21.8. FreeBSD as a Xen™-Host (2024)

Xen is a GPLv2-licensed type1 hypervisor for Intel® and ARM® architectures. FreeBSD has included i386™ and AMD®64-Bit DomU and AmazonEC2 unprivileged domain (virtual machine) support since FreeBSD8.0 and includes Dom0 control domain (host) support in FreeBSD11.0. Support for para-virtualized (PV) domains has been removed from FreeBSD11 in favor of hardware virtualized (HVM) domains, which provides better performance.

Xen™ is a bare-metal hypervisor, which means that it is the first program loaded after the BIOS. A special privileged guest called the Domain-0 (Dom0 for short) is then started. The Dom0 uses its special privileges to directly access the underlying physical hardware, making it a high-performance solution. It is able to access the disk controllers and network adapters directly. The Xen™ management tools to manage and control the Xen™ hypervisor are also used by the Dom0 to create, list, and destroy VMs. Dom0 provides virtual disks and networking for unprivileged domains, often called DomU. Xen™ Dom0 can be compared to the service console of other hypervisor solutions, while the DomU is where individual guest VMs are run.

Xen™ can migrate VMs between different Xen™ servers. When the two xen hosts share the same underlying storage, the migration can be done without having to shut the VM down first. Instead, the migration is performed live while the DomU is running and there is no need to restart it or plan a downtime. This is useful in maintenance scenarios or upgrade windows to ensure that the services provided by the DomU are still provided. Many more features of Xen™ are listed on the XenWiki Overview page. Note that not all features are supported on FreeBSD yet.

21.8.1.Hardware Requirements for Xen™ Dom0

To run the Xen™ hypervisor on a host, certain hardwarefunctionality is required. Hardware virtualized domainsrequire Extended Page Table (EPT)and Input/Output Memory Management Unit (IOMMU)support in the host processor.

Note:

In order to run a FreeBSD Xen™ Dom0 the box must be booted using legacy boot (BIOS).

21.8.2.Xen™ Dom0 Control Domain Setup

Users of FreeBSD11 should install theemulators/xen-kernel47 andsysutils/xen-tools47 packages that arebased on Xen version 4.7. Systems running on FreeBSD-12.0 ornewer can use Xen 4.11 provided byemulators/xen-kernel411 andsysutils/xen-tools411, respectively.

Tip:

Log files that Xen™ creates for the DomU VMs are stored in /var/log/xen. Please be sure to check the contents of that directory if experiencing issues.

Activate the xencommons service during system startup:

# sysrc xencommons_enable=yes

These settings are enough to start a Dom0-enabled system. However, it lacks network functionality for the DomU machines. To fix that, define a bridged interface with the main NIC of the system which the DomU VMs can use to connect to the network. Replace em0 with the host network interface name.

# sysrc cloned_interfaces="bridge0"# sysrc ifconfig_bridge0="addm em0 SYNCDHCP"# sysrc ifconfig_em0="up"

Restart the host to load the Xen™ kernel and start the Dom0.

# reboot

After successfully booting the Xen™ kernel and logging into the system again, the Xen™ management tool xl is used to show information about the domains.

# xl listName ID Mem VCPUs State Time(s)Domain-0 0 8192 4 r----- 962.0

The output confirms that the Dom0 (called Domain-0) has the ID 0 and is running. It also has the memory and virtual CPUs that were defined in /boot/loader.conf earlier. More information can be found in the Xen™ Documentation. DomU guest VMs can now be created.

21.8.3.Xen™ DomU Guest VM Configuration

See Also

UnPHP - PHP Decode of ELF

Unprivileged domains consist of a configuration file and virtual or physical hard disks. Virtual disk storage for the DomU can be files created by truncate(1) or ZFS volumes as described in Section19.4.2, “Creating and Destroying Volumes”. In this example, a 20GB volume is used. A VM is created with the ZFS volume, a FreeBSD ISO image, 1GB of RAM and two virtual CPUs. The ISO installation file is retrieved with fetch(1) and saved locally in a file called freebsd.iso.

# fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/12.0/FreeBSD-12.0-RELEASE-amd64-bootonly.iso -o freebsd.iso

A ZFS volume of 20GB calledxendisk0 is created to serve as the diskspace for the VM.

# zfs create -V20G -o volmode=dev zroot/xendisk0

The new DomU guest VM is defined in a file. Some specificdefinitions like name, keymap, and VNC connection details arealso defined. The following freebsd.cfgcontains a minimum DomU configuration for this example:

# cat freebsd.cfgbuilder = "hvm" name = "freebsd" memory = 1024 vcpus = 2 vif = [ 'mac=00:16:3E:74:34:32,bridge=bridge0' ] disk = ['/dev/zvol/tank/xendisk0,raw,hda,rw', '/root/freebsd.iso,raw,hdc:cdrom,r'  ]vnc = 1 vnclisten = "0.0.0.0"serial = "pty"usbdevice = "tablet"

These lines are explained in more detail:

	This defines what kind of virtualization to use. `hvm` refers to hardware-assisted virtualization or hardware virtual machine. Guest operating systems can run unmodified on CPUs with virtualization extensions, providing nearly the same performance as running on physical hardware. `generic` is the default value and creates a PV domain.
	Name of this virtual machine to distinguish it from others running on the same Dom0. Required.
	Quantity of RAM in megabytes to make available to the VM. This amount is subtracted from the hypervisor's total available memory, not the memory of the Dom0.
	Number of virtual CPUs available to the guest VM. For best performance, do not create guests with more virtual CPUs than the number of physical CPUs on the host.
	Virtual network adapter. This is the bridge connected to the network interface of the host. The `mac` parameter is the MAC address set on the virtual network interface. This parameter is optional, if no MAC is provided Xen™ will generate a random one.
	Full path to the disk, file, or ZFS volume of the disk storage for this VM. Options and multiple disk definitions are separated by commas.
	Defines the Boot medium from which the initial operating system is installed. In this example, it is the ISO imaged downloaded earlier. Consult the Xen™ documentation for other kinds of devices and options to set.
	Options controlling VNC connectivity to the serial console of the DomU. In order, these are: active VNC support, define IP address on which to listen, device node for the serial console, and the input method for precise positioning of the mouse and other input methods. `keymap` defines which keymap to use, and is `english` by default.

After the file has been created with all the necessaryoptions, the DomU is created by passing it to xl create as a parameter.

# xl create freebsd.cfg

Note:

Each time the Dom0 is restarted, the configuration file must be passed to xl create again to re-create the DomU. By default, only the Dom0 is created after a reboot, not the individual VMs. The VMs can continue where they left off as they stored the operating system on the virtual disk. The virtual machine configuration can change over time (for example, when adding more memory). The virtual machine configuration files must be properly backed up and kept available to be able to re-create the guest VM when needed.

The output of xl list confirms that theDomU has been created.

# xl listName ID Mem VCPUs State Time(s)Domain-0 0 8192 4 r----- 1653.4freebsd 1 1024 1 -b---- 663.9

To begin the installation of the base operating system,start the VNC client, directing it to the main network addressof the host or to the IP address defined on thevnclisten line offreebsd.cfg. After the operating systemhas been installed, shut down the DomU and disconnect the VNCviewer. Edit freebsd.cfg, removing theline with the cdrom definition orcommenting it out by inserting a #character at the beginning of the line. To load this newconfiguration, it is necessary to remove the old DomU withxl destroy, passing either the name or theid as the parameter. Afterwards, recreate it using themodified freebsd.cfg.

# xl destroy freebsd# xl create freebsd.cfg

The machine can then be accessed again using the VNCviewer. This time, it will boot from the virtual disk wherethe operating system has been installed and can be used as avirtual machine.

21.8.4.Troubleshooting

This section contains basic information in order to helptroubleshoot issues found when using FreeBSD as a Xen™ host orguest.

21.8.4.1.Host Boot Troubleshooting

Please note that the following troubleshooting tips are intended for Xen™ 4.11 or newer. If you are still using Xen™ 4.7 and having issues consider migrating to a newer version of Xen™.

In order to troubleshoot host boot issues you will likely need a serial cable, or a debug USB cable. Verbose Xen™ boot output can be obtained by adding options to the xen_cmdline option found in loader.conf. A couple of relevant debug options are:

iommu=debug: can be used to print additional diagnostic information about the iommu.
dom0=verbose: can be used to print additional diagnostic information about the dom0 build process.
sync_console: flag to force synchronous console output. Useful for debugging to avoid losing messages due to rate limiting. Never use this option in production environments since it can allow malicious guests to perform DoS attacks against Xen™ using the console.

FreeBSD should also be booted in verbose mode in order to identify any issues. To activate verbose booting, run this command:

# sysrc -f /boot/loader.conf boot_verbose="YES"

If none of these options help solving the problem, please send the serial boot log to <freebsd-xen@FreeBSD.org> and <xen-devel@lists.xenproject.org> for further analysis.

21.8.4.2.Guest Creation Troubleshooting

Issues can also arise when creating guests, the following attempts to provide some help for those trying to diagnose guest creation issues.

The most common cause of guest creation failures is the xl command spitting some error and exiting with a return code different than 0. If the error provided is not enough to help identify the issue, more verbose output can also be obtained from xl by using the v option repeatedly.

# xl -vvv create freebsd.cfgParsing config from freebsd.cfglibxl: debug: libxl_create.c:1693:do_domain_create: Domain 0:ao 0x800d750a0: create: how=0x0 callback=0x0 poller=0x800d6f0f0libxl: debug: libxl_device.c:397:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=unknownlibxl: debug: libxl_device.c:432:libxl__device_disk_set_backend: Disk vdev=xvda, using backend phylibxl: debug: libxl_create.c:1018:initiate_domain_create: Domain 1:running bootloaderlibxl: debug: libxl_bootloader.c:328:libxl__bootloader_run: Domain 1:not a PV/PVH domain, skipping bootloaderlibxl: debug: libxl_event.c:689:libxl__ev_xswatch_deregister: watch w=0x800d96b98: deregister unregistereddomainbuilder: detail: xc_dom_allocate: cmdline="", features=""domainbuilder: detail: xc_dom_kernel_file: filename="/usr/local/lib/xen/boot/hvmloader"domainbuilder: detail: xc_dom_malloc_filemap : 326 kBlibxl: debug: libxl_dom.c:988:libxl__load_hvm_firmware_module: Loading BIOS: /usr/local/share/seabios/bios.bin...

If the verbose output does not help diagnose the issue there are also QEMU and Xen™ toolstack logs in /var/log/xen. Note that the name of the domain is appended to the log name, so if the domain is named freebsd you should find a /var/log/xen/xl-freebsd.log and likely a /var/log/xen/qemu-dm-freebsd.log. Both log files can contain useful information for debugging. If none of this helps solve the issue, please send the description of the issue you are facing and as much information as possible to <freebsd-xen@FreeBSD.org> and <xen-devel@lists.xenproject.org> in order to get help.