I’d like talk about the xen-tools package, which is found in Debian-derived distros. It’s a straightforward Xen VM provisioning tool with an unusual but attractive approach.
I use it in the Xen.org automated testing system, for installing Debian-derived test VMs. And I run it by hand from the command line too.
What makes xen-tools special
What’s so different about xen-tools? Well, most VM provisioning tools arrange to run the guest’s copy of its own installer, in a fresh VM with a blank disk. They provide preseeding information with the answers to the questions that the installer asks. Another common approach is to have a blessed disk image, and make a guest by making a copy (perhaps a copy-on-write clone) of the master.
xen-tools doesn’t work like that. Instead, it relies on the existing Debian tools for installing chroots. chroots are a kind of lightweight near-virtualisation and are very heavily used by Debian’s developers to allow them to develop packages for different versions of the OS from the one they have installed (including perhaps different derivatives – so for example allowing packages for Ubuntu to be developed on a Debian machine or vice versa). Sometimes users find it chroots useful to gain access to different versions of software packages too.
xen-tools uses the chroot installation tool debootstrap: it sets up the disk area or LVM for the new VM, and then installs the new guest by running debootstrap in the management domain. The resulting approach is very simple compared to a VM-based run of the entire installer. There is no need to manage the booting of the installer, provide it with preseed information to configure it properly, and so forth. Logging and error handling are much improved. And you get pretty good control over the exact contents of the guest.
When should you choose xen-tools?
Firstly, xen-tools is aimed at systems administered from the command-line using xl/xm (perhaps with some management layer on top of that). xen-tools will write a domain configuration file suitable for use with xl or xm.
The biggest limitation is that it can only install a limited set of guests. At the time of writing the version of xen-tools in Debian testing can install most versions of Debian or Ubuntu, and also has support for CentOS 5 and 6. (The CentOS support is done using rinse rather than debootstrap.)
As you all know, the Xen Developer Meeting, XenSummit, Linux Plumbers, LinuxCon and CloudOpen are all happening this week. We will be publishing slides and videos in the coming days: our developers and I are extremely busy at the moment. I will be uploading slides to slideshare and videos to vimeo when I have a little bit of spare time. At the latest this will happen over the weekend and next week. I will also publish a report of all the cool and exciting developments in the community. And believe me: there are many!
Monday we closed the poll for the security discussion. Thank you everyone who participated! The process has not turned up a hidden option that everyone agreed on; however, it has helped find what I hope will be a “median” option which best addresses the concerns and desires as the community as a whole. Below I give a description of the results of the poll, and a recommendation as to what I think is the best way forward.
There’s been a lot of good progress in the Xen on ARM with virtualisation extensions port since I first blogged about it here.
Thanks to some recent work, mainly by Stefano Stabellini, we are now able to start our first guest domain, including paravirtual console disk and network devices!
The main implementation work here has been to implement support for the core pieces of infrastructure will underpins the PV drivers, primarily that is event channels and grant tables all of which Stefano has implemented recently. One of our key design goals with this port of Xen was to make good use of the hardware virtualisation extensions, and at the same time implement paravirtualisation where it offers obvious benefits. For example we wanted to use paravirtualised device drivers for I/O as they provide significant performance benefits compared to emulated devices.
Sadly this has come too late for the 4.2 release (which has been frozen for a while and is now in the release candidate stage). Therefore I have created a git branch of Xen to track the ARM patches which are destined for 4.3. You can find it on xenbits and read more in the announcement mail.
Just a quick reminder that the first Xen Test Day is today, August 14th. The focus of the test day is to test Xen 4.2 RC2, in your environment with a special focus on XL (given that XEND is formally deprecated with Xen 4.2). It is an on-line event held on the IRC freenode channel #xentest.
You can find more information about Xen Test Days on:
Because of XenSummit, the next Xen Document Day is a week earlier than usual. It is held next Monday, August 20th on the IRC freenode channel #xendocs.
You can find more information about Xen Document Days on:
Hope to see you there!
Xen.org is pleased to announce the release of Xen 4.0.4 and 4.1.3. These are available immediately from the download pages
We recommend to all users of the Xen 4.1 and 4.0 stable series to update to these latest point releases. The releases contain the following fixes and improvements.
- CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
- CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
- CVE-2012-2934 / XSA-9: PV guest host Denial of Service
- CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
- CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerability