.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "xl 1" .TH xl 1 "2021-03-24" "4.11.4" "Xen" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" xl \- Xen management tool, based on LibXenlight .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBxl\fR \fIsubcommand\fR [\fIargs\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBxl\fR program is the new tool for managing Xen guest domains. The program can be used to create, pause, and shutdown domains. It can also be used to list current domains, enable or pin VCPUs, and attach or detach virtual block devices. .PP The basic structure of every \fBxl\fR command is almost always: .Sp .RS 2 \&\fBxl\fR \fIsubcommand\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR .RE .PP Where \fIsubcommand\fR is one of the subcommands listed below, \fIdomain-id\fR is the numeric domain id, or the domain name (which will be internally translated to domain id), and \fI\s-1OPTIONS\s0\fR are subcommand specific options. There are a few exceptions to this rule in the cases where the subcommand in question acts on all domains, the entire machine, or directly on the Xen hypervisor. Those exceptions will be clear for each of those subcommands. .SH "NOTES" .IX Header "NOTES" .IP "start the script \fB/etc/init.d/xencommons\fR at boot time" 4 .IX Item "start the script /etc/init.d/xencommons at boot time" Most \fBxl\fR operations rely upon \fBxenstored\fR and \fBxenconsoled\fR: make sure you start the script \fB/etc/init.d/xencommons\fR at boot time to initialize all the daemons needed by \fBxl\fR. .IP "setup a \fBxenbr0\fR bridge in dom0" 4 .IX Item "setup a xenbr0 bridge in dom0" In the most common network configuration, you need to setup a bridge in dom0 named \fBxenbr0\fR in order to have a working network in the guest domains. Please refer to the documentation of your Linux distribution to know how to setup the bridge. .IP "\fBautoballoon\fR" 4 .IX Item "autoballoon" If you specify the amount of memory dom0 has, passing \fBdom0_mem\fR to Xen, it is highly recommended to disable \fBautoballoon\fR. Edit \&\fB/etc/xen/xl.conf\fR and set it to 0. .IP "run xl as \fBroot\fR" 4 .IX Item "run xl as root" Most \fBxl\fR commands require root privileges to run due to the communications channels used to talk to the hypervisor. Running as non root will return an error. .SH "GLOBAL OPTIONS" .IX Header "GLOBAL OPTIONS" Some global options are always available: .IP "\fB\-v\fR" 4 .IX Item "-v" Verbose. .IP "\fB\-N\fR" 4 .IX Item "-N" Dry run: do not actually execute the command. .IP "\fB\-f\fR" 4 .IX Item "-f" Force execution: xl will refuse to run some commands if it detects that xend is also running, this option will force the execution of those commands, even though it is unsafe. .IP "\fB\-t\fR" 4 .IX Item "-t" Always use carriage-return-based overwriting for displaying progress messages without scrolling the screen. Without \-t, this is done only if stderr is a tty. .SH "DOMAIN SUBCOMMANDS" .IX Header "DOMAIN SUBCOMMANDS" The following subcommands manipulate domains directly. As stated previously, most commands take \fIdomain-id\fR as the first parameter. .IP "\fBbutton-press\fR \fIdomain-id\fR \fIbutton\fR" 4 .IX Item "button-press domain-id button" \&\fIThis command is deprecated. Please use \f(CI\*(C`xl trigger\*(C'\fI instead.\fR .Sp Indicate an \s-1ACPI\s0 button press to the domain, where \fIbutton\fR can be 'power' or \&'sleep'. This command is only available for \s-1HVM\s0 domains. .IP "\fBcreate\fR [\fIconfigfile\fR] [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "create [configfile] [OPTIONS]" The create subcommand takes a config file as its first argument: see \&\fBxl.cfg\fR\|(5) for full details of the file format and possible options. If \fIconfigfile\fR is missing \fBxl\fR creates the domain assuming the default values for every option. .Sp \&\fIconfigfile\fR has to be an absolute path to a file. .Sp Create will return \fBas soon\fR as the domain is started. This \fBdoes not\fR mean the guest \s-1OS\s0 in the domain has actually booted, or is available for input. .Sp If the \fI\-F\fR option is specified, create will start the domain and not return until its death. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-q\fR, \fB\-\-quiet\fR" 4 .IX Item "-q, --quiet" No console output. .IP "\fB\-f=FILE\fR, \fB\-\-defconfig=FILE\fR" 4 .IX Item "-f=FILE, --defconfig=FILE" Use the given configuration file. .IP "\fB\-p\fR" 4 .IX Item "-p" Leave the domain paused after it is created. .IP "\fB\-F\fR" 4 .IX Item "-F" Run in foreground until death of the domain. .IP "\fB\-V\fR, \fB\-\-vncviewer\fR" 4 .IX Item "-V, --vncviewer" Attach to domain's \s-1VNC\s0 server, forking a vncviewer process. .IP "\fB\-A\fR, \fB\-\-vncviewer\-autopass\fR" 4 .IX Item "-A, --vncviewer-autopass" Pass the \s-1VNC\s0 password to vncviewer via stdin. .IP "\fB\-c\fR" 4 .IX Item "-c" Attach console to the domain as soon as it has started. This is useful for determining issues with crashing domains and just as a general convenience since you often want to watch the domain boot. .IP "\fBkey=value\fR" 4 .IX Item "key=value" It is possible to pass \fIkey=value\fR pairs on the command line to provide options as if they were written in the configuration file; these override whatever is in the \fIconfigfile\fR. .Sp \&\s-1NB:\s0 Many config options require characters such as quotes or brackets which are interpreted by the shell (and often discarded) before being passed to xl, resulting in xl being unable to parse the value correctly. A simple work-around is to put all extra options within a single set of quotes, separated by semicolons. (See below for an example.) .RE .RS 4 .Sp \&\fB\s-1EXAMPLES\s0\fR .IP "\fIwith config file\fR" 4 .IX Item "with config file" .Vb 1 \& xl create DebianLenny .Ve .Sp This creates a domain with the file /etc/xen/DebianLenny, and returns as soon as it is run. .IP "\fIwith extra parameters\fR" 4 .IX Item "with extra parameters" .Vb 1 \& xl create hvm.cfg \*(Aqcpus="0\-3"; pci=["01:05.1","01:05.2"]\*(Aq .Ve .Sp This creates a domain with the file hvm.cfg, but additionally pins it to cpus 0\-3, and passes through two \s-1PCI\s0 devices. .RE .RS 4 .RE .IP "\fBconfig-update\fR \fIdomain-id\fR [\fIconfigfile\fR] [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "config-update domain-id [configfile] [OPTIONS]" Update the saved configuration for a running domain. This has no immediate effect but will be applied when the guest is next restarted. This command is useful to ensure that runtime modifications made to the guest will be preserved when the guest is restarted. .Sp Since Xen 4.5 xl has improved capabilities to handle dynamic domain configuration changes and will preserve any changes made at runtime when necessary. Therefore it should not normally be necessary to use this command any more. .Sp \&\fIconfigfile\fR has to be an absolute path to a file. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-f=FILE\fR, \fB\-\-defconfig=FILE\fR" 4 .IX Item "-f=FILE, --defconfig=FILE" Use the given configuration file. .IP "\fBkey=value\fR" 4 .IX Item "key=value" It is possible to pass \fIkey=value\fR pairs on the command line to provide options as if they were written in the configuration file; these override whatever is in the \fIconfigfile\fR. Please see the note under \fIcreate\fR on handling special characters when passing \&\fIkey=value\fR pairs on the command line. .RE .RS 4 .RE .IP "\fBconsole\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR" 4 .IX Item "console [OPTIONS] domain-id" Attach to the console of a domain specified by \fIdomain-id\fR. If you've set up your domains to have a traditional login console this will look much like a normal text login screen. .Sp Use the key combination Ctrl+] to detach from the domain console. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fI\-t [pv|serial]\fR" 4 .IX Item "-t [pv|serial]" Connect to a \s-1PV\s0 console or connect to an emulated serial console. \&\s-1PV\s0 consoles are the only consoles available for \s-1PV\s0 domains while \s-1HVM\s0 domains can have both. If this option is not specified it defaults to emulated serial for \s-1HVM\s0 guests and \s-1PV\s0 console for \s-1PV\s0 guests. .IP "\fI\-n \s-1NUM\s0\fR" 4 .IX Item "-n NUM" Connect to console number \fI\s-1NUM\s0\fR. Console numbers start from 0. .RE .RS 4 .RE .IP "\fBdestroy\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR" 4 .IX Item "destroy [OPTIONS] domain-id" Immediately terminate the domain specified by \fIdomain-id\fR. This doesn't give the domain \s-1OS\s0 any chance to react, and is the equivalent of ripping the power cord out on a physical machine. In most cases you will want to use the \&\fBshutdown\fR command instead. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fI\-f\fR" 4 .IX Item "-f" Allow domain 0 to be destroyed. Because a domain cannot destroy itself, this is only possible when using a disaggregated toolstack, and is most useful when using a hardware domain separated from domain 0. .RE .RS 4 .RE .IP "\fBdomid\fR \fIdomain-name\fR" 4 .IX Item "domid domain-name" Converts a domain name to a domain id. .IP "\fBdomname\fR \fIdomain-id\fR" 4 .IX Item "domname domain-id" Converts a domain id to a domain name. .IP "\fBrename\fR \fIdomain-id\fR \fInew-name\fR" 4 .IX Item "rename domain-id new-name" Change the domain name of a domain specified by \fIdomain-id\fR to \fInew-name\fR. .IP "\fBdump-core\fR \fIdomain-id\fR [\fIfilename\fR]" 4 .IX Item "dump-core domain-id [filename]" Dumps the virtual machine's memory for the specified domain to the \&\fIfilename\fR specified, without pausing the domain. The dump file will be written to a distribution specific directory for dump files, for example: /var/lib/xen/dump/dump. .IP "\fBhelp\fR [\fI\-\-long\fR]" 4 .IX Item "help [--long]" Displays the short help message (i.e. common commands) by default. .Sp If the \fI\-\-long\fR option is specified, it displays the complete set of \fBxl\fR subcommands, grouped by function. .IP "\fBlist\fR [\fI\s-1OPTIONS\s0\fR] [\fIdomain-id\fR ...]" 4 .IX Item "list [OPTIONS] [domain-id ...]" Displays information about one or more domains. If no domains are specified it displays information about all domains. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-l\fR, \fB\-\-long\fR" 4 .IX Item "-l, --long" The output for \fBxl list\fR is not the table view shown below, but instead presents the data as a \s-1JSON\s0 data structure. .IP "\fB\-Z\fR, \fB\-\-context\fR" 4 .IX Item "-Z, --context" Also displays the security labels. .IP "\fB\-v\fR, \fB\-\-verbose\fR" 4 .IX Item "-v, --verbose" Also displays the domain UUIDs, the shutdown reason and security labels. .IP "\fB\-c\fR, \fB\-\-cpupool\fR" 4 .IX Item "-c, --cpupool" Also displays the cpupool the domain belongs to. .IP "\fB\-n\fR, \fB\-\-numa\fR" 4 .IX Item "-n, --numa" Also displays the domain \s-1NUMA\s0 node affinity. .RE .RS 4 .Sp \&\fB\s-1EXAMPLE\s0\fR .Sp An example format for the list is as follows: .Sp .Vb 4 \& Name ID Mem VCPUs State Time(s) \& Domain\-0 0 750 4 r\-\-\-\-\- 11794.3 \& win 1 1019 1 r\-\-\-\-\- 0.3 \& linux 2 2048 2 r\-\-\-\-\- 5624.2 .Ve .Sp Name is the name of the domain. \s-1ID\s0 the numeric domain id. Mem is the desired amount of memory to allocate to the domain (although it may not be the currently allocated amount). VCPUs is the number of virtual CPUs allocated to the domain. State is the run state (see below). Time is the total run time of the domain as accounted for by Xen. .Sp \&\fB\s-1STATES\s0\fR .Sp The State field lists 6 states for a Xen domain, and which ones the current domain is in. .IP "\fBr \- running\fR" 4 .IX Item "r - running" The domain is currently running on a \s-1CPU.\s0 .IP "\fBb \- blocked\fR" 4 .IX Item "b - blocked" The domain is blocked, and not running or runnable. This can be because the domain is waiting on \s-1IO\s0 (a traditional wait state) or has gone to sleep because there was nothing else for it to do. .IP "\fBp \- paused\fR" 4 .IX Item "p - paused" The domain has been paused, usually occurring through the administrator running \fBxl pause\fR. When in a paused state the domain will still consume allocated resources (like memory), but will not be eligible for scheduling by the Xen hypervisor. .IP "\fBs \- shutdown\fR" 4 .IX Item "s - shutdown" The guest \s-1OS\s0 has shut down (SCHEDOP_shutdown has been called) but the domain is not dying yet. .IP "\fBc \- crashed\fR" 4 .IX Item "c - crashed" The domain has crashed, which is always a violent ending. Usually this state only occurs if the domain has been configured not to restart on a crash. See \fBxl.cfg\fR\|(5) for more info. .IP "\fBd \- dying\fR" 4 .IX Item "d - dying" The domain is in the process of dying, but hasn't completely shut down or crashed. .RE .RS 4 .Sp \&\fB\s-1NOTES\s0\fR .Sp .RS 4 The Time column is deceptive. Virtual \s-1IO\s0 (network and block devices) used by the domains requires coordination by Domain0, which means that Domain0 is actually charged for much of the time that a DomainU is doing \s-1IO.\s0 Use of this time value to determine relative utilizations by domains is thus very unreliable, as a high \s-1IO\s0 workload may show as less utilized than a high \s-1CPU\s0 workload. Consider yourself warned. .RE .RE .RS 4 .RE .IP "\fBmem-max\fR \fIdomain-id\fR \fImem\fR" 4 .IX Item "mem-max domain-id mem" Specify the maximum amount of memory the domain is able to use, appending 't' for terabytes, 'g' for gigabytes, 'm' for megabytes, 'k' for kilobytes and 'b' for bytes. .Sp The mem-max value may not correspond to the actual memory used in the domain, as it may balloon down its memory to give more back to the \s-1OS.\s0 .Sp The value given just sets the memory amount the domain is allowed to allocate in the hypervisor. It can't be set lower than the current reservation, but it is allowed to be higher than the configured maximum memory size of the domain (\fBmaxmem\fR parameter in the domain's configuration). Using \fBxl mem-max\fR to set the maximum memory above the initial \fBmaxmem\fR value will not allow the additional memory to be used via \fBxl mem-set\fR. The initial \fBmaxmem\fR value is still used as an upper limit for \fBxl mem-set\fR. .Sp The domain will not receive any signal regarding the changed memory limit. .IP "\fBmem-set\fR \fIdomain-id\fR \fImem\fR" 4 .IX Item "mem-set domain-id mem" Set the domain's used memory using the balloon driver; append 't' for terabytes, 'g' for gigabytes, 'm' for megabytes, 'k' for kilobytes and 'b' for bytes. .Sp Because this operation requires cooperation from the domain operating system, there is no guarantee that it will succeed. This command will definitely not work unless the domain has the required paravirt driver. .Sp \&\fBWarning:\fR There is no good way to know in advance how small of a mem-set will make a domain unstable and cause it to crash. Be very careful when using this command on running domains. .IP "\fBmigrate\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR \fIhost\fR" 4 .IX Item "migrate [OPTIONS] domain-id host" Migrate a domain to another host machine. By default \fBxl\fR relies on ssh as a transport mechanism between the two hosts. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-s\fR \fIsshcommand\fR" 4 .IX Item "-s sshcommand" Use instead of ssh. String will be passed to sh. If empty, run instead of ssh xl migrate-receive [\-d \-e]. .IP "\fB\-e\fR" 4 .IX Item "-e" On the new , do not wait in the background for the death of the domain. See the corresponding option of the \fIcreate\fR subcommand. .IP "\fB\-C\fR \fIconfig\fR" 4 .IX Item "-C config" Send the specified file instead of the file used on creation of the domain. .IP "\fB\-\-debug\fR" 4 .IX Item "--debug" Display huge (!) amount of debug information during the migration process. .IP "\fB\-p\fR" 4 .IX Item "-p" Leave the domain on the receive side paused after migration. .RE .RS 4 .RE .IP "\fBremus\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR \fIhost\fR" 4 .IX Item "remus [OPTIONS] domain-id host" Enable Remus \s-1HA\s0 or \s-1COLO HA\s0 for domain. By default \fBxl\fR relies on ssh as a transport mechanism between the two hosts. .Sp \&\fB\s-1NOTES\s0\fR .RS 4 .Sp .RS 4 Remus support in xl is still in experimental (proof-of-concept) phase. Disk replication support is limited to \s-1DRBD\s0 disks. .Sp \&\s-1COLO\s0 support in xl is still in experimental (proof-of-concept) phase. All options are subject to change in the future. .RE .RE .RS 4 .Sp \&\s-1COLO\s0 disk configuration looks like: .Sp .Vb 1 \& disk = [\*(Aq...,colo,colo\-host=xxx,colo\-port=xxx,colo\-export=xxx,active\-disk=xxx,hidden\-disk=xxx...\*(Aq] .Ve .Sp The supported options are: .IP "\fBcolo-host\fR : Secondary host's ip address." 4 .IX Item "colo-host : Secondary host's ip address." .PD 0 .IP "\fBcolo-port\fR : Secondary host's port, we will run a nbd server on the secondary host, and the nbd server will listen on this port." 4 .IX Item "colo-port : Secondary host's port, we will run a nbd server on the secondary host, and the nbd server will listen on this port." .IP "\fBcolo-export\fR : Nbd server's disk export name of the secondary host." 4 .IX Item "colo-export : Nbd server's disk export name of the secondary host." .IP "\fBactive-disk\fR : Secondary's guest write will be buffered to this disk, and it's used by the secondary." 4 .IX Item "active-disk : Secondary's guest write will be buffered to this disk, and it's used by the secondary." .IP "\fBhidden-disk\fR : Primary's modified contents will be buffered in this disk, and it's used by the secondary." 4 .IX Item "hidden-disk : Primary's modified contents will be buffered in this disk, and it's used by the secondary." .RE .RS 4 .PD .Sp \&\s-1COLO\s0 network configuration looks like: .Sp .Vb 1 \& vif = [ \*(Aq...,forwarddev=xxx,...\*(Aq] .Ve .Sp The supported options are: .IP "\fBforwarddev\fR : Forward devices for the primary and the secondary, they are directly connected." 4 .IX Item "forwarddev : Forward devices for the primary and the secondary, they are directly connected." .RE .RS 4 .Sp \&\fB\s-1OPTIONS\s0\fR .IP "\fB\-i\fR \fI\s-1MS\s0\fR" 4 .IX Item "-i MS" Checkpoint domain memory every \s-1MS\s0 milliseconds (default 200ms). .IP "\fB\-u\fR" 4 .IX Item "-u" Disable memory checkpoint compression. .IP "\fB\-s\fR \fIsshcommand\fR" 4 .IX Item "-s sshcommand" Use instead of ssh. String will be passed to sh. If empty, run instead of ssh xl migrate-receive \-r [\-e]. .IP "\fB\-e\fR" 4 .IX Item "-e" On the new , do not wait in the background for the death of the domain. See the corresponding option of the \fIcreate\fR subcommand. .IP "\fB\-N\fR \fInetbufscript\fR" 4 .IX Item "-N netbufscript" Use to setup network buffering instead of the default script (/etc/xen/scripts/remus\-netbuf\-setup). .IP "\fB\-F\fR" 4 .IX Item "-F" Run Remus in unsafe mode. Use this option with caution as failover may not work as intended. .IP "\fB\-b\fR" 4 .IX Item "-b" Replicate memory checkpoints to /dev/null (blackhole). Generally useful for debugging. Requires enabling unsafe mode. .IP "\fB\-n\fR" 4 .IX Item "-n" Disable network output buffering. Requires enabling unsafe mode. .IP "\fB\-d\fR" 4 .IX Item "-d" Disable disk replication. Requires enabling unsafe mode. .IP "\fB\-c\fR" 4 .IX Item "-c" Enable \s-1COLO HA.\s0 This conflicts with \fB\-i\fR and \fB\-b\fR, and memory checkpoint compression must be disabled. .IP "\fB\-p\fR" 4 .IX Item "-p" Use userspace \s-1COLO\s0 Proxy. This option must be used in conjunction with \fB\-c\fR. .RE .RS 4 .RE .IP "\fBpause\fR \fIdomain-id\fR" 4 .IX Item "pause domain-id" Pause a domain. When in a paused state the domain will still consume allocated resources (such as memory), but will not be eligible for scheduling by the Xen hypervisor. .IP "\fBreboot\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR" 4 .IX Item "reboot [OPTIONS] domain-id" Reboot a domain. This acts just as if the domain had the \fBreboot\fR command run from the console. The command returns as soon as it has executed the reboot action, which may be significantly earlier than when the domain actually reboots. .Sp For \s-1HVM\s0 domains this requires \s-1PV\s0 drivers to be installed in your guest \&\s-1OS.\s0 If \s-1PV\s0 drivers are not present but you have configured the guest \s-1OS\s0 to behave appropriately you may be able to use the \fI\-F\fR option to trigger a reset button press. .Sp The behavior of what happens to a domain when it reboots is set by the \&\fBon_reboot\fR parameter of the domain configuration file when the domain was created. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-F\fR" 4 .IX Item "-F" If the guest does not support \s-1PV\s0 reboot control then fallback to sending an \s-1ACPI\s0 power event (equivalent to the \fIreset\fR option to \&\fItrigger\fR). .Sp You should ensure that the guest is configured to behave as expected in response to this event. .RE .RS 4 .RE .IP "\fBrestore\fR [\fI\s-1OPTIONS\s0\fR] [\fIconfigfile\fR] \fIcheckpointfile\fR" 4 .IX Item "restore [OPTIONS] [configfile] checkpointfile" Build a domain from an \fBxl save\fR state file. See \fBsave\fR for more info. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-p\fR" 4 .IX Item "-p" Do not unpause the domain after restoring it. .IP "\fB\-e\fR" 4 .IX Item "-e" Do not wait in the background for the death of the domain on the new host. See the corresponding option of the \fIcreate\fR subcommand. .IP "\fB\-d\fR" 4 .IX Item "-d" Enable debug messages. .IP "\fB\-V\fR, \fB\-\-vncviewer\fR" 4 .IX Item "-V, --vncviewer" Attach to the domain's \s-1VNC\s0 server, forking a vncviewer process. .IP "\fB\-A\fR, \fB\-\-vncviewer\-autopass\fR" 4 .IX Item "-A, --vncviewer-autopass" Pass the \s-1VNC\s0 password to vncviewer via stdin. .RE .RS 4 .RE .IP "\fBsave\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR \fIcheckpointfile\fR [\fIconfigfile\fR]" 4 .IX Item "save [OPTIONS] domain-id checkpointfile [configfile]" Saves a running domain to a state file so that it can be restored later. Once saved, the domain will no longer be running on the system, unless the \-c or \-p options are used. \&\fBxl restore\fR restores from this checkpoint file. Passing a config file argument allows the user to manually select the \s-1VM\s0 config file used to create the domain. .RS 4 .IP "\fB\-c\fR" 4 .IX Item "-c" Leave the domain running after creating the snapshot. .IP "\fB\-p\fR" 4 .IX Item "-p" Leave the domain paused after creating the snapshot. .RE .RS 4 .RE .IP "\fBsharing\fR [\fIdomain-id\fR]" 4 .IX Item "sharing [domain-id]" Display the number of shared pages for a specified domain. If no domain is specified it displays information about all domains. .IP "\fBshutdown\fR [\fI\s-1OPTIONS\s0\fR] \fI\-a|domain\-id\fR" 4 .IX Item "shutdown [OPTIONS] -a|domain-id" Gracefully shuts down a domain. This coordinates with the domain \s-1OS\s0 to perform graceful shutdown, so there is no guarantee that it will succeed, and may take a variable length of time depending on what services must be shut down in the domain. .Sp For \s-1HVM\s0 domains this requires \s-1PV\s0 drivers to be installed in your guest \&\s-1OS.\s0 If \s-1PV\s0 drivers are not present but you have configured the guest \s-1OS\s0 to behave appropriately you may be able to use the \fI\-F\fR option to trigger a power button press. .Sp The command returns immediately after signaling the domain unless the \&\fB\-w\fR flag is used. .Sp The behavior of what happens to a domain when it reboots is set by the \&\fBon_shutdown\fR parameter of the domain configuration file when the domain was created. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-a\fR, \fB\-\-all\fR" 4 .IX Item "-a, --all" Shutdown all guest domains. Often used when doing a complete shutdown of a Xen system. .IP "\fB\-w\fR, \fB\-\-wait\fR" 4 .IX Item "-w, --wait" Wait for the domain to complete shutdown before returning. .IP "\fB\-F\fR" 4 .IX Item "-F" If the guest does not support \s-1PV\s0 shutdown control then fallback to sending an \s-1ACPI\s0 power event (equivalent to the \fIpower\fR option to \&\fItrigger\fR). .Sp You should ensure that the guest is configured to behave as expected in response to this event. .RE .RS 4 .RE .IP "\fBsysrq\fR \fIdomain-id\fR \fIletter\fR" 4 .IX Item "sysrq domain-id letter" Send a to the domain, each type of request is represented by a different letter. It can be used to send SysRq requests to Linux guests, see sysrq.txt in your Linux Kernel sources for more information. It requires \s-1PV\s0 drivers to be installed in your guest \s-1OS.