In theory – migrating from Xen to KVM under CentOS 5.3

I have a CentOS 5.3 (actually a CentOS 5.2 build upgraded in yum, but that’s not terribly important) x86_64 machine that is in fact a Xen hypervisor kernel with said CentOS 5.3 running as the dom0 (service VM), and currently four guest VMs also running CentOS 5.2 x86_64, upgraded to CentOS 5.3 with yum.  This was a kind of interesting project in itself, in that I used the Gitco repos in order to get Xen 3.3.1 on the CentOS build, and I had to do some hackery of the Xen and stock CentOS networking scripts to make things work.  The box doesn’t use Xen network scripts and xenbr0, because they broke pretty badly with bonded dual NICs.  It has a fairly standard Ethernet bond setup going, then a patched RH network script so bridges don’t init before the bond, a standard Linux bridge br0, which all my Xen vifs attach to, and a virbr0 which doesn’t have any physical NICs attached, but does have an IP address and dhcpd running against it, so I have a place to quickly fire up new VM guests without having to assign network addresses.

This complexity lead to a few problems, partly during installation, when I ended up temporarily having to go wiht a non-Xen kernel in order to update bits and ipeces and set up repos so I could go back to a Xen kernel, and when yum wanted to update to kernel-xen-2.6.18-128.1.10.el5 and like a trusting fool I let it, and promptly had no running VMs on the next reboot.  Hacking grub back to 2.6.18-128.1.6.el5xen seemed to sort it, and it never got changed from there.

Actually, to tell the trust, I also have another machine built a similar way, sans CentOS 5.3 upgrade.  This one was meant to potentially be a home to a windows machine, or most likely a Linux MCE installation running in  a non-PV guest.  That one didn’t get installed yet, and has been sitting under my desk for many a month, waiting for cabling.  Oops.

My guest DomUs are living in Xen virtual disks which are inside LVM logical volumes as far as the dom0 is concerned.  If I’d been smarter, I might have set up three LVs for each domU – one for /boot, one swap and one for /, so that I cold more easily manage them from not only the guest domU, but also the dom0 if the domU was offline for any reason.

The increased exposure KVM is getting in RHEL 5.4 is making me wonder if all this Xen tinkering is worth it.  My machine only runs Linux guests, and then only really for a bit of process separation security.  Given that the dom0 has to do a bit of service work for guest domUs anyway, and it seems that this involves a bit of context switching overhead, I don’t see that doing the hypervisor function in the kernel is going to be a problem for me, especially on that currently unused box, which is going to be a home all-in-one media, file/print, NATting, caching and bandwidth arbitrating machine.  As I was going to just accept doing all the networking for that (including the firewall/NAT/bandwidth and some VPN stuff) in the dom0 instead of making the Xen networking even more complicated with dual virtual NICs and a virtual firewall box, I guess just making all that work in plain old Linux and then loading up a kernel module when I want a media centre guest VM (yes, I know I could just be less lazy and make all the bits of Linux MCE work under CentOS natively, but starting a VM and installing an OS-up image for LMCE seems like a good thing) installing makes a bit of sense.

The currently unused machine isn’t so bad – as it currently has no VMs and didn’t get the 5.2/5.3/Gitco hybrid horror treatment, I could just strip Gitco repo, group uninstall Virtualisation (sorry Virtualization), and boot it as a regular Linux kernel, do the networkingy bits (and make better use of my rather rubbish 1.5Mb/s of patchy ADSL) and then worry about that media server when the time is right.  The dual-NIC networkign will be far easier – one outside one inside, attach a separate bridge to each and I could then attach VMs to the “public” or “private” bridges and the host OS will iptables them like any other hosts.  Great!

It’s that first server that is going to be ‘interesting’.  Fedora’s virt-v2v is a ways off yet, so I’ve got to think of smart ways of moving painlessly from Xen to KVM without losing services for long.  The current outline plan goes something like:

1. Install a plain old Linux kernel into each VM guest
2. Install a plain old Linux kernel into the current dom0
3. Make new LVM logical volumes for guest VMs – possibly three each for /boot, swap and /
4. Modify guest VM grub config to default the plain old Linux kernel
5. Shutdown guest VMs
6. Reboot dom0 as a plain old Linux kernel, albeit with KVM support loaded
7. Make any networking changes required
8. Create new KVM virtual machine images in the logival volumes
9. Stop the new KVM guests
10. Mount guests Xen virtual ‘disks’ (actually just some partitions I think, not full bootable disk images) on loopback in the dom0
11. dd the contents of the Xen partitions into the new LVM logical volumes, overwriting the guest images created at step 7
12. Start the KVM guests
13. Panic when it goes wrong (had to be step 13, didn’t it?)

I’m hoping that the fact I already do the networking outside of Xen, and just use standard Linux bridging on and the libvirt virbr0, will mean a slightly easier migration – all I have to do is get my instances booting off a standard kernel instead of a Xenified one, and inside a different virtual disk format.

I’ll still need my standard-breaking networking patch to enable bonds before bridges though.  Hopefully RH fix that one in RHEL 5.4 so CentOS picks it up in the next release.