Has anyone got Xen working with say, SELinux? Or vserver? Wesley Parish -- Clinesterton Beademung - in all of love. Mau e ki, "He aha te mea nui?" You ask, "What is the most important thing?" Maku e ki, "He tangata, he tangata, he tangata." I reply, "It is people, it is people, it is people." ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! apachecon.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/xen-devel
>Has anyone got Xen working with say, SELinux? Or vserver?We''ve not tried SELinux, but the vserver patch applies cleanly to xenolinux and hence you can do ''two levels of virtualisation'' aka k vservers on n xenolinux-es on 1 xen. cheers, S.
Oh well, I''ll have to try it then. I''m interested in getting a set of fully secure Linuces running a set of RDBMSes, with application servers on top of those. Anyone hazzard a guess as to how much memory I''ll be needing? I''m certain at least half a GB - but would that be per XenLinux instance? Wesley Parish P.S. I was forgetting - what''s the latest Linux 2.x.x that people have had running on Xen? On Wed, 12 Nov 2003 21:10, Steven Hand wrote:> >Has anyone got Xen working with say, SELinux? Or vserver? > > We''ve not tried SELinux, but the vserver patch applies cleanly > to xenolinux and hence you can do ''two levels of virtualisation'' > aka k vservers on n xenolinux-es on 1 xen. > > cheers, > > S. > > > ------------------------------------------------------- > This SF.Net email sponsored by: ApacheCon 2003, > 16-19 November in Las Vegas. Learn firsthand the latest > developments in Apache, PHP, Perl, XML, Java, MySQL, > WebDAV, and more! apachecon.com > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > lists.sourceforge.net/lists/listinfo/xen-devel-- Clinesterton Beademung - in all of love. Mau e ki, "He aha te mea nui?" You ask, "What is the most important thing?" Maku e ki, "He tangata, he tangata, he tangata." I reply, "It is people, it is people, it is people."
On Thu, Nov 13, 2003 at 10:05:57PM +1300, Wesley Parish wrote:> Oh well, I''ll have to try it then. I''m interested in getting a set of fully > secure Linuces running a set of RDBMSes, with application servers on top of > those. > > Anyone hazzard a guess as to how much memory I''ll be needing? I''m certain at > least half a GB - but would that be per XenLinux instance?This relates to something I bumped up against: with the current snapshot, I''ve only been able to allocate about 800MB for domain0. I am also able to allocate ~800MB for a virtual domain. This is on a machine with 2GB of physical memory, another 4GB of swap. When I tried to create another 800MB virtual doamin, I got an error. So, it seems that you''re constained by physical memory, as well as no high memory (4GB support) yet in the kernel. Why I can only get ~800MB, rather than a full 2GB, for a particular domain is something the developers are aware of. Bottom line: get enough RAM for each domain (domain0 + virtuals) to share, but the limit will be ~2GB. When high memory support is added, I understand the limit will be 4GB total (since that''s all the domain0 can address). So, for a new system, 4GB would be the max that Xen can effectively utilize in the immediate future. Or maybe I''m wrong - I''m still trying to learn all this stuff. How, or whether, Xen is able to utilize swap space is not clear to me. But my advice is to consider everything to operate in "real" mode (i.e., no swap at all) -- it''s a good way of having enough memory, even if swapping is available.> Wesley Parish > > P.S. I was forgetting - what''s the latest Linux 2.x.x that people have had > running on Xen?It''s 2.4.22 (patched, of course). -- Greg> On Wed, 12 Nov 2003 21:10, Steven Hand wrote: > > >Has anyone got Xen working with say, SELinux? Or vserver? > > > > We''ve not tried SELinux, but the vserver patch applies cleanly > > to xenolinux and hence you can do ''two levels of virtualisation'' > > aka k vservers on n xenolinux-es on 1 xen. > > > > cheers, > > > > S. > > > > > > ------------------------------------------------------- > > This SF.Net email sponsored by: ApacheCon 2003, > > 16-19 November in Las Vegas. Learn firsthand the latest > > developments in Apache, PHP, Perl, XML, Java, MySQL, > > WebDAV, and more! apachecon.com > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.sourceforge.net > > lists.sourceforge.net/lists/listinfo/xen-devel > > -- > Clinesterton Beademung - in all of love. > Mau e ki, "He aha te mea nui?" > You ask, "What is the most important thing?" > Maku e ki, "He tangata, he tangata, he tangata." > I reply, "It is people, it is people, it is people." > > > ------------------------------------------------------- > This SF.Net email sponsored by: ApacheCon 2003, > 16-19 November in Las Vegas. Learn firsthand the latest > developments in Apache, PHP, Perl, XML, Java, MySQL, > WebDAV, and more! apachecon.com > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > lists.sourceforge.net/lists/listinfo/xen-devel
> Bottom line: get enough RAM for each domain (domain0 + virtuals) > to share, but the limit will be ~2GB. When high memory support > is added, I understand the limit will be 4GB total (since that''s > all the domain0 can address). So, for a new system, 4GB would > be the max that Xen can effectively utilize in the immediate future.We are unlikely to support more than 4GB total memory on x86. Instead we may port Xen to a 64-bit architecture such as Opteron. Adding 4GB high-memory support to Linux shouldn''t be that hard. Lack of this support is why currently you can''t give a domain more than 800MB. We plan to fix this soon.> Or maybe I''m wrong - I''m still trying to learn all this stuff. > How, or whether, Xen is able to utilize swap space is not clear > to me. But my advice is to consider everything to operate > in "real" mode (i.e., no swap at all) -- it''s a good way of > having enough memory, even if swapping is available.When you specify the memory parameter for a new domain, you are specifying a precise allocation of real memory. Xen does not ever swap to disc. However, individual guests can feel free to configure their own swap file or partition, and performing swapping themselves to/from their real memory allocation. -- Keir
On Thu, Nov 13, 2003 at 07:24:25PM +0000, Keir Fraser wrote:> > Bottom line: get enough RAM for each domain (domain0 + virtuals) > > to share, but the limit will be ~2GB. When high memory support > > is added, I understand the limit will be 4GB total (since that''s > > all the domain0 can address). So, for a new system, 4GB would > > be the max that Xen can effectively utilize in the immediate future. > > We are unlikely to support more than 4GB total memory on x86. Instead > we may port Xen to a 64-bit architecture such as Opteron. > > Adding 4GB high-memory support to Linux shouldn''t be that hard. Lack > of this support is why currently you can''t give a domain more than > 800MB. We plan to fix this soon. > > > Or maybe I''m wrong - I''m still trying to learn all this stuff. > > How, or whether, Xen is able to utilize swap space is not clear > > to me. But my advice is to consider everything to operate > > in "real" mode (i.e., no swap at all) -- it''s a good way of > > having enough memory, even if swapping is available. > > When you specify the memory parameter for a new domain, you are > specifying a precise allocation of real memory. Xen does not ever swap > to disc. However, individual guests can feel free to configure their > own swap file or partition, and performing swapping themselves to/from > their real memory allocation.Just to clarify: Do you mean that domain0 can never swap, also? Or, are only the virtual domains unable to swap? My system seems to *think* that domain0 can swap, using the partitions specified in /etc/fstab: $ cat /proc/swaps Filename Type Size Used Priority /dev/sda3 partition 1855496 1764 42 /dev/sdb2 partition 1855496 1768 42 The virtual domains do not have any swap devices allocated. -- Greg ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! apachecon.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/xen-devel
> Just to clarify: Do you mean that domain0 can never swap, also? Or, > are only the virtual domains unable to swap? My system seems to > *think* that domain0 can swap, using the partitions specified in > /etc/fstab: > > $ cat /proc/swaps > Filename Type Size Used Priority > /dev/sda3 partition 1855496 1764 42 > /dev/sdb2 partition 1855496 1768 42 > > The virtual domains do not have any swap devices allocated.All domains, including domain 0, can swap. Your distinction between domain 0 and virtual domains is bogus. Domain 0 is no less ''virtual'' than any other domain. All domains execute over Xen using the same execution interface. The difference is that Domain 0 gets acess to an extra control interface allowing it to access arbitrary memory, create new domain, and so on. I''m not sure where the confusion crept in --- one possibility is that you''re aware of the VMware ESX server architecture. In that instance the controlling ''console OS'' executes directly on the hardware, in contrast with the virtual guest OSes. This is very different from the Xen & domain-0 architceture. -- Keir ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! apachecon.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/xen-devel
Gregory Newby wrote: [..]]> > > Just to clarify: Do you mean that domain0 can never swap, also? Or, > are only the virtual domains unable to swap? My system seems toXenoLinux can swap. This is true for domain == 0 or domain != 0. Regards, Nuno Silva ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! apachecon.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/xen-devel