Re: [CentOS-virt] TPM
On 08/29/2018 12:08 PM, Stephen John Smoogen wrote: On Wed, 29 Aug 2018 at 11:58, Dag Nygren <mailto:d...@newtech.fi>> wrote: On onsdag 29 augusti 2018 kl. 17:39:18 EEST Stephen John Smoogen wrote: > On Wed, 29 Aug 2018 at 10:25, Dag Nygren mailto:d...@newtech.fi>> wrote: > > Anyone here with an experience in transitioning QEMU -> XEN ? > http://www.cse.psu.edu/~pdm12/cse544/slides/cse544-schiffman-vTPM.pdf <http://www.cse.psu.edu/%7Epdm12/cse544/slides/cse544-schiffman-vTPM.pdf> goes > through some of the problems. Yes, I had a look at that earlier and it seems XEN has solved most of the problems Well it seemed that the people writing the talk had come up with a way it could be done. That can be it being done in a way that isn't 3/4 bailing wire and duct tape or it could be that the have a viable set of tools which can be done cleanly and meet various security uses which require knowing what the hostility of the environment is. AKA it may work if you expect no hostile VMs ever to be installed or it may mean it works in a hostile environment where VM A and VM B are owned by different actors and they are actively spying on each other. Each of those has different requirements and outcomes. AKA in one you can expect that secrets in the vTPM may remain secret while the other they may not. And there may be the case where Dom0 could see any secret in any vTPM so you have to factor in how much you trust that. This brings up an interesting issue. AWS and others have a problem in that they have security issues because they run VM's for anybody who is willing to pay. This is not true of internal virtualized servers where the hosting and deployment environment are controlled. I have a client that has about 20 VMs for various purposes and we have determined that installing the meltdown security patches would cause a decrease in performance for a security increase that is very close to 0. So in this case do the VM's need to be protected from each other or are they all inside a safe controlled network. > You need to be aware of the limitations of > the specific TPM your hardware has, and what you are giving up in the trust > model with any vTPM [aka your virtual machine can't move from its server, > your TPM isn't real and can possibly looked at by other guests, etc etc.] Couldn't find anything on the issue of migration of the VM, but I thought that Xen has that one also taken care of? (Exporting and importing keys) Am I completely wrong here? I don't really know. From the articles.. it is not a 'simple' operation and you can quite easily get it wrong. Depending on the security arrangements needed further research than a PDF on the Internet is needed with actual questions to the writers or talking with a company that does this full time. This comes back to the reason for using TPM. Is this to secure one VM from another or is it being used for something like software licensing validation? One has serious security implications the other is just making it possible for someone to run a stupid licensing model on a virtual machine. -- Alvin Starr || land: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] TPM
On 08/29/2018 07:38 AM, Dag Nygren wrote: On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote: 2018-08-28 13:52 GMT+02:00 Dag Nygren : We have a desperate need for TPM support and: 1. Tried the "standard" distro install. linvirt supports TPM passthrough but kvm-qemu barfs: "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm does not support TPM backend type passthrough" 2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0, which for sure should support at least passthrough. No luck - Same error message. Downloaded the source for th rpm and found a line: "--disable-tpm" in build_configure.sh. Guess that the maintainers has some reason to turn tpm off. Can somone confirm this? Not sure about reasons for turning off, but request to enable it has been closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947 Thanks for the comments and reactions so far! Well. Changed -disable-tpm to enable-tpm in the rpmbuild and built myself a version with TPM passthrough enabled. Just to find out that it only supports tpm_tis in 2.10.0 and our device only seem to speak tpm_cdr :-(. Bugger.. But we really do need multiple VM:s accessing the hardware TPM anyway and this would only give us one VM ... Also downloaded qemu 2.12.0 and tried to very optimistically just throw it in the rpmbuild. And got a heap of patch fails already at the first patch. Expected of course... So no such luck. Now looking further it also seems like even 2.12.0 will not solve our problem as it only gives multiple VM access to the swtpm emulator. We need access to the hardware TPM... Can you make swtpm use the hardware ? Any advice would/will be valuable! You could try using Xen. A quick search implies that Xen from 4.3 onward will virtualize TPM. I am not sure if the libvirt drivers for xen will support the feature but some work around may be possible. -- Alvin Starr || land: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.
I ran into this also. back up to an older kernel. At least that was my solution till a kernel came out that would boot. It seems that some kernel builds are not friendly to xen. On 03/28/2017 05:55 PM, PJ Welsh wrote: The mystery gets more interesting... I now have a CentOS 7.3 Dell R710 server doing the exact same thing of rebooting immediately after the Xen kernel load. Just to note this is a second system and not just the first system with an update. I hope I'm not introducing something odd. They only "interesting" thing I have done for historical reasons is to change the following /etc/sysconfig/grub line: GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=6G,max:8G cpuinfo com1=115200,8n1 console=com1,tty loglvl=all guest_loglvl=all" But I've done that on other servers without issue. In fact I have a Dell R710 that DOES work with CentOS 7 and the new kernel... so confused. On Fri, Mar 24, 2017 at 1:44 PM, Sarah Newman <s...@prgmr.com <mailto:s...@prgmr.com>> wrote: On 03/24/2017 11:35 AM, PJ Welsh wrote: > As a follow up I was able to test fresh install on Dell R710 and a Dell > R620 with success on CentOS 7.3 without issue on the new kernel. My new > plan will be to just move this C6 to one of the C7 I just created. That sounds like a compiler problem, since I think the C6 and C7 kernels are built from the same source. --Sarah ___ CentOS-virt mailing list CentOS-virt@centos.org <mailto:CentOS-virt@centos.org> https://lists.centos.org/mailman/listinfo/centos-virt <https://lists.centos.org/mailman/listinfo/centos-virt> ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] grub-bootxen.sh
On 03/24/2017 03:29 PM, Johnny Hughes wrote: > On 03/22/2017 09:35 AM, Alvin Starr wrote: >> I actually move the default *.repo files and replace them with "". >> >> The thing is that Katello turns all the downloaded yum content into a >> single redhat.repo file and I don't have to install any more *-release-* >> rpms any more. >> >> I would argue that I should not need to install any *-release-* rpms at >> all to get all the required software. > The reason it exists that way is to allow you to not get duplicate > kernel entries. If we don't get the script installed before you get the > kernel, then you get a normal kernel entry, then later a xen kernel entry. OK. That makes sense. I wonder if there is some other way to handle this. It looks like that it may be possible to use "OrderWithRequires" in the RPMS that need the grub-bootxen.sh. I will try to poke at this a bit more. > >> >> On 03/22/2017 09:34 AM, -=X.L.O.R.D=- wrote: >>> Maybe you just don't need to remove anything at all but just move them to >>> another folder that does the same goal. >>> For *-release-*.rpm, again it is explained itself. >>> >>> Xlord >>> >>> -Original Message- >>> From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of >>> Alvin >>> Starr >>> Sent: Tuesday, March 21, 2017 1:45 AM >>> To: centos-virt@centos.org >>> Subject: [CentOS-virt] grub-bootxen.sh >>> >>> This is not abit issue just a minor annoyance. >>> >>> I use Foreman to provision my systems and to keep control I remove all >>> the >>> default *.repo files andkeep away from installing more *.repo files so >>> I can >>> control the content via the foreman(katello) provided redhat.repo. >>> >>> I would argue that the *-release-*.rpm should not contain any setup code >>> but just the stuff in /etc/yum.repos.d. >>> >>> > > > > ___ > CentOS-virt mailing list > CentOS-virt@centos.org > https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || signature.asc Description: OpenPGP digital signature ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] grub-bootxen.sh
I actually move the default *.repo files and replace them with "". The thing is that Katello turns all the downloaded yum content into a single redhat.repo file and I don't have to install any more *-release-* rpms any more. I would argue that I should not need to install any *-release-* rpms at all to get all the required software. On 03/22/2017 09:34 AM, -=X.L.O.R.D=- wrote: Maybe you just don't need to remove anything at all but just move them to another folder that does the same goal. For *-release-*.rpm, again it is explained itself. Xlord -Original Message- From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of Alvin Starr Sent: Tuesday, March 21, 2017 1:45 AM To: centos-virt@centos.org Subject: [CentOS-virt] grub-bootxen.sh This is not abit issue just a minor annoyance. I use Foreman to provision my systems and to keep control I remove all the default *.repo files andkeep away from installing more *.repo files so I can control the content via the foreman(katello) provided redhat.repo. I would argue that the *-release-*.rpm should not contain any setup code but just the stuff in /etc/yum.repos.d. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] grub-bootxen.sh
