Xen devel - Apr 2007 - Should Qemu monitor be enabled by default

Hi Christian,

We noticed you removed the Qemu''s default monitor & serial console
in changeset 14609. As we didn''t use qemu serial console frequently and
also has "xm console", it can be removed. But for qemu monitor, I
think we''d better to keep it by default, it is because it has become
the important function of HVM.

1. We have to use monitor to switch CD-ROM files. This is significant when
installation with multi CDs.
2. We need to use monitor to send the short combined keys to HVM (e.g.
ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn''t
dropped" feature of HVM. :)

So, how about adding it back? 

Best Regards,
Yongkang (Kangkang) 永康

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Christian and Daniel, 

I have read the original discussion about the security purpose concern for
removing the ioemu monitor. For the CD-ROM configuration, if we only give
''r'' readonly permission to hdc:cdrom device, user can not
write to the file directly.

For example:
disk = [ ''file:/var/image1,hda,w'',
''file:/var/boot.iso,hdc:cdrom,r'' ]

Best Regards,
Yongkang (Kangkang) 永康
>-----Original Message-----
>From: xen-devel-bounces@lists.xensource.com
>[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of You,
>Yongkang
>Sent: 2007年4月10日 11:36
>To: Christian Limpach
>Cc: xen-devel@lists.xensource.com
>Subject: [Xen-devel] Should Qemu monitor be enabled by default
>
>Hi Christian,
>
>We noticed you removed the Qemu''s default monitor & serial
console in
>changeset 14609. As we didn''t use qemu serial console frequently
and also
>has "xm console", it can be removed. But for qemu monitor, I think
we''d better
>to keep it by default, it is because it has become the important function of
>HVM.
>
>1. We have to use monitor to switch CD-ROM files. This is significant when
>installation with multi CDs.
>2. We need to use monitor to send the short combined keys to HVM (e.g.
>ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn''t
dropped" feature of HVM. :)
>
>So, how about adding it back?
>
>Best Regards,
>Yongkang (Kangkang) 永康
>
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

The right answer here is to plumb the qemu monitor interface into xend, and
provide a method for accessing the interesting monitor commands from xm.
It''s already assumed that an xm user is privileged. This also provides
a
more consistent administrator experience: requiring to issue some commands
directly at the qemu monitor interface is kinda cheesy.

 -- Keir

On 10/4/07 06:34, "You, Yongkang" <yongkang.you@intel.com>
wrote:
> Hi Christian and Daniel,
> 
> I have read the original discussion about the security purpose concern for
> removing the ioemu monitor. For the CD-ROM configuration, if we only give
''r''
> readonly permission to hdc:cdrom device, user can not write to the file
> directly.
> 
> For example:
> disk = [ ''file:/var/image1,hda,w'',
''file:/var/boot.iso,hdc:cdrom,r'' ]
> 
> Best Regards,
> Yongkang (Kangkang) 永康
> 
>> -----Original Message-----
>> From: xen-devel-bounces@lists.xensource.com
>> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of You,
>> Yongkang
>> Sent: 2007年4月10日 11:36
>> To: Christian Limpach
>> Cc: xen-devel@lists.xensource.com
>> Subject: [Xen-devel] Should Qemu monitor be enabled by default
>> 
>> Hi Christian,
>> 
>> We noticed you removed the Qemu''s default monitor & serial
console in
>> changeset 14609. As we didn''t use qemu serial console
frequently and also
>> has "xm console", it can be removed. But for qemu monitor, I
think we''d
>> better
>> to keep it by default, it is because it has become the important
function of
>> HVM.
>> 
>> 1. We have to use monitor to switch CD-ROM files. This is significant
when
>> installation with multi CDs.
>> 2. We need to use monitor to send the short combined keys to HVM (e.g.
>> ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn''t
dropped" feature of
>> HVM. :)
>> 
>> So, how about adding it back?
>> 
>> Best Regards,
>> Yongkang (Kangkang) 永康
>> 
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/10/07, You, Yongkang <yongkang.you@intel.com>
wrote:
> We noticed you removed the Qemu''s default monitor & serial
console in changeset 14609. As we didn''t use qemu serial console
frequently and also has "xm console", it can be removed. But for qemu
monitor, I think we''d better to keep it by default, it is because it
has become the important function of HVM.
>
> 1. We have to use monitor to switch CD-ROM files. This is significant when
installation with multi CDs.
> 2. We need to use monitor to send the short combined keys to HVM (e.g.
ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn''t
dropped" feature of HVM. :)
>
> So, how about adding it back?
Well, we can''t change the default back, because that would not be
secure.

There''s xm block-configure which lets you switch CD-ROM files.

And there''s a few things which could be done to further improve things:
- plumb through the monitor option to the domain config file and the
xend config file
- fix xm console so it can connect to the monitor pty
- add an xm send-key command

   christian

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

So many thanks for Keir and Christian''s reply. 
>
>There''s xm block-configure which lets you switch CD-ROM files.
>
>And there''s a few things which could be done to further improve
things:
Did you have any plan for this? :)
>- plumb through the monitor option to the domain config file and the
>xend config file
>- fix xm console so it can connect to the monitor pty
The xm console is to connect HVM serial console. Will it be changed to
get monitor pty? 
>- add an xm send-key command
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/10/07, You, Yongkang <yongkang.you@intel.com>
wrote:
> >- plumb through the monitor option to the domain config file and the
> >xend config file
> >- fix xm console so it can connect to the monitor pty
>
> The xm console is to connect HVM serial console. Will it be changed to
> get monitor pty?
I was thinking it would be neat if you could specify which pty to
connect to.  qemu already writes the information about all the pty''s
it creates into xenstore (/local/domain/<id>/monitor/tty).  Right now
xm console always connects you to the tty at console/tty, it would be
great to have an option to let you connect to the monitor or
additional serial/parallel ports instead.

    christian

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi all.

On our team side, we would like to resuem the Qemu''s monitor and
serial console as YongKang-san remarks.

For HVM domain, we need Qemu''s monitor to install guest''s OS
from 　　
multi CDs.

We not make sure that xm block-configure supports to switch CD-ROMs
using latest unstable code.

We would like to keep the Qemu''s monitor and serial console until
xm block-configure works well.


Thank you.                                      Nishi
　
>On 4/10/07, You, Yongkang <yongkang.you@intel.com> wrote:
>> We noticed you removed the Qemu''s default monitor & serial
console in
>> changeset 14609. As we didn''t use qemu serial console
frequently and also
>>  has "xm console", it can be removed. But for qemu monitor, I
think we''d
>> better to keep it by default, it is because it has become the important
>> function of HVM.
>>
>> 1. We have to use monitor to switch CD-ROM files. This is significant 
>> when installation with multi CDs.
>> 2. We need to use monitor to send the short combined keys to HVM (e.g. 
>> ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn''t
dropped" feature
>> of HVM. :)
>>
>> So, how about adding it back?
>
>Well, we can''t change the default back, because that would not be
secure.
>
>There''s xm block-configure which lets you switch CD-ROM files.
>
>And there''s a few things which could be done to further improve
things:
>- plumb through the monitor option to the domain config file and the
>xend config file
>- fix xm console so it can connect to the monitor pty
>- add an xm send-key command
>
>   christian
>
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi, Christian

  Your suggested xm block-configure cannot solve this problem.
(to switch the CDROM from guest Domain.)

Please explain how to do this.

If not, suggested patch should revert it 
until xm block-configure works.

Thanks
Atsushi SAKAI

> There''s xm block-configure which lets you switch CD-ROM files.



