Hi Everyone, As some of you are aware, I''m a very security paranoid person. I guess this is a good way to be :) Anyway, is the 3.4.x branch of Xen still "supported"? By supported, I mean are security and bug fixes still being developed? Or is everything moving to 4.0? I''ve set up some Xen infrastructure using Xen 3.4.2 (due to upgrade to 3.4.3 in a couple of weeks) to host VPSs to customers, and everything seems rock solid. There was quite a bit of flakyness with 4.0 in my experience. Just trying to guage if whether I should revisit 4.0 for future server installations if the VPS hosting business needs to grow Thanks _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 11:15 +0100, Jonathan Tripathy wrote:> Anyway, is the 3.4.x branch of Xen still "supported"?Supported by whom? Certainly, if you are running a distro that is vendor-supported or based on one that is (e.g. RHEL or CentOS), then the vendor is still supporting it. In particular, Xen 3.4.x is still supported by Red Hat on RHEL 5, and therefore it is also supported in CentOS 5. This kind of "support" will typically mean that they backport security fixes and really serious bug fixes, but they don''t add new features. So the answer to your question may depend on what distro you are running Xen under. --Greg _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 11:15 +0100, Jonathan Tripathy wrote:> Anyway, is the 3.4.x branch of Xen still "supported"?Supported by whom? Certainly, if you are running a distro that is vendor-supported or based on one that is (e.g. RHEL or CentOS), then the vendor is still supporting it. In particular, Xen 3.4.x is still supported by Red Hat on RHEL 5, and therefore it is also supported in CentOS 5. This kind of "support" will typically mean that they backport security fixes and really serious bug fixes, but they don''t add new features. So the answer to your question may depend on what distro you are running Xen under. --Greg ---------------------------------------------------------------------------------------------------------------------- Hi Greg, My Dom0 is CentOS 5.5. I just want to ensure that security fixes (I''m happy with the current feature set) will still be released (for both kernel and Xen). How long left do you think it is safe to stick with the current system? Also, I had to get my Xen version from Gitco, as the version that came with CentOS 5.5 was 3.0.x (I think - might be 3.1.x). So I don''t think I''m even using Red Hat''s backports (I''m using their kernel though) Thanks _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Jul 20, 2010 at 06:12:45AM -0600, Greg Woods wrote:> On Tue, 2010-07-20 at 11:15 +0100, Jonathan Tripathy wrote: > > > Anyway, is the 3.4.x branch of Xen still "supported"? > > Supported by whom? Certainly, if you are running a distro that is > vendor-supported or based on one that is (e.g. RHEL or CentOS), then the > vendor is still supporting it. In particular, Xen 3.4.x is still > supported by Red Hat on RHEL 5, and therefore it is also supported in > CentOS 5. This kind of "support" will typically mean that they backport > security fixes and really serious bug fixes, but they don''t add new > features. >Uhm, no. Xen 3.4.x is NOT supported on RHEL5/CentOS5 !! RHEL5/CentOS5 includes Xen hypervisor 3.1.2 (+a lot of patches by Redhat and from newer Xen versions). That''s the version that is supported by Redhat in RHEL5. I believe xen.org is planning to release at least Xen 3.4.4 until 3.4 branch is ''forgotten''. See: http://xenbits.xen.org/xen-3.4-testing.hg "6 weeks ago: Update Xen version to 3.4.4-rc1-pre". Xen 4.0 branch is at Xen 4.0.1-rc4 atm, which fixes a lot of issues after Xen 4.0.0: http://xenbits.xen.org/xen-4.0-testing.hg -- Pasi> So the answer to your question may depend on what distro you are running > Xen under. > > --Greg > > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Jul 20, 2010 at 01:14:02PM +0100, Jonathan Tripathy wrote:> > Hi Greg, > > My Dom0 is CentOS 5.5. I just want to ensure that security fixes (I''m > happy with the current feature set) will still be released (for both > kernel and Xen). How long left do you think it is safe to stick with the > current system? > > Also, I had to get my Xen version from Gitco, as the version that came > with CentOS 5.5 was 3.0.x (I think - might be 3.1.x). So I don''t think I''m > even using Red Hat''s backports (I''m using their kernel though) >Well check Redhat''s website for RHEL5 lifecycle. Iirc RHEL5 is supported until 2014. And then there are special support contracts available after that, for even longer support. Xen hypervisor in RHEL5/CentOS5 is 3.1.2 (+patches), but the Xen tools are 3.0.3 based. -- Pasi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Uhm, no. Xen 3.4.x is NOT supported on RHEL5/CentOS5 !! RHEL5/CentOS5 includes Xen hypervisor 3.1.2 (+a lot of patches by Redhat and from newer Xen versions). That''s the version that is supported by Redhat in RHEL5. I believe xen.org is planning to release at least Xen 3.4.4 until 3.4 branch is ''forgotten''. See: http://xenbits.xen.org/xen-3.4-testing.hg "6 weeks ago: Update Xen version to 3.4.4-rc1-pre". ------------------------------------------------------------------------------------------------------------------------------ Ah, so at the minute, I''m currently getting my kernel security fixes from RedHat, but getting my Xen security fixes from Gitco. This sound ok (Security wise)? The reason why I didn''t stick with the 3.1.2 version is becuase FreeBSD (My pfsense DomU firewall) won''t boot in this version. Of course, I''ll use Xen 4.x once I get a testbed running nice and stable. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 15:41 +0300, Pasi Kärkkäinen wrote:> > Xen 3.4.x is NOT supported on RHEL5/CentOS5 !!Pasi is correct, what I see on my CentOS 5.5 boxes is 3.0.3 (plus patches and fixes from Red Hat). --Greg _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Uhm, no. Xen 3.4.x is NOT supported on RHEL5/CentOS5 !! RHEL5/CentOS5 includes Xen hypervisor 3.1.2 (+a lot of patches by Redhat and from newer Xen versions). That''s the version that is supported by Redhat in RHEL5. I believe xen.org is planning to release at least Xen 3.4.4 until 3.4 branch is ''forgotten''. See: http://xenbits.xen.org/xen-3.4-testing.hg "6 weeks ago: Update Xen version to 3.4.4-rc1-pre". ------------------------------------------------------------------------------------------------------------------------------ Ah, so at the minute, I''m currently getting my kernel security fixes from RedHat, but getting my Xen security fixes from Gitco. This sound ok (Security wise)? The reason why I didn''t stick with the 3.1.2 version is becuase FreeBSD (My pfsense DomU firewall) won''t boot in this version. Of course, I''ll use Xen 4.x once I get a testbed running nice and stable. ------------------------------------------------------------------------------------ Or would it be better if I got my kernel from kernel.org? Or maybe the Red Hat version of Xen (3.1.x) is safer than 3.4.3 from Gitco? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 13:43 +0100, Jonathan Tripathy wrote:> >> This sound ok (Security wise)? The reason why I didn''t stick with the > 3.1.2 version is becuase FreeBSD (My pfsense DomU firewall) won''t boot > in this version.I got OpenBSD to install under the default 3.0.3 Xen on CentOS 5, but I had to do some googling and use a different network driver than the default in order to get it to install and boot. --Greg _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 15:41 +0300, Pasi Kärkkäinen wrote:> > Xen 3.4.x is NOT supported on RHEL5/CentOS5 !!Pasi is correct, what I see on my CentOS 5.5 boxes is 3.0.3 (plus patches and fixes from Red Hat). ------------------------------------------------------------------------------------------------- And is this safer than using 3.4.3 from Gitco? I''m pretty set on using the RHEL kernel though (As it''s rock solid) _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 15:01 +0100, Jonathan Tripathy wrote:>> what I see on my CentOS 5.5 boxes is 3.0.3 (plus > patches and fixes from Red Hat). > > ------------------------------------------------------------------------------------------------- > > And is this safer than using 3.4.3 from Gitco?I never heard of Gitco so I have no way of knowing. I trust Red Hat to keep security fixes in place and to keep Xen working as long as they have committed to support RHEL 5 (at least another 4 years), and I trust the CentOS people to bring those fixes forward as long as Red Hat keeps producing them. My experience is that this normally happens in a fairly timely manner, but that is by my definition of "timely" which is based on our risk factors here which are bound to be different than yours. You will have to decide for yourself whether you trust Gitco to do the same. You seem to be looking for someone to say "this way is better", but it likely won''t happen. You have to evaluate it based on your own needs and experience. --Greg _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
