Information Debian Xen setup/networking

scheidel21 · 08-31-2007, 02:58 AM

Preface: As great as this community is no one seemed to be able to help me much with xen, so I wrote this in order to post it as to help others in the future.Edit: This was done on an AMD turionx2 tl-56 running an amd64 distribution of etch.

Xen setup – and dv9000z setup

This tutorial has some specifics to the HP dv9000z laptop, however, much of it is applicable to xen and specifically xen on a laptop. I am writing this because I hope to prevent headaches for others in their endeavor to setup xen.

Background:I own a dv9000z, the video ram has gone bad on said laptop and therefore Windows pnp and it's want to use the nvidia drivers for video has rendered it useless to boot into windows as all it does is BSOD. I was dual booting mainly to play games, and for VB.NET programming with visual studio, I didn't use linux much on it due to some BIOS problems causing freezes in linux. When the VRAM went bad I figured the laptop DOA, until I realized that if I run linux with xen I can still use visual studio and use OE to check my hotmail accounts. I can use linux because I can select the xorg driver I want to use, and vesa did the trick. I can only get 1024x768 on the LCD that sports a native 1400x900 but the laptop is not just a doorstop, I can watch DVD's, go online, listen to music, etc...., and still run my windows install or just access the hard drive for files I may need.

My main Requirements:
1)XEN kernel able to use hvm to boot windows from hard drive
2)Networking for the windows domU

dom0 Setup

Procedure:Compiling/installing xen kernel
My preferred distro is Debian and recently they came out with 4.0 and to my delight they have precompiled kernels with xen 3.0.3, unfortunately for me it seems that the hvm in these is broken or there is simply a problem with physical devices as I was never able to get my windows install to boot. So after some research I found that someone had been able to get a HD install of windows to boot with xen 3.0.4, so I went and DL the source from xen and they were on 3.1, all the better for me.
Compiling xen from source at least as of v3.1 is easy as pie, it uses the 2.6.18 kernel to compile against and is as simple as unpacking the tarball and moving into the unpacked directory and typing

Code:

#make world
#make install

this will DL the 2.6.18 source from kernel.org and compile agaisnt it then the install command installs the kernel. The next step for debian systems is to

Code:

#depmod 2.6.18-xen
#mkinitramfs -o /boot/initrd.img-2.6.18-xen 2.6.18-xen

this will set up the appropriate module dependencies then create an initramfs to boot from. Finally you need to modify grub or lilo, I use grub and this is specific to that boot loader. running

Code:

#updategrub

will add the new kernel to your grub menu, but you will want to look at /boot/grub/menu.lst to make sure that the entry for the xen kernel is similar to below

Quote:

title Xen 3.1.0 / Debian GNU/Linux, kernel 2.6.18-xen
root (hd1,1)
kernel /xen-3.1.0.gz
module /vmlinuz-2.6.18-xen root=/dev/sdb3 ro console=tty0 iommu=off
module /initrd.img-2.6.18-xen
savedefault

the iommu=off kernel parameter is used for the dv9000z due to the BIOS issues with this laptop and linux. The rest is pretty self explanatory, but for debian you will need two module lines one for the actual kernel and one for the initramfs.

Procedure:Getting networking up – specific to Broadcom 43xx cards
The dv9000z uses the broadcom 43xx series of wireless nics as do many laptops due to the inexpensive cost. However, many broadcom 43xx cards will not work natively with linux until at least the 2.20 series kernels. Our xen kernel is 2.6.18 and the 4310 and 4311 broadcom cards found in these laptops, specifically the 4310 in my case will not work with the native bcm43xx kernel driver. You may need to blacklist this driver if it loads and does not work on your laptop, in my case this module never auto loaded and therefore this was not an issue. So I need to use ndiswrapper. First thing to do is make a symlink from the xen source code compiles headers to the linux directory in /usr/src ***Note on my system I was missing the version.h header from the include source which I symlinked to the linux folder I copied this from the build directory in the xen src folder and then all was well*** Now the source code from the debian repositories for 4.0 is broken with xen so, go get the newest stable source for ndiswrapper, the unpack the tarball and run

Code:

#make
#make install
#ndiswrapper -i bcmwl5.inf
#modprobe ndiswrapper
#depmod -a ndiswrapper

This assumed you all ready have the windows driver for the broadcom card which is named bcmwl5.inf, if you do not have this then go to your laptop manufactures website and DL the driver, or installer extract them using cabextract then add it to ndiswrapper. modprobe will install the module and should bring up a wlan0 interface, and depmod will load it at startup. You will also now need to add wlan0 to your /etc/network/interfaces it should look something like

Quote:

allow-hotplug wlan0
iface wlan0 inet dhcp

This is basic and will allow you to connect to and configure your wireless connection to an open wireless router with iwconfig.

If like me you want decent security on your wireless network you will want to use encryption, and in my case I wanted to use no less then WPA, so I decided to use wpa_supplicant to configure my wireless card and connection. Thankfully Debian had integrated wpa_supplicant into the interfaces scripts which makes setup a little easier to suit your needs. First step is to create a wpa_supplicant.conf file, the best place set this up would be in /etc/wpa_supplicant/wpa_supplicant.conf my file is below.

Quote:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=users
ap_scan=1

network={
ssid="scheidel22.net"
id_str="home"
scan_ssid=1
key_mgmt=WPA-PSK
psk="yourpsk"
pairwise=CCMP TKIP
group=CCMP TKIP
proto=WPA

}

network={
ssid="AetnaWiFi"
id_str="work"
scan_ssid=1
key_mgmt=WPA-PSK
psk="yourpsk"
pairwise=CCMP TKIP
group=CCMP TKIP
proto=WPA
}

network={
ssid="guest"
id_str="any"
key_mgmt=NONE
}

network={
ssid="hhonors"
id_str="any"
key_mgmt=NONE
}

network={
ssid="linksys"
id_str="any"
key_mgmt=NONE
}

the first two lines setup the control daemon and assign the group that can modify the daemon to the users group, which you will likely need to add yourself to. Following that you need a network block for each network you want to automatically connect to. In my case my home network which is WPA secured, my office wireless WPA secured, and since I spend hours posting in an ambulance some common networks I connect to that have no encryption. the id_str provides the interfaces file with the appropriate information for connecting to these networks. The new interfaces file is below.

Quote:

allow-hotplug wlan0
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant.conf

iface home inet dhcp

iface work inet dhcp

iface any inet dhcp

iface default inet dhcp

The wlan0 section now turns wlan0 into a wpa_supplicant roaming interface, using our wpa_supplicant.conf, then see an iface section for each id_str from our wpa_supplicant.conf, this tells the wpa_supplicant daemon what to do for each network we connect to. To allow easier detection and connection to wireless networks via GUI interface I recommend wpa_gui, as the kde wpa_supplicant application was slow, like painfully slow. To start the wpa_gui interface for wpa_supplicant make sure you apt-get install it then from the “run command” menu item type wpa_gui and select run as different user run it as root. It works well if even if it isn't a flashy interface.

Process:Sound – Applicable to dv9000z nvidia HDA (connexant) possibly other laptops

The default install of Debian, and the compilation of ALSA from repository sources does not allow headphone and mic jacks to work, downloading >=1.0.14 ALSA source from ALSA project page and compiling fixes this. Download and unpack the tarball cd to the unpacked directory and type.

Code:

#./configure
#make
#make install

This should fix the problem.

Process:Video

Prior to the VRAM problem I was unable to get proprietary nvidia driver working in the xen environment, however, the nv driver for xorg worked fine providing native resolution of 1400x900. The vesa also works albeit with max resolution of 1024x768. In non-xen kernels the nvidia driver worked well. http://www.ianbmacdonald.com/ has some links on debian setup on hp dv9000z and a link to patched source code for compiling proprietary nvidia modules under xen. As I had no luck with this myself I will not document it.

domU setup

Process:domU configuration
This was relatively easy to get running at least. You need to have xend running and create a configuration file for the domU that is the same as your physical setup., as far as hard drives go at least. It's better to look at an example so mine is below.

Quote:

kernel="/usr/lib/xen/boot/hvmloader"
builder='hvm'
name='winxp'
memory=768
disk=['phy:/dev/sda,ioemu:hda,w','phy:/dev/sdb,ioemu:hdb,w','phy:/dev/hda,hdc:cdrom,r']
on_poweroff='destroy'
vif=['type=ioemu,bridge=xenbr0']
device_model='/usr/lib/xen/bin/qemu-dm'
boot='c'
sdl=0
vnc=1
vncviewer=1
soundhw='sb16'

