Categories
NSP Xen

VMWare responds to XenSource, MS Threat?

Five weeks or so ago VMWare accounced massive price cuts for their existing products. Today I read that VMWare are redefining their product range completely.

The article has more detailed information, but the basic gist is that VMWare is releasing a new entry-level SKU, not manageable via VirtualCenter (and thus not suited for enterprise, but entirely suited for sites that just want one or two hosts), with SATA support.   SATA support has tradiationally been missing from VMWare’s products, and the presence of SATA support was one of the selling points for other virtualisation vendors such as Xensource and VirtualIron.

I asked in my last post “Has VMWare seen the writing on the wall?” I guess it has. It’s not end-game yet, of course: Gartner analysts peg virtualisation use at under 10% of the server market (I don’t have an exact reference for that, but there’s lots of references at 6% or so during late 2006). This is merely the point where VMWare realises that it’s not enough to be the big fish in the pond – Citrix and Microsoft are now in there too.

Categories
linux NSP WLUG Xen

iSCSI for SCSI device passthrough under Xen Enterprise

I recently had to add a SCSI tape drive to a Xen Enterprise server, and needed to use BackupExec under one of the Windows domU’s as the backup software. Luckily, Greig did this a few months ago already using the iSCSI Enterprise Target, and put his notes up on the WLUG Wiki here.

I hit one problem however – when using NTBackup to test the system, it would write about 20 MB to tape, then fail. Greig pointed out he’d only ever used BackupExec, which was the software that was going to be used finally anyway, so I installed that and then it worked fine.

Also, going one step further, it’s possible to use the same technique to push USB mass storage devices over iSCSI to domUs. As Xen Enterprise doesn’t have a nice way of passing USB mass storage devices through to domUs yet, this is a very good solution in the interim

[code]

Target iqn.2007-04.com.example:tape0
Lun 0 H=4,C=0,I=0,L=0,Type=rawio
Type 1
InitialR2T No
ImmediateData Yes
xMaxRecvDataSegmentLength 262144

Target iqn.2007-04.com.example:usb0
Lun 1 Path=/dev/sdb,Type=fileio
[/code]

As it refers to the scsi device, which will change if you unplug and re-insert a USB block device, it makes a lot of sense to use udev to map your USB mass storage device to a specific /dev entry.

I don’t have a feeling for how robust this is yet.

Categories
linux NSP Xen

Has VMWare seen the writing on the wall?

As seen here, VMWare is set to slash the pricing for VMWare ESX and VirtualCenter for the SME market – three copies of ESX and a limited copy of VirtualCenter, for the nice round price of $3k US – a significant price cut. This is hot on the heels of XenSource’s new pricing and acquisition by Citrix (XenSource also has a current promotion of “buy one, get three” as an introduction to the new XE 4.0 pricing model.)

Has VMWare seen the writing on the wall? They look a bit defensive at times. Or maybe VMWare has just realised they’ve neglected the SME market for too long. In NZ especially, most businesses are in the SME bracket, and just can’t afford VMWare’s prices – it’s cheaper to buy a new server machine in most cases.

Xen Enterprise’s new price tag of $2.5kUS may be outside their reach as well, but most SMEs don’t need the enterprise features present in XenSource’s flagship product. XenServer, at $750 US, fits right in the sweet spot, along with VirtualIron’s flagship offering.

Categories
linux NSP Tool of the Week WLUG

NUT: Network UPS Tools

I was tweaking the UPS rules at a client’s site, when I noticed that the base NUT configuration that we use didn’t really do a hell of a lot. The example config files had some hints as to what were needed, but unless I missed something fundamental, didn’t have the full picture.

After a bit of searching, my laptop battery ran out so I couldn’t carry on working onsite. I did get far enough to make some notes, but I have since lost the site I referred to, so can’t put proper attribution. It looked something like this one though, and was also dedicated to setting up NUT on a Mac, so I figure that will do.

I’ve since returned to this issue, and after fighting with serial and USB cables, have finally completed and tested it all. My configuration is on the WLUG wiki at the NutNotes page.

Categories
NSP WLUG

Feisty Fawn and Software RAID

It turns out there’s a race condition in Feisty Fawn, which can cause software RAID sets to not be set up on boot. This is problematic if you have your root partition on software RAID

Bug #75681 discusses this in some detail, although there are several suggestions on how to fix it.

I first hit this bug on a local machine, then had to the same upgrade on a machine in a different country. Needless to say I wanted to get it right. I’m archiving my notes here as I’m sure I’ll need them eventually. This race condition has probably already been fixed in Feisty, but it’s not worth risking on a remote machine.

First of all, there is some new management involved in setting up software RAID under feisty, so you need to make sure you read the documentation for the mdadm package. Every time an initramfs is generated it will generate a warning:

[code]
update-initramfs: Generating /boot/initrd.img-2.6.20-14-generic
cp: cannot stat `/etc/udev/rules.d/85-brltty.rules’: No such file or directory
W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf
W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz .
W: mdadm: no arrays defined in configuration file.
W: mdadm: falling back to emergency procedure in initramfs.
[/code]

Following those instructions, you are told to check the configuration in /etc/mdadm/mdadm.conf and compare with the output of /usr/share/mdadm/mkconf. Once you’ve done that, you can remove /var/lib/mdadm/CONF-UNCHECKED and re-run update-initramfs -u -k all to regenerate your initramfs images.

The particular race condition that I mentioned above occurs because udev hasn’t had time to stabilise before mdadm tries to create the array, which means mdadm can’t find the devices and fails. The fix suggested in the bug report is to insert udevsettle into the initramfs at an appropriate point, and recreate the initramfs images:

[code]
# echo “/sbin/udevsettle –timeout=10” >> /usr/share/initramfs-tools/scripts/init-premount/udev
# update-initramfs -u -k all
[/code]

This works, at least as of today. I don’t know if the bug is actually still a problem or not – I didn’t want to risk it./

Categories
General NSP WLUG

Debian Etch and apt-proxy issues

Debian Etch (4.0) was released on Monday, and I have to say I wasn’t at all prepared. I’ve got about 70 machines that will probably need to be upgraded to Etch at some point in the near future. I could leave some of them running sarge, but I’ll definitely have to upgrade most of these servers.

We use an apt-proxy internally, to improve apt performance. It works well, aside from a couple of bugs that cause it to lock up every now and then. While running some upgrades on out of the way servers today, I discovered that the version of apt in sarge really doesn’t play very nicely with an etch repository served by apt-proxy running on an etch server. It seems that Ubuntu is fine, and trying to update a sarge server via an apt-proxy running on an etch server is ok too.

Once the etch client has been upgraded, the etch apt-proxy works fine. So, looks like a key issue. The version of apt in sarge doesn’t have the archive security stuff in it, and has no way of checking whether the keys are intact – BUT, it still seems to care, and will timeout and eventually fail.

It turns out that installing a copy of apt from the sarge backports solves this. You’ll also need the gnupg package, but the one from sarge is OK
[code]
wget http://backports.org/debian/pool/main/a/apt/apt_0.6.46.4-0.1~bpo.1_i386.deb
wget http://backports.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2006.11.22~bpo.2_all.deb
dpkg -i *.deb
apt-get update
[/code]

Categories
advocacy NSP Xen

Xensource and VMWare performance comparison

I was discussing Xensource with a potential client a few weeks ago, and was fairly surprised when they pulled out a performance comparison of VMWare and Xen, which showed VMware massively outperforming Xen in several tests. On further inspection, it was fairly obvious that VMWare’s tests used the open-source version of Xen, and were running windows based tests on it. This might be a fairly typical enterprise environment, but they weren’t really playing a fair game – Xensource’s product range include a PV driver set for windows which drastically improves performance. This driverset isn’t available under the open source version of Xen.

The comparison the client had been given also had some other data included, some of which was misleading, and some of which was just plain wrong. It included statements such as ‘Xen does not support live migration’ when it does (and what’s more, the open source version supports it natively, so it’s not a bolt-on to the product), and a point stating that Xen had no management consoles available on one page, and a price comparison of VMware, Xensource and VirtualIron on the next. Xensource provide a commercial management console for Xen. Huh.
After a bit of digging, I found the original VMware published report that this comparison was drawn from. Yes, VMware didn’t run a fair test, and yes, given that unfair test, Windows under VMWare ESX massively outperforms Xen in some areas, primarily I/O related.

