|
version 1.6, 2013/11/01 12:30:27
|
version 1.15, 2014/12/24 00:04:47
|
|
Line 1
|
Line 1
|
| <table> |
|
| <tbody> |
|
| <tr class="odd"> |
|
| <td align="left"><a href="../../about/disclaimer.html#bsd-daemon"></a></td> |
|
| <td align="left"><h1>Table Of Contents</h1> |
|
| <ul> |
|
| <li>Introduction</li> |
|
| <li>Installing NetBSD as privileged domain (Dom0)</li> |
|
| <li>Creating an unprivileged NetBSD domain (DomU)</li> |
|
| <li>Creating an unprivileged Linux domain (DomU)</li> |
|
| <li>Creating an unprivileged Solaris domain (DomU)</li> |
|
| <li>Using PCI devices in guest domains</li> |
|
| <li>Links and further information</li> |
|
| </ul></td> |
|
| </tr> |
|
| </tbody> |
|
| </table> |
|
| |
|
| Introduction |
Introduction |
| ------------ |
============ |
| |
|
| [![[Xen |
[![[Xen |
| screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png) |
screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](../../gallery/in-Action/hubertf-xen.png) |
| |
|
| Xen is a virtual machine monitor for x86 hardware (requires i686-class |
Xen is a virtual machine monitor or hypervisor for x86 hardware |
| CPUs), which supports running multiple guest operating systems on a |
(i686-class or higher), which supports running multiple guest |
| single machine. Guest OSes (also called "domains") require a modified |
operating systems on a single physical machine. With Xen, one uses |
| kernel which supports Xen hypercalls in replacement to access to the |
the Xen kernel to control the CPU, memory and console, a dom0 |
| physical hardware. At boot, the Xen kernel (also known as the Xen |
operating system which mediates access to other hardware (e.g., disks, |
| hypervisor) is loaded (via the bootloader) along with the guest kernel |
network, USB), and one or more domU operating systems which operate in |
| for the first domain (called *domain0*). The Xen kernel has to be loaded |
an unprivileged virtualized environment. IO requests from the domU |
| using the multiboot protocol. You would use the NetBSD boot loader for |
systems are forwarded by the hypervisor (Xen) to the dom0 to be |
| this, or alternatively the `grub` boot loader (`grub` has some |
fulfilled. |
| limitations, detailed below). *domain0* has special privileges to access |
|
| the physical hardware (PCI and ISA devices), administrate other domains |
Xen supports two styles of guests. The original is Para-Virtualized |
| and provide virtual devices (disks and network) to other domains that |
(PV) which means that the guest OS does not attempt to access hardware |
| lack those privileges. For more details, see [](http://www.xen.org/). |
directly, but instead makes hypercalls to the hypervisor. This is |
| |
analogous to a user-space program making system calls. (The dom0 |
| NetBSD can be used for both *domain0 (Dom0)* and further, unprivileged |
operating system uses PV calls for some functions, such as updating |
| (DomU) domains. (Actually there can be multiple privileged domains |
memory mapping page tables, but has direct hardware access for disk |
| accessing different parts of the hardware, all providing virtual devices |
and network.) PV guests must be specifically coded for Xen. |
| to unprivileged domains. We will only talk about the case of a single |
|
| privileged domain, *domain0*). *domain0* will see physical devices much |
The more recent style is HVM, which means that the guest does not have |
| like a regular i386 or amd64 kernel, and will own the physical console |
code for Xen and need not be aware that it is running under Xen. |
| (VGA or serial). Unprivileged domains will only see a character-only |
Attempts to access hardware registers are trapped and emulated. This |
| virtual console, virtual disks (`xbd`) and virtual network interfaces |
style is less efficient but can run unmodified guests. |
| (`xennet`) provided by a privileged domain (usually *domain0*). xbd |
|
| devices are connected to a block device (i.e., a partition of a disk, |
At boot, the dom0 kernel is loaded as module with Xen as the kernel. |
| raid, ccd, ... device) in the privileged domain. xennet devices are |
The dom0 can start one or more domUs. (Booting is explained in detail |
| connected to virtual devices in the privileged domain, named |
in the dom0 section.) |
| xvif\<domain number\>.\<if number for this domain\>, e.g., xvif1.0. Both |
|
| xennet and xvif devices are seen as regular Ethernet devices (they can |
NetBSD supports Xen in that it can serve as dom0, be used as a domU, |
| be seen as a crossover cable between 2 PCs) and can be assigned |
and that Xen kernels and tools are available in pkgsrc. This HOWTO |