This is not abit issue just a minor annoyance. I use Foreman to provision my systems and to keep control I remove all the default *.repo files andkeep away from installing more *.repo files so I can control the content via the foreman(katello) provided redhat.repo. I would argue that the *-release-*.rpm should not contain any setup code but just the stuff in /etc/yum.repos.d. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Fwd: Centos 6 AMI does not support c4-8xlarge
I have yet to try this but I believe you can take a snapshot of the image after it is first installed. Then attach the snapshot to another VM and copy the data to a new volume. That new volume could then be used to create another AMI that you can deploy as you see fit. On 09/07/2016 10:38 AM, John Peacock wrote: One of the things suboptimal with Marketplace images is that the author can limit which instance types are allowed with the AMI and there is no way to override that. We are using Centos 6.8 for our deployments, but we need to move to the c4.8xlarge type, but that is not a permitted option for the "CentOS 6 (x86_64) - with Updates HVM" AMI. Is there any way we could get that image refreshed to support the largest image type? We really need the 10G networking for our application. Thanks in advance John -- JOHN PEACOCK senior software build and release engineer tel 877-887-3031 mobile 240-429-9334 email john.peac...@sparkpost.com <mailto:john.peac...@sparkpost.com> ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] migrating from xend to libxl after xen 4.6.1
I believe that the native xemd config files for xen still mostly work. I found the move reasonably painless but I was mostly using libvirt. What is the problem your are having? On 04/16/2016 12:40 PM, rgritzo wrote: > so i guess i was not paying too close attention and upgraded to xen 4.6.1 > before i migrated my domU configurations to libxl :{ > > i have tried for a couple of hours this morning to find a way to do the > conversion in a post xend world, but can’t seem to do it. > I still have all my disk images, and i see the domain config.sxp > configuration files in /var/lib/xend/domains/ but i am not enough of a > xen expert to figure out how to migrate those. > > is there a simple way to move to libxl now that xend is gone and i did not > dump the xml files? > > thanks in advance… > > r. > -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Garbled screen after RAM Scrub on boot
I get the same effect of screen blank on memory scrub. Just as a test try turning off the memory scrub in the xen boot options. I wonder if xen overwrites the video-ram memory as its cleaning up. On 02/22/2016 01:06 PM, Scot P. Floess wrote: Francis, I just rebooted my Precision 470 and watched...nothing :( I see the boot menu, and then everything goes blank - as in just a blinking cursor until I get the login prompt. No idea what it's doing - but I don't even see the scrubbing free memory output... On Mon, 22 Feb 2016, Francis Greaves wrote: Yes I usually work headless, but I have been setting it up from new, so need to see what is going on. Regards Francis _ From: "Scot P. Floess" <sflo...@nc.rr.com> To: "Francis Greaves" <fran...@choughs.net> Cc: "centos-virt" <centos-virt@centos.org> Sent: Monday, 22 February, 2016 17:02:12 Subject: Re: [CentOS-virt] Garbled screen after RAM Scrub on boot When I was running Fedora 23 and using Xen (as the host OS), I saw something similar on my Dell Precision 470. I don't recall seeing it now with CentOS 7, but I tend to boot that machine headless more than not... On Mon, 22 Feb 2016, Francis Greaves wrote: > Dear All > I am using Centos 7 with Xen 4.6 on a Dell Poweredge T430 > When the machine boots, after the 'Scrubbing Free RAM' message, I get a screen filled with little white squares until the login prompt, so I cannot see > what is happening as the machine boots. Also there is nothing on the screen when I reboot. > > My /etc/default/grub is > > GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" > GRUB_DEFAULT=saved > GRUB_DISABLE_SUBMENU=true > GRUB_CMDLINE_LINUX="crashkernel=auto rhgb intremap=no_x2apic_optout" > GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=13312M,max:14336M dom0_max_vcpus=6 dom0_vcpus_pin" > GRUB_GFXMODE=1024x768 > GRUB_GFXPAYLOAD_LINUX=keep > GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT="console=hvc0 earlyprintk=xen nomodeset" > > I have tried setting (for a 1024x768 resolution) vga=792 in the GRUB_CMDLINE_LINUX and commenting out GRUB_GFXMODE and GRUB_GFXPAYLOAD_LINUX, but this > makes no difference > > What am I doing wrong? > > Regards > Francis > > Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] KVM
