CentOS virt - Feb 2009 - Mixed dom0/domU usage?

Hi,
I'm wondering about the impact of using both dom0 and domU's on a server
at
the same time. I'm worried about the performance impact of running a Mysql 
server in a domU and now I'm thinking about moving the Mysql part of a LAMP 
setup into dom0 and running a few Apache guests as domUs. Since the Apaches 
will serve mostly from an NFS share they won't have much impact on the disk 
i/o so the database should be able to utilize the local storage without 
much interference from the guests. The plan is to limit dom0 to let's say 
4gb of ram and then use the rest of it for the VMs.

Has anyone experinece with this kind of "mixed" setup
(physical/virtual).
Are there any known problems with this approach?

Regards,
   Dennis

On Wed, Feb 4, 2009 at 10:03 AM, Dennis J. <dennisml at conversis.de>
wrote:
>
> I'm wondering about the impact of using both dom0 and domU's on a
server at
> the same time. I'm worried about the performance impact of running a
Mysql
> server in a domU and now I'm thinking about moving the Mysql part of a
LAMP
> setup into dom0 and running a few Apache guests as domUs. Since the Apaches
> will serve mostly from an NFS share they won't have much impact on the
disk
> i/o so the database should be able to utilize the local storage without
> much interference from the guests. The plan is to limit dom0 to let's
say
> 4gb of ram and then use the rest of it for the VMs.
>
> Has anyone experinece with this kind of "mixed" setup
(physical/virtual).
> Are there any known problems with this approach?
Hi,

On a performance level it shouldn't make that much of a difference.
But a domU will have some more overhead in I/O. So it make sence to
run your DB in the dom0.

The only thing to remember is that when something happens to your dom0
the domU's will most likely also be impacted. So that your need to
keep in the back of your head.

Regards,
Tim

-- 
Tim Verhoeven - tim.verhoeven.be at gmail.com - 0479 / 88 11 83

Hoping the problem  magically goes away  by ignoring it is the
"microsoft approach to programming" and should never be allowed.
(Linus Torvalds)

++ 04/02/09 10:03 +0100 - Dennis J.:
>Has anyone experinece with this kind of "mixed" setup
(physical/virtual).
>Are there any known problems with this approach?
Dennis,

the dom0 and domU's are both virtual machines on top of the Xen hypervisor.
In
short, the only difference between the two is that dom0 has additional
permissions to control the hypervisor (and thus it has xend and the other
management tools). The performance should therefore be equal in dom0 and domU.

All the best,
Henrik

-- 
Henrik Holmboe, Stockholm, Sweden
<http://henrik.holmboe.se/contact/>

Dennis J. wrote:
> Hi,
> I'm wondering about the impact of using both dom0 and domU's on a
server at
> the same time. I'm worried about the performance impact of running a
Mysql
> server in a domU and now I'm thinking about moving the Mysql part of a
LAMP
> setup into dom0 and running a few Apache guests as domUs. Since the Apaches
> will serve mostly from an NFS share they won't have much impact on the
disk
> i/o so the database should be able to utilize the local storage without 
> much interference from the guests. The plan is to limit dom0 to let's
say
> 4gb of ram and then use the rest of it for the VMs.
>
> Has anyone experinece with this kind of "mixed" setup
(physical/virtual).
> Are there any known problems with this approach?
>   
Go ahead, performance wise there is not much difference. I have a 
machine which runs 2 oracle instances (in separate domUs) + some other 
stuff in other VMs
Just make sure that your network card has a very good quality.  Do not 
even think about realtek and if possible avoid Broadcom. I've never 
heard anyone complaining about Intel.

