|
version 1.50, 2014/12/26 20:28:45
|
version 1.59, 2014/12/27 15:46:47
|
|
Line 2 Introduction
|
Line 2 Introduction
|
| ============ |
============ |
| |
|
| [![[Xen |
[![[Xen |
| screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](../../gallery/in-Action/hubertf-xen.png) |
screenshot]](http://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](http://www.netbsd.org/gallery/in-Action/hubertf-xen.png) |
| |
|
| Xen is a virtual machine monitor or hypervisor for x86 hardware |
Xen is a hypervisor (or virtual machine monitor) for x86 hardware |
| (i686-class or higher), which supports running multiple guest |
(i686-class or higher), which supports running multiple guest |
| operating systems on a single physical machine. With Xen, one uses |
operating systems on a single physical machine. Xen is a Type 1 or |
| the Xen kernel to control the CPU, memory and console, a dom0 |
bare-metal hypervisor; one uses the Xen kernel to control the CPU, |
| operating system which mediates access to other hardware (e.g., disks, |
memory and console, a dom0 operating system which mediates access to |
| network, USB), and one or more domU operating systems which operate in |
other hardware (e.g., disks, network, USB), and one or more domU |
| an unprivileged virtualized environment. IO requests from the domU |
operating systems which operate in an unprivileged virtualized |
| systems are forwarded by the hypervisor (Xen) to the dom0 to be |
environment. IO requests from the domU systems are forwarded by the |
| fulfilled. |
hypervisor (Xen) to the dom0 to be fulfilled. |
| |
|
| Xen supports two styles of guests. The original is Para-Virtualized |
Xen supports two styles of guests. The original is Para-Virtualized |
| (PV) which means that the guest OS does not attempt to access hardware |
(PV) which means that the guest OS does not attempt to access hardware |
|
Line 49 specific PCI devices can be made availab
|
Line 49 specific PCI devices can be made availab
|
| of the dom0. This can be useful to let a domU run X11, or access some |
of the dom0. This can be useful to let a domU run X11, or access some |
| network interface or other peripheral. |
network interface or other peripheral. |
| |
|
| |
NetBSD used to support Xen2; this has been removed. |
| |
|
| Prerequisites |
Prerequisites |
| ------------- |
------------- |
| |
|
|
Line 63 architecture. This HOWTO presumes famil
|
Line 65 architecture. This HOWTO presumes famil
|
| on i386/amd64 hardware and installing software from pkgsrc. |
on i386/amd64 hardware and installing software from pkgsrc. |
| See also the [Xen website](http://www.xenproject.org/). |
See also the [Xen website](http://www.xenproject.org/). |
| |
|
| History |
|
| ------- |
|
| |
|
| NetBSD used to support Xen2; this has been removed. |
|
| |
|
| Before NetBSD's native bootloader could support Xen, the use of |
|
| grub was recommended. If necessary, see the |
|
| [old grub information](/ports/xen/howto-grub/). |
|
| |
|
| Versions of Xen and NetBSD |
Versions of Xen and NetBSD |
| ========================== |
========================== |
| |
|
|
Line 204 alternately with little problems, simply
|
Line 197 alternately with little problems, simply
|
| Xen daemons when not running Xen. |
Xen daemons when not running Xen. |
| |
|
| Note that NetBSD as dom0 does not support multiple CPUs. This will |
Note that NetBSD as dom0 does not support multiple CPUs. This will |
| limit the performance of the Xen/dom0 workstation approach. |
limit the performance of the Xen/dom0 workstation approach. In theory |
| |
the only issue is that the "backend drivers" are not yet MPSAFE: |
| |
http://mail-index.netbsd.org/netbsd-users/2014/08/29/msg015195.html |
| |
|
| Installation of NetBSD |
Installation of NetBSD |
| ---------------------- |
---------------------- |
|
Line 300 As with non-Xen systems, you should have
|
Line 295 As with non-Xen systems, you should have
|
| kernel that works without Xen) and fallback versions of the non-Xen |
kernel that works without Xen) and fallback versions of the non-Xen |
| kernel, Xen, and the dom0 kernel. |
kernel, Xen, and the dom0 kernel. |
| |
|
| |
Using grub (historic) |
| |
--------------------- |
| |
|
| |
Before NetBSD's native bootloader could support Xen, the use of |
| |
grub was recommended. If necessary, see the |
| |
[old grub information](/ports/xen/howto-grub/). |
| |
|
| The [HowTo on Installing into |
The [HowTo on Installing into |
| RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html) |
RAID-1](http://mail-index.NetBSD.org/port-xen/2006/03/01/0010.html) |
| explains how to set up booting a dom0 with Xen using grub with |
explains how to set up booting a dom0 with Xen using grub with |
|
Line 309 boot.)