You need to provide more information. 20% is what number. There are something like 6 numbers on that line. On 02/08/2016 02:56 PM, Gokan Atmaca wrote: If you run top what are you seeing on the %Cpu(s) line? %20 On Mon, Feb 8, 2016 at 9:30 PM, Alvin Starr <al...@netvel.net> wrote: Slow disks will show up as higher I/Owait times. If your seeing 99% cpu usage then your likely looking at some other problem. If you run top what are you seeing on the %Cpu(s) line? On 02/08/2016 02:20 PM, Gokan Atmaca wrote: I'm guessing you're using standard 7,200rpm platter drives? You'll need to share more information about your environment in order for us to provide useful feedback. Usually though, the answer is 'caching' and/or 'faster disks'. Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a preference for slightly more capacity. Unfortunately very expensive SAS drives. But this works only if the server in question occur. In this case, about 15 minutes. progress. On Mon, Feb 8, 2016 at 9:13 PM, Digimer <li...@alteeve.ca> wrote: On 08/02/16 02:12 PM, Gokan Atmaca wrote: Hello I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very increases. It consumes up to 99%. For this reason, slowing down the other virtual machine. What should I do to solve the problem. ? Thanks.. I'm guessing you're using standard 7,200rpm platter drives? You'll need to share more information about your environment in order for us to provide useful feedback. Usually though, the answer is 'caching' and/or 'faster disks'. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] KVM
Slow disks will show up as higher I/Owait times. If your seeing 99% cpu usage then your likely looking at some other problem. If you run top what are you seeing on the %Cpu(s) line? On 02/08/2016 02:20 PM, Gokan Atmaca wrote: I'm guessing you're using standard 7,200rpm platter drives? You'll need to share more information about your environment in order for us to provide useful feedback. Usually though, the answer is 'caching' and/or 'faster disks'. Yes , 7.2k rpm disks. 2T mirror (soft). In fact, I had such a preference for slightly more capacity. Unfortunately very expensive SAS drives. But this works only if the server in question occur. In this case, about 15 minutes. progress. On Mon, Feb 8, 2016 at 9:13 PM, Digimer <li...@alteeve.ca> wrote: On 08/02/16 02:12 PM, Gokan Atmaca wrote: Hello I use KVM. In a virtual machine "jbd2 dm-0" disk I / O is very increases. It consumes up to 99%. For this reason, slowing down the other virtual machine. What should I do to solve the problem. ? Thanks.. I'm guessing you're using standard 7,200rpm platter drives? You'll need to share more information about your environment in order for us to provide useful feedback. Usually though, the answer is 'caching' and/or 'faster disks'. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] c7 xen-4.6 crash.
SI/MSI-X (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K (XEN) CPU: L2 cache: 4096K (XEN) CPU: Physical Processor ID: 0 (XEN) CPU: Processor Core ID: 0 (XEN) CMCI: CPU0 has no CMCI support (XEN) CPU0: Thermal monitoring enabled (TM2) (XEN) Intel machine check reporting enabled (XEN) Using scheduler: SMP Credit Scheduler (credit) (XEN) Initializing CPU#0 (XEN) Detected 2992.579 MHz processor. (XEN) Initing memory sharing. (XEN) alt table 82d0802b8c50 -> 82d0802b9ff4 (XEN) PCI: MCFG configuration 0: base e000 segment buses 00 - 25 (XEN) PCI: MCFG area at e000 reserved in E820 (XEN) PCI: Using MCFG for segment bus 00-25 (XEN) I/O virtualisation disabled (XEN) CPU0: Intel(R) Xeon(R) CPU5160 @ 3.00GHz stepping 06 (XEN) ENABLING IO-APIC IRQs (XEN) -> Using new ACK method (XEN) ..TIMER: vector=0xF0 apic1=0 pin1=2 apic2=-1 pin2=-1 (XEN) Platform timer is 14.318MHz HPET (XEN) Allocated console ring of 32 KiB. (XEN) mwait-idle: does not run on family 6 model 15 (XEN) VMX: Supported advanced features:ing 06 (XEN) CPU 2 APIC 6 -> Node 0 (XEN) Booting processor 2/6 eip 8a000 (XEN) Initializing