Diff for /wikisrc/ports/xen/howto.mdwn between versions 1.10 and 1.15

version 1.10, 2014/12/23 23:08:37 version 1.15, 2014/12/24 00:04:47
Line 1 Line 1
 <tr class="odd">  
 <td align="left"><a href="../../about/disclaimer.html#bsd-daemon"></a></td>  
 <td align="left"><h1>Table Of Contents</h1>  
 <li>Installing NetBSD as privileged domain (Dom0)</li>  
 <li>Creating an unprivileged NetBSD domain (DomU)</li>  
 <li>Creating an unprivileged Linux domain (DomU)</li>  
 <li>Creating an unprivileged Solaris domain (DomU)</li>  
 <li>Using PCI devices in guest domains</li>  
 <li>Links and further information</li>  
 Introduction  Introduction
 ------------  ============
 [![[Xen  [![[Xen
 screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](../../gallery/in-Action/hubertf-xen.png)  screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](../../gallery/in-Action/hubertf-xen.png)
 Xen is a virtual machine monitor for x86 hardware (requires i686-class  Xen is a virtual machine monitor or hypervisor for x86 hardware
 CPUs), which supports running multiple guest operating systems on a  (i686-class or higher), which supports running multiple guest
 single machine. Guest OSes (also called “domains”) require a modified  operating systems on a single physical machine.  With Xen, one uses
 kernel which supports Xen hypercalls in replacement to access to the  the Xen kernel to control the CPU, memory and console, a dom0
 physical hardware. At boot, the Xen kernel (also known as the Xen  operating system which mediates access to other hardware (e.g., disks,
 hypervisor) is loaded (via the bootloader) along with the guest kernel  network, USB), and one or more domU operating systems which operate in
 for the first domain (called *domain0*). The Xen kernel has to be loaded  an unprivileged virtualized environment.  IO requests from the domU
 using the multiboot protocol. You would use the NetBSD boot loader for  systems are forwarded by the hypervisor (Xen) to the dom0 to be
 this, or alternatively the `grub` boot loader (`grub` has some  fulfilled.
 limitations, detailed below). *domain0* has special privileges to access  
 the physical hardware (PCI and ISA devices), administrate other domains  Xen supports two styles of guests.  The original is Para-Virtualized
 and provide virtual devices (disks and network) to other domains that  (PV) which means that the guest OS does not attempt to access hardware
 lack those privileges. For more details, see [](http://www.xen.org/).  directly, but instead makes hypercalls to the hypervisor.  This is
   analogous to a user-space program making system calls.  (The dom0
 NetBSD can be used for both *domain0 (Dom0)* and further, unprivileged  operating system uses PV calls for some functions, such as updating
 (DomU) domains. (Actually there can be multiple privileged domains  memory mapping page tables, but has direct hardware access for disk
 accessing different parts of the hardware, all providing virtual devices  and network.)   PV guests must be specifically coded for Xen.
 to unprivileged domains. We will only talk about the case of a single  
 privileged domain, *domain0*). *domain0* will see physical devices much  The more recent style is HVM, which means that the guest does not have
 like a regular i386 or amd64 kernel, and will own the physical console  code for Xen and need not be aware that it is running under Xen.
 (VGA or serial). Unprivileged domains will only see a character-only  Attempts to access hardware registers are trapped and emulated.  This
 virtual console, virtual disks (`xbd`) and virtual network interfaces  style is less efficient but can run unmodified guests.
 (`xennet`) provided by a privileged domain (usually *domain0*). xbd  
 devices are connected to a block device (i.e., a partition of a disk,  At boot, the dom0 kernel is loaded as module with Xen as the kernel.
 raid, ccd, ... device) in the privileged domain. xennet devices are  The dom0 can start one or more domUs.  (Booting is explained in detail
 connected to virtual devices in the privileged domain, named  in the dom0 section.)
 xvif\<domain number\>.\<if number for this domain\>, e.g., xvif1.0. Both  
 xennet and xvif devices are seen as regular Ethernet devices (they can  NetBSD supports Xen in that it can serve as dom0, be used as a domU,
 be seen as a crossover cable between 2 PCs) and can be assigned  and that Xen kernels and tools are available in pkgsrc.  This HOWTO
 addresses (and be routed or NATed, filtered using IPF, etc ...) or be  attempts to address both the case of running a NetBSD dom0 on hardware
 added as part of a bridge.  and running NetBSD as a domU in a VPS.
   Installing NetBSD/Xen is not extremely difficult, but it is more
   complex than a normal installation of NetBSD.
   In general, this HOWTO is occasionally overly restrictive about how
   things must be done, guiding the reader to stay on the established
   path when there are no known good reasons to stray.
   This HOWTO presumes a basic familiarity with the Xen system
   This HOWTO presumes familiarity with installing NetBSD on i386/amd64
   hardware and installing software from pkgsrc.
   For more details on Xen, see [](http://www.xen.org/).
   Versions of Xen and NetBSD
   Most of the installation concepts and instructions are independent of
   Xen version.  This section gives advice on which version to choose.
   Versions not in pkgsrc and older unsupported versions of NetBSD are
   inentionally ignored.
   In NetBSD, xen is provided in pkgsrc, via matching pairs of packages
   xenkernel and xentools.  We will refer only to the kernel versions,
   but note that both packages must be installed together and must have
   matching versions.
   xenkernel3 and xenkernel33 provide Xen 3.1 and 3.3.  These no longer
   receive security patches and should not be used.
   xenkernel41 provides Xen 4.1.  This is no longer maintained by Xen,
   but as of 2014-12 receives backported security patches.  It is a
   reasonable although trailing-edge choice.
   xenkernel42 provides Xen 4.2.  This is maintained by Xen, but old as
   of 2014-12.
   Ideally newer versions of Xen will be added to pkgsrc.
   The netbsd-5, netbsd-6, netbsd-7, and -current branches are all
   reasonable choices, with more or less the same considerations for
   non-Xen use.  Therefore, netbsd-6 is recommended as the stable version
   of the most recent release.
   As of NetBSD 6, a NetBSD domU will support multiple vcpus.  There is
   no SMP support for NetBSD as dom0.  (The dom0 itself doesn't really
   need SMP; the lack of support is really a problem when using a dom0 as
   a normal computer.)
   Therefore, this HOWTO recommends running xenkernel42 (and xentools42)
   and NetBSD 6 stable branch.
   NetBSD as a dom0
   NetBSD can be used as a dom0 and works very well.  The following
   sections address installation, updating NetBSD, and updating Xen.
   Styles of dom0 operation
   There are two basic ways to use Xen.  The traditional method is for
   the dom0 to do absolutely nothing other than providing support to some
   number of domUs.  Such a system was probably installed for the sole
   purpose of hosting domUs, and sits in a server room on a UPS.
   The other way is to put Xen under a normal-usage computer, so that the
   dom0 is what the computer would have been without Xen, perhaps a
   desktop or laptop.  Then, one can run domUs at will.  Purists will
   deride this as less secure than the previous approach, and for a
   computer whose purpose is to run domUs, they are right.  But Xen and a
   dom0 (without domUs) is not meaingfully less secure than the same
   things running without Xen.  One can boot Xen or boot regular NetBSD
   alternately with little problems, simply refraining from starting the
   Xen daemons when not running Xen.
 Installing NetBSD as privileged domain (Dom0)  Note that NetBSD as dom0 does not support multiple CPUs.  This will
 ---------------------------------------------  limit the performance of the Xen/dom0 workstation approach.
   Installation of NetBSD and Xen
   Note that it doesn't make sense to talk about installing a dom0 OS
   without also installing Xen itself.
 First do a NetBSD/i386 or NetBSD/amd64  First do a NetBSD/i386 or NetBSD/amd64
 [installation](../../docs/guide/en/chap-inst.html) of the 5.1 release  [installation](../../docs/guide/en/chap-inst.html) of the 5.1 release
Line 211  Install grub with the following command: Line 287  Install grub with the following command:
     Done.      Done.
 Creating an unprivileged NetBSD domain (DomU)  Updating NetBSD in a dom0
   This is just like updating NetBSD on bare hardware, assuming the new
   version supports the version of Xen you are running.  Generally, one
   replaces the kernel and reboots, and then overlays userland binaries
   and adjusts /etc.
   Note that one must update both the non-Xen kernel typically used for
   rescue purposes and the DOM0 kernel used with Xen.
   Updating Xen versions
   TODO: write
   Creating unprivileged domains (domU)
   Creating domUs is almost entirely independent of operating system.  We
   first explain NetBSD, and then differences for Linux and Solaris.
   Creating an unprivileged NetBSD domain (domU)
 ---------------------------------------------  ---------------------------------------------
 Once you have *domain0* running, you need to start the xen tool daemon  Once you have *domain0* running, you need to start the xen tool daemon
Line 354  working vif-bridge is also provided with Line 452  working vif-bridge is also provided with
     #!/bin/sh      #!/bin/sh
     #============================================================================      #============================================================================
     # $NetBSD: howto.mdwn,v 1.9 2014/12/23 23:04:29 gdt Exp $      # $NetBSD: howto.mdwn,v 1.14 2014/12/23 23:43:27 gdt Exp $
     #      #
     # /usr/pkg/etc/xen/vif-bridge      # /usr/pkg/etc/xen/vif-bridge
     #      #
Line 478  in rc.conf. This way, the domain will be Line 576  in rc.conf. This way, the domain will be
 Your domain should be now ready to work, enjoy.  Your domain should be now ready to work, enjoy.
 Creating an unprivileged Linux domain (DomU)  Creating an unprivileged Linux domain (domU)
 --------------------------------------------  --------------------------------------------
 Creating unprivileged Linux domains isn't much different from  Creating unprivileged Linux domains isn't much different from
Line 522  To get the linux console right, you need Line 620  To get the linux console right, you need
 to your configuration since not all linux distributions auto-attach a  to your configuration since not all linux distributions auto-attach a
 tty to the xen console.  tty to the xen console.
 Creating an unprivileged Solaris domain (DomU)  Creating an unprivileged Solaris domain (domU)
 ----------------------------------------------  ----------------------------------------------
 Download an Opensolaris [release](http://opensolaris.org/os/downloads/)  Download an Opensolaris [release](http://opensolaris.org/os/downloads/)
Line 659  Restart the guest to verify it works cor Line 757  Restart the guest to verify it works cor
 Using PCI devices in guest domains  Using PCI devices in guest domains
 ==================================  ----------------------------------
 The domain0 can give other domains access to selected PCI devices. This  The domain0 can give other domains access to selected PCI devices. This
 can allow, for example, a non-privileged domain to have access to a  can allow, for example, a non-privileged domain to have access to a

Removed from v.1.10  
changed lines
  Added in v.1.15

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb