It's no secret that Theo is no fan of virtualisation. Nonetheless I've been running OpenBSD as a Xen DomU for years and it works pretty well for the most part.
I understand that Theo's primary criticism is that people try to make a strained case that running multiple VMs increases security whereas the fact is that adding a hypervisor just adds more complexity with more bugs and more opportunities for exploitation. Hard to argue with that point of view, but for me it's about the convenience of being able to run many instances of OpenBSD, some i386, some amd64, for hacking or for hosting my own little services on my LAN behind my firewall (which is a physical Soekris net4801 also running OpenBSD). Xen gives me convenience, makes it easy to maintain backups of my images, cuts down on noise, power and cost of running lots of individual physical machines.
For a long time I've been running a slightly patched i386 GENERIC kernel. I found that under heavy load (building OpenBSD release sets) it would occasionally panic. I recently enabled the QEMU APIC and found that the i386 GENERIC.MP kernel worked fine with two CPUs. So far no crashes.
I've also been running the amd64 GENERIC kernel and never had a crash with that, with or without the QEMU APIC enabled. However the GENERIC.MP kernel fails to boot with more than one CPU. I haven't made much progress understanding what the cause of the problem is yet.
When I have some, I'd like to dedicate time to creating PV drivers for OpenBSD/Xen to improve performance. The first thing I'd like is the ability to force time to resync after the guest has been restored from a saved state.
No comments:
Post a Comment