Difference between revisions of "PyGrub"

From Xen
(Important Tip / Caveat)
(Supported Bootloader Configuration Files: Adding section with useful links)
 
(10 intermediate revisions by 6 users not shown)
Line 6: Line 6:
 
__NOTOC__
 
__NOTOC__
 
== Why? ==
 
== Why? ==
[[PyGrub]] enables you to start Linux domUs with a kernel inside the DomU instead of a kernel that lies in the filesystem of the dom0. This means easier management - each domU manages its own kernel and initrd, meaning you can the built-in package manager to update the kernels, instead of having to track and update kernels stored in your dom0. It also allows easy migration of HVM'ed Linuxes - there's no need to extract the installed kernel & initrd.
+
[[PyGrub]] enables you to start Linux domUs with a kernel inside the DomU instead of a kernel that lies in the filesystem of the dom0. This means easier management - each domU manages its own kernel and initrd, meaning you can use the built-in package manager to update the kernels, instead of having to track and update kernels stored in your dom0. It also allows easy migration of HVM'ed Linuxes - there's no need to extract the installed kernel & initrd.
   
 
== Concept ==
 
== Concept ==
It is used as a Bootloader and provided with Xen. [[PyGrub]] behaves like Grub and reads the standard Grub menu.lst (or Grub2's grub.cfg) to provide the xen create process with the required parameters and SXP stanzas.
+
It is used as a Bootloader and provided with Xen Project. [[PyGrub]] behaves like Grub and reads the standard Grub menu.lst (or Grub2's grub.cfg) to provide the xen create process with the required parameters and SXP stanzas.
   
* '''Question is:''' Does it copy the req'd kernel and initd temporarily out to Dom0 for it to access it there or does Dom0 access the kernel and initd in their filesystem? Anyone?
 
 
Therefore usage is quite easy.
 
Therefore usage is quite easy.
   
  +
PyGrub accesses the guest filesystem using a userspace filesystem library (derived in part from grub's filesystem modules as well as libe2fs) which it uses to extract the necessary configuration, kernel and initrd for use by the domain builder. This means that reading the guest filesystem does not require mounting the filesystem and runs with userlevel privileges which means that a malicious or corrupt guest filesystem cannot crash or otherwise compromise your domain 0.
* '''Security Question:''' Some time ago, someone found a security problem with pyGrub that allowed it to break out of the DomU, i did not find any fix notices - it that problem still relevant?
 
* '''RESOLVED:''' This issue has been resolved. Check out http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 & http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4993 for details
 
   
 
== How? ==
 
== How? ==
Line 26: Line 24:
 
Change your domU.cfg:
 
Change your domU.cfg:
 
* remove kernel and initrd stanza
 
* remove kernel and initrd stanza
* add bootloader stanza, e.g. <code>bootloader = '/usr/bin/pygrub'</code>
+
* add bootloader stanza, e.g. <code>bootloader = 'pygrub'</code>
   
Note: You need to know where in the filesystem pygrub lies. For example, debian uses /usr/lib/xen-$version/bin/pygrub or something like this, instead of the path reflected above
+
Note: For older versions of Xen Project software (4.1 or earlier) you need to know where in the filesystem pygrub lies. For example, debian uses /usr/lib/xen-$version/bin/pygrub or something like this, instead of the path reflected above. Newer versions of the toolstack know how to look for the path themselves.
   
 
== Important Tip / Caveat ==
 
== Important Tip / Caveat ==
Line 47: Line 45:
 
Thanks to (The following is taken from http://lists.xensource.com/archives/html/xen-users/2007-09/msg00524.html and own experience) for first pyGrub Reference.
 
Thanks to (The following is taken from http://lists.xensource.com/archives/html/xen-users/2007-09/msg00524.html and own experience) for first pyGrub Reference.
   
  +
== Supported File Systems ==
'''NOTE:''' PyGrub supports only EXT2 / EXT3 filesystems. Attempt to boot from EXT4 will lead in hang. See this [http://mail-index.netbsd.org/port-xen/2010/02/10/msg005716.html article] for details.
 
