Andrew White
2010-Nov-20 04:38 UTC
[Xen-users] Automatically provisioning IP addresses on a new VM
Hi all, I was wondering if anyone could point me in the right direction. I know there are plenty of VPS hosting companies out there who use Xen who provide you with a VPS "available in 5 minutes" - meaning you can SSH or RDP to it in 5 minutes. Obviously there must be some type of mechanism that allows them to automatically assign an IP to a HVM based VM. Some type of mechanism to automatically provision this in all flavours of Linux they offer, along with Win2k3 and Win2k8. Can anyone point me to a way of doing this? I''ve been looking through the API docs, but all metrics are read only. Thanks in advance! Andrew White _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
James Harper
2010-Nov-20 04:50 UTC
RE: [Xen-users] Automatically provisioning IP addresses on a new VM
> > I know there are plenty of VPS hosting companies out there who use Xenwho> provide you with a VPS "available in 5 minutes" - meaning you can SSHor RDP> to it in 5 minutes. > > Obviously there must be some type of mechanism that allows them to > automatically assign an IP to a HVM based VM. Some type of mechanismto> automatically provision this in all flavours of Linux they offer,along with> Win2k3 and Win2k8. >For Windows I suppose they could use a pre-setup image with the appropriate ini/xml file. Or the PV drivers could do it. GPLPV could probably be made to do this with a bit of userspace (or kernel?) trickery - read the IP settings from xenstore (the kernel interface is there to do this but not the userspace tools) and use netsh or some other tool to configure each adapter. Kernel is probably better as it can happen earlier in the boot and can''t be overridden as easily. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
James Harper
2010-Nov-20 04:53 UTC
RE: [Xen-users] Automatically provisioning IP addresses on a new VM
> Hi all, > > I was wondering if anyone could point me in the right direction. > > I know there are plenty of VPS hosting companies out there who use Xenwho> provide you with a VPS "available in 5 minutes" - meaning you can SSHor RDP> to it in 5 minutes. > > Obviously there must be some type of mechanism that allows them to > automatically assign an IP to a HVM based VM. Some type of mechanismto> automatically provision this in all flavours of Linux they offer,along with> Win2k3 and Win2k8. > > Can anyone point me to a way of doing this? I''ve been looking throughthe API> docs, but all metrics are read only. >Further to my last email, DHCP in Dom0 could also do this easily. And Dom0 anti-spoofing could ensure that if you change the IP address manually the worst thing that would happen is that your DomU just wouldn''t have network connectivity anymore. There probably aren''t many situations where DHCP wouldn''t be the right solution. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Andrew White
2010-Nov-20 14:26 UTC
Re: [Xen-users] Automatically provisioning IP addresses on a new VM
Hi James, Thanks for getting back so promptly! Nice to see other Aussies on here :). DHCP does sound like a good solution if you can make sure the only IP gotten back is the one allowed on this VM. Would you be able to elaborate on dom0 anti-spoofing? Are you referring to a specific mechanism that already exists, or setting up a routing script to ensure the correct IP is only allowed on the correct interface? If it''s the later, I suppose this could be done via iptables? Sorry, I''m good with my programming, but my networking knowledge isn''t that strong! Thanks :) Andrew On Sat, Nov 20, 2010 at 3:53 PM, James Harper <james.harper@bendigoit.com.au> wrote:> > Hi all, > > > > I was wondering if anyone could point me in the right direction. > > > > I know there are plenty of VPS hosting companies out there who use Xen > who > > provide you with a VPS "available in 5 minutes" - meaning you can SSH > or RDP > > to it in 5 minutes. > > > > Obviously there must be some type of mechanism that allows them to > > automatically assign an IP to a HVM based VM. Some type of mechanism > to > > automatically provision this in all flavours of Linux they offer, > along with > > Win2k3 and Win2k8. > > > > Can anyone point me to a way of doing this? I''ve been looking through > the API > > docs, but all metrics are read only. > > > > Further to my last email, DHCP in Dom0 could also do this easily. And > Dom0 anti-spoofing could ensure that if you change the IP address > manually the worst thing that would happen is that your DomU just > wouldn''t have network connectivity anymore. > > There probably aren''t many situations where DHCP wouldn''t be the right > solution. > > James > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Javier Guerra Giraldez
2010-Nov-20 15:41 UTC
Re: [Xen-users] Automatically provisioning IP addresses on a new VM
On Sat, Nov 20, 2010 at 9:26 AM, Andrew White <admin@uberskilled.com> wrote:> Would you be able to elaborate on dom0 anti-spoofing?simply add a netfilter rule to allow only packets with the intended IP source coming from the vif -- Javier _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
George Shuklin
2010-Nov-20 23:06 UTC
Re: [Xen-users] Automatically provisioning IP addresses on a new VM
В Сбт, 20/11/2010 в 10:41 -0500, Javier Guerra Giraldez пишет:> On Sat, Nov 20, 2010 at 9:26 AM, Andrew White <admin@uberskilled.com> wrote: > > Would you be able to elaborate on dom0 anti-spoofing? > > simply add a netfilter rule to allow only packets with the intended IP > source coming from the vifAnd, migration? And reboot? I think, creating correct VM tracking system is not so easy as sound... _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
James Harper
2010-Nov-20 23:22 UTC
RE: [Xen-users] Automatically provisioning IP addresses on a new VM
