RE: Must have been asked before, but I can't find the solution

RE: Must have been asked before, but I can't find the solution

[Ian Pratt]

> I'm attempting to migrate from vmware to xen, however I need 
> to be able
> to run more than one bridge.  

Should be no problem.

> Now, I can modify the existing network/vif-bridge or build replacement
> scripts/config files that will get this done, with the 
> exception of the
> MAC.  If you configure (xen-2.0.3-src.tar.bz2) a domain for 
> more than 1
> nic, the xenU domains use the same MAC for all interfaces. EX.

OK, we need to add the vif number into the MAC generation hash. Anyone
care to submit a patch?

> How/where do I change this? (not in the config file as far as I can
> tell)

I believe you can set the MAC for each vif.

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

RE: Must have been asked before, but I can't find the solution

[B.G. Bruce]

On Wed, 2005-01-19 at 17:21, Ian Pratt wrote:
> > I'm attempting to migrate from vmware to xen, however I need 
> > to be able
> > to run more than one bridge.  
> 
> Should be no problem.
> 
> > Now, I can modify the existing network/vif-bridge or build replacement
> > scripts/config files that will get this done, with the 
> > exception of the
> > MAC.  If you configure (xen-2.0.3-src.tar.bz2) a domain for 
> > more than 1
> > nic, the xenU domains use the same MAC for all interfaces. EX.
> 
> OK, we need to add the vif number into the MAC generation hash. Anyone
> care to submit a patch?
> 
> > How/where do I change this? (not in the config file as far as I can
> > tell)
> 
> I believe you can set the MAC for each vif.

WHERE?  I must be missing something but for the life of me, I have not
been able to set this for anything other than eth0.  If it CAN be done
in the config file, please give an example.

Thanks,

B.

> 
> Ian
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

RE: Must have been asked before, but I can't find the solution

[Kip Macy]

>
> WHERE?  I must be missing something but for the life of me, I have not
> been able to set this for anything other than eth0.  If it CAN be done
> in the config file, please give an example.

and the voodoo is ...

vif = [ mac=aa:1:0:0:3:37,bridge=xen-br0 ]

let me know if you want the complete context that this comes from


			-Kip


>
> Thanks,
>
> B.
>
> >
> > Ian
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
> >
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
>


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Must have been asked before, but I can't find the solution

[Felipe Alfaro Solana]

On 19 Jan 2005, at 22:21, Ian Pratt wrote:

>
>> I'm attempting to migrate from vmware to xen, however I need
>> to be able
>> to run more than one bridge.
>
> Should be no problem.
>
>> Now, I can modify the existing network/vif-bridge or build replacement
>> scripts/config files that will get this done, with the
>> exception of the
>> MAC.  If you configure (xen-2.0.3-src.tar.bz2) a domain for
>> more than 1
>> nic, the xenU domains use the same MAC for all interfaces. EX.
>
> OK, we need to add the vif number into the MAC generation hash. Anyone
> care to submit a patch?
>
>> How/where do I change this? (not in the config file as far as I can
>> tell)
>
> I believe you can set the MAC for each vif.

Yep! By adding

vif = [ "mac = XX:XX:XX:XX:XX:XX" ]

to the domain configuration file.



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Must have been asked before, but I can't find the solution

[B.G. Bruce]

On Wed, 2005-01-19 at 17:52, Felipe Alfaro Solana wrote:
> On 19 Jan 2005, at 22:21, Ian Pratt wrote:
> 
> >
> >> I'm attempting to migrate from vmware to xen, however I need
> >> to be able
> >> to run more than one bridge.
> >
> > Should be no problem.
> >
> >> Now, I can modify the existing network/vif-bridge or build replacement
> >> scripts/config files that will get this done, with the
> >> exception of the
> >> MAC.  If you configure (xen-2.0.3-src.tar.bz2) a domain for
> >> more than 1
> >> nic, the xenU domains use the same MAC for all interfaces. EX.
> >
> > OK, we need to add the vif number into the MAC generation hash. Anyone
> > care to submit a patch?
> >
> >> How/where do I change this? (not in the config file as far as I can
> >> tell)
> >
> > I believe you can set the MAC for each vif.
> 
> Yep! By adding
> 
> vif = [ "mac = XX:XX:XX:XX:XX:XX" ]
> 
> to the domain configuration file.
> 

Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what
voodoo do I use for multiple vif?

B.

> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Must have been asked before, but I can't find the solution

[Kip Macy]

bootscript "xenargs":
 more ~mowat/xen/xenargs
BSD_KERNEL=/u/mowat/p4/tricks/freebsd/usr/src/sys/i386/compile/XENCONF/kernel
CONFIG=/u/mowat/xen/freebsd
BOOTARGS="boot_verbose=yes, boot_gdb=yes"

# Other BSD bootargs
#
# boot_single=yes
# boot_gdb_pause=yes

# curly IP addresses
# SIM_NAME=xen-vm1
# IPADDR="172.16.9.213 172.16.9.214"
# DISKS=loop5
#
# Don't need to specify number of NICS if we specify the list of MACs
# NICS=2

# mowat1/mowat2 sim IPs
SIM_NAME=mowat1
IPADDR="10.56.18.123 10.56.18.125"
MACS="aa:1:0:0:3:37 aa:1:0:0:3:38"
DISKS="loop0 loop1 loop2 loop3 loop4 loop5 loop6 loop7"

xm create -f $CONFIG -c name=$SIM_NAME ipstr="$IPADDR" macstr="$MACS"
diskstr="$DI
SKS" bsdbootargs="$BOOTARGS" kernel=$BSD_KERNEL





excerpt from /u/mowat/xen/freebsd:

i = 0
vlist = string.split(macstr,' ')
for vintf in vlist:
    if vintf == "":
        break
    if i == 0:
        vif = [ "mac="+vintf+",bridge=xen-br0" ]
    else:
        vif += [ "mac="+vintf+",bridge=xen-br0" ]
    i = i + 1

try:
    nics
except:
    if i > 1:
        nics = i




On Wed, 19 Jan 2005, B.G. Bruce wrote:

> On Wed, 2005-01-19 at 17:52, Felipe Alfaro Solana wrote:
> > On 19 Jan 2005, at 22:21, Ian Pratt wrote:
> >
> > >
> > >> I'm attempting to migrate from vmware to xen, however I need
> > >> to be able
> > >> to run more than one bridge.
> > >
> > > Should be no problem.
> > >
> > >> Now, I can modify the existing network/vif-bridge or build replacement
> > >> scripts/config files that will get this done, with the
> > >> exception of the
> > >> MAC.  If you configure (xen-2.0.3-src.tar.bz2) a domain for
> > >> more than 1
> > >> nic, the xenU domains use the same MAC for all interfaces. EX.
> > >
> > > OK, we need to add the vif number into the MAC generation hash. Anyone
> > > care to submit a patch?
> > >
> > >> How/where do I change this? (not in the config file as far as I can
> > >> tell)
> > >
> > > I believe you can set the MAC for each vif.
> >
> > Yep! By adding
> >
> > vif = [ "mac = XX:XX:XX:XX:XX:XX" ]
> >
> > to the domain configuration file.
> >
>
> Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what
> voodoo do I use for multiple vif?
>
> B.
>
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
> >
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
>


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Must have been asked before, but I can't find the solution

[Mark Williamson]

> Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what
> voodoo do I use for multiple vif?

Square brackets mean it's a list (config files are really Python scripts that 
get run in a sandbox, so this is in fact just a Python list!):

vif = [ "mac = XX:XX:XX:XX:XX:XX", "mac = XX:XX:XX:XX:XX:XX" ]

Should give you the functionality you want.

HTH,
Mark

>
> B.
>
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Must have been asked before, but I can't find the solution

[B.G. Bruce]

THANK YOU!!! 

vif = [ "mac=aa:00:00:00:00:11, bridge=priv", "mac=aa:00:00:00:00:12,
bridge=pub", "mac=aa:00:00:00:00:13, bridge=mgmt",
"mac=aa:00:00:00:00:14, bridge=vsw0" ]


returns:

devel root # ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether aa:00:00:00:00:11 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether aa:00:00:00:00:12 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether aa:00:00:00:00:13 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether aa:00:00:00:00:14 brd ff:ff:ff:ff:ff:ff



On Thu, 2005-01-20 at 09:01, Mark Williamson wrote:
> > Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what
> > voodoo do I use for multiple vif?
> 
> Square brackets mean it's a list (config files are really Python scripts that 
> get run in a sandbox, so this is in fact just a Python list!):
> 
> vif = [ "mac = XX:XX:XX:XX:XX:XX", "mac = XX:XX:XX:XX:XX:XX" ]
> 
> Should give you the functionality you want.
> 
> HTH,
> Mark
> 
> >
> > B.
> >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > > Tool for open source databases. Create drag-&-drop reports. Save time
> > > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/xen-devel
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Back end domains : input desired

[B.G. Bruce]

What I'd LOVE to achieve with XEN (for security reasons) is the
following:

DOM0:  minimal linux install with LVM2 primarily for backending the ide
disks.

BE_NIC_0:  Back end NIC_0 domain (bridge) with minimal linux install -
no ip address assigned - using ebtables to filter/protect

BE_NIC_1:  Same as BE_NIC_0 only for NIC_1

BE_VNIC_2:  Back end for a "virtual nic"/bridge for DomU to DomU
communication (DMZ).

BE_MGMT:  firewall config/mgmt console (xwindows) (preferred x
displaying (direct) through AGP on console - is this possible) and
ntp/clock sync (can this happen here or does it have to happen on
DOM0?).

Various front end DomU's:  for router/fw and various application layer
gateways.

My idea here is to be able to isolate the components into minimal
operating environments allowing for specific need/application to be
rebooted without having to reboot the entire box should that particular
component be DoS'ed.

Your thoughts on this setup would be appreciated (also you can see that
having a socket interface rather than an ip interface for XEND would be
of GREAT advantage).

Now, I've tried setting this up but I'm running into some confusion
here.

1)   I only seem to be able to compile the actual NIC drivers with DOM0
(e100/e1000/3c95x, etc).  Is this where I should be compiling them even
though the NIC's will be used in another DOM?  If not, how do I go about
compiling the drivers for the BE DOM'S? (they don't show up as options -
yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled.

2)  Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf
(for the startup of xen.gz), I still see these devices under DOM0, is
this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0)
respectively.  Are my parameters to pci_dom0_hide correct?

3)  Should I be using stable, testing or unstable for this?  NOTE:
stable and testing both are unable to attach xen console to ttyS whereas
unstable works correctly for this.


4)  It would be preferred to run X in a domain separate from Dom0, but
still be accessible for use on the local console without having to
install X and a VNC client in DOM0.  Is this possible, or am I just
dreaming here?

Regards,
B.



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Back end domains : input desired

[Mark A. Williamson]

> DOM0:  minimal linux install with LVM2 primarily for backending the ide
> disks.

Fine.

> BE_NIC_0:  Back end NIC_0 domain (bridge) with minimal linux install -
> no ip address assigned - using ebtables to filter/protect
> BE_NIC_1:  Same as BE_NIC_0 only for NIC_1

This should work, although a recent post suggested there was some sort of bug 
in the multiple backend support...

> BE_VNIC_2:  Back end for a "virtual nic"/bridge for DomU to DomU
> communication (DMZ).

So does this have any connections to the physical network cards at all?

The problem is that AFAIK the current code won't allow a domain to run a 
backend driver unless it's controlling a real physical device.

> BE_MGMT:  firewall config/mgmt console (xwindows) (preferred x
> displaying (direct) through AGP on console - is this possible) and
> ntp/clock sync (can this happen here or does it have to happen on
> DOM0?).

Clock sync can probably only occur from dom0 at the moment.  Likewise for AGP 
access (although one user had some success in giving a graphics card to a 
domU, it's not fully working yet).

> Various front end DomU's:  for router/fw and various application layer
> gateways.

Right.

> My idea here is to be able to isolate the components into minimal
> operating environments allowing for specific need/application to be
> rebooted without having to reboot the entire box should that particular
> component be DoS'ed.

Makes sense.

> 1)   I only seem to be able to compile the actual NIC drivers with DOM0
> (e100/e1000/3c95x, etc).  Is this where I should be compiling them even
> though the NIC's will be used in another DOM?  If not, how do I go about
> compiling the drivers for the BE DOM'S? (they don't show up as options -
> yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled.

Just stick all the drivers you need into a xen0 kernel, then use that kernel 
in any domain that's talking to the hardware.  You can use a xen0 kernel 
anywhere.

> 2)  Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf
> (for the startup of xen.gz), I still see these devices under DOM0, is
> this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0)
> respectively.  Are my parameters to pci_dom0_hide correct?

Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the docs 
at some point (I think it has now been fixed).

> 3)  Should I be using stable, testing or unstable for this?  NOTE:
> stable and testing both are unable to attach xen console to ttyS whereas
> unstable works correctly for this.

In general, use stable for production environments.  Testing is the "next 
stable release" and so is quite stable itself (and may have additional bug 
fixes).

> 4)  It would be preferred to run X in a domain separate from Dom0, but
> still be accessible for use on the local console without having to
> install X and a VNC client in DOM0.  Is this possible, or am I just
> dreaming here?

Possible in theory, in practice this doesn't quite work yet.

HTH,
Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Back end domains : input desired

[B.G. Bruce]

On Mon, 2005-01-24 at 12:18, Mark A. Williamson wrote:
> > DOM0:  minimal linux install with LVM2 primarily for backending the ide
> > disks.
> 
> Fine.
> 
> > BE_NIC_0:  Back end NIC_0 domain (bridge) with minimal linux install -
> > no ip address assigned - using ebtables to filter/protect
> > BE_NIC_1:  Same as BE_NIC_0 only for NIC_1
> 
> This should work, although a recent post suggested there was some sort of bug 
> in the multiple backend support...
> 
> > BE_VNIC_2:  Back end for a "virtual nic"/bridge for DomU to DomU
> > communication (DMZ).
> 
> So does this have any connections to the physical network cards at all?

No. Could I possibly use the "dummy" driver to handle this requirement?

> The problem is that AFAIK the current code won't allow a domain to run a 
> backend driver unless it's controlling a real physical device.
> 
> > BE_MGMT:  firewall config/mgmt console (xwindows) (preferred x
> > displaying (direct) through AGP on console - is this possible) and
> > ntp/clock sync (can this happen here or does it have to happen on
> > DOM0?).
> 
> Clock sync can probably only occur from dom0 at the moment.  Likewise for AGP 
> access (although one user had some success in giving a graphics card to a 
> domU, it's not fully working yet).

Ok, I can live with that for the moment ... hopefully this will be
addressed in the near future?


> > 1)   I only seem to be able to compile the actual NIC drivers with DOM0
> > (e100/e1000/3c95x, etc).  Is this where I should be compiling them even
> > though the NIC's will be used in another DOM?  If not, how do I go about
> > compiling the drivers for the BE DOM'S? (they don't show up as options -
> > yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled.
> 
> Just stick all the drivers you need into a xen0 kernel, then use that kernel 
> in any domain that's talking to the hardware.  You can use a xen0 kernel 
> anywhere.

Wow, so you can run "multiple" dom0 images (one real dom0) - is there
anything I need to add to the .sxp file to differentiate the non-dom0
domains from the real Dom0?

> > 2)  Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf
> > (for the startup of xen.gz), I still see these devices under DOM0, is
> > this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0)
> > respectively.  Are my parameters to pci_dom0_hide correct?
> 
> Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the docs 
> at some point (I think it has now been fixed).

Not as of yesterday with regards to the doc available on your website.

> > 3)  Should I be using stable, testing or unstable for this?  NOTE:
> > stable and testing both are unable to attach xen console to ttyS whereas
> > unstable works correctly for this.
> 
> In general, use stable for production environments.  Testing is the "next 
> stable release" and so is quite stable itself (and may have additional bug 
> fixes).
> 
> > 4)  It would be preferred to run X in a domain separate from Dom0, but
> > still be accessible for use on the local console without having to
> > install X and a VNC client in DOM0.  Is this possible, or am I just
> > dreaming here?
> 
> Possible in theory, in practice this doesn't quite work yet.

Good to know - I'll try it anyways and see if I'm lucky one of the lucky
few, or if I have to wait.

> HTH,
> Mark
> 

Thanks for the input!

B.


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Re: Back end domains : input desired

[Tobias Hunger]

[-- Attachment #1: Type: text/plain, Size: 1150 bytes --]

On Monday 24 January 2005 17:36, B.G. Bruce wrote:
> > > 2)  Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf
> > > (for the startup of xen.gz), I still see these devices under DOM0, is
> > > this normal? lspci shows the devices as 0000:01:01.0 and
> > > 0000:02:00:0.0) respectively.  Are my parameters to pci_dom0_hide
> > > correct?
> >
> > Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the
> > docs at some point (I think it has now been fixed).
>
> Not as of yesterday with regards to the doc available on your website.

I had send a mail earlier this week asking the docs to be fixed. Apart from 
the s/physdev/pci/ change the format of the pci entries is not correct in the 
docs. You should use (01:01.0), etc. This differs from the syntax in the 
config files used to "unhide" the devices for certain domains.

-- 
Gruss,
Tobias

------------------------------------------------------------
Tobias Hunger           The box said: 'Windows 95 or better'
tobias@aquazul.com                     So I installed Linux.
------------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Re: Back end domains : input desired

[Jan Kundrát]

B.G. Bruce wrote:
> Wow, so you can run "multiple" dom0 images (one real dom0) - is there
> anything I need to add to the .sxp file to differentiate the non-dom0
> domains from the real Dom0?

As Mark said, you can run kernel compiled for dom0 as domU, if you add 
things like network frontend and blockdev frontend. The only drawback is 
greater kernel (-> bigger memory usage, bigger risk of bugs and 
exploits, maybe (hardly measurable) slowdown?). Only one of them will 
act as a real "domain0".

-jkt

-- 
cd /local/pub && more beer > /dev/mouth



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Back end domains : input desired

[Mark A. Williamson]

> > > BE_VNIC_2:  Back end for a "virtual nic"/bridge for DomU to DomU
> > > communication (DMZ).
> >
> > So does this have any connections to the physical network cards at all?
>
> No. Could I possibly use the "dummy" driver to handle this requirement?

Don't think so.  The main problem is that this domain needs to have privileges 
to access other domains memory (otherwise the backend driver doesn't work).  
I don't know of a way to specify this in a domain config.

> > Clock sync can probably only occur from dom0 at the moment.  Likewise for
> > AGP access (although one user had some success in giving a graphics card
> > to a domU, it's not fully working yet).
>
> Ok, I can live with that for the moment ... hopefully this will be
> addressed in the near future?

Nobody working on giving graphics cards to non-0 domains AFAIK.  The clock 
syncing is probably fairly straightforward (if indeed it hasn't been sorted 
already) and just needs someone to take the time to tweak it.

> > Just stick all the drivers you need into a xen0 kernel, then use that
> > kernel in any domain that's talking to the hardware.  You can use a xen0
> > kernel anywhere.
>
> Wow, so you can run "multiple" dom0 images (one real dom0) - is there
> anything I need to add to the .sxp file to differentiate the non-dom0
> domains from the real Dom0?

You can use a Xen0 kernel in any domain, including unpriv domains.  XenU 
kernels are just included because they're smaller (because they don't 
included drivers for real hardware).

> > Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the
> > docs at some point (I think it has now been fixed).
> > > 
> Not as of yesterday with regards to the doc available on your website.

Errr, might be fixed in the testing tree :-/  I'll try to remember to sort 
this out once and for all when I get home today.

> > > 4)  It would be preferred to run X in a domain separate from Dom0, but
> > > still be accessible for use on the local console without having to
> > > install X and a VNC client in DOM0.  Is this possible, or am I just
> > > dreaming here?
> >
> > Possible in theory, in practice this doesn't quite work yet.
>
> Good to know - I'll try it anyways and see if I'm lucky one of the lucky
> few, or if I have to wait.

We'd be interested to get this working but it's likely to take a bit of time 
on your side.  The guy who trying this out had a second PCI graphics card 
which he was giving to the domain (along with a USB controller for mouse and 
keyboard).   He just had trouble persuading X to start because of some 
weirdness with virtual terminals...

You'd need a second display device because dom0 will grab the primary on 
bootup.

Cheers,
Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: Re: Back end domains : input desired

[Andrew Warfield]

> > > So does this have any connections to the physical network cards at all?
> >
> > No. Could I possibly use the "dummy" driver to handle this requirement?
> 
> Don't think so.  The main problem is that this domain needs to have privileges
> to access other domains memory (otherwise the backend driver doesn't work).
> I don't know of a way to specify this in a domain config.

this can currently be achieved (in a really sleazy way) by adding a
pci= line in the non-0 domain's config, and just handing it a device
that it doesn't have drivers for and so won't touch.

this is clearly not the, um, ideal approach to elevating privilege,
but it may get you going until the tools catch up. ;)

hth,
a.


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

RE: Re: Back end domains : input desired

[Ian Pratt]

> I had send a mail earlier this week asking the docs to be 
> fixed. Apart from 
> the s/physdev/pci/ change the format of the pci entries is 
> not correct in the 
> docs. You should use (01:01.0), etc. This differs from the 
> syntax in the 
> config files used to "unhide" the devices for certain domains.

I fixed the documentation after your message.

I guess there's a good argument for unifying the format between the
config file and the xen command line. I'd certainly consider a patch
that also updated the documentation appropriately...

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl