paste the following into /usr/lib/xen/bin/qemu-system-i386:

#!/bin/bash
DOMID=`cat /tmp/domid`
let "NEWID=$DOMID+1"
echo "$NEWID" > /tmp/domid
/usr/bin/qemu-system-i386 -xen-domid $DOMID -nodefaults -name qemu-3.0 -machine xenfv,max-ram-below-4g=0xf0000000 -m 1024 -vga std -display surfman -drive file=/dev/xen/blktap-2/tapdev0,if=ide,index=0,media=disk,format=raw,readonly=off

Make sure that /tmp/domid exists and starts with a "1". A sample config file for a Win7 HVM guest can be:

builder = "hvm"
name = "Win7x64"
uuid = "8d85049a-9bdd-11e2-9e91-18037322eba8"
memory = 1024
vcpus = 1
disk = [ '/dev/xen/blktap-2/tapdev0,raw,xvda,rw' ]
vnc = 1
videoram = 16

 Note that the disk has to be a tap device since our QEMU does not understand VHDs. XL should now be able to create a domain and at least start the guest. 

 

02/11/2016: Ross has put all of the above in one bash script. It is located on the filer. 

Final Note On Getting VMs up and running using XL

Using the qemu wrapper supplied below, xl is able to start a Debian 7.8 64bit guest successfully including networking. 

#!/bin/bash
DOMID=`cat /tmp/domid`
XL_QMP_PATH="/var/run/xen/qmp-libxl-"
XL_QMP_PATH="$XL_QMP_PATH$DOMID"
let "NEWID=$DOMID+1"
echo "$NEWID" > /tmp/domid
/usr/bin/qemu-system-i386 -xen-domid $DOMID -nodefaults -name qemu-3.0 -machine xenfv,max-ram-below-4g=0xf0000000 -m 1024 -vga std -display surfman -device xenmou -drive file=/dev/xen/blktap-2/tapdev0,if=ide,index=0,media=disk,format=raw,readonly=off -chardev socket,id=libxl-cmd,path=$XL_QMP_PATH,server,nowait -qmp unix:$XL_QMP_PATH,server,nowait -serial tcp:192.168.2.105:3535 -net tap,vlan=0,ifname=tap0,script=/root/qemu-ifup -vnc :0

Of course, the IP for serial out will depend on your network topology. Note, that QMP (Qemu Machine Protocol) is now being used. This requires the directory /var/run/xen/ to be writable (that is where the socket lives). There are, however, a few quirks associated in this process. Namely, they are:

Final config file for Debian 7.8 64 bit HVM:

Debian.78HVM

 

Debian.78HVM
builder = "hvm"
name = "Debian"
uuid = "7c85049a-9bdd-11e2-9e91-18037322eb44"
memory = 1024
vcpus = 1
disk = ['/dev/xen/blktap-2/tapdev0,raw,xvda,rw']
videoram = 16
vif = [ "bridge=xenbr0,script=vif-bridge" ]

Please note that the script in /etc/xen/scripts has to be slightly modified to allow proper VIF usage. It is part of the xl script that Ross has provided. In short: line 119 looks now like 

dev=`echo ${dev} | sed 's/....$//'` #truncate the last 4 characters (-emu) from the dev name to allow proper handling later on

  • No labels