Oct 162008
 

Xen is nowadays a widespread approach to run virtual hosts. Thanks to its flexible configuration it’s not only possible to run virtual Linux hosts but nearly any operating system that is compatible to the Xen hypervisor machine architecture will possibly run as guest host. The Xen paravirtualization Continue reading »

Jul 092007
 

YES, YES, YES! Finally I made it.

Since a while I am playing with the migration functionality of a Xen domU between two Xen servers. It allows to move a virtual machine without reboot between two physical machines. But my problem was: It did not hold what it promised.

Trying all possible versions of Xen and the xen-sources in the Gentoo Portage I was able to migrate a domU but not when it was configured as SMP machine. After I found that the kernel has to include the CONFIG_HOTPLUG_CPU option, I was able to migrate the domU at least one time from one host to the other. When repeating this procedure the domU crashed with a kernel oops. By finally trying the latest Xen 3.1 version from the unofficial mescalito portage overlay with the xen-sources-2.6.18, repeated migration of a domU between the Xen servers does work now. Prerequisite is that both dom0 and domU run the 2.6.18 kernel. I am trying to run this in production now and will see how reliable it is.

I just remember that I did also remove the memory restriction from the dom0. The dom0_mem parameter in the grub configuration is optional and when omitting it the dom0 can use the unused memory for itself.

Jul 132006
 

Die kürzlich gefundene Kernel-Schwachstelle CVE-2006-2451 der Kernel >2.6.13 und <2.6.16.24 und <2.6.17.4, wodurch ein entfernter Angreifer root-Privilegien erhalten kann, wurde am prominenten Beispiel des Debian Entwicklungsservers Gluck demonstriert. Dank der schnellen Reaktion der Administratoren wurde nur /bin/ping komprimitiert. Sonst wurden noch keine veränderten Daten/Packete oder Programme entdeckt. Das zeigt wieder einmal, dass man als Administrator gut dran tut seine Kernelversionen aktuell zu halten und die Maschinen genau zu überwachen.

Quelle: debian.org: Debian Server restored after Compromise

Update – 7. August 2006: Für alle, welche noch einen der betroffenen Kernel auf einem produktiven System einsetzen, der Standardkernel (2.6.8) von Debian Sarge ist übrigens nicht betroffen, gibt es ein Workaround: Mitigating against recent GNU/Linux kernel bugs