Diff for /wikisrc/ports/xen/howto.mdwn between versions 1.23 and 1.33

version 1.23, 2014/12/24 01:34:47 version 1.33, 2014/12/24 15:54:50
Line 27  code for Xen and need not be aware that  Line 27  code for Xen and need not be aware that 
 Attempts to access hardware registers are trapped and emulated.  This  Attempts to access hardware registers are trapped and emulated.  This
 style is less efficient but can run unmodified guests.  style is less efficient but can run unmodified guests.
   
 Generally any amd64 machine will work with Xen and PV guests.  For HVM  Generally any amd64 machine will work with Xen and PV guests.  In
 guests, the VT or VMX cpu feature (Intel) or SVM/HVM/VT (amd64) is  theory i386 computers without amd64 support can be used for Xen <=
 needed; "cpuctl identify 0" will show this.  TODO: Clean up and check  4.2, but we have no recent reports of this working (this is a hint).
 the above features.  TODO: Explain if i386 (non-amd64) machines can  For HVM guests, the VT or VMX cpu feature (Intel) or SVM/HVM/VT
 still be used --- I think that the requirement to use PAE kernels is  (amd64) is needed; "cpuctl identify 0" will show this.  TODO: Clean up
 about the hypervisor being amd64 only.  and check the above features.
   
 At boot, the dom0 kernel is loaded as module with Xen as the kernel.  At boot, the dom0 kernel is loaded as a module with Xen as the kernel.
 The dom0 can start one or more domUs.  (Booting is explained in detail  The dom0 can start one or more domUs.  (Booting is explained in detail
 in the dom0 section.)  in the dom0 section.)
   
 NetBSD supports Xen in that it can serve as dom0, be used as a domU,  NetBSD supports Xen in that it can serve as dom0, be used as a domU,
 and that Xen kernels and tools are available in pkgsrc.  This HOWTO  and that Xen kernels and tools are available in pkgsrc.  This HOWTO
 attempts to address both the case of running a NetBSD dom0 on hardware  attempts to address both the case of running a NetBSD dom0 on hardware
 and running NetBSD as a domU in a VPS.  and running domUs under it (NetBSD and other), and also running NetBSD
   as a domU in a VPS.
   
 Some versions of Xen support "PCI passthrough", which means that  Some versions of Xen support "PCI passthrough", which means that
 specific PCI devices can be made available to a specific domU instead  specific PCI devices can be made available to a specific domU instead
Line 60  path when there are no known good reason Line 61  path when there are no known good reason
 This HOWTO presumes a basic familiarity with the Xen system  This HOWTO presumes a basic familiarity with the Xen system
 architecture.  This HOWTO presumes familiarity with installing NetBSD  architecture.  This HOWTO presumes familiarity with installing NetBSD
 on i386/amd64 hardware and installing software from pkgsrc.  on i386/amd64 hardware and installing software from pkgsrc.
 See also the [Xen website](http://www.xen.org/).  See also the [Xen website](http://www.xenproject.org/).
   
 History  History
 -------  -------
Line 69  NetBSD used to support Xen2; this has be Line 70  NetBSD used to support Xen2; this has be
   
 Before NetBSD's native bootloader could support Xen, the use of  Before NetBSD's native bootloader could support Xen, the use of
 grub was recommended.  If necessary, see the  grub was recommended.  If necessary, see the
 [old grub information](/xen/howto-grub/).  [old grub information](/ports/xen/howto-grub/).
   
 Versions of Xen and NetBSD  Versions of Xen and NetBSD
 ==========================  ==========================
   
 Most of the installation concepts and instructions are independent of  Most of the installation concepts and instructions are independent
 Xen version.  This section gives advice on which version to choose.  of Xen version and NetBSD version.  This section gives advice on
 Versions not in pkgsrc and older unsupported versions of NetBSD are  which version to choose.  Versions not in pkgsrc and older unsupported
 inentionally ignored.  versions of NetBSD are intentionally ignored.
   
