|
version 1.147, 2018/07/26 10:47:25
|
version 1.151, 2018/07/26 11:16:22
|
|
Line 6 Introduction
|
Line 6 Introduction
|
| [![[Xen |
[![[Xen |
| screenshot]](https://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](https://www.netbsd.org/gallery/in-Action/hubertf-xen.png) |
screenshot]](https://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](https://www.netbsd.org/gallery/in-Action/hubertf-xen.png) |
| |
|
| Xen is a hypervisor (or virtual machine monitor) for x86 hardware |
Xen is a hypervisor for x86 hardware, which supports running multiple guest |
| (i686-class or higher), which supports running multiple guest |
|
| operating systems on a single physical machine. Xen is a Type 1 or |
operating systems on a single physical machine. Xen is a Type 1 or |
| bare-metal hypervisor; one uses the Xen kernel to control the CPU, |
bare-metal hypervisor; one uses the Xen kernel to control the CPU, |
| memory and console, a dom0 operating system which mediates access to |
memory and console, a dom0 operating system which mediates access to |
| other hardware (e.g., disks, network, USB), and one or more domU |
other hardware (e.g., disks, network, USB), and one or more domU |
| operating systems which operate in an unprivileged virtualized |
operating systems which operate in an unprivileged virtualized |
| environment. IO requests from the domU systems are forwarded by the |
environment. IO requests from the domU systems are forwarded by the |
| hypervisor (Xen) to the dom0 to be fulfilled. |
Xen hypervisor to the dom0 to be fulfilled. |
| |
|
| |
Xen supports different styles of guest: |
| |
|
| |
[[!table data=""" |
| |
Style of guest |Supported by NetBSD |
| |
PV |Yes (dom0, domU) |
| |
HVM |Yes (domU) |
| |
PVHVM |No |
| |
PVH |No |
| |
"""]] |
| |
|
| |
In Para-Virtualized (PV) mode, the guest OS does not attempt to access |
| |
hardware directly, but instead makes hypercalls to the hypervisor; PV |
| |
guests must be specifically coded for Xen. In HVM mode, no guest |
| |
modification is required; however, hardware support is required, such |
| |
as VT-x on Intel CPUs and SVM on AMD CPUs. |
| |
|
| Xen supports two styles of guests. The original is Para-Virtualized |
|
| (PV) which means that the guest OS does not attempt to access hardware |
|
| directly, but instead makes hypercalls to the hypervisor. This is |
|
| analogous to a user-space program making system calls. (The dom0 |
|
| operating system uses PV calls for some functions, such as updating |
|
| memory mapping page tables, but has direct hardware access for disk |
|
| and network.) PV guests must be specifically coded for Xen. |
|
| |
|
| The more recent style is HVM, which means that the guest does not have |
|
| code for Xen and need not be aware that it is running under Xen. |
|
| Attempts to access hardware registers are trapped and emulated. This |
|
| style is less efficient but can run unmodified guests. |
|
| |
|
| Generally any machine that runs NetBSD/amd64 will work with Xen and PV |
|
| guests. In theory i386 computers (without x86_64/amd64 support) can |
|
| be used for Xen <= 4.2, but we have no recent reports of this working |
|
| (this is a hint). For HVM guests, hardware support is needed, but it |
|
| is common on recent machines. For Intel CPUs, one needs the VT-x |
|
| extension, shown in "cpuctl identify 0" as VMX. For AMD CPUs, one |
|
| needs the AMD-V extensions, shown in "cpuctl identify 0" as SVM. |
|
| There are further features for IOMMU virtualization, Intel's VT-d and |
There are further features for IOMMU virtualization, Intel's VT-d and |
| AMD's AMD-Vi. TODO: Explain whether Xen on NetBSD makes use of these |
AMD's AMD-Vi. TODO: Explain whether Xen on NetBSD makes use of these |
| features. TODO: Review by someone who really understands this. |
features. TODO: Review by someone who really understands this. |
| |
|
| Note that a FreeBSD dom0 requires VT-x and VT-d (or equivalent); this |
|
| is because the FreeBSD dom0 does not run in PV mode. |
|
| |
|
| At boot, the dom0 kernel is loaded as a module with Xen as the kernel. |
At boot, the dom0 kernel is loaded as a module with Xen as the kernel. |
| The dom0 can start one or more domUs. (Booting is explained in detail |
The dom0 can start one or more domUs. (Booting is explained in detail |
| in the dom0 section.) |
in the dom0 section.) |
| |
|
| NetBSD supports Xen in that it can serve as dom0, be used as a domU, |
|
| and that Xen kernels and tools are available in pkgsrc. This HOWTO |
|
| attempts to address both the case of running a NetBSD dom0 on hardware |
|
| and running domUs under it (NetBSD and other), and also running NetBSD |
|
| as a domU in a VPS. |
|
| |
|
| Xen 3.1 in pkgsrc used to support "PCI passthrough", which means that |
|
| specific PCI devices can be made available to a specific domU instead |
|
| of the dom0. This can be useful to let a domU run X11, or access some |
|
| network interface or other peripheral. |
|
| |
|
| NetBSD 6 and earlier supported Xen 2; support was removed from NetBSD |
|
| 7. Xen 2 has been removed from pkgsrc. |
|
| |
|
| Prerequisites |
|
| ------------- |
|
| |
|
| Installing NetBSD/Xen is not extremely difficult, but it is more |
|
| complex than a normal installation of NetBSD. |
|