CPU#2 (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K (XEN) CPU: L2 cache: 4096K (XEN) CPU: Physical Processor ID: 3 (XEN) CPU: Processor Core ID: 0 (XEN) CMCI: CPU2 has no CMCI support (XEN) CPU2: Thermal monitoring enabled (TM2) (XEN) CPU2: Intel(R) Xeon(R) CPU5160 @ 3.00GHz stepping 06 (XEN) [ Xen-4.6.0-9.el7 x86_64 debug=n Not tainted ] (XEN) CPU:2 (XEN) RIP:e008:[] set_cpu_sibling_map+0x39/0x340 (XEN) RFLAGS: 00010006 CONTEXT: hypervisor (XEN) rax: 0020 rbx: 0200 rcx: 0037a6cb1580 (XEN) rdx: 0003 rsi: rdi: 0002 (XEN) rbp: 00c8 rsp: 830826fb7e90 r8: 0037a6cb1580 (XEN) r9: 0037a6cb1580 r10: 0007 r11: 0001 (XEN) r12: 0002 r13: 0002 r14: (XEN) r15: cr0: 8005003b cr4: 26e0 (XEN) cr3: bfc7 cr2: 0020 (XEN) ds: es: fs: gs: ss: cs: e008 (XEN) Xen stack trace from rsp=830826fb7e90: (XEN)82d0802f4380 0012 0100801ad2d1 (XEN)82d0802f4380 00c8 0002 (XEN)0002 82d08018213c (XEN) 0001 (XEN) (XEN) (XEN) (XEN) (XEN) (XEN) (XEN) 0002 8300bffa5000 (XEN)0037a6cb1580 (XEN) Xen call trace: (XEN)[] set_cpu_sibling_map+0x39/0x340 (XEN)[] start_secondary+0x1bc/0x260 (XEN) (XEN) Pagetable walk from 0020: (XEN) L4[0x000] = 00083d21c063 (XEN) L3[0x000] = 00083d21b063 (XEN) L2[0x000] = 00083d21a063 (XEN) L1[0x000] = (XEN) (XEN) (XEN) Panic on CPU 2: (XEN) FATAL PAGE FAULT (XEN) [error_code=0002] (XEN) Faulting linear address: 0020 (XEN) (XEN) (XEN) Reboot in five seconds... (XEN) Resetting with ACPI MEMORY or I/O RESET_REG. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] CentOS 6 Virt SIG Xen 4.6 packages available in centos-virt-xen-testing
itch to Xen 4.6. If they don't follow centos-virt, they may not notice that there's a new package to upgrade to. I'm a developer, not a server admin, so I can't gauge how important this issue is. Before making such a change, I'd like to hear opinions from other people in the community about how important (or not) it is to avoid breaking xm, given the ample warning (>1 year) users have had. On the other hand, explicitly moving to a "xen${VER}" (both for C6 and C7) would make it simpler for people to step up and maintain older versions in parallel if anybody wanted to do so. Thanks again, Peter, for bringing this up. Peace, -George ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] OT: adding a wifi adapter to openvswitch
Actually I do a similar thing. I use a VM as my home/office firewall. It works quite well and I would argue it is as secure as your standard firewall based on something like openWRT running on dedicated hardware. I also run a wireless AP in bridged mode to allow local network access on an appliance. There should be no reason that you could not put both on the same physical hardware. As for the openvswitch original question. Openvswitch has an API that you can access to manage your traffic along with supporting Openflow. If you can get events from your wireless interface then you could write some programs to connect to the switch API. I am not sure the overall result is worth the effort but it will teach you lots about your wifi interface and Openvswitch. On 09/24/2015 06:59 AM, Dmitry E. Mikhailov wrote: On 09/24/2015 03:21 PM, C. L. Martinez wrote: Thanks Dimitry, but I use wlan0 or eth0 to connect my laptop to different networks. I use a vm as fw and I would like to have all vms and laptop behind this fw vm guest. Another option is to assign an IP to these interfaces and natting all to this fw vm ... but I don't like this option It isn't going to be safe, simple and reliable. You won't have anything like 'NetworkManager' on the laptop host OS. It either should be heavily scripted or not done at all. You could write some fancy ebtables rules to do one-to-one MAC mapping between the fw VM interface and host interface and run DHCP client on the fw VM. On the host you'd have static route to another fw VM interface. But I can't imagine all the hotplug event scripting. How could fw VM find out if it's time to (re-)run DHCP client? How would you configure WPA keys on the host. How would find out if WiFi is disconnected, cable is connected and it's time to redo MAC mapping with another MAC address? Without some real effort it's going to be fully(partly?) manual config with wpa_supplicant, ebtables and ssh'ing to fw VM involved. I doubt I would like to change from NetworkManager to this stuff instead. That's why they do https://www.anonabox.com/ Otherwise you can get some OpenWRT on a commodity router to run some VPN or T#r or some other funny stuff ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] poor performance with dom0 on centos7