|
Line 311 boot.)
|
| Configuring Xen |
Configuring Xen |
| --------------- |
--------------- |
| |
|
| |
Xen logs will be in /var/log/xen. |
| |
|
| Now, you have a system that will boot Xen and the dom0 kernel, and |
Now, you have a system that will boot Xen and the dom0 kernel, and |
| just run the dom0 kernel. There will be no domUs, and none can be |
just run the dom0 kernel. There will be no domUs, and none can be |
| started because you still have to configure the dom0 tools. The |
started because you still have to configure the dom0 tools. The |
|
Line 332 installed 4.1 or 4.2):
|
Line 336 installed 4.1 or 4.2):
|
| |
|
| For 4.1 (and thus xm; xl is believed not to work well), add to rc.conf: |
For 4.1 (and thus xm; xl is believed not to work well), add to rc.conf: |
| |
|
| xend=YES |
|
| xencommons=YES |
xencommons=YES |
| |
xend=YES |
| |
|
| TODO: Explain why if xm is preferred on 4.1, rc.d/xendomains has xl. |
(If you are using xentools41 from before 2014-12-26, change |
| Or fix the package. |
rc.d/xendomains to use xm rather than xl.) |
| |
|
| For 4.2 with xm, add to rc.conf |
For 4.2 with xm, add to rc.conf |
| |
|
| xend=YES |
|
| xencommons=YES |
xencommons=YES |
| |
xend=YES |
| |
|
| For 4.2 with xl (preferred), add to rc.conf: |
For 4.2 with xl (preferred), add to rc.conf: |
| |
|
| TODO: explain if there is a xend replacement |
|
| xencommons=YES |
xencommons=YES |
| |
TODO: explain if there is a xend replacement |
| |
|
| TODO: Recommend for/against xen-watchdog. |
TODO: Recommend for/against xen-watchdog. |
| |
|
| After you have configured the daemons and either started them or |
After you have configured the daemons and either started them (in the |
| rebooted, run the following (or use xl) to inspect Xen's boot |
order given) or rebooted, run the following (or use xl) to inspect |
| messages, available resources, and running domains: |
Xen's boot messages, available resources, and running domains: |
| |
|
| # xm dmesg |
# xm dmesg |
| [xen's boot info] |
[xen's boot info] |
|
Line 403 and adjusts /etc.
|
Line 407 and adjusts /etc.
|
| Note that one must update both the non-Xen kernel typically used for |
Note that one must update both the non-Xen kernel typically used for |
| rescue purposes and the DOM0 kernel used with Xen. |
rescue purposes and the DOM0 kernel used with Xen. |
| |
|
| To convert from grub to /boot, install an mbr bootblock with fdisk, |
Converting from grub to /boot |
| bootxx_ with installboot, /boot and /boot.cfg. This really should be |
----------------------------- |
| no different than completely reinstalling boot blocks on a non-Xen |
|
| system. |
These instructions were [TODO: will be] used to convert a system from |
| |
grub to /boot. The system was originally installed in February of |
| |
2006 with a RAID1 setup and grub to boot Xen 2, and has been updated |
| |
over time. Before these commands, it was running NetBSD 6 i386, Xen |
| |
4.1 and grub, much like the message linked earlier in the grub |
| |
section. |
| |
|
| |
# Install mbr bootblocks on both disks. |
| |
fdisk -i /dev/rwd0d |
| |
fdisk -i /dev/rwd1d |
| |
# Install NetBSD primary boot loader (/ is FFSv1) into RAID1 components. |
| |
installboot -v /dev/rwd0d /usr/mdec/bootxx_ffsv1 |
| |
installboot -v /dev/rwd1d /usr/mdec/bootxx_ffsv1 |
| |
# Install secondary boot loader |
| |
cp -p /usr/mdec/boot / |
| |
# Create boog.cfg following earlier guidance: |
| |
menu=Xen:load /netbsd-XEN3PAE_DOM0.gz console=pc;multiboot /xen.gz dom0_mem=256M |
| |
menu=Xen.ok:load /netbsd-XEN3PAE_DOM0.ok.gz console=pc;multiboot /xen.ok.gz dom0_mem=256M |
| |
menu=GENERIC:boot |
| |
menu=GENERIC single-user:boot -s |
| |
menu=GENERIC.ok:boot netbsd.ok |
| |
menu=GENERIC.ok single-user:boot netbsd.ok -s |
