[TriLUG] Xen: Identifying Host from Guest
Andrew Ball
anball at gmail.com
Fri May 11 00:14:25 EDT 2007
Yes, I don't see any really good reason why a domU shouldn't be allowed to
read the UUID of it's dom0. A lot of people didn't like this idea due to
security concerns, but I'm not sure what they are.
On 5/10/07, Greg Cox <glcox at pobox.com> wrote:
>
> On Thu, 10 May 2007, Robert Dale wrote:
>
> > I think the problem here is that you're trying to break the separation
> > of concerns. A guest really shouldn't care or know who is hosting it.
>
> I disagree, and I think that's a short-sighted approach. I think it's
> quite valid for a guest to be able to ask both "Am I a domU, a domO, or
> plain vanilla?" and, as an extension, "Oh, I'm a domU? Who's my host?"
(1) does /proc/xen/capabilities exist
(a) yes? if it has control_d, i'm a dom0, otherwise i'm a domU
(b) no? i'm neither a domU nor a dom0
if a domU, /sys/hypervisor/uuid gives the UUID. The dom0 knows all of the
UUID's of the virtual systems hosted on it. Correlation can be done by
talking to the dom0 if it has something like a CIMOM on it -- see the
Xen CIM provider work:
http://wiki.xensource.com/xenwiki/XenCim?highlight=%28cim%29
Let's say I have a domU that, through the magic of the domU's filesystem
> being on a snapmirrored filer volume and good networking convergence,
> can end up being cold-failed off to a DR site. Some backup software,
> which magically survives this meteor strike, calls up the agent on the
> relocated domU and says, "Time for your backup!" I would love to have
> the agent do some noodling on its own and say, "Aw, mom! I'm over at
> Timmy's, and it's no longer a bored GbE utility network between us,
> it's single 100Mb MetroE, and I bet production ops are more important
> than weekly fulls, so, I want to say No to everything but Oracle
> archivelogs."
Why not do that noodling outside of the domU? I agree that having more
of a bi-directional relationship or more exciting domU/dom0 interactions
would be neat, but must be done carefully. That sort of detailed
environmental
knowledge is often more appropriate in control partitions and systems
management
servers, imho.
> The host already knows what guests it has, so query that. You could
> > build or use a management app to control all this. Then if your guest
> > really needs to know where it is, it would then query the manager.
>
> Let's say I have a domU that wants to run a hog process, as long as it
> won't affect other domU's on the dom0. Having it figure out "I'm on
> node3, let me poll node3 for how my same-box-brethren are running"
> shouldn't be so hard. Some sort of readonly(-if-dom0-allows) out-of-band
> access to the hypervisor. I don't even necessarily want this available
> by default, but not having access to, say, uname of the host (even if
> that's not guaranteed unique), is potentially limiting.
Agreed. Just needs to be done very carefully.
Peace.
Andrew
Both of these scenarios could be worked out through other means, I fully
> admit, so, nobody really needs to come up with "well you could do it like
> THIS." It just seems like there are cases where knowing something about
> your dom0 could make admin life easier.
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
--
=======================
Andrew D. Ball
勃安足
More information about the TriLUG
mailing list