Diff for /wikisrc/ports/xen/howto.mdwn between versions 1.51 and 1.56

version 1.51, 2014/12/26 23:36:34 version 1.56, 2014/12/27 00:25:48
Line 49  specific PCI devices can be made availab Line 49  specific PCI devices can be made availab
 of the dom0.  This can be useful to let a domU run X11, or access some  of the dom0.  This can be useful to let a domU run X11, or access some
 network interface or other peripheral.  network interface or other peripheral.
   
   NetBSD used to support Xen2; this has been removed.
   
 Prerequisites  Prerequisites
 -------------  -------------
   
Line 63  architecture.  This HOWTO presumes famil Line 65  architecture.  This HOWTO presumes famil
 on i386/amd64 hardware and installing software from pkgsrc.  on i386/amd64 hardware and installing software from pkgsrc.
 See also the [Xen website](http://www.xenproject.org/).  See also the [Xen website](http://www.xenproject.org/).
   
 History  
 -------  
   
 NetBSD used to support Xen2; this has been removed.  
   
 Before NetBSD's native bootloader could support Xen, the use of  
 grub was recommended.  If necessary, see the  
 [old grub information](/ports/xen/howto-grub/).  
   
 Versions of Xen and NetBSD  Versions of Xen and NetBSD
 ==========================  ==========================
   
Line 302  As with non-Xen systems, you should have Line 295  As with non-Xen systems, you should have
 kernel that works without Xen) and fallback versions of the non-Xen  kernel that works without Xen) and fallback versions of the non-Xen
 kernel, Xen, and the dom0 kernel.  kernel, Xen, and the dom0 kernel.
   
   Using grub (historic)
   ---------------------
   
   Before NetBSD's native bootloader could support Xen, the use of
   grub was recommended.  If necessary, see the
   [old grub information](/ports/xen/howto-grub/).
   
 The [HowTo on Installing into  The [HowTo on Installing into
 RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html)  RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html)
 explains how to set up booting a dom0 with Xen using grub with  explains how to set up booting a dom0 with Xen using grub with
Line 311  boot.) Line 311  boot.)
 Configuring Xen  Configuring Xen
 ---------------  ---------------
   
   Xen logs will be in /var/log/xen.
   
 Now, you have a system that will boot Xen and the dom0 kernel, and  Now, you have a system that will boot Xen and the dom0 kernel, and
 just run the dom0 kernel.  There will be no domUs, and none can be  just run the dom0 kernel.  There will be no domUs, and none can be
 started because you still have to configure the dom0 tools.  The  started because you still have to configure the dom0 tools.  The
Line 334  installed 4.1 or 4.2): Line 336  installed 4.1 or 4.2):
   
 For 4.1 (and thus xm; xl is believed not to work well), add to rc.conf:  For 4.1 (and thus xm; xl is believed not to work well), add to rc.conf:
   
         xend=YES  
         xencommons=YES          xencommons=YES
           xend=YES
   
 TODO: Explain why if xm is preferred on 4.1, rc.d/xendomains has xl.  (If you are using xentools41 from before 2014-12-26, change
 Or fix the package.  rc.d/xendomains to use xm rather than xl.)
   
 For 4.2 with xm, add to rc.conf  For 4.2 with xm, add to rc.conf
   
         xend=YES  
         xencommons=YES          xencommons=YES
           xend=YES
   
 For 4.2 with xl (preferred), add to rc.conf:  For 4.2 with xl (preferred), add to rc.conf:
   
         TODO: explain if there is a xend replacement  
         xencommons=YES          xencommons=YES
           TODO: explain if there is a xend replacement
   
 TODO: Recommend for/against xen-watchdog.  TODO: Recommend for/against xen-watchdog.
   
 After you have configured the daemons and either started them or  After you have configured the daemons and either started them (in the
 rebooted, run the following (or use xl) to inspect Xen's boot  order given) or rebooted, run the following (or use xl) to inspect
 messages, available resources, and running domains:  Xen's boot messages, available resources, and running domains:
   
         # xm dmesg          # xm dmesg
         [xen's boot info]          [xen's boot info]
Line 405  and adjusts /etc. Line 407  and adjusts /etc.
 Note that one must update both the non-Xen kernel typically used for  Note that one must update both the non-Xen kernel typically used for
 rescue purposes and the DOM0 kernel used with Xen.  rescue purposes and the DOM0 kernel used with Xen.
   
 To convert from grub to /boot, install an mbr bootblock with fdisk,  Converting from grub to /boot
 bootxx_ with installboot, /boot and /boot.cfg.  This really should be  -----------------------------
 no different than completely reinstalling boot blocks on a non-Xen  
 system.  These instructions were [TODO: will be] used to convert a system from
   grub to /boot.  The system was originally installed in February of
   2006 with a RAID1 setup and grub to boot Xen 2, and has been updated
   over time.  Before these commands, it was running NetBSD 6 i386, Xen
   4.1 and grub, much like the message linked earlier in the grub
   section.
   
           # Install mbr bootblocks on both disks. 
           fdisk -i /dev/rwd0d
           fdisk -i /dev/rwd1d
           # Install NetBSD primary boot loader (/ is FFSv1) into RAID1 components.
           installboot -v /dev/rwd0d /usr/mdec/bootxx_ffsv1
           installboot -v /dev/rwd1d /usr/mdec/bootxx_ffsv1
           # Install secondary boot loader
           cp -p /usr/mdec/boot /
           # Create boog.cfg following earlier guidance:
           menu=Xen:load /netbsd-XEN3PAE_DOM0.gz console=pc;multiboot /xen.gz dom0_mem=256M
           menu=Xen.ok:load /netbsd-XEN3PAE_DOM0.ok.gz console=pc;multiboot /xen.ok.gz dom0_mem=256M
           menu=GENERIC:boot
           menu=GENERIC single-user:boot -s
           menu=GENERIC.ok:boot netbsd.ok
           menu=GENERIC.ok single-user:boot netbsd.ok -s
           menu=Drop to boot prompt:prompt
           default=1
           timeout=30
   
   TODO: actually do this and fix it if necessary.
   
 Updating Xen versions  Updating Xen versions
 ---------------------  ---------------------
Line 595  dom0.  This is often appropriate when ru Line 623  dom0.  This is often appropriate when ru
 TODO: NAT appears to be configured by "vif = [ '' ]".  TODO: NAT appears to be configured by "vif = [ '' ]".
   
 The MAC address specified is the one used for the interface in the new  The MAC address specified is the one used for the interface in the new
 domain.  The interface in domain0 will use this address XOR'd with  domain.  The interface in dom0 will use this address XOR'd with
 00:00:00:01:00:00.  Random MAC addresses are assigned if not given.  00:00:00:01:00:00.  Random MAC addresses are assigned if not given.
   
 Sizing domains  Sizing domains
Line 695  It is also desirable to add Line 723  It is also desirable to add
         powerd=YES          powerd=YES
   
 in rc.conf. This way, the domain will be properly shut down if  in rc.conf. This way, the domain will be properly shut down if
 `xm shutdown -R` or `xm shutdown -H` is used on the domain0.  `xm shutdown -R` or `xm shutdown -H` is used on the dom0.
   
 Your domain should be now ready to work, enjoy.  Your domain should be now ready to work, enjoy.
   
Line 750  See possibly outdated Line 778  See possibly outdated
 [Solaris domU instructions](/ports/xen/howto-solaris/).  [Solaris domU instructions](/ports/xen/howto-solaris/).
   
   
 Using PCI devices in guest domains  PCI passthrough: Using PCI devices in guest domains
 ----------------------------------  ---------------------------------------------------
   
 The domain0 can give other domains access to selected PCI devices. This  The dom0 can give other domains access to selected PCI
 can allow, for example, a non-privileged domain to have access to a  devices. This can allow, for example, a non-privileged domain to have
 physical network interface or disk controller. However, keep in mind  access to a physical network interface or disk controller.  However,
 that giving a domain access to a PCI device most likely will give the  keep in mind that giving a domain access to a PCI device most likely
 domain read/write access to the whole physical memory, as PCs don't have  will give the domain read/write access to the whole physical memory,
 an IOMMU to restrict memory access to DMA-capable device. Also, it's not  as PCs don't have an IOMMU to restrict memory access to DMA-capable
 possible to export ISA devices to non-domain0 domains (which means that  device.  Also, it's not possible to export ISA devices to non-dom0
 the primary VGA adapter can't be exported. A guest domain trying to  domains, which means that the primary VGA adapter can't be exported.
 access the VGA registers will panic).  A guest domain trying to access the VGA registers will panic.
   
 This functionality is only available in NetBSD-5.1 (and later) domain0  If the dom0 is NetBSD, it has to be running Xen 3.1, as support has
 and domU. If the domain0 is NetBSD, it has to be running Xen 3.1, as  not been ported to later versions at this time.
 support has not been ported to later versions at this time.  
   For a PCI device to be exported to a domU, is has to be attached to
 For a PCI device to be exported to a domU, is has to be attached to the  the "pciback" driver in dom0.  Devices passed to the dom0 via the
 `pciback` driver in domain0. Devices passed to the domain0 via the  pciback.hide boot parameter will attach to "pciback" instead of the
 pciback.hide boot parameter will attach to `pciback` instead of the  usual driver.  The list of devices is specified as "(bus:dev.func)",
 usual driver. The list of devices is specified as `(bus:dev.func)`,  
 where bus and dev are 2-digit hexadecimal numbers, and func a  where bus and dev are 2-digit hexadecimal numbers, and func a
 single-digit number:  single-digit number:
   
     pciback.hide=(00:0a.0)(00:06.0)          pciback.hide=(00:0a.0)(00:06.0)
   
 pciback devices should show up in the domain0's boot messages, and the  pciback devices should show up in the dom0's boot messages, and the
 devices should be listed in the `/kern/xen/pci` directory.  devices should be listed in the `/kern/xen/pci` directory.
   