 Xen  Xen
 ---  ---
Line 89  matching versions. Line 90  matching versions.
   
 xenkernel3 and xenkernel33 provide Xen 3.1 and 3.3.  These no longer  xenkernel3 and xenkernel33 provide Xen 3.1 and 3.3.  These no longer
 receive security patches and should not be used.  Xen 3.1 supports PCI  receive security patches and should not be used.  Xen 3.1 supports PCI
 passthrough.  passthrough.  Xen 3.1 supports non-PAE on i386.
   
 xenkernel41 provides Xen 4.1.  This is no longer maintained by Xen,  xenkernel41 provides Xen 4.1.  This is no longer maintained by Xen,
 but as of 2014-12 receives backported security patches.  It is a  but as of 2014-12 receives backported security patches.  It is a
Line 100  of 2014-12. Line 101  of 2014-12.
   
 Ideally newer versions of Xen will be added to pkgsrc.  Ideally newer versions of Xen will be added to pkgsrc.
   
 Note that NetBSD support is called XEN3; it works with 3.1 through  Note that NetBSD support is called XEN3.  It works with 3.1 through
 4.2, because the hypercall interface has been stable.  4.2 because the hypercall interface has been stable.
   
 Xen command program  Xen command program
 -------------------  -------------------
   
 Early Xen used a program called "xm" to manipulate the system from the  Early Xen used a program called "xm" to manipulate the system from the
 dom0.  Starting in 4.1, a replacement program with similar behavior  dom0.  Starting in 4.1, a replacement program with similar behavior
 called "xl" is provided.  In 4.2, "xm" is no longer available.  called "xl" is provided.  In 4.2 and later, "xl" is preferred.  4.4 is
   the last version that has "xm".
   
 NetBSD  NetBSD
 ------  ------
Line 116  NetBSD Line 118  NetBSD
 The netbsd-5, netbsd-6, netbsd-7, and -current branches are all  The netbsd-5, netbsd-6, netbsd-7, and -current branches are all
 reasonable choices, with more or less the same considerations for  reasonable choices, with more or less the same considerations for
 non-Xen use.  Therefore, netbsd-6 is recommended as the stable version  non-Xen use.  Therefore, netbsd-6 is recommended as the stable version
 of the most recent release.  of the most recent release for production use.  For those wanting to
   learn Xen or without production stability concerns, netbsd-7 is likely
   most appropriate.
   
 As of NetBSD 6, a NetBSD domU will support multiple vcpus.  There is  As of NetBSD 6, a NetBSD domU will support multiple vcpus.  There is
 no SMP support for NetBSD as dom0.  (The dom0 itself doesn't really  no SMP support for NetBSD as dom0.  (The dom0 itself doesn't really
Line 126  a normal computer.) Line 130  a normal computer.)
 Architecture  Architecture
 ------------  ------------
   
 Xen is basically amd64 only at this point.  One can either run i386  Xen itself can run on i386 or amd64 machines.  (Practically, almost
 domains or amd64 domains.  If running i386, PAE versions are required,  any computer where one would want to run Xen supports amd64.)  If
 for both dom0 and domU.  These versions are built by default in NetBSD  using an i386 NetBSD kernel for the dom0, PAE is required (PAE
 releases.  While i386 dom0 works fine, amd64 is recommended as more  versions are built by default).  While i386 dom0 works fine, amd64 is
 normal.  (Note that emacs (at least) fails if run on i386 with PAE when  recommended as more normal.
 built without, and vice versa, presumably due to bugs in the undump  
 code.)  Xen 4.2 is the last version to support i386 as a host.  TODO: Clarify
   if this is about the CPU having to be amd64, or about the dom0 kernel
   having to be amd64.
   
   One can then run i386 domUs and amd64 domUs, in any combination.  If
   running an i386 NetBSD kernel as a domU, the PAE version is required.
   (Note that emacs (at least) fails if run on i386 with PAE when built
   without, and vice versa, presumably due to bugs in the undump code.)
   
