Hello community, here is the log from the commit of package xen checked in at Fri Apr 7 17:03:50 CEST 2006. -------- --- arch/i386/xen/xen.changes 2006-04-04 18:51:55.000000000 +0200 +++ xen/xen.changes 2006-04-07 01:34:26.000000000 +0200 @@ -1,0 +2,9 @@ +Thu Apr 6 09:59:03 MDT 2006 - ccoffing@novell.com + +- Update to hg 9590 (xen-3.0-testing tree; 3.0.2-rc). +- Fix type error in localtime patch for para (Bruce Rogers). +- Fix default localtime for full (Bruce Rogers). +- Fix path in mk-xen-resue-img.sh (#163622). +- Update README (pathnames, yast2-vm descriptions, terminology). + +------------------------------------------------------------------- Old: ---- xen-unstable-src.tar.bz2 New: ---- xen-3.0-testing-src.tar.bz2 xen-hvm-localtime.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.nSRykX/_old 2006-04-07 17:03:30.000000000 +0200 +++ /var/tmp/diff_new_pack.nSRykX/_new 2006-04-07 17:03:30.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package xen (Version 3.0.2_09514) +# spec file for package xen (Version 3.0.2_09590) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -14,18 +14,18 @@ BuildRequires: LibVNCServer SDL-devel autoconf automake bin86 dev86 glibc-devel-32bit latex2html libjpeg-devel libreiserfs-devel python-devel te_ams te_latex tetex transfig %define xvers 3.0 %define xvermaj 3 -%define changeset 09514 +%define changeset 09590 %define build_xmtest 0 %define with_pygrub 1 -%define xen_build_dir xen-unstable -Version: 3.0.2_09514 +%define xen_build_dir xen-3.0-testing +Version: 3.0.2_09590 Release: 1 License: GPL Group: System/Kernel Autoreqprov: on PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) -Source: xen-unstable-src.tar.bz2 +Source: xen-3.0-testing-src.tar.bz2 Source2: README.SuSE Source3: init.xend Source4: boot.xen @@ -58,6 +58,7 @@ Patch18: xen-no-dummy-nfs-ip.diff Patch19: xen-xendomains-defaults.diff Patch20: xen-localtime.diff +Patch21: xen-hvm-localtime.diff Patch49: xen-enable-hvm-debug.diff Patch50: xen-enable-debug Patch99: xen-poweroff.diff @@ -425,6 +426,7 @@ %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 #%patch49 -p1 XEN_EXTRAVERSION=%version-%release XEN_EXTRAVERSION=${XEN_EXTRAVERSION#%{xvers}} @@ -723,6 +725,12 @@ %{insserv_cleanup} %changelog -n xen +* Thu Apr 06 2006 - ccoffing@novell.com +- Update to hg 9590 (xen-3.0-testing tree; 3.0.2-rc). +- Fix type error in localtime patch for para (Bruce Rogers). +- Fix default localtime for full (Bruce Rogers). +- Fix path in mk-xen-resue-img.sh (#163622). +- Update README (pathnames, yast2-vm descriptions, terminology). * Tue Apr 04 2006 - garloff@suse.de - init script: Test for control_d in capabilities to determine dom0 rather than privcmd. ++++++ README.SuSE ++++++ --- arch/i386/xen/README.SuSE 2006-04-04 18:53:23.000000000 +0200 +++ xen/README.SuSE 2006-04-07 02:13:18.000000000 +0200 @@ -24,12 +24,13 @@ kernel-xen python xen + xen-libs xen-tools xen-tools-ioemu (Only required for hardware-assisted virtualization) xen-doc-* (Optional) - multipath-tools (Optional, to automate extraction of kernels via domUloader) tightvnc (Optional, to view fully-virtualized VMs) - yast2-vm (Optional, to facilitate creation of VMs) + yast2-vm (Optional, to facilitate creation and management of VMs) + multipath-tools (Required by yast2-vm, for domUloader) You then need to reboot your machine (after, perhaps, editing your bootloader configuration, as discussed below). Instead of booting a normal Linux kernel, @@ -176,8 +177,8 @@ name "rescue". To make it usable with Xen, copy it to the hard disk, loop mount it, remove the kernel modules, and copy your Xen-enabled kernel (and a selection of needed kernel modules) there. When done, umount it. To boot it, -use the configuration file /etc/xen/xen-rescue as a template and enter the -location of the image file as hda1. +use the configuration file /etc/xen/examples/xmexample.rescue as a template and +enter the location of the image file as hda1. There's a script mk-xen-rescue-img.sh in /usr/share/doc/packages/xen/ that automates the above steps. The use of this script is highly recommended. Run @@ -189,14 +190,15 @@ has most of what's needed to get started with networking. 2) YaST Virtual Machine Installation - a) Start YaST, and select "Software". - b) Select "Virtual Machine Installation (Xen)" - c) Adjust the VM configuration and click Next. - d) YaST will now create a configuration file for the VM, and create a disk - image. (The disk image, kernel, and ramdisk will exist in - /var/lib/xen/images, and a corresponding config file will exist in - /etc/xen.) The SUSE installation program will then run within the VM. - e) After installation is complete, + a) Start YaST, and select "System". + b) Select "Virtual Machine Management (Xen)". + c) Click "Add" to add a new virtual machine. + d) Adjust the VM configuration and click "Next". + e) YaST will now create a configuration file for the VM, and create a disk + image. The disk image will exist in /var/lib/xen/images, and a + corresponding config file will exist in /etc/xen/vm.) The operating + system's installation program will then run within the VM. + f) For SUSE VMs, you may want to configure some things in the VM: - manually configure networking (via "yast lan") - disable unneeded services (e.g., powersaved, hwclock, etc.) - optionally have a look at /usr/share/doc/packages/xen/boot.local.xenU @@ -204,8 +206,8 @@ 3) Reuse an existing installation You can use an existing installation (whether on a partition or disk) as the -root filesystem of a VM. If it is a Linux installation, it is advisable to -install kernel-xen in the partition so you have the matching kernel modules. +root filesystem of a VM. YaST can help create a configuration file to +boot the VM. Creating a Configuration File @@ -298,7 +300,6 @@ If you use the rescue images created by the above mentioned script, you'll have a boot script inside that parses the ip=.... boot parameter. You can set this parameter in the config file, and can have networking work automatically. -Edit the /etc/xen/xen-rescue config file accordingly. When using bridging, the eth0 in domain 0 device will be renamed to peth0 and its MAC address will be set to fe:ff:ff:ff:ff:ff and ARP will be disabled. @@ -307,7 +308,7 @@ to vif0.0 behind the scenes. Caveats: -- rcSuSEfirewall is not currently called from the xen networking scripts, but +- rcSuSEfirewall is not currently called from the Xen networking scripts, but implicitly started by the ifup call; it won't get restarted on starting additional domains. This issue may be addressed in a future update. @@ -326,35 +327,34 @@ It's not recommended to use ifplugd nor NetworkManager for managing the interfaces if you use bridging mode. Use routing with nat or proxy-arp in that case. You also need to do that in case you want to send out packets -on wireless; you can't bridge xen "ethernet" packets into 802.11 packets. +on wireless; you can't bridge Xen "ethernet" packets into 802.11 packets. Limitations ----------- -You can change the number of available CPUs per VM and the amount of -available memory in a running domain. This is done via hotplug-CPU and -hotplug-mem, so unlike in older versions of xen, free -m will really -report a lower amount of possible memory. Such changes work in domain0 -as well. - -When booting, Linux does reserve data structure etc. matching the amount -of (virtual) hardware found. This has the side-effect that you can't -grow the number of CPUs beyond what a (virtual) kernel has been booted -with. Nor can the amount of memory be grown beyond the initial value, so -you can trick domU Linux by passing the mem= boot parameter. - -Network and block devices are hotplugged as well; xen currently does not -offer a neat interface to change the configuration at runtime yet, though. - -The export of harddisk and partitions from files in Xen is handled via -the loopback driver; you can easily run out of those, as by default only -8 loopback devicesare supported. You can change this by inserting +You can change the number of available CPUs per VM and the amount of available +memory in a running domain. This is done via hotplug-CPU and hotplug-mem, so +unlike in older versions of Xen, "free -m" will really report a lower amount +of possible memory. Such changes work in domain 0 as well. + +When booting, Linux reserves data structures, etc., matching the amount of +(virtual) hardware found. This has the side-effect that you can't grow the +number of CPUs beyond what a (virtual) kernel has been booted with. Nor can +the amount of memory be grown beyond the initial value, so you can trick domU +Linux by passing the mem= boot parameter. + +Network and block devices are hotplugged as well; Xen currently does not offer +a neat interface to change the configuration at runtime yet, though. + +The export of harddisk and partitions from files in Xen is handled via the +loopback driver; you can easily run out of those, as by default only 8 +loopback devices are supported. You can change this by inserting options loop max_loop=64 -into /etc/modprobe.conf.local in dom0. +into /etc/modprobe.conf.local in domain 0. -Similarly, the netback driver comes up with 8 virtual network device -pairs (vif0.X - vethX); you can change this by placing the netloop's -nloopbacks=N parameter to the kernel/module. +Similarly, the netback driver comes up with 8 virtual network device pairs +(vif0.X - vethX); you can change this by placing the netloop's nloopbacks=N +parameter to the kernel/module. Thread-Local Storage @@ -383,33 +383,32 @@ Security -------- -dom0 has control over all domains. This means that care should be taken -to keep dom0 safe; ideally you strip dom0 down to only do as little -there as possible, preferably with no local users except for the system -administrator. Most commands in dom0 can only be performed as root, but -this protection scheme only has moderate security and might be defeated. -In case dom0 is compromised, all other domains are compromised as well. - -To allow relocation of VMs (migration), the receiving machine listens -on TCP port 8002; you might want to put firewall rules in place in dom0 -to restrict this to machines which you trust. You have some access control -in xend-config.sxp as well by tweaking the xend-relocation-hosts-allow -setting. Relocating VMs with sensitive date is not a good idea in -untrusted networks. +Domain 0 has control over all domains. This means that care should be taken to +keep domain 0 safe; ideally you strip it down to only do as little there as +possible, preferably with no local users except for the system +administrator. Most commands in domain 0 can only be performed as root, but +this protection scheme only has moderate security and might be defeated. In +case domain 0 is compromised, all other domains are compromised as well. + +To allow relocation of VMs (migration), the receiving machine listens on TCP +port 8002; you might want to put firewall rules in place in domain 0 to +restrict this to machines which you trust. You have some access control in +xend-config.sxp as well by tweaking the xend-relocation-hosts-allow +setting. Relocating VMs with sensitive data is not a good idea in untrusted +networks. -The memory protections for the domUs are effective; so far no way to break -out of a virtual machine is known. A VM is an effecitve jail. +The memory protections for the domUs are effective; so far no way to break out +of a virtual machine is known. A VM is an effecitve jail. Network Troubleshooting ----------------------- First ensure the VM server is configured correctly and can access the network. -For starting it's easiest to disable any firewall on the VM server, but -enable IP_FORWARD in /etc/sysconfig/sysctl (/proc/sys/net/ipv4/ip_forward). -If you want to enable SuSEfirewall2 with bridging, add xenbr0 to a device -class set FW_ROUTE and FW_ALLOW_CLASS_ROUTING. Watch the kernel reject -messages ... +For starting it's easiest to disable any firewall on the VM server, but enable +IP_FORWARD in /etc/sysconfig/sysctl (/proc/sys/net/ipv4/ip_forward). If you +want to enable SuSEfirewall2 with bridging, add xenbr0 to a device class set +FW_ROUTE and FW_ALLOW_CLASS_ROUTING. Watch the kernel reject messages ... Switch off ifplugd and NetworkManager. ++++++ mk-xen-rescue-img.sh ++++++ --- arch/i386/xen/mk-xen-rescue-img.sh 2006-04-04 18:54:05.000000000 +0200 +++ xen/mk-xen-rescue-img.sh 2006-04-06 21:59:09.000000000 +0200 @@ -233,7 +233,7 @@ if test "${DST:0:1}" != "/"; then DST="`pwd`/$DST" fi - cp -p /etc/xen/xmexample.rescue $CFGFILE + cp -p /etc/xen/examples/xmexample.rescue $CFGFILE sed -i "/^disk/s@^.*\$@disk = [ \'file:$DST,hda1,w\' ]@" $CFGFILE # These next two lines are only applicable if not using domUloader, # but try anyway. ++++++ xen-changeset.diff ++++++ --- /var/tmp/diff_new_pack.nSRykX/_old 2006-04-07 17:03:30.000000000 +0200 +++ /var/tmp/diff_new_pack.nSRykX/_new 2006-04-07 17:03:30.000000000 +0200 @@ -1,11 +1,11 @@ -Index: xen-unstable/xen/Makefile +Index: xen-3.0-testing/xen/Makefile =================================================================== ---- xen-unstable.orig/xen/Makefile -+++ xen-unstable/xen/Makefile +--- xen-3.0-testing.orig/xen/Makefile ++++ xen-3.0-testing/xen/Makefile @@ -7,6 +7,7 @@ INSTALL_DIR = $(INSTALL) -d -m0755 export XEN_VERSION = 3 export XEN_SUBVERSION = 0 - export XEN_EXTRAVERSION = -unstable + export XEN_EXTRAVERSION = .2 +export XEN_CHANGESET = unavailable export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) ++++++ xen-hvm-localtime.diff ++++++ Index: xen-3.0-testing/tools/ioemu/vl.c =================================================================== --- xen-3.0-testing.orig/tools/ioemu/vl.c +++ xen-3.0-testing/tools/ioemu/vl.c @@ -138,7 +138,7 @@ int adlib_enabled = 1; int gus_enabled = 1; int pci_enabled = 1; int prep_enabled = 0; -int rtc_utc = 0; +int rtc_utc = 1; int cirrus_vga_enabled = 1; int vga_accelerate = 1; int graphic_width = 800; ++++++ xen-localtime.diff ++++++ --- /var/tmp/diff_new_pack.nSRykX/_old 2006-04-07 17:03:30.000000000 +0200 +++ /var/tmp/diff_new_pack.nSRykX/_new 2006-04-07 17:03:30.000000000 +0200 @@ -81,7 +81,7 @@ ('bootloader', str), ('bootentry', str), ('root', str), -+ ('localtime', str), ++ ('localtime', int), ] ROUNDTRIPPING_CONFIG_ENTRIES += VM_CONFIG_PARAMS @@ -90,7 +90,7 @@ self.info['device']) + localtime = self.info['localtime'] -+ if localtime is not None and localtime == 'yes': ++ if localtime is not None and localtime == 1: + xc.domain_set_time_offset(self.domid) + xc.domain_setcpuweight(self.domid, self.info['cpu_weight']) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...