Tip

Lguest: a Linux virtualization alternative


Much of the discussion within the open source community about Linux virtualization has revolved around the hypervisor, Xen. A hypervisor is a virtual machine monitor that allows you to run guest operating systems on top of your host. In simple terms this means that you can run a Windows virtual machine or NetBSD virtual machine on top of a Red Hat, Debian, or other Linux platform. But, the kernel mainline has been slow to adopt Xen (torturously slow) and the main Xen patches were only merged in the as yet unreleased 2.6.23 kernel.

Recently, two new hypervisors, lguest and KVM, were introduced to the Linux kernel community. Both projects are in their infancy compared to Xen and occupy a small niche in the virtualization space. But rapid development is underway in both projects and this could mean some interesting diversification and developments in Linux virtualization. In this tip we'll take a closer look at lguest and see how it works.

What is lguest?

The lguest project, developed by Rusty Russell of iptables fame, is a simple virtualization project. It allows the full virtualization of guest kernels. Currently only the Linux kernel itself is supported as a guest, on stock x86 hardware. Support for 64-bit and SMP is also planned. Like Xen, lguest will debut in the mainline kernel in release 2.6.23.

At about 5000 lines of code, lguest is very compact but feature-poor when compared

    Requires Free Membership to View

to Xen. Indeed, it is unlikely that lguest will ever rival the full feature set of Xen (or even KVM). But the upside of lguest could be its ease of use. When you want to add a new guest, just modprobe a kernel module. It also does not require any special hardware support to provide its full virtualization support.

At present lguest is a little awkward to use and not yet production-ready. You can currently only guest Linux kernels with lguest support (so only 2.6.23+ kernels) and there are no fancy user-space tools to manage guests, let alone GUI-based management consoles.

Launching lguest

Now, let's get lguest up and running. This assumes you understand how to re-compile your own kernel (thus I recommend you do this in a test environment rather than on a production system.)

First, download the latest kernel source, which at the time of writing was 2.6.23-rc3. Then compile your kernel.

  $ tar -zxf linux-2.6.23-rc3.tar.gz $ cd linux-2.6.23-rc3 $ make mrproper $ make menuconfig


You will need to ensure you set the following options:

  CONFIG_HIGHMEM64G=n ("High Memory Support" "64GB") CONFIG_TUN=m ("Universal TUN/TAP device driver support") CONFIG_EXPERIMENTAL=y ("Prompt for development and/or incomplete code/drivers") CONFIG_PARAVIRT=y ("Paravirtualization support (EXPERIMENTAL)") CONFIG_LGUEST=m ("Linux hypervisor example code")


And optionally:

  CONFIG_HZ=100 ("Timer frequency")


Make and install your kernel:

  $ make $ sudo make modules_install install


Install the new kernel, update your boot loader, and reboot.

Or, rather than manually compile your kernel, you may alternatively wish to use your distribution's kernel installation mechanism (for example, make-kpkg on Debian and Ubuntu).

Now you need to compile the user-space lguest tool. It comes with the kernel source package and is located in the Documentation/lguest directory.

  $ cd linux-2.6.23-rc3/Documentation/lguest $ make O=yourkernelbuildtree


Install the lguest binary somewhere appropriate on your host.

To enable lguest support you just need to modprobe the lg module:

  # modprobe lg


You should see something like the following message in your syslog output indicating if the module has loaded correctly.

  Aug 30 22:46:05 debian kernel: lguest: mapped switcher at ffc00000


We next need to find a root disk image. It can be either download one like http://xm-test.xensource.com/ramdisks/initrd-1.1-i386.img or made from a distribution ISO using a tool like debootstrap.

Russell also suggests using a distribution ISO, installing it under QEMU, and cloning it to make suitable guests.

Now you can launch lguest using the lguest binary (running it as root):

  # lguest 64m /boot/vmlinuz --tunnet=bridge:br0 --initrd=/boot/initrd.img-2.6.23-rc3 --block=rootfile root=/etc/lgba


Let's have a look at this command line. The first option, 64m, is the memory allocated for the guest. Then we specify the kernel itself, which is vmlinux. Next, we specify networking; in this case we've bridged an interface, br0 (you can read about bridging at  http://linux-net.osdl.org/index.php/Bridge.) You can use a variety of methods to get network access for guests. These are detailed in the lguest documentation.

We've specified the initrd and the root file and the boot options. The initial ramdisk file is specified using the --initrd option and the root file using the --block option (the root file will become /dev/lgba in the guest). The root= specified provides the kernel boot options, in this case the instantiation of our root file, /etc/lgba.

And that's it! You've launched lguest and initiated your first guest.

Summary

Keep in mind that lguest is very new and you will probably stumble across one or two bugs. You may also find that some features are not available at the moment. But lguest is a very fast and easy way to get started with virtualization and you will be certain to see and hear more about it when the 2.6.23 kernel is released and more widely implemented.

You can read more about lguest, including some further documentation and a mailing list, at http://lguest.ozlabs.org/lguest.txt.

About the author: James Turnbull is the author of  Hardening Linux and a security consultant at the Commonwealth Bank of Australia. He is also the resident  security expert for SearchEnterpriseLinux.com.

This was first published in September 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.