Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
vms:ipfire [2015/03/29 01:50]
admin [Create the IPFire Virtual Hard Disk (VDI)] 		vms:ipfire [2015/03/31 19:26]
admin [Start the VM]
Line 4: Line 4:
 ===== Introduction ===== ===== Introduction =====
 ---- ----
-The following procedure is inspired by [[http://​wiki.ipfire.org/​en/​virtualization/​xen/​hvm-on-debian|this article on the IPFire Wiki]], as well as [[http://​www.panticz.de/​IPfire-XEN-DomU|this article on the Panticz web site]].\\+The following procedure is inspired by [[http://​wiki.ipfire.org/​en/​virtualization/​xen/​discussion_-_building_hvm_virtual_on_debian_xen_4.1|this article on the IPFire Wiki]], ​[[http://​wiki.ipfire.org/​en/​virtualization/​xen/​hvm-on-debian|this article]] being a summary of the previous one as well as [[http://​www.panticz.de/​IPfire-XEN-DomU|this article on the Panticz web site]].\\
 The directories locations that are used in this example are based on this wiki's [[:​sample:​base|Sample Configuration]],​ but YMMV.\\ The directories locations that are used in this example are based on this wiki's [[:​sample:​base|Sample Configuration]],​ but YMMV.\\
 You should also read the README file, inside the ipfire/ directory that's extracted from the archive. You should also read the README file, inside the ipfire/ directory that's extracted from the archive.
Line 17: Line 17:
 Setting up a firewall implies having at least 2 physical NICs on the host machine. Setting up a firewall implies having at least 2 physical NICs on the host machine.
  
 +<color darkorange>​**TBC**</​color>​
 ---- ----
 +
 ===== Using the scon Image of IPFire ===== ===== Using the scon Image of IPFire =====
  
Line 37: Line 39:
 ==== Create the IPFire Virtual Hard Disk ==== ==== Create the IPFire Virtual Hard Disk ====
 ---- ----
 +We intend to generally use FBD (File Based Devices) VDIs in our deployment, so we'll create an FBD:
  
-Follow the [[hypervisor:​base:​xcp-xapi#​create_and_access_a_vdi_from_dom0|procedure described in this wiki]] ​to create a dedicated VDI for the IPFire VM.+<​code>​ 
 +> zcat ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /​opt/​xen/​X-Local-VMS/​ipfire 
 +> fallocate -l 4G /​opt/​xen/​X-Local-VMS/​ipfire 
 +</​code>​ 
 + 
 +If we were to use LVM VDIs, we'd use: 
 +<​code>​ 
 +> lvcreate -L 4G -n ipfire vg0 
 +> zcat ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /​dev/​vg0/​ipfire 
 +</​code>​
  
 ---- ----
-==== Create ​and plug a VBD for the VDI ====+==== Create ​VM configuration file ====
 ---- ----
 +By convention, Xen VMs configuration files should end in .cfg, but to help differentiate Paravirts and HVMs, we'll use the .hvm suffix. Thus we'll create //​**/​opt/​xen/​X-Local-VMS/​ipfire.hvm**//​
  
 +To get more details about the configuration'​s options, you can refer to [[http://​wiki.ipfire.org/​en/​virtualization/​xen/​discussion_-_building_hvm_virtual_on_debian_xen_4.1#​create_the_configuration_file|the original article this procedure is inspired from]]. ​
  
 +<​code>​
 +> nano /​opt/​xen/​X-Local-VMS/​ipfire.hvm
  
 +kernel="​hvmloader"​
 +builder='​hvm'​
 +device_model='​qemu-dm'​
 +memory = 512 # adjust this as needed, though 512M is enough for most purposes
 +name = "​ipfire"​
 +vcpus=1 # adjust as needed, though a single processor is fine
 +
 +# this is the heart of the matter, setting up the correct network interfaces
 +# the bridge should match your configuration (must be defined to Xen)
 +# the mac address must be unique in YOUR network
 +# vifname simply allows you to find the interface from the DOM0 using ifconfig
 +vif         = [
 +                  '​mac=00:​17:​3e:​be:​b1:​1a,​ bridge=xenbr0,​vifname=fw_green', ​ ## Green
 +                  '​mac=00:​17:​3e:​be:​b1:​1b,​ bridge=xenbr1,​vifname=fw_red', ​   ## Red
 +#                  '​mac=00:​17:​3e:​be:​b1:​1c,​ bridge=xenbr2,​vifname=fw_blue', ​  ## Blue
 +#                  '​mac=00:​17:​3e:​be:​b1:​1d,​ bridge=xenbr3,​vifname=fw_orange',​ ## Orange
 +               ]
 +
 +# points to the storage used for this DOMU
 +disk = [
 +                '​file:/​opt/​xen/​X-Local-VMS/​ipfire,​hda,​w',​
 +# for LVM partitions: '​phy:/​dev/​vg0/​ipfire,​hda,​w',​
 +       ]
 +
 +
 +localtime=0 ​ # take time from server clock
 +serial='​pty'​ # allow us to connect from xl console
 +boot="​c"​
 +sdl=0
 +acpi=1
 +apic=1
 +pae=1
 +usbdevice='​tablet'​
 +# do not use VNC since console is redirected to DOM0
 +#vnc=1
 +#​vncdisplay=1
 +</​code>​
 +
 +----
 +==== Start the VM ====
 +----
 +Now we'd like to start the virtual machine.
 +
 +Unfortunately,​ we're using the XAPI toolstack which doesn'​t provide an equivalent to the **xl create <vm> -c**.\\
 +Well have to modify the toolstack and reboot (had no time to search how to only reboot the toolstack itself).
 +
 +<​code>​
 +> nano /​etc/​default/​xen
 +
 +TOOLSTACK=xl
 +
 +> reboot
 +</​code>​
 +
 +Start the virtual with
 +<​code>​
 +> cd /​opt/​xen/​X-Local-VMS/​
 +> xl create ipfire -c
 +</​code>​
 +
 +It will boot, do some housekeeping and reboot. During the reboot you will lose your console, and must reconnect.
 +
 +the -c tells xl to connect you to the console immediately. You can watch as the housekeeping is done (mainly, enlarging the / partition), then you will see the reboot message. When you are back at the DOM0 prompt, reconnect with
 +
 +xl console ipfire
 +
 +and configure your router. Remember, if you are connected over a terminal window on your workstation (likely via ssh), the size of the window should be as close as possible to 80 char x 24 lines. This is an ongoing issue with the scon install, and one that can not be easily fixed.
  
 ==== STOP ==== ==== STOP ====
 +++++ Deprecated method (click to see) |
 +Follow the [[hypervisor:​base:​xcp-xapi#​create_and_access_a_vdi_from_dom0|procedure described in this wiki]] to create a dedicated VDI for the IPFire VM. But **DO NOT PLUG THE VBD YET**, as we'll first copy the IPFire image disk to it.
 +
 +=== Copy the IPFire image to the vhd file ===
 +
 +The IPFire image contains the partitions that are needed by the IPFire VM we intend to create, you could verify this by unzipping it and examine it with kpartx:
 +
 +<​code>​
 +> gunzip /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img
 +> kpartx -l /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img ​
 +loop0p1 : 0 122880 /dev/loop0 8192
 +loop0p3 : 0 1536000 /dev/loop0 131072
 +loop deleted : /dev/loop0
 +</​code>​
 +
 +Let's copy the image to our vhd file:
 +<​code>​
 +> cat /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img > /​run/​sr-mount/​26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/​72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd
 +</​code>​
 +
 +Using zcat, the image doesn'​t even need to be unzipped before the copy:
 +<​code>​
 +> zcat /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /​run/​sr-mount/​26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/​72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd
 +</​code>​
 +
 +We can verify that our vhd file now contains 2 partitions:
 +<​code>​
 +> kpartx -l /​run/​sr-mount/​26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/​72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd ​
 +loop0p1 : 0 122880 /dev/loop0 8192
 +loop0p3 : 0 1536000 /dev/loop0 131072
 +loop deleted : /dev/loop0
 +</​code>​
 +++++
 +
 +----
  
 ++++ See deprecated method | ++++ See deprecated method |