Zen and the art of virtualization...with Xen

OK, so I've been playing around with Xen and virtualization, because I have these servers that I've built that are eventually going to go into a co-location facility. But Xen has been driving me crazy - if it's not one thing it's another. If it is relevant in helping others, I am running CentOS 5.2 as my Dom0 and my DomU's - I haven't been too adventurous yet. I am using the JailTime images for my DomU's. The server is a white box pair of AMD Opteron 8214's on an Asus KFN5-D SLI with a single SATA drive, no RAID.


Anyway, my latest struggle - and triumph - was with IPTables in my DomU's. While IPTables runs great in my Dom0, it would always crash in my DomU's with the following error:

FATAL: Module ip_tables not found. iptables v1.3.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.

Well, I'll admit I am rather new to Linux, and basically this message completely lost me. Some Googling provided the information that iptables must not be compiled into my kernel. I'm not too interested in recompiling my kernel, and all the info I could find wanted me to run a GUI program to select modules to compile into the kernel, but this is a server with no GUI, so GUI tools don't help me one bit...so I kept searching. Turns out these modules (like IPTables) can be either compiled into the kernel, or run separately as modules. Now we're a little closer. I can handle adding modules. The JailTime people took IPTables out of the Kernel, recommending that it be run on the Dom0 and not the DomU's.

modprobe iptable_filter

gave me a pretty revealing message - something about /lib/modules/2.6.18-92.10.eln5xen file or directory not found. Sure enough, there was no such directory. There was one for 2.6.18-92.1.el5 though. OK, so I thought I'd get smart and just rename it to what modprobe wanted. Nope, didn't work that way. I got a new error, but still no IPTables. So, I copied it, and viola, IPTables starts and runs happily. For future reference it appears that it must be IDENTICAL to the DomU's kernel as reported by #uname -r. If it isn't, I have no idea where you would find the /lib/modules directory that corresponds to your kernerl. Good luck with that!

Acorp Computers: Helping you get back to the business of your business!

Give us a chance to earn your business...What can we do for you? 

more info

learn more about
Acorp

view

services

an overview of
our services

view

schedule

contact us to schedule an appointment

view

© 2008 Acorp Computers, all right reserved.