Sorry for the late reply, I am usually much faster replying to emails,
I have been caught in a personal issue.
On Tue, 8 Aug 2017, Rajiv Ranganath wrote:
> Hi Stefano,
>
> On Wed, Aug 2, 2017 at 12:15 AM, Stefano Stabellini
> wrote:
>
> [...]
>
> > The main thing that will be different is the list of dependencies you
> > need to install to build Xen. On Fedora it should be (I am using
> > Raisin[1] as a reference):
>
> Thank you for the pointer to Raisin.
>
> I have managed to build stage1-xen on Fedora. This project is very
> interesting. I have some questions regarding stage1-xen and containers
> on Xen.
Thank you, I am glad I could help! :-)
> 1. Is there a roadmap/design doc for containers primitives and container
> standards that Xen community is looking to support?
>
> The only documentation that I could find were presentations by you.
> [1][2]
Not yet, the project is quite new, but we should definitely have one. On
my roadmap I have better support for all rkt commands, including for
example PoDs with multiple stage2s, and support for all rkt networking
modes.
> 2. Now that OCI 1.0 is out, are there any plans to create a Xen based
> OCI runtime? [3]
>
> A Xen based OCI runtime that can work with containerd and cri-o would be
> very interesting to us.
>
> I was wondering if you have thoughts on how xen-stage1 could be evolved
> to support rkt and also also a OCI runtime?
This is a very good question, I am glad you asked :-)
I would love to see more OCI runtimes supported, including containerd. I
started with rkt because it has a very nice and clean interface to the
stage1s. In other words, implementing stage1-xen for rkt is rather easy,
doing the same for Docker is possible but more work. I don't think the
difficulty would be on the stage1-xen side. The issue is that other OCI
runtimes would need more changes to be able to interface with something
like stage1-xen. Of course, I would be happy to see more OCI runtimes
supported and I would be happy to help.
Similarly, growing stage1-xen into its own OCI runtime would pull a
lot of code into the project that today we don't have to worry about.
In other words, I would be happy to take any contributions to stage1-xen
to expand OCI runtime support. However, I think it would be best to
focus on completing rkt support first.
> 3. Are there plans to use PVHv2 guests instead of PV guests?
Yes! I want stage1-xen to default to PVHv2 guests wherever possible
(all machines with VMX support).
> 4. In the presentation I noticed PV Calls for Networking. However when I
> did `rkt run ...`, it seems to use netback with vif-nat. How can I try
> PV calls for networking?
>
> [...]
It's not yet upstream, but I have all the patches ready on my local
machine. I am just waiting for PVCalls to go upstream in Linux. PVCalls
will be very useful to implement the host networking mode of rkt.
> > Let me know if you find any issues!
>
> Following are the issues that I ran into -
>
> 1. `rkt rm ...` fails with `stage1/rootfs/gc` file not found error. I
> think because of this the Xen host gets populated with a lot of
> overlayfs mounts. I tried to manually clean up, but that failed too.
That is strage, I'll give it a look.
> 2. Upstream cni master seems to have reorganized its directory
> structure. So, I had to pin the version to 0.3 to get the build to work.
> I also had to manually get dhcp4 and dhcp4client packages. Perhaps we
> can add a glide.lock file to lock down the dependencies. I can send a
> patch for it.
Good idea, thank you.
> > I would be very happy to take a patch (or pull request) for
> > BUILDING.md to document how to do this on Fedora.
>
> I have a somewhat "non-standard" setup for xen and qemu for Fedora. I'll
> briefly describe the setup.
>
> Xen is booted using EFI. This required building a custom binutils
> package [4]. Both Xen and qemu are built with a non-standard prefix
> (/opt/xen-unstable and /opt/qemu-stable), with RPATHs appropriately
> adjusted.
>
> Lastly I don't use systemd to manage Xen on Fedora. In the buildroot,
> Xen is explicitly configured using --disable-systemd. We have a version
> of runit package that we run under systemd. Runit then launches
> xenstore, xenconsole, dom0 qemu disk backend. We frequently toggle
> between upstart and systemd based distro, so using runit on both has
> been very helpful.
>
> If this setup is okay you, I can open up the Fedora variant of our tools
> and packages and send patches to BUILDING.md.
I would prefer "standard" instructions for Fedora, but non-standard is
better than no instructions :-) Please send a patch.
> Please let me know.
>
> Thank you!
>
> Best,
> Rajiv
>
> [1]:
> https://xendeveloperanddesignsummit2017.sched.com/event/AjGx/keynote-secure-containers-with-xen-and-coreos-rkt-stefano-stabellini-aporeto
> [2]:
> https://docs.google.com/presentation/d/1dP_7myrUrtwQHnjgDtlMQkAxJNG6Se9SBl0tdaFIAYQ/edit?usp=sharing
> [3]:
> https://github.com/opencontai