 Recommendation  Recommendation
 --------------  --------------
   
 Therefore, this HOWTO recommends running xenkernel42 (and xentools42),  Therefore, this HOWTO recommends running xenkernel42 (and xentools42),
 xl, the NetBSD 6 stable branch, and to use amd64 as the dom0.  Either  xl, the NetBSD 6 stable branch, and to use an amd64 kernel as the
 the i386 or amd64 of NetBSD may be used as domUs.  dom0.  Either the i386 or amd64 of NetBSD may be used as domUs.
   
 NetBSD as a dom0  NetBSD as a dom0
 ================  ================
Line 177  Installation of NetBSD Line 188  Installation of NetBSD
 ----------------------  ----------------------
   
 First,  First,
 [install NetBSD/amd64](../../docs/guide/en/chap-inst.html)  [install NetBSD/amd64](/guide/inst/)
 just as you would if you were not using Xen.  just as you would if you were not using Xen.
 However, the partitioning approach is very important.  However, the partitioning approach is very important.
   
Line 195  each virtual disk to be used by the domU Line 206  each virtual disk to be used by the domU
 how domU usage will evolve, please add an explanation to the HOWTO.  how domU usage will evolve, please add an explanation to the HOWTO.
 Seriously, needs tend to change over time.)  Seriously, needs tend to change over time.)
   
 One can use lvm(8) to create logical devices to use for domU disks.  One can use [lvm(8)](/guide/lvm/) to create logical devices to use
 This is almost as efficient sa raw disk partitions and more flexible.  for domU disks.  This is almost as efficient as raw disk partitions
 Hence raw disk partitions should typically not be used.  and more flexible.  Hence raw disk partitions should typically not
   be used.
   
 One can use files in the dom0 filesystem, typically created by dd'ing  One can use files in the dom0 filesystem, typically created by dd'ing
 /dev/zero to create a specific size.  This is somewhat less efficient,  /dev/zero to create a specific size.  This is somewhat less efficient,
Line 248  As with non-Xen systems, you should have Line 260  As with non-Xen systems, you should have
 kernel that works without Xen) and fallback versions of the non-Xen  kernel that works without Xen) and fallback versions of the non-Xen
 kernel, Xen, and the dom0 kernel.  kernel, Xen, and the dom0 kernel.
   
   The [HowTo on Installing into
   RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html)
   explains how to set up booting a dom0 with Xen using grub with
   NetBSD's RAIDframe.  (This is obsolete with the use of NetBSD's native
   boot.)
   
 Configuring Xen  Configuring Xen
 ---------------  ---------------
   
 Now, you have a system that will boot Xen and the dom0 kernel, and  Now, you have a system that will boot Xen and the dom0 kernel, and
 just run the dom0 kernel.  There will be no domUs, and none can be  just run the dom0 kernel.  There will be no domUs, and none can be
 started because you still have to configure the dom0 tools.  started because you still have to configure the dom0 tools.  The
   daemons which should be run vary with Xen version and with whether one
   is using xm or xl.  Note that xend is for supporting "xm", and should
   only be used if you plan on using "xm".  Do NOT enable xend if you
   plan on using "xl" as it will cause problems.
   
   TODO: Give 3.1 advice (or remove it from pkgsrc).
   
   For 3.3 (and thus xm), add to rc.conf (but note that you should have
   installed 4.1 or 4.2):
   
           xend=YES
           xenbackendd=YES
   
   For 4.1 (and thus xm; xl is believed not to work well), add to rc.conf:
   
           xend=YES
           xencommons=YES
   
   TODO: Explain why if xm is preferred on 4.1, rc.d/xendomains has xl.
   Or fix the package.
   
   For 4.2 with xm, add to rc.conf
   
           xend=YES
           xencommons=YES
   
   For 4.2 with xl (preferred), add to rc.conf:
   
 For 3.3 (and probably 3.1), add to rc.conf (but note that you should          TODO: explain if there is a xend replacement
 have installed 4.2):          xencommons=YES
   xend=YES  
   xenbackendd=YES  TODO: Recommend for/against xen-watchdog.
   
