[CentOS-virt] xen setup documentation for centos?

Mon Jun 2 00:45:20 UTC 2014
lee <lee at yun.yagibdah.de>

Hi,

what is the proposed way to create domU guests on centos 6.5?  At first
I tried to follow the documentation on the xen project website which
recommends using xl.  I created a config file and ended up with getting
a message that the kernel is not bootable when trying to create a guest.
I also had to stop some daemon (xend?) because it said that xl isn`t
compatible with it and the daemon must be stopped first.

Then I followed redhat documentation which suggests to use virt-manager
--- which doesn`t work because servers don`t have GUIs.  So I finally
managed to create a guest with virt-install.  I can start and stop the
guest (which is also running centos), though I don`t think this is the
right way to create one.

So how exactly are you supposed to create guests?


Now I can`t get the networking to work.  I`ve been reading lots of
documentation and still don`t understand how that is supposed to work.
As far as I understand, you get three different network interfaces:


dom0: a bridge (virbr0)
dom0: a virtual network interface (vifN.X)
domU: a virtual network interface which doesn`t appear to be virtual to
      domU


And dom0 keeps it`s own network interface(s), like eth0, which is a
physical one.

Is vifN.X the same as eth0 in domU?  Or what is it for?  If it`s the
same, is it supposed to have the same IP on both sides?

How do I make it so that domU has network access (beyond dom0)?  How
does this network stuff work?  Do the virtual devices have to be in
different subnets?  When they are not, the network becomes reachable via
multiple interfaces, and I`m guessing that either packet loops may be
created or some paths might be disabled by STP.

Do I have to set up shorewall (or the like) on dom0 to be able to handle
network access for guests?  Would I need to create a bridge for every
guest to be able to handle them separately for firewalling purposes
because otherwise packets circumvent firewall rules by directly going
over the bridge?  If so, why are bridges needed?

I would understand doing things like adding those guests that are
visible to the LAN only to the same bridge to have them all reachable
likewise.  When doing that, it would seem to make sense to use a
different subnet for guests in the DMZ.

All the documentation tells you many different things, none of them work
and it`s totally confusing.  Is there any /good/ documentation
somewhere?


-- 
Knowledge is volatile and fluid.  Software is power.