Xen users - Nov 2010 - Kernel upgrade in domU

Hello,

I administrate a lot of xen servers with some linux virtual machines
(paravirtualized), and I''ve some operational problems (costs) to mass
upgrade kernel version in domU''s.

In a linux server farm (non virtualized servers), the kernel upgrade is
trivial, fast and automatized. I simple schedule in my cfengine server, to
run "yum update kernel -y && reboot" in all servers.

In a virtualized linux server farm, it''s a hard work to upgrade kernel,
when
needed. First of all, I use cfengine to update kernel-xen package, but after
that I''ve a lot of manual steps that the Operations Department runs:

- Shutdown all virtual machines of xen server X;
- Upgrade kernel and ramdisk of all instances (for example,
/xen/hosts/user/i-xxxxx/kernel and /xen/hosts/user/i-xxxxx/ramdisk))
- Upgrade kernel version of dom0
- Reboot dom0

The problem is that I''ve almost 300 virtual servers, and when we need
to
upgrade kernel, operations department spend some days to do that.

My question is if this is the best approach to mass upgrade kernel or if
exists some tool that I can use to speed up this process?

Any advice is welcome!!

Regards,

Guilherme


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, Nov 17, 2010 at 12:02 AM, Guilherme E.J.
<guilherme.e@gmail.com>wrote:
> Hello,
>
> I administrate a lot of xen servers with some linux virtual machines
> (paravirtualized), and I''ve some operational problems (costs) to
mass
> upgrade kernel version in domU''s.
>
> In a linux server farm (non virtualized servers), the kernel upgrade is
> trivial, fast and automatized. I simple schedule in my cfengine server, to
> run "yum update kernel -y && reboot" in all servers.
>
> In a virtualized linux server farm, it''s a hard work to upgrade
kernel,
> when needed. First of all, I use cfengine to update kernel-xen package, but
> after that I''ve a lot of manual steps that the Operations
Department runs:
>
> - Shutdown all virtual machines of xen server X;
> - Upgrade kernel and ramdisk of all instances (for example,
> /xen/hosts/user/i-xxxxx/kernel and /xen/hosts/user/i-xxxxx/ramdisk))
> - Upgrade kernel version of dom0
> - Reboot dom0
>
> The problem is that I''ve almost 300 virtual servers, and when we
need to
> upgrade kernel, operations department spend some days to do that.
>
>
That''s because you''re making it harder then it should be.

First of all, if you use pygrub/pv-grub, kernel and ramdisk images reside
within domU. So you could ssh (or schedule it with cfengine or whatever) to
each domU/instace and run what you usually do on physical machines (changing
the kernel package name) : "yum update kernel-xen -y &&
reboot". No
additional steps required to upgrade a domU. That way you can do a rolling
upgrade and reboot domU''s one by one instead of having to shutdown
everything before upgrading.

Second, dom0 should be a minimal installation, with management interface
located on private, secure network. In that setup, it should be "safe
enough" not having to update the kernel package for dom0 everytime a
bug/security fix comes out. So you should be able to schedule dom0 kernel
upgrade/reboot (for example) once every six month.

Third, if you really can''t affor reboots but can afford monthly
subscription, you might want to look at ksplice: http://www.ksplice.com/,
http://www.ksplice.com/uptrack/supported-kernels

-- 
Fajar


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Tks, Fajar!

I''m new on xen, and I wouldn''t know pygrub. Really I was
making it harder
then it should be. ;)