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com>
wrote:
>  Your suggested xm block-configure cannot solve this problem.
> (to switch the CDROM from guest Domain.)
>
> Please explain how to do this.
xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
where hdd is a cdrom which was configured at boot time
('',hdd:cdrom,r''
in the disk list, doesn''t need to be empty, but it can).
> If not, suggested patch should revert it
> until xm block-configure works.
Making the monitor option configurable from the config file is really
not that hard, since there''s plenty of other options which you can set
in the config file and which result in options getting added to the
qemu command line.  The serial option is a good example of how to do
this.

    christian

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi, christian

Thank you for consider config file option for domHVM.

Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
(not file(file:))

Thanks
Atsushi SAKAI

"Christian Limpach" <christian.limpach@gmail.com> wrote:
> On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> >  Your suggested xm block-configure cannot solve this problem.
> > (to switch the CDROM from guest Domain.)
> >
> > Please explain how to do this.
> 
> xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
> where hdd is a cdrom which was configured at boot time
('',hdd:cdrom,r''
> in the disk list, doesn''t need to be empty, but it can).
> 
> > If not, suggested patch should revert it
> > until xm block-configure works.
> 
> Making the monitor option configurable from the config file is really
> not that hard, since there''s plenty of other options which you can
set
> in the config file and which result in options getting added to the
> qemu command line.  The serial option is a good example of how to do
> this.
> 
>     christian
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi, christian

Note In add,

I am not succeed xm block-configure for physical devices(CDROM)
 at Fedora7test3.

Thanks
Atsushi SAKAI


Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> Hi, christian
> 
> Thank you for consider config file option for domHVM.
> 
> Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
> (not file(file:))
> 
> Thanks
> Atsushi SAKAI
> 
> "Christian Limpach" <christian.limpach@gmail.com> wrote:
> 
> > On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> > >  Your suggested xm block-configure cannot solve this problem.
> > > (to switch the CDROM from guest Domain.)
> > >
> > > Please explain how to do this.
> > 
> > xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
> > where hdd is a cdrom which was configured at boot time
('',hdd:cdrom,r''
> > in the disk list, doesn''t need to be empty, but it can).
> > 
> > > If not, suggested patch should revert it
> > > until xm block-configure works.
> > 
> > Making the monitor option configurable from the config file is really
> > not that hard, since there''s plenty of other options which
you can set
> > in the config file and which result in options getting added to the
> > qemu command line.  The serial option is a good example of how to do
> > this.
> > 
> >     christian
> > 
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com>
wrote:
> Thank you for consider config file option for domHVM.
I was hoping that you or one of the other people who are so desperate
for getting access to the monitor back was going to create a patch...
> Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
> (not file(file:))
Works for me.

    christian
>
> Thanks
> Atsushi SAKAI
>
> "Christian Limpach" <christian.limpach@gmail.com> wrote:
>
> > On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> > >  Your suggested xm block-configure cannot solve this problem.
> > > (to switch the CDROM from guest Domain.)
> > >
> > > Please explain how to do this.
> >
> > xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
> > where hdd is a cdrom which was configured at boot time
('',hdd:cdrom,r''
> > in the disk list, doesn''t need to be empty, but it can).
> >
> > > If not, suggested patch should revert it
> > > until xm block-configure works.
> >
> > Making the monitor option configurable from the config file is really
> > not that hard, since there''s plenty of other options which
you can set
> > in the config file and which result in options getting added to the
> > qemu command line.  The serial option is a good example of how to do
> > this.
> >
> >     christian
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Christian,

We worked out a simple patch and tried it well. Please apply. 

