[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Popular Linux OS for dom0 with UEFI boot?
Thanks! That was /very/ informative. Some remarks inline:
Before going on a mission to show you the possibilities for another dom0
distro, lemme answer to that.
I have 2 physical dom0s, both debian stable, one being BIOS/CSM based,
one UEFI based. Both AMD, but different generations : Athlon x4 760k and
Ryzen 1700x.
Because of personal choices, the Ryzen is using BIOS, the Athlon UEFI
(counter-intuitive right !).
On the BIOS one, grub always worked, from stretch/buster (~2018) to
bullseye.
But on the UEFI one, grub failed on me, and had to hack it (~mid 2019,
from file timestamps).
TBH, I've never taken the time to pinpoint the "offender", but till it
works ... (that's dumb, it took me time to understand sharing is caring).
I tried pulling in multiboot and multiboot2, disabling Secure Boot, and running a myriad of tests. I also loaded up Ubuntu 20.04 LTS (which will probably be my go-to distribution for Xen from now on) to observe how it interacts with the various modules. As best I can tell, Cent 7 does everything 20.04 does, in exactly the same way, but it still doesn't work. I recall reading a Redhat/Fedora bug report (the URL I did not save) indicating that it may be an issue with a certain minor version of grub2, like needing 2.02 in lieu of 2.01? Dunno. Cent 7 is dead and I think I'm done chasing a dead rabbit.
I'm not really a cool kid, even if I -think- I still am ! Remember, when
you grow up, only the toys change ^^
I'm a middle-aged sysadmin by trade, and an IT enthousiast since dozens
of years, but here are my suggestions.
This is *very* partial, but I'll try to separate what I know from my
personal experience.
Ready for the ride ? This is not your 5min read ^^
To me, those are the available choices, listed alphabetically :
- Alpine
- Arch/Gentoo
- Debian
- Fedora
- NetBSD
- Qubes
- Slackware
- Solaris/illumos
- Suse
- XCP-ng
--------------
Alpine
--------------
(0 XP, but ...)
- very lightweight
- security & server focused
- used a lot for containers and "small systems", so lot of feedback
- "raw" system: does not want to do everything, just the things it's
designed for, which is being a server platform
In addition to deploying locally (which has historically been about 98% of my use-case, but with "the cloud" and the need to operate in multiple regions, that number has shrank to 80% and continues to shrink daily), I also need something commonly supported by various dedicated/bare-metal providers. Unfortunately Alpine, for that reason, is out of the running.
--------------
Debian
--------------
- my personal choice for 2 dom0 on "Network-in-a-box" systems since 5
years (1 "user like", 1 "server/bkp like"). My config supports pfsense,
freeBSD-based freeNAS, w7 domains including a gaming host, other Debians
ofc and various other distros (a nested Qubes, openBSD, and many test
ditros). PCI-PT active on several domUs for various HW. One dom0 has
been configured "à la Qubes" (before I learnt about it, so way less
secure and "integrated").
- stability
- kinda close to unix philosophies, choice of kernel (linux/BSD)
- promotes free software, and more importantly nowadays, free
*firmwares* (look bookworm handling of free/closed FW)
- huge community, so lot of feedback (I recently joined and posted a lot
in debian-user ML. Nice people, happy to help)
- choice of init system
- can be used as a small/lightweight server or as a fully featured
desktop, so you don't need to learn things twice
- upstream of a lot of other distros, particularly Raspbian (ARM) on
which you can also use Xen as dom0, (from RasPi 4 but iirc possible on
Rpi3 with hacks)(and Ubuntu just because it's popular, but never used
it, and I don't like their decisions but again, opinion). It may help to
have the same OS on desktops/laptops and ARM SBCs.
- I recently chose to be part of the Debian Xen team, and they are nice
& dedicated people, so you're in good hands ^^ Joke aside, except
expected minor glitches, my experience has been flawless in 5 years
(I will only develop more -can I ?- about Debian if you ask for it, to
not pollute even more -possible ?!- with self opinions)
I've always liked Debian, I simply found myself living "in a Redhat world" which is why it was always RHEL/Cent as my first choice for everything. As I mentioned, Ubuntu 20.04 will become my standard. But in a couple of years when it comes time to transition to a new version, I'll be paying close attention to Debian since I will have already acclimated to the Debian/Ubuntu way of doing things. Thanks for joining them in the quest for good Xen ;)
--------------
Fedora
--------------
- you come from CentOS, so it will look familiar (I think ?)
- Qubes dom0 is based on it, so it contributes to the Xen project,
especially security-wise (read more in the Qubes section)
- because RedHat ... Even though I kinda hate them for systemd,
described as theoretically useful to system mgmt even from freebsd
developper(s), but i still fail to see how it's useful to me, creates
more problems than it solves. The fact Lennhart got hired by MS proves a
point: as we say in french, "qui se ressemble s'assemble" (~ who looks
alike, like each other), but /rant off, and again, biased opinion !
Fedora was my first (and least favorite) answer to running Xen at dedicated providers who had no way to un-UEFI their systems. I spent many a night on a Java-based IPKVM banging out Kickstart configs for various versions of Fedora, forcing it to use the second Xen kernel rather than the first (typical stupid Fedora bugs),etc. Like I said, definitely my least favorite answer for a modern dom0. On the other hand, Ubuntu's subiquity/curtin/autoinstall is horendous. So much hatred for that stupid storage configurator. I have it mostly nailed down for dom0 and domU whether UEFI or not, but the more I think about it, the more Debian deserves another look, just on account of the dumb a needlessly complicated autoinstaller.
--------------
Arch/Gentoo
--------------
(0 XP, but ...)
- outstanding documentation ! Gimme a Linux user who didn't solve a
problem in its distro without reading their docs/forums, even if not
using those distros !
- "raw" systems, close to unix philosophies
- highly and easily customizable to your needs, again thx to the docs
- Arch runs on RasPi/ARM, so can host a Xen dom0 (dunno about Gentoo).
It may help to have the same OS on desktops/laptops and ARM SBCs.
I appreciate the raw, close-to-the-earth way of doing things in Gentoo. Unfortunately I need something more polished.
--------------
NetBSD
--------------
(0 XP, but ...)
- because the simplicity and cleanliness of BSD systems
- stability, security
- low overhead
- can also run on ARM (so on RasPis, etc, you got it)
I was very surprised to see NetBSD on this list, but not FreeBSD. Apparently FBSD has such issues with UEFI also, like Cent 7. NBSD is out due to lack of popular support by dedicated providers, but if I never needed to outsource anything, I would give it a look.
--------------
Qubes
--------------
Here I will consider Qubes as a desktop PLUS server system, not a
laptop/isolated one.
For now, I'm testing Qubes as a nested dom0, to see how I could replace
my "vanilla Debian/Xen network-in-a-box user mode host" setup by Qubes.
- Qubes is a really nice dom0 to use for a user environment, as it's
providing a GUI directly on dom0 to manage the domUs (integration goes
way beyond virt-manager)
- it's more "user+security-oriented", but nothing prevents you from
using it in a mixed desktop+server mode
- supports all Xen functionnalities, even if security-wise, it's not
recommended by the team, ie. not the usual use case
- it has some peculiarities, a bit more than your "average" OS, but once
you grasp the paradigms, you can do what you want and it's not so hard
- nice and helpful community (I participate in it a bit)
- nice documentation, even if to grasp everything, you need to spend
some time
- strongly security-focused (even though my use case may reduce overall
system security), project started by a security-focused company
- strong separation between domains, secure dom0-domU and domU/domU
exchanges
- uses "advanced" (for me) Xen capabilities, so it's also a good
learning tool for Xen itself
- even if totally noob, you can follow a few guides and get started
quickly, -with- network access (and then you consult the online docs
from Qubes)
- when you know what you're doing, it can provide a quick
"click-click-it works" experience
- opinion (srsly, again?) : it should be the next-gen OS for everyone,
at home or at work (hey Marek, when are u switching to a Debian-based
dom0, which can prevent from using closed source firmware ? ;) Ah the
usability/security dilemna)
I'd like to play with it some day. If not for you, Qubes would not be currently on my radar. Thanks for that.
--------------
Slackware
--------------
- because it's the system I learnt Linux on, and I actively participated
during the creation of "docs.slackware.com" ^^
- so ... documentation !
- in-system/offline documentation: you can learn GNU/Linux w/o Internet
not only by reading the integrated docs, but most importantly by reading
the config files ! Strange to say nowadays though, but when you only
have a (not smart) phone at hand and try to reach the internet with 0
linux knowledge, everything is there for you to succeed ... Priceless.
- "if u wanna learn $distro, use $distro, if u wanna learn GNU/Linux,
use Slackware"
- Pat Volkerding, the BDFL, is a bright, knowledgeable and nice guy
adhering to the KISS philosophy (w/o comma). Never underestimate history.