 PCI devices to be exported to a domU are listed in the `pci` array of  PCI devices to be exported to a domU are listed in the "pci" array of
 the domU's config file, with the format `'0000:bus:dev.func'`  the domU's config file, with the format "0000:bus:dev.func".
   
     pci = [ '0000:00:06.0', '0000:00:0a.0' ]  
   
 In the domU an `xpci` device will show up, to which one or more pci  
 busses will attach. Then the PCI drivers will attach to PCI busses as  
 usual. Note that the default NetBSD DOMU kernels do not have `xpci` or  
 any PCI drivers built in by default; you have to build your own kernel  
 to use PCI devices in a domU. Here's a kernel config example:  
   
     include         "arch/i386/conf/XEN3_DOMU"  
     #include         "arch/i386/conf/XENU"           # in NetBSD 3.0  
   
     # Add support for PCI busses to the XEN3_DOMU kernel          pci = [ '0000:00:06.0', '0000:00:0a.0' ]
     xpci* at xenbus ?  
     pci* at xpci ?  
   
     # Now add PCI and related devices to be used by this domain  In the domU an "xpci" device will show up, to which one or more pci
     # USB Controller and Devices  busses will attach.  Then the PCI drivers will attach to PCI busses as
   usual.  Note that the default NetBSD DOMU kernels do not have "xpci"
     # PCI USB controllers  or any PCI drivers built in by default; you have to build your own
     uhci*   at pci? dev ? function ?        # Universal Host Controller (Intel)  kernel to use PCI devices in a domU.  Here's a kernel config example;
   note that only the "xpci" lines are unusual.
     # USB bus support  
     usb*    at uhci?          include         "arch/i386/conf/XEN3_DOMU"
   
     # USB Hubs          # Add support for PCI busses to the XEN3_DOMU kernel
     uhub*   at usb?          xpci* at xenbus ?
     uhub*   at uhub? port ? configuration ? interface ?          pci* at xpci ?
   
     # USB Mass Storage          # PCI USB controllers
     umass*  at uhub? port ? configuration ? interface ?          uhci*   at pci? dev ? function ?        # Universal Host Controller (Intel)
     wd*     at umass?  
     # SCSI controllers          # USB bus support
     ahc*    at pci? dev ? function ?        # Adaptec [23]94x, aic78x0 SCSI          usb*    at uhci?
   
     # SCSI bus support (for both ahc and umass)          # USB Hubs
     scsibus* at scsi?          uhub*   at usb?
           uhub*   at uhub? port ? configuration ? interface ?
     # SCSI devices  
     sd*     at scsibus? target ? lun ?      # SCSI disk drives          # USB Mass Storage
     cd*     at scsibus? target ? lun ?      # SCSI CD-ROM drives          umass*  at uhub? port ? configuration ? interface ?
           wd*     at umass?
           # SCSI controllers
           ahc*    at pci? dev ? function ?        # Adaptec [23]94x, aic78x0 SCSI
   
           # SCSI bus support (for both ahc and umass)
           scsibus* at scsi?
   
           # SCSI devices
           sd*     at scsibus? target ? lun ?      # SCSI disk drives
           cd*     at scsibus? target ? lun ?      # SCSI CD-ROM drives
   
   
 NetBSD as a domU in a VPS  NetBSD as a domU in a VPS
Line 832  hardware.  This section explains how to  Line 856  hardware.  This section explains how to 
 virtual private server where you do not control or have access to the  virtual private server where you do not control or have access to the
 dom0.  dom0.
   
 TODO: Perhaps reference panix, prmgr, amazon as interesting examples.  VPS operators provide varying degrees of access and mechanisms for
   configuration.  The big issue is usually how one controls which kernel
   is booted, because the kernel is nominally in the dom0 filesystem (to
   which VPS users do not normally have acesss).
   
   A VPS user may want to compile a kernel for security updates, to run
   npf, run IPsec, or any other reason why someone would want to change
   their kernel.
   
   One approach is to have an adminstrative interface to upload a kernel,
   or to select from a prepopulated list.
   
   Otehr approaches are pvgrub and py-grub, which are ways to start a
   bootloader from the dom0 instead of the actual domU kernel, and for
   that loader to then load a kernel from the domU filesystem.  This is
   closer to a regular physical computer, where someone who controls a
   machine can replace the kernel.
   
 TODO: Somewhere, discuss pvgrub and py-grub to load the domU kernel  prmgr and pvgrub
 from the domU filesystem.  ----------------
   
   TODO: Perhaps reference panix, prmgr, amazon as interesting examples.
   Explain what prmgr does.
   
 Using npf  Using npf
 ---------  ---------

Removed from v.1.51  
changed lines
  Added in v.1.56


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb