Xen Hypervisor Dom0 and DomU Support

Xen is a GPLv2-license hypervisor for the Intel architecture

FreeBSD 8.0 onward includes i386 and amd64 DomU and Amazon EC2 unprivileged domain (virtual machine) support.

FreeBSD 11.0 onward includes Xen Dom0 privileged domain (host) support.

Information below is DEPRECATED, please use the FreeBSD Handbook.

FreeBSD Dom0 Control Domain Support

Hardware Requirements

Hardware virtualized domains require Extended Page Table (EPT) and Input/Output Memory Management Unit (IOMMU) processor features to operate.

NB! FreeBSD Xen cannot be loaded with UEFI at this time

Dom0 Control Domain Installation

The 'xen-kernel' and 'xen-tools' packages provide the Xen Dom0 kernel and support utilities. The following example will assume VNC output for unprivileged domains which will be accessed from a another system using a tool such as net/tightvnc.

Xen Dom0 Package Installation

pkg install -y xen-kernel xen-tools

Follow the instructions provided at the end of the package which modifies: 

/etc/sysctl.conf
/etc/ttys
/boot/loader.conf

In addition to these instructions, Xen also requires: 

/etc/rc.conf

cloned_interfaces="bridge0"
ifconfig_bridge0="addm <primary network interface i.e. igb0> up"

Reboot the host to boot to the Xen kernel.

You should see the Xen kernel output followed the FreeBSD kernel output. The FreeBSD control domain system will behave in the established manner and note the dom0_mem and dom0_max_vcpus options in /boot/loader.conf, particularly on root-on-ZFS systems with ZFS ARC read caching.

Unprivileged Domain Configuration

Unprivileged Domains consist of a configuration file and logical or physical optical and hard disks. For this example we will assume a ISO optical disk file freebsd.iso and a hard disk file created with truncate -s 20G freebsd.img.

An example FreeBSD DomU configuration file freebsd.cfg with 2048M RAM and two virtual CPUs without networking: 

type = "hvm"
memory = 2048
vcpus = 2
vif = [ 'bridge=bridge0' ]
name = "FreeBSD"
disk = [ '/root/freebsd.img,raw,hda,w',
         '/root/freebsd.iso,raw,hdc:cdrom,r' ]
# boot = "c" # Boot to hard disk image
boot = "d" # Boot to ISO image
vnc = 1
vnclisten = 0.0.0.0
vncdisplay=1 # VNC Port 5900
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'

To boot this DomU with -vvvv level of verbose logging: 

# xl -vvvv create freebsd.cfg

# xl list
Name                        ID   Mem VCPUs      State   Time(s)
Domain-0                     0  2047     4     r-----     660.6
FreeBSD                      1  2048     2     r-----       3.5

To connect to this DomU using net/tightvnc on the host: 

# vncviewer 0.0.0.0

The DomU should reboot and shutdown properly but to manually destroy it: 

# xl destroy FreeBSD

An example Windows DomU configuration file windows.cfg with 4096M RAM and a two virtual CPUs without networking: 

type = "hvm"
memory = 4096
vcpus = 2
name = "Windows"
disk = [ '/root/windows.img,raw,hda,w',
         '/root/windows.iso,raw,hdc:cdrom,r' ]
# boot = "c" # Boot to hard disk image
boot = "d" # Boot to ISO image
vnc = 1
vnclisten = 0.0.0.0
vncdisplay=1 # VNC Port 5901
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'
acpi = 1

The network interface will appear as xn0 and note that the tap and bridge devices must be present or the DomU will not boot.

Serial Configuration

The additional configuration option serial='pty' should allow for attachment to the DomU serial console with xl create -c <DomU>.cfg. Be sure that your DomU is configured for serial console output. For a FreeBSD DomU add the following to /boot/loader.conf: 

boot_serial="YES"
comconsole_speed="115200"
console="comconsole"

Also run:

printf "%s" "-h -S115200" /boot.config

Once connected, CTRL-] will disconnect from the DomU console.

Live migration, save and restore

The version of Xen available in the ports tree supports live migration, save and restore of live guests. Keep in mind that in order to use live migration your virtual disk must be shared between the different Xen Dom0s (NFS, iSCSI...), and it must reside in the same path on the Dom0 filesystem. The usage is the following: 

# xl migrate <vm name> <destination host>

The default transport used by xl is ssh, check the man page (xl(1)) for other options.

With save and restore you can take a snapshot of the current guest state and save it to disk as a regular file, including memory and device state. This allows you to restore a guest to a specific state without having to boot it again: 

# xl save <vm name> <file>

Then in order to restore the guest: 

# xl restore <file>

You can also take a snapshot of the disk in order to be able to do a complete checkpoint of a guest state.

Known Limitations

Miscellaneous

Error creating domain 0 on boot indicates that VT-x extensions are unavailable or disabled in BIOS.

If your DomU "FreeBSD" does not boot, check the log in /var/log/xen/qemu-dm-FreeBSD.log

ZFS zvol-backed DomU virtual machines are supported with: 

disk = ['/dev/zvol/zroot/freebsd,raw,hda,rw']
disk = ['phy:/dev/zvol/zroot/linux,xvda,w']

Some DomU virtual machines such as OpenBSD may support only one virtual CPU.

If your VNC display freezes or does not scale during the various DomU boot stages, try reconnecting.

DomU configuration files are not re-read on reboot.

The freebsd-virtualization mailing list and official Xen project resources may be helpful but at this stage you may be the first person to try your given configuration.

The established Xen documentation is generally applicable to FreeBSD.

More Dom0 development information can be found at: https://wiki.xen.org/wiki/FreeBSD_Dom0

More Amazon EC2 unprivileged domain information can be found at: http://www.daemonology.net/freebsd-on-ec2/

Tested DomU Operating Systems

Any guest operating system supported by Xen on other platforms should be supported on FreeBSD.

/!\ This page replaces some, if not all of the other Xen pages on this wiki

CategoryVirtualization CategoryStale

Xen (last edited 2024-10-21T07:35:29+0000 by RogerPau)