Hi,
what is the proposed way to create domU guests on centos 6.5? At first
I tried to follow the documentation on the xen project website which
recommends using xl. I created a config file and ended up with getting
a message that the kernel is not bootable when trying to create a guest.
I also had to stop some daemon (xend?) because it said that xl isn`t
compatible with it and the daemon must be stopped first.
Then I followed redhat documentation which suggests to use virt-manager
--- which doesn`t work because servers don`t have GUIs. So I finally
managed to create a guest with virt-install. I can start and stop the
guest (which is also running centos), though I don`t think this is the
right way to create one.
So how exactly are you supposed to create guests?
Now I can`t get the networking to work. I`ve been reading lots of
documentation and still don`t understand how that is supposed to work.
As far as I understand, you get three different network interfaces:
dom0: a bridge (virbr0)
dom0: a virtual network interface (vifN.X)
domU: a virtual network interface which doesn`t appear to be virtual to
domU
And dom0 keeps it`s own network interface(s), like eth0, which is a
physical one.
Is vifN.X the same as eth0 in domU? Or what is it for? If it`s the
same, is it supposed to have the same IP on both sides?
How do I make it so that domU has network access (beyond dom0)? How
does this network stuff work? Do the virtual devices have to be in
different subnets? When they are not, the network becomes reachable via
multiple interfaces, and I`m guessing that either packet loops may be
created or some paths might be disabled by STP.
Do I have to set up shorewall (or the like) on dom0 to be able to handle
network access for guests? Would I need to create a bridge for every
guest to be able to handle them separately for firewalling purposes
because otherwise packets circumvent firewall rules by directly going
over the bridge? If so, why are bridges needed?
I would understand doing things like adding those guests that are
visible to the LAN only to the same bridge to have them all reachable
likewise. When doing that, it would seem to make sense to use a
different subnet for guests in the DMZ.
All the documentation tells you many different things, none of them work
and it`s totally confusing. Is there any /good/ documentation
somewhere?
--
Knowledge is volatile and fluid. Software is power.
On Sun, Jun 1, 2014 at 8:45 PM, lee <lee at yun.yagibdah.de> wrote:> Hi, > > what is the proposed way to create domU guests on centos 6.5? At first > I tried to follow the documentation on the xen project website which > recommends using xl. I created a config file and ended up with getting > a message that the kernel is not bootable when trying to create a guest. > I also had to stop some daemon (xend?) because it said that xl isn`t > compatible with it and the daemon must be stopped first. > > Then I followed redhat documentation which suggests to use virt-manager > --- which doesn`t work because servers don`t have GUIs. So I finally > managed to create a guest with virt-install. I can start and stop the > guest (which is also running centos), though I don`t think this is the > right way to create one. > > So how exactly are you supposed to create guests?Servers *can* have GUI's. Even if you don't want to install the full Gnome/KDE/display manager toolkits, it's possible to set up enough to run X based applications form another host. And virt-manager can be run from a client, with authenticated access to the libvirt server, though I've generally not done that. If you don't want to bother with that, you'll need to learn 'virsh', which is the actual tool that libvirt uses to do almost everything.> Now I can`t get the networking to work. I`ve been reading lots of > documentation and still don`t understand how that is supposed to work. > As far as I understand, you get three different network interfaces: > > > dom0: a bridge (virbr0) > dom0: a virtual network interface (vifN.X) > domU: a virtual network interface which doesn`t appear to be virtual to > domU[Xen specific network questions skipped, I've not been using Xen lately]> Do I have to set up shorewall (or the like) on dom0 to be able to handle > network access for guests? Would I need to create a bridge for every > guest to be able to handle them separately for firewalling purposes > because otherwise packets circumvent firewall rules by directly going > over the bridge? If so, why are bridges needed?You need to pick. One approach is to set up a bridged connection with one VM, with a second localized VLAN connection, and run shorewall or other firewalls on that VM to manage connections to the rest of the VM's. This leaves your bandwidth trapped at the capacity of that firewall VM, but it's not an uncommon soluiton, especially when running complex firewalls and/or proxies in small environments. Whether you need bridges then depends on where your firewall is. If it lives on another host on your network, yes, your guests need bridges. If it's on a VM with two connections, as I described above, it's potentially much easier to set up on a single firewall VM. But migrating the firewall among multiple VM servers means establishing, and maintaining, a multiple VM server internal network, and if doing that, *THOSE* might mandate bridges.> I would understand doing things like adding those guests that are > visible to the LAN only to the same bridge to have them all reachable > likewise. When doing that, it would seem to make sense to use a > different subnet for guests in the DMZ.It Depends(tm).> All the documentation tells you many different things, none of them work > and it`s totally confusing. Is there any /good/ documentation > somewhere?I suggest what you need to accomplish first. Do you have, or want to build, firewalls? Are you isolating DMZ hosts or public facing webservers that need heightened isolation and security?
On Mon, Jun 2, 2014 at 1:45 AM, lee <lee at yun.yagibdah.de> wrote:> Hi, > > what is the proposed way to create domU guests on centos 6.5? At first > I tried to follow the documentation on the xen project website which > recommends using xl. I created a config file and ended up with getting > a message that the kernel is not bootable when trying to create a guest. > I also had to stop some daemon (xend?) because it said that xl isn`t > compatible with it and the daemon must be stopped first.I understand how frustrating it can be to be dealing with old / inaccurate documentation. But I'm not sure how we're supposed to help you if you don't give any details about what you did and exactly how it failed. If the instructions you followed don't work, then either: * You misunderstood something / accidentally left out a step / mistyped something from the documentation. * There's a bug in the CentOS implementation of Xen that needs to be fixed * There's a bug in the documentation that needs to be fixed If you describe which bit of documentation on the Xen website you tried to follow, what you were trying to do, and what happened, then we can figure out which of those it is and address the issue. The xend thing is an unfortunate -- as a project we're trying to move away from it, but there are still a large number of CentOS users who use it. Trying to make both new users and old users happy is a bit of a hard balancing act. -George