[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] is it possible to build two privileged domain at boot time?

  • To: "文成建" <wenchengjian@xxxxxxxxxxxxxxx>
  • From: "Derek Murray" <Derek.Murray@xxxxxxxxxxxx>
  • Date: Fri, 30 May 2008 10:30:26 +0100
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 30 May 2008 02:30:47 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=wNs6uVrDE70YmN4fSxUtoSj+P1x3mmCx1MiHdN3pAnRzbVDG3IBXXbkaoX2hm/ExPuzNkva6AiYLrMVUfo5A6oJ5HdEnqM6xKdUVDsuncUDb7932ahapIKc9E0XE4dDi/FZo9592jfQFGE72lz7tEpT/uTaO5Sroao9/2xCyF6s=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Hi Dowen,

It would be possible to create two privileged domains at boot time (by
modifying the hypervisor to make it possible for the domain builder to
create more than one initial domain; or you could add a privileged
hypercall to make other domains privileged, and modify the domain
builder in Dom0). However, I'm not sure that this is what you would
want for your purposes.

If Dom0 crashes, it typically brings down the whole physical machine,
because Dom0 is responsible for managing various parts of the physical
platform. Therefore, I don't think it would be straightforward to
perform failover to a second Dom0 in the event of the primary Dom0
crashing.

Perhaps a better idea would be to have a stripped-down Linux that acts
as Dom0 for managing the platform, but which has no user-space
applications or device drivers (and therefore would be much less
likely to shut down unexpectedly). Then you could use PCI device
passthrough to a second privileged domain (say, Dom1), which then runs
the management software and hosts the physical device drivers.
Although it wouldn't be bulletproof (since a malfunctioning device
driver could probably still hose the entire system, unless you use
VT-d or similar), you could probably restart Dom1 if it crashed. You'd
need to modify some of the tools to make things like XenStore (which
holds configuration details for the domains) persist across reboots.
You might also benefit from looking at the domain save/restore code so
that, if Dom1 crashes, all domains would be paused while it is
rebooted, and restored when it is running again.

Regards,

Derek Murray.

On Thu, May 29, 2008 at 5:55 PM, 文成建 <wenchengjian@xxxxxxxxxxxxxxx> wrote:
> Hi All,
>   I am not very familiar with xen details. Now I am thinking of building two
> privilged domain(domain 0 not driver domain) at boot time.
> The other question is that wether i se
> when domain 0 is shut down  unexpectedly another domain 0 can run at once.
> Maybe it is absurd. I am looking forwards to your suggestions.
>
> Regards,
> Dowen
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.