Best Regards,
Yongkang (Kangkang) 永康
>-----Original Message-----
>From: Christian Limpach [mailto:christian.limpach@gmail.com]
>Sent: 2007年4月11日 20:11
>To: Atsushi SAKAI
>Cc: xen-devel@lists.xensource.com; You, Yongkang; Christian Limpach
>Subject: Re: [Xen-devel] Should Qemu monitor be enabled by default
>
>On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
>> Thank you for consider config file option for domHVM.
>
>I was hoping that you or one of the other people who are so desperate
>for getting access to the monitor back was going to create a patch...
>
>> Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
>> (not file(file:))
>
>Works for me.
>
>    christian
>
>>
>> Thanks
>> Atsushi SAKAI
>>
>> "Christian Limpach" <christian.limpach@gmail.com>
wrote:
>>
>> > On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
>> > >  Your suggested xm block-configure cannot solve this problem.
>> > > (to switch the CDROM from guest Domain.)
>> > >
>> > > Please explain how to do this.
>> >
>> > xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom
r
>> > where hdd is a cdrom which was configured at boot time
('',hdd:cdrom,r''
>> > in the disk list, doesn''t need to be empty, but it can).
>> >
>> > > If not, suggested patch should revert it
>> > > until xm block-configure works.
>> >
>> > Making the monitor option configurable from the config file is
really
>> > not that hard, since there''s plenty of other options
which you can set
>> > in the config file and which result in options getting added to
the
>> > qemu command line.  The serial option is a good example of how to
do
>> > this.
>> >
>> >     christian
>> >
>> > _______________________________________________
>> > Xen-devel mailing list
>> > Xen-devel@lists.xensource.com
>> > http://lists.xensource.com/xen-devel
>>
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Thu, Apr 12, 2007 at 02:40:23PM +0800, You, Yongkang
wrote:
> Hi Christian,
> 
> We worked out a simple patch and tried it well. Please apply. 
This part of the patch does not look correct:

-- a/tools/python/xen/xend/image.py	Thu Apr 12 13:18:08 2007 +0100
+++ b/tools/python/xen/xend/image.py	Thu Apr 12 13:21:26 2007 +0100
@@ -415,6 +415,8 @@ class HVMImageHandler(ImageHandler):
         else:
             ret.append(''-nographic'')
 
+        if
int(vmConfig[''platform''].get(''monitor'', 0))
!= 0:
+            ret.append(''-monitor vc'')
         return ret
 
     def createDeviceModel(self, restore = False):

The ''-monitor vc'' is already the default for QEMU, so both
branches of
that if end up reducing to the same functional state - the monitor being
enabled. You need to explicitly disable the monitor if the config file 
has monitor=0

I''m not sure this patch is a good idea long term though. If, as Anthony
suggests in previous thread, XenD takes control of the monitor and provides
an explicit ''xm monitor'' command, then it''ll be
impossible to also make
the monitor also appear on a VC. 

This also doesn''t address the issue that making the monitor appear on a
VC is fundamentally a security risk and so can never be enabled in any
production environment where you care about integrity of the Dom0 host. 
I don''t see the point in introducing a config file setting which will 
have to go away once a sustainable ''xm monitor'' patch is
implemented.

For the timescales involved in 3.0.5 I think we should instead make sure
that ''xm block-configure'' works correctly.

Dan
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Daniel,
>The ''-monitor vc'' is already the default for QEMU, so both
branches of
>that if end up reducing to the same functional state - the monitor being
>enabled. You need to explicitly disable the monitor if the config file
>has monitor=0
Aha. Thanks for checking the patch. It is a typo. In the attachment patch, I
have changed the monitor default value to 0.
>
>I''m not sure this patch is a good idea long term though. If, as
Anthony
>suggests in previous thread, XenD takes control of the monitor and provides
>an explicit ''xm monitor'' command, then it''ll be
impossible to also make
>the monitor also appear on a VC.
Yes. It is not a long term solution like previous discussion. But 3.0.5 is near,
we had better to use the interim method.
>
>This also doesn''t address the issue that making the monitor appear
on a
>VC is fundamentally a security risk and so can never be enabled in any
>production environment where you care about integrity of the Dom0 host.
>I don''t see the point in introducing a config file setting which
will
>have to go away once a sustainable ''xm monitor'' patch is
implemented.
>
>For the timescales involved in 3.0.5 I think we should instead make sure
>that ''xm block-configure'' works correctly.
Yes. I agree it has potential security issue. But from the original concern
email, I just knew the cdrom option would cause possible normal user to write
file as root privilege. But actually if we could assign
''readonly'' permission for cdrom option, nobody could write the
system file. But still have read permission security issue.

Well, users are familiar with Qemu Monitor for a long time. And although we can
use xm command to change the CD-ROM file, we hardly switch HVM console to ttyN
or call HVM by "ctrl-alt-N" (monitor can send short keys to HVM). So
if simply remove Monitor function, it would also lose an important function of
HVM. IMHO, virtualization production would drop it. :) So we create such patch
to do a compromise workaround and let user to choose.

Best Regards,
Yongkang (Kangkang) 永康




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/12/07, Daniel P. Berrange <berrange@redhat.com>
wrote:
> This part of the patch does not look correct:
>
> -- a/tools/python/xen/xend/image.py     Thu Apr 12 13:18:08 2007 +0100
> +++ b/tools/python/xen/xend/image.py    Thu Apr 12 13:21:26 2007 +0100
> @@ -415,6 +415,8 @@ class HVMImageHandler(ImageHandler):
>          else:
>              ret.append(''-nographic'')
>
> +        if
int(vmConfig[''platform''].get(''monitor'', 0))
!= 0:
> +            ret.append(''-monitor vc'')
>          return ret
>
>      def createDeviceModel(self, restore = False):
>
> The ''-monitor vc'' is already the default for QEMU, so
both branches of
> that if end up reducing to the same functional state - the monitor being
> enabled. You need to explicitly disable the monitor if the config file
> has monitor=0
No, the monitor in qemu is off by default, the patch is correct as is.
> I''m not sure this patch is a good idea long term though. If, as
Anthony
> suggests in previous thread, XenD takes control of the monitor and provides
> an explicit ''xm monitor'' command, then it''ll be
impossible to also make
> the monitor also appear on a VC.
>
> This also doesn''t address the issue that making the monitor appear
on a
> VC is fundamentally a security risk and so can never be enabled in any
> production environment where you care about integrity of the Dom0 host.
> I don''t see the point in introducing a config file setting which
will
> have to go away once a sustainable ''xm monitor'' patch is
implemented.
Why shouldn''t both co-exist?  You can have either monitor=pty or
monitor=vc.  This is how serial ports work already.
> For the timescales involved in 3.0.5 I think we should instead make sure
> that ''xm block-configure'' works correctly.
How does it not work correctly?

     christian

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Thu, Apr 12, 2007 at 09:40:26PM +0100, Christian Limpach
wrote:
> On 4/12/07, Daniel P. Berrange <berrange@redhat.com> wrote:
> >This part of the patch does not look correct:
> >
> >-- a/tools/python/xen/xend/image.py     Thu Apr 12 13:18:08 2007 +0100
> >+++ b/tools/python/xen/xend/image.py    Thu Apr 12 13:21:26 2007 +0100
> >@@ -415,6 +415,8 @@ class HVMImageHandler(ImageHandler):
> >         else:
> >             ret.append(''-nographic'')
> >
> >+        if
int(vmConfig[''platform''].get(''monitor'', 0))
!= 0:
> >+            ret.append(''-monitor vc'')
> >         return ret
> >
> >     def createDeviceModel(self, restore = False):
> >
> >The ''-monitor vc'' is already the default for QEMU, so
both branches of
> >that if end up reducing to the same functional state - the monitor
being
> >enabled. You need to explicitly disable the monitor if the config file
> >has monitor=0
> 
> No, the monitor in qemu is off by default, the patch is correct as is.
Is that a recent Xen-specific change to QEMU ? The regular QEMU has always 
had the monitor on by default - and its on by default in Xen 3.0.3/4 :