| addresses (and be routed or NATed, filtered using IPF, etc ...) or be |
attempts to address both the case of running a NetBSD dom0 on hardware |
| added as part of a bridge. |
and running NetBSD as a domU in a VPS. |
| |
|
| |
Prerequisites |
| |
------------- |
| |
|
| |
Installing NetBSD/Xen is not extremely difficult, but it is more |
| |
complex than a normal installation of NetBSD. |
| |
In general, this HOWTO is occasionally overly restrictive about how |
| |
things must be done, guiding the reader to stay on the established |
| |
path when there are no known good reasons to stray. |
| |
|
| |
This HOWTO presumes a basic familiarity with the Xen system |
| |
architecture. |
| |
|
| |
This HOWTO presumes familiarity with installing NetBSD on i386/amd64 |
| |
hardware and installing software from pkgsrc. |
| |
|
| |
For more details on Xen, see [](http://www.xen.org/). |
| |
|
| |
Versions of Xen and NetBSD |
| |
========================== |
| |
|
| |
Most of the installation concepts and instructions are independent of |
| |
Xen version. This section gives advice on which version to choose. |
| |
Versions not in pkgsrc and older unsupported versions of NetBSD are |
| |
inentionally ignored. |
| |
|
| |
Xen |
| |
--- |
| |
|
| |
In NetBSD, xen is provided in pkgsrc, via matching pairs of packages |
| |
xenkernel and xentools. We will refer only to the kernel versions, |
| |
but note that both packages must be installed together and must have |
| |
matching versions. |
| |
|
| |
xenkernel3 and xenkernel33 provide Xen 3.1 and 3.3. These no longer |
| |
receive security patches and should not be used. |
| |
|
| |
xenkernel41 provides Xen 4.1. This is no longer maintained by Xen, |
| |
but as of 2014-12 receives backported security patches. It is a |
| |
reasonable although trailing-edge choice. |
| |
|
| |
xenkernel42 provides Xen 4.2. This is maintained by Xen, but old as |
| |
of 2014-12. |
| |
|
| |
Ideally newer versions of Xen will be added to pkgsrc. |
| |
|
| |
NetBSD |
| |
------ |
| |
|
| |
The netbsd-5, netbsd-6, netbsd-7, and -current branches are all |
| |
reasonable choices, with more or less the same considerations for |
| |
non-Xen use. Therefore, netbsd-6 is recommended as the stable version |
| |
of the most recent release. |
| |
|
| |
As of NetBSD 6, a NetBSD domU will support multiple vcpus. There is |
| |
no SMP support for NetBSD as dom0. (The dom0 itself doesn't really |
| |
need SMP; the lack of support is really a problem when using a dom0 as |
| |
a normal computer.) |
| |
|
| |
Recommendation |
| |
-------------- |
| |
|
| |
Therefore, this HOWTO recommends running xenkernel42 (and xentools42) |
| |
and NetBSD 6 stable branch. |
| |
|
| |
NetBSD as a dom0 |
| |
================ |
| |
|
| |
NetBSD can be used as a dom0 and works very well. The following |
| |
sections address installation, updating NetBSD, and updating Xen. |
| |
|
| |
Styles of dom0 operation |
| |
------------------------ |
| |
|
| |
There are two basic ways to use Xen. The traditional method is for |
| |
the dom0 to do absolutely nothing other than providing support to some |
| |
number of domUs. Such a system was probably installed for the sole |
| |
purpose of hosting domUs, and sits in a server room on a UPS. |
| |
|
| |
The other way is to put Xen under a normal-usage computer, so that the |
| |
dom0 is what the computer would have been without Xen, perhaps a |
| |
desktop or laptop. Then, one can run domUs at will. Purists will |
| |
deride this as less secure than the previous approach, and for a |
| |
computer whose purpose is to run domUs, they are right. But Xen and a |
| |
dom0 (without domUs) is not meaingfully less secure than the same |
| |
things running without Xen. One can boot Xen or boot regular NetBSD |
| |
alternately with little problems, simply refraining from starting the |
| |
Xen daemons when not running Xen. |
| |
|
| Installing NetBSD as privileged domain (Dom0) |
Note that NetBSD as dom0 does not support multiple CPUs. This will |
| --------------------------------------------- |
limit the performance of the Xen/dom0 workstation approach. |
| |
|
| |
Installation of NetBSD and Xen |
| |
------------------------------ |
| |
|
| |
Note that it doesn't make sense to talk about installing a dom0 OS |
| |
without also installing Xen itself. |
| |
|
| First do a NetBSD/i386 or NetBSD/amd64 |
First do a NetBSD/i386 or NetBSD/amd64 |
| [installation](../../docs/guide/en/chap-inst.html) of the 5.1 release |
[installation](../../docs/guide/en/chap-inst.html) of the 5.1 release |
|
Line 211 Install grub with the following command:
|
