Subject: Re: rc.d script for starting Xen domains
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Johnny C. Lam <jlam@pkgsrc.org>
List: port-xen
Date: 10/03/2005 22:23:19
On Tue, Oct 04, 2005 at 12:05:54AM +0200, Manuel Bouyer wrote:
> On Mon, Oct 03, 2005 at 08:15:55PM +0000, Johnny C. Lam wrote:
> > [...]
> > Also, the how-to goes over the routed-networking setup, while the
> > scripts that come with the xentools20 package support the
> > bridged-networking setup out-of-the-box, which isn't so good.  I'm
> > slowly reading through the Python code to see how the info in the
> > xenconfig.sxp file is used, as it seems there should be a way to use
> > either the routed- or bridged- networking setups depending on what
> > you set in the guest domain config file, similar to the disk setup.
> 
> Note that I don't think the NetBSD package should go as far as
> xentools do on linux, where creating a domain will create the bridge
> interface.

This isn't exactly right.  I think what actually happens is that the
"network" script is invoked when xend is started, which on Linux
creates the bridge devices, and the vif-bridge script adds the virtual
interfaces to the named bridge device.  So in the default Linux setup,
the trigger for creating the bridges isn't domain creation -- it's
just starting up xend.  We can make the network script do the same
thing on NetBSD if we so desired, though I think it's easier to just
create some /etc/ifconfig.bridge* files for more precise control.  In
my own setups, the "network" script is just "exit 0".

> It's the responsibility of the domain0 administrator
> to pre-create the bridge interfaces and add the physical interfaces it wants
> to it (remember that anyone that can access ports 8000-8002 can create a
> domain using the config file he wants).

Yes, I agree -- I don't particularly like the vif-bridge scripts that
auto-create the bridge device either for the same reason.

> Given this, it should be easy to do this (and has already been done, in
> fact, abusing the bridge= parameter to pass either IP informations, or
> the name of the bridge interface depending on what you want to do), without
> changing the python scripts.

I don't really like a abusing parameters because the names are
misleading; it was certainly confusing for me when I went through the
Xen how-to and the networking example was passing ifconfig(8) arguments
through the "bridge" parameter.  The network-setup issue I was talking
about is related to the following block in xend-config.sxp:

    ## Use the following if VIF traffic is routed.
    # The script used to start/stop networking for xend.
    #(network-script     network-route)
    # The default script used to control virtual interfaces.
    #(vif-script         vif-route)
    
    ## Use the following if VIF traffic is bridged.
    # The script used to start/stop networking for xend.
    (network-script    network)
    # The default bridge that virtual interfaces should be connected to.
    (vif-bridge        xen-br0)
    # The default script used to control virtual interfaces.
    (vif-script        vif-bridge)

It looks like the sysutils/xentools20 package should be providing
"network-route" and "vif-route" scripts that would be used for creating
domains with a routed-network setup, and the dom0 administrator could
just uncomment the top block and comment out the bottom block to switch
setups.  I think this would be more accessible and friendly from a
pkgsrc point-of-view in that the default package configuration would
be easy to change from one networking setup to the other without
needing to write your own custom scripts to do it.

	Cheers,

	-- Johnny Lam <jlam@pkgsrc.org>