We mentioned that this report was being circulated to Xensource at about that time. They must have been getting the same heads-up elsewhere, because within a few days of that they had published a performance comparison of Xen Enterprise and VMWare ESX themselves, and even gotten approval from VMWare to publish it! Roger Klorese links to the report from his blog. The report is here.
The report shows that the gap between VMWare ESX and Xen Enterprise performance is negligble in most cases, and Xen Enterprise outperforms VMWare ESX considerably in some areas. It’s definitely a much closer race than VMWare’s report would have you believe.

Categories
advocacy General NSP WLUG

Puppet – a system configuration tool

I saw a couple of blog posts about puppet recently. I’ve been meaning to investigate cfengine for a while now, and puppet was a new angle on the same problem. From the intro:
Puppet is a system configuration tool. It has a library for managing the system, a language for specifying the configuration you want, and a set of clients and servers for communicating the configuration and other information.

The library is entirely responsible for all action, and the language is entirely responsible for expressing configuration choices. Everything is developed so that the language operations can take place centrally on a single server (or bank of servers), and all library operations will take place on each individual client. Thus, there is a clear demarcation between language operations and library operations, as this document will mention.

It’s very new still, and is under active development. It seems to have been designed with fixing some of the hassles of cfengine in mind. It is written in ruby and has a reasonably powerful config language, and you can use embedded ruby templates for dynamically building up content to deploy. I have no particular preference for ruby – in fact, this is the first time I’ve used the language. Configuration is stored in a manifest on the puppetmaster server, and is based on the notions of classes and nodes. A node can inherit from multiple classes, or can merely include a specific class if certain criteria are met. Subclasses can override specific details of a parent class.
It makes use of a library called facter (also written by reductive labs), to pull information ‘facts’ from the client hosts, and these can be used in the manifests to control configuration. For example, it will work out the linux distribution you are running and store this in a variable, and you can use this to determine which classes to run.  It is fairly easy to extend facter to support additional facts – so I added support for working out the Debian and Ubuntu release number and codename – eg, 3.1 and sarge, or 6.10 and edgy.
There is a dependancy system in place, so that you can specify a rule to ensure that a service is running, which depends on the package being installed. If you use puppet to manage the config file for the service, you can set a subscription on the file for the service, so that if a change to that file is pushed out via puppet, it will restart the server for you as well.

Installing packages is handled well, with the option for seeding debconf if appropriate. Puppet understands several package management formats, including apt, rpm and yum.
I’m by no means an expert with cfengine, but this feels a lot nicer to use. After my initial testing, I see no reason so far to not deploy this at work. I’ll test try a test deployment on some systems, and if that works out I’ll push it the whole way out.

Categories
General NSP WLUG

Xensource Xen Enterprise

I’ve been following the Xensource Xen Enterprise product for a couple of months at work. The current release ships with an install CD which preps a barebones server. It installs linux with a Xen kernel and the Xen toolset, but doesn’t ask you many questions – the dom0 is really only there to support the hypervisor after all. There are no options for software raid in the installer, but that might be because software raid isn’t considered an “enterprise” tool by some people.

Once it’s installed, you can run a JAVA based console from your desktop. This will connect to the XenEnterprise server and let you run some of the hypervisor commands as well as provision and configure domU.  XE ships with support for installing a debian server from a template, and for installing RHEL from a network install server. Apparently  it’s fairly straight forward to modify the templates or to create your own, I haven’t looked into that yet.

The console provides some monitoring of the dom0 and the domUs – network, cpu, disk and memory utilisation. The
console will connect to multiple XE hosts, letting you monitor and configure your domUs across your entire network.

One other neat tool that ships with XE is a P2V migration tool. That’s Physical to Virtual migration – you run a program on your existing physical machine, and XE will create a domU suitable for it and migrate the filesystem into the new host. However, I’ve yet to use this to see how well it works.
The kicker is, of course, the pricing. XE’s pricing is available online, and it starts at $750 + $150 annual maintainance for a 2 cpu server. The big benefits of XE come in when you have multiple servers in use, so start to scale that price up accordingly.   XE is also a bit limited in that you can’t do anything outside of the box yet. Which means that if you want, for example, pass a PCI device (eg, network card or SCSI controller) through to a specific domU, you are out of luck. This may not happen very often or at all, but it does make it somewhat less useful.

Overall, it’s a nice enough tool. If you are looking at managing a large number of densely packed Xen servers and want to be able to quickly provision new servers, clone existing servers, and migrate guests easily between hosts, it’s probably spot on.