Xen from Backports on Debian Sarge

Posted by Aike on Fri 21 Jul 2006 at 15:38

Tags: , ,

There is a great howto about installing Xen on Debian Unstable. It is really easy to do and it runs fine. Nevertheless, on production servers, that's not an optimal solution. Debian Unstable has too many updates and things change too often. On production machines, a Xen host system should be stable, secure and should not need much attention. That is where Sarge comes in. If you pull the Xen packages from backports and install them on Debian stable you've got the best of both worlds. Let's do so!

Before you start with this howto, you need to find yourself some hardware and install Sarge the way you like it. I used a Sun Fire X2100 with 4GB of ram and 2 SATA disks in software raid1.

Add backports to your apt sources and set the right preferences.

# vi /etc/apt/sources.list
deb http://www.backports.org/debian/ sarge-backports main

If /etc/apt/preferences does not exist, create it.

# vi /etc/apt/preferences
Package: *
Pin: release a=sarge-backports
Pin-Priority: 200

Package: xen-3.0
Pin: release a=sarge-backports
Pin-Priority: 999

Package: linux-2.6
Pin: release a=sarge-backports
Pin-Priority: 999

Package: xen-tools
Pin: release a=sarge-backports
Pin-Priority: 999

Package: udev
Pin: release a=sarge-backports
Pin-Priority: 999

Package: lsb
Pin: release a=sarge-backports
Pin-Priority: 999

Package: module-init-tools
Pin: release a=sarge-backports
Pin-Priority: 999

Package: grub
Pin: release a=sarge-backports
Pin-Priority: 999

Now update your sources:

# apt-get update && apt-get dist-upgrade

If that works, you're ready to start installing packages. If it doesn't, there is more information about backports on their website: http://www.backports.org.

Since there are some dependency problems with grub and mdadm we pull them, and some other packages, from backports.

# apt-get install grub/sarge-backports
# apt-get install makedev/sarge-backports
# apt-get install lsb-base/sarge-backports
# apt-get install mdadm/sarge-backports

The next things to install are the Xen-hypervisor and the xen-utils.

# apt-get install xen-hypervisor-3.0-i386 xen-utils-3.0

Pick the right kernel. A 686 for P4 and Xeon machines and K7 for Athlon and Opteron machines.

# apt-get install linux-image-2.6.16-2-xen-686

Remove hotplug because we're changing to udev!

# dpkg --purge hotplug
# apt-get install bridge-utils xen-tools/sarge-backports sysfsutils
# mv /lib/tls/ /lib/tls.disabled

You need a new initrd. mkinitramfs can do that trick for you.

# cd /boot
# mkinitramfs -o /boot/initrd.img-2.6.16-2-xen-686 2.6.16-2-xen-686

For this machine, we need a k7 kernel:

# apt-get install linux-image-2.6.16-2-xen-k7
# cd /boot
# mkinitramfs -o /boot/initrd.img-2.6.16-2-xen-k7 2.6.16-2-xen-k7

We need to setup our bootloader to use the new Xen kernel. Add something like the following to your /boot/grub/menu.lst file:

# vi /boot/grub/menu.lst
title Xen 3.0 / XenLinux 2.6-686
kernel /boot/xen-3.0-i386.gz
module /boot/vmlinuz-2.6.16-2-xen-686 root=/dev/md0 ro
module /boot/initrd.img-2.6.16-2-xen-686

or the with k7 if you have an Athlon or Opteron machine:

title Xen 3.0 / XenLinux 2.6-k7
kernel /boot/xen-3.0-i386.gz
module /boot/vmlinuz-2.6.16-2-xen-k7 root=/dev/md0 ro
module /boot/initrd.img-2.6.16-2-xen-k7

The xen daemon needs some tweaks, open the config file and make sure that you enable (network-script network-bridge) (line 73), (vif-script vif-bridge) (line 104).

