SDLab

SDLab
SDLab.org::Adminな脳み

2014年5月30日金曜日

XenServer 6.2 で ftp コマンド を利用する方法

通常、ftpは過去の遺物なので使う機会が少ないのだが、
運用で全く使わないということではないのが現実。

XenServer6.2では、telnetとかtcpdumpとか基本的なツールが入っているが、ftp client だけない。
そこで、ftp をどうしても使いたい時のTIPS。

XenServer6.2 は CentOS 5.7 ベースなので、そのパッケージを利用すればいい。

[root@cw01 ~]# rpm -qif /etc/redhat-release
Name        : centos-release               Relocations: (not relocatable)
Version     : 5                                 Vendor: CentOS
Release     : 7.el5.centos                  Build Date: Mon 29 Aug 2011 08:00:09 PM JST

なお、XenServer6.2 は 32bit だよ。

[root@cw01 ~]# uname -a
Linux cw01 2.6.32.43-0.4.1.xs1.8.0.853.170791xen #1 SMP Mon Mar 3 06:36:39 EST 2014 i686 i686 i386 GNU/Linux

なので、まぁこんな感じで ftp client のRPMを取得すればいい。
ダウンロードは例としてMazのところの公開サーバを利用させてもらう
http://ftp.iij.ad.jp/pub/linux/centos/5.10/os/i386/CentOS/ftp-0.17-38.el5.i386.rpm

取得

[root@cw01 ~]# wget http://ftp.iij.ad.jp/pub/linux/centos/5.10/os/i386/CentOS/ftp-0.17-38.el5.i386.rpm
--2014-05-30 08:41:39--  http://ftp.iij.ad.jp/pub/linux/centos/5.10/os/i386/CentOS/ftp-0.17-38.el5.i386.rpm
Resolving ftp.iij.ad.jp... 202.232.140.170, 2001:240:bb8f:200::1:170
Connecting to ftp.iij.ad.jp|202.232.140.170|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 56209 (55K) [application/x-rpm]
Saving to: `ftp-0.17-38.el5.i386.rpm'
100%[==========================================================>] 56,209      --.-K/s   in 0.04s
2014-05-30 08:41:39 (1.43 MB/s) - `ftp-0.17-38.el5.i386.rpm' saved [56209/56209]

インストール

[root@cw01 ~]# rpm -Uvh ftp-0.17-38.el5.i386.rpm
Preparing...                ########################################### [100%]
   1:ftp                    ########################################### [100%]

テスト

[root@cw01 ~]# ftp ftp.iij.ad.jp
Trying 202.232.140.170...
Connected to ftp.iij.ad.jp (202.232.140.170).
220 IIJ FTP server ready (IPv4 client).
Name (ftp.iij.ad.jp:root): anonymous
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.


なお、この方法で他のRPMの多少いけるが、
ftp client くらいの単純なRPMならいいけど、
それ以外は、ちゃんとDDKでコンパイルして適用することをお勧めする。


2014年5月28日水曜日

gpumon : XenServer GPU monitoring daemon
https://github.com/xenserver/gpumon
RRD PLUGINを追加


Xenserver 6.2 Passtrough from USB to Windows 7 VM
http://discussions.citrix.com/topic/351605-xenserver-62-passtrough-from-usb-to-windows-7-vm/
XenServer で VMにUSB接続機器を使いたい場合には、
PCI Pass-Throughは現実的ではないので、
Ethernet-USB変換サーバを使うと便利って話。XenMotionの時も気にしなくていいし。

USBデバイスサーバ SX-3000GB
http://www.silex.jp/products/usbdeviceserver/sx3000gb.html


CA-118899: Support UTF-8 iSCSI target names.
https://github.com/xapi-project/sm/commit/129b8d9bce89ba06ffefdeaeef8309cf4cb40736


Merge branch xs64bit
https://github.com/xenserver/xenadmin/pull/77
XenCenterも64bit対応中

2014年5月26日月曜日

XenServer6.2 Crash報告のMEMO

XenServer 6.2sp1 hosts crashing

http://discussions.citrix.com/topic/351967-xenserver-62sp1-hosts-crashing/


http://discussions.citrix.com/topic/351967-xenserver-62sp1-hosts-crashing/?p=1815322
Ok, so the OOMkill is an out of memory kill operation. What is interesting to me is a possible Machine Check Error:

May 22 18:01:01 DXS62-3 kernel: [4835275.707462] mcelog.cron invoked oom-killer: gfp_mask=0xd0, order=1, oom_adj=0
May 22 18:01:01 DXS62-3 kernel: [4835275.707479] Pid: 3579, comm: mcelog.cron Not tainted 2.6.32.43-0.4.1.xs1.8.0.835.170778xen #1


MCEs are almost always hardware-related, possibly fixed with BIOS update (March is the latest firmware as noted on Dell web page).

BIOSの可能性があるよというケース。



Xenserver 6.2 Crash - BUG ?

http://discussions.citrix.com/topic/333281-xenserver-62-crash-bug/
Areca RAIDが原因?
メッセージシグナル割り込み (MSI) をDisableにするも再発・・・
未解決ですが、MEMOとして。

2014年5月23日金曜日

Xen Project Hackathon など

Xen Project Hackathon for May 29-30, 2014 in London, UK at Rackspaces
http://wiki.xen.org/wiki/Hackathon/May2014
注目は、PVH、NFV、Docker ですね。


VNC from boot on Ubuntu 13.04 without logging in, using LightDM (or GDM) and x11vnc (includes LUbuntu with lxdm and Linux Mint LMDE with mdm)
http://seb.so/vnc-from-boot-without-logging-in-ubuntu-lubuntu-xubuntu-and-mint-lmde/
VNCというかUbuntu系でX使いたい人向け。ちょっと古いけど。


CA-108515: Prevent the destruction of SR configured as IntelliCache SR
https://github.com/xapi-project/xen-api/pull/1764
IntelliCache SRの破壊の防止。
XenDesktop以外に使い道が無いって理解しているけど、他にあれば教えて。


2014年5月22日木曜日

2014/5/22 のMEMO

Citrix Discussion


http://discussions.citrix.com/topic/346663-xenserver-62-sp1-breaks-network/?p=1812290
If you are using Intel-based machines and your last BIOS update was before August-October of 2013, expect abnormalities to happen due to Intel Errata.

ん?なにか出てるかな・・・


xen-api)migration関連


https://github.com/robhoes/xen-api/commit/40cf3acd18bbab3e8989e1724619eb0466ed2b77
missing disks as CDs will be ejected during a real VM migrate.
Tipsとして、CDは使い終わったらEjectしておこう。

https://github.com/robhoes/xen-api/commit/e450ceeb92a8bcc229b11bc4891c4b043c2acd4e
CA-86347 Handle the excn if the VM happens to reboot during migration.
Such a reboot causes Xenops_interface.Cancelled the first try, then
Xenops_interface.Internal_error("End_of_file") the second, then success. 


xs-tools) win-installer


[CA-123912] Run the uninstaller fix before uninstalling legacy tools
https://github.com/benchalmers/win-installer/commit/24074d824711ee4e2ee5f80a22951df41bfbfab9


XenServer Creedence Development Snapshots

XenServer Creedence Development Snapshots

http://www.xenserver.org/overview-xenserver-open-source-virtualization/download/24-product/creedence/143-xs-2014-development-snapshots.html

上記のページ移動しています。

Download - Pre-Release XenServer
http://xenserver.org/component/content/article.html?layout=edit&id=142

は2014/05/15 のVersionです。

Creedence Development Snapshotsの最新は、現時点で 21日のものです。

なお、今までの
Development Snapshots
http://xenserver.org/overview-xenserver-open-source-virtualization/project-roadmap/2-uncategorised/115-development-snapshots.html
は15日までで更新が止まってます。

2014年5月21日水曜日

2014/05/21 のMEMO

NIC driver for Windows PE
http://discussions.citrix.com/topic/284196-nic-driver-for-windows-pe/
2011年3月から続くThread。
Clearwaterで認識させる基本的なStepや、下記のような強引にNICを認識させるPatchなどで紹介されている。
  qemu_args[i] = qemu_args[i].replace('rtl8139', 'e1000')


CA-99235: Keep trying to remove the tag forever
https://github.com/xapi-project/sm/commit/7ca2d42adc17cfde8ec7f37c07a24293741af274
In the error handling path of VDI.activate, if the connection with the
master is lost, the slave cannot remove the tag from sm-config. When the
connection is restored, the VDI is left in undefined state. To avoid
this we keep trying to remove the tag until we succeed (the connection
with the host has been restored).

これってClearwaterでも発生するんだよね、多分。

2014年5月20日火曜日

XenServer.next Alpha Available for Download

http://www.xenserver.org/discuss-virtualization/virtualization-blog/entry/xenserver-next-alpha-available-for-download.html

The XenServer engineering team is pleased to announce the availability an alpha of the next release of XenServer, code named “Creedence”. 


ちなみに、
Creedence versionってなに?っと検索すると、http://ja.wikipedia.org/wiki/%E3%82%AF%E3%83%AA%E3%83%BC%E3%83%87%E3%83%B3%E3%82%B9%E3%83%BB%E3%82%AF%E3%83%AA%E3%82%A2%E3%82%A6%E3%82%A9%E3%83%BC%E3%82%BF%E3%83%BC%E3%83%BB%E3%83%AA%E3%83%90%E3%82%A4%E3%83%90%E3%83%AB
そうきたかw。最適な名前ですね。
これは、完全に別のものだと思ってた。
絶対sarasotaだと思ってた。だってSourceに・・・
https://github.com/Zhengchai/xenadmin/blob/4100f506ca2b832ff0c207bbaaeca93a68b7e0af/XenAdminTests/XenModelTests/TestAPICallVersions.cs
って、このSource、2013年6月のものだった・・・orz
古かったのね。

Creedence Clearwater Revival (CCR)からますます目が離せないですねぇ。(意外とどっちでもよくなってる)

ちなみにVersionも、
XenServer 6.2.50 
と表示されてたんだよ。4月のBuildまでは。5月は見てない。
5/19以降のBuildでどう表示されるか試してみるか。


2014年5月19日月曜日

Best Practices for using Open vSwitch with XenServer v6.0 - 6.2.0 Service Pack 1
http://support.citrix.com/article/CTX140764


PVH ゲストVMの起動確認方法
http://lists.xen.org/archives/html/xen-users/2014-05/msg00152.html
# dmesg | grep PVH
[    0.000000] Booting paravirtualized kernel with PVH extensions on Xen


xapiのVersion 2.3
https://github.com/kc284/xen-api-sdk/commit/4007d397659a6e43ecc136f0f141977d88d58637
    API_2_0 = 11, // XenServer 6.2 (Clearwater)
    API_2_1 = 12, // XenServer 6.2 with vGPU (vGPU)
    API_2_2 = 13, // XenServer 6.2 Hotfix XS62ESP1004 (Felton)
    API_2_3 = 14, //
    LATEST = 14,

XenServer6.5 Nightly Snapshot
http://xenserver.org/overview-xenserver-open-source-virtualization/project-roadmap/2-uncategorised/115-development-snapshots.html
5/15版が出てる。


CP-8320: Initial commit for xs64bit

https://github.com/chandrikas/sm/commit/e7d3a006d3e30e9ce863208ffa65eaa5747d6dfe
なんか色々変わってる・・・
流し見した感じではこんなところ。多くて途中で萎える。

drivers/cleanup.py
Coalesce関連も丁寧に修正。

drivers/nfs.py
-SOFTMOUNT_TIMEOUT  = 60 # seconds
+SOFTMOUNT_TIMEOUT  = int((40.0/3.0) * 10.0) # 1/10 s

drivers/FileSR.py
+  # The VDI might be activated in R/W mode so the VHD footer
+  # won't be valid, use the back-up one instead.
+  diskinfo = util.ioretry(lambda: self._query_info(self.path,
+  True))
invalid footer対策?

drivers/mpath_dmp.py
-hba_script = "/opt/xensource/sm/mpathHBA"
DMPからHBAを抜いてる。
え?今までは、Activate/Deactivateするときに、HBA実行してからiSCSIの実行だったのね。




2014年5月18日日曜日

2014/05/18 の MEMO

CA-125717: Specify dev_loss_tmo in /etc/multipath.conf
https://github.com/robertbreker/sm/commit/735f5b0d6c6114f8cca8ca017e18a4ca2f17faa4
dev_loss_tmo 30 を追加

dev_loss_tmoに関しては下記
https://access.redhat.com/site/documentation/ja-JP/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/modifying-link-loss-behavior.html
ドライバーで Transport dev_loss_tmo コールバックを実装している場合、 転送に関する問題が検出されるとリンクを経由したデバイスへのアクセス試行がブロックされます。


CA-135560: Fix Creedence version number check and make WLB tab behaviour same for 6.5 and 6.1
https://github.com/Zhengchai/xenadmin/commit/736a8d4cb419a6dead3cef8d994f29e2e89e9b9c

Creedence versionってなに?っと検索すると、
http://ja.wikipedia.org/wiki/%E3%82%AF%E3%83%AA%E3%83%BC%E3%83%87%E3%83%B3%E3%82%B9%E3%83%BB%E3%82%AF%E3%83%AA%E3%82%A2%E3%82%A6%E3%82%A9%E3%83%BC%E3%82%BF%E3%83%BC%E3%83%BB%E3%83%AA%E3%83%90%E3%82%A4%E3%83%90%E3%83%AB

そうきたかw。最適な名前ですね。
ただしClearwater限定。



XenServer - W2k8 VM - Want Virtual SoundCard
http://discussions.citrix.com/topic/351624-xenserver-w2k8-vm-want-virtual-soundcard/
そういう要求もあるんですね。
後で使えるか試してみようかな。


2014年5月17日土曜日

enable Supervisor Mode Access Prevention (SMAP) for Xen

x86: enable Supervisor Mode Access Prevention (SMAP) for Xen
http://lists.xen.org/archives/html/xen-changelog/2014-05/msg00196.html

Supervisor Mode Access Prevention (SMAP) is a new security feature disclosed by Intel, please refer to the following document:
http://software.intel.com/sites/default/files/319433-014.pdf

This patch enables SMAP in Xen to prevent Xen hypervisor from accessing pv guest data, whose translation paging-structure entries' U/S flags are all set.

2014年5月16日金曜日

2014/5/16のMEMO

NVIDIA-SMI has failed because it couldn't communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.
http://discussions.citrix.com/topic/346452-nvidia-smi-has-failed-because-it-couldnt-communicate-with-the-nvidia-driver-make-sure-that-the-latest-nvidia-driver-is-installed-and-running/

I switched the switch ( :rolleyes:) to the OFF position by unscrewing 2 side screws and removing the power and data links for the HDD cage. Then, with a screwdriver, but not with ease, i switched the 9th switch.
After this step, i went to BIOS and DISABLED the option PCI Express 64-bit BAR Support from the Service Menu (Ctrl+A)

懐かしさを感じたのでMEMO。HPのサーバあったら中見てみようかな。


Xen Server 6.1 - xen tools installation problem
http://discussions.citrix.com/topic/351539-xen-server-61-xen-tools-installation-problem/

Windows Server 2008R2 で SQL Serverとかを使っているVMのPVドライバ(xs-tools)の更新って
上手くいかない場合があるからね。

msconfig:
Once you log in, run msconfig, choose "Selective startup", then go to Services tab, hide all Microsoft and disable all but XenTools. Next, show all services and disable Microsoft SQL. Do the same on the startup tab. Reboot and hopefully this will allow you to proceed. If you have any antivirus, you will want to uninstall it as it probably has a network filter driver, so stopping AV services is not enough.


XenServer6.2) VIFのLocking-modeで遊んでみた

VIFのLocking-modeで遊んでみた。

VIFのlocking-modeに関してはマニュアルに書いてある通り。
端的にいうと、VIF側で利用できるIPアドレスを制限しちゃおうという機能。

試験環境

Dom0:XS62SP1(patch:-5)
PM:CentOS6.4からVM:CentOSのApache上の1MBファイルをabで取得する。

VIF状態
[root@txs01 ~]# xe vif-param-list uuid=61694e93-42d6-465e-3fc0-2f214b973884
uuid ( RO)                        : 61694e93-42d6-465e-3fc0-2f214b973884
                     vm-uuid ( RO): 7aa322f7-b272-c936-f4e4-55b522c7eec1
               vm-name-label ( RO): CentOS-130-Apache
          allowed-operations (SRO): attach; unplug
          current-operations (SRO):
                      device ( RO): 1
                         MAC ( RO): 06:06:3e:45:cb:70
           MAC-autogenerated ( RO): true
                         MTU ( RO): 1500
          currently-attached ( RO): true
          qos_algorithm_type ( RW):
        qos_algorithm_params (MRW): kbps: 1000
    qos_supported_algorithms (SRO):
                other-config (MRW):
                network-uuid ( RO): 1deba6e0-7167-8287-b428-0f142baa8a85
          network-name-label ( RO): VLAN901
                 io_read_kbs ( RO): 0.000
                io_write_kbs ( RO): 0.000
                locking-mode ( RW): network_default
                ipv4-allowed (SRW):
                ipv6-allowed (SRW):
abの結果(設定前)
Server Software:        Apache/2.2.3
Server Hostname:        10.0.1.130
Server Port:            80
Document Path:          /index.html
Document Length:        1024000 bytes
Concurrency Level:      100
Time taken for tests:   8.759 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      1026769248 bytes
HTML transferred:       1026498438 bytes
Requests per second:    114.16 [#/sec] (mean)
Time per request:       875.935 [ms] (mean)
Time per request:       8.759 [ms] (mean, across all concurrent requests)
Transfer rate:          114472.43 [Kbytes/sec] received
<SNAP>
Total transferred:      1026800112 bytes
HTML transferred:       1026529302 bytes
Requests per second:    113.86 [#/sec] (mean)
Time per request:       878.284 [ms] (mean)
Time per request:       8.783 [ms] (mean, across all concurrent requests)
Transfer rate:          114169.77 [Kbytes/sec] received
<SNAP>
Total transferred:      1024270000 bytes
HTML transferred:       1024000000 bytes
Requests per second:    114.43 [#/sec] (mean)
Time per request:       873.907 [ms] (mean)
Time per request:       8.739 [ms] (mean, across all concurrent requests)
Transfer rate:          114458.81 [Kbytes/sec] received

DEVTYPE=bridge: Rx=0.948 Gbit/s, Tx=0.006 Gbit/s
|- netback/0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/2: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif12.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/3: Rx=0.948 Gbit/s, Tx=0.006 Gbit/s
|  |- vif12.1: Rx=0.948 Gbit/s, Tx=0.006 Gbit/s
DEVTYPE=bridge: Rx=0.949 Gbit/s, Tx=0.006 Gbit/s
|- netback/0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/2: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif12.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/3: Rx=0.949 Gbit/s, Tx=0.006 Gbit/s
|  |- vif12.1: Rx=0.949 Gbit/s, Tx=0.006 Gbit/s
DEVTYPE=bridge: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
|- netback/0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/2: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif12.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/3: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
|  |- vif12.1: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s

1GbpsNIC環境ならこんなもんですね。

設定変更

まず、ipvX-allowedを指定せずに locking-mode を locked に変更
[root@xs01 ~]# xe vif-param-set uuid=61694e93-42d6-465e-3fc0-2f214b973884 locking-mode=locked
[root@xs01 ~]# xe vif-param-list uuid=61694e93-42d6-465e-3fc0-2f214b973884
uuid ( RO)                        : 61694e93-42d6-465e-3fc0-2f214b973884
                     vm-uuid ( RO): 7aa322f7-b272-c936-f4e4-55b522c7eec1
               vm-name-label ( RO): CentOS
          allowed-operations (SRO): attach; unplug
          current-operations (SRO):
                      device ( RO): 1
                         MAC ( RO): 06:06:3e:45:cb:70
           MAC-autogenerated ( RO): true
                         MTU ( RO): 1500
          currently-attached ( RO): true
          qos_algorithm_type ( RW):
        qos_algorithm_params (MRW): kbps: 1000
    qos_supported_algorithms (SRO):
                other-config (MRW):
                network-uuid ( RO): 1deba6e0-7167-8287-b428-0f142baa8a85
          network-name-label ( RO): VLAN01
                 io_read_kbs ( RO): 0.000
                io_write_kbs ( RO): 0.000
                locking-mode ( RW): locked
                ipv4-allowed (SRW):
                ipv6-allowed (SRW):

外部(PM)からPINGが飛ばなくなった。
次に、IPを設定してやる。

[root@xs01 ~]# xe vif-param-set uuid=61694e93-42d6-465e-3fc0-2f214b973884 ipv4-allowed=10.0.1.130 ipv6-allowed=fe80::406:3eff:fe45:cb70
[root@xs01 ~]# xe vif-param-list uuid=61694e93-42d6-465e-3fc0-2f214b973884
uuid ( RO)                        : 61694e93-42d6-465e-3fc0-2f214b973884
                     vm-uuid ( RO): 7aa322f7-b272-c936-f4e4-55b522c7eec1
               vm-name-label ( RO): CentOS
          allowed-operations (SRO): attach; unplug
          current-operations (SRO):
                      device ( RO): 1
                         MAC ( RO): 06:06:3e:45:cb:70
           MAC-autogenerated ( RO): true
                         MTU ( RO): 1500
          currently-attached ( RO): true
          qos_algorithm_type ( RW):
        qos_algorithm_params (MRW): kbps: 1000
    qos_supported_algorithms (SRO):
                other-config (MRW):
                network-uuid ( RO): 1deba6e0-7167-8287-b428-0f142baa8a85
          network-name-label ( RO): VLAN01
                 io_read_kbs ( RO): 0.084
                io_write_kbs ( RO): 0.056
                locking-mode ( RW): locked
                ipv4-allowed (SRW): 10.0.1.130
                ipv6-allowed (SRW): fe80::406:3eff:fe45:cb70

PINGが飛ぶようになった。

レスポンスは

DEVTYPE=bridge: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
|- netback/0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/2: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif16.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/3: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
|  |- vif16.1: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
DEVTYPE=bridge: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
|- netback/0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif3.1: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/2: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|  |- vif16.0: Rx=0.000 Gbit/s, Tx=0.000 Gbit/s
|- netback/3: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s
|  |- vif16.1: Rx=0.947 Gbit/s, Tx=0.006 Gbit/s

Total transferred:      1026134032 bytes
HTML transferred:       1025863492 bytes
Requests per second:    114.22 [#/sec] (mean)
Time per request:       875.518 [ms] (mean)
Time per request:       8.755 [ms] (mean, across all concurrent requests)
Transfer rate:          114456.18 [Kbytes/sec] received

locking-modeを利用しても、1GbpsNICの環境では特に劣化は見られなかった。

なお、複数IPを許可したい場合には、単純に複数記述してやればよい。
参考)
vif-param-add
http://discussions.citrix.com/topic/351462-vif-param-add/

2014年5月15日木曜日

XenServer6.2 ) interface-rename COMMAND

How to Change Order of NICs in XenServer 6.x

http://support.citrix.com/article/CTX135809


interface-renameってコマンドを使ってみた。

[root@xs01 ~]# interface-rename --help
usage: interface-rename --rename|--list|--update <args>|--reset-to-install [-v] [-d]
Utility for managing the naming of physical network interfaces.  It is used to
undo the damage of race condition for device drivers grabbing eth names on
boot, taking into account naming policies provided at install time.  In
addition, it implements sensible policies when network hardware changes, and
the ability for manual alteration of the policies after install.
options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -v, --verbose         increase logging
  -d, --dry-run         dry run - don't write any state back to disk
  Actions:
    Exactly one action is expected
    -r, --rename        rename physical interfaces.  It is not safe to rename
                        interfaces which have traffic passing, or higher level
                        networking constructs on them (bonds/bridges/etc).
                        Use at your own risk after boot
    -l, --list          list current physical device information in a concise
                        manner as a reference for --update
    -u, --update        manually update the order of devices.  <args> should
                        be one or more <target eth name>=MAC|PCI|Phys|"SMBios"
    --reset-to-install  reset configuration to install state

renameとupdateはCLIから利用することはないだろうね・・・
listはNICのドライバ一覧を取得するのに便利だね。

[root@xs01 ~]# interface-rename --list
ERROR    [2014-05-13 19:17:46] Can't generate current state for interface '{'Driver': '802.1Q VLAN Support', 'Bus Info': '', 'BIOS device': {'all_ethN': 'eth6', 'physical': ''}, 'Assigned MAC': '00:1B:21:79:BB:9B', 'Firmware version': 'N/A', 'Driver version': '1.8', 'Kernel name': 'bond1.901'}' - Unrecognised PCI address ''
ERROR    [2014-05-13 19:17:46] Can't generate current state for interface '{'Driver': '802.1Q VLAN Support', 'Bus Info': '', 'BIOS device': {'all_ethN': 'eth7', 'physical': ''}, 'Assigned MAC': '00:1B:21:79:BB:9B', 'Firmware version': 'N/A', 'Driver version': '1.8', 'Kernel name': 'bond1.902'}' - Unrecognised PCI address ''
ERROR    [2014-05-13 19:17:46] Can't generate current state for interface '{'Driver': '802.1Q VLAN Support', 'Bus Info': '', 'BIOS device': {'all_ethN': 'eth8', 'physical': ''}, 'Assigned MAC': '00:1B:21:79:BB:9B', 'Firmware version': 'N/A', 'Driver version': '1.8', 'Kernel name': 'bond1.903'}' - Unrecognised PCI address ''
Name  MAC                PCI           ethN  Phys  SMBios  Driver  Version     Firmware
eth0  00:26:2d:08:12:78  0000:01:00.0  eth0  em1           igb     4.1.2       2.5, 0xf1300000
eth1  00:26:2d:08:12:79  0000:01:00.1  eth1  em2           igb     4.1.2       2.5, 0xf1300000
eth2  00:1b:21:79:bb:9a  0000:03:00.0  eth2  p2p1          e1000e  2.3.2-NAPI  5.11-2
eth3  00:1b:21:79:bb:9b  0000:03:00.1  eth3  p2p2          e1000e  2.3.2-NAPI  5.11-2
eth4  00:1b:21:79:ba:94  0000:04:00.0  eth4  p1p1          e1000e  2.3.2-NAPI  5.11-2
eth5  00:1b:21:79:ba:95  0000:04:00.1  eth5  p1p2          e1000e  2.3.2-NAPI  5.11-2


インストール時の状態にリセットも可能っぽい(今回は、Dry-Run)
[root@xs01 ~]# interface-rename --dry-run --reset-to-install
INFO     [2014-05-13 19:20:31] Dry Run - logging to stdout instead of '/var/log/interface-rename.log'
INFO     [2014-05-13 19:20:31] Would copy '/etc/sysconfig/network-scripts/interface-rename-data/.from_install/static-rules.conf' to '/etc/sysconfig/network-scripts/interface-rename-data/static-rules.conf' if not dry run
INFO     [2014-05-13 19:20:31] Would copy '/etc/sysconfig/network-scripts/interface-rename-data/.from_install/dynamic-rules.json' to '/etc/sysconfig/network-scripts/interface-rename-data/dynamic-rules.json' if not dry run
INFO     [2014-05-13 19:20:31] Would write:
# Automatically generated file from /etc/sysconfig/network-scripts/interface-rename.py
ACTION!="add" GOTO="network-done"
# Rules generated from static configuration and last boot data

# Rename unrecognised devices sideways to deal with them later
SUBSYSTEM=="net" KERNEL=="eth*" PROGRAM="/etc/udev/scripts/net-rename-sideways.sh %k" NAME="%c"
LABEL="network-done"
to '/etc/udev/rules.d/60-net.rules' if not dry run
INFO     [2014-05-13 19:20:31] All Done

こんなところにInstall時の設定が退避されるんだね。
見てみよう
[root@xs01 ~]# cd /etc/sysconfig/network-scripts/interface-rename-data/.from_install/
[root@xs01 .from_install]# ls
dynamic-rules.json  static-rules.conf
JSONだって。
MACとPCI BUSとETHで構成されるだけだった。
なお、ファイルの見方は static-rules.confに書いてある。
[root@xs01 .from_install]# more dynamic-rules.json
# Automatically adjusted file.  Do not edit unless you are certain you know how to
{
    "lastboot": [
        [
            "00:1B:21:79:BB:9B",
            "0000:03:00.1",
            "eth3"
        ],
        [
            "00:1B:21:79:BA:95",
            "0000:04:00.1",
            "eth5"
        ],
        [
            "00:26:2D:08:12:78",
            "0000:01:00.0",
            "eth0"
        ],
        [
            "00:1B:21:79:BA:94",
            "0000:04:00.0",
            "eth4"
        ],
        [
            "00:26:2D:08:12:79",
            "0000:01:00.1",
            "eth1"
        ],
        [
            "00:1B:21:79:BB:9A",
            "0000:03:00.0",
            "eth2"
        ]
    ],
    "old": []
}
listくらいしか用途を見いだせなかった。

2014年5月14日水曜日

Appliance Zenoss Citrix XenServer

Appliance Zenoss Citrix XenServer


Appliance Virtual Zenoss 4.2.5 for Citrix XenServer 6.2


XVAファイルで配布してます。
2.5GBほどある。
Appliance版なら500MB前後にしてほしい。
Zenossが好きな方は便利?

XenServer6.2 ) GPU Memory Mapping Issue

How to Resolve GPU Memory Mapping Issues in XenServer
http://support.citrix.com/article/CTX139834
Dom0で
Unix.Unix_error(20, "open", "/sys/bus/pci/drivers/nvidia/bind")
とか出るときは、
BIOSで
Change Memory Mapped I/O above 4GB to Disabled.
しよう。

参考) XenServer Forum
Every 4th guest fails with error 'vgpu exited unexpectedly'
http://discussions.citrix.com/topic/351335-every-4th-guest-fails-with-error-vgpu-exited-unexpectedly/

2014年5月13日火曜日

ChangeLogで見つけたXEN_DOMCTL_* の説明文

http://lists.xen.org/archives/html/xen-changelog/2014-05/msg00096.html
http://lists.xen.org/archives/html/xen-changelog/2014-05/msg00163.html


XEN_DOMCTL_pausedomain:

 A loop over vcpu_sleep_sync() for each of vCPU in the domain. That
 function itself has a loop waiting for the subject vCPU to become non-
 runnable, which ought to complete quickly (involving an IPI to be sent
 and acted on). No other unbounded resource usage.

XEN_DOMCTL_unpausedomain:

 Simply a loop calling vcpu_wake() (not having any loops or other
 resource usage itself) for each of vCPU in the domain.

XEN_DOMCTL_getdomaininfo:

 Two loops (one over all domains, i.e. bounded by the limit of 32k
 domains, and another over all vCPU-s in the domain); no other
 unbounded resource usage.

XEN_DOMCTL_getpageframeinfo:

 Inquiring just a single MFN, i.e. no loops and no other unbounded
 resource usage.

XEN_DOMCTL_getpageframeinfo{2,3}:

 Number of inquired MFNs is limited to 1024. Beyond that just like
 XEN_DOMCTL_getpageframeinfo.

XEN_DOMCTL_getvcpuinfo:

 Only obtaining information on the vCPU, no loops or other resource
 usage.

XEN_DOMCTL_setdomainhandle:

 Simply a memcpy() of a very limited amount of data.

XEN_DOMCTL_setdebugging:

 A domain_{,un}pause() pair (see XEN_DOMCTL_{,un}pausedomain) framing
 the setting of a flag.

XEN_DOMCTL_hypercall_init:

 Initializing a guest provided page with hypercall stubs. No other
 resource consumption.

XEN_DOMCTL_arch_setup:

 IA64 leftover, interface structure being removed from the public
 header.

XEN_DOMCTL_settimeoffset:

 Setting a couple of guest state fields. No other resource consumption.

XEN_DOMCTL_getvcpuaffinity:
XEN_DOMCTL_getnodeaffinity:

 Involve temporary memory allocations (approximately) bounded by the
 number of CPUs in the system / number of nodes built for, which is
 okay. Beyond that trivial operation.

XEN_DOMCTL_real_mode_area:

 PPC leftover, interface structure being removed from the public
 header.

XEN_DOMCTL_resumedomain:

 A domain_{,un}pause() pair framing operation very similar to
 XEN_DOMCTL_unpausedomain (see above).

XEN_DOMCTL_sendtrigger:

 Injects an interrupt (SCI or NMI) without any other resource
 consumption.

XEN_DOMCTL_subscribe:

 Updates the suspend event channel, i.e. affecting only the controlled
 domain.

XEN_DOMCTL_disable_migrate:
XEN_DOMCTL_suppress_spurious_page_faults:

 Just setting respective flags on the domain.

XEN_DOMCTL_get_address_size:

 Simply reading the guest property.

XEN_DOMCTL_set_opt_feature:

 Was already tagged IA64-only.

XEN_DOMCTL_set_cpuid:

 MAX_CPUID_INPUT bounded loop, which is okay. No other resource
 consumption.

XEN_DOMCTL_get_machine_address_size:

 Simply obtaining the value set by XEN_DOMCTL_set_machine_address_size
 (or the default set at domain creation time).

XEN_DOMCTL_gettscinfo:
XEN_DOMCTL_settscinfo:

 Reading/writing of a couple of guest state fields wrapped in a
 domain_{,un}pause() pair.

XEN_DOMCTL_audit_p2m:

 Enabled only in debug builds.

XEN_DOMCTL_set_max_evtchn:

 While the limit set here implies other (subsequent) resource usage,
 this is the purpose of the operation.
I also verified that all removed domctls' handlers don't leak
hypervisor memory contents .
Inspected but questionable (and hence left in place for now):

XEN_DOMCTL_max_mem:

 While only setting the field capping a domain's allocation (this
 implies potential successive resource usage, but that's the purpose of
 the operation). However, XSM doesn't see the value that's being set
 here, so the net effect would be potential unbounded memory use.

XEN_DOMCTL_set_virq_handler:

 This modifies a global array. While that is the purpose of the
 operation, if multiple domains are granted permission they can badly
 interfere with one another. Hence I'd appreciate a second opinion
 here. [Andrew confirms that this being the nature of the operation,
 it's fine to be removed from the list - will be done in a 2nd round.]


XEN_DOMCTL_irq_permission:
XEN_DOMCTL_ioport_permission:

 Of both IRQs and I/O ports there is only a reasonably small amount, so
 there's no excess resource consumption involved here. Additionally
 they both have a specialized XSM hook associated.

XEN_DOMCTL_iomem_permission:

 While this also has a specialized XSM hook associated (just like
 XEN_DOMCTL_{irq,ioport}_permission), it's not clear whether it's
 reasonable to expect XSM to restrict the number of ranges associated
 with a domain via this hook (which is the main resource consumption
 item here).

2014年5月12日月曜日

pvh dom0: construct_dom0 changes

[Xen-changelog] [xen master] pvh dom0: construct_dom0 changes
http://lists.xen.org/archives/html/xen-changelog/2014-05/msg00168.html
PVH対応

This patch changes construct_dom0() to boot in pvh mode:
      - Make sure dom0 elf supports pvh mode.
      - Call guest_physmap_add_page for pvh rather than simple p2m setting
      - Map all non-RAM regions 1:1 upto the end region in e820 or 4GB which
        ever is higher.
      - Allocate p2m, copying calculation from toolstack.
      - Allocate shared info page from the virtual space so that dom0 PT
        can be updated. Then update p2m for it with the actual mfn.
      - Since we build the page tables for pvh same as for pv, in
        pvh_fixup_page_tables_for_hap we replace the mfns with pfns.
Linux 3.14 and PVH
http://blog.xen.org/index.php/2014/01/31/linux-3-14-and-pvh/
It is a hybrid PV - hence the ‘PVH’ name - a PV guest within an HVM container.

2014年5月9日金曜日

2014/5/9のMEMO

Revert "CP-7904 - Remove v6 from xe-toolstack-restart."
https://github.com/johnelse/xen-api/commit/cd2955955a9623778b27edfee96d1708e03c0993
xe-toolstack-restartから外されたv6dのrestartを復活させた


pool.conf: always use the path from the config file
https://github.com/xapi-project/xen-api/pull/1730
pool.conf: Pool_roleの整理


Enable blktap3 in xenopsd.conf
https://github.com/simonjbeaumont/xen-api-libs-specs/commit/4ac4a87b445ba3d651037d393d265901eefe4c53
ちょっと古いけどMEMO
default-vbd-backend-kind=vbd3


64-bit XenServer Tech. Preview On Its Way!
http://blogs.citrix.com/2014/05/07/64-bit-xenserver-tech-preview-on-its-way/


<追記>

OpenSSL関連

Configuring Apache, Nginx, and OpenSSL for Forward Secrecy
https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
いいね!

Implementing SSL Perfect Forward Secrecy in NGINX Web-Server
http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
上のまとめだね。

2014年5月8日木曜日

Disables non-O_DIRECT workaround

[Xen-changelog] [xen master] libxl: introduce an option for disabling the non-O_DIRECT workaround
http://lists.xen.org/archives/html/xen-changelog/2014-05/msg00136.html

Description:           Disables non-O_DIRECT workaround
There is a memory lifetime bug in some driver domain (dom0) kernels
which can cause crashes when using O_DIRECT.  The bug occurs due to a
mismatch between the backend-visible lifetime of pages used for the
Xen PV network protocol and that expected by the backend kernel's
networking subsystem.  This can cause crashes when using certain
backends with certain underlying storage.
See:
http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html

2014年5月7日水曜日

2014/05/07 の MEMO

Red Hat to Acquire Inktank, Provider of Ceph
http://www.redhat.com/about/news/press-archive/2014/4/red-hat-to-acquire-inktank-provider-of-ceph
話題のInktank。
XenServer6.5では、Kernel3.10以降になる可能性が高く、CephやRBDのSRを利用できる可能性が高いのでMEMO。

Hotfix XS61E037 - For XenServer 6.1.0http://support.citrix.com/article/CTX140724

saracota Nightly Build 2014-05-06
http://xenserver.org/overview-xenserver-open-source-virtualization/project-roadmap/2-uncategorised/115-development-snapshots.html
ちょっと追ってる時間が無い・・・。xapiの修正とWindows系のxenvbd/xenbus/xenvifの修正か?