----- "Dennis J." <dennisml at conversis.de> wrote:
> Hi,
> I'm wondering about the impact of using both dom0 and domU's on a
> server at 
> the same time. I'm worried about the performance impact of running a
> Mysql 
> server in a domU and now I'm thinking about moving the Mysql part of a
> LAMP 
> setup into dom0 and running a few Apache guests as domUs. Since the
> Apaches 
> will serve mostly from an NFS share they won't have much impact on the
> disk 
> i/o so the database should be able to utilize the local storage
> without 
> much interference from the guests. The plan is to limit dom0 to let's
> say 
> 4gb of ram and then use the rest of it for the VMs.
> 
> Has anyone experinece with this kind of "mixed" setup
> (physical/virtual). 
> Are there any known problems with this approach?
Running processes in dom0 that aren't for running Xen is going to destroy
your domU I/O performance.  The backends are just processes.  If you take time
away from those processes for other things, performance will suffer.  You should
run some load tests and see if it suits your model, though.

Running the MySQL process in dom0 isn't going to get you very much of a
performance boost if your MySQL configuration is tuned properly, either.

-- 
Christopher G. Stach II

Dennis J. wrote on Wed, 04 Feb 2009 10:03:36 +0100:
> I'm wondering about the impact of using both dom0 and domU's on a
server at
> the same time. I'm worried about the performance impact of running a
Mysql
> server in a domU and now I'm thinking about moving the Mysql part of a
LAMP
> setup into dom0
I do not see any problems with MySQL on domUs. Works just fine.

Kai

-- 
Kai Sch?tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

----- "Kai Schaetzl" <maillists at conactive.com> wrote:
> Ben Montanelli wrote on Wed, 04 Feb 2009 11:50:04 -0500:
> 
> > I guess many of us want the optimized "grail" dom0.
> 
> There is none. It depends on your needs.
This is pretty close to one. :)  I also attached a trimmed down version of the
kickstart config I use for dom0s.  Some of it is irrelevant to many people, but
I figured someone would find something useful in it, like fixing some of the
brokenness.  Some of the packages (like the ones for NTP, MD RAID, IPMI, LUKS,
and iSCSI) can be removed if you don't need them.  ntpd and snmpd can be
disabled if you don't need/use them, or for security policy reasons, as
well.

dom0 services:

srv1:[1:13pm]:120:~# chkconfig --list | grep :on
acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
edac            0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
libvirtd        0:off   1:off   2:off   3:on    4:on    5:on    6:off
lm_sensors      0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:off   2:on    3:on    4:off   5:on    6:off
xend            0:off   1:off   2:on    3:on    4:on    5:on    6:off
xendomains      0:off   1:off   2:off   3:on    4:on    5:on    6:off

dom0 kickstart:

[...]
services --disabled=avahi-daemon,gpm,haldaemon,kudzu,messagebus,netfs
--enabled=ntpd,snmpd
[...]

%packages --nobase
@core
xen
kernel-xen
libvirt
postfix
ntp
net-snmp
sudo
sysstat
rsync
tcpdump
tcsh
bzip2
man
lsof
smartmontools
mailx
screen
vim-enhanced
isns-utils
iscsi-initiator-utils
cryptsetup-luks
vconfig
acpid
audit
cpuspeed
mdadm
psacct
xorg-x11-xauth
edac-utils
memtest86+
patch
which
yum-protectbase
OpenIPMI
OpenIPMI-tools

%post

touch /.autorelabel

sed -i '/^\[/aprotect=1' /etc/yum.repos.d/CentOS-Base.repo

cat << _EOF_ >> /etc/sysctl.conf

net.core.rmem_max = 1048576
net.core.rmem_default = 1048576
net.core.wmem_max = 1048576
net.core.wmem_default = 1048576

vm.swappiness = 1

_EOF_

cat << _EOF_ > /etc/snmp/snmpd.conf
[...]
# This is so SNMP reports correct interface rates
interface bond0 161 1000000000
interface bond0.10 135 1000000000
interface bond0.20 135 1000000000
interface bond0.30 135 1000000000
interface bond0.40 135 1000000000
interface bond0.101 135 1000000000
[...]
_EOF_

sed -i 's/^[ \t]*LoginGraceTime.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*PermitRootLogin.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*MaxAuthTries.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*PasswordAuthentication.*/#&/g' /etc/ssh/sshd_config
sed -i 's/^[ \t]*MaxStartups.*/#&/g' /etc/ssh/sshd_config

