FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 07-15-2008, 09:41 AM
Goswin von Brederlow
 
Default Xen status in lenny?

Bastian Blank <waldi@debian.org> writes:

> On Thu, Jul 10, 2008 at 09:53:25PM +0200, Lucas Nussbaum wrote:
>> What are the plans for Xen for lenny? Is this situation likely to change
>> before the release?
>
> It will ship the hypervisor and a domU kernel. For dom0 it will need
> either the etch or my own[1] kernel. This may be changed later if we can
> get a new kernel in the stable release.
>
> Bastian
>
> [1]:
> deb http://kernel-archive.buildserver.net/debian-kernel/waldi/xen-extra all main

Could I suggest adding a linux-2.6.18 package to lenny that builds a
dom0 kernel?

Otherwise lenny XEN support would be limited to the lifetime of
old-stable unless a point release adds a xen dom0 kernel image later
on.

MfG
Goswin


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-15-2008, 11:08 AM
Lucas Nussbaum
 
Default Xen status in lenny?

On 12/07/08 at 19:39 -0700, Steve Langasek wrote:
> On Sun, Jul 13, 2008 at 12:10:28AM +0200, Lucas Nussbaum wrote:
> > We (Debian) should make a clear statement that users of Debian as dom0
> > will have at least one supported configuration at any time during the
> > lenny lifetime.
>
> What I don't see you saying is that *you* are volunteering to step up and
> help provide security support for this kernel. So it's "we" when we're
> making a statement, but it's still "they" who would have to provide the
> actual support, AFAICS.

How/if we will support Xen in lenny is more a policy decision than a
technical decision, even if it has important technical aspects.

Even if it's not optimal, I agree with do-ocracy for technical
decisions. However, using it for everything is dangerous. Instead, I
prefer to:
1/ understand the situation
2/ determine the possible solutions
3/ determine the best solutions, given external constraints (inc.
manpower)
4/ try to find someone to do the work

Throwing "you are not going to do the work anyway, so you are
irrelevant" at everybody is not helpful at all, and just adds noise to
the discussion, because we are still between stages 2 and 3 here.
--
| Lucas Nussbaum
| lucas@lucas-nussbaum.net http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr GPG: 1024D/023B3F4F |


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-15-2008, 12:01 PM
Thijs Kinkhorst
 
Default Xen status in lenny?

On Tuesday 15 July 2008 13:08, Lucas Nussbaum wrote:
> How/if we will support Xen in lenny is more a policy decision than a
> technical decision, even if it has important technical aspects.
>
> Even if it's not optimal, I agree with do-ocracy for technical
> decisions. However, using it for everything is dangerous. Instead, I
> prefer to:
> 1/ understand the situation
> 2/ determine the possible solutions
> 3/ determine the best solutions, given external constraints (inc.
> manpower)
> 4/ try to find someone to do the work
>
> Throwing "you are not going to do the work anyway, so you are
> irrelevant" at everybody is not helpful at all, and just adds noise to
> the discussion, because we are still between stages 2 and 3 here.

I find it a pity that your mail doesn't contain any argumentation for your
postulations. For a start, I don't think it's obvious that this is a policy
decision, nor that a "do-ocracy is dangerous" in a general sense.

Xen is just one solution to virtualisation. I may agree that a general
decision to support virtualisation on Debian could be a policy decision, but
whether we'll support one specific technology, for which there are many
alternatives, is very much a technical decision. Does it work, can we get it
to work and do we have the people to keep it work after release?


Thijs
 
Old 07-15-2008, 12:34 PM
Pasi Kärkkäinen
 
Default Xen status in lenny?

On Tue, Jul 15, 2008 at 01:08:23PM +0200, Lucas Nussbaum wrote:
> On 12/07/08 at 19:39 -0700, Steve Langasek wrote:
> > On Sun, Jul 13, 2008 at 12:10:28AM +0200, Lucas Nussbaum wrote:
> > > We (Debian) should make a clear statement that users of Debian as dom0
> > > will have at least one supported configuration at any time during the
> > > lenny lifetime.
> >
> > What I don't see you saying is that *you* are volunteering to step up and
> > help provide security support for this kernel. So it's "we" when we're
> > making a statement, but it's still "they" who would have to provide the
> > actual support, AFAICS.
>
> How/if we will support Xen in lenny is more a policy decision than a
> technical decision, even if it has important technical aspects.
>
> Even if it's not optimal, I agree with do-ocracy for technical
> decisions. However, using it for everything is dangerous. Instead, I
> prefer to:
> 1/ understand the situation
> 2/ determine the possible solutions
> 3/ determine the best solutions, given external constraints (inc.
> manpower)
> 4/ try to find someone to do the work
>
> Throwing "you are not going to do the work anyway, so you are
> irrelevant" at everybody is not helpful at all, and just adds noise to
> the discussion, because we are still between stages 2 and 3 here.

The situation is pretty much like this:

- Upstream vendor (Xensource) only develops 2.6.18 Xen dom0/domU kernel atm.

- paravirt_ops (pv_ops) Xen support in vanilla (v2.6.24+) Linux kernels is currently
domU only. Also it's 32bit PAE only, no 64bit yet. Other features are
missing too (compared to xensource 2.6.18 xen kernel).

- Xen kernel features from 2.6.18 are being ported and added slowly to 2.6.2x
pv_ops kernels but it takes time and effort to get them ported and accepted
upstream (by linus). Currently Jeremy Fitzhardinge (from Xensource) is doing
this work. I think currently he's working on getting 64bit domU support ready/integrated.

- Redhat/Fedora has done some pv_ops xen dom0 support work, but it's not
ready yet and it hasn't had much progress lately.. unfortunately.

- 2.6.22 and 2.6.24 (non pv_ops) kernels with forward ported patches from 2.6.18
are a real pain for kernel maintainers..

- Fedora decided to drop dom0 xen kernel for Fedora 9. Fedora 9 only ships
with xen pv_ops domU kernel. They're planning to add dom0 support back for
Fedora 10 if/when (pv_ops) dom0 support is included in the upstream
vanilla (linus) kernel.

Some links:

http://wiki.xensource.com/xenwiki/XenParavirtOps
http://fedoraproject.org/wiki/Features/XenPvopsDom0

-- Pasi


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-15-2008, 12:54 PM
Lucas Nussbaum
 
Default Xen status in lenny?

On 15/07/08 at 14:01 +0200, Thijs Kinkhorst wrote:
> Xen is just one solution to virtualisation. I may agree that a general
> decision to support virtualisation on Debian could be a policy decision, but
> whether we'll support one specific technology, for which there are many
> alternatives, is very much a technical decision. Does it work, can we get it
> to work and do we have the people to keep it work after release?

Debian supported Xen in etch. Which of the "many alternatives" should
Debian recommend to its users currently running a Debian dom0 in
paravirt mode?

I don't think that any of the alternatives are valid candidates yet:
- Linux-Vserver, OpenVZ: clearly not the same use case.
- Virtualbox, qemu: poor performance under some workloads.
- KVM: is very promising but is it really a valid alternative *now*
for current Xen users?

This might change in a few months, of course, but in a few months lenny
will be released. ;-)
--
| Lucas Nussbaum
| lucas@lucas-nussbaum.net http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr GPG: 1024D/023B3F4F |


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-15-2008, 02:02 PM
Bastian Blank
 
Default Xen status in lenny?

On Thu, Jul 10, 2008 at 09:53:25PM +0200, Lucas Nussbaum wrote:
> What are the plans for Xen for lenny? Is this situation likely to change
> before the release?

As we have seen, there is no real plan. So lets summarize the
possibilities:

Option 1: Use alternatives
==========================
Well, I don't know any real alternative.

There are some other virtualization techniques, but the decision which
one may be usable needs an evaluation of the actual usecase.

Option 2: Stick to Etch
=======================
Ask the users to stick to Etch until we can get a kernel into Lenny
which supports this type of operation.

Contra:
- No new software for Xen users.
- May hit the end of the security support for Etch.
Needed work: Documentation.

Option 3: Lenny with Etch kernel
================================
Ask the users to use the old Etch kernel with a Lenny userland.

Pro:
- New software.
Contra:
- May hit the end of the security support for Etch.
Needed work: Some documentation how to do this.

Option 4: 2.6.18 kernel in Lenny, until Lenny+1/2
=================================================
Push a (Xen-only) 2.6.18 kernel into Lenny. Either with the Etch or
preferably a newer Xen patch. This kernel will be supported until
Lenny+1/2 hopefully pushs a kernel with the necessary support into the
stable release, but at most until the Lenny+1 release. It may be
possible that this will also need a Xen update to work with the new
kernels.

Pro:
- New software.
- Full support for the beginning.
Contra:
- We have to overwrite the decision to support only one Linux kernel in
a stable release.
- Dropping support of a package during the lifetime of a stable release
was always a last resort solution. So this needs a fat warning in the
release notes.[1]
Needed work for kernel/security team[2]:
- Until end of Etch support: Push the same update in oldstable-security
and stable-security.
- After end of Etch support: Continue the support for this old kernel.
Lets hope that this will not take too long.
Needed work for other teams: Documentation.

Option 5: 2.6.18 kernel in Lenny
================================
Push a (Xen-only) 2.6.18 kernel into Lenny. Either with the Etch or
preferably a newer Xen patch. This kernel will be supported until the
normal end of the normal support.

Pro:
- New software.
- Full support.
Contra:
- We have to overwrite the decision to support only one Linux kernel in
a stable release.
Needed work for kernel/security team:
- Until end of Etch support: Push the same update in oldstable-security
and stable-security.
- After end of Etch support: Continue the support for this old kernel.

For further, not applicable options, see
http://fedoraproject.org/wiki/Features/XenPvops.

Conclusion
==========
Xen got a often used technique in the last two years. All of the large
distributions got some sort of support for it. Debian Etch have full
support for it. There was several requests of various people so I think
not providing at least a minimal support in Lenny is wrong.

I think option 4 would be the solution which produces the least amount
of extra work and provides our users with support for there systems. I
would provide the necessary packages but I want an okay for that
solution from the security and the release team.

Bastian, with his kernel and Xen hat on

[1]: Maybe it would be possible to replace the not-longer supported
packages with a critical warning in preinst. This package would never
allow themself to be configured.
[2]: Kernel security support is mostly done by Dann Frazier, who does it
as member of the kernel team.
--
Is truth not truth for all?
-- Natira, "For the World is Hollow and I have Touched
the Sky", stardate 5476.4.
 
Old 07-15-2008, 02:22 PM
Pasi Kärkkäinen
 
Default Xen status in lenny?

On Tue, Jul 15, 2008 at 02:54:09PM +0200, Lucas Nussbaum wrote:
> On 15/07/08 at 14:01 +0200, Thijs Kinkhorst wrote:
> > Xen is just one solution to virtualisation. I may agree that a general
> > decision to support virtualisation on Debian could be a policy decision, but
> > whether we'll support one specific technology, for which there are many
> > alternatives, is very much a technical decision. Does it work, can we get it
> > to work and do we have the people to keep it work after release?
>
> Debian supported Xen in etch. Which of the "many alternatives" should
> Debian recommend to its users currently running a Debian dom0 in
> paravirt mode?
>
> I don't think that any of the alternatives are valid candidates yet:
> - Linux-Vserver, OpenVZ: clearly not the same use case.
> - Virtualbox, qemu: poor performance under some workloads.
> - KVM: is very promising but is it really a valid alternative *now*
> for current Xen users?
>

One big difference between Xen and KVM is the fact that KVM always requires
hardware virtualization (HVM) support from the CPU.

Xen doesn't need that for paravirt guests (linux).

Xen still is the most feature rich hypervisor.. that might change some day,
of course.

The biggest advantage of KVM is that it's included in vanilla kernel..

Hopefully Jeremy Fitzhardinge (from Xensource) and others can get the
important Xen kernel features ported to pv_ops framework and integrated
into vanilla linus kernels soon..

Status/todo:
http://wiki.xensource.com/xenwiki/XenParavirtOps

Redhat/Fedora pv_ops Xen kernel dom0 support status:
http://fedoraproject.org/wiki/Features/XenPvopsDom0

-- Pasi


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-15-2008, 02:24 PM
John Goerzen
 
Default Xen status in lenny?

Lucas Nussbaum wrote:
> On 15/07/08 at 14:01 +0200, Thijs Kinkhorst wrote:
> - KVM: is very promising but is it really a valid alternative *now*
> for current Xen users?

That is an interesting question. We are doing some research on that
topic right now. I've migrated some VMware and xen stuff on my own
workstation to KVM, with highly encouraging results. That is, of
course, different than a server situation, but a data point nonetheless.

We have been happy with Xen in principle, but there have been enough
strange things happen over the past year or two that we're not entirely
comfortable with it anymore. These things include the hypervisor
crashing on creation or removal of a domU, strange kernel oops in domUs,
and severe brokenness of pciback.

It should be noted that KVM does not include PCI backend support, though
with the degree of brokenness of it in Xen, that may not be an issue.
Also, KVM requires hardware virtualization support, which Xen does not.
So it is not entirely a drop-in replacement.

The fact that Xensource is supporting 2.6.18 only, and that work on KVM
is integrated into the kernel upstream, is a strong argument to us for
converting to KVM. Unless something changes drastically with Xen's
kernel support, I can't see us doing anything but KVM long term.

-- John


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-15-2008, 03:00 PM
Bastian Blank
 
Default Xen status in lenny?

On Tue, Jul 15, 2008 at 05:22:55PM +0300, Pasi Kärkkäinen wrote:
> One big difference between Xen and KVM is the fact that KVM always requires
> hardware virtualization (HVM) support from the CPU.

It uses the the qemu device emulation code, which is security wise one
large catastrophe. Okay, Xen uses it also for full virtualized guests,
which is the reason why I currently discurage anyone from using it.
However this will change in the near future.

> The biggest advantage of KVM is that it's included in vanilla kernel..

Sure. This is the confession that small patchsets are much more likely
to be accepted than large ones. Xen started long time ago and they drag
a huge patch through the last years without the perspective to get
anything in without much rework.

> Hopefully Jeremy Fitzhardinge (from Xensource) and others can get the
> important Xen kernel features ported to pv_ops framework and integrated
> into vanilla linus kernels soon..

Yep.

Bastian

--
Witch! Witch! They'll burn ya!
-- Hag, "Tomorrow is Yesterday", stardate unknown
 
Old 07-15-2008, 04:48 PM
Pasi Kärkkäinen
 
Default Xen status in lenny?

On Tue, Jul 15, 2008 at 09:24:08AM -0500, John Goerzen wrote:
> Lucas Nussbaum wrote:
> > On 15/07/08 at 14:01 +0200, Thijs Kinkhorst wrote:
> > - KVM: is very promising but is it really a valid alternative *now*
> > for current Xen users?
>
> That is an interesting question. We are doing some research on that
> topic right now. I've migrated some VMware and xen stuff on my own
> workstation to KVM, with highly encouraging results. That is, of
> course, different than a server situation, but a data point nonetheless.
>
> We have been happy with Xen in principle, but there have been enough
> strange things happen over the past year or two that we're not entirely
> comfortable with it anymore. These things include the hypervisor
> crashing on creation or removal of a domU, strange kernel oops in domUs,
> and severe brokenness of pciback.
>
> It should be noted that KVM does not include PCI backend support, though
> with the degree of brokenness of it in Xen, that may not be an issue.
> Also, KVM requires hardware virtualization support, which Xen does not.
> So it is not entirely a drop-in replacement.
>
> The fact that Xensource is supporting 2.6.18 only, and that work on KVM
> is integrated into the kernel upstream, is a strong argument to us for
> converting to KVM. Unless something changes drastically with Xen's
> kernel support, I can't see us doing anything but KVM long term.
>

Xensource has a developer working on getting xen patches ported to Linux
pv_ops framework and integrated into upstream (vanilla) kernel.

Vanilla Linux v2.6.26 already contains 32bit (PAE) paravirtual domU support
with SMP, framebuffer, memory ballooning (contraction only) etc..

More features are being currently prepared for 2.6.27.. including 64bit domU
support, save/restore/migration etc..

Atm biggest (most important) missing feature from vanilla kernel is dom0 support..

See: http://wiki.xensource.com/xenwiki/XenParavirtOps

So in short the situation is getting better slowly..

At the moment "full" Xen feature set is only available in xensource 2.6.18
kernel.

-- Pasi


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 10:33 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org