> > В Сбт, 20/11/2010 в 10:41 -0500, Javier Guerra Giraldez пишет: > > On Sat, Nov 20, 2010 at 9:26 AM, Andrew White <admin@uberskilled.com> wrote: > > > Would you be able to elaborate on dom0 anti-spoofing? > > > > simply add a netfilter rule to allow only packets with the intended IP > > source coming from the vif > > And, migration? And reboot? > > I think, creating correct VM tracking system is not so easy as sound... >You'd script it in the vif scripts, which I think is already done for MAC address spoofing. Even if you decided on some other method than DHCP, your DomU's are still untrusted so you still need to restrict at the vif level. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Dustin Henning
2010-Nov-22 15:07 UTC
RE: [Xen-users] Automatically provisioning IP addresses on a new VM
Couldn''t it be even simpler? Couldn''t these providers have one or two spare DomUs for each OS configured and available, making only the assignment process automated (if even it is)? I''m not saying that''s how they do it, but 5 minutes seems like an awfully quick deployment for something that doesn''t already exist (I would think copying the image could take longer than that unless it was pretty basic). Dustin -----Original Message----- From: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of James Harper Sent: Friday, November 19, 2010 23:51 To: Andrew White; xen-users@lists.xensource.com Subject: RE: [Xen-users] Automatically provisioning IP addresses on a new VM> > I know there are plenty of VPS hosting companies out there who use Xenwho> provide you with a VPS "available in 5 minutes" - meaning you can SSHor RDP> to it in 5 minutes. > > Obviously there must be some type of mechanism that allows them to > automatically assign an IP to a HVM based VM. Some type of mechanismto> automatically provision this in all flavours of Linux they offer,along with> Win2k3 and Win2k8. >For Windows I suppose they could use a pre-setup image with the appropriate ini/xml file. Or the PV drivers could do it. GPLPV could probably be made to do this with a bit of userspace (or kernel?) trickery - read the IP settings from xenstore (the kernel interface is there to do this but not the userspace tools) and use netsh or some other tool to configure each adapter. Kernel is probably better as it can happen earlier in the boot and can''t be overridden as easily. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Simon Hobson
2010-Nov-22 15:47 UTC
RE: [Xen-users] Automatically provisioning IP addresses on a new VM
Dustin Henning wrote:> Couldn''t it be even simpler? Couldn''t these providers have one or >two spare DomUs for each OS configured and available, making only the >assignment process automated (if even it is)? I''m not saying that''s how >they do it, but 5 minutes seems like an awfully quick deployment for >something that doesn''t already exist (I would think copying the image could >take longer than that unless it was pretty basic).It''s common to use a COW (Copy on Write) file for this sort of thing. You might have (say) a 5GB base file, but initially the customers file will be negligible in size. Once the customer starts modifying the filesystem, then his file starts growing accordingly - but anything not updated will still not take up any space. Long term, each customers file will keep growing, but it will probably still share some parts in common with the original. Apart from the space saving, the main advantage is that you can make large files (ie telmplate filesystems) available without the time required to actually copy all the data. One way to see something similar very easily is to boot up a Knoppix disk. That uses unionfs to combine the read-only contents of the CD/DVD with the writable space of an in memory filesystem (tempfs IIRC). It''s different since it works at the file level, but the principal is the same and you get to see what looks like a large writable filesystem, while nearly all of it is in fact on read-only medium. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Dustin Henning
2010-Nov-22 16:09 UTC
RE: [Xen-users] Automatically provisioning IP addresses on a new VM
Thanks. I''m not the OP, and the OP was asking about IP addresses. Even in this scenario, I would still think it might be common to have spare VMs set up (using said negligible disk space) and ready for the next customer, it would certainly make more sense than DHCP for some scenarios, but that doesn''t mean there isn''t some easy way to perform the functionalities the OP was asking about either, perhaps there is. Dustin -----Original Message----- From: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Simon Hobson Sent: Monday, November 22, 2010 10:48 To: xen-users@lists.xensource.com Subject: RE: [Xen-users] Automatically provisioning IP addresses on a new VM Dustin Henning wrote:> Couldn''t it be even simpler? Couldn''t these providers have one or >two spare DomUs for each OS configured and available, making only the >assignment process automated (if even it is)? I''m not saying that''s how >they do it, but 5 minutes seems like an awfully quick deployment for >something that doesn''t already exist (I would think copying the image could >take longer than that unless it was pretty basic).It''s common to use a COW (Copy on Write) file for this sort of thing. You might have (say) a 5GB base file, but initially the customers file will be negligible in size. Once the customer starts modifying the filesystem, then his file starts growing accordingly - but anything not updated will still not take up any space. Long term, each customers file will keep growing, but it will probably still share some parts in common with the original. Apart from the space saving, the main advantage is that you can make large files (ie telmplate filesystems) available without the time required to actually copy all the data. One way to see something similar very easily is to boot up a Knoppix disk. That uses unionfs to combine the read-only contents of the CD/DVD with the writable space of an in memory filesystem (tempfs IIRC). It''s different since it works at the file level, but the principal is the same and you get to see what looks like a large writable filesystem, while nearly all of it is in fact on read-only medium. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users