 Yes, some words about me. I'm using Linux since nearly ten years now work as a software developer and Remember mainly of the fight team in Debian Yeah, not too much about that Yeah Debian contains a lot of virtualization packages for all the types of virtualization available there this is I Will tell something about each type of them. There is the hardware emulation it's about Emulating the interface of a specific hardware fully in software The good about this is that you can run unmodified software and operating systems inside Without too much problems The bad thing is that it's most often very slow Because every processor operation needs to be emulated In Debian there are a lot of packages there from Atari emulators to ZX Spectrum About power PC and x86 and spark stuff Yeah, most common examples might be QEMU emulator for a lot of different architectures It can run very fast if you use KQEMU, which is finally GPL and available in Debian unstable now Yeah, easily to install with module assistant and Yeah, there are even some guise for QEMU who likes for people who like that There are Mac emulators in Debian and a palm pilot emulator where you can run the palm rum discs to develop palm software and gameboy emulators for Those who like these small nice playing devices The next flavor is operating system emulation This means the software has to emulate the API of a specific operating system Yeah, this is not as CPU consuming as to emulate a full CPU The bad thing about this is it's not So easy to emulate the full API of another OS Especially yeah, the example wine for Windows. It's not so easy to reprogram all those funny DLLs you have in Windows Yeah, or does Yamu and Yeah, the next type of virtualization is operating system level. This means there is a controlling layer between the interfaces of the kernel and the actual software user space programs The nice thing about this is also it's very performance efficient The bad thing is you cannot run different kernels or stuff You really have to use one kernel and this interface and this version So examples are the server and open VZ. I Don't know. I think there are no other examples in in Debian But these are the most important and they are very used by very many people Yeah Yeah, the next thing is para virtualization para virtualization means You need a modified operating system to run on hypervisor and Yeah, also interest also the good thing about this is it's quite fast if you don't have to emulate anything The bad thing is you have to rewrite the OS or Not the whole OS, but you have to modify parts of it to Communicate with the hypervisor instead of doing privileged operations Directly on the hardware. Yeah, what we have there is UML user mode linux Some people say this is no para virtualization. I would rather put it into this category also many people use it And the other one is Xen Which is also in Debian there will be much more about this later. Yeah The newest stuff in this area of virtualization is hardware supported virtualization This means the software uses hardware supporting features and you are kind of newer CPUs This has the positive thing that there is no need to modify guest operating systems and still have quite fast virtualization The downside is this is very new. There are not It's not long that you can buy processors for this and therefore the software in this area is not always so Nice working as you want it. Maybe What we have there in Debian stable. There is Xen which can do it Again much more about this later and in unstable. We have KVM Which is hardware supported virtualization Directly put into the linux kernel since I think two six twenty something about that You can test this very easily in the GRML live CD also Debian unstable based If you want to get a look at this. Yeah What we have about Xen in Debian There are the base packages, which is the minimal stuff you need to to run Xen instances Yeah fastest way to install Xen on Debian is installing the Xen linux system Kernel version minus Xen minus flavor packages. Yeah, you can see there are some Flavors available. You have to choose what what is fitting your best This package depends on everything you you need basically Yeah, then there if you look deeper into it, there is the hypervisor, which is the core of Xen system. This is the stuff of Software that runs Directly in this is the first thing you start when you start the Xen system. It started in the processor ring one and it's responsible for Controlling all the stuff. Yeah, then there are Xen linux kernels And they have to be modified to talk to the hypervisor Yeah Also available in the different flavors Yeah, if you want to run the hardware virtualization, you will need Xen I owe emu package This gives you the hardware virtualization support and In my opinion, it's not already that stable that has nothing to do with the Debian packages This has to do that with the stuff that even in upstream in 303. It's not that stable as you wanted Maybe to use for production or stuff. So in my experience, it's a bit sloppy to use Yeah, Xen utils is just A control tools the Xen daemon, which is the tool to talk with the hypervisor and to control all the domains and what you also need is the modified lip see because then has a problem with TLS libraries with older ones and yeah, therefore you want to install lip see six six minus Xen As well as on the host as on guest machines To have it work in nice. Yeah, there's a doc package which only contains the upstream docs They are interesting to To get the basics about Xen and how it generally works But there are many examples which are not exactly up to date also not a problem of Debian It's in the upstream that it's not so very well Up to date Yes, what's coming in Debbie and unstable Xen related stuff is yeah 304 is just uploaded currently. There is no Colonel available for Xen and unstable because the patches need to be ported to a Colonel version higher than 20 which is not yet available maybe Guido Trotter knows more about this or He's maybe working on this or we'll help with this We can talk about this later Okay Yeah, for now there's work in progress for having some Xen support in Linux 2.6 23, but that's only for guest domains and there's really no real Solution or there's no real patch for newer kernels and domain zeros for now at least we're working on that but there's no Clean set of patch we can apply so Debian actually dropped Xen support in unstable for kernels And we'll see how things develop hopefully before we have to release Yeah, we'll see what happens So this has mainly to do these problems have mainly to do that Xen is hard working to get into the mainstream kernel which is not yet the case and Yeah, I Just can guess but I guess that the Xen developers are not working on outside kernel patches But to work on the power bird of stuff which has to go in the mainstream and therefore they probably don't provide these patches now Yes, let's look at some management tools we have in Debian for Xen We will go into the details of this later. I just introduced them There's for one Xen tools, which you can combine nicely with FAI fully automatic installation a GUI Xen men a shell for controlling it and a thing that generates graphics graphical Performance stats and has a soap API, which I did not test yet Some generic stuff We have there Yeah, already mentioned fire which is class based automated installations you can use very nicely to install your Xen domains You can install directly into a directory which you have mounted you can do net install of Xen domains and you can install hardware virtual machine based domains With a CD There's RPM strap which helps you to bootstrap RPM based distributions often if you use virtualization you want Some people want to use other distributions It's a bit outdated. It hasn't script for very new RPM based distributions. Therefore, you can just use yum It Works more like the bootstrap and it's more flexible and you can install the newest versions of other distributions like to the for Susie. It's a bit hard to find the basic basic package list But fedora works very straightforward then there is mh ch I didn't use that but it's also and didn't test that very much But it's also used to make change routes of different distributions. For example RPM based ones Yes details of Xen tools Xen tools is a very simple and pure command line tool written in pearl by Steve Kemp Yeah, mainly consists of two important commands, which I will show later. It's very easy to install you have just just a few simple configuration options to to run and It's very flexible. You can use a main config file combine it with some presets files and Overwrite some of these again with some command line options. So you are very flexible if you're using this You can set your standards and overwrite them and stuff. I yeah It's also flexible in types of installations. It does It creates the config files it creates block devices as you configure it and it can Install the guest systems either with the bootstrap with RPM strap. You can copy from already images that are already there Yes very flexible and it has custom role scripts so you just don't just do a Simple the bootstrap without anything and do everything else by hand, but you can write a script that Customizes what you want and you can define these roles for At your own will what's not what's a bit lacking is you can only define one role per system with Xen tools Yeah, therefore we combine. I like to combine it with FII because then you have classes And can combine many classes on one system and reuse them very well Yeah And send tools is very easy to install just up get install Xen tools If you want a very latest version go to the CVS it can build depths very easily because it's made by a WN developer And It has one config file. There are five simple main options you want to set with decent defaults as far as I remember and Only thing then you might want to create a directory where to put Image files into our volume group where you want to put your image where you want to put your file systems into Yeah usage is very straightforward You create and install a VM by a say Xen create image minus minus host name for example Xen tools test here you can delete it with a very similar command and Yeah, if you want write role scripts or stuff like that. It does automatically the needed modifications Which need to be in the configuration of guest systems there are very small things editing the Init up stuff because you don't have you only have one console in Xen domain Not six which are trying to be started normally Yes, if you want to do more complex stuff combine it with a fire directory install there is just one simple five line role script which you put into the Xen tools config then a fire directory installation can be run We will not cover this because fire is covered in a later bof and If you want to know more about this talk to Thomas Lange about this or to me Yeah, but to combine Xen tools with FAI I Already said about the upsides the only important thing you want to do then is say no install one In the Xen tools config for the host you want to install I just wrote to Steve camp that we might better say install one or install zero that might be more logical Instead of doing it that way inverting it And then yes, you have this It's five lines. You have the five line script to To run the installation with five then which is the role script in Xen tools then it has to configure like a road script then Yeah What will be the future of Xen tools? Funnily I found there are many Words related to Microsoft and if you want to look into the future Yeah, I would look or a vista What will we see in Xen tools in the future? There will be work on getting more complex partitioning schemes and don't use the Xen traditional way of Putting a file system directly on one block device without partitioning it and handing a single partition over to the guest This has been done in Xen for a while, but it's not a really nice way You want to hand over full block devices to a guest system? This cannot be done yet with Xen tools and but Steve camp is working on this Yes Then the installations with with yum instead of