| |
menu=Drop to boot prompt:prompt |
| |
default=1 |
| |
timeout=30 |
| |
|
| |
TODO: actually do this and fix it if necessary. |
| |
|
| Updating Xen versions |
Updating Xen versions |
| --------------------- |
--------------------- |
|
Line 501 anyplace, reasonable places to store dom
|
Line 531 anyplace, reasonable places to store dom
|
| (so they are near the dom0 kernel), in /usr/pkg/etc/xen (near the |
(so they are near the dom0 kernel), in /usr/pkg/etc/xen (near the |
| config files), or in /u0/xen (where the vdisks are). |
config files), or in /u0/xen (where the vdisks are). |
| |
|
| |
Note that loading the domU kernel from the dom0 implies that boot |
| |
blocks, /boot, /boot.cfg, and so on are all ignored in the domU. |
| See the VPS section near the end for discussion of alternate ways to |
See the VPS section near the end for discussion of alternate ways to |
| obtain domU kernels. |
obtain domU kernels. |
| |
|
|
Line 593 dom0. This is often appropriate when ru
|
Line 625 dom0. This is often appropriate when ru
|
| TODO: NAT appears to be configured by "vif = [ '' ]". |
TODO: NAT appears to be configured by "vif = [ '' ]". |
| |
|
| The MAC address specified is the one used for the interface in the new |
The MAC address specified is the one used for the interface in the new |
| domain. The interface in domain0 will use this address XOR'd with |
domain. The interface in dom0 will use this address XOR'd with |
| 00:00:00:01:00:00. Random MAC addresses are assigned if not given. |
00:00:00:01:00:00. Random MAC addresses are assigned if not given. |
| |
|
| Sizing domains |
Sizing domains |
|
Line 693 It is also desirable to add
|
Line 725 It is also desirable to add
|
| powerd=YES |
powerd=YES |
| |
|
| in rc.conf. This way, the domain will be properly shut down if |
in rc.conf. This way, the domain will be properly shut down if |
| `xm shutdown -R` or `xm shutdown -H` is used on the domain0. |
`xm shutdown -R` or `xm shutdown -H` is used on the dom0. |
| |
|
| Your domain should be now ready to work, enjoy. |
Your domain should be now ready to work, enjoy. |
| |
|
|
Line 748 See possibly outdated
|
Line 780 See possibly outdated
|
| [Solaris domU instructions](/ports/xen/howto-solaris/). |
[Solaris domU instructions](/ports/xen/howto-solaris/). |
| |
|
| |
|
| Using PCI devices in guest domains |
PCI passthrough: Using PCI devices in guest domains |
| ---------------------------------- |
--------------------------------------------------- |
| |
|
| The domain0 can give other domains access to selected PCI devices. This |
The dom0 can give other domains access to selected PCI |
| can allow, for example, a non-privileged domain to have access to a |
devices. This can allow, for example, a non-privileged domain to have |
| physical network interface or disk controller. However, keep in mind |
access to a physical network interface or disk controller. However, |
| that giving a domain access to a PCI device most likely will give the |
keep in mind that giving a domain access to a PCI device most likely |
| domain read/write access to the whole physical memory, as PCs don't have |
will give the domain read/write access to the whole physical memory, |
| an IOMMU to restrict memory access to DMA-capable device. Also, it's not |
as PCs don't have an IOMMU to restrict memory access to DMA-capable |
| possible to export ISA devices to non-domain0 domains (which means that |
device. Also, it's not possible to export ISA devices to non-dom0 |
| the primary VGA adapter can't be exported. A guest domain trying to |
domains, which means that the primary VGA adapter can't be exported. |
| access the VGA registers will panic). |
A guest domain trying to access the VGA registers will panic. |
| |
|
| This functionality is only available in NetBSD-5.1 (and later) domain0 |
If the dom0 is NetBSD, it has to be running Xen 3.1, as support has |
| and domU. If the domain0 is NetBSD, it has to be running Xen 3.1, as |
not been ported to later versions at this time. |
| support has not been ported to later versions at this time. |
|
| |
For a PCI device to be exported to a domU, is has to be attached to |
| For a PCI device to be exported to a domU, is has to be attached to the |
the "pciback" driver in dom0. Devices passed to the dom0 via the |
| `pciback` driver in domain0. Devices passed to the domain0 via the |
pciback.hide boot parameter will attach to "pciback" instead of the |
| pciback.hide boot parameter will attach to `pciback` instead of the |
usual driver. The list of devices is specified as "(bus:dev.func)", |
| usual driver. The list of devices is specified as `(bus:dev.func)`, |
|
| where bus and dev are 2-digit hexadecimal numbers, and func a |
where bus and dev are 2-digit hexadecimal numbers, and func a |
| single-digit number: |
single-digit number: |
| |
|
| pciback.hide=(00:0a.0)(00:06.0) |
pciback.hide=(00:0a.0)(00:06.0) |
| |
|
| pciback devices should show up in the domain0's boot messages, and the |
pciback devices should show up in the dom0's boot messages, and the |
| devices should be listed in the `/kern/xen/pci` directory. |
devices should be listed in the `/kern/xen/pci` directory. |
| |
|
| PCI devices to be exported to a domU are listed in the `pci` array of |
PCI devices to be exported to a domU are listed in the "pci" array of |
| the domU's config file, with the format `'0000:bus:dev.func'` |
the domU's config file, with the format "0000:bus:dev.func". |
| |
|
| pci = [ '0000:00:06.0', '0000:00:0a.0' ] |
|
| |
|
| In the domU an `xpci` device will show up, to which one or more pci |
|
| busses will attach. Then the PCI drivers will attach to PCI busses as |
|
| usual. Note that the default NetBSD DOMU kernels do not have `xpci` or |
|
| any PCI drivers built in by default; you have to build your own kernel |
|
| to use PCI devices in a domU. Here's a kernel config example: |
|
| |
|
| include "arch/i386/conf/XEN3_DOMU" |
|
| #include "arch/i386/conf/XENU" # in NetBSD 3.0 |
|
| |
|
| # Add support for PCI busses to the XEN3_DOMU kernel |
|
| xpci* at xenbus ? |
|
| pci* at xpci ? |
|
| |
|
| # Now add PCI and related devices to be used by this domain |
|
| # USB Controller and Devices |
|
| |
|
| # PCI USB controllers |
|
| uhci* at pci? dev ? function ? # Universal Host Controller (Intel) |
|
| |
|
| # USB bus support |
|
| usb* at uhci? |
|
| |
|
| # USB Hubs |
pci = [ '0000:00:06.0', '0000:00:0a.0' ] |
| uhub* at usb? |
|
| uhub* at uhub? port ? configuration ? interface ? |
|
| |
|
| # USB Mass Storage |
In the domU an "xpci" device will show up, to which one or more pci |
| umass* at uhub? port ? configuration ? interface ? |
busses will attach. Then the PCI drivers will attach to PCI busses as |
| wd* at umass? |
usual. Note that the default NetBSD DOMU kernels do not have "xpci" |
| # SCSI controllers |
or any PCI drivers built in by default; you have to build your own |
| ahc* at pci? dev ? function ? # Adaptec [23]94x, aic78x0 SCSI |
kernel to use PCI devices in a domU. Here's a kernel config example; |
| |
note that only the "xpci" lines are unusual. |
| # SCSI bus support (for both ahc and umass) |
|
| scsibus* at scsi? |
include "arch/i386/conf/XEN3_DOMU" |
| |
|
| # SCSI devices |
# Add support for PCI busses to the XEN3_DOMU kernel |
| sd* at scsibus? target ? lun ? # SCSI disk drives |
xpci* at xenbus ? |
| cd* at scsibus? target ? lun ? # SCSI CD-ROM drives |
pci* at xpci ? |
| |
|
| |
# PCI USB controllers |
| |
uhci* at pci? dev ? function ? # Universal Host Controller (Intel) |
| |
|
| |
# USB bus support |
| |
usb* at uhci? |
| |
|
| |
# USB Hubs |
| |
uhub* at usb? |
| |
uhub* at uhub? port ? configuration ? interface ? |
| |
|
| |
# USB Mass Storage |
| |
umass* at uhub? port ? configuration ? interface ? |
| |
wd* at umass? |
| |
# SCSI controllers |
| |
ahc* at pci? dev ? function ? # Adaptec [23]94x, aic78x0 SCSI |
| |
|
| |
# SCSI bus support (for both ahc and umass) |
| |
scsibus* at scsi? |
| |
|
| |
# SCSI devices |
| |
sd* at scsibus? target ? lun ? # SCSI disk drives |
| |
cd* at scsibus? target ? lun ? # SCSI CD-ROM drives |
| |
|
| |
|
| NetBSD as a domU in a VPS |
NetBSD as a domU in a VPS |
|
Line 830 hardware. This section explains how to
|
Line 858 hardware. This section explains how to
|
| virtual private server where you do not control or have access to the |
virtual private server where you do not control or have access to the |
| dom0. |
dom0. |
| |
|
| TODO: Perhaps reference panix, prmgr, amazon as interesting examples. |
VPS operators provide varying degrees of access and mechanisms for |
| |
configuration. The big issue is usually how one controls which kernel |
| |
is booted, because the kernel is nominally in the dom0 filesystem (to |
| |
which VPS users do not normally have acesss). |
| |
|
| |
A VPS user may want to compile a kernel for security updates, to run |
| |
npf, run IPsec, or any other reason why someone would want to change |
| |
their kernel. |
| |
|
| |
One approach is to have an adminstrative interface to upload a kernel, |
| |
or to select from a prepopulated list. Other approaches are py-grub |
| |
(deprecated) and pvgrub, which are ways to have a bootloader obtain a |
| |
kernel from the domU filesystem. This is closer to a regular physical |
| |
computer, where someone who controls a machine can replace the kernel. |
| |
|
| |
py-grub |
| |
------- |
| |
|
| |
py-grub runs in the dom0 and looks into the domU filesystem. This |
| |
implies that the domU must have a kernel in a filesystem in a format |
| |
known to py-grub. As of 2014, py-grub seems to be of mostly historical interest. |
| |
|
| |
pvgrub |
| |
------ |
| |
|
| |
pvgrub is a version of grub that uses PV operations instead of BIOS |
| |
calls. It is booted from the dom0 as the domU kernel, and then reads |
| |
/grub/menu.lst and loads a kernel from the domU filesystem. |
| |
|
| |
[prgmr.com](http://prgmr.com/) uses this approach to let users choose |
| |
their own operating system and kernel. See then [prgmr.com NetBSD |
| |
HOWTO](http://wiki.prgmr.com/mediawiki/index.php/NetBSD_as_a_DomU). |
| |
|
| |
Typically one has an ext2 or FAT partition for the kernel, so that |
| |
grub can understand it, which leads to /netbsd not being the actual |
| |
kernel. One must remember to update the special boot partiion. |
| |
|
| |
Amazon |
| |
------ |
| |
|
| TODO: Somewhere, discuss pvgrub and py-grub to load the domU kernel |
TODO: add link to NetBSD amazon howto. |
| from the domU filesystem. |
|
| |
|
| Using npf |
Using npf |
| --------- |
--------- |
|
Line 841 Using npf
|
Line 906 Using npf
|
| In standard kernels, npf is a module, and thus cannot be loadeed in a |
In standard kernels, npf is a module, and thus cannot be loadeed in a |
| DOMU kernel. |
DOMU kernel. |
| |
|
| TODO: explain how to compile npf into a custom kernel, answering: |
TODO: explain how to compile npf into a custom kernel, answering (but |
| |
note that the problem was caused by not booting the right kernel): |
| http://mail-index.netbsd.org/netbsd-users/2014/12/26/msg015576.html |
http://mail-index.netbsd.org/netbsd-users/2014/12/26/msg015576.html |
![[BACK]](/icons/back.gif){kind=icon}
Return to howto.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / ports / xen