Contributed by dwc on from the coolness dept.
Mark Kettenis writes:
Over the last couple of weeks, I've been working on support for Logical Domains (LDoms) on Sun's CoolThreads servers, that use the UltraSPARC T1 and T2 (Niagara) processors. These processors have very strong support for virtualization, offering much better seperation between domains than the virtualization available on x86. The LDoms software allows you to split up your server in up to 128 domains, giving each domain dedicated resources such as CPU threads, crypto units, memory and physical I/O. For more informtion on LDoms, see http://www.sun.com/servers/coolthreads/ldoms/index.jsp.
Read on for the good stuff...
Although OpenBSD already did run in a logical domain on those systems, it only had access to "real hardware" made available to the domain. This meant you'd only have network or disk access if you're running in an I/O domain, and the number of possible I/O domains is fairly limited on Sun's current hardware offerings.
The new LDoms support consists of two new drivers to support virtual I/O (VIO). The first one is vnet(4), which is a virtual network driver that allows you to talk to a virtual switch running in another domain that runs Solaris. Since this virtual switch can be associated with a real network device on the Solaris side, this gives you a network path out of the machine. But of course it is also possible to talk to other domains that have a virtual network device connected to that same switch.
The second new device driver is vdsk(4), which is a virtual disk driver. This driver talks to a virtual disk server running in another domain, giving you access to a physical disk, a disk slice/partition or a disk image on a filesystem. The driver emulates SCSI, so you'll see an sd(4) device showing up on your vdsk(4) "controllers".
The new code offers some interesting possibilities. For examples it is possible to run a pf firewall in a dedicated domain that protects a couple of other domains running Solaris, all in a single box. On machines such as the T1000 and T2000 that have a split PCIe bus, you can give the pf firewall direct access to a physical network interface, such that "untrusted" packets don't even have to enter the control domain.
On UltraSPARC T2 systems, there is now also support for the on-chip random number generator through the vrng(4) driver. The entropy data gathered from the processor is added to the kernel entropy pool.
Here's a dmesg of a domain with 12 virtual CPUs (threads), 4GB of memory, a virtual network interface and two virtual disks:console is /virtual-devices@100/console@1 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.4-current (GENERIC.MP) #7: Sat Jan 17 23:33:12 CET 2009 firstname.lastname@example.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP real mem = 4294967296 (4096MB) avail mem = 4138582016 (3946MB) mainbus0 at root: SPARC Enterprise T5120 cpu0 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu1 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu2 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu3 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu4 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu5 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu6 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu7 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu8 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu9 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu10 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu11 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz vbus0 at mainbus0 "flashprom" at vbus0 not configured "n2cp" at vbus0 not configured "ncp" at vbus0 not configured vrng0 at vbus0 vcons0 at vbus0: ivec 0x111 cbus0 at vbus0 vnet0 at cbus0 chan 0x0: ivec 0x200, 0x201, address 00:14:4f:f8:38:e7 vdsk0 at cbus0 chan 0x2: ivec 0x204, 0x205 scsibus0 at vdsk0: 2 targets, initiator 2 sd0 at scsibus0 targ 0 lun 0:
SCSI3 0/direct fixed sd0: 9216MB, 512 bytes/sec, 18874368 sec total vdsk1 at cbus0 chan 0x3: ivec 0x206, 0x207 scsibus1 at vdsk1: 2 targets, initiator 2 sd1 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed sd1: 2MB, 512 bytes/sec, 5120 sec total vrtc0 at vbus0 softraid0 at root bootpath: /virtual-devices@100,0/channel-devices@200,0/disk@0,0 root on sd0a swap on sd0b dump on sd0b
So far the code has been tested on an UltraSPARC T1 system with LDoms 1.0.1 and an UltraSPARC T2 system with LDoms 1.0.3. However it should work fine with LDoms 1.1 which was released by Sun last december. There is a good chance that OpenBSD will also run fine in a Guest Domain on UltraSPARC T2+ systems. If you have such a system, please try!
An easy way to try OpenBSD on these systems is to download the miniroot44.fs file from a recent snapshot and add a virtual disk to a domain that is backed by this disk image. Simply boot your domain from this virtual disk and start the installation.
(Comments are closed)