Guilherme



On Tue, Nov 16, 2010 at 3:20 PM, Fajar A. Nugraha <list@fajar.net> wrote:
>
> On Wed, Nov 17, 2010 at 12:02 AM, Guilherme E.J.
<guilherme.e@gmail.com>wrote:
>
>> Hello,
>>
>> I administrate a lot of xen servers with some linux virtual machines
>> (paravirtualized), and I''ve some operational problems (costs)
to mass
>> upgrade kernel version in domU''s.
>>
>> In a linux server farm (non virtualized servers), the kernel upgrade is
>> trivial, fast and automatized. I simple schedule in my cfengine server,
to
>> run "yum update kernel -y && reboot" in all servers.
>>
>> In a virtualized linux server farm, it''s a hard work to
upgrade kernel,
>> when needed. First of all, I use cfengine to update kernel-xen package,
but
>> after that I''ve a lot of manual steps that the Operations
Department runs:
>>
>> - Shutdown all virtual machines of xen server X;
>> - Upgrade kernel and ramdisk of all instances (for example,
>> /xen/hosts/user/i-xxxxx/kernel and /xen/hosts/user/i-xxxxx/ramdisk))
>> - Upgrade kernel version of dom0
>> - Reboot dom0
>>
>> The problem is that I''ve almost 300 virtual servers, and when
we need to
>> upgrade kernel, operations department spend some days to do that.
>>
>>
> That''s because you''re making it harder then it should be.
>
> First of all, if you use pygrub/pv-grub, kernel and ramdisk images reside
> within domU. So you could ssh (or schedule it with cfengine or whatever) to
> each domU/instace and run what you usually do on physical machines
(changing
> the kernel package name) : "yum update kernel-xen -y &&
reboot". No
> additional steps required to upgrade a domU. That way you can do a rolling
> upgrade and reboot domU''s one by one instead of having to shutdown
> everything before upgrading.
>
> Second, dom0 should be a minimal installation, with management interface
> located on private, secure network. In that setup, it should be "safe
> enough" not having to update the kernel package for dom0 everytime a
> bug/security fix comes out. So you should be able to schedule dom0 kernel
> upgrade/reboot (for example) once every six month.
>
> Third, if you really can''t affor reboots but can afford monthly
> subscription, you might want to look at ksplice: http://www.ksplice.com/,
> http://www.ksplice.com/uptrack/supported-kernels
>
> --
> Fajar
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi List,

I am also using pygrub, it''s nice.
But I don''t works together with drbd and automatic live migration; only
with
phy devices.

pygrub an drbd/xen intrgartion would be nice.

Best,
Mike

2010/11/16 Guilherme E.J. <guilherme.e@gmail.com>
> Tks, Fajar!
>
> I''m new on xen, and I wouldn''t know pygrub. Really I was
making it harder
> then it should be. ;)
>
> Guilherme
>
>
>
> On Tue, Nov 16, 2010 at 3:20 PM, Fajar A. Nugraha <list@fajar.net>
wrote:
>
>>
>> On Wed, Nov 17, 2010 at 12:02 AM, Guilherme E.J.
<guilherme.e@gmail.com>wrote:
>>
>>> Hello,
>>>
>>> I administrate a lot of xen servers with some linux virtual
machines
>>> (paravirtualized), and I''ve some operational problems
(costs) to mass
>>> upgrade kernel version in domU''s.
>>>
>>> In a linux server farm (non virtualized servers), the kernel
upgrade is
>>> trivial, fast and automatized. I simple schedule in my cfengine
server, to
>>> run "yum update kernel -y && reboot" in all
servers.
>>>
>>> In a virtualized linux server farm, it''s a hard work to
upgrade kernel,
>>> when needed. First of all, I use cfengine to update kernel-xen
package, but
>>> after that I''ve a lot of manual steps that the Operations
Department runs:
>>>
>>> - Shutdown all virtual machines of xen server X;
>>> - Upgrade kernel and ramdisk of all instances (for example,
>>> /xen/hosts/user/i-xxxxx/kernel and
/xen/hosts/user/i-xxxxx/ramdisk))
>>> - Upgrade kernel version of dom0
>>> - Reboot dom0
>>>
>>> The problem is that I''ve almost 300 virtual servers, and
when we need to
>>> upgrade kernel, operations department spend some days to do that.
>>>
>>>
>> That''s because you''re making it harder then it should
be.
>>
>> First of all, if you use pygrub/pv-grub, kernel and ramdisk images
reside
>> within domU. So you could ssh (or schedule it with cfengine or
whatever) to
>> each domU/instace and run what you usually do on physical machines
(changing
>> the kernel package name) : "yum update kernel-xen -y &&
reboot". No
>> additional steps required to upgrade a domU. That way you can do a
rolling
>> upgrade and reboot domU''s one by one instead of having to
shutdown
>> everything before upgrading.
>>
>> Second, dom0 should be a minimal installation, with management
interface
>> located on private, secure network. In that setup, it should be
"safe
>> enough" not having to update the kernel package for dom0 everytime
a
>> bug/security fix comes out. So you should be able to schedule dom0
kernel
>> upgrade/reboot (for example) once every six month.
>>
>> Third, if you really can''t affor reboots but can afford
monthly
>> subscription, you might want to look at ksplice:
http://www.ksplice.com/
>> , http://www.ksplice.com/uptrack/supported-kernels
>>
>> --
>> Fajar
>>
>>
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@lists.xensource.com
>> http://lists.xensource.com/xen-users
>>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users