________________________________ From: Greg Woods [mailto:woods@ucar.edu] Sent: Tue 20/07/2010 15:08 To: Jonathan Tripathy Cc: Xen-users@lists.xensource.com Subject: RE: [Xen-users] Xen branches On Tue, 2010-07-20 at 15:01 +0100, Jonathan Tripathy wrote:>> what I see on my CentOS 5.5 boxes is 3.0.3 (plus > patches and fixes from Red Hat). > > ------------------------------------------------------------------------------------------------- > > And is this safer than using 3.4.3 from Gitco?I never heard of Gitco so I have no way of knowing. I trust Red Hat to keep security fixes in place and to keep Xen working as long as they have committed to support RHEL 5 (at least another 4 years), and I trust the CentOS people to bring those fixes forward as long as Red Hat keeps producing them. My experience is that this normally happens in a fairly timely manner, but that is by my definition of "timely" which is based on our risk factors here which are bound to be different than yours. You will have to decide for yourself whether you trust Gitco to do the same. You seem to be looking for someone to say "this way is better", but it likely won''t happen. You have to evaluate it based on your own needs and experience. --Greg -------------------------------------------------------------------------------------------------------- What I am trying to understand is the patch release cycle for the different versions of Xen. I know for a fact that the versions from Gitco are simply RPMs built directly from xen.org. So what I am asking, is that are the Red Hat versions of Xen more "up-to-date", regarding security fixes, than the source directly from xen.org? Or maybe Red Hat commit their fixes to xen.org as well, so their patches eventually end up in the xen.org version? Thanks _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
What I am trying to understand is the patch release cycle for the different versions of Xen. I know for a fact that the versions from Gitco are simply RPMs built directly from xen.org. So what I am asking, is that are the Red Hat versions of Xen more "up-to-date", regarding security fixes, than the source directly from xen.org? Or maybe Red Hat commit their fixes to xen.org as well, so their patches eventually end up in the xen.org version? Thanks ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Do you think the above question would be better asked on xen-devel? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2010-07-20 at 15:10 +0100, Jonathan Tripathy wrote:> what I am asking, is that are the Red Hat versions of Xen more > "up-to-date", regarding security fixes, than the source directly from > xen.org?The answer is likely to be "it depends". Knowing only as an outsider how Red Hat operates, I would guess that patches flow in both directions. Red Hat may develop fixes for problems reported by their customers, and if they do, I am sure they work with upstream providers to get needed fixes incorporated. I am sure they also keep up to date on announced fixes from the upstream providers and backport the important ones to their versions. But without a detailed analysis it would be impossible for me to say which is better overall in terms of getting the most fixes the fastest. My general rule is that as long as I am running a distro derived from one that is supported by Red Hat for their paying customers, I just track what Red Hat does because it is the easiest and it is good enough for my needs. I then don''t have to worry about whether the version of Xen that I am running is going to be compatible with everything else on the system. But I''m certainly not going to claim that Red Hat''s versions of Xen are "more up to date" with fixes than those from xen.org. --Greg _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Jul 20, 2010 at 07:56:49AM -0600, Greg Woods wrote:> On Tue, 2010-07-20 at 15:41 +0300, Pasi Kärkkäinen wrote: > > > > > Xen 3.4.x is NOT supported on RHEL5/CentOS5 !! > > Pasi is correct, what I see on my CentOS 5.5 boxes is 3.0.3 (plus > patches and fixes from Red Hat). >The *tools* are 3.0.3 based, but the Xen hypervisor itself is 3.1.2 based. You can verify that from "xm info" (xen major/minor/extra) and "xm dmesg". Xen Hypervisor in RHEL5 is included in the kernel-xen rpms. -- Pasi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users