\s0 .IP "\fBtrigger\fR \fIdomain-id\fR \fInmi|reset|init|power|sleep|s3resume\fR [\fI\s-1VCPU\s0\fR]" 4 .IX Item "trigger domain-id nmi|reset|init|power|sleep|s3resume [VCPU]" Send a trigger to a domain, where the trigger can be: nmi, reset, init, power or sleep. Optionally a specific vcpu number can be passed as an argument. This command is only available for \s-1HVM\s0 domains. .IP "\fBunpause\fR \fIdomain-id\fR" 4 .IX Item "unpause domain-id" Moves a domain out of the paused state. This will allow a previously paused domain to now be eligible for scheduling by the Xen hypervisor. .IP "\fBvcpu-set\fR \fIdomain-id\fR \fIvcpu-count\fR" 4 .IX Item "vcpu-set domain-id vcpu-count" Enables the \fIvcpu-count\fR virtual CPUs for the domain in question. Like mem-set, this command can only allocate up to the maximum virtual \&\s-1CPU\s0 count configured at boot for the domain. .Sp If the \fIvcpu-count\fR is smaller than the current number of active VCPUs, the highest number VCPUs will be hotplug removed. This may be important for pinning purposes. .Sp Attempting to set the VCPUs to a number larger than the initially configured \s-1VCPU\s0 count is an error. Trying to set VCPUs to < 1 will be quietly ignored. .Sp Some guests may need to actually bring the newly added \s-1CPU\s0 online after \fBvcpu-set\fR, go to \fB\s-1SEE ALSO\s0\fR section for information. .IP "\fBvcpu-list\fR [\fIdomain-id\fR]" 4 .IX Item "vcpu-list [domain-id]" Lists \s-1VCPU\s0 information for a specific domain. If no domain is specified, \s-1VCPU\s0 information for all domains will be provided. .IP "\fBvcpu-pin\fR [\fI\-f|\-\-force\fR] \fIdomain-id\fR \fIvcpu\fR \fIcpus hard\fR \fIcpus soft\fR" 4 .IX Item "vcpu-pin [-f|--force] domain-id vcpu cpus hard cpus soft" Set hard and soft affinity for a \fIvcpu\fR of . Normally VCPUs can float between available CPUs whenever Xen deems a different run state is appropriate. .Sp Hard affinity can be used to restrict this, by ensuring certain VCPUs can only run on certain physical CPUs. Soft affinity specifies a \fIpreferred\fR set of CPUs. Soft affinity needs special support in the scheduler, which is only provided in credit1. .Sp The keyword \fBall\fR can be used to apply the hard and soft affinity masks to all the VCPUs in the domain. The symbol '\-' can be used to leave either hard or soft affinity alone. .Sp For example: .Sp .Vb 1 \& xl vcpu\-pin 0 3 \- 6\-9 .Ve .Sp will set soft affinity for vCPU 3 of domain 0 to pCPUs 6,7,8 and 9, leaving its hard affinity untouched. On the other hand: .Sp .Vb 1 \& xl vcpu\-pin 0 3 3,4 6\-9 .Ve .Sp will set both hard and soft affinity, the former to pCPUs 3 and 4, the latter to pCPUs 6,7,8, and 9. .Sp Specifying \fI\-f\fR or \fI\-\-force\fR will remove a temporary pinning done by the operating system (normally this should be done by the operating system). In case a temporary pinning is active for a vcpu the affinity of this vcpu can't be changed without this option. .IP "\fBvm-list\fR" 4 .IX Item "vm-list" Prints information about guests. This list excludes information about service or auxiliary domains such as dom0 and stubdoms. .Sp \&\fB\s-1EXAMPLE\s0\fR .Sp An example format for the list is as follows: .Sp .Vb 3 \& UUID ID name \& 59e1cf6c\-6ab9\-4879\-90e7\-adc8d1c63bf5 2 win \& 50bc8f75\-81d0\-4d53\-b2e6\-95cb44e2682e 3 linux .Ve .IP "\fBvncviewer\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR" 4 .IX Item "vncviewer [OPTIONS] domain-id" Attach to the domain's \s-1VNC\s0 server, forking a vncviewer process. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fI\-\-autopass\fR" 4 .IX Item "--autopass" Pass the \s-1VNC\s0 password to vncviewer via stdin. .RE .RS 4 .RE .SH "XEN HOST SUBCOMMANDS" .IX Header "XEN HOST SUBCOMMANDS" .IP "\fBdebug-keys\fR \fIkeys\fR" 4 .IX Item "debug-keys keys" Send debug \fIkeys\fR to Xen. It is the same as pressing the Xen \&\*(L"conswitch\*(R" (Ctrl-A by default) three times and then pressing \*(L"keys\*(R". .IP "\fBset-parameters\fR \fIparams\fR" 4 .IX Item "set-parameters params" Set hypervisor parameters as specified in \fIparams\fR. This allows for some boot parameters of the hypervisor to be modified in the running systems. .IP "\fBdmesg\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "dmesg [OPTIONS]" Reads the Xen message buffer, similar to dmesg on a Linux system. The buffer contains informational, warning, and error messages created during Xen's boot process. If you are having problems with Xen, this is one of the first places to look as part of problem determination. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-c\fR, \fB\-\-clear\fR" 4 .IX Item "-c, --clear" Clears Xen's message buffer. .RE .RS 4 .RE .IP "\fBinfo\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "info [OPTIONS]" Print information about the Xen host in \fIname : value\fR format. When reporting a Xen bug, please provide this information as part of the bug report. See \fIhttp://wiki.xen.org/xenwiki/ReportingBugs\fR on how to report Xen bugs. .Sp Sample output looks as follows: .Sp .Vb 10 \& host : scarlett \& release : 3.1.0\-rc4+ \& version : #1001 SMP Wed Oct 19 11:09:54 UTC 2011 \& machine : x86_64 \& nr_cpus : 4 \& nr_nodes : 1 \& cores_per_socket : 4 \& threads_per_core : 1 \& cpu_mhz : 2266 \& hw_caps : bfebfbff:28100800:00000000:00003b40:009ce3bd:00000000:00000001:00000000 \& virt_caps : hvm hvm_directio \& total_memory : 6141 \& free_memory : 4274 \& free_cpus : 0 \& outstanding_claims : 0 \& xen_major : 4 \& xen_minor : 2 \& xen_extra : \-unstable \& xen_caps : xen\-3.0\-x86_64 xen\-3.0\-x86_32p hvm\-3.0\-x86_32 hvm\-3.0\-x86_32p hvm\-3.0\-x86_64 \& xen_scheduler : credit \& xen_pagesize : 4096 \& platform_params : virt_start=0xffff800000000000 \& xen_changeset : Wed Nov 02 17:09:09 2011 +0000 24066:54a5e994a241 \& xen_commandline : com1=115200,8n1 guest_loglvl=all dom0_mem=750M console=com1 \& cc_compiler : gcc version 4.4.5 (Debian 4.4.5\-8) \& cc_compile_by : sstabellini \& cc_compile_domain : uk.xensource.com \& cc_compile_date : Tue Nov 8 12:03:05 UTC 2011 \& xend_config_format : 4 .Ve .Sp \&\fB\s-1FIELDS\s0\fR .Sp Not all fields will be explained here, but some of the less obvious ones deserve explanation: .RS 4 .IP "\fBhw_caps\fR" 4 .IX Item "hw_caps" A vector showing what hardware capabilities are supported by your processor. This is equivalent to, though more cryptic, the flags field in /proc/cpuinfo on a normal Linux machine: they both derive from the feature bits returned by the cpuid command on x86 platforms. .IP "\fBfree_memory\fR" 4 .IX Item "free_memory" Available memory (in \s-1MB\s0) not allocated to Xen, or any other domains, or claimed for domains. .IP "\fBoutstanding_claims\fR" 4 .IX Item "outstanding_claims" When a claim call is done (see xl.conf) a reservation for a specific amount of pages is set and also a global value is incremented. This global value (outstanding_claims) is then reduced as the domain's memory is populated and eventually reaches zero. Most of the time the value will be zero, but if you are launching multiple guests, and \fBclaim_mode\fR is enabled, this value can increase/decrease. Note that the value also affects the \fBfree_memory\fR \- as it will reflect the free memory in the hypervisor minus the outstanding pages claimed for guests. See xl \fIinfo\fR \fBclaims\fR parameter for detailed listing. .IP "\fBxen_caps\fR" 4 .IX Item "xen_caps" The Xen version and architecture. Architecture values can be one of: x86_32, x86_32p (i.e. \s-1PAE\s0 enabled), x86_64, ia64. .IP "\fBxen_changeset\fR" 4 .IX Item "xen_changeset" The Xen mercurial changeset id. Very useful for determining exactly what version of code your Xen system was built from. .RE .RS 4 .Sp \&\fB\s-1OPTIONS\s0\fR .IP "\fB\-n\fR, \fB\-\-numa\fR" 4 .IX Item "-n, --numa" List host \s-1NUMA\s0 topology information .RE .RS 4 .RE .IP "\fBtop\fR" 4 .IX Item "top" Executes the \fB\fBxentop\fB\|(1)\fR command, which provides real time monitoring of domains. Xentop has a curses interface, and is reasonably self explanatory. .IP "\fBuptime\fR" 4 .IX Item "uptime" Prints the current uptime of the domains running. .IP "\fBclaims\fR" 4 .IX Item "claims" Prints information about outstanding claims by the guests. This provides the outstanding claims and currently populated memory count for the guests. These values added up reflect the global outstanding claim value, which is provided via the \fIinfo\fR argument, \fBoutstanding_claims\fR value. The \fBMem\fR column has the cumulative value of outstanding claims and the total amount of memory that has been right now allocated to the guest. .Sp \&\fB\s-1EXAMPLE\s0\fR .Sp An example format for the list is as follows: .Sp .Vb 5 \& Name ID Mem VCPUs State Time(s) Claimed \& Domain\-0 0 2047 4 r\-\-\-\-\- 19.7 0 \& OL5 2 2048 1 \-\-p\-\-\- 0.0 847 \& OL6 3 1024 4 r\-\-\-\-\- 5.9 0 \& Windows_XP 4 2047 1 \-\-p\-\-\- 0.0 1989 .Ve .Sp In which it can be seen that the \s-1OL5\s0 guest still has 847MB of claimed memory (out of the total 2048MB where 1191MB has been allocated to the guest). .SH "SCHEDULER SUBCOMMANDS" .IX Header "SCHEDULER SUBCOMMANDS" Xen ships with a number of domain schedulers, which can be set at boot time with the \fBsched=\fR parameter on the Xen command line. By default \fBcredit\fR is used for scheduling. .IP "\fBsched-credit\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "sched-credit [OPTIONS]" Set or get credit (aka credit1) scheduler parameters. The credit scheduler is a proportional fair share \s-1CPU\s0 scheduler built from the ground up to be work conserving on \s-1SMP\s0 hosts. .Sp Each domain (including Domain0) is assigned a weight and a cap. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-d \s-1DOMAIN\s0\fR, \fB\-\-domain=DOMAIN\fR" 4 .IX Item "-d DOMAIN, --domain=DOMAIN" Specify domain for which scheduler parameters are to be modified or retrieved. Mandatory for modifying scheduler parameters. .IP "\fB\-w \s-1WEIGHT\s0\fR, \fB\-\-weight=WEIGHT\fR" 4 .IX Item "-w WEIGHT, --weight=WEIGHT" A domain with a weight of 512 will get twice as much \s-1CPU\s0 as a domain with a weight of 256 on a contended host. Legal weights range from 1 to 65535 and the default is 256. .IP "\fB\-c \s-1CAP\s0\fR, \fB\-\-cap=CAP\fR" 4 .IX Item "-c CAP, --cap=CAP" The cap optionally fixes the maximum amount of \s-1CPU\s0 a domain will be able to consume, even if the host system has idle \s-1CPU\s0 cycles. The cap is expressed in percentage of one physical \s-1CPU: 100\s0 is 1 physical \s-1CPU, 50\s0 is half a \s-1CPU, 400\s0 is 4 CPUs, etc. The default, 0, means there is no upper cap. .Sp \&\s-1NB:\s0 Many systems have features that will scale down the computing power of a cpu that is not 100% utilized. This can be in the operating system, but can also sometimes be below the operating system in the \s-1BIOS.\s0 If you set a cap such that individual cores are running at less than 100%, this may have an impact on the performance of your workload over and above the impact of the cap. For example, if your processor runs at 2GHz, and you cap a vm at 50%, the power management system may also reduce the clock speed to 1GHz; the effect will be that your \s-1VM\s0 gets 25% of the available power (50% of 1GHz) rather than 50% (50% of 2GHz). If you are not getting the performance you expect, look at performance and cpufreq options in your operating system and your \s-1BIOS.\s0 .IP "\fB\-p \s-1CPUPOOL\s0\fR, \fB\-\-cpupool=CPUPOOL\fR" 4 .IX Item "-p CPUPOOL, --cpupool=CPUPOOL" Restrict output to domains in the specified cpupool. .IP "\fB\-s\fR, \fB\-\-schedparam\fR" 4 .IX Item "-s, --schedparam" Specify to list or set pool-wide scheduler parameters. .IP "\fB\-t \s-1TSLICE\s0\fR, \fB\-\-tslice_ms=TSLICE\fR" 4 .IX Item "-t TSLICE, --tslice_ms=TSLICE" Timeslice tells the scheduler how long to allow VMs to run before pre-empting. The default is 30ms. Valid ranges are 1ms to 1000ms. The length of the timeslice (in ms) must be higher than the length of the ratelimit (see below). .IP "\fB\-r \s-1RLIMIT\s0\fR, \fB\-\-ratelimit_us=RLIMIT\fR" 4 .IX Item "-r RLIMIT, --ratelimit_us=RLIMIT" Ratelimit attempts to limit the number of schedules per second. It sets a minimum amount of time (in microseconds) a \s-1VM\s0 must run before we will allow a higher-priority \s-1VM\s0 to pre-empt it. The default value is 1000 microseconds (1ms). Valid range is 100 to 500000 (500ms). The ratelimit length must be lower than the timeslice length. .IP "\fB\-m \s-1DELAY\s0\fR, \fB\-\-migration_delay_us=DELAY\fR" 4 .IX Item "-m DELAY, --migration_delay_us=DELAY" Migration delay specifies for how long a vCPU, after it stopped running should be considered \*(L"cache-hot\*(R". Basically, if less than \s-1DELAY\s0 us passed since when the vCPU was executing on a \s-1CPU,\s0 it is likely that most of the vCPU's working set is still in the \s-1CPU\s0's cache, and therefore the vCPU is not migrated. .Sp Default is 0. Maximum is 100 ms. This can be effective at preventing vCPUs to bounce among CPUs too quickly, but, at the same time, the scheduler stops being fully work-conserving. .RE .RS 4 .Sp \&\fB\s-1COMBINATION\s0\fR .Sp The following is the effect of combining the above options: .IP "\fB\fR : List all domain params and sched params from all pools" 4 .IX Item " : List all domain params and sched params from all pools" .PD 0 .IP "\fB\-d [domid]\fR : List domain params for domain [domid]" 4 .IX Item "-d [domid] : List domain params for domain [domid]" .IP "\fB\-d [domid] [params]\fR : Set domain params for domain [domid]" 4 .IX Item "-d [domid] [params] : Set domain params for domain [domid]" .IP "\fB\-p [pool]\fR : list all domains and sched params for [pool]" 4 .IX Item "-p [pool] : list all domains and sched params for [pool]" .IP "\fB\-s\fR : List sched params for poolid 0" 4 .IX Item "-s : List sched params for poolid 0" .IP "\fB\-s [params]\fR : Set sched params for poolid 0" 4 .IX Item "-s [params] : Set sched params for poolid 0" .IP "\fB\-p [pool] \-s\fR : List sched params for [pool]" 4 .IX Item "-p [pool] -s : List sched params for [pool]" .IP "\fB\-p [pool] \-s [params]\fR : Set sched params for [pool]" 4 .IX Item "-p [pool] -s [params] : Set sched params for [pool]" .IP "\fB\-p [pool] \-d\fR... : Illegal" 4 .IX Item "-p [pool] -d... : Illegal" .RE .RS 4 .RE .IP "\fBsched\-credit2\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "sched-credit2 [OPTIONS]" .PD Set or get credit2 scheduler parameters. The credit2 scheduler is a proportional fair share \s-1CPU\s0 scheduler built from the ground up to be work conserving on \s-1SMP\s0 hosts. .Sp Each domain (including Domain0) is assigned a weight. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-d \s-1DOMAIN\s0\fR, \fB\-\-domain=DOMAIN\fR" 4 .IX Item "-d DOMAIN, --domain=DOMAIN" Specify domain for which scheduler parameters are to be modified or retrieved. Mandatory for modifying scheduler parameters. .IP "\fB\-w \s-1WEIGHT\s0\fR, \fB\-\-weight=WEIGHT\fR" 4 .IX Item "-w WEIGHT, --weight=WEIGHT" A domain with a weight of 512 will get twice as much \s-1CPU\s0 as a domain with a weight of 256 on a contended host. Legal weights range from 1 to 65535 and the default is 256. .IP "\fB\-p \s-1CPUPOOL\s0\fR, \fB\-\-cpupool=CPUPOOL\fR" 4 .IX Item "-p CPUPOOL, --cpupool=CPUPOOL" Restrict output to domains in the specified cpupool. .IP "\fB\-s\fR, \fB\-\-schedparam\fR" 4 .IX Item "-s, --schedparam" Specify to list or set pool-wide scheduler parameters. .IP "\fB\-r \s-1RLIMIT\s0\fR, \fB\-\-ratelimit_us=RLIMIT\fR" 4 .IX Item "-r RLIMIT, --ratelimit_us=RLIMIT" Attempts to limit the rate of context switching. It is basically the same as \fB\-\-ratelimit_us\fR in \fBsched-credit\fR .RE .RS 4 .RE .IP "\fBsched-rtds\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "sched-rtds [OPTIONS]" Set or get rtds (Real Time Deferrable Server) scheduler parameters. This rt scheduler applies Preemptive Global Earliest Deadline First real-time scheduling algorithm to schedule VCPUs in the system. Each \s-1VCPU\s0 has a dedicated period, budget and extratime. While scheduled, a \s-1VCPU\s0 burns its budget. A \s-1VCPU\s0 has its budget replenished at the beginning of each period; Unused budget is discarded at the end of each period. A \s-1VCPU\s0 with extratime set gets extra time from the unreserved system resource. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-d \s-1DOMAIN\s0\fR, \fB\-\-domain=DOMAIN\fR" 4 .IX Item "-d DOMAIN, --domain=DOMAIN" Specify domain for which scheduler parameters are to be modified or retrieved. Mandatory for modifying scheduler parameters. .IP "\fB\-v VCPUID/all\fR, \fB\-\-vcpuid=VCPUID/all\fR" 4 .IX Item "-v VCPUID/all, --vcpuid=VCPUID/all" Specify vcpu for which scheduler parameters are to be modified or retrieved. .IP "\fB\-p \s-1PERIOD\s0\fR, \fB\-\-period=PERIOD\fR" 4 .IX Item "-p PERIOD, --period=PERIOD" Period of time, in microseconds, over which to replenish the budget. .IP "\fB\-b \s-1BUDGET\s0\fR, \fB\-\-budget=BUDGET\fR" 4 .IX Item "-b BUDGET, --budget=BUDGET" Amount of time, in microseconds, that the \s-1VCPU\s0 will be allowed to run every period. .IP "\fB\-e Extratime\fR, \fB\-\-extratime=Extratime\fR" 4 .IX Item "-e Extratime, --extratime=Extratime" Binary flag to decide if the \s-1VCPU\s0 will be allowed to get extra time from the unreserved system resource. .IP "\fB\-c \s-1CPUPOOL\s0\fR, \fB\-\-cpupool=CPUPOOL\fR" 4 .IX Item "-c CPUPOOL, --cpupool=CPUPOOL" Restrict output to domains in the specified cpupool. .RE .RS 4 .Sp \&\fB\s-1EXAMPLE\s0\fR .Sp .RS 4 1) Use \fB\-v all\fR to see the budget and period of all the VCPUs of all the domains: .Sp .Vb 10 \& xl sched\-rtds \-v all \& Cpupool Pool\-0: sched=RTDS \& Name ID VCPU Period Budget Extratime \& Domain\-0 0 0 10000 4000 yes \& vm1 2 0 300 150 yes \& vm1 2 1 400 200 yes \& vm1 2 2 10000 4000 yes \& vm1 2 3 1000 500 yes \& vm2 4 0 10000 4000 yes \& vm2 4 1 10000 4000 yes .Ve .Sp Without any arguments, it will output the default scheduling parameters for each domain: .Sp .Vb 6 \& xl sched\-rtds \& Cpupool Pool\-0: sched=RTDS \& Name ID Period Budget Extratime \& Domain\-0 0 10000 4000 yes \& vm1 2 10000 4000 yes \& vm2 4 10000 4000 yes .Ve .Sp 2) Use, for instance, \fB\-d vm1, \-v all\fR to see the budget and period of all VCPUs of a specific domain (\fBvm1\fR): .Sp .Vb 6 \& xl sched\-rtds \-d vm1 \-v all \& Name ID VCPU Period Budget Extratime \& vm1 2 0 300 150 yes \& vm1 2 1 400 200 yes \& vm1 2 2 10000 4000 yes \& vm1 2 3 1000 500 yes .Ve .Sp To see the parameters of a subset of the VCPUs of a domain, use: .Sp .Vb 4 \& xl sched\-rtds \-d vm1 \-v 0 \-v 3 \& Name ID VCPU Period Budget Extratime \& vm1 2 0 300 150 yes \& vm1 2 3 1000 500 yes .Ve .Sp If no \fB\-v\fR is specified, the default scheduling parameters for the domain are shown: .Sp .Vb 3 \& xl sched\-rtds \-d vm1 \& Name ID Period Budget Extratime \& vm1 2 10000 4000 yes .Ve .Sp 3) Users can set the budget and period of multiple VCPUs of a specific domain with only one command, e.g., \*(L"xl sched-rtds \-d vm1 \-v 0 \-p 100 \-b 50 \-e 1 \-v 3 \-p 300 \-b 150 \-e 0\*(R". .Sp To change the parameters of all the VCPUs of a domain, use \fB\-v all\fR, e.g., \*(L"xl sched-rtds \-d vm1 \-v all \-p 500 \-b 250 \-e 1\*(R". .RE .RE .RS 4 .RE .SH "CPUPOOLS COMMANDS" .IX Header "CPUPOOLS COMMANDS" Xen can group the physical cpus of a server in cpu-pools. Each physical \s-1CPU\s0 is assigned at most to one cpu-pool. Domains are each restricted to a single cpu-pool. Scheduling does not cross cpu-pool boundaries, so each cpu-pool has its own scheduler. Physical cpus and domains can be moved from one cpu-pool to another only by an explicit command. Cpu-pools can be specified either by name or by id. .IP "\fBcpupool-create\fR [\fI\s-1OPTIONS\s0\fR] [\fIconfigfile\fR] [\fIvariable=value\fR ...]" 