On Fri, Jun 02, 2023 at 05:18:38PM +0200, zithro wrote:
On 02 Jun 2023 14:31, Michael Stone wrote:
I don't recommend xen for new projects. It has more pieces and tends
to be more fragile than qemu+kvm, for no real benefits these days.
(IMO)
Define "more pieces" and "more fragile" ?
You need to juggle kernel version, qemu version, and xen version. You
need a bootable dom0 *as well as* a bootable xen hypervisor. If any of
these things mismatch or stop working, things break. The xen-specific
pieces are generally less well known and less operationally tested
because there are fewer users. The xen developers have gone through
several vm models and various deprecations in the past few years, and
there have been actual breakages for users of the debian packages due to
the many combinations of features which can break in the presence of
changes (such as changes needed for security issues) and the difficulty
(infeasibility?) of testing all the possible combinations. That would be
less of an issue if rolling your own and tracking xen upstream directly,
but this is a debian list, and the debian packages face a different set
of constraints.
It has a really low TCB and still used by amazon for their cloud.
As a legacy service. New VMs are deployed using different technologies.
They were the only major cloud service to go with xen, and their
continued use seems more a matter of leaving it running for legacy
instances being less work than migrating everything. (Which is basically
where I still have deployed.) Amazon is also not using a xen package
from a general purpose OS, and has quite a large team devoted to the
care and feeding of that infrastructure. It's basically an apples to
boxcars comparision unless the person trying to decide which hypervisor
to go with happens to be running one of the largest clouds in the world.
(Which begs the question of why on earth they'd be looking for answers
on debian-user.)
You don't even need qemu if running fully virtualized guests (PV/PVH).
xen's continuing search for the next great thing
(pv/hvm/pvhvm/pvh/pvhv2) has itself been a source of operational pain.
From the perspective of taking the best advantage of the technology
available at the time it's great, but from the perspective of wanting to
set something up and just have it keep running, it's a pain. (And, to
the point, kvm has been less of a pain because for better or worse its
model has remained more stable.)
None of this is to say that xen is a bad project or that some people may
find it the best option, but I'll continue to not recommended it as a
general solution for people looking to deploy a new vm environment. It's
just easier to go with kvm.