Something happen to the Xen list?
I was knee deep in a couple of threads and the list up and disappeared on me:)
jlc
Joseph L. Casale wrote:
Something happen to the Xen list?
I was knee deep in a couple of threads and the list up and disappeared on me:)
Yeah, it's offline for me too :-(
I posted that one night the whole xen.org domain disappeared from DNS. If that is in fact what happened then I might presume that they are experiencing DNS problems and their MX records or mail servers got hosed...
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Ross S. W. Walker wrote on Wed, 16 Apr 2008 10:38:20 -0400:
Yeah, it's offline for me too
their archives at http://lists.xensource.com/archives/html/xen-users/2008-04/index.htm end with the same message I got via mail as the last one. The mailing lists may be either dead or their bounce checker accidentally unsubscribed everyone when they had thos network problems. Maybe they haven't recognized yet. Let's see if I can mail someone.
Kai
Joseph L. Casale wrote:
Something happen to the Xen list?
I was knee deep in a couple of threads and the list up and disappeared on me:)
I emailed Stephen over at Xen/Citrix about the issue and this is what he sent back:
------- Ross:
The UK team told me that they are working on the server but I have not heard anything since this morning when I got in. I am not exactly sure what the problem is but they are working on it...
-----Original Message----- From: Ross S. W. Walker [mailto:rwalker@medallion.com] Sent: Wednesday, April 16, 2008 12:52 PM To: Stephen Spector Subject: RE: [Xen-users] Is Xen.org offline?
Stephen,
It looks like the mailing lists are down. I nor have people on the centos-virt lists received anything since yesterday around 3pm EDT.
Did that one little hiccup turn into a bigger problem?
-Ross -------
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
I emailed Stephen over at Xen/Citrix about the issue and this is what he sent back:
You must have ESP... I was just thinking about this! I had to can my current project and use something else as I just couldn't make any headway! I am only left with two small issues in 3.2 where I cant get the pciback working or a simple bridge setup :(
I wonder what happened...
Thanks for the update! jlc
Joseph L. Casale wrote:
I emailed Stephen over at Xen/Citrix about the issue and this is what he sent back:
You must have ESP... I was just thinking about this! I had to can my current project and use something else as I just couldn't make any headway! I am only left with two small issues in 3.2 where I cant get the pciback working or a simple bridge setup :(
I wonder what happened...
If I had to bet on it, I'd say DNS given that the DNS records disappeared briefly over a past weekend, but it could have been total server failure.
What's your pciback/bridging issue(s) maybe I can help.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
What's your pciback/bridging issue(s) maybe I can help.
-Ross
I would be more grateful then you can imagine:) As far as the pci stuff goes I have to get home and dig my notes out (based on your help from before), likely you'll spot my blunder once I iterate all I have done.
As far as the bonding issue goes, I am stuck on the following scenario:
I have two physical nics. I want the first setup like it would by default when using Xen3.2, it creates a bridge "eth0" and gets renamed to peth0 (That's good). I connect all my guests "Lan" nic to the vifs associated to this bridge.
I want the other nic to be in a bridge, but not have any ip or connectivity outside the bridge especially to the host. It will plug into a DSL modem and a vif associated to this bridge will be the red interface on a Linux firewall (Lab only environment). My custom bridge script is as follows:
#!/bin/sh dir=$(dirname "$0") "$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=eth0 "$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=eth1 "$dir/network-bridge" "$@" vifnum=2 netdev=dummy0 bridge=eth3 #Test lan
This is working, but how do I make sure the isolation is as I expect? Give the nic (eth1) an IP of 0.0.0.0? Is that very secure? I had an ip for testing although the nic wasn't plugged into a switch, when I did an ifconfig I didn't see the eth1/peth1 untill I did an ifconfig -a? Was that because of the media sense? Also, dummy0 is just a test lan for isolation so hosts can only see themselves. How could I also make sure packets never see the host?
Thanks! jlc
(Now to find another Linux firewall appliance as I was using pfSense and it doesnt play nice with Xen)
Joseph L. Casale wrote:
What's your pciback/bridging issue(s) maybe I can help.
-Ross
I would be more grateful then you can imagine:) As far as the pci stuff goes I have to get home and dig my notes out (based on your help from before), likely you'll spot my blunder once I iterate all I have done.
As far as the bonding issue goes, I am stuck on the following scenario:
I have two physical nics. I want the first setup like it would by default when using Xen3.2, it creates a bridge "eth0" and gets renamed to peth0 (That's good). I connect all my guests "Lan" nic to the vifs associated to this bridge.
Ok, so we'll leave that NIC as-is.
I want the other nic to be in a bridge, but not have any ip or connectivity outside the bridge especially to the host. It will plug into a DSL modem and a vif associated to this bridge will be the red interface on a Linux firewall (Lab only environment). My custom bridge script is as follows:
#!/bin/sh dir=$(dirname "$0") "$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=eth0 "$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=eth1 "$dir/network-bridge" "$@" vifnum=2 netdev=dummy0 bridge=eth3 #Test lan
This is working, but how do I make sure the isolation is as I expect? Give the nic (eth1) an IP of 0.0.0.0? Is that very secure? I had an ip for testing although the nic wasn't plugged into a switch, when I did an ifconfig I didn't see the eth1/peth1 untill I did an ifconfig -a? Was that because of the media sense? Also, dummy0 is just a test lan for isolation so hosts can only see themselves. How could I also make sure packets never see the host?
What happens if you just remove the ifcfg file for this interface? What does Xen do with it? What if you have an ifcfg file, but setup no IP address on it?
Of course you can pass the NIC through to the PVM which I suspect is what you are thinking of doing.
(Now to find another Linux firewall appliance as I was using pfSense and it doesnt play nice with Xen)
There is shorewall which is in the repo. Or maybe smoothwall can run inside a PVM?
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
What happens if you just remove the ifcfg file for this interface? What does Xen do with it? What if you have an ifcfg file, but setup no IP address on it?
Bear with me Ross, my Linux skills are new :) Won't CentOS create the ifcfg on the fly when it boots (I think thats what happens, I may have tried and I wont have acess to the box untill tonight). I will check into these points.
Of course you can pass the NIC through to the PVM which I suspect is what you are thinking of doing.
Yup, so I hoped to make that work (I imagine its most secure)! Somehting is wrong with the way I am blocking it, I don't what though yet! I tried to compile from source to make the menuconfig change and I cant make that work... Can you set the pciback option in the srpm's build routine somehow? I have no issues making the srpm.
There is shorewall which is in the repo. Or maybe smoothwall can run inside a PVM?
Thats good to know, I will check both out!
Thanks! jlc
Joseph L. Casale wrote:
What happens if you just remove the ifcfg file for this interface? What does Xen do with it? What if you have an ifcfg file, but setup no IP address on it?
Bear with me Ross, my Linux skills are new :) Won't CentOS create the ifcfg on the fly when it boots (I think thats what happens, I may have tried and I wont have acess to the box untill tonight). I will check into these points.
I don't think so. It creates these on installation, but doesn't auto-gen them afterwards. NetworkManager may do so, but you should disable NetworkManager with Xen or bad things will happen.
I would just create an ifcfg with no IP address and that should work.
Of course you can pass the NIC through to the PVM which I suspect is what you are thinking of doing.
Yup, so I hoped to make that work (I imagine its most secure)! Somehting is wrong with the way I am blocking it, I don't what though yet! I tried to compile from source to make the menuconfig change and I cant make that work... Can you set the pciback option in the srpm's build routine somehow? I have no issues making the srpm.
There's no need for a custom kernel, all the CentOS Xen kernels include pciback and pcifront support, and most other distros pre-compiled Xen kernels do too.
There is shorewall which is in the repo. Or maybe smoothwall can run inside a PVM?
Thats good to know, I will check both out!
Just about any firewall package that installs as a service to the distribution rather then a complete distribution on it's own should work in a PVM.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
you should disable NetworkManager with Xen or bad things will happen.
NetworkMangler is only installed with Gnome right? I did a minimal install without Gnome.
I would just create an ifcfg with no IP address and that should work.
Ok, I will try that if I cant get the pass through to work.
There's no need for a custom kernel, all the CentOS Xen kernels include pciback and pcifront support, and most other distros pre-compiled Xen kernels do too.
Well, I assumed it wasn't as dmesg says unknown kernel option passed when I stick the line into grub.conf? The syntax was righty out of xen doc's and similar to all I found when searching the net. I also tried unpacking the srpm and looking at it to see if I could spot anything which might lead me to believe it was turned on by default but I couldn't figure out where to look, you're sure the srpm has this option on?
Thanks again so much for all the help! jlc
Joseph L. Casale wrote:
you should disable NetworkManager with Xen or bad things will happen.
NetworkMangler is only installed with Gnome right? I did a minimal install without Gnome.
Check I think it's include in the 'core' group.
I would just create an ifcfg with no IP address and that should work.
Ok, I will try that if I cant get the pass through to work.
There's no need for a custom kernel, all the CentOS Xen kernels include pciback and pcifront support, and most other distros pre-compiled Xen kernels do too.
Well, I assumed it wasn't as dmesg says unknown kernel option passed when I stick the line into grub.conf? The syntax was righty out of xen doc's and similar to all I found when searching the net. I also tried unpacking the srpm and looking at it to see if I could spot anything which might lead me to believe it was turned on by default but I couldn't figure out where to look, you're sure the srpm has this option on?
It's no longer statically compiled, but as a module, so you need to define the options in /etc/modprobe.conf and if you need it to seize the device early you need to make an initrd that grabs it before all else otherwise you need a little modprobe trick.
Here's an example using my sound card.
/etc/modprobe.conf: options pciback hide=(00:10.1) # If you aren't preloading pciback in the initrd uncomment the next line #install snd-hda-intel /usr/sbin/modprobe pciback; /sbin/modprobe --first-time --ignore-install snd-hda-intel
To preload pciback in initrd:
# mkinitrd -f --preload=pciback /etc/initrd-$(uname -r).img $(uname -r)
That should do it.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Ross S. W. Walker wrote:
Joseph L. Casale wrote:
you should disable NetworkManager with Xen or bad things will happen.
NetworkMangler is only installed with Gnome right? I did a minimal install without Gnome.
Check I think it's include in the 'core' group.
I would just create an ifcfg with no IP address and that should work.
Ok, I will try that if I cant get the pass through to work.
There's no need for a custom kernel, all the CentOS Xen kernels include pciback and pcifront support, and most other distros pre-compiled Xen kernels do too.
Well, I assumed it wasn't as dmesg says unknown kernel option passed when I stick the line into grub.conf? The syntax was righty out of xen doc's and similar to all I found when searching the net. I also tried unpacking the srpm and looking at it to see if I could spot anything which might lead me to believe it was turned on by default but I couldn't figure out where to look, you're sure the srpm has this option on?
It's no longer statically compiled, but as a module, so you need to define the options in /etc/modprobe.conf and if you need it to seize the device early you need to make an initrd that grabs it before all else otherwise you need a little modprobe trick.
Here's an example using my sound card.
/etc/modprobe.conf: options pciback hide=(00:10.1) # If you aren't preloading pciback in the initrd uncomment the next line #install snd-hda-intel /usr/sbin/modprobe pciback; /sbin/modprobe --first-time --ignore-install snd-hda-intel
To preload pciback in initrd:
# mkinitrd -f --preload=pciback /etc/initrd-$(uname -r).img $(uname -r)
That should do it.
Actually a better way to preload pciback that will work across kernel updates:
Create a file in /etc/sysconfig/mkinitrd called pciback.
The contents should be 1 line: PREMODS="$PREMODS pciback"
Then it should preload pciback first on all mkinitrds.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Here's an example using my sound card.
/etc/modprobe.conf: options pciback hide=(00:10.1) # If you aren't preloading pciback in the initrd uncomment the next line #install snd-hda-intel /usr/sbin/modprobe pciback; /sbin/modprobe --first-time --ignore-install snd-hda-intel
To preload pciback in initrd:
# mkinitrd -f --preload=pciback /etc/initrd-$(uname -r).img $(uname -r)
That should do it.
Ok, this is where I got messed up (No grub line :)). I originally had the rpmforge sk98ln rpm installed to make this realtek nic work before I tried this, then using this procedure which I followed to a "t" didn't mask the device from Dom0? It loaded the driver and setup the nic? I know I had the pci slot number right. I thought the initrd was wrong, so I looked through grub and looked at what it loaded, then checked the timestamp of the one I made with that command and it was consistent? I assume something still wasn't right with my mkinitrd, it completed with zero verbosity, mayeb I should try to use -v and see what happens.
Any ideas?
Thanks! jlc
Joseph L. Casale wrote:
I have two physical nics. I want the first setup like it would by default when using Xen3.2, it creates a bridge "eth0" and gets renamed to peth0 (That's good). I connect all my guests "Lan" nic to the vifs associated to this bridge.
I want the other nic to be in a bridge, but not have any ip or connectivity outside the bridge especially to the host. It will plug into a DSL modem and a vif associated to this bridge will be the red interface on a Linux firewall (Lab only environment). My custom bridge script is as follows:
Why would you dedicate a physical interface to something that that isn't doing any real physical (sending something over a wire outside of the virtual world) work? You don't need a physical interface for a bridge. Just create an ifcfg-br123 or whatever. If you don't plan on using eth1 for anything, maybe create bond0 with eth0 and eth1 for some redundancy.
Christopher G. Stach II wrote:
Joseph L. Casale wrote:
I want the other nic to be in a bridge, but not have any ip or connectivity outside the bridge especially to the host. It will plug into a DSL modem and a vif associated to this bridge will be the red interface on a Linux firewall (Lab only environment). My custom bridge script is as follows:
Why would you dedicate a physical interface to something that that isn't doing any real physical (sending something over a wire outside of the virtual world) work? You don't need a physical interface for a bridge. Just create an ifcfg-br123 or whatever. If you don't plan on using eth1 for anything, maybe create bond0 with eth0 and eth1 for some redundancy.
Sorry, ignore that. My sleepy brain didn't register the bit about the DSL modem. :P
-
Christopher G. Stach II -
Joseph L. Casale -
Kai Schaetzl -
Ross S. W. Walker