rpm strap. It's not yet possible, but it's just a simple call and The work on this is also starting if you use Xen tools or start to use it and have good ideas on what to improve My experience is that wish list bugs are closed in a matter of two hours Maybe on a weekend it might take two days if Steve is doing something else Yeah, very positive, I like this tool very much and it's very well cared of The next thing is Xen men for people who like Graphical systems Xen men is a start to to control Xen domains graphically Currently the most important things you can use it for is starting stopping domains and Connecting to its console and look some performance data. How much RAM CPU is used stuff like that There is not much more to it They say they can do provisioning There are also buttons in the GUI to click on But I don't have very good experience with it. So the in the Xen men that is in Debbie and stable. I Don't see this really working There is an example of Fedora anaconda installation, which I could not get to work. So You might your mileage may arrive Yeah, but if they Aren't getting it right. It might be quite interesting. There is a new version of it And they completely reworked this installation system and they even documented it now, which was not in the stable version in edge I did not try it. It looks quite interesting. You can do a lot of stuff and yeah, if you like to Graphical tools it might be good Also remote management this tool is set to be able to do remote management I couldn't get this to work. This might change with a decent Xen remote API which is coming from upstream side Next interesting thing Xen shell also written by Steve camp He seems to do nothing, but writing tools that can be used for Xen There's very lot of time for this Interesting thing it's a shell which is bound to an SSH log in And you can configure a Xen domain to be Controlled by a specific SSH user. So but if this user locks in via SSH He doesn't get a normal log in shell, but he gets into Xen shell He can then select which Xen instance he wants to manage or control and then he can do some stuff He can connect to the console start stop reboot it check its status I'm not sure if Reinstallation is already possible. Maybe this will come with Xen tools for example Yes This is only an unstable yet It can be I think you can just put it from pull it from unstable and install it because it has not so many Dependencies otherwise just pull it out of CVS Install it. It's easy to make a debian package. Yeah other things which Steve pointed me to I did not try them yet Public key authorization with reverse DMS which is Disabled automatically. Yeah very straightforward also very positive tool You just install it and it just works Like we want it and it looks like this. They are also screenshots for it I'm not sure if you really can read it But if you're using Xen it takes 10 minutes to try it out and install it and get to the screen you just saw Another thing coming in unstable now is DTC scale Xen This is a module for the DTC Manage hosting management console which seems to be a very complex stuff for for management hosted management I Did not Get to really install DTC because it's yeah complex and you need quite some time. I think DTC Xen for one provides a soap interface for this DTC console So you should be able to control Xen domains instead of only normal web hosting stuff with it And it generates some nice performance graphics. So if you have some users who want to see performance graphics about their domains This is very simple with DTC Xen Yeah, it's just installed with up-get installed Immediately after installation you can see these graphics which I will show soon. I did not yet test this soap API So I cannot say if it really works and is interesting, but these nice graphics is What you get in a matter of minutes one downside is There are maybe only two scripts in the package which you would need to get this and there's a lot of more Stuff so if you don't want to use the soap API you might to Pull out these two scripts instead of installing the whole package. It has too many dependencies then Yes Another thing in Debian which I also did not test at all Maybe Ian Jackson might want to talk about this or can tell you something is also there and you can ask him two questions or Yeah Auto package test Xen LVM LVM. I Guess it's there. Do you want to say some word about it? So mainly what this particular packages it's a Set a script for automatically setting up disposable guests So what it does is it runs the bootstrap and it it boots the the VM and gets it to a working state and then it freezes it both the file system and the Zen image and Then you can constantly resume it make some changes to it and every time you're done with it You just throw it away and you don't need to undo your changes because the it's using Dev mapper Copy on write devices and it throws away the Zen image And I'm using it for package testing, but you could use it for really anything that that seemed useful for Yeah Yeah, I guess it's similar to P builder UML. I'm not sure if this is yeah, I see a nod Okay Here other stuff that might be interesting which is not yet available in Debian, but might be sooner or later There's word manager and lip bird, which is fedora developed stuff one on the one side a GUI to control similar to Xanmen and Library for generic virtualization management, so lip bird just plugs an API between Specific virtualization implementation so you can control them with a simple with a standardized interface instead of having to write tools for every implementation It's work in progress there are some ITP site for it and Yeah, there is an SVN repository for one guy already working on building packages for it Also, I did not find time to really test it. I tested word manager on on Fedora once and I think it might need some more time to get more stable and nicely working But very similar to Xanmen. I guess I would say Yes, another interesting thing is open QRM, which is a data center management console Very powerful maybe even quite comparable to HP open view and other stuff like that, but it seems to be the only one in this category of software and in this Quality and capability that is really GPL There are depth packages for it But I heard the developer of them saying they are not very well yet Not well done and I should rather use the sources when playing around with it Another thing that is coming up is Argos also a tool made by Steve Kemp again He does nothing else but writing tools for Xan It's a rewrite it's a bit often protocol and clients to remote control Xan instances written in Ruby and Yeah, you can Also control stuff see performance that takes reinstall Things we will see what's coming. He already implemented another version of it, which was called Argo But now this will be the new thing Yes Even less Debian related exactly for those people Interested in Xan in general What can we expect? in Xan 3.1 which is now the current stable upstream version and There are also Debian packages available, but not an unstable yet Most interesting maybe Yeah, HVM support is more stable and getting even more stable now You can even save restore migrate these domains, which was not the case before Finally Xan source decided to put Stable API to control Xan stuff, which is can be remote controlled via HTTP It's XML RPC based and Yeah, I think this will be the way to write more third-party tools for Xan because until now Their interfaces and remote interfaces change quite often and was never stable. This is not very motivating to write third-party tools for it. I Think this will be very stable and yeah, there are even working on rewriting their own basic control tools to only work via this API With this also comes that you have XML config files some people like it some not I'm not yet sure if this is Positive or negative or just no really important change. So They introduce lifecycle management You can't start a configuration of a domain inside of Xan D. I'm not yet sure what this is good for because As long as you don't have a central management server and access these from every Xan host in a cluster, maybe Yeah, in my opinion it more causes confusion because when I start something I want to I wanted to have used the configuration file that lies in the file system not something that is Stored in some internal database. We will see what's coming there Open source Xan is often testing bad for For stuff and it's not always very well Tested and very positive what's in there, but yeah, they test things there and Some things are thrown out if they don't work. I get the impression sometimes Yes, even more in the future of Xan Maybe with the introduction of the Xan API There will Python based config files you have now they might vanish But you will be able to replace them by just write your own config scripts and use Xan API It's a bit sad because I like these Python config files. They are very interesting to do some funny stuff with They're working on pluggable security modules of different types To control some security related stuff What's also coming is 3d acceleration in guest domains? There's a protocol developed at some Canadian University Which makes it possible? Yeah to to use the hardware acceleration of the host in a guest domain There exists working code and I Saw quite interesting things. So I I don't have numbers, but you could really play 3d games with Not many less frames per second than on the host on the real host Yeah, a CPI support is getting better and better Maybe once we can really use Xan on the desktop and still get Suspend and hibernate stuff working Yeah, and a lot of work is put into Supporting newer CPUs and data center specific hardware for yeah For high performance Hardware stuff That's what you see if you go to the Xan summit and see what they are talking about Yes One last thing I tested a lot Xan on different distributions and I tested a lot of running other Distributions on the host distribution Yeah, Debian is one of the the best things you can use as a host there So there is no not many problems to run Zuzo or Fedora on Debian host The other way around It's not always that funny. So you have most troubles with Fedora If you're using their kernel what what's you're used to most often you you are used to use the kernel that comes with the host System and call it from the use it from the host file system You don't want to do this with Fedora because it just doesn't work You want to use the Debian kernel to start a Debian domain on Fedora Yeah, with Zuzo it's similar but Zuzo was not that hard surprisingly The other thing to bootstrap Debian on other distributions just install the bootstrap Install it from source or convert the package with alien The only thing you have to think about is you have to do is Define the arc because otherwise the bootstrap tries to get the arc with deep package, which is not available Yeah, the same goes for Xen tools and Xen tools also have an option to set the arc for the bootstrap Yeah That's everything last thing I do I just can thank the developers who do this great stuff also as well as in Debian as the Xen developers and Some people who gave me last tips for this talk That's it any questions This is not maybe a question just for you, but possibly for others There is a nice thing called Xen vNet in Xen upstream. It's currently disabled and doesn't work I started some work to make it work But I'm wondering if anybody knows anything about its status or if it's broken beyond repair or If anybody knows anything As far as I understood mostly a question about a feature you have an upstream but which is not yet this Enabled in Debian packages and it's even disabled upstream It's even disabled upstream Yeah, I can only yeah You can ask Guido Trotter or other people of the Xen package packaging team if this will happen And I think things that are disabled even in Xen upstream That might have a reason so they might not be as stable I know it's currently unmaintained, but I just wonder if anybody know knew anything about it. If no, okay I don't I didn't test these things Until now so the same goes for there is a security extension in Xen It's called S-hype