| In general, this HOWTO is occasionally overly restrictive about how |
|
| things must be done, guiding the reader to stay on the established |
|
| path when there are no known good reasons to stray. |
|
| |
|
| This HOWTO presumes a basic familiarity with the Xen system |
This HOWTO presumes a basic familiarity with the Xen system |
| architecture, with installing NetBSD on i386/amd64 hardware, and with |
architecture, with installing NetBSD on i386/amd64 hardware, and with |
| installing software from pkgsrc. See also the [Xen |
installing software from pkgsrc. See also the [Xen |
| website](http://www.xenproject.org/). |
website](http://www.xenproject.org/). |
| |
|
| |
This HOWTO attempts to address both the case of running a NetBSD dom0 |
| |
on hardware and running domUs under it (NetBSD and other), and also |
| |
running NetBSD as a domU in a VPS. |
| |
|
| Versions of Xen and NetBSD |
Versions of Xen and NetBSD |
| ========================== |
========================== |
| |
|
|
Line 84 which version to choose. Versions not i
|
Line 57 which version to choose. Versions not i
|
| versions of NetBSD are intentionally ignored. |
versions of NetBSD are intentionally ignored. |
| |
|
| The term "amd64" is used to refer to both the NetBSD port and to the |
The term "amd64" is used to refer to both the NetBSD port and to the |
| hardware architecture on which it runs. (Such hardware is made by |
hardware architecture on which it runs. Such hardware is generally |
| both Intel and AMD, and in 2016 a normal PC has this CPU |
made by both Intel and AMD, and common on PC computers. |
| architecture.) |
|
| |
|
| Xen versions |
Xen versions |
| ------------ |
------------ |
|
Line 157 Architecture
|
Line 129 Architecture
|
| ------------ |
------------ |
| |
|
| Xen itself can run on i386 (Xen < 4.2) or amd64 hardware (all Xen |
Xen itself can run on i386 (Xen < 4.2) or amd64 hardware (all Xen |
| versions). (Practically, almost any computer where one would want to |
versions). Practically, almost any computer where one would want to |
| run Xen today supports amd64.) |
run Xen today supports amd64. |
| |
|
| Xen, the dom0 system, and each domU system can be either i386 or |
Xen, the dom0 system, and each domU system can be either i386 or |
| amd64. When building a xenkernel package, one obtains an i386 Xen |
amd64. When building a xenkernel package, one obtains an i386 Xen |
|
Line 168 be i386. With an amd64 Xen kernel, an a
|
Line 140 be i386. With an amd64 Xen kernel, an a
|
| work, and an i386 dom0 kernel should in theory work. An amd64 |
work, and an i386 dom0 kernel should in theory work. An amd64 |
| Xen/dom0 is known to support both i386 and amd64 domUs. |
Xen/dom0 is known to support both i386 and amd64 domUs. |
| |
|
| i386 dom0 and domU kernels must be PAE (except for an i386 Xen 3.1 |
i386 dom0 and domU kernels must be PAE. PAE kernels are included in |
| kernel, where one can use non-PAE for dom0 and all domUs); PAE kernels |
the NetBSD default build. |
| are included in the NetBSD default build. (Note that emacs (at least) |
|
| fails if run on i386 with PAE when built without, and vice versa, |
|
| presumably due to bugs in the undump code.) |
|
| |
|
| Because of the above, the standard approach is to use an amd64 Xen |
Because of the above, the standard approach is to use an amd64 Xen |
| kernel and NetBSD/amd64 for the dom0. For domUs, NetBSD/i386 (with |
kernel and NetBSD/amd64 for the dom0. For domUs, NetBSD/i386 (with |
|
Line 194 caution that the total situation is comp
|
Line 163 caution that the total situation is comp
|
| understood. On top of that caution, the post is about Linux, not |
understood. On top of that caution, the post is about Linux, not |
| NetBSD. TODO: Include link to benchmarks, if someone posts them. |
NetBSD. TODO: Include link to benchmarks, if someone posts them. |
| |
|
| Stability |
|
| --------- |
|
| |
|
| Mostly, NetBSD as a dom0 or domU is quite stable. However, just like every |
|
| other architecture, there are some open PRs indicating problems. |
|
| |
|
| Note also that there are issues with sparse vnd(4) instances, but |
|
| these are not about Xen -- they just are noticed with sparse vnd(4) |
|
| instances in support of virtual disks in a dom0. |
|
| |
|
| Recommendation |
|
| -------------- |
|
| |
|
| Therefore, this HOWTO recommends running xenkernel46, xl, the NetBSD 7 |
|
| stable branch, and therefore to use an amd64 kernel as the dom0. |
|
| Either the i386PAE or amd64 version of NetBSD may be used as domUs. |
|
| |
|
| A tentative replacement recommendation is xenkernel48, xl, and NetBSD |
|
| 8. |
|
| |
|
| Because bugs are fixed quite often, and because of Xen security |
|
| advisories, it is good to stay up to date with NetBSD (tracking a |
|
| stable branch), with the Xen kernel (tracking a Xen version via |
|
| pkgsrc), and with the Xen tools. Specifically, NetBSD (-7 and |
|
| -current) got an important fix affecting dom0/domU timesharing in |
|
| November, 2015, and xentools46 got a fix to enable Ubuntu guests to |
|
| boot in December, 2016. |
|
| |
|
| NetBSD as a dom0 |
NetBSD as a dom0 |
| ================ |
================ |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to howto.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / ports / xen