 For 4.1 and 4.2, add to rc.conf:  After you have configured the daemons and rebooted, run the following
   xend=YES  to inspect Xen's boot messages, available resources, and running
   xencommons=YES  domains:
           xm dmesg
           xm info
           xm list
   
 Updating NetBSD in a dom0  Updating NetBSD in a dom0
 -------------------------  -------------------------
Line 292  Ensure that the contents of /etc/rc.d/xe Line 340  Ensure that the contents of /etc/rc.d/xe
 correct set of daemons.  Ensure that the domU config files are valid  correct set of daemons.  Ensure that the domU config files are valid
 for the new version.  for the new version.
   
 Creating unprivileged domains (domU)  
 ====================================  Unprivileged domains (domU)
   ===========================
   
   This section describes general concepts about domUs.  It does not
   address specific domU operating systems or how to install them.  The
   config files for domUs are typically in /usr/pkg/etc/xen, and are
   typically named so that the file anme, domU name and the domU's host
   name match.
   
   The domU is provided with cpu and memory by Xen, configured by the
   dom0.  The domU is provided with disk and network by the dom0,
   mediated by Xen, and configured in the dom0.
   
   Entropy in domUs can be an issue; physical disks and network are on
   the dom0.  NetBSD's /dev/random system works, but is often challenged.
   
   CPU and memory
   --------------
   
   A domain is provided with some number of vcpus, less than the
   number of cpus seen by the hypervisor.  For a dom0, this is controlled
   by the boot argument "dom0_max_vcpus=1".  For a domU, it is controlled
   from the config file.
   
   A domain is provided with memory, In the straightforward case, the sum
   of the the memory allocated to the dom0 and all domUs must be less
   than the available memory.
   
   Xen also provides a "balloon" driver, which can be used to let domains
   use more memory temporarily.  TODO: Explain better, and explain how
   well it works with NetBSD.
   
   Virtual disks
   -------------
   
   With the file/vnd style, typically one creates a directory,
   e.g. /u0/xen, on a disk large enough to hold virtual disks for all
   domUs.  Then, for each domU disk, one writes zeros to a file that then
   serves to hold the virtual disk's bits; a suggested name is foo-xbd0
   for the first virtual disk for the domU called foo.  Writing zeros to
   the file serves two purposes.  One is that preallocating the contents
   improves performance.  The other is that vnd on sparse files has
   failed to work.  TODO: give working/notworking NetBSD versions for
   sparse vnd.  Note that the use of file/vnd for Xen is not really
   different than creating a file-backed virtual disk for some other
   purpose, except that xentools handles the vnconfig commands.
   
   With the lvm style, one creates logical devices.  They are then used
   similarly to vnds.
   
   Virtual Networking
   ------------------
   
   TODO: explain xvif concept, and that it's general.
   
   There are two normal styles: bridging and NAT.
   
   With bridging, the domU perceives itself to be on the same network as
   the dom0.  For server virtualization, this is usually best.
   
   With NAT, the domU perceives itself to be behind a NAT running on the
   dom0.  This is often appropriate when running Xen on a workstation.
   
   One can construct arbitrary other configurations, but there is no
   script support.
   
   Sizing domains
   --------------
   
   Modern x86 hardware has vast amounts of resources.  However, many
   virtual servers can function just fine on far less.  A system with
   256M of RAM and a 4G disk can be a reasonable choice.  Note that it is
   far easier to adjust virtual resources than physical ones.  For
   memory, it's just a config file edit and a reboot.  For disk, one can
   create a new file and vnconfig it (or lvm), and then dump/restore,
   just like updating physical disks, but without having to be there and
   without those pesky connectors.
   
   Config files
   ------------
   
   TODO: give example config files.   Use both lvm and vnd.
   
   TODO: explain the mess with 3 arguments for disks and how to cope (0x1).
   