Line 287 Install grub with the following command:
|
| Done. |
Done. |
| |
|
| |
|
| Creating an unprivileged NetBSD domain (DomU) |
Updating NetBSD in a dom0 |
| |
------------------------- |
| |
|
| |
This is just like updating NetBSD on bare hardware, assuming the new |
| |
version supports the version of Xen you are running. Generally, one |
| |
replaces the kernel and reboots, and then overlays userland binaries |
| |
and adjusts /etc. |
| |
|
| |
Note that one must update both the non-Xen kernel typically used for |
| |
rescue purposes and the DOM0 kernel used with Xen. |
| |
|
| |
Updating Xen versions |
| |
--------------------- |
| |
|
| |
TODO: write |
| |
|
| |
Creating unprivileged domains (domU) |
| |
==================================== |
| |
|
| |
Creating domUs is almost entirely independent of operating system. We |
| |
first explain NetBSD, and then differences for Linux and Solaris. |
| |
|
| |
Creating an unprivileged NetBSD domain (domU) |
| --------------------------------------------- |
--------------------------------------------- |
| |
|
| Once you have *domain0* running, you need to start the xen tool daemon |
Once you have *domain0* running, you need to start the xen tool daemon |
|
Line 354 working vif-bridge is also provided with
|
Line 452 working vif-bridge is also provided with
|
| |
|
| #!/bin/sh |
#!/bin/sh |
| #============================================================================ |
#============================================================================ |
| # $NetBSD: howto.mdwn,v 1.5 2013/11/01 12:27:37 mspo Exp $ |
# $NetBSD: howto.mdwn,v 1.14 2014/12/23 23:43:27 gdt Exp $ |
| # |
# |
| # /usr/pkg/etc/xen/vif-bridge |
# /usr/pkg/etc/xen/vif-bridge |
| # |
# |
|
Line 478 in rc.conf. This way, the domain will be
|
Line 576 in rc.conf. This way, the domain will be
|
| |
|
| Your domain should be now ready to work, enjoy. |
Your domain should be now ready to work, enjoy. |
| |
|
| Creating an unprivileged Linux domain (DomU) |
Creating an unprivileged Linux domain (domU) |
| -------------------------------------------- |
-------------------------------------------- |
| |
|
| Creating unprivileged Linux domains isn't much different from |
Creating unprivileged Linux domains isn't much different from |
|
Line 522 To get the linux console right, you need
|
Line 620 To get the linux console right, you need
|
| to your configuration since not all linux distributions auto-attach a |
to your configuration since not all linux distributions auto-attach a |
| tty to the xen console. |
tty to the xen console. |
| |
|
| Creating an unprivileged Solaris domain (DomU) |
Creating an unprivileged Solaris domain (domU) |
| ---------------------------------------------- |
---------------------------------------------- |
| |
|
| Download an Opensolaris [release](http://opensolaris.org/os/downloads/) |
Download an Opensolaris [release](http://opensolaris.org/os/downloads/) |
|
Line 659 Restart the guest to verify it works cor
|
Line 757 Restart the guest to verify it works cor
|
| |
|
| |
|
| Using PCI devices in guest domains |
Using PCI devices in guest domains |
| ================================== |
---------------------------------- |
| |
|
| The domain0 can give other domains access to selected PCI devices. This |
The domain0 can give other domains access to selected PCI devices. This |
| can allow, for example, a non-privileged domain to have access to a |
can allow, for example, a non-privileged domain to have access to a |
|
Line 734 to use PCI devices in a domU. Here's a k
|
Line 832 to use PCI devices in a domU. Here's a k
|
| Links and further information |
Links and further information |
| ============================= |
============================= |
| |
|
| - The HowTo on |
- The [HowTo on Installing into RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html) |
| Installing into RAID-1 |
explains how to set up booting a dom0 with Xen using grub |
| gives some hints on using Xen (grub) with NetBSD's RAIDframe |
with NetBSD's RAIDframe. (This is obsolete with the use of |
| - Harold Gutch wrote documentation on |
NetBSD's native boot.) |
| setting up a Linux DomU with a NetBSD Dom0 |
|
| - An example of how to use NetBSD's native bootloader to load |
- An example of how to use NetBSD's native bootloader to load |
| NetBSD/Xen instead of Grub can be found in the i386/amd64 MAN.BOOT.8 |
NetBSD/Xen instead of Grub can be found in the i386/amd64 boot(8) |
| and MAN.BOOT.CFG.5 manpages. |
and boot.cfg(5) manpages. |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to howto.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / ports / xen