[Gllug] Virtual disk allocation advice requested
David L Neil Mailing list a/c
GLLUG at getaroundtoit.co.uk
Mon Jun 30 10:54:56 UTC 2008
Bruce Richardson wrote:
> On Mon, Jun 30, 2008 at 10:39:34AM +0100, Richard wrote:
>>> =Logic says that if use NFS, eg for /home within any VM and 'house' the
>>> NFS server within another VM, that at boot time Xen will not guarantee
>>> that one domain will be up and running prior to another being started
>>> and thus the situation may produce a time-race condition.
>> Yup, this is another reason not to use a server in a guest (although
>> exactly the same problem may happen with an NFS server in the dom0 --
>> how do you know it is serving requests before the guests start up?).
> I would never run NFS or anything like that from a dom0; it's a waste of
> the resources used by dom0 and a huge security risk. If dom0 is
> compromised then the attacker gains access to all the domUs. Running
> network services from dom0 just makes this much more likely.
Excuses: as mentioned, I have no experience of NFS or Xen or ... the
lungs aren't working and the head is cloudy with drugs (legal ones) -
and I clicked on Rich's link but have yet to (try to) read it...
Thanks for the warning of running NFS in Dom0. I am NOT planning to put
all the VMs' /home directories into NFS, eg corporate network model. My
objective is the likes of separating web-dev from 'prod'/acceptance
testing, email from everything else, and building myself a sand-box
environment (VM) which I can play-and-destroy without risking my desktop
or serous stuff - oh, and to learn enough that I might know what I'm
talking about when a client asks...
Accordingly I thought to use the NFS shared area almost only as a
transfer mechanism, and still use for example, sFTP etc to transfer
stuff between VMs/domains, ie web-dev to acc-test (sub)domains. Given
that the NFS storage will not be intrinsic to the operation of any VM
does it still provide such an attack vector?
> For security, I prefer to have the domUs bridging across one physical
> interface (or bonded pair) and dom0 accessible via a separate one (on a
> different subnet and network segment if at all possible.)
Have you now moved away from 'disk' to talking about virtual network
interfacing? Yes, I thought it might actually be easier to allocate each
DomU its own MAC and IPaddr. I already have an Apache proxy/front-end to
cope with the situation where some systems use older Apache/PHP whereas
new dev ... - so separate IPaddrs will facilitate continuing that
model/one less thing to learn and worry about.
I haven't got my head around the 'networking' part of things - yet.
I am however wondering when the point where the 'fun' of re-installing
with 'added knowledge' and gained-experience starts to pall though...
Many thanks all!
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG