Linux 3.0 Will Have Full Xen Support 171
GPLHost-Thomas writes "The very last components that were needed to run Xen as a dom0 have finally reached kernel.org. The Xen block backend was one major feature missing from 2.6.39 dom0 support, and it's now included. Posts on the Xen blog, at Oracle and at Citrix celebrate this achievement."
Vanilla kernel on EC2 (Score:2)
Finally I get to run a newer kernel on EC2! I have been looking forward to this for months.
Re:Vanilla kernel on EC2 (Score:5, Informative)
Now all I need... (Score:4, Funny)
... is 16 cores and 32 GB of RAM, and I can recompile the Kernel on Linux, encode an H.264 video on OS X, serve files via Apache HTTPD from OpenBSD, and watch streaming porn videos on Windows all simultaneously on the same machine!
Re:Now all I need... (Score:4, Informative)
That's, uh, not exactly all that out there, these days.
Re: (Score:2)
Yeah, the new servers I just received to upgrade our vmware cluster have 128G with only half the slots filled. Still 16 cores (2 x 8) per host, our limiting factor is having enough free RAM available for failover. The linux guests share ram nicely, but the windows guests are pigs.
Re: (Score:2)
at least with overprovisioning, you know you won't tip the scales if all your machines burst at the same time.
Re: (Score:2)
16 cores and 32 GB of RAM
That's, uh, not exactly all that out there, these days.
You forgot the implied "...Beowulf cluster of..."
Re: (Score:2, Funny)
If you're gonna stream porn on the Windows guest, instead of something useful like original Star Craft/Brood War, keep your clean guest image for reloads. You're better off streaming the porn on a Linux guest, since the embedded malware is much less likely to run.
Re: (Score:2)
Re: (Score:2)
It depends whether he means 16 good cores or 16 shitty cores ;)
Yes both intel and AMD sell CPUs that let you put 16+ cores in one machine BUT afaict in both cases the individual cores are substantially slower than you can get in a 12-core (2x6) xeon 56xx machine. The prices are also pretty crazy afaict.
Re: (Score:3)
The 12-core X56xx's solutions arent touching the 48-core solutions from AMD as of yet in parallel workloads. The Opteron 6168 solution is cheaper with more performance and the Opteron 6174 route is more expensive but significantly faster over-all, than a pair of X5690 priced at $3300+
I am simply amazed that Intel has not taken its older designs for larger process sizes and simply packed on more cores during a process reduction in order to bre
Re: (Score:2)
The 12-core X56xx's solutions arent touching the 48-core solutions from AMD as of yet in parallel workloads
Yeah if you push the core count insanely high you can get to the point where (for some workloads) the number of cores makes up for the low performance of the individual cores but afaict there is no 16-core system on the market that is faster overall than a 12 core 56xx series system.
Re: (Score:2)
It's not for virtual machines. The stuff it runs works properly in parallel but runs faster on one machine with shared memory than it can on a cluster.
Re: (Score:2)
Just spend $20k on 12 cores and 128GB on two machines. Vmware licensing restricted our core count.
Re: (Score:2)
16 cores and 32 GB of RAM
That's, uh, not exactly all that out there, these days.
GP mentioned Windows. The Windows Server license that runs on 16 cores is really, really "out there" for home users. So we can assume that he is talking about a home OS, and for a home PC 16 cores really is "out there".
Re: (Score:2)
He just mentioned streaming porn in a domU, a single (or two) core license would do just fine.
It's more than a typical off-the-shelf PC, but it's not like it's some crazy spec, with "consumer" components you can put one together for $3-4k (well, ok, with 12, not 16 cores).
Re: (Score:2)
Well... I was curious. The major cost in a multi-CPU setup is generally the motherboard. Enthusiast boards are typically in the $150-$250 range, dual-CPU boards are generally in the $400-$550 range (Tyan Thunder n3600T). The 2.8GHz Opteron 6-core CPUs are around $310 each, with slightly
Re: (Score:2)
Last 5 machines assigned for me to have fun in had each 16 cores and 96GB RAM each... I have requested 3 more.