Support multiple xenopsds, running at the same time
https://github.com/xapi-project/xen-api/pull/1723


PHPStress: DOS for Apache / NGINX servers running PHP-FPM or PHP-CGI
https://www.nightlionsecurity.com/blog/news/2014/04/phpstress-dos-attack-php-nginx-apache/
設定値の話。



MEMO:
tapdisk (in any of its versions) is not available on NetBSD

2014年5月6日火曜日

答え)XenServerについてのクイズ

問題:これは何でしょう?
rio,
miami,
symc,
orlando,
george,
midnight,
cowley,
boston,
sanibel,
tampa,
tallahassee,
clearwater,
sarasota,


答え:XenServerのプロジェクト名
rio, version = "4.0.0"
miami, version = "4.1.0"
symc, version = "4.1.0"
orlando, version = "5.0.0"
george, version = "5.5.0"
midnight, version = "5.6.0"
cowley, version = "5.6.100" ※XenServer5.6FP1
boston, version = "6.0.0"
sanibel, version = "6.0.2"
tampa, version = "6.1.0"
tallahassee, version = "6.1.1"
clearwater, version = "6.1.2" ※XenServer6.2
sarasota, version = "6.5.0" ※XenServer6.2.5 / XenServer6.2.50

<追記 2014/5/20>
この情報は、2013年6月のもので、古かったです。
https://github.com/Zhengchai/xenadmin/blob/4100f506ca2b832ff0c207bbaaeca93a68b7e0af/XenAdminTests/XenModelTests/TestAPICallVersions.cs

2014年5月4日日曜日

XenServer 6.5 saracota ) CPU Performance Monitoring Unit

Xenでの話はこれ:
Re: [Xen-devel] Virtualization of the CPU Performance Monitoring Unit
http://lists.xen.org/archives/html/xen-devel/2012-04/msg00499.html

サポート状況を確認してみる。
XenServer6.2 Dom0 では、
[root@clearwater ~]# dmesg | grep "Performance Events"
[root@clearwater ~]#
出力なし
[root@clearwater ~]# cat /proc/interrupts | grep "PMI"
[root@clearwater ~]#
出力なし

XenServer6.5 Dom0 では
[root@xs625test ~]# dmesg | grep -i "Performance"
[    4.520424] Performance Events: running under Xen, no PMU driver, software events only.
あ、CPUがAMDだった。
https://github.com/xenserver/linux-3.x.pg/commit/773c3cec4800d0642d4e1cdef8395f0b89fd0d3f
一応、こっちでも確認。
[root@xs625test ~]# cat /proc/interrupts | grep "PMI"
PMI:          0          0          0          0   Performance monitoring interrupts
環境があればいけそうね。
Intel CPU環境で試さないとダメかぁ・・・


ちなみに、Perfのpmu-toolsはココ
https://github.com/andikleen/pmu-tools

2014年5月2日金曜日

vTPM Manager

Virtual Trusted Platform Module (vTPM)

http://wiki.xen.org/wiki/Virtual_Trusted_Platform_Module_(vTPM)


[Xen-changelog] [xen master] vtpmmgr: add TPM group support
http://lists.xenproject.org/archives/html/xen-changelog/2014-05/msg00006.html

+================================================================================
+Overview
+================================================================================
+
+This document describes example platforms which use virtual TPMs to provide
+security properties for guests running on the platforms.  There are several
+tradeoffs between flexibility and trust which must be considered when
+implementing a platform containing vTPMs.

いわゆるDiskイメージの暗号化。
これに合わせて、各方面も修正されてます。
vtpm=["backend=domu-vtpm"]
みたいな感じで指定してやればいいのね。
unsecureDiskイメージを、TPMなDiskイメージに変換するやり方も書いてある。

これで、VMのDiskイメージを安全に破棄できるね。

早速使ってみたいけど、お休みモードなので、後で調べるリストへ。


2014年5月1日木曜日

Ubuntu 13.10 hangs on boot... with a twist!
http://discussions.citrix.com/topic/350992-ubuntu-1310-hangs-on-boot-with-a-twist/

私はUbuntuのこと何も知りません。(だったら書くなよ)
でもメモっとくと後で便利なので。

投稿した人は、
plymputh graphical managerが原因ぽいので、
UbuntuのGRUB configから下記を消したら問題なくなったとのこと。
GRUB_CMDLINE_LINUX_DEFAULT="splash quiet"

他でググってみると、
$ sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="splash quiet text"
$ sudo update-grub
$ sudo reboot
と、textを追記してもいいみたい。

なお、Cirtix的には、こんな似た事例があったよ。
Error:
"Applying Intel CPU microcode update: FATAL: Module microcode not found.
ERROR: Module microcode does not exist in /proc/modules"

Resolution:
/sbin/service microcode_ctl stop
/sbin/chkconfig --del microcode_ctl

なので、microcode_ctlもdisableにしたほうがいいみたい。
まぁ、microcode_ctl をDisableにできるのなら、Disableにするのが通常ですが。