Well the kernel used for non *nix Oses is the hvm and, the we have to have a name for our new domU in this case winxp. The domU also needs RAM to operate and I have given the domU 768MB which should be enough. Here comes the good part, we tell the domain to use two physical devices for the emulated harddrives, my sata HD1 or /dev/sda and my HD2 or /dev/sdb, This is required because GRUB needs to have a physical map that is identical to the actual hardware. Also note the CDROM information is in the disk section, after having no cdrom I found that newer version of xen use this configuration for cdrom hardware as opposed to it's own line, also note I passed and device for this parameter as well /dev/hda. vif is our virtual networking device, an emulated realtek fast ethernet controller, and I have passed the xen bridge to it as the bridge to use for networking. We use the quem device model to emulate the hardware for the domU and the boot option tells it to boot from the hard disk. Finally setting the vnc=1 option allows us to vnc into the domU using the loopback address 127.0.0.1:0 I tried to use sdl but have had no luck with it, if you wish to use that I'm afraid I cannot help.

Process:domU networking
This was a tricky proposition, while using the ethernet devices as the xen bridge device, works, this is a laptop and thus has wireless and also is almost never plugged into a wire. Changing the netdev to bridge to the wlan0 kills the wireless and requires reboot to fix. Additionally this bridging only works if connected to a network, we want constant networking between our dom0 and domU, so this setup will not work. The answer setup a dummy interface that can be bridged, it is local to the machine and can always be connected. setting up the dummy interface is the easy part.

Code:

#modprobe dummy
#depmod -a dummy

Now edit /etc/modules so that the dummy line looks like this

Quote:

alias dummy0 dummy

Next edit /etc/network/interfaces and add

Quote:

auto dummy0
iface dummy0 inet static
address 192.168.7.1
netmask 255.255.255.0

or something similar with an address and subnet from a private Ipv4 range.

Now we need to setup routing for this interface to our real interface. To accomplish this we use iptables. I do not have a firewall setup on my laptop, lax on security I know but this made things real simple for me. If you do not have a firewall setup all you need do is add the file /etc/network/if-up.d/iptables and fill it with the following.

Quote:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Since this is done now, we can edit xend-config.sxp and change the netdev used for bridging to dummy0 then reboot the computer. Bringing up the domU you can then edit the IP settings in your domU and provide it with an address from the appropriate subnet. After doing so you will find that you can now ping the dummy interface IP (in my case 192.168.7.1) and the IP of your wlan0 interface, and you can ping from dom0 to domU as well. You should note (at least with the broadcom 4310 and ndiswrapper) that you cannot ping anything outside the laptop interfaces, so no router ping, or anything else on that network. After much fiddling with iptables, and even ebtables I could not get anything to go past the laptop. I would have thought that NATing packets would not give a problem but apparently the wireless card doesn't want to send anything. So after much thought I had an idea, run a proxy server, all requests then would come from the dom0. so apt-get install squid. While you are installing squid, take the time to go to http://www.webmin.com/ and download the webmin package, and install that as well, note you may have to install a few other libraries from the apt repositories as well before webmin will install. I suggest webmin because it offers a great interface for administering squid and other things on the computer via a web page negating the need for text editing configuration files. Now that squid is installed, you may need to set the visual hostname before squid will run, you can set it to the hostname you assigned to the linux box initially if you like this is the easiest. The squid config file is very large and webmin would be a great asset here in helping to configure squid, if you use webmin you will find the visual hostname option under the administrative option section in the squid administration module. Next you need to edit access control, using webmin this is as easy as clicking the access control button. Once in this section add a new client address acl and name it lanhosts then in the from IP box type your network in my case 192.168.7.0 and then add the subnet in my case 255.255.255.0 and click ok. Now we have a rule to allow anything on our fictional dummy network to access our proxy. Next we add a rule to allow this acl. In the proxy restrictions area of the access control page add a proxy restriction and and select the allow radio button and choose the lanhosts acl then click ok, now if all the squid settings were default you should see a proxy restriction above your new one that says deny all, move your new allow lanhosts restriction above this deny all restriction by using the arrow button in the last column of the proxy restrictions area. Finally click save on the page and then restart squid. In your domU configure it to use the proxy server at 192.168.7.1 with port 3128 and wow you have internet access on the domU.

***Note: I attempted to setup dhcp on the dummy interface and dhcp refused to start it kept whining about no subnet declaration for dummy0, though it did exist, Static IP fixed this, I also setup a simple forwarding/caching DNS server in dom0 which allowed me to set the DNS server tab to 192.168.7.1 in the static settings for my domU. ***