  http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC10

 "-monitor dev
    Redirect the monitor to host device dev (same devices as the serial port). 
    The default device is vc in graphical mode and stdio in non graphical
mode."
> >I''m not sure this patch is a good idea long term though. If,
as Anthony
> >suggests in previous thread, XenD takes control of the monitor and
provides
> >an explicit ''xm monitor'' command, then it''ll
be impossible to also make
> >the monitor also appear on a VC.
> >
> >This also doesn''t address the issue that making the monitor
appear on a
> >VC is fundamentally a security risk and so can never be enabled in any
> >production environment where you care about integrity of the Dom0 host.
> >I don''t see the point in introducing a config file setting
which will
> >have to go away once a sustainable ''xm monitor'' patch
is implemented.
> 
> Why shouldn''t both co-exist?  You can have either monitor=pty or
> monitor=vc.  This is how serial ports work already.
What I mean is that if we wanted to implement a ''xm monitor''
command,
then XenD would need to launch QEMU with ''-monitor pty'' (or
equivalent)
at which point you''d be unable to also have ''-monitor
vc'' on the same
command line.
> >For the timescales involved in 3.0.5 I think we should instead make
sure
> >that ''xm block-configure'' works correctly.
> 
> How does it not work correctly?
I''ve not had any trouble with it myself, but I''ve not tested
it much.
I was refering to the earlier mail in this thread

http://lists.xensource.com/archives/html/xen-devel/2007-04/msg00222.html

where Nishi indicated his motivation for wanting access to the monitor
via a VC was that block-configure wasn''t reliable. 

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/12/07, Christian Limpach <christian.limpach@gmail.com>
wrote:
> Why shouldn''t both co-exist?  You can have either monitor=pty or
> monitor=vc.  This is how serial ports work already.
Actually, the patch is quite bad in this regard -- the monitor option
should not take an integer but a string, so that the monitor option
works like the serial option.

     christian

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 4/12/07, Daniel P. Berrange <berrange@redhat.com>
wrote:
> > No, the monitor in qemu is off by default, the patch is correct as is.
>
> Is that a recent Xen-specific change to QEMU ? The regular QEMU has always
> had the monitor on by default - and its on by default in Xen 3.0.3/4 :
Yes it is.  The default is not suitable.
> > Why shouldn''t both co-exist?  You can have either monitor=pty
or
> > monitor=vc.  This is how serial ports work already.
>
> What I mean is that if we wanted to implement a ''xm
monitor'' command,
> then XenD would need to launch QEMU with ''-monitor pty''
(or equivalent)
> at which point you''d be unable to also have ''-monitor
vc'' on the same
> command line.
Which is why the monitor option should take a string, it can then
default to whatever is useable for "xm monitor".  "xm
monitor" should
imho be xm console with an option to make it connect to the monitor
pty.
> I''ve not had any trouble with it myself, but I''ve not
tested it much.
> I was refering to the earlier mail in this thread
>
> http://lists.xensource.com/archives/html/xen-devel/2007-04/msg00222.html
>
> where Nishi indicated his motivation for wanting access to the monitor
> via a VC was that block-configure wasn''t reliable.
You should have read the replies as well, before making claims that
something doesn''t work.

    christian

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Thu, Apr 12, 2007 at 10:00:45PM +0100, Christian Limpach
wrote:
> >What I mean is that if we wanted to implement a ''xm
monitor'' command,
> >then XenD would need to launch QEMU with ''-monitor
pty'' (or equivalent)
> >at which point you''d be unable to also have ''-monitor
vc'' on the same
> >command line.
> 
> Which is why the monitor option should take a string, it can then
> default to whatever is useable for "xm monitor".  "xm
monitor" should
> imho be xm console with an option to make it connect to the monitor
> pty.
Yes, that would work pretty well - and shouldn''t require much code at
all - ''xm monitor'' impl would pretty much be identical to that
for the
existing ''xm console'' code, merely looking up a different PTY
path in
XenStored.
> >I''ve not had any trouble with it myself, but I''ve not
tested it much.
> >I was refering to the earlier mail in this thread
> >
>
>http://lists.xensource.com/archives/html/xen-devel/2007-04/msg00222.html
> >
> >where Nishi indicated his motivation for wanting access to the monitor
> >via a VC was that block-configure wasn''t reliable.
> 
> You should have read the replies as well, before making claims that
> something doesn''t work.
Sorry, that''s cleared things up.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel