ia64/xen-unstable

view docs/misc/xend.tex @ 18788:07d0be88571f

hvm: fix single stepping on debugger

The debuggee domain will die with unexpected trap
on single stepping of emulated instruction.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue Nov 11 11:47:03 2008 +0000 (2008-11-11)
parents 3798ec84431d
children
line source
1 % -*- mode: LaTeX -*-
2 \def\seca{\chapter}
3 \def\secb{\section}
4 \def\secc{\subsection}
5 \def\secd{\subsubsection}
6 \def\refa{chapter}
7 \def\refb{section}
8 \def\refc{section}
9 \def\refd{section}
11 %\def\seca{\section}
12 %\def\secb{\subsection}
13 %\def\secc{\subsubsection}
14 %\def\refa{section}
15 %\def\refb{section}
16 %\def\refc{section}
18 \documentclass[11pt,twoside,final,openright]{report}
19 \usepackage{a4,graphicx,setspace}
20 \setstretch{1.15}
22 \begin{document}
24 % TITLE PAGE
25 \pagestyle{empty}
26 \begin{center}
27 \vspace*{\fill}
28 \includegraphics{figs/xenlogo.eps}
29 \vfill
30 \vfill
31 \vfill
32 \begin{tabular}{l}
33 {\Huge \bf Xend} \\[4mm]
34 {\huge Xen v2.0 for x86} \\[80mm]
36 {\Large Xen is Copyright (c) 2004, The Xen Team} \\[3mm]
37 {\Large University of Cambridge, UK} \\[20mm]
38 {\large Last updated 30 August 2004}
39 \end{tabular}
40 \vfill
41 \end{center}
42 \cleardoublepage
44 % TABLE OF CONTENTS
45 \pagestyle{plain}
46 \pagenumbering{roman}
47 { \parskip 0pt plus 1pt
48 \tableofcontents }
49 \cleardoublepage
50 % PREPARE FOR MAIN TEXT
51 \pagenumbering{arabic}
52 \raggedbottom
53 \widowpenalty=10000
54 \clubpenalty=10000
55 \parindent=0pt
56 \renewcommand{\topfraction}{.8}
57 \renewcommand{\bottomfraction}{.8}
58 \renewcommand{\textfraction}{.2}
59 \renewcommand{\floatpagefraction}{.8}
61 \setstretch{1.15}
63 \seca{Introduction}
64 Xend is the control daemon used to manage a machine running the Xen hypervisor.
65 Xend is responsible for creating and destroying domains and managing their
66 resources, such as virtual block devices and virtual network interfaces.
68 Xend exists because the Xen hypervisor itself only manages the memory image
69 of a domain and its scheduling. Xen provides the event channels that connect
70 a domain to its devices, but is intentionally not involved in setting them up.
72 Xend runs as a daemon in the privileged domain 0 and uses a low-level api
73 to communicate with Xen via the domain 0 kernel. Xend exports its control
74 interface to its clients using HTTP. Most programming languages have
75 HTTP client libraries, so this interface can be used from most popular
76 languages, for example Python, Perl, C, Java.
77 Xend itself is written in Python, as are most of the Xen tools.
79 The xend interface is intended to be a complete interface for the creation
80 and management of domains. It supports domain creation, shutdown, reboot,
81 destruction, save, restore and migration.
83 When xend creates a domain it creates the domain memory image and communicates
84 with the device driver domain(s) to configure the devices for the domain.
85 This sets up connections between the domain and backend device controllers
86 in the driver domain. When a domain shuts down its memory image cannot be fully released
87 unless its backend devices are released and disconnected. This is done by xend.
88 In order to protect against loss of this information when xend is restarted,
89 xend maintains a persistent database of domain configurations. This allows
90 xend to be stopped and restarted without loss of configuration information.
91 For example, in order to upgrade the xend software.
93 \seca{Domain lifecycle}
94 \secb{Domain creation}
95 Xend is instructed to create a domain by posting a domain\_create message to it,
96 containing the domain configuration to be instantiated. The domain configuration
97 is in sxp format and is as far as possible {\em fully-bound}, that is, all
98 parameters are fully-specified. The domain configuration is saved in the filesystem
99 so that it can be reused later if necessary.
101 The domain configuration specifies the domain name, memory size, kernel image
102 and parameters, and all the domain devices. Xend uses the Xen api to create
103 the domain memory image, and then {\em builds} the memory image for the domain
104 using the kernel image. At this point the domain exists, but it cannot be run because
105 it has no devices. Xend then communicates with the device driver domain to create
106 the configured devices. Once the devices are created it sets up event channels
107 for them between the driver domain and the new domain, and notifies the new domain
108 that its devices are connected. At this point the domain can be started.
110 Xend is also responsible for managing domain consoles. When a domain is created,
111 xend sets up a console event channel to the domain, and creates a TCP listening port
112 for the domain console. When a connection is accepted to the port, xend
113 connects input and output for the port to the domain console channel.
115 \secb{Domain destruction}
116 When a domain terminates, because it has been shutdown or it has crashed, the
117 domain resources must be released so that the domain memory image can be
118 finally removed from xen. Xend monitors the domains, and is also signaled by
119 xen (using a VIRQ) when a domain exits. Xend examines the domain states and
120 determines which domains have exited. It then communicates with the driver domain
121 to release the devices for exited domains. Xend also closes any open console
122 connections and removes the TCP listeners for exited domains.
123 Once all devices have been released it instructs xen to destroy the memory image.
125 \secb{Domain restart}
126 Domain restart is the xen equivalent of a machine reboot. When a domain
127 exits because it has been shutdown in reboot mode, its exit code is reboot.
128 When examining domains to find those that have exited and destroy them,
129 xend detects those that have exited for reboot and does not completely destroy
130 them. It disconnects all their devices, and detaches the console listener
131 from its channel to the domain, but does not close it. Instead it schedules
132 a call to rebuild the domain from its configuration. This proceeds almost
133 identically to creating the domain, except that the console listener is
134 reused and connected to the new domain. This allows existing console
135 connections to remain connected across a domain restart. The restarted
136 domain keeps the same name and domain id.
138 The determination of when to restart a domain is in fact slightly more
139 complex than described above. A domain is configured with a
140 {\em restart mode}. If the restart mode is {\em onreboot}, the default,
141 restart happens when the domain is shutdown normally and
142 exits with code reboot. If the restart mode is {\em never} the domain is
143 not restarted. If the restart mode is {\em always} the domain is always
144 restarted, regardless of how it exited.
146 In order to prevent continual domain crash causing restart loops, xend
147 has a {\em minimum restart time}. Xend remembers when a domain was last
148 restarted and will fail a restart that happens inside the minimum
149 restart time.
151 \seca{Devices}
152 \secb{Virtual network interfaces}
153 Each virtual network interface (vif) has 2 parts: the font-end device in its domain,
154 and the back-end device in the driver domain. Usually the driver domain is domain 0,
155 and there is a linux network device corresponding to the vif. The linux device for
156 interface N on domain D is called vifD.N. When a packet is sent on the vif in the
157 domain the packet is received from the linux device. The linux devices are connected
158 to network interfaces using ethernet bridging.
160 The default setup is a bridge xen-br0, with eth0 connected to it, and the routes
161 for eth0 directed at xen-br0. This is controlled by the xend network setup script,
162 default {\tt /etc/xen/network}, which is run when xend starts.
164 When the vifs for a domain are created, a vif control script, default {\tt /etc/xen/vif-bridge},
165 is run to connect the vif to its bridge. The default script connects the vif
166 to xen-br0 and optionally sets up iptables rules to prevent IP address spoofing.
167 The bridge a vif is connected to can be defined in its configuration, and this is useful
168 for setting up virtual networks using several bridges.
170 \secb{Virtual block devices}
171 Virtual block devices in a domain are interfaces onto back-end device drivers
172 that export physical devices to domains. In the default configuration the back-end
173 driver is in domain 0 and can export any linux block device to a domain. This includes
174 physical disk partitions, LVM volumes and loopback mounts of files. In fact anything
175 that linux can represent as a block device can be exported to a domain as virtual
176 block device.
178 \seca{Xend invocation}
179 Xend is started (by root) using the command
180 \begin{verbatim}
181 xend start
182 \end{verbatim}
183 Xend can be stopped using
184 \begin{verbatim}
185 xend stop
186 \end{verbatim}
187 Xend must be started before any domains (apart from domain 0) can be created.
188 If you try to use the {\tt xm} tool when xend is not running you will get a
189 'connection refused' message.
191 \secb{Xend configuration}
192 Xend reads its own configuration from {\tt /etc/xen/xend-config.sxp}, which is
193 a sequence of s-expressions. The configuration parameters are:
194 \begin{itemize}
196 \item xend-port: Port xend should use for the HTTP interface (default 8000).
198 \item xend-address: Address xend should listen on.
199 Specifying 'localhost' prevents remote connections.
200 Specifying the empty string '' allows all connections, and is the default.
202 \item network-script: The script used to start/stop networking for xend (default network).
204 \item vif-bridge: The default bridge that virtual interfaces should be connected to
205 (default xen-br0).
207 \item vif-script: The default script used to control virtual interfaces
208 (default vif-bridge).
210 \item vif-antispoof: Whether iptables should be set up to prevent IP spoofing for
211 virtual interfaces (default yes).
212 \end{itemize}
214 Configuration scripts ({\it e.g.} for network-script) are looked for in {\tt /etc/xen}
215 unless their name begins with '/'.
217 Xend sends its log output to {\tt /var/log/xen/xend.log}. This is a rotating logfile,
218 and logs are moved onto {\tt xend.log.1} {\it etc.} as they get large. Old logs may
219 be deleted.
221 \secb{Xend database}
222 Xend needs to make some data persistent, and it uses files under {\tt /var/xen/xend-db}
223 for this. The persistent data is stored in files in SXP format. Domain information
224 is saved when domains are created. When xend starts it reads the file {\tt /var/xen/lastboot}
225 (if it exists) to determine the last time the system was rebooted. It compares this time
226 with the last reboot time in {\tt wtmp} to determine if the system has been rebooted
227 since xend last ran. If the system has been rebooted xend removes all its saved data
228 that is not persistent across reboots (for example domain data).
230 \seca{Xend HTTP Interface}
231 The xend interface uses HTTP 1.1 \cite{http} as its transport.
232 Simple PUT and GET calls can encode parameters using the standard url-encoding
233 for parameters: MIME type {\tt application/x-www-form-urlencoded}.
234 When file upload is required, the {\tt multipart/form-data} encoding is used.
235 See the HTML 4.1 specification for details \cite{html}.
237 Xend functions as a webserver and supports two interfaces: one
238 for web-browsers and one for programs.
239 The web-browser interface returns replies in HTML and includes forms
240 for interactive operations such as stopping domains and creating domains
241 from an uploaded configuration. The programmatic interface usually returns replies
242 in s-expression format. Both interfaces are accessed
243 in exactly the same way over HTTP - the only difference is the data returned.
245 The webserver distinguishes browsers from programs using the {\tt User-Agent}
246 and {\tt Accept} headers in the HTTP request. If there is no {\tt User-Agent} or no
247 {\tt Acccept} header, or {\tt Accept} includes the type {\tt application/sxp}, the
248 webserver assumes the client is a program and returns SXP. Otherwise
249 it assumes the client is a webserver and returns HTML.
250 In some cases the return value is essentially a string, so {\tt Content-Type}
251 {\tt text/plain} is returned.
253 The HTTP api supported is listed below. All paths in it are relative to the
254 server root, for example {\tt http://localhost:8000/xend}.
255 As defined in the HTTP specification, we use GET for side-effect free
256 operations that may safely be repeated, and POST for operations with
257 side-effects. For each request we list the HTTP method (GET or POST),
258 the url relative to the server root, the operation name and arguments (if any).
259 The operation name is passed as request parameter 'op', and the arguments
260 are passed by name. Operation name and parameters can be encoded using either
261 encoding described above. We also list the corresponding api function from the
262 Python client interface in {\tt xen.xend.XendClient}.
264 \begin{itemize}
265 \item {\tt GET /},\\
266 {\tt xend()}:\\
267 Get list of urls under xend root.
269 \item {\tt GET /node},\\
270 {\tt xend\_node()}:\\
271 Get node information.
273 \item {\tt POST /node shutdown()},\\
274 {\tt xend\_node\_shutdown()}:\\
275 Shutdown the node
277 \item {\tt POST /node reboot()},\\
278 {\tt xend\_node\_reboot()}:\\
279 Reboot the node
281 \item {\tt POST /node notify()}:\\
282 Set node notification url
284 \item {\tt GET /node/dmesg},\\
285 {\tt xend\_node\_dmesg()}:\\
286 Get xen boot message.
288 \item {\tt GET /node/log},\\
289 {\tt xend\_node\_log()}:\\
290 Get xend log.
292 \item {\tt GET /domain}\\
293 {\tt xend\_domains()}:\\
294 Get list of domains.
296 \item {\tt POST /domain create(config)},\\
297 {\tt xend\_domain\_create(config)}:\\
298 Create a domain.
300 \item {\tt POST /domain restore(file)},\\
301 {\tt xend\_domain\_restore(filename)}:\\
302 Restore a saved domain.
304 \item {\tt GET /domain/<dom>},\\
305 {\tt xend\_domain(dom)}:\\
306 Get domain information.
308 \item {\tt POST /domain/[dom] configure(config)},\\
309 {\tt xend\_domain\_configure(dom, conf)}:\\
310 Configure an existing domain (for internal use by restore and migrate).
312 \item {\tt POST /domain/[dom] unpause()},\\
313 {\tt xend\_domain\_unpause(dom)}:\\
314 Start domain running
316 \item {\tt POST /domain/[dom] pause()},\\
317 {\tt xend\_domain\_pause(dom)}:\\
318 Stop domain running.
320 \item {\tt POST /domain/[dom] shutdown(reason)},\\
321 {\tt xend\_domain\_shutdown(dom, reason)}:\\
322 Shutdown domain, reason can be reboot, poweroff, halt.
324 \item {\tt POST /domain/[dom] destroy(reason)},\\
325 {\tt xend\_domain\_destroy(dom, reason)}:\\
326 Destroy domain, reason can be reboot, halt.
328 \item {\tt POST /domain/[dom] save(file)},\\
329 {\tt xend\_domain\_save(dom, filename)}:\\
330 Save a domain to a file.
332 \item {\tt POST /domain/[dom] migrate(dst)},\\
333 {\tt xend\_domain\_migrate(dom, dst)}:\\
334 Migrate a domain.
336 \item {\tt POST /domain/[dom] pincpu(cpu)},\\
337 {\tt xend\_domain\_pincpu(self, id, cpu)}\\:
338 Pin a domain to a cpu.
340 \item {\tt POST /domain/[dom] maxmem\_set(memory)},\\
341 {\tt xend\_domain\_maxmem\_set(dom, memory)}:\\
342 Set domain maximum memory limit.
344 \item {\tt POST /domain/[dom] device\_create(config)}\\
345 {\tt xend\_domain\_device\_create(dom, config)}:\\
346 Add a device to a domain.
348 \item {\tt POST /domain/[dom] device\_destroy(type, index)},\\
349 {\tt xend\_domain\_device\_destroy(dom, type, index)}:\\
350 Delete a device from a domain
352 \item {\tt GET /domain/[dom] vifs()},\\
353 {\tt xend\_domain\_vifs(dom)}:\\
354 Get virtual network interfaces.
356 \item {\tt GET /domain/[dom] vif(vif)},\\
357 {\tt xend\_domain\_vif(dom, vif)}:\\
358 Get virtual network interface.
360 \item {\tt GET /domain/[dom] vbds()},\\
361 {\tt xend\_domain\_vbds(dom)}:\\
362 Get virtual block devices.
364 \item {\tt GET /domain/[dom] vbd(vbd)},\\
365 {\tt xend\_domain\_vbd(dom, vbd)}:\\
366 Get virtual block device.
368 \item {\tt GET /console},\\
369 {\tt xend\_consoles()}:\\
370 Get list of consoles.
372 \item {\tt GET /console/[id]}\\
373 {\tt xend\_console(id)}:\\
374 Get information about a console.
376 \item {\tt GET /console/[id] disconnect()}\\
377 {\tt xend\_console\_disconnect(self, id)}:\\
378 Disconnect any console TCP connection.
380 \item {\tt GET /vnet}\\
381 {\tt xend\_vnets()}:\\
382 Get list of vnets (virtual networks).
384 \item {\tt GET /vnet/[id]}\\
385 {\tt xend\_vnet(id)}:\\
386 Get information about a virtual network.
388 \item {\tt POST /vnet create(config)}\\
389 {\tt xend\_vnet\_create(conf)}:\\
390 Create a vnet.
392 \item {\tt POST /vnet/[id] delete()}\\
393 {\tt xend\_vnet\_delete(id)}:\\
394 Delete a vnet.
396 \item {\tt POST /event inject(event)}\\
397 {\tt xend\_event\_inject(sxpr)}:\\
398 Inject an event.
400 \end{itemize}
402 \secb{Xend debugging interface}
403 Xend also listens on port 8001. Connecting to this port (for example via telnet)
404 allows access to some debugging functions:
405 \begin{itemize}
406 \item help: list functions
407 \item traceon: turn xend tracing on
408 \item traceoff: turn xend tracing off
409 \item quit: disconnect.
410 \item info: list console listeners, block and network device controllers.
411 \end{itemize}
413 When tracing is on xend logs all functions calls and exceptions to
414 {\tt /var/log/xen/xend.trace}.
416 \begin{thebibliography}{99}
418 \bibitem{html}
419 HTML 4.01 Specification,\\
420 http://www.w3.org/TR/html4/,\\
421 W3C Recommendation, 24 December 1999.
423 \bibitem{http}
424 Hypertext Transfer Protocol -- HTTP/1.1,\\
425 http://www.ietf.org/rfc/rfc2616.txt,\\
426 RFC 2616, IETF 1999.
428 \bibitem{ssh}
429 http://www.openssh.org.
431 \bibitem{stunnel}
432 http://www.stunnel.org.
434 \end{thebibliography}
435 \end{document}