xen project update linuxcon brazil
TRANSCRIPT
Lars KurthXen Community Manager
Xen.org Project Updates : PVOPS, Xen, XCP and Xen ARM
@lars_kurth@xen_com_mgr
PVOPS : Xen in Linux 3.x
Xen Domain 0 Support Added to Linux 3.0
Ongoing work to round out the feature set in Linux 3.1 and onwards
Current State
• Xen-pciback module– Last major backend to be included
• Usability improvements– e.g. Auto loading of backend modules– Helps distros to package / deploy
• Memory Hotplug• Bug fixes
– e.g. VGA text console for dom0 fixed
New in Linux 3.1
• Hwclock support (date -s)• Blkback:
”feature-barrier” support• Blkback/front:
”feature-discard” support• PCIback: Support for
multi-segmented (”big”) boxes• Kexec/kdump support for
PVHVM guests
• PV Spinlock support• ACPI S3• 3D graphics• ACPI cpufreq support• Blkback multiring• Netback optimisations• Continue to round out the
feature set, usability, rough edges
Planned for 3.2 and beyond
• So I can just install <favorite distro> and use Xen?– Yes! (when distributions start shipping 3.0+ kernel)– For details visit Dom 0 Kernels for Xen Wiki– Some distros don't enable all backends – please open distro bugs
(and let xen-devel know)• Or you can build a v3.0+ Linux kernel with Xen 4.1.1 on
existing distro.– Details, explanations, etc: XenParavirtOps Wiki
OK, so Upstream has stuff!
• Take Linux 3.1 for a spin with Xen 4.1.2– or even Linux 3.2-rc1 or newer if adventurous
• Run it first without Xen to establish a baseline• Then run it under Xen and see what happens• Please send e-mail to xen-devel with what works and with
what does not.
How you can help
Architecture ConsiderationsType 1: Bare metal HypervisorA pure Hypervisor that runs directly on the hardware and hosts Guest OS’s.
Type 2: OS ‘Hosted’A Hypervisor that runs within a Host OS and hosts Guest OS’s inside of it, using the host OS services to provide the virtual environment.
Provides partition isolation + reliability, higher security
Low cost, no additional drivers
VMn
Host OSDeviceDrivers
Ring-0 VM Monitor“Kernel”
Host HW
VM0
Guest OSand Apps
User-level VMM
UserApps
DeviceModels
Memory CPUs I/O
VMn
Hypervisor
Host HW
VM1
VM0
Guest OSand Apps
Device Drivers / Models
Scheduler MMU
Memory CPUs I/O
Architectural Advantage of Xen Thin hypervisor
• Open source• Proprietary code in guests
Use Linux in upstream• Take full advantage of PV• PV on HVM• No additional device drivers
(Linux 3.x dom0)
Use hardware assistance for unmodified guests
9
Hybrid Architecture
VMn
Xen Hypervisor
Domain 0
Linux
Host HW
High-level MonitorVM1
VM0
Guest OSand Apps
DeviceModels
Memory CPUsI/O
Device Models(Timer, Interrupt)
Xen Hypervisor Project
• Very large system support– 4 TB; >255 CPUs– Reliability, Availability, Scalability enhancements
• CPU Pools for system partitioning• Page sharing enhancements• Hypervisor emergency paging / compression• New “xl” lightweight control stack• Memory Introspection API• Enhanced SR-IOV support• Software-implemented Hardware Fault Tolerance
Xen 4.1 Release: 21 March 2011
• Security is key requirement for Cloud• Security is the primary goal of virtualization on the Client
– Desktop, Laptops, Smart Phones, etc
• Maintaining isolation between VMs is critical– Spatial and Temporal isolation– Run multiple VMs with policy controlled information flow
• E.g. Personal VM; Corporate VM; VM for web browsing; VM for banking
Security will drive the Next Wave of Virtualization
• Functionality of Xen’s control VM (Dom0)– Disaggregated into specific classes of service VMs
• Each contains a specific set of control logic– See: ”Breaking up is hard to do” @ xenpapers
• Unique benefit of the Xen architecture– Security: Minimum privilege; Narrow interfaces– Performance: lightweight, e.g. minios directly on hypervisor– Reliability: Able to be safely restarted
Disaggregation
• Detect failure e.g.– Illegal access– Timeout
• Kill domain, restart– E.g. Just 275ms outage from
failed Ethernet driver
• New work uses restarts to enhance security
Isolated Driver VMs for HA
0
50
100
150
200
250
300
350
0 5 10 15 20 25 30 35 40time (s)
• First products configured to take advantage of the security benefits of Xen’s architecture
• Isolated Driver Domains• Virtual hardware Emulation Domains• Service VMs (global and per-guest)• Xen Security Modules / SElinux• Measured Launch (TXT)
Qubes OS / XenClient XT
XCP Project
XCP Today Vertical stack for server
virtualization Distributed as a closed appliance
with CentOS 5.5 Dom0, misc DomU’s, network & storage support and Xen API
Really: an open source distribution of XenServer
Project Kronos• Make the XAPI toolstack independent of CentOS 5.5• Extend the delivery model
– Deliver Xen, XAPI and everything in between (storage manager, network support, OCaml libs, etc.) via your favorite Linux distro
“apt-get install xapi” or “yum install xapi”
• The Plan:– Initially Debian and Ubuntu (12.04)– Later any major Linux distro (Fedora, etc.)
