
This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
vms:ipfire [2015/03/29 00:30]
vms:ipfire [2015/03/31 19:28]
admin [Start the VM]
Line 4: Line 4:
 ===== Introduction ===== ===== Introduction =====
 ---- ----
-The following procedure is inspired by [[http://​wiki.ipfire.org/​en/​virtualization/​xen/​hvm-on-debian|this article on the IPFire Wiki]], as well as [[http://​www.panticz.de/​IPfire-XEN-DomU|this article on the Panticz web site]].\\+The following procedure is inspired by [[http://​wiki.ipfire.org/​en/​virtualization/​xen/​discussion_-_building_hvm_virtual_on_debian_xen_4.1|this article on the IPFire Wiki]], ​[[http://​wiki.ipfire.org/​en/​virtualization/​xen/​hvm-on-debian|this article]] being a summary of the previous one as well as [[http://​www.panticz.de/​IPfire-XEN-DomU|this article on the Panticz web site]].\\
 The directories locations that are used in this example are based on this wiki's [[:​sample:​base|Sample Configuration]],​ but YMMV.\\ The directories locations that are used in this example are based on this wiki's [[:​sample:​base|Sample Configuration]],​ but YMMV.\\
 You should also read the README file, inside the ipfire/ directory that's extracted from the archive. You should also read the README file, inside the ipfire/ directory that's extracted from the archive.
Line 17: Line 17:
 Setting up a firewall implies having at least 2 physical NICs on the host machine. Setting up a firewall implies having at least 2 physical NICs on the host machine.
 +<color darkorange>​**TBC**</​color>​
 ---- ----
 ===== Using the scon Image of IPFire ===== ===== Using the scon Image of IPFire =====
Line 35: Line 37:
 ---- ----
-==== Create the IPFire ​VHD (vdi) ====+==== Create the IPFire ​Virtual Hard Disk ====
 ---- ----
 +We intend to generally use FBD (File Based Devices) VDIs in our deployment, so we'll create an FBD:
-We're willing to use file based VHDs here, so let's create one to be allocated to our IPFire VM.\\ +<​code>​ 
-First identifying our SR of choice, then create the file based VHD (VDI).+> zcat ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /​opt/​xen/​X-Local-VMS/​ipfire 
 +> fallocate -l 4G /​opt/​xen/​X-Local-VMS/​ipfire 
 +If we were to use LVM VDIs, we'd use:
 <​code>​ <​code>​
-xe sr-list +lvcreate ​-L 4G -n ipfire vg0 
-..+> zcat ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz /​dev/​vg0/​ipfire
-uuid ( RO)                : 26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0 +
-          name-label ( RW): X-Local-SR +
-    name-description ( RW):  +
-                host ( RO): store +
-                type ( RO): ext +
-        content-type ( RO):  +
-   +
-xe vdi-create sr-uuid=26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0 name-label=IPFire type=user virtual-size=5GiB +
 </​code>​ </​code>​
 ---- ----
-==== Create ​and plug a VBD for the VDI ====+==== Create ​VM configuration file ====
 ---- ----
 +By convention, Xen VMs configuration files should end in .cfg, but to help differentiate Paravirts and HVMs, we'll use the .hvm suffix. Thus we'll create //​**/​opt/​xen/​X-Local-VMS/​ipfire.hvm**//​
 +To get more details about the configuration'​s options, you can refer to [[http://​wiki.ipfire.org/​en/​virtualization/​xen/​discussion_-_building_hvm_virtual_on_debian_xen_4.1#​create_the_configuration_file|the original article this procedure is inspired from]]. ​
 +> nano /​opt/​xen/​X-Local-VMS/​ipfire.hvm
 +memory = 512 # adjust this as needed, though 512M is enough for most purposes
 +name = "​ipfire"​
 +vcpus=1 # adjust as needed, though a single processor is fine
 +# this is the heart of the matter, setting up the correct network interfaces
 +# the bridge should match your configuration (must be defined to Xen)
 +# the mac address must be unique in YOUR network
 +# vifname simply allows you to find the interface from the DOM0 using ifconfig
 +vif         = [
 +                  '​mac=00:​17:​3e:​be:​b1:​1a,​ bridge=xenbr0,​vifname=fw_green', ​ ## Green
 +                  '​mac=00:​17:​3e:​be:​b1:​1b,​ bridge=xenbr1,​vifname=fw_red', ​   ## Red
 +#                  '​mac=00:​17:​3e:​be:​b1:​1c,​ bridge=xenbr2,​vifname=fw_blue', ​  ## Blue
 +#                  '​mac=00:​17:​3e:​be:​b1:​1d,​ bridge=xenbr3,​vifname=fw_orange',​ ## Orange
 +               ]
 +# points to the storage used for this DOMU
 +disk = [
 +                '​file:/​opt/​xen/​X-Local-VMS/​ipfire,​hda,​w',​
 +# for LVM partitions: '​phy:/​dev/​vg0/​ipfire,​hda,​w',​
 +       ]
 +localtime=0 ​ # take time from server clock
 +serial='​pty'​ # allow us to connect from xl console
 +# do not use VNC since console is redirected to DOM0
 +==== Start the VM ====
 +Now we'd like to start the virtual machine.
 +Unfortunately,​ we're using the XAPI toolstack which doesn'​t provide an equivalent to the **xl create <vm> -c**.\\
 +Well have to modify the toolstack and reboot (had no time to search how to only reboot the toolstack itself).
 +> nano /​etc/​default/​xen
 +> reboot
 +Start the virtual with
 +> cd /​opt/​xen/​X-Local-VMS/​
 +> xl create ipfire -c
 +It will boot, do some housekeeping and reboot. During the reboot you will lose your console, and must reconnect.
 +the -c tells xl to connect you to the console immediately. You can watch as the housekeeping is done (mainly, enlarging the / partition), then you will see the reboot message. When you are back at the DOM0 prompt, reconnect with
 +> xl console ipfire
 +Then configure the router. Remember, if you are connected over a terminal window on your workstation (likely via ssh), the size of the window should be as close as possible to 80 char x 24 lines. This is an ongoing issue with the scon install, and one that can not be easily fixed.
 ==== STOP ==== ==== STOP ====
 +++++ Deprecated method (click to see) |
 +Follow the [[hypervisor:​base:​xcp-xapi#​create_and_access_a_vdi_from_dom0|procedure described in this wiki]] to create a dedicated VDI for the IPFire VM. But **DO NOT PLUG THE VBD YET**, as we'll first copy the IPFire image disk to it.
 +=== Copy the IPFire image to the vhd file ===
 +The IPFire image contains the partitions that are needed by the IPFire VM we intend to create, you could verify this by unzipping it and examine it with kpartx:
 +> gunzip /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img
 +> kpartx -l /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img ​
 +loop0p1 : 0 122880 /dev/loop0 8192
 +loop0p3 : 0 1536000 /dev/loop0 131072
 +loop deleted : /dev/loop0
 +Let's copy the image to our vhd file:
 +> cat /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img > /​run/​sr-mount/​26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/​72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd
 +Using zcat, the image doesn'​t even need to be unzipped before the copy:
 +> zcat /​opt/​xen/​X-Local-ISO/​ipfire-2.17.1gb-ext4-scon.i586-full-core87.img.gz > /​run/​sr-mount/​26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/​72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd
 +We can verify that our vhd file now contains 2 partitions:
 +> kpartx -l /​run/​sr-mount/​26b9d87b-f344-1c8d-c5c5-a155d4e4e2e0/​72e00fc6-98bb-48fe-ab4d-b52d1ef721b5.vhd ​
 +loop0p1 : 0 122880 /dev/loop0 8192
 +loop0p3 : 0 1536000 /dev/loop0 131072
 +loop deleted : /dev/loop0
 ++++ See deprecated method | ++++ See deprecated method |