  +
  +
PyGrub supports the following filesystems via libfsimage:
  +
* Ext2/3/4
  +
* FAT
  +
* ISO9660
  +
* REISERFS
  +
* UFS
  +
* ZFS
  +
  +
== Supported Bootloader Configuration Files ==
  +
  +
PyGrub supports the configuration file syntax of the following native bootloaders:
  +
* Grub 1 & Grub 2
  +
* LILO
  +
* ExtLinux
  +
  +
=== Useful Links ===
  +
* [https://www.howtoforge.com/tutorial/repair-linux-boot-with-grub-rescue/ Repair Linux Boot failures in Grub 2 rescue mode]
   
 
[[Category:Xen]]
 
[[Category:Xen]]
Line 54: Line 70:
 
[[Category:Example]]
 
[[Category:Example]]
 
[[Category:HowTo]]
 
[[Category:HowTo]]
  +
[[Category:Host Configuration]]
  +
  +
{{Languages|PyGrub}}

Latest revision as of 17:26, 5 February 2015


Why?

PyGrub enables you to start Linux domUs with a kernel inside the DomU instead of a kernel that lies in the filesystem of the dom0. This means easier management - each domU manages its own kernel and initrd, meaning you can use the built-in package manager to update the kernels, instead of having to track and update kernels stored in your dom0. It also allows easy migration of HVM'ed Linuxes - there's no need to extract the installed kernel & initrd.

Concept

It is used as a Bootloader and provided with Xen Project. PyGrub behaves like Grub and reads the standard Grub menu.lst (or Grub2's grub.cfg) to provide the xen create process with the required parameters and SXP stanzas.

Therefore usage is quite easy.

PyGrub accesses the guest filesystem using a userspace filesystem library (derived in part from grub's filesystem modules as well as libe2fs) which it uses to extract the necessary configuration, kernel and initrd for use by the domain builder. This means that reading the guest filesystem does not require mounting the filesystem and runs with userlevel privileges which means that a malicious or corrupt guest filesystem cannot crash or otherwise compromise your domain 0.

How?

In your domU

  1. Install Grub
  2. Install a linux-image-xen of your choice.
  3. Create the /boot/grub directory if it is not present.
  4. Let it create its default menu.lst (update-grub in Debian)

In your dom0

Change your domU.cfg:

  • remove kernel and initrd stanza
  • add bootloader stanza, e.g. bootloader = 'pygrub'

Note: For older versions of Xen Project software (4.1 or earlier) you need to know where in the filesystem pygrub lies. For example, debian uses /usr/lib/xen-$version/bin/pygrub or something like this, instead of the path reflected above. Newer versions of the toolstack know how to look for the path themselves.

Important Tip / Caveat

On your disk line, e.g.

disk = ['file:/vserver/mail/guest_base2G.img,hda1,w','file:/vserver/mail/guest_swap256M.img,hda2,w','phy:data/mail,hda3,w']

make sure that the partition/lvm/container that contains the kernel and initrd comes first. Xend passes the *first* entry to pyGrub. (At least for Version 3.2.1) If the first disk entry does not contain a kernel you will most likely get

Error: Boot loader didn't return any data

If you get this error have a look at /var/log/xen/xend.log . You can read here which parameters were given to pyGrub, try them by hand and see if pyGrub outputs the right stanzas for domU startup. (They look a little like grub entries LISPified, SXP-Format).

Thanks to (The following is taken from http://lists.xensource.com/archives/html/xen-users/2007-09/msg00524.html and own experience) for first pyGrub Reference.

Supported File Systems

PyGrub supports the following filesystems via libfsimage:

  • Ext2/3/4
  • FAT
  • ISO9660
  • REISERFS
  • UFS
  • ZFS

Supported Bootloader Configuration Files

PyGrub supports the configuration file syntax of the following native bootloaders:

  • Grub 1 & Grub 2
  • LILO
  • ExtLinux

Useful Links

Languages Language: English  • Deutsch • español • français • 日本語 • 한국어 • português do Brasil • русский • 中文