--- wikisrc/ports/xen/howto.mdwn 2014/12/23 23:37:56 1.12 +++ wikisrc/ports/xen/howto.mdwn 2014/12/24 00:04:47 1.15 @@ -1,5 +1,5 @@ Introduction ------------- +============ [![[Xen screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](../../gallery/in-Action/hubertf-xen.png) @@ -37,10 +37,13 @@ attempts to address both the case of run and running NetBSD as a domU in a VPS. Prerequisites -============= +------------- Installing NetBSD/Xen is not extremely difficult, but it is more complex than a normal installation of NetBSD. +In general, this HOWTO is occasionally overly restrictive about how +things must be done, guiding the reader to stay on the established +path when there are no known good reasons to stray. This HOWTO presumes a basic familiarity with the Xen system architecture. @@ -50,8 +53,85 @@ hardware and installing software from pk For more details on Xen, see [](http://www.xen.org/). -Installing NetBSD as privileged domain (Dom0) ---------------------------------------------- +Versions of Xen and NetBSD +========================== + +Most of the installation concepts and instructions are independent of +Xen version. This section gives advice on which version to choose. +Versions not in pkgsrc and older unsupported versions of NetBSD are +inentionally ignored. + +Xen +--- + +In NetBSD, xen is provided in pkgsrc, via matching pairs of packages +xenkernel and xentools. We will refer only to the kernel versions, +but note that both packages must be installed together and must have +matching versions. + +xenkernel3 and xenkernel33 provide Xen 3.1 and 3.3. These no longer +receive security patches and should not be used. + +xenkernel41 provides Xen 4.1. This is no longer maintained by Xen, +but as of 2014-12 receives backported security patches. It is a +reasonable although trailing-edge choice. + +xenkernel42 provides Xen 4.2. This is maintained by Xen, but old as +of 2014-12. + +Ideally newer versions of Xen will be added to pkgsrc. + +NetBSD +------ + +The netbsd-5, netbsd-6, netbsd-7, and -current branches are all +reasonable choices, with more or less the same considerations for +non-Xen use. Therefore, netbsd-6 is recommended as the stable version +of the most recent release. + +As of NetBSD 6, a NetBSD domU will support multiple vcpus. There is +no SMP support for NetBSD as dom0. (The dom0 itself doesn't really +need SMP; the lack of support is really a problem when using a dom0 as +a normal computer.) + +Recommendation +-------------- + +Therefore, this HOWTO recommends running xenkernel42 (and xentools42) +and NetBSD 6 stable branch. + +NetBSD as a dom0 +================ + +NetBSD can be used as a dom0 and works very well. The following +sections address installation, updating NetBSD, and updating Xen. + +Styles of dom0 operation +------------------------ + +There are two basic ways to use Xen. The traditional method is for +the dom0 to do absolutely nothing other than providing support to some +number of domUs. Such a system was probably installed for the sole +purpose of hosting domUs, and sits in a server room on a UPS. + +The other way is to put Xen under a normal-usage computer, so that the +dom0 is what the computer would have been without Xen, perhaps a +desktop or laptop. Then, one can run domUs at will. Purists will +deride this as less secure than the previous approach, and for a +computer whose purpose is to run domUs, they are right. But Xen and a +dom0 (without domUs) is not meaingfully less secure than the same +things running without Xen. One can boot Xen or boot regular NetBSD +alternately with little problems, simply refraining from starting the +Xen daemons when not running Xen. + +Note that NetBSD as dom0 does not support multiple CPUs. This will +limit the performance of the Xen/dom0 workstation approach. + +Installation of NetBSD and Xen +------------------------------ + +Note that it doesn't make sense to talk about installing a dom0 OS +without also installing Xen itself. First do a NetBSD/i386 or NetBSD/amd64 [installation](../../docs/guide/en/chap-inst.html) of the 5.1 release @@ -207,7 +287,29 @@ Install grub with the following command: Done. -Creating an unprivileged NetBSD domain (DomU) +Updating NetBSD in a dom0 +------------------------- + +This is just like updating NetBSD on bare hardware, assuming the new +version supports the version of Xen you are running. Generally, one +replaces the kernel and reboots, and then overlays userland binaries +and adjusts /etc. + +Note that one must update both the non-Xen kernel typically used for +rescue purposes and the DOM0 kernel used with Xen. + +Updating Xen versions +--------------------- + +TODO: write + +Creating unprivileged domains (domU) +==================================== + +Creating domUs is almost entirely independent of operating system. We +first explain NetBSD, and then differences for Linux and Solaris. + +Creating an unprivileged NetBSD domain (domU) --------------------------------------------- Once you have *domain0* running, you need to start the xen tool daemon @@ -350,7 +452,7 @@ working vif-bridge is also provided with #!/bin/sh #============================================================================ - # $NetBSD: howto.mdwn,v 1.11 2014/12/23 23:25:57 gdt Exp $ + # $NetBSD: howto.mdwn,v 1.14 2014/12/23 23:43:27 gdt Exp $ # # /usr/pkg/etc/xen/vif-bridge # @@ -474,7 +576,7 @@ in rc.conf. This way, the domain will be Your domain should be now ready to work, enjoy. -Creating an unprivileged Linux domain (DomU) +Creating an unprivileged Linux domain (domU) -------------------------------------------- Creating unprivileged Linux domains isn't much different from @@ -518,7 +620,7 @@ To get the linux console right, you need to your configuration since not all linux distributions auto-attach a tty to the xen console. -Creating an unprivileged Solaris domain (DomU) +Creating an unprivileged Solaris domain (domU) ---------------------------------------------- Download an Opensolaris [release](http://opensolaris.org/os/downloads/) @@ -655,7 +757,7 @@ Restart the guest to verify it works cor Using PCI devices in guest domains -================================== +---------------------------------- The domain0 can give other domains access to selected PCI devices. This can allow, for example, a non-privileged domain to have access to a