About Xen: maybe a reiterative question but ..

classic Classic list List threaded Threaded
171 messages Options
1234 ... 9
Reply | Threaded
Open this post in threaded view
|

About Xen: maybe a reiterative question but ..

C. L. Martinez
Hi all,

  I know that time to time somebody do the same question, but I need to know it:
is it planned at some point to release a paravirtualized xen kernel for OpenBSD
4.3 or 4.4???

  In March'08 I need to virtualize two openbsd servers under xen (host doesn't
supports HVM guests). But if it is not possible, I will migrate to NetBSD ...

Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
On 22/10/2007, carlopmart <[hidden email]> wrote:
> Hi all,
>
>   I know that time to time somebody do the same question, but I need to know it:
> is it planned at some point to release a paravirtualized xen kernel for OpenBSD
> 4.3 or 4.4???

It already exists. You can run OpenBSD DomUs (ie. run OpenBSD as a Xen
"guest"**), but AFAIK you still can't run OpenBSD Dom0s (ie. run
OpenBSD as a Xen "host"**).

See http://www.ropersonline.com/openbsd/xen/

** This is a flawed metaphor, because Xen is a _hypervisor_, NOT an
emulator. The Domain U installs are not really running as guest OSes,
and the Domain zero installations are not really running as host OSes.
But you need at least one Dom0 (which when I last looked into this
still could not be OpenBSD) and you can install OpenBSD as a DomU.

I know very little, apart from having been curious once. If you want
to know more, you probably really should talk to Christoph Egger, who
did the actual porting work.

Thanks and regards,
--ropers

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Nick Guenther
On 10/22/07, ropers <[hidden email]> wrote:

> On 22/10/2007, carlopmart <[hidden email]> wrote:
> > Hi all,
> >
> >   I know that time to time somebody do the same question, but I need to know it:
> > is it planned at some point to release a paravirtualized xen kernel for OpenBSD
> > 4.3 or 4.4???
>
> It already exists. You can run OpenBSD DomUs (ie. run OpenBSD as a Xen
> "guest"**), but AFAIK you still can't run OpenBSD Dom0s (ie. run
> OpenBSD as a Xen "host"**).
>
> See http://www.ropersonline.com/openbsd/xen/
>
> ** This is a flawed metaphor, because Xen is a _hypervisor_, NOT an
> emulator. The Domain U installs are not really running as guest OSes,
> and the Domain zero installations are not really running as host OSes.
> But you need at least one Dom0 (which when I last looked into this
> still could not be OpenBSD) and you can install OpenBSD as a DomU.
>

So that means that OpenBSD has code in it right now that detects if
it's running under Xen and paravirtualizes itself?

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
On 22/10/2007, Nick Guenther <[hidden email]> wrote:

> On 10/22/07, ropers <[hidden email]> wrote:
> > On 22/10/2007, carlopmart <[hidden email]> wrote:
> > > Hi all,
> > >
> > >   I know that time to time somebody do the same question, but I need to know it:
> > > is it planned at some point to release a paravirtualized xen kernel for OpenBSD
> > > 4.3 or 4.4???
> >
> > It already exists. You can run OpenBSD DomUs (ie. run OpenBSD as a Xen
> > "guest"**), but AFAIK you still can't run OpenBSD Dom0s (ie. run
> > OpenBSD as a Xen "host"**).
> >
> > See http://www.ropersonline.com/openbsd/xen/
> >
> > ** This is a flawed metaphor, because Xen is a _hypervisor_, NOT an
> > emulator. The Domain U installs are not really running as guest OSes,
> > and the Domain zero installations are not really running as host OSes.
> > But you need at least one Dom0 (which when I last looked into this
> > still could not be OpenBSD) and you can install OpenBSD as a DomU.
> >
>
> So that means that OpenBSD has code in it right now that detects if
> it's running under Xen and paravirtualizes itself?
>
> -Nick

Not as far as I know, but I know very little.

AFAIK, it's still necessary to clone the Mercurial (
http://en.wikipedia.org/wiki/Mercurial_%28software%29 ) VCS (
http://en.wikipedia.org/wiki/Version_control_system ) as described
here: http://www.ropersonline.com/openbsd/xen/openbsd-xen-howto

As far as I gathered, Christoph's effort has not been widely
publicised and may not even be known to even some hard core OpenBSD
people.

I also seemed to gather that at some point there might have been some
concerns regarding running OpenBSD as a DomU or similar, because it
removes some of the security benefits, so there might be a trade-off
there. A DomU is not the same as a true standalone server, though I
personally would welcome the incorporation of Christoph's code into
OpenBSD, if only because I hope to save hosting costs and still run
OpenBSD.

But I could be very wrong in all of the above, and I don't want to
start rumours. If you want to get proper, authoritative answers, you
should probably ask Theo and Christoph (though it might benefit the
archives to cc the misc list).

Thanks and regards,
--ropers

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
On 22/10/2007, ropers <[hidden email]> wrote:

> On 22/10/2007, Nick Guenther <[hidden email]> wrote:
> > On 10/22/07, ropers <[hidden email]> wrote:
> > > On 22/10/2007, carlopmart <[hidden email]> wrote:
> > > > Hi all,
> > > >
> > > >   I know that time to time somebody do the same question, but I need to know it:
> > > > is it planned at some point to release a paravirtualized xen kernel for OpenBSD
> > > > 4.3 or 4.4???
> > >
> > > It already exists. You can run OpenBSD DomUs (ie. run OpenBSD as a Xen
> > > "guest"**), but AFAIK you still can't run OpenBSD Dom0s (ie. run
> > > OpenBSD as a Xen "host"**).
> > >
> > > See http://www.ropersonline.com/openbsd/xen/
> > >
> > > ** This is a flawed metaphor, because Xen is a _hypervisor_, NOT an
> > > emulator. The Domain U installs are not really running as guest OSes,
> > > and the Domain zero installations are not really running as host OSes.
> > > But you need at least one Dom0 (which when I last looked into this
> > > still could not be OpenBSD) and you can install OpenBSD as a DomU.

For what it's worth, I plan on setting up a Xen box with an Ubuntu
Dom0 and an OpenBSD DomU Real Soon Now, as soon as I get my trashpile
computer fixed.
(It's currently running Ubuntu with faulty RAM, because I got ripped
off by some US-Americans* via ebay, and I can't afford to throw more
money at it to fix it, because I'm now long term ill AND on
wellfare**... yadda, yadda, whine, whine ;-P )

Anyway, I plan on telling the misc list if and when I manage to set
this up. Of course, dmesgs will be included.

--ropers

* and if you don't mind me saying it: fucking scam artist Septics. No
honor or integrity.

** The Gods be praised for EU wellfare states. The Seppos don't know
what they're missing. :D

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Jeff Quast
In reply to this post by Nick Guenther
On 10/22/07, Nick Guenther <[hidden email]> wrote:
> On 10/22/07, ropers <[hidden email]> wrote:
> > On 22/10/2007, carlopmart <[hidden email]> wrote:
> > > Hi all,
> > >
> > >   I know that time to time somebody do the same question, but I need to know it:
> > > is it planned at some point to release a paravirtualized xen kernel for OpenBSD
> > > 4.3 or 4.4???

yum

> > It already exists. You can run OpenBSD DomUs (ie. run OpenBSD as a Xen
> > "guest"**), but AFAIK you still can't run OpenBSD Dom0s (ie. run
> > OpenBSD as a Xen "host"**).
> >
> > See http://www.ropersonline.com/openbsd/xen/
> >

true

> > But you need at least one Dom0 (which when I last looked into this
> > still could not be OpenBSD) and you can install OpenBSD as a DomU.

Only recently using HVM, not paravirtualization

> So that means that OpenBSD has code in it right now that detects if
> it's running under Xen and paravirtualizes itself?
>

no

I would like to vouch for openbsd working great as a guest, but my
guest has crashed a dozen times. However I think this is due to the
debian linux dom0 having broken sata code for the controller in use.
dom0's dmesg is filled with debug statements from sata related places
in the kernel that should never be printed. We're in a messy
de-centralized linux development world trying to get a stable dom0
patched together. It sucks.

The paravirtualization port appears dead to me. I've tried to keep up
on it, but the guy's blog no longer mentions it, his repository is
often down, and when it is up the commits do not appear to be very
frequent. Also his blog hasn't mentioned it in a year or more.

http://hg.recoil.org/openbsd-xen-sys.hg
http://anil.recoil.org/blog/

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
On 23/10/2007, Jeff Quast <[hidden email]> wrote:
> The paravirtualization port appears dead to me. I've tried to keep up
> on it, but the guy's blog no longer mentions it, his repository is
> often down, and when it is up the commits do not appear to be very
> frequent. Also his blog hasn't mentioned it in a year or more.
>
> http://hg.recoil.org/openbsd-xen-sys.hg
> http://anil.recoil.org/blog/

Anil Madhavapeddy was Christoph's Google Summer of Code 2006 _mentor_.
Christoph Egger did all or most of the work.

Cf. here: http://code.google.com/soc/2006/xensource/about.html

If people don't have Christoph's email address and want it, email me
off-list. I'm not sure if it's polite to make Christoph's email
address hit the archives where a thousand address harvesting bots can
pick it up. OTOH, Christoph's  address can be found via Google.

Also, I think it's more or less useless to speculate on the state of
the port -- much better to simply ask Christoph what the story is. Who
knows, if there turns out to be real interest here, maybe the code can
still be put to use in a way similar to what Nick suggested.

--ropers

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
In reply to this post by Jeff Quast
On 23/10/2007, Jeff Quast <[hidden email]> wrote:
> I would like to vouch for openbsd working great as a guest, but my
> guest has crashed a dozen times. However I think this is due to the
> debian linux dom0 having broken sata code for the controller in use.
> dom0's dmesg is filled with debug statements from sata related places
> in the kernel that should never be printed. We're in a messy
> de-centralized linux development world trying to get a stable dom0
> patched together. It sucks.

This is what I meant to hint at earlier: Running an OpenBSD DomU in
connection with, say, a Linux Xen Dom0 possibly makes that OpenBSD
installation subject to bugs in the hypervisor/Dom0, and that may be
unavoidable. The question is, is that a worthwhile trade-off? Is this
a reason not to support Xen? Or should the user be given that option
regardless of the inherent limitations and consequences?

--ropers

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

C. L. Martinez
ropers wrote:

> On 23/10/2007, Jeff Quast <[hidden email]> wrote:
>> I would like to vouch for openbsd working great as a guest, but my
>> guest has crashed a dozen times. However I think this is due to the
>> debian linux dom0 having broken sata code for the controller in use.
>> dom0's dmesg is filled with debug statements from sata related places
>> in the kernel that should never be printed. We're in a messy
>> de-centralized linux development world trying to get a stable dom0
>> patched together. It sucks.
>
> This is what I meant to hint at earlier: Running an OpenBSD DomU in
> connection with, say, a Linux Xen Dom0 possibly makes that OpenBSD
> installation subject to bugs in the hypervisor/Dom0, and that may be
> unavoidable. The question is, is that a worthwhile trade-off? Is this
> a reason not to support Xen? Or should the user be given that option
> regardless of the inherent limitations and consequences?
>
> --ropers
>
>

IMHO I think that OpenBSD needs to capable to install and run as a
paravirtualized domU guest, with some limitations if you like.

Last year I have do the same question. Then it was said that only needed NetBSD
do the xen port, and from there just enough to carry to OpenBSD. The reality is
that NetBSD long ago that can be installed and run as domU and OpenBSD not.

And my question is why?? i think that only one developer can't maintain this
type of code ... needs more help. I am not developer but i can do tests if you
needed ....


--
CL Martinez
carlopmart {at} gmail {d0t} com

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Luca Corti-3
In reply to this post by ropers
On Tue, 2007-10-23 at 01:11 +0200, ropers wrote:
> unavoidable. The question is, is that a worthwhile trade-off? Is this
> a reason not to support Xen? Or should the user be given that option
> regardless of the inherent limitations and consequences?

A proper Dom0 port of XEN to OpenBSD would solve this by removing the
linux dependency. However this would probably require a significant
effort on OpenBSD side and a XEN Hypervisor code audit.

Also from earlier discussion on the list it seems this kind of
virtualization may impact on security, which is in direct contrast with
OpenBSD goals. Can someone elaborate more on this?

ciao

Luca

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Per-Erik Persson
I might be flamed for this statement but not being able to run inside a
virtualized environment is not an option in the future.
Most servers you can buy today are to powerful for only taking care of
one task.
It is really handy to be able to "shuffle" around the cpu:s to the
virtual machine that needs it at the moment.

OpenBSD is much to powerful to be used only on soekris and wrap boxes as
a firewall for the homeuser.
If OpenBSD doesn't adopt to the virtualization trend it will used only
as an obscure firewall box.

If I need to run linux as Dom0 to be able to put most of my OpenBSD
machines into one single box(well two actually if you want failover, and
that you probably want)
The security sacrifice is OK to me, at least knowing that the option is
to not run OpenBSD at all since I would need too many machines and to
much electricity and force me to build a new serverroom.

The firewall and the KDC will probably not be virtualized yet, but
everything else will soon be.

Luca Corti wrote:

>On Tue, 2007-10-23 at 01:11 +0200, ropers wrote:
>  
>
>>unavoidable. The question is, is that a worthwhile trade-off? Is this
>>a reason not to support Xen? Or should the user be given that option
>>regardless of the inherent limitations and consequences?
>>    
>>
>
>A proper Dom0 port of XEN to OpenBSD would solve this by removing the
>linux dependency. However this would probably require a significant
>effort on OpenBSD side and a XEN Hypervisor code audit.
>
>Also from earlier discussion on the list it seems this kind of
>virtualization may impact on security, which is in direct contrast with
>OpenBSD goals. Can someone elaborate more on this?
>
>ciao
>
>Luca

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Lars D. Noodén
Per-Erik Persson wrote:
> ... not being able to run inside a
> virtualized environment is not an option in the future.

Virtualization is available already.  See the package qemu.
        http://www.openbsd.org/4.1_packages/

Or are you aiming for Xen specifically?

Keep in mind that the most significant opponent to OpenBSD has now
influence if not control over Xen:
        http://www.theregister.co.uk/2006/07/18/ms_xen_partner/

Xen's developer and management time will be burned up with no result.

No business that I am aware of has yet survived such a "partnership"
It'd be a first if XenSource were to break the record.

-Lars

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Lars Hansson-5
In reply to this post by Per-Erik Persson
On 10/23/07, Per-Erik Persson <[hidden email]> wrote:
> I might be flamed for this statement but not being able to run inside a
> virtualized environment is not an option in the future.

The future is not now, no-one is saying openBSD will never run in a
virtualized environment.

> Most servers you can buy today are to powerful for only taking care of
> one task.

You know that one machine can performs more than one task even without
virtualization, right?

> If OpenBSD doesn't adopt to the virtualization trend it will used only
> as an obscure firewall box.

Or perhaps future (bette) virtualizations won't require special OS
support. Xen is not a be-all-end-all.

---
Lars Hansson

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Lars D. Noodén
In reply to this post by Lars D. Noodén
Per-Erik Persson wrote:
> To get the best performance out of qemu you need to run linux.

I'm no expert in virtualization, but may I ask if you are remembering to
use kqemu ?

There is also virtual box.
        http://www.virtualbox.org/
It may or may not run on an OpenBSD host, but does run OpenBSD as a
guest according to the web site.

> At least on my machines qemu is dead slow.
> I was hoping xen would perform better together with openbsd, however I
> get  a little bit worried when I google openbsd+xen
> Mostly get dead links.

Furthermore, it seems that XenSource has been sold off to Citrix, makers
of that steaming pile of crap known as Citrix:
        http://www.citrixxenserver.com/Pages/default.aspx

That bodes very, very, very ill for the product.
Citrix, IMHO, will make sure that Xen will be poor at hosting non-MS
tools and will be unported from OSS hosts.
If we are lucky, the developers will leave / have left and will fork the
code.

> Xen seems to be leading the virtualization trend right now,

If you had written that a year and a half ago, I would have agreed.  Xen
was good a while back.  However, here is another article on the same topic:

        http://www.theregister.co.uk/2006/07/20/ms_xen_love/page2.html

       "Itbs a one-way street that favors Microsoft and
        Windows running Linux. The arrangement will allow Linux
        to run on future Microsoft hypervisors through translated
        calls to the hypervisor when Windows is controlling the
        hardware, but not the other way around; i.e. there is no
        mention of Longhorn optimizations or 'enlightenments
        being ported to Xen or licensed to XenSource to enable a
        Xen hypervisor to run full optimizations with Longhorn
        OS."

Granted that quote is from a competitor (VMware, which seems to be a
broken linux kernel) but MS has 'partnered' with XenSource and we know
what the ultimate results will be.

The choices narrow.
Can kqemu be compiled for OBSD?  Is virtualbox an option?

Regards
-Lars

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Henning Brauer
In reply to this post by C. L. Martinez
* carlopmart <[hidden email]> [2007-10-23 09:13]:
> IMHO I think that OpenBSD needs to capable to install and run as a
> paravirtualized domU guest, with some limitations if you like.
>
> Last year I have do the same question. Then it was said that only needed
> NetBSD do the xen port, and from there just enough to carry to OpenBSD. The
> reality is that NetBSD long ago that can be installed and run as domU and
> OpenBSD not.
>
> And my question is why??

easy: nobody has done the work.

I don't know how far Christoph's efforts went really - but it really
comes down to somebody sitting down, doing teh porting work in a
clean manner, showing dedication, willingness and ability to keep
supporting it in future. that simple.

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
Hi Christoph,

Right now, on the OpenBSD misc mailing list, there is this discussion:
http://www.sigmasoft.com/~openbsd/archives/html/openbsd-misc/2007-10/threads.html#01149
about OpenBSD/Xen.

We last spoke last year, when I put your BSDtalk interview transcript
online at http://ropersonline.com/openbsd/xen .

It seems to me that most people on the misc mailing list currently are
not very aware of your OpenBSD Xen port. Could I possibly ask you to
participate in the discussion? I feel that you (and Theo) are the only
guys who can provide authoritative answers on the issue.

Some of the questions that I feel are unclear are:
- Was your porting work fully completed? IIRC it was, but please clarify.
- Is your port still being maintained? Can it be run with OpenBSD
-current or 4.2?
- It seems to me that your port didn't achieve wide recognition and
acclaim because of a lack of publicity.
- AFAIK your OpenBSD/Xen port code hasn't found its way into the
official OpenBSD distribution. Is this correct?
- Are there any reasons why your code didn't go into the official
OpenBSD distro? Was it lack of awareness? Have you ever talked to Theo
and/or other central OpenBSD people?
- Is there any hope that your port might still become part of the
official OpenBSD distribution?
(Theo: Could you possibly comment as well?)

I'd personally be very interested to see your port become part of the
official distribution, but I sadly can't code myself, so all I can do
is ask and hope. :)

Once again, thanks for your hard work. :)

Many thanks in advance and kind regards,
Jens Ropers

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Ted Unangst-2
In reply to this post by Per-Erik Persson
On 10/23/07, Per-Erik Persson <[hidden email]> wrote:
> If OpenBSD doesn't adopt to the virtualization trend it will used only
> as an obscure firewall box.

people have been saying "if openbsd doesn't <do what i want> it will
only be used as an obscure firewall box" for years.  what else is new?

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

ropers
In reply to this post by Jeff Quast
On 23/10/2007, Jeff Quast <[hidden email]> wrote:
> > > On 22/10/2007, carlopmart <[hidden email]> wrote:
> > > > Hi all,
> > > >
> > > > I know that time to time somebody do the same question, but I need to
> > > > know it: is it planned at some point to release a paravirtualized xen kernel
> > > > for OpenBSD 4.3 or 4.4???
>
> yum

Sorry Jeff, I missed the above earlier on. Is that a yes? Does that
mean that Christoph's code has gone or is going into OpenBSD current?

Thanks and regards,
--ropers

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

xSAPPYx
In reply to this post by Lars D. Noodén
On 10/23/07, Lars NoodC)n <[hidden email]> wrote:
> Per-Erik Persson wrote:
> > ... not being able to run inside a
> > virtualized environment is not an option in the future.
>
> Virtualization is available already.  See the package qemu.
>         http://www.openbsd.org/4.1_packages/
>
> Or are you aiming for Xen specifically?
>

fwiw, kvm works well too if Xen isn't a hard requirement
http://kvm.qumranet.com/kvmwiki

Reply | Threaded
Open this post in threaded view
|

Re: About Xen: maybe a reiterative question but ..

Nick Guenther
In reply to this post by Lars D. Noodén
On 10/23/07, Lars Noodin <[hidden email]> wrote:
> Per-Erik Persson wrote:
> > To get the best performance out of qemu you need to run linux.
>
> The choices narrow.
> Can kqemu be compiled for OBSD?  Is virtualbox an option?

I had this thought a couple of weeks ago and started looking through
the kqemu code but got totally lost. There's a NetBSD kqemu, so it's
certainly possible.. but someone just has to do it... and
unfortunately I'm no help.

-Nick

1234 ... 9