run mount -v on your old system and on the new system. Look for differences in the NFS mounts. On 09/17/2015 05:06 AM, Christoph wrote: Am 2015-09-17 09:29, schrieb Pasi Kärkkäinen: Are you using nfs over UDP or TCP ? TCP, but Network cant be the bottleneck, have tested it with iperf between bare metal/domU's and the nfs domU and it was perfectly fast... I don't think. If you used NFS over UDP, try running it over TCP. no I use it over TCP... What does 'top' and/or 'iostat -x 1' say during the 'benchmark' ? top: top - 09:01:12 up 22:45, 1 user, load average: 1,97, 2,01, 1,99 Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie %Cpu0 : 0,3 us, 1,0 sy, 0,0 ni, 91,4 id, 7,3 wa, 0,0 hi, 0,0 si, 0,0 st %Cpu1 : 0,0 us, 0,0 sy, 0,0 ni,100,0 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st %Cpu2 : 0,0 us, 0,0 sy, 0,0 ni,100,0 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st %Cpu3 : 0,0 us, 0,3 sy, 0,0 ni, 13,0 id, 86,7 wa, 0,0 hi, 0,0 si, 0,0 st KiB Mem : 1013016 total,19548 free, 591456 used, 402012 buff/cache KiB Swap: 1048572 total, 990776 free,57796 used. 353468 avail Mem iostat: avg-cpu: %user %nice %system %iowait %steal %idle 0,000,000,00 50,000,00 50,00 Device: rrqm/s wrqm/s r/s w/srkB/swkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util xvda 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdb 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdc 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdd 0,00 0,000,00 26,00 0,00 2336,00 179,6969,31 1060,620,00 1060,62 38,46 100,00 xvde 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdf 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdg 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdh 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdi 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 xvdj 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 dm-0 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 dm-1 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 dm-2 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 dm-3 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 dm-4 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 dm-5 0,00 0,000,000,00 0,00 0,00 0,0069,310,000,000,00 0,00 100,00 dm-6 0,00 0,000,000,00 0,00 0,00 0,00 0,000,000,000,00 0,00 0,00 so not really a problem... -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Beta CentOS 7 Xen packages available
On 09/08/2015 10:58 AM, Konrad Rzeszutek Wilk wrote: > On Tue, Sep 08, 2015 at 10:50:57AM -0400, Alvin Starr wrote: >> FIrstly Centos is primarily a RHEL clone. >> This means that the primary design decisions are to be as RHEL like as >> possible. >> After that there are additions and upgrades. >> >> Secondly Fedora does not actively support Xen. > Nonsense. Have you done 'yum install xen' ? Sorry. I mis-spoke there. I should have said RedHad does not actively support Xen. > >> As a long time Xen and RH/Fedora user I have spent lots of time >> building/rebuilding broken/missing packages in Fedora. >> Quite frankly Xen under Fedora is somewhat broken. > It is? Please open bugs and CC me on them (ketuzs...@darnok.org) CPU features/flags are just outright is not there. I tend to run into the problems as I am trying to use Xen for my development environment. I have posted fixes and bugs in the past and will in the future. But Xen/Centos does not have a big dedicated development or a small one for that matter. So Xen development will lag a bit. This is not a criticism but just a fact of life. > >> Libvirt support for KVM is very good because RH pays people to support KVM. >> Xen under the old config format has reasonable support(possibly 60% of >> features) but under libxl the support is much worse (possibly 30% of >> features). > Please file bugs so we can figure out which ones are missing. When I fight my way through my current provisioning environment I will be likely posting more bugs. I have to admit that I am not the best contributor because often I just fix the bugs. Partly because being outside the community learning all the nuances of posting fixes is way more effort than just fixing them. > >> Thirdly RedHat has been active at times to remove Xen support in favour >> of KVM(Their own virtualization technology). > Not sure I follow as Fedora does not make this distinction. As of the last time I checked you could not build a RedHat 7 kernel with Xen enabled. The point to be made is that Fedora is not RHEL and Centos is more like RHEL. So comparing Centos to Fedora is like complaining that RHEL should support all the current Fedora packages/features. There is a relationship between all of them but they are not the same. > >> Xen has been driven to some extents by the needs of Citrix and although >> they have helped others build packages for Fedora and libvirt its a good >> will effort and its hard to expect Citrix to spend effort on work that >> may not be in their best corporate interests. >> >> >> >> >> On 09/08/2015 09:02 AM, Itamar Reis Peixoto wrote: >>> >>>> not fragment to a bunch of different individual people making a bunch of >>>> different RPM sets that the community does not know who produces, etc. >>>> >>> what you're doing its a complete crap, what you said is different from >>> what you did, why you' (centos virt sig) not contributed to the work >>> of fedora guys instead of reinventing the wheel ? >>> >>> >>> >>> ___ >>> CentOS-virt mailing list >>> CentOS-virt@centos.org >>> https://lists.centos.org/mailman/listinfo/centos-virt >> >> -- >> Alvin Starr || voice: (905)513-7688 >> Netvel Inc. || Cell: (416)806-0133 >> al...@netvel.net || >> >> ___ >> CentOS-virt mailing list >> CentOS-virt@centos.org >> https://lists.centos.org/mailman/listinfo/centos-virt > ___ > CentOS-virt mailing list > CentOS-virt@centos.org > https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Beta CentOS 7 Xen packages available
FIrstly Centos is primarily a RHEL clone. This means that the primary design decisions are to be as RHEL like as possible. After that there are additions and upgrades. Secondly Fedora does not actively support Xen. As a long time Xen and RH/Fedora user I have spent lots of time building/rebuilding broken/missing packages in Fedora. Quite frankly Xen under Fedora is somewhat broken. Libvirt support for KVM is very good because RH pays people to support KVM. Xen under the old config format has reasonable support(possibly 60% of features) but under libxl the support is much worse (possibly 30% of features). Thirdly RedHat has been active at times to remove Xen support in favour of KVM(Their own virtualization technology). Xen has been driven to some extents by the needs of Citrix and although they have helped others build packages for Fedora and libvirt its a good will effort and its hard to expect Citrix to spend effort on work that may not be in their best corporate interests. On 09/08/2015 09:02 AM, Itamar Reis Peixoto wrote: > > > > not fragment to a bunch of different individual people making a bunch of > > different RPM sets that the community does not know who produces, etc. > > > > what you're doing its a complete crap, what you said is different from > what you did, why you' (centos virt sig) not contributed to the work > of fedora guys instead of reinventing the wheel ? > > > > ___ > CentOS-virt mailing list > CentOS-virt@centos.org > https://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Live migration using shared storage in different networks
A couple of comments. Take a look at http://whiteboxswitch.com/ or do a general search for white box switches. Migration will work so long as the storage is consistent between the two KVM hosts. If there is buffering or caching going on you could have problems. Something like GFS or NFS will work. I have used DRBD to setup a simple 2 node system and migration works quite nicely. Take a look at ProxMox or some of the postings on alteeve.ca. A good place to start would be https://alteeve.ca/w/2-Node_Red_Hat_KVM_Cluster_Tutorial On 07/06/2015 07:58 AM, Miguel Barbosa Gonçalves wrote: Hi! I am building a KVM cluster that needs VM live migration. My shared storage as well as the KVM hosts will be running CentOS. Because 10 Gbps Ethernet switches are very expensive at the moment I will connect the KVM hosts to the storage by cross-over cables and create private networks for each connection (10.0.0.0/30 and 10.0.0.4/30). The following diagram shows the topology Management ManagementManagement VLAN VLAN VLAN | | | ++-+ 10 Gbps +++ 10 Gbps ++-+ | KVM Host |---| Storage |---| KVM Host | ++-+ +++ ++-+ | | | Public PublicPublic VLAN VLAN VLAN My question is: will live migration work in this configuration since the storage will have 2 different IP addresses (10.0.0.1 and 10.0.0.5) in 2 different networks even though it is the same storage? Thanks! ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 al...@netvel.net || ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt