From: Ian Campbell <Ian.Campbell@citrix.com>
To: "Phil Winterfield (winterfi)" <winterfi@cisco.com>
Cc: "Don Banks (donbanks)" <donbanks@cisco.com>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
"David.Cottingham@eu.citrix.com" <David.Cottingham@eu.citrix.com>,
"xen-api@lists.xensource.com" <xen-api@lists.xensource.com>
Subject: RE: Generic PV Guests on XCP?
Date: Mon, 29 Mar 2010 19:30:38 +0100 [thread overview]
Message-ID: <1269887438.2490.60.camel@localhost.localdomain> (raw)
In-Reply-To: <38AD81989214D54EB5F20C69477AF6C10AEA72E9@xmb-sjc-217.amer.cisco.com>
On Mon, 2010-03-29 at 19:21 +0100, Phil Winterfield (winterfi) wrote:
> Ian-
>
> I have taken your advice and created a generic template using
> vm-create, but for some reason it doesn’t like the kernel path, even
> though it is clearly accessible - see below. Any ideas?
Some security stuff got added to xapi recently which requires that the
guest kernel and ramdisk be under "/boot/guest/". I'm not really sure
why -- I think it's because with RBAC non root users with the VM admin
role can set PV-kernel/PV-initrd/etc (imagine setting PV-initrd
to /etc/shadow) but I'm not sure why restricting to just /boot wasn't
sufficiently secure.
If you move (or symlink) your stuff to /boot/guest and
use /boot/guest/ios/i86bi_etcetc I think things should work.
Ian.
>
> Phil
>
>
> [root@xenserver-wvgdltag ~]# xe vm-create name-label=IOSonXen name-description="Paravirtualized IOS on Xen"
> 5c56afe3-a729-bcaa-a543-d87987167a3d
> [root@xenserver-wvgdltag ~]# xe vm-param-set uuid=5c56afe3-a729-bcaa-a543-d87987167a3d \
> > PV-kernel='/boot/ios/i86bi_xen-ipbase-ms' \
> > PV-args= \
> > PV-bootloader= \
> > PV-bootloader-args= \
> > memory-static-min=2048 \
> > VCPUs-at-startup=1 \
> > other-config:pause=1 \
> > other-config:disable_pv_vnc=1
> [root@xenserver-wvgdltag ~]# xe vm-start uuid=5c56afe3-a729-bcaa-a543-d87987167a3d
> Caller not allowed to perform this operation.
> message: illegal kernel path /boot/ios/i86bi_xen-ipbase-ms
> [root@xenserver-wvgdltag ~]# ls -l /boot/ios/i86bi_xen-ipbase-ms
> -rwxr-xr-x 1 root root 61649099 Mar 23 13:37 /boot/ios/i86bi_xen-ipbase-ms
> [root@xenserver-wvgdltag ~]#
>
prev parent reply other threads:[~2010-03-29 18:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-24 18:14 Generic PV Guests on XCP? Phil Winterfield (winterfi)
2010-03-24 19:45 ` Ian Campbell
[not found] ` <1269459935.28761.910.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2010-03-24 20:11 ` [Xen-devel] " Ian Campbell
2010-03-24 20:50 ` Anil Madhavapeddy
2010-03-25 19:48 ` [Xen-API] " Phil Winterfield (winterfi)
2010-03-29 18:21 ` Phil Winterfield (winterfi)
2010-03-29 18:30 ` Ian Campbell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269887438.2490.60.camel@localhost.localdomain \
--to=ian.campbell@citrix.com \
--cc=David.Cottingham@eu.citrix.com \
--cc=donbanks@cisco.com \
--cc=winterfi@cisco.com \
--cc=xen-api@lists.xensource.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).