cat << _EOF_ >> /etc/ssh/sshd_config

LoginGraceTime 1m
PermitRootLogin forced-commands-only
MaxAuthTries 2
PasswordAuthentication no
MaxStartups 2
_EOF_

sed -i 's#kernel /xen.*#& dom0_mem=2G#' /boot/grub/grub.conf

sed -i 's#module /vmlinuz.*#& elevator=deadline#'
/boot/grub/grub.conf

cat << _EOF_ >> /etc/modprobe.conf
alias bond0 bonding
options bond0 mode=balance-rr miimon=100 updelay=1000
options netloop nloopbacks=64
options forcedeth max_interrupt_work=10
_EOF_

touch /etc/sysconfig/iptables

sed -i -r 's/^IPTABLES_MODULES=.*/#&/'
/etc/sysconfig/iptables-config

sed -i -r '/^#IPTABLES_MODULES=.*/a \IPTABLES_MODULES=""'
/etc/sysconfig/iptables-config

cat << _EOF_ > /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
_EOF_

cat << _EOF_ > /etc/sysconfig/network-scripts/ifcfg-bond0.10
DEVICE=bond0.10
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
VLAN=yes
BRIDGE=br10
_EOF_

cat << _EOF_ > /etc/sysconfig/network-scripts/ifcfg-br10
DEVICE=br10
TYPE=Bridge
BOOTPROTO=static
BROADCAST=<xxx>
IPADDR=<xxx>
NETMASK=<xxx>
NETWORK=<xxx>
IPV6INIT=yes
IPV6_AUTOCONF=yes
ONBOOT=yes
DELAY=0
STP=on
_EOF_

sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth0

cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_

sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth1

cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_

sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth2

cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth2
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_

sed -i -r '/^(HWADDR=|#)/!d' /etc/sysconfig/network-scripts/ifcfg-eth3

cat << _EOF_ >> /etc/sysconfig/network-scripts/ifcfg-eth3
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
_EOF_

sed -i -r 's/(SYNC_HWCLOCK=).*/\1yes/' /etc/sysconfig/ntpd

cat << _EOF_ > /root/xendomains.patch
--- /etc/init.d/xendomains.dist 2008-11-04 09:57:48.000000000 -0600
+++ /etc/init.d/xendomains      2008-11-04 09:58:30.000000000 -0600
@@ -175,9 +175,9 @@

 parseln()
 {
-    name=\`echo "\$1" | cut -c0-17\`
+    name=\`echo "\$1" | cut -d' ' -f1\`
     name=\${name%% *}
-    rest=\`echo "\$1" | cut -c18- \`
+    rest=\`echo "\$1" | cut -d' ' -f2-\`
     read id mem cpu vcpu state tm < <(echo "\$rest")
 }

_EOF_

patch -p0 < /root/xendomains.patch

mv /etc/xen/xend-config.sxp /etc/xen/xend-config.sxp.dist

cat << _EOF_ > /etc/xen/xend-config.sxp
# -*- sh -*-

(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-relocation-server yes)
(xend-relocation-port 8002)
(xend-relocation-address '<xxx>')
(xend-relocation-hosts-allow '^localhost\$ ^localhost\\\\.localdomain\$
^<xxx>\$')
(network-script /bin/true)
(vif-script vif-bridge)
(dom0-min-mem 768)
(dom0-cpus 1)
(vncpasswd '')

_EOF_

sed -i -r 's/^XENDOMAINS_SAVE=.*/#&/' /etc/sysconfig/xendomains

sed -i '/^#XENDOMAINS_SAVE=/a \XENDOMAINS_SAVE='
/etc/sysconfig/xendomains

rm -f /etc/libvirt/qemu/networks/autostart/default.xml

mkdir /root/.ssh

cat << _EOF_ > /root/.ssh/authorized_keys
command="/usr/bin/virt-manager" ssh-rsa <xxx> <xxx>
_EOF_

%end

-- 
Christopher G. Stach II