# vi /etc/xen/xend-config.sxp

Restart the Xen daemon to check if the new settings are accepted:

# invoke-rc.d xend restart

# reboot

In most cases the bridge will work after a reboot, but it's easy to check. Peth0 and vif0.0 should be in the interfaces list. Peth0 is the physical network device and vif0.0

# brctl show

You are ready to setup and start your xens! Setting up xens has been covered many times all over the net. The easiest way is probably to use the xen-tools created by Steve. Although they are pretty straightforward, there is some documentation on how to use them at the end of this article: http://www.debian-administration.org/articles/396

There are a few things you need to pay attention to when setting up xens. The first is to copy the modules to the xen guest. For instance, you could mount your first xen on /mnt/xen1 and copy the modules:

# cp -a /lib/modules/2.6.16-2-xen-k7/ /mnt/xen1/lib/modules/

The config file is the second thing. The ramdisk option is turned off by default but required to start a xen! For example:

# vi /etc/xen/xen1.cfg
kernel = '/boot/vmlinuz-2.6.16-2-xen-k7'
memory = 128
name = 'xen1'
disk = [ 'phy:/dev/mapper/xens-xen1,sda1,w' ]
root = "/dev/sda1 ro"
extra = '4'
ramdisk = "/boot/initrd.img-2.6.16-2-xen-k7"
vif = [ 'vifname=vif_xen1,bridge=xenbr0' ]

If you need to upgrade the Xen kernel, don't forget to update the configuration files for the guests, the initrds and the modules on the Xen guests!

There is a copy of this howto on my company's website: http://www.virtualconcepts.nl/xenbackports.php

Good luck!



Posted by Anonymous (207.194.xx.xx) on Sat 22 Jul 2006 at 00:54

I was trying to get this working on my new AMD64 systems, and was having trouble getting a usable initrd.

You're instructions had the missing link.

[ Parent | Reply to this comment ]

Posted by KermitTheFragger (217.149.xx.xx) on Mon 24 Jul 2006 at 09:09
Great Tutorial!

Debian sid is indeed quite unstable for a production box. An other option is to use debian etch (Testing) packages on sarge with pinning (/apt/preferences).

[ Parent | Reply to this comment ]

Posted by supersonic (85.130.xx.xx) on Mon 24 Jul 2006 at 09:57

a small correction: the entry about "Package: xen-3.0" appears twice.

And a question:

Shouldn't these entries also contain the names of the binary packages, like "Package: xen-hypervisor-3.0-i386"?

[ Parent | Reply to this comment ]

Posted by Aike (86.82.xx.xx) on Mon 24 Jul 2006 at 11:02
You are right. The xen-3.0 package is listed twice. But it covers both xen-hypervisor-3.0-i386 and xen-utils-3.0 so you don't have to list every individual package in /etc/apt/preferences.

[ Parent | Reply to this comment ]

Posted by Anonymous (80.143.xx.xx) on Tue 1 Aug 2006 at 22:38
Instead of editing /etc/apt/preferences, you could install everything using apt-get -t sarge-backports $package. This way, dependent packages from backports.org will automatically be installed right along and updates from backports.org will also be included in your system.

[ Parent | Reply to this comment ]

Posted by El_Cubano (66.93.xx.xx) on Sat 12 Aug 2006 at 03:02
I am trying to follow this howto, but having the earlier unofficial packages is making it more difficult. Either way, good HOWTO, but you left out that it is necessary to install initramfs-tools.

Roberto C. Sanchez

[ Parent | Reply to this comment ]

Posted by itsec (85.177.xx.xx) on Thu 17 Aug 2006 at 09:11
[ View Weblogs ]
Excellent article.

It worked from scratch.
Only exception was that the kernel did not boot up as my version of grub expects all images in / instead of /boot.

I simply changed the /boot/grub/menu.lst entry to:

title Xen 3.0 / XenLinux 2.6-686
root (hd0,0)
kernel /xen-3.0-i386.gz
module /vmlinuz-2.6.16-2-xen-686 root=/dev/hda3 ro
module /initrd.img-2.6.16-2-xen-686

And that was it. Thanks all for your good work!



[ Parent | Reply to this comment ]

Posted by itsec (85.177.xx.xx) on Thu 17 Aug 2006 at 11:21
[ View Weblogs ]
found this also: from http://www.debian-administration.org/articles/396#comment_19
> I'd guess that you have a seperate /boot partition?
> If so the images are relative to that - so the leading
> /boot isn't needed.

> If you have a single root, like I do, then you need it.

[ Parent | Reply to this comment ]

Posted by Anonymous (213.244.xx.xx) on Tue 5 Sep 2006 at 16:33
It worked from scratch?
Funy! It shouldn't work, according to article #435. Or I missed something?
Actualy, it didn't work for me until I used vmlinuz-2.6.16-1-xen-686 instead of vmlinuz-2.6.16-2-xen-686.


[ Parent | Reply to this comment ]

Posted by itsec (85.177.xx.xx) on Tue 5 Sep 2006 at 16:41
[ View Weblogs ]

it worked from scratch:

xen01:~# ls -als /boot/vmlinuz-2.6.16-2-xen-686
1175 -rw-r--r-- 1 root root 1196230 Jul 16 10:16 /boot/vmlinuz-2.6.16-2-xen-686

I since run 5 domU_s parallel on that machine.


[ Parent | Reply to this comment ]

Posted by Steve (62.30.xx.xx) on Wed 6 Sep 2006 at 14:19
[ View Steve's Scratchpad | View Weblogs ]

I'd be curious to see the output of "uname -a" on that machine, since I've not managed to get any of the -2- revisions of the packages working.


[ Parent | Reply to this comment ]

Posted by Anonymous (85.177.xx.xx) on Wed 6 Sep 2006 at 14:24
xen01:~# uname -a
Linux xen01 2.6.16-2-xen-686 #1 SMP Sun Jul 16 05:56:53 UTC 2006 i686 GNU/Linux

[ Parent | Reply to this comment ]

Posted by Steve (62.30.xx.xx) on Wed 6 Sep 2006 at 14:28
[ View Steve's Scratchpad | View Weblogs ]

Very strange - my version of xen just dies with that revision of the kernel.


[ Parent | Reply to this comment ]

Posted by itsec (85.177.xx.xx) on Wed 6 Sep 2006 at 14:42
[ View Weblogs ]
As I said,
I followed strictly the article except for the boot partition.


[ Parent | Reply to this comment ]

Posted by olohoyo (62.147.xx.xx) on Fri 8 Sep 2006 at 20:32
Actualy, mine just hang during the boot process. Maybe there's something to do with a piece of hardware?
My conclusion is "if it doesn't work from scratch, try the -1- kernel."


[ Parent | Reply to this comment ]

Posted by walter77 (62.178.xx.xx) on Fri 8 Sep 2006 at 21:52
First the package linux-image-2.6.16-2-xen-686 worked fine on my server with a single Xeon Processor. I installed the system in August. Then in September I did an 'apt-get update' 'apt-get upgrade' and saw that the system wanted to install the kernel packet linux-image-2.6.16-2-xen-686 again. I was wondering why there was a new packet without a change in the release number. Nevertheless I decided to install it, because I thought there may be some security fixes. But I endet up in a kernel that immediately crashed after rebooting. The old kernel was lost, because it was overwritten by the new one. I reinstalled the kernel, modules and create a new initrd but nothing changed. The only solution was to downgrade to version linux-image-2.6.16-1-xen-686. Now the Host uses the kernel 1-xen-686 and my five Xen guests use the kernel 2-xen-686.
I seems that the September packet linux-image-2.6.16-2-xen-686 from backports differs from the August packet linux-image-2.6.16-2-xen-686.
On a different machine I installed Sarge from the Scratch and tried to get linux-image-2.6.16-2-xen-686 from backports to work. But again the kernel crashes. The same was true for a fresh Etch installation with linux-image-2.6.16-2-xen-686.
I am sure the kernel linux-image-2.6.16-2-xen-686 works on some hardware configurations but not on mine any more. I tried it on a PC with a P4 Processor and on a HP Proliant DL 380 with a single Xeon 3.0Gz Prozessor. Through the ILO Port of the server I could capture some output before the system crashes. The kernel initializes two CPUs when there is actually only one CPU mounted the it crashes. I am not shure how many cores the Xeon 3.0 Gz has. But I think only one. This could be the reason why the system crashes.

[ Parent | Reply to this comment ]

Posted by sebas (82.171.xx.xx) on Thu 5 Oct 2006 at 19:11
[ View Weblogs ]
Unfortunately the backports-kernel is broken with the newer Xen backports kernel (2.6.16-2). I contacted the Debian-Xen mailing list. The outcome was very disappointing, and it seems it stays broken and will not get fixed in the near future. Since we are running production machines, we are back to the old kernel 2.6.16-1. Thanks to the useful article of Steve: http://www.debian-administration.org/articles/435
# vi /etc/apt/sources.list
deb http://snapshot.debian.net/archive pool linux-2.6
deb-src http://snapshot.debian.net/archive pool linux-2.6

# apt-get update

# apt-get install linux-headers-2.6.16-1-xen linux-image-2.6.16-1-xen-k7 linux-modules-2.6.16-1-xen-k7

[ Parent | Reply to this comment ]

Posted by itsec (85.177.xx.xx) on Fri 13 Oct 2006 at 19:11
[ View Weblogs ]
Hi Steve,

just installed on another machine and got the same problem as everybody else here now: It just crashed. Seems they updated the software without changing the version number. Seems xen needs to be more community driven to have a chance to stay professional enough.

[ Parent | Reply to this comment ]

Posted by Anonymous (83.213.xx.xx) on Sun 20 Aug 2006 at 16:49
Hello, I made a spanish translation of this howto, it is in my new blog http://www.pastelero.net. If you have any problem with this please tell me.


[ Parent | Reply to this comment ]

Posted by Aike (217.76.xx.xx) on Sun 20 Aug 2006 at 18:13
That's awesome! Thank you.

[ Parent | Reply to this comment ]

Posted by Anonymous (134.102.xx.xx) on Wed 6 Sep 2006 at 22:35
After failing with xen binaries on ubuntu dapper (no windows installable because hvmloader is not installed with the binaries) and the debian packages in unstable (bridge not coming up in dom0), this really worked. Now XP is running nicely on my brandnew AM2 mobo with Athlon X2 3800+.

I did have a problem with udev from backports. It failed to set up, until I created /dev/pts by mkdir /dev/pts. Not hard, since the package complained that /dev/pts was not there, but it took me a while to figure it out!

For me, this is the definitive way to run xen at the moment (Debian packages in etch and sid are broken according to someone on xen-devel). It took me three days to get here, trying the other approaches...

Now happy,


[ Parent | Reply to this comment ]

Posted by Anonymous (137.208.xx.xx) on Mon 18 Sep 2006 at 23:09
I have a P4 3Ghz HT.
One with a 3ware Raid where Xen runs without problems.

On a similar maschine without the 3ware Raid Controller. (normal SATA)
Debian runs but not with the Xen Kernel.

Xen dom0 is not starting.....

My system restarts all 5 seconds.
There seems to be a problem when Xend starts.

I found comments on other websides about the problem.
It seems to help when you recompile the kernel.

The Problem is, i have never done this before.

Has somebody an idea?

[ Parent | Reply to this comment ]

Posted by Bud (222.165.xx.xx) on Wed 27 Sep 2006 at 10:21
Same thing happened on my 3GHz P4 HT machine. I ended up using

apt-get install xen-linux-system-2.6.17-2-xen-686

which installed xen-hypervisor-3.0-unstable-1-i386 and that seemed to work.

[ Parent | Reply to this comment ]

Posted by itsec (85.177.xx.xx) on Fri 13 Oct 2006 at 18:18
[ View Weblogs ]
Seems we need to use mkinitrd now instead of mkinitramfs as this seems to be no longer available.

[ Parent | Reply to this comment ]

Posted by Anonymous (193.171.xx.xx) on Mon 4 Dec 2006 at 22:19

I wanted to know if the xen-kernel has the driver for Realtek 8169 gigabit ethernet support.

It worked realy nice until I have noticed there was no xenbr0. So I changed in /etc/xen/xend-config.sxp

(network-script network-bridge)
(vif-script vif-bridge)

After this I restartet xend and boom I have lost the connection to my server. On my testmachine all was going well. But the big problem is, that no kernel on my server is going to boot well. And yes I used the "old" xen-kernel.

Hope somebody can help me.

[ Parent | Reply to this comment ]

Posted by JimL (65.13.xx.xx) on Sat 30 Dec 2006 at 16:32
Things must have changed. udev isn't available on backports or sarge.

apt-get install lsb-base/sarge-backport
Reading Package Lists... Done
Building Dependency Tree... Done
E: Release 'sarge-backport' for 'lsb-base' was not found

mkinitramfs doesnt' seem to be anywhere, except on unstable.

It's a well written page, too bad we can't use it.


[ Parent | Reply to this comment ]

Posted by JimL (65.13.xx.xx) on Sat 30 Dec 2006 at 17:55
Please ignore the previous statement. I seemed to have lost the ability to press the "s" key. It's backports not backport. What's really embarrassing is that I got it right a couple of times before I lost my mind.


[ Parent | Reply to this comment ]

Posted by ptomblin (69.207.xx.xx) on Sat 6 Jan 2007 at 19:24
It's not working for me. I followed the instructions except I didn't want a raid, so I ignored the bit about the mdadm. I have an older Athlon processor, an XP 1900+. I followed the k7 options in your how-to. But when it boots up it gets a kernel panic. Unfortunately I can't scroll back and it reboots very quickly, so all I see is something about "guest stack trace".

Is the k7 kernel only for the newer Athlons that have the 64 bit extensions? Is there something else I can use?

[ Parent | Reply to this comment ]

Posted by Grugs (85.82.xx.xx) on Sun 4 Mar 2007 at 17:40


On my Dell Inspiron 6400 with 2GB RAM and Intel Core 2 Duo, I've installed first Debian etch amd64, and now Xen.

Given that there is now a xen-linux-system-2.6.18-4-xen package in etch's repositories, I installed that and also the xenman package and the bridge-utils package.

When I then rebooted (without my adding anything to the /boot/grup/menu.lst file) the top-most item on what I'll call the GRUB screen was

Xen 3.0.3-1-amd64 / Debian GNU/Linux, kernel 2.6.18-4-xen-amd64

Booting with that, all went well - except that I have no internet connection! And the ifconfig -a command reveals that anyway my eth0 is gone!

This is true after rebooting the machine with or without (network-script network-bridge) in the /etc/xen/xend-config.sxp file. (The (vif-script vif-bridge) line was already not commented out so I've left it so.)

Also worrying: the response from the brctl show command looks incomplete (ie, there's nothing in the interfaces column).

bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.000000000000       no

Is that what it should be? If so, shouldn't I anyway still have an internet connection when running xen? (If not, how can I, for example, keep my packages up-to-date on my dom0?)

Thanks for any answers.

[ Parent | Reply to this comment ]

Sign In







Current Poll

Will you stick to systemd as the default in Debian?

( 895 votes ~ 35 comments )