-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/xen: refactor dom0 configuration #324911
Conversation
5983d41
to
2a8bdec
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels very intrusive to the systemd-boot-builder
codebase to me, which will create maintenance burden. I've never worked with Xen, could you explain why this is necessary? Is it not possible to do the modification to the xen.cfg file at build time, like on the file passed to extraFiles?
This comment was marked as outdated.
This comment was marked as outdated.
1327508
to
b7b29a5
Compare
Removed instances of |
b7b29a5
to
6e9b9b8
Compare
6e9b9b8
to
a5f3491
Compare
a5f3491
to
c6ae504
Compare
I had some time, so I added more options to configure oxenstored.conf. The options haven't changed in a decade, so I think it's alright to skip building a new config generator for oxenstored.conf's custom syntax, and just use
|
c6ae504
to
eba7bc4
Compare
This comment was marked as outdated.
This comment was marked as outdated.
95ecd4e
to
a03f9f6
Compare
@emilazy I'm sorry to report that it has indeed been might I place this burden unto you? |
Yeah, I’ll take up the burden :) I am sick right now so my capacity is not at its best but I’ll try to do it tomorrow. I notice that the module has gone through |
b7a8b06
to
980aedf
Compare
I formatted the old version in a separate commit as requested. That said, the diff is still really hard to read because many |
Signed-off-by: Fernando Rodrigues <[email protected]>
980aedf
to
ad37ca0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks broadly good to me. I don’t know much about Xen, so my review here is mostly human linting and asking about things that stood out to me, but this shouldn’t interfere with setups that don’t use Xen and seems to be better quality code than what it’s replacing, which is good enough for me. A few things I’d like to see changed, but I’m deferring to @CertainLach’s approval as far as Xen matters go.
Path to the Xen Store Daemon. This option is useful to | ||
switch between the legacy C-based Xen Store Daemon, and | ||
the newer OCaml-based Xen Store Daemon, `oxenstored`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the C implementation is legacy and adds complexity to the implementation here, should we only support the OCaml one? Is there anything the OCaml one can’t do that the C one can?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't, unfortunately. oxenstored
does not support untrusted device domains, which is the main reason why Qubes OS (#341215) doesn't use it.
{ | ||
assertion = cfg.debug -> cfg.trace; | ||
message = "Xen's debugging features are enabled, but logging is disabled. This is most likely not what you want."; | ||
} | ||
{ | ||
assertion = cfg.store.settings.quota.maxWatchEvents >= cfg.store.settings.quota.maxOutstanding; | ||
message = '' | ||
Upstream Xen recommends that maxWatchEvents be equal to or greater than maxOutstanding, | ||
in order to mitigate denial of service attacks from malicious frontends. | ||
''; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these sufficiently bad configurations that we want them to be assertions, rather than warnings? (I’m perfectly fine with ruling out footguns like this; just want to check.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The quota stuff should certainly be kept, otherwise users might unknowingly open themselves to a known security vulnerability. The tracing stuff is more of a footgun, but could be replaced with a lib.warn
with no issues. I don't see why someone would want to debug Xen without logs though.
- Cleans up downstream systemd units in favour of using upstream units. - Xen 4.18 on Nixpkgs now supports EFI booting, so we have an EFI boot builder here that runs after systemd-boot-builder.py. - Add more options for setting up dom0 resource limits. - Adds options for the declarative configuration of oxenstored. - Disables the automatic bridge configuration, as it was broken. - Drops legacy BIOS boot - Adds an EFI boot entry builder script. Signed-off-by: Fernando Rodrigues <[email protected]> Co-authored-by: Yaroslav Bolyukin <[email protected]>
ad37ca0
to
9e5f77a
Compare
Changes addressed, except for the removal of the footgun assertions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Any further improvements can be handled in future PRs. Thanks for all the work you’ve put into this.
@ofborg test simple
(just to make sure that NixOS eval is okay)
The simple test has passed! |
A sincere thank you to everyone who has helped in this Xen endeavour! @CertainLach, @hehongbo, @digitalrayne, @radhus and @matdibu, I've sent everyone who has been involved in these Xen PRs an email which may be of interest to you. Let me know what you think! (If you haven't received it, then I did a terrible job finding your address. Please do tell me if that's the case.) |
As defined in NixOS/nixpkgs#324911
As defined in NixOS/nixpkgs#324911
As defined in NixOS/nixpkgs#324911
Description of changes
Refactors the Xen module for Domain 0.
Things done
NixOS/xen
yet.Closes #129780, closes #127404.
Add a 👍 reaction to pull requests you find important.