XCP is the configuration of choice for clouds– Optimized for cloud use-cases– Optimized for how usage patterns in cloud projects– XenAPI toolstack is more easily consumable
XCP becomes the Xen Community Platform– XCP becomes XenServer “unstable”– Track unstable Xen hypervisor and Linux kernels– Fully open development model (build & test capability)
XCP Vision
Xen ARM Project
Xen ARM History
‘04 ‘10‘09‘08
x86 Xen Hypervisor Release(Cambridge University)
Xen ARM 1st Release: ARM9 Xen Hypervisor, Mini-OS (Samsung)
Xen ARM 2nd Release: Paravirtualized Linux kernel (v2.6.24), Xen tool (Samsung)
Xen ARM 4th Release: Performance Optimization (Samsung)
Xen ARM 3rd Release: ARM11MPCore Support(Samsung)
‘11
Xen ARM 5th Release: Cortex-A9 MPCore Support(Samsung)
More information:– wiki.xen.org/wiki/XenARM & xen-arm mailing list– Good overview in slides and papers links section
• ARM based Servers: ARM v7 & v8• Client Virtualization: Qubes OS / XenClient / XenClient XT• Smart Phones
– HW Consolidation: AP(Application Processor) and BP(Baseband Processor) can share multicore ARM CPU SoC in order to run both Linux and Real-time OS efficiently
– OS Isolation: important call services can be effectively separated from downloaded third party applications by Xen ARM combined with access control
– Rich User Experience: multiple OS domains can run concurrently on a single smartphone
From Servers to Laptops to Mobiles
Current Developments‘11 ‘12
Finish initial merge Cortex-A15 Support(ARM virt extensions)
Lightweight version of Xen tools
‘13
Integration of Xen ARM with mainline (80% completed) Rebased on the recent xen-unstable.hg Many parts of the Xen ARM has been rewritten for the integration.
Prototyping of Cortex A15 support using ARM virtualization extensions We should start to see the next code drops for review and discussion at the end of November
Select reference platform(s) for Xen ARM [likely that we will follow Linaro]
Key Activities
Xen Community
2011 Contribution StatisticsBy Change Sets *)
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011*
0.0
500.0
1000.0
1500.0
2000.0
2500.0
3000.0
3500.0
4000.0
4500.0
5000.0
XenARM**PVOPSXCPXen HV
*) End of Sept 2011**) Activity on Development branch (not yet in xen-unstable)
By KLOC **) ***)
28%
18%
15%
14%
11%
6%
5%3%
1%
Citrix XCPCitrix HVSamsung*NovellOracleAMDIndividualIntelMisc
*) Activity on Development branch (not yet in xen-unstable)**) Includes PVOPS ***) Until Sept 2011
• Developers: same process as for Linux Kernel– Same license: GPLv2– Same roles: Developers, Maintainers, Committers– Contributions by patches + sign-off (Developer Certificate of Origin)– Details @ xen.org/projects/governance.html
• Users– IRC: ##xen @ FREENODE– Mailing List: xen-users, but also groups.google.com/group/xen-br– New wiki: wiki.xen.org, but also wiki.xen-br.org
How to Contribute & Engage
Shameless MarketingVendors in the Xen community are hiring!Vendors in the Xen community are hiring!Vendors in the Xen community are hiring!
xen.org/community/jobs.html
Questions …