- stability, security
- "raw" system, close to unix philosophies
- very nice community, with a ring-like structure: Pat provides the
base/ring0, his "guards" provide "easiness" (for peasants like me ^^)
(read slackbuilds by alien and more)
- you're in charge, not the system, but nowadays ...
- package managers ! (you can laugh, apt stuff is practical but -to me-
too much hand-holding)
- used to work on old RasPis/ARM (self-tested, Pi1B+), but
unfortunately, AFAIK support for old ARM archs had to be dropped cause
€€€ :(
- so again, it may help to have the same OS on desktops/laptops and ARM
SBCs.
A long time ago I made some Xen 4.x packages for Slackware, including a custom kernel, to get a dom0 going, just because it was Slack and because I enjoyed the challenge. Like you, Slackware was my first Linux distro. I ran it on a 486-133 Mhz. in 1996, dual booted with Win95. I bought like a 40MB hard drive with Slack from a guy I worked with at an ISP. We only had dial-up modems back then, so I would use Minicom to dial up to the ISP, then invoke pppd to setup the IP link. I kept up with Slack over the years, and I've cheered them on from the sidelines. I like that it's still a bit raw like Gentoo, but has packages and can be reasonably maintained. But I can't use it for Xen for the reasons already outlined.
--------------
XCP-ng
--------------
(== XenControlPanel-newgen ?)
Xen Cloud Platform - Next Generation.
I was around in the days of XCP (been using Xen since about 2007) and it was on my radar to try, but I never did. when I learned of XCP-NG, I was elated that they were continuing in the XCP spirit, and I resolved to give it a try some day.
Sorry but it needs a full paragraph for itself (again ?!), because this
is the exception amongst all others, as it's not really a distro per-se
that you install and then install Xen on top (below!), but a pre-built
all-in-one server solution.
Considering usability only, XCP-ng can be thought of like the
server-only version of Qubes: it also has a nice management GUI, but it
must be accessed from a remote host, usually via a browser. It also
provides, if u need it, Xen Orchestra, a web-based management interface
to your XCP-ng server [farm].
Note, and sorry for Citrix devs, that I omitted Citrix/XenServer from
the list as (last I've checked), it's not really home/enthusiastic-user
friendly.
Apologizes and correct me if I'm wrong, but this is my experience. In
fact, the very first Xen-based system I tried was Citrix XenServer (iirc
before XCP-ng even existed ? at least I didn't know of it), but it
imposed restrictions that were unacceptable for my use case,
particularly on PCI passthrough (wanted a "Network-in-a-box" solution,
so consolidating all my hosts into one, hence including PCI-PT for my
gaming/multimedia machines). Did that change ?
Then came XCP-ng ! An open-source fork of XenServer, with no
restrictions at all.
Note before my remarks, even though XCP-ng (or XenServer) can be used at
home, those are systems fully qualified to handle a farm of dom0s ! Read
"enterprise-ready", and even "big corps ready".
- first and foremost, XCP-ng provides a management interface "above"
Xen. It's called XAPI (Xen Project Management API), read more there :
"https://xenproject.org/developers/teams/xen-api/". Please note that the
company behind XCP-ng (vates.fr), is currently investing to rebuild the
Xen www and wiki/docs (and as a Debian-Xen team member I even urge/spam
them so we all can get docs as good as the software is)
- easy to use web interface: you can manage 1->n hypervisors, and like
Qubes, you don't need to know everything about Xen to create your first
domUs
- lightweight on the servers/hypervisors
- advanced Xen functionalities accessible via "click-click it works",
This has so many features I can't list em all (consult the docs). As a
vanilla Xen user, I can tell you : what I have to handle with home-made
scripts and/or manual intervention is all handled by the GUI (the
infamous difference between corporate-oriented software stack versus
i-do-it-in-my-cave)
- reactive and friendly community
- good documentation
- ofc, contributes a lot to Xen "base"
Yeah I'm thrilled that there is a product like XCP-NG to keep Xen alive in the eyes of the community, and to keep "pushing the envelope" from what we get out of virtualization. At some point I'm going to have to relent and learn KVM. However, currently on my plate is a need for resource consolidation, for which many people use Docker. Aside that I can't get over the name (ever been to one of those websites where they give definitions of various "urban" slang words?), OpenVZ accomplishes substantially the same thing and gives you a full OS which can be treated as such for provisioning purposes. With Xen and OVZ covering all my bases, my tolerance for learning something which is apparently redundant, is minimal at best.
Thanks again for your commentary!
-Ray
|
