<J.Witvliet@MINDEF.NL>
2009-Nov-17 15:09 UTC
[Xen-users] Services running in dom-0 vc dom-u
Hi all, A while a go, I was told that it is advisable to run as little as possible services in the dom-0. Is it safe / stable / advisable (whatever) to have these functions (nfs, smb, rsync, etc) in a dom-U ? Kind reagards, Hans Defensie/CDC/IVENT/Research en Innovation Centrum Ing J. (Hans) Witvliet Systeembeheer, CAcert-assurer T 0174-539053 mailto:j.witvliet@mindef.nl Coldenhovelaan 1, 3155RC Maasland, kamer A109 ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico''s verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Nov 17, 2009 at 10:09 PM, <J.Witvliet@mindef.nl> wrote:> Hi all, > > A while a go, I was told that it is advisable to run as little as possible > services in the dom-0. > Is it safe / stable / advisable (whatever) to have these functions (nfs, > smb, rsync, etc) in a dom-U ?short answer: yes. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
<J.Witvliet@MINDEF.NL>
2009-Nov-19 09:42 UTC
RE: [Xen-users] Services running in dom-0 vc dom-u
Hi Jan, On one of the systems connected to Internet (99.9999% of the systems are not here) is doing mirroring of gwdg.de. So my nfs-server (currently in dom-0) hosts the repo''s for SuSE, ubuntu, centos, fedora and *BSD. The real rsyncing is done in a dom-U, but i found, if i do not apply rate-limiting with rsync, it will destroy the dom-0, causing oopses and panics. When reported (both here and on the SuSE-list), i got the reply that i should not have done it in the first place. Other dom-u''s are http(s) servers, acting as installation-servers or VPN-end-points. So i could rebuild the lot, with the dom-0 doing only xen-stuf, and have the nfs-functionality transferred to a dom-U, but only if it solves anything, otherwise it''s a waste of time... Hans -----Original Message----- From: Jan Bakuwel [mailto:jan.bakuwel@gmail.com] Sent: Tuesday, November 17, 2009 9:25 PM To: Witvliet, J, CDC/IVENT/OPS/I&S/PLS/SMP/HRM/RP1 Subject: Re: [Xen-users] Services running in dom-0 vc dom-u Hi Hans, We''ve been running a few Xen servers with nfs, smb, ldap and imap/pop in dom0, while using domU''s for (Windows and Linux) desktop applications. Generally speaking this works well although we do occasionally experience NFS problems (dom0-domU). The rule of thumb indeed seems to be to avoid running much in dom0 so dom0 can concentrate on I/O. I think it depends on what you plan to do with dom0/domU. groet, Jan J.Witvliet@MINDEF.NL wrote:> > Hi all, > > A while a go, I was told that it is advisable to run as little as > possible services in the dom-0. > Is it safe / stable / advisable (whatever) to have these functions > (nfs, smb, rsync, etc) in a dom-U ? > > Kind reagards, Hans > > Defensie/CDC/IVENT/Research en Innovation Centrum Ing J. (Hans) > Witvliet Systeembeheer, CAcert-assurer > T 0174-539053 > _mailto:j.witvliet@mindef.nl_ > Coldenhovelaan 1, 3155RC Maasland, kamer A109 > > > ---------------------------------------------------------------------- > -- Dit bericht kan informatie bevatten die niet voor u is bestemd. > Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u > is toegezonden, wordt u verzocht dat aan de afzender te melden en het > bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor> schade, van welke aard ook, die verband houdt met risico''s verbonden > aan het elektronisch verzenden van berichten. > > This message may contain information that is not intended for you. If > you are not the addressee or if this message was sent to you by > mistake, you are requested to inform the sender and delete the > message. The State accepts no liability for damage of any kind > resulting from the risks inherent in the electronic transmission of > messages. > ---------------------------------------------------------------------- > -- > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hoi Hans,> On one of the systems connected to Internet (99.9999% of the systems are > not here) is doing mirroring of gwdg.de. > So my nfs-server (currently in dom-0) hosts the repo''s for SuSE, ubuntu, > centos, fedora and *BSD. > The real rsyncing is done in a dom-U, but i found, if i do not apply > rate-limiting with rsync, it will destroy the dom-0, causing oopses and > panics. >On another Xen server I''ve experienced domU hangs presumably due to dom0 not being able to process all I/O requests on time (dom0 continued to live happily though as did other less I/O intensive domU''s). The solution was to allocate CPUs more specifically (ie. pin them to either dom0 or domU and making sure dom0 has sufficient resources. I also applied CPU "weights" in that case. I''ve only seen kernel panics/oopses on a Xen server with an Adaptec Zero RAID controller. Removing the controller (and using software RAID) "fixed" that problem. It might help if you post specific Xen/kernel version on the list - I''m sure there are some (not me) folks here that know about possible issues with Xen versions / kernels and panics.> When reported (both here and on the SuSE-list), i got the reply that i > should not have done it in the first place. >Did the poster also say why you shouldn''t have done that in the first place?> Other dom-u''s are http(s) servers, acting as installation-servers or > VPN-end-points. > > So i could rebuild the lot, with the dom-0 doing only xen-stuf, and have > the nfs-functionality transferred to a dom-U, but only if it solves > anything, otherwise it''s a waste of time... >Good luck. Jan _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Fri, Nov 20, 2009 at 6:11 AM, Jan Bakuwel <jan.bakuwel@gmail.com> wrote:> Hoi Hans, > >> On one of the systems connected to Internet (99.9999% of the systems are >> not here) is doing mirroring of gwdg.de. >> So my nfs-server (currently in dom-0) hosts the repo''s for SuSE, ubuntu, >> centos, fedora and *BSD. >> The real rsyncing is done in a dom-U, but i found, if i do not apply >> rate-limiting with rsync, it will destroy the dom-0, causing oopses and >> panics.That is most definitely a bug.>> So i could rebuild the lot, with the dom-0 doing only xen-stuf, and have >> the nfs-functionality transferred to a dom-U, but only if it solves >> anything, otherwise it''s a waste of time...rsync, nfs, or other-programs with high I/O load should never cause dom0 to panic/oops. If you have time, I highly suggest using RHEL5.4 with it''s kernel 2.6.18 as dom0. It''s the most stable xen kernel for me so far. Moving nfs server to domU will help isolate the problem, since (at least) if it''s dead other domU can keep on running happily. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users