Using IDD on Xen 3.0.4_1

페이지 정보

작성자 조희승 댓글 0건 조회 10,788회 작성일 12-08-17 15:25

본문

xen 3.0.4_1 idd
FC 6을 기준으로 작성되었삼

- 커널 컴파일 옵션
pci frontend 를 y로 선택해야함 (not module)
버스 모드는 slot으로 (온라인에 올리고 내리고 할려면)
- lspci 로 disable할 pci id를 찾는다.
- grub.conf에 아래를 추가
pciback.hide=(01:07.0) netloop.nloopbacks=2
ex) module /boot/vmlinuz-2.6-xen ro root=/dev/sda1 console=tty0 pciback.hide=(01:07.0) netloop.nloopbacks=2
- idd 도메인 네트웍 설정
vif = ['mac=00:16:3e:7A:BB:04']
dhcp="dhcp"
pci=['01:07.0']
- idd가 뜨면 bridge 만들기
/etc/xen/script/network-bridge start
- 다른 domain이 idd로 접속할려면 아래 예제를 사용
xm create guestdom5.conf beid=4
-- 만약 xen-tools로 만든 base image를 idd로 사용하고자 한다면 필요한 것들(/mnt에 mount했다 가정하고)
mkdir -p /mnt/etc/xen
cp -a /etc/xen/scripts /mnt/etc/xen/
mkdir -p /mnt/var/log/xen
cp /etc/udev/rules.d/xen* /mnt/etc/udev/rules.d/
cp /usr/bin/xenstore* /mnt/usr/bin/
cp /usr/lib/libxenstore* /mnt/usr/lib/
- pciback을 모듈로 올리고 추후 setup하고자 한다면
modprobe pciback
echo -n 0000:01:00.0 > /sys/bus/pci/drivers/<network driver>/unbind
echo -n 0000:01:00.0 > /sys/bus/pci/drivers/pciback/new_slot
echo -n 0000:01:00.0 > /sys/bus/pci/drivers/pciback/bind
------------------------------------------------------------
# This function checks that 'beid' has been given a valid value.
# It is called automatically by 'xm create'.
def beid_check(var, val):
val = int(val)
if val <= 0:
raise ValueError
return val
# Define the 'beid' variable so that 'xm create' knows about it.
xm_vars.var('beid',
use="Virtual machine id. Integer greater than 0.",
check=beid_check)
# Check the defined variables have valid values..
xm_vars.check()


kernel = "/boot/vmlinuz-2.6.16.33-xen"
ramdisk = "/boot/initrd-2.6.16.33-xen.img"
memory = 128
name = "guestdom5"
hostname = "guestdom5"

vif = ['backend=%d,mac=00:16:3e:7A:BB:05,bridge=xenbr0' % (beid)]
#dhcp="dhcp"

disk = ['file:/nfs/guestdom5/disk5.img,hda1,w']
root = '/dev/hda1 ro'

extra = "2"
Reference: Xen user manual

5.3 Driver Domain Configuration


5.3.1 PCI

Individual PCI devices can be assigned to a given domain (a PCI driver domain) to allow that domain direct access to the PCI hardware.
While PCI Driver Domains can increase the stability and security of a system by addressing a number of security concerns, there are some security issues that remain that you can read about in Section 9.2.

5.3.1.1 Compile-Time Setup

To use this functionality, ensure that the PCI Backend is compiled in to a privileged domain (e.g. domain 0) and that the domains which will be assigned PCI devices have the PCI Frontend compiled in. In XenLinux, the PCI Backend is available under the Xen configuration section while the PCI Frontend is under the architecture-specific "Bus Options" section. You may compile both the backend and the frontend into the same kernel; they will not affect each other.

5.3.1.2 PCI Backend Configuration - Binding at Boot

The PCI devices you wish to assign to unprivileged domains must be "hidden" from your backend domain (usually domain 0) so that it does not load a driver for them. Use thepciback.hide kernel parameter which is specified on the kernel command-line and is configurable through GRUB (see Section 2.5). Note that devices are not really hidden from the backend domain. The PCI Backend appears to the Linux kernel as a regular PCI device driver. The PCI Backend ensures that no other device driver loads for the devices by binding itself as the device driver for those devices. PCI devices are identified by hexadecimal slot/function numbers (on Linux, use lspci to determine slot/function numbers of your devices) and can be specified with or without the PCI domain:
(bus:slot.func) example (02:1d.3)

(domain:bus:slot.func) example (0000:02:1d.3)

An example kernel command-line which hides two PCI devices might be:
root=/dev/sda4 ro console=tty0 pciback.hide=(02:01.f)(0000:04:1d.0)

5.3.1.3 PCI Backend Configuration - Late Binding

PCI devices can also be bound to the PCI Backend after boot through the manual binding/unbinding facilities provided by the Linux kernel in sysfs (allowing for a Xen user to give PCI devices to driver domains that were not specified on the kernel command-line). There are several attributes with the PCI Backend's sysfs directory (/sys/bus/pci/drivers/pciback) that can be used to bind/unbind devices:
slots
lists all of the PCI slots that the PCI Backend will try to seize (or "hide" from Domain 0). A PCI slot must appear in this list before it can be bound to the PCI Backend through the bind attribute.
new_slot
write the name of a slot here (in 0000:00:00.0 format) to have the PCI Backend seize the device in this slot.
remove_slot
write the name of a slot here (same format as new_slot) to have the PCI Backend no longer try to seize devices in this slot. Note that this does not unbind the driver from a device it has already seized.
bind
write the name of a slot here (in 0000:00:00.0 format) to have the Linux kernel attempt to bind the device in that slot to the PCI Backend driver.
unbind
write the name of a skit here (same format as bind) to have the Linux kernel unbind the device from the PCI Backend. DO NOT unbind a device while it is currently given to a PCI driver domain!
Some examples:
Bind a device to the PCI Backend which is not bound to any other driver.
          # # Add a new slot to the PCI Backend's list
          # echo -n 0000:01:04.d > /sys/bus/pci/drivers/pciback/new_slot
          # # Now that the backend is watching for the slot, bind to it
          # echo -n 0000:01:04.d > /sys/bus/pci/drivers/pciback/bind
          
Unbind a device from its driver and bind to the PCI Backend.
          # # Unbind a PCI network card from its network driver
          # echo -n 0000:05:02.0 > /sys/bus/pci/drivers/3c905/unbind
          # # And now bind it to the PCI Backend
          # echo -n 0000:05:02.0 > /sys/bus/pci/drivers/pciback/new_slot
          # echo -n 0000:05:02.0 > /sys/bus/pci/drivers/pciback/bind
          
Note that the "-n" option in the example is important as it causes echo to not output a new-line.

5.3.1.4 PCI Backend Configuration - User-space Quirks

Quirky devices (such as the Broadcom Tigon 3) may need write access to their configuration space registers. Xen can be instructed to allow specified PCI devices write access to specific configuration space registers. The policy may be found in:
/etc/xen/xend-pci-quirks.sxp
The policy file is heavily commented and is intended to provide enough documentation for developers to extend it.

5.3.1.5 PCI Backend Configuration - Permissive Flag

If the user-space quirks approach doesn't meet your needs you may want to enable the permissive flag for that device. To do so, first get the PCI domain, bus, slot, and function information from dom0 via lspci. Then augment the user-space policy for permissive devices. The permissive policy can be found in:
/etc/xen/xend-pci-permissive.sxp
Currently, the only way to reset the permissive flag is to unbind the device from the PCI Backend driver.

5.3.1.6 PCI Backend - Checking Status

There two important sysfs nodes that provide a mechanism to view specifics on quirks and permissive devices:
/sys/bus/drivers/pciback/permissive
Use cat on this file to view a list of permissive slots.
/sys/bus/drivers/pciback/quirks
Use cat on this file view a hierarchical view of devices bound to the PCI backend, their PCI vendor/device ID, and any quirks that are associated with that particular slot.
You may notice that every device bound to the PCI backend has 17 quirks standard "quirks" regardless of xend-pci-quirks.sxp. These default entries are necessary to support interactions between the PCI bus manager and the device bound to it. Even non-quirky devices should have these standard entries.
In this case, preference was given to accuracy over aesthetics by choosing to show the standard quirks in the quirks list rather than hide them from the inquiring user

5.3.1.7 PCI Frontend Configuration

To configure a domU to receive a PCI device:
Command-line:
Use the pci command-line flag. For multiple devices, use the option multiple times.
xm create netcard-dd pci=01:00.0 pci=02:03.0

Flat Format configuration file:
Specify all of your PCI devices in a python list named pci.
pci=['01:00.0','02:03.0']

SXP Format configuration file:
Use a single PCI device section for all of your devices (specify the numbers in hexadecimal with the preceding '0x'). Note that domain here refers to the PCI domain, not a virtual machine within Xen.
          (device (pci
              (dev (domain 0x0)(bus 0x3)(slot 0x1a)(func 0x1)
              (dev (domain 0x0)(bus 0x1)(slot 0x5)(func 0x0)
          )
          

댓글목록

등록된 댓글이 없습니다.