   Starting domains
   ----------------
   
   TODO: Explain "xm start" and "xl start".  Explain rc.d/xendomains.
   
   TODO: Explain why 4.1 rc.d/xendomains has xl, when one should use xm
   on 4.1.
   
   Creating specific unprivileged domains (domU)
   =============================================
   
 Creating domUs is almost entirely independent of operating system.  We  Creating domUs is almost entirely independent of operating system.  We
 first explain NetBSD, and then differences for Linux and Solaris.  first explain NetBSD, and then differences for Linux and Solaris.
Line 324  PKG\_SYSCONFDIR for its parameters. By d Line 466  PKG\_SYSCONFDIR for its parameters. By d
 will be executed in the new domain (this kernel is in the *domain0* file  will be executed in the new domain (this kernel is in the *domain0* file
 system, not on the new domain virtual disk; but please note, you should  system, not on the new domain virtual disk; but please note, you should
 install the same kernel into *domainU* as `/netbsd` in order to make  install the same kernel into *domainU* as `/netbsd` in order to make
 your system tools, like MAN.SAVECORE.8, work). A suitable kernel is  your system tools, like savecore(8), work). A suitable kernel is
 provided as part of the i386 and amd64 binary sets: XEN3\_DOMU.  provided as part of the i386 and amd64 binary sets: XEN3\_DOMU.
   
 Here is an /usr/pkg/etc/xen/nbsd example config file:  Here is an /usr/pkg/etc/xen/nbsd example config file:
Line 434  like this: Line 576  like this:
     !brconfig $int add ex0 up      !brconfig $int add ex0 up
   
 (replace `ex0` with the name of your physical interface). Then bridge0  (replace `ex0` with the name of your physical interface). Then bridge0
 will be created on boot. See the MAN.BRIDGE.4 man page for details.  will be created on boot. See the bridge(4) man page for details.
   
 So, here is a suitable `/usr/pkg/etc/xen/vif-bridge` for xvif?.? (a  So, here is a suitable `/usr/pkg/etc/xen/vif-bridge` for xvif?.? (a
 working vif-bridge is also provided with xentools20) configuring:  working vif-bridge is also provided with xentools20) configuring:
   
     #!/bin/sh      #!/bin/sh
     #============================================================================      #============================================================================
     # $NetBSD: howto.mdwn,v 1.22 2014/12/24 01:27:36 gdt Exp $      # $NetBSD: howto.mdwn,v 1.32 2014/12/24 15:31:36 gdt Exp $
     #      #
     # /usr/pkg/etc/xen/vif-bridge      # /usr/pkg/etc/xen/vif-bridge
     #      #
Line 818  to use PCI devices in a domU. Here's a k Line 960  to use PCI devices in a domU. Here's a k
     sd*     at scsibus? target ? lun ?      # SCSI disk drives      sd*     at scsibus? target ? lun ?      # SCSI disk drives
     cd*     at scsibus? target ? lun ?      # SCSI CD-ROM drives      cd*     at scsibus? target ? lun ?      # SCSI CD-ROM drives
   
 Links and further information  
 =============================  
   
 -   The [HowTo on Installing into RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html)  NetBSD as a domU in a VPS
     explains how to set up booting a dom0 with Xen using grub   =========================
     with NetBSD's RAIDframe.  (This is obsolete with the use of  
     NetBSD's native boot.)  The bulk of the HOWTO is about using NetBSD as a dom0 on your own
 -   An example of how to use NetBSD's native bootloader to load  hardware.  This section explains how to deal with Xen in a domU as a
     NetBSD/Xen instead of Grub can be found in the i386/amd64 boot(8)  virtual private server where you do not control or have access to the
     and boot.cfg(5) manpages.  dom0.
   
   TODO: Perhaps reference panix, prmgr, amazon as interesting examples.
   
   TODO: Somewhere, discuss pvgrub and py-grub to load the domU kernel
   from the domU filesystem.

Removed from v.1.23  
changed lines
  Added in v.1.33


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb