I’d like talk about the xen-tools package, which is found in Debian-derived distros. It’s a straightforward Xen VM provisioning tool with an unusual but attractive approach.
I use it in the Xen.org automated testing system, for installing Debian-derived test VMs. And I run it by hand from the command line too.
What makes xen-tools special
What’s so different about xen-tools? Well, most VM provisioning tools arrange to run the guest’s copy of its own installer, in a fresh VM with a blank disk. They provide preseeding information with the answers to the questions that the installer asks. Another common approach is to have a blessed disk image, and make a guest by making a copy (perhaps a copy-on-write clone) of the master.xen-tools doesn’t work like that. Instead, it relies on the existing Debian tools for installing chroots. chroots are a kind of lightweight near-virtualisation and are very heavily used by Debian’s developers to allow them to develop packages for different versions of the OS from the one they have installed (including perhaps different derivatives – so for example allowing packages for Ubuntu to be developed on a Debian machine or vice versa). Sometimes users find it chroots useful to gain access to different versions of software packages too.
xen-tools uses the chroot installation tool debootstrap: it sets up the disk area or LVM for the new VM, and then installs the new guest by running debootstrap in the management domain. The resulting approach is very simple compared to a VM-based run of the entire installer. There is no need to manage the booting of the installer, provide it with preseed information to configure it properly, and so forth. Logging and error handling are much improved. And you get pretty good control over the exact contents of the guest.
When should you choose xen-tools?
Firstly, xen-tools is aimed at systems administered from the command-line using xl/xm (perhaps with some management layer on top of that). xen-tools will write a domain configuration file suitable for use with xl or xm.The biggest limitation is that it can only install a limited set of guests. At the time of writing the version of xen-tools in Debian testing can install most versions of Debian or Ubuntu, and also has support for CentOS 5 and 6. (The CentOS support is done using rinse rather than debootstrap.)
The second thing to bear in mind is that you should not install an operating system with xen-tools if you mistrust, from a security point of view, the source of the binary packages for that OS. This is because xen-tools’s installation approach doesn’t do the actual installation in a VM and in principle it would be possible for a rogue package to “escape” from the installation process and contaminate your host. This isn’t relevant, of course, if (say) your host is Debian and you are intending to install a Debian guest. And the attack would have to come in the form of maliciously bad packages from the Debian, Ubuntu or CentOS mirrors, which is pretty unlikely.
But if you can use xen-tools I think you’ll find it simple and convenient to use – and fast, especially if you have a local mirror.
How to use xen-tools
The primary entrypoint is the program xen-create-image. It has a comprehensive manual page.I like to have all of my VMs on LVM volumes. xen-create-image knows how to create the LV for the disk and swap. Here’s an example invocation from the Xen.org automated testing system:
xen-create-image \ --dhcp --mac 5a:36:0e:48:00:0e \ --memory 512M --swap 1000M \ --dist squeeze \ --mirror http://10.80.16.196/debian \ --hostname debian.guest.osstest \ --lvm field-cricket --force \ --kernel /boot/vmlinuz-2.6.32.57 \ --initrd /boot/initrd.img-2.6.32.57 \ --arch i386After having done that there are some wrinkles that my automatic test system fixes up. I overwrite the ssh keys and authorization setup for my VM so that my test VMs all have the same keys. And I edit the inittab to spawn a console on the guest’s Xen PV console hvc0:
xc:2345:respawn:/sbin/getty 38400 hvc0(That this is necessary is a bug, I think.)
No comments:
Post a Comment