Meanwhile (Score:5, Interesting)
Largely irrelevant though (Score:4, Insightful)
... as most users don't use vanilla upstream kernels. And, most distributors / distros have a supported release which provides Xen Dom0 support (including Red Hat).
Re: (Score:2)
hmm, since the new kernel dev model(2.5.x basically) I've been running vanilla kernels, or at least distros that do not require the huge custom patch sets... ahh the good old days of redhat 7.2, and suse 6....
Re: (Score:2)
Xen support got into NetBSD and Solaris more easily, I think, because influential individuals pushed it in there whereas the Linux community had lots of quibbles over the patches and how they should be done correctly. The debate with VMware was a bit confusing and didn't help things get done quickly. RH and IBM and SuSE and others were behind Xen originally but that has gone a bit quieter subsequently.
Part of all of this, though, is due to the Xen team having different priorities to most of those other or
Re:Meanwhile (Score:5, Informative)
Just had to reply to this.. Sun forked Xen 3.1 something like 4 years ago, yes. That same fork, Xen version 3.1 is what is still being used today in Solaris and Sun had previously (pre-buyout) said they would not merge to any newer versions of xen.
So while Solaris can claim Xen Dom0 support it is no where near the capabilities of current Xen 4.0 and with no plans to update you're stuck on 3.1 with support only coming from, now, Oracle. Yeah, awesome.
Re:Meanwhile (Score:5, Informative)
'VMWare lobby', WTF? The real problem were things like this [lkml.org] and this [lkml.org]:
The fact is (and this is a _fact_): Xen is a total mess from a development
standpoint. I talked about this in private with Jeremy. Xen pollutes the
architecture code in ways that NO OTHER subsystem does. And I have never
EVER seen the Xen developers really acknowledge that and try to fix it.
Thomas pointed to patches that add _explicitly_ Xen-related special cases
that aren't even trying to make sense. See the local apic thing.
So quite frankly, I wish some of the Xen people looked themselves in the
mirror, and then asked themselves "would _I_ merge something ugly like
that, if it was filling my subsystem with totally unrelated hacks for some
other crap"?
Seriously.
If it was just the local APIC, fine. But it may be just the local APIC
code this time around, next time it will be something else. It's been TLB,
it's been entry_*.S, it's been all over. Some of them are performance
issues.
I dunno. I just do know that I pointed out the statistics for how
mindlessly incestuous the Xen patches have historically been to Jeremy. He
admitted it. I've not seen _anybody_ say that things will improve.
Xen has been painful. If you give maintainers pain, don't expect them to
love you or respect you.
So I would really suggest that Xen people should look at _why_ they are
giving maintainers so much pain.
Linus
BTW, I have absolutely no doubt that NetBSD and Solaris merged Xen faster than anyone else.
Re: (Score:2)
Re: (Score:2)
Unfortunately when this e-mail was sent, Jeremy was just about the only developer working on upstreaming the dom0 work for quite a while; and Jeremy was, unfortunately, still learning how to interact effectively with the kernel community. This can be largely blamed on a tactical error made by the people in charge of XenSource before Citrix acquired them. They were hoping to force RedHat to work on upstreaming dom0, so they kept the Xen fork of linux (linux-xen) at 2.6.18, and only hired one developer to w
FreeBSD Xen support (Score:3)
When will you ever have a Xen dom0 support?
Thanks,
Charlie Root
FreeBSD Fanboi
Re: (Score:3)
So Linux 3.0 got its major feature after all (Score:2)
Just when Linus finally started convincing people that Linux 3.0 would be a "normal time based release" with "no major changes" they whip this milestone feature out from under the rug.
Xen out of the box? Linux 3.0.
Re: (Score:2)
That feature would have been in 2.6.40 had it been numbered that.
Re: (Score:2)
I know, I just thought it was nice that there's now a milestone pegged to the 3.0 release as opposed to "just the normal fixes and new drivers" kinda thing. I understand that it's a complete coincidence.
Ok, I'm slightly confused. (Score:2)
My understanding of Xen was that it was a hypervisor, had a dom0 guest VM for administering the hypervisor, and dom0s for less privileged guest VMs.
Is this about running Xen inside Xen, or am I way off target?
Re: (Score:2)
But in fact, no, it's not about nested virtualization. It's about Linux from kernel.org not having to be patched
Re: (Score:2)
Ah, got it. Thanks.
(Also, for the record, I recognize I should have said "domUs" for less-privileged guest VMs)
(Also, Slashdot's commenting system is driving me batty. *flies away*)
Re: (Score:2)
dom0 does run under Xen and does the administrative tasks. But dom0 has another purpose: it has drivers for all of the hardware on the system. It doesn't make sense for Xen to try to have drivers for every bit of hardware that's out there -- Linux already does that very well, so there's no point in duplicating effort, especially since device drivers have *nothing* to do with virtualization. So the Xe
Re: (Score:2)
Re: (Score:3)
Re: What? (Score:2)
Yo, Mike, you want us to unpimp this thing, lemme hear you say, "Vat?"
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yeah, and then shoot itself.
Re: (Score:2)
Too soon!
Re: (Score:2)
Re:I hopefully speak for lots of people when I say (Score:5, Informative)
What is Xen? Xen is a virtualization project that is run by four of the top five major cloud providers (including Amazon, Rackspace, &c); a commercial version written by Citrix run by thousands of sites worldwide, including large companies like Tesco, SAP, &c. It's also the approved way of running Oracle databases in a virtual machine.
What does that have to do with Linux? The Xen project is focused on virtualization. But Xen still needs to run on systems with all manner of devices. There are several ways they could have handled this. One is to try to put drivers for all of the devices in Xen. This would require a huge amount of work, mostly copying new device drivers and device fixes from Linux and porting them over to Xen. It would be a colossal waste of time: they would be duplicating effort of what Linux already does well, instead of doing what they want to do -- work on virtualization.
So what they do instead is run Xen as the hypervisor, but leverage the device drivers in Linux. They do this by creating a special VM, called "domain 0" or "dom0", which is booted first after Xen boots, that has drivers to control all of the devices. This domain is a version of Linux that is designed to be able to work with Xen to control and drive devices, while allowing Xen to control memory, CPU, and interrupts (the key hardware required to do virtualization).
Xen has been out for years. Why is this just being announced? The Xen project started out of a University research project. As is typical, they were trying to answer the question "what is possible?", and as a result, felt free to completely rip out and rewrite large sections of Linux code. This code was not upstream-able -- changes were made that were (rightly) not acceptable to the Kernel community.
Since that time, the Xen community has maintained branches of Linux with these intrusive, non-upstreamable patches, and used these branches as domain 0. At the same time, they have worked to try to get support for Linux-as-domain-0 into the mainline tree. This has been a long process, and something that has been a sore point for users of Xen for some time.
But as of Linux 3.0, all of the functionality required to use the mainline kernel tree as a basic dom0 with Xen is in. This means that if you install Xen, you'll be able to use the same kernel you booted with natively as the dom0 for Xen. It means that distributions won't have to maintain two separate kernels, one for booting bare metal, and one for booting on Xen. And it means not having to maintain the xen-linux fork, which has been a lot of painful work for the Xen community.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:I hopefully speak for lots of people when I say (Score:4, Interesting)
No, Xen is a hypervisor. A process expects a *lot* more from an operating system than an OS expects from a hypervisor. VMs expect raw hardware and know they have to manage most things (like setting up memory, doing filesystems, and so on) themselves. Processes expect an operating system set up memory mapping for them, give them filesystems (not just raw disks), IP addresses and sockets and TCP (not just raw packets), and so on.
In the KVM case, Linux is an operating system to normal processes, but a hypervisor to VMs. Linux gives memory and time to the guest OS, and the guest OS gives memory and time (along with filesystems, TCP, &c) to guest processes. So in that way Xen and KVM (i.e., Linux-as-hypervisor) are the same.
The main difference is that Xen is only a hypervisor, whereas with KVM, Linux tries to be both a hypervisor and an operating system. That has a number of practical implications. Xen has been widely deployed and tested as an enterprise-class hypervisor. I'm not aware of any large-scale enterprise deployments of KVM, so it remains to be seen whether Linux can successfully be both an enterprise-class hypervisor and an operating system at the same time.
Re: (Score:3)
Does this get me any closer to the dream of simultaneously running multiple operating systems which can each output 3d graphics using my GPU if I just switch between them like VTs?
Re: (Score:3)
AFAIK, on a desktop with two discrete graphics cards, you should be able to run Windows and Linux as guests at the same time, each using one card. I'm not sure about disk access, you might want to add a discrete PCI-E SATA controller for one of the systems to avoid any screwups caused by Windows doing something nasty, but other than that, this seems to be perfectly viable. A recent Sandy Bridge-based Core i7, with 8GB of memory on a good P67-based motherboard should run such a software stack with native per
Re: (Score:2)
Sounds pretty great, I have a tri-core Phenom II and I'd like to use 1 core and maybe 2 of 8 GB of RAM for a second machine. Now to pick up a second video card that will shoehorn in here...
Re: (Score:2)
My question is how soon could someone be able to use Xen and have dom0 autoboot into something like a Windows XP installation (running on the console) and can still manage VMs and manage them in the hypervisor? I would like to leverage a hypervisor for managing VMs on a system with a lot of memory and still want to use it as a workstation with native, or close-to-native graphics acceleration not login through remote desktop/VNC.
The documentation for doing this is confusing and there appears to be a limitati
Re: (Score:3)
The xen.org project has mainly been focusing on server-style virtualization, without desktop graphics (although graphics pass-through is obviously a priority for the Intel engineers).
What you describe really needs not just a single piece of software, but the full configuration and integration with a distribution. If you're not opposed to using software that is partially closed-source but free-as-in-beer, you could try XenClient [citrix.com]. It's designed to run on laptops, and specifically tweaked to pass the GPU th
Re:I hopefully speak for lots of people when I say (Score:4)
WTF does this not have +5 Informative?
It does now, but slashdot seems really, really mod point starved as of late. Some discussions there looks like there's almost no one to mod, and when they do get mod points it's 5 now compared to 15 before.
Re: (Score:2, Interesting)
I had 15 points just this Wednesday. But it does seem that there is less momoderation lately; 100 comments with all at 1 or less. Maybe all of the mods but me are downmodding? (Of the 15 I had, all but two were upmods)
Re: (Score:3)
Re: (Score:2)
Sonny, you don't have to be a kid to mod whichever way you want. It has always been that way.
Re: (Score:2)
Has it been fixed?
Re: (Score:2)
I usually mod controversial comments "interesting" unless it's written in an inflammatory tone or just plain ignorant. Posts that really don't say anything are what I downmod. If you're starting at a 1 it's not likely to hurt your karma; I've been modbombed before with someone using all their mod points on me, and the bombs never had any effect, so one downmod surely won't. Hell, sometimes I';; ask to be downmodded if I stray off topic, since the "no bonus" checkboxes don't seem to work.
Like this one.
I'll m
Re: (Score:3)
Strange...
I seem to get mod points 15 at a time, about once a month.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re:KVM vs XEN (Score:4, Informative)
Re: (Score:2)
Re: (Score:3, Informative)
Re: (Score:2)
Aha! KVM is a hypervisor too? Xen has no kernel? Again... besides the features... the function appears the same to me. Take KVM, remove the drivers, make it tiny, minimalistic... and besides features, the model appears the same to me. Xen is more advanced, more features... but basically, they're both bare iron hypervisors, right?
Re:KVM vs XEN (Score:5, Informative)
Re: (Score:2)
Re:KVM vs XEN (Score:5, Informative)
Not sure which Xen book you read, but the grandparent makes a lot of errors and I'd be surprised if a book was that inaccurate. Mine [amazon.co.uk] is slightly out of date, but at least was accurate at the time of printing (technical review was done by the original Xen developer).
Let's start at the end. KVM VMs and userspace Linux applications do not share the same address space. This isn't even true if you remove KVM - userspace processes have isolated address spaces. KVM requires the CPU have virtualisation extensions, which means (among other things) nested page tables. This means that there is hardware-enforced separation between the pages. The guest OS sees page tables that map from virtual to pseudophysical address space, but thinks that they map from virtual to physical. The host (Linux) sets the mapping from these pseudophysical pages to real memory pages and the CPU enforces this mapping. Xen uses exactly the same mechanism in HVM mode (it uses some other tricks in paravirtual mode).
The driver domains are correct, but it's worth noting that Xen will use VT-d or equivalent to protect against malicious use. Linux can't give a userspace program direct access to the disk controller, because if it did then a rogue DMA command could compromise the kernel. Xen will use the IOMMU to ensure that each peripheral may only issue DMAs to memory owned by the driver domain. The Solaris VM that you have accessing your block device and exporting virtual disks from ZVOLs, for example, can trample its own address space with rogue DMAs, but it can't touch any memory in other VMs.
This means that Xen (in theory) has a smaller attack profile than KVM. Xen is basically a microkernel, and it enforces low privilege on the services (OS instances) that provide drivers and the management console. With KVM, the entire kernel runs in privileged mode. It's fairly common these days for the management console domain to have either no network access, or highly-restricted access, and be separated from the driver domains. If there is a flaw in the network stack in Linux and an attacker compromises it, then with KVM they now have access to all of your VMs. With Xen, they control that driver domain, and they can inject packets into the other VMs, but they are no more able to compromise them than they would be if they controlled the router one hop away.
KVM recently gained support or live migration (this has been stable in Xen for a long time - they were doing demos of live-migrating a Quake 2 server with clients connected since the early 2000s), but it doesn't have any of the high-availability stuff that Xen 4 includes. This allows you to do things like run two instances of the same VM on different machines and transparently fail-over when one dies.
Re: (Score:2)
Re: (Score:2)
In either case, NAT offers *some* protection but may not be viable in some IPv6 and other situations. My recommendation would be to use an appliance to both make stateful examinations of conversations in the firewall sense, use /etc/hosts instead of DNS, examine key vulnerable drivers for MD5, and use other methods to vet basic VMs that are used to clone for production activities. Among other steps.
In other words, from a security profile, KVM and Xen and other methods like LXC each have their own implicatio
Re:KVM vs XEN (Score:4, Informative)
Re: (Score:2)
As far as Linux is concerned, a KVM virtual machine is just another process. So your whole infrastructure-critical server VMs are treated exactly the same as the random daemons that get started up as a matter of course but never used. Worse yet, the same scheduling algortihms are used -- although the VMs have to handle interrupts, while processes don't.
In Xen, there's a scheduler dedicated to scheduling VMs, and the algorithm is
Re:KVM vs XEN (Score:4, Informative)
Re:KVM vs XEN (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Is that a problem? I'm more interested in reading a site where people do know this stuff. The people who don't know or don't care have plenty of other places to go.
Re: (Score:2, Interesting)
Nice try, except dom0 (Domain zero) is Xen terminology, not something linux specific.
Products such as this aren't going to be used by mainstream mom&pop users, Xen will likely not be available in boxed set at your local computerstore or gameshop. The people using this will likely always come from an IT related background.
And as for windows:
- If you run Xen with Windows, the same terminology applies (except it would be run as dom1+ since Windows doesnt support dom0 to my knowledge)
- If you open up a MCSE
Re: (Score:2)
I Thougth i had a IT background. I Do run virtualisation product on my desktop for development purposes. I Did this even long before this was useful (For just the cool factor of running 2 OS'es at the same time).
But after 2 minutes of reading it still is not clear what Dom0 is, and what the consequences are. In fact the "domain" is not explained.
You might say that I am not expert enough, but the whole problem is that Xen might not be simple enough, failing the KISS principble.
Re:This is the reason why... (Score:4, Informative)
It's partly historical and partly because Xen is structured differently to lots of other virtualisation systems.
"Domain" is to "virtual machine" as "process" is to "program". i.e. it's a running instance of a virtual machine. If you kill a VM and restart it, it's the same VM but a different domain. In practice VM and domain are blurred a bit when people talk, though.
Domain 0 is a bit like the host OS, but for technical reasons it's not exactly.
Re: (Score:2)
The question I have is: Can I run Xen with my Linux dom0 and have Windows on dom1 with full GPU support and easily swap between the two so I can run my basic Linux desktop on one hand and have Windows load up and run a game in another. So far no VM solution has real capability to use full video acceleration on "guest" operating systems.
Re: (Score:2)
For all this, it might be more easy to use Virtualbox though. Virtualbox is more adapted to the desktop environment, and when you have a Direct-X / OpenGL call in windows, it is translated int
Re: (Score:2)
Re: (Score:2)
IME (and I freely accept I may be utterly wrong...), all that means is the building blocks are in place to do it.
The F/OSS software for managing virtualisation is still pretty dire - if I'm being honest, it feels like someone read a VMWare feature list and decided to copy it without first ensuring they understood what all the features actually were. So they bang on about how having "feature equivalence" yet close investigation suggests that it's not as simple as that.
Re: (Score:2)
Re:This is the reason why... (Score:4, Informative)
I'm not sure if you are trolling on purpose, or if you don't understand what this news is all about. But I'll bite.
You see, linux runs on almost any kind of hardware: from embedded systems on toasters to phones, desktop computers, laptops, to big servers. Even most supercomputers to date are running Linux. There is a _lot_ of different users that would use Linux in many different ways.
Xen is a technology that virtualizes machines, mainly intended for the data center and cloud computing environments.
This is NOT intended for users in any way. Your mom does NOT have to know that Xen even exists, just like windows users don't need to know what IIS or Apache is in order to browse the web.
Would you also say that windows and OSX is "is way too complicated for people" because you read slashdot news about some geeky kernel details about windows/OSX ?
Surely "no user should need to know, or care about this sort of thing.".
They don't. So do you about Xen. I'm not sure why someone like you is reading and posting on /., because this is usually "news for nerds", as the site indicates. :)
As many slashdotters would say about your reasoning behind your post: "You are doing it wrong." ;)
Re: (Score:2)
I'd like to see the "normal user" puzzle over this:
http://www.nirsoft.net/articles/windows_7_kernel_architecture_changes.html [nirsoft.net]
Uh huh. That's right. Designing an OS can get a bit.... complicated.
Re: (Score:2)
YHBT. YHL. HAND.
Re: (Score:2)
Re: (Score:2)
So what exactly makes this so special? It's a step for one of the many virtualization solutions in the market these days.
I for one wouldn't trust Oracle with any part of my infrastructure if I can help it. Citrix to me still is a company that makes an expensive Xclient for MicroSoft products and a niche product they bought, Xen, with no apparent synergy with their windows products, and who else really cares?
Bingo!
Re: (Score:2)
Why Citrix bought XenSource (Score:3)
Here's why Citrix bought XenSource.
There's been a developing market for desktop virtualization (VDI) -- meaning not "running a VM inside my desktop", but for corporations to run "desktops" as VMs inside of servers and export them to think clients on people's desks.
Citrix has a ton of capabilities in this area. They have decades of experience with handling remote display technologies, dealing with users, dealing with disk images, and so on. So they were in a perfect position to capitalize on this new
Re: (Score:2)
Admin toughbooks encased in adamantium?
Re: (Score:2)
Nay, an Adamantium roll-cage will suffice.
But we need lots of red lasers and blue fur and stuff.
Re: (Score:2)
Re: (Score:2)
Actually they sponsored (a large part ?) the research at the univerisity when Xen was created.
Re: (Score:2)