Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
vms:ipfire [2015/03/29 00:30] admin |
vms:ipfire [2015/03/31 19:28] admin [Start the VM] |
||
---|---|---|---|
Line 4: | Line 4: | ||
===== Introduction ===== | ===== Introduction ===== | ||
---- | ---- | ||
- | The following procedure is inspired by [[http://wiki.ipfire.org/en/virtualization/xen/hvm-on-debian|this article on the IPFire Wiki]], as well as [[http://www.panticz.de/IPfire-XEN-DomU|this article on the Panticz web site]].\\ | + | The following procedure is inspired by [[http://wiki.ipfire.org/en/virtualization/xen/discussion_-_building_hvm_virtual_on_debian_xen_4.1|this article on the IPFire Wiki]], [[http://wiki.ipfire.org/en/virtualization/xen/hvm-on-debian|this article]] being a summary of the previous one as well as [[http://www.panticz.de/IPfire-XEN-DomU|this article on the Panticz web site]].\\ |
The directories locations that are used in this example are based on this wiki's [[:sample:base|Sample Configuration]], but YMMV.\\ | The directories locations that are used in this example are based on this wiki's [[:sample:base|Sample Configuration]], but YMMV.\\ | ||
You should also read the README file, inside the ipfire/ directory that's extracted from the archive. | You should also read the README file, inside the ipfire/ directory that's extracted from the archive. | ||
Line 17: | Line 17: | ||
Setting up a firewall implies having at least 2 physical NICs on the host machine. | Setting up a firewall implies having at least 2 physical NICs on the host machine. | ||
+ | <color darkorange>**TBC**</color> | ||
---- | ---- | ||
+ | |||
===== Using the scon Image of IPFire ===== | ===== Using the scon Image of IPFire ===== | ||
Line 35: | Line 37: | ||
---- | ---- | ||
- | ==== Create the IPFire VHD (vdi) ==== | + | ==== Create the IPFire Virtual Hard Disk ==== |
---- | ---- | ||
+ | We intend to generally use FBD (File Based Devices) VDIs in our deployment, so we'll create an FBD: | ||
- | We're willing to use file based VHDs here, so let's create one to be allocated to our IPFire VM.\\ | + | <code> |
- | First identifying our SR of choice, then create the file based VHD (VDI). | + | > zcat ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /opt/xen/X-Local-VMS/ipfire |
+ | > fallocate -l 4G /opt/xen/X-Local-VMS/ipfire | ||
+ | </code> | ||
+ | If we were to use LVM VDIs, we'd use: | ||
<code> | <code> | ||
- | > xe sr-list | + | > lvcreate -L 4G -n ipfire vg0 |
- | ... | + | > zcat ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /dev/vg0/ipfire |
- | uuid ( RO) : 26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0 | + | |
- | name-label ( RW): X-Local-SR | + | |
- | name-description ( RW): | + | |
- | host ( RO): store | + | |
- | type ( RO): ext | + | |
- | content-type ( RO): | + | |
- | ... | + | |
- | + | ||
- | > xe vdi-create sr-uuid=26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0 name-label=IPFire type=user virtual-size=5GiB | + | |
- | 72e00fc6-98bb-48fe-ab4d-b52d1ef721b5 | + | |
</code> | </code> | ||
---- | ---- | ||
- | ==== Create and plug a VBD for the VDI ==== | + | ==== Create VM configuration file ==== |
---- | ---- | ||
+ | By convention, Xen VMs configuration files should end in .cfg, but to help differentiate Paravirts and HVMs, we'll use the .hvm suffix. Thus we'll create //**/opt/xen/X-Local-VMS/ipfire.hvm**// | ||
+ | To get more details about the configuration's options, you can refer to [[http://wiki.ipfire.org/en/virtualization/xen/discussion_-_building_hvm_virtual_on_debian_xen_4.1#create_the_configuration_file|the original article this procedure is inspired from]]. | ||
+ | <code> | ||
+ | > nano /opt/xen/X-Local-VMS/ipfire.hvm | ||
+ | kernel="hvmloader" | ||
+ | builder='hvm' | ||
+ | device_model='qemu-dm' | ||
+ | memory = 512 # adjust this as needed, though 512M is enough for most purposes | ||
+ | name = "ipfire" | ||
+ | vcpus=1 # adjust as needed, though a single processor is fine | ||
+ | |||
+ | # this is the heart of the matter, setting up the correct network interfaces | ||
+ | # the bridge should match your configuration (must be defined to Xen) | ||
+ | # the mac address must be unique in YOUR network | ||
+ | # vifname simply allows you to find the interface from the DOM0 using ifconfig | ||
+ | vif = [ | ||
+ | 'mac=00:17:3e:be:b1:1a, bridge=xenbr0,vifname=fw_green', ## Green | ||
+ | 'mac=00:17:3e:be:b1:1b, bridge=xenbr1,vifname=fw_red', ## Red | ||
+ | # 'mac=00:17:3e:be:b1:1c, bridge=xenbr2,vifname=fw_blue', ## Blue | ||
+ | # 'mac=00:17:3e:be:b1:1d, bridge=xenbr3,vifname=fw_orange', ## Orange | ||
+ | ] | ||
+ | |||
+ | # points to the storage used for this DOMU | ||
+ | disk = [ | ||
+ | 'file:/opt/xen/X-Local-VMS/ipfire,hda,w', | ||
+ | # for LVM partitions: 'phy:/dev/vg0/ipfire,hda,w', | ||
+ | ] | ||
+ | |||
+ | |||
+ | localtime=0 # take time from server clock | ||
+ | serial='pty' # allow us to connect from xl console | ||
+ | boot="c" | ||
+ | sdl=0 | ||
+ | acpi=1 | ||
+ | apic=1 | ||
+ | pae=1 | ||
+ | usbdevice='tablet' | ||
+ | # do not use VNC since console is redirected to DOM0 | ||
+ | #vnc=1 | ||
+ | #vncdisplay=1 | ||
+ | </code> | ||
+ | |||
+ | ---- | ||
+ | ==== Start the VM ==== | ||
+ | ---- | ||
+ | Now we'd like to start the virtual machine. | ||
+ | |||
+ | Unfortunately, we're using the XAPI toolstack which doesn't provide an equivalent to the **xl create <vm> -c**.\\ | ||
+ | Well have to modify the toolstack and reboot (had no time to search how to only reboot the toolstack itself). | ||
+ | |||
+ | <code> | ||
+ | > nano /etc/default/xen | ||
+ | |||
+ | TOOLSTACK=xl | ||
+ | |||
+ | > reboot | ||
+ | </code> | ||
+ | |||
+ | Start the virtual with | ||
+ | <code> | ||
+ | > cd /opt/xen/X-Local-VMS/ | ||
+ | > xl create ipfire -c | ||
+ | </code> | ||
+ | |||
+ | It will boot, do some housekeeping and reboot. During the reboot you will lose your console, and must reconnect. | ||
+ | |||
+ | the -c tells xl to connect you to the console immediately. You can watch as the housekeeping is done (mainly, enlarging the / partition), then you will see the reboot message. When you are back at the DOM0 prompt, reconnect with | ||
+ | <code> | ||
+ | > xl console ipfire | ||
+ | </code> | ||
+ | |||
+ | Then configure the router. Remember, if you are connected over a terminal window on your workstation (likely via ssh), the size of the window should be as close as possible to 80 char x 24 lines. This is an ongoing issue with the scon install, and one that can not be easily fixed. | ||
==== STOP ==== | ==== STOP ==== | ||
+ | ++++ Deprecated method (click to see) | | ||
+ | Follow the [[hypervisor:base:xcp-xapi#create_and_access_a_vdi_from_dom0|procedure described in this wiki]] to create a dedicated VDI for the IPFire VM. But **DO NOT PLUG THE VBD YET**, as we'll first copy the IPFire image disk to it. | ||
+ | |||
+ | === Copy the IPFire image to the vhd file === | ||
+ | |||
+ | The IPFire image contains the partitions that are needed by the IPFire VM we intend to create, you could verify this by unzipping it and examine it with kpartx: | ||
+ | |||
+ | <code> | ||
+ | > gunzip /opt/xen/X-Local-ISO/ipfire-2.17.1gb-ext4-scon.i586-full-core87.img | ||
+ | > kpartx -l /opt/xen/X-Local-ISO/ipfire-2.17.1gb-ext4-scon.i586-full-core87.img | ||
+ | loop0p1 : 0 122880 /dev/loop0 8192 | ||
+ | loop0p3 : 0 1536000 /dev/loop0 131072 | ||
+ | loop deleted : /dev/loop0 | ||
+ | </code> | ||
+ | |||
+ | Let's copy the image to our vhd file: | ||
+ | <code> | ||
+ | > cat /opt/xen/X-Local-ISO/ipfire-2.17.1gb-ext4-scon.i586-full-core87.img > /run/sr-mount/26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd | ||
+ | </code> | ||
+ | |||
+ | Using zcat, the image doesn't even need to be unzipped before the copy: | ||
+ | <code> | ||
+ | > zcat /opt/xen/X-Local-ISO/ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /run/sr-mount/26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd | ||
+ | </code> | ||
+ | |||
+ | We can verify that our vhd file now contains 2 partitions: | ||
+ | <code> | ||
+ | > kpartx -l /run/sr-mount/26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd | ||
+ | loop0p1 : 0 122880 /dev/loop0 8192 | ||
+ | loop0p3 : 0 1536000 /dev/loop0 131072 | ||
+ | loop deleted : /dev/loop0 | ||
+ | </code> | ||
+ | ++++ | ||
+ | |||
+ | ---- | ||
++++ See deprecated method | | ++++ See deprecated method | |