4 .IX Item "cpupool-create [OPTIONS] [configfile] [variable=value ...]" Create a cpu pool based an config from a \fIconfigfile\fR or command-line parameters. Variable settings from the \fIconfigfile\fR may be altered by specifying new or additional assignments on the command line. .Sp See the \fBxlcpupool.cfg\fR\|(5) manpage for more information. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-f=FILE\fR, \fB\-\-defconfig=FILE\fR" 4 .IX Item "-f=FILE, --defconfig=FILE" Use the given configuration file. .RE .RS 4 .RE .IP "\fBcpupool-list\fR [\fI\s-1OPTIONS\s0\fR] [\fIcpu-pool\fR]" 4 .IX Item "cpupool-list [OPTIONS] [cpu-pool]" List \s-1CPU\s0 pools on the host. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-c\fR, \fB\-\-cpus\fR" 4 .IX Item "-c, --cpus" If this option is specified, \fBxl\fR prints a list of CPUs used by \fIcpu-pool\fR. .RE .RS 4 .RE .IP "\fBcpupool-destroy\fR \fIcpu-pool\fR" 4 .IX Item "cpupool-destroy cpu-pool" Deactivates a cpu pool. This is possible only if no domain is active in the cpu-pool. .IP "\fBcpupool-rename\fR \fIcpu-pool\fR " 4 .IX Item "cpupool-rename cpu-pool " Renames a cpu-pool to \fInewname\fR. .IP "\fBcpupool-cpu-add\fR \fIcpu-pool\fR \fIcpus|node:nodes\fR" 4 .IX Item "cpupool-cpu-add cpu-pool cpus|node:nodes" Adds one or more CPUs or \s-1NUMA\s0 nodes to \fIcpu-pool\fR. CPUs and \s-1NUMA\s0 nodes can be specified as single CPU/node IDs or as ranges. .Sp For example: .Sp .Vb 3 \& (a) xl cpupool\-cpu\-add mypool 4 \& (b) xl cpupool\-cpu\-add mypool 1,5,10\-16,^13 \& (c) xl cpupool\-cpu\-add mypool node:0,nodes:2\-3,^10\-12,8 .Ve .Sp means adding \s-1CPU 4\s0 to mypool, in (a); adding CPUs 1,5,10,11,12,14,15 and 16, in (b); and adding all the CPUs of \s-1NUMA\s0 nodes 0, 2 and 3, plus \s-1CPU 8,\s0 but keeping out CPUs 10,11,12, in (c). .Sp All the specified CPUs that can be added to the cpupool will be added to it. If some \s-1CPU\s0 can't (e.g., because they're already part of another cpupool), an error is reported about each one of them. .IP "\fBcpupool-cpu-remove\fR \fIcpus|node:nodes\fR" 4 .IX Item "cpupool-cpu-remove cpus|node:nodes" Removes one or more CPUs or \s-1NUMA\s0 nodes from \fIcpu-pool\fR. CPUs and \s-1NUMA\s0 nodes can be specified as single CPU/node IDs or as ranges, using the exact same syntax as in \fBcpupool-cpu-add\fR above. .IP "\fBcpupool-migrate\fR \fIdomain-id\fR \fIcpu-pool\fR" 4 .IX Item "cpupool-migrate domain-id cpu-pool" Moves a domain specified by domain-id or domain-name into a cpu-pool. Domain\-0 can't be moved to another cpu-pool. .IP "\fBcpupool-numa-split\fR" 4 .IX Item "cpupool-numa-split" Splits up the machine into one cpu-pool per numa node. .SH "VIRTUAL DEVICE COMMANDS" .IX Header "VIRTUAL DEVICE COMMANDS" Most virtual devices can be added and removed while guests are running, assuming that the necessary support exists in the guest \s-1OS.\s0 The effect to the guest \s-1OS\s0 is much the same as any hotplug event. .SS "\s-1BLOCK DEVICES\s0" .IX Subsection "BLOCK DEVICES" .IP "\fBblock-attach\fR \fIdomain-id\fR \fIdisc\-spec\-component(s)\fR ..." 4 .IX Item "block-attach domain-id disc-spec-component(s) ..." Create a new virtual block device and attach it to the specified domain. A disc specification is in the same format used for the \fBdisk\fR variable in the domain config file. See \fBxl\-disk\-configuration\fR\|(5). This will trigger a hotplug event for the guest. .Sp Note that only \s-1PV\s0 block devices are supported by block-attach. Requests to attach emulated devices (eg, vdev=hdc) will result in only the \s-1PV\s0 view being available to the guest. .IP "\fBblock-detach\fR \fIdomain-id\fR \fIdevid\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "block-detach domain-id devid [OPTIONS]" Detach a domain's virtual block device. \fIdevid\fR may be the symbolic name or the numeric device id given to the device by domain 0. You will need to run \fBxl block-list\fR to determine that number. .Sp Detaching the device requires the cooperation of the domain. If the domain fails to release the device (perhaps because the domain is hung or is still using the device), the detach will fail. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-\-force\fR" 4 .IX Item "--force" If this parameter is specified the device will be forcefully detached, which may cause \s-1IO\s0 errors in the domain. .RE .RS 4 .RE .IP "\fBblock-list\fR \fIdomain-id\fR" 4 .IX Item "block-list domain-id" List virtual block devices for a domain. .IP "\fBcd-insert\fR \fIdomain-id\fR \fIvirtualdevice\fR \fItarget\fR" 4 .IX Item "cd-insert domain-id virtualdevice target" Insert a cdrom into a guest domain's existing virtual cd drive. The virtual drive must already exist but can be empty. How the device should be presented to the guest domain is specified by the \fIvirtualdevice\fR parameter; for example \*(L"hdc\*(R". Parameter \fItarget\fR is the target path in the backend domain (usually domain 0) to be exported; can be a block device or a file etc. See \fBtarget\fR in \fBxl\-disk\-configuration\fR\|(5). .Sp Only works with \s-1HVM\s0 domains. .IP "\fBcd-eject\fR \fIdomain-id\fR \fIvirtualdevice\fR" 4 .IX Item "cd-eject domain-id virtualdevice" Eject a cdrom from a guest domain's virtual cd drive, specified by \&\fIvirtualdevice\fR. Only works with \s-1HVM\s0 domains. .SS "\s-1NETWORK DEVICES\s0" .IX Subsection "NETWORK DEVICES" .IP "\fBnetwork-attach\fR \fIdomain-id\fR \fInetwork-device\fR" 4 .IX Item "network-attach domain-id network-device" Creates a new network device in the domain specified by \fIdomain-id\fR. \&\fInetwork-device\fR describes the device to attach, using the same format as the \&\fBvif\fR string in the domain config file. See \fBxl.cfg\fR\|(5) and \&\fBxl\-network\-configuration\fR\|(5) for more information. .Sp Note that only attaching \s-1PV\s0 network interfaces is supported. .IP "\fBnetwork-detach\fR \fIdomain-id\fR \fIdevid|mac\fR" 4 .IX Item "network-detach domain-id devid|mac" Removes the network device from the domain specified by \fIdomain-id\fR. \&\fIdevid\fR is the virtual interface device number within the domain (i.e. the 3 in vif22.3). Alternatively, the \fImac\fR address can be used to select the virtual interface to detach. .IP "\fBnetwork-list\fR \fIdomain-id\fR" 4 .IX Item "network-list domain-id" List virtual network interfaces for a domain. .SS "\s-1CHANNEL DEVICES\s0" .IX Subsection "CHANNEL DEVICES" .IP "\fBchannel-list\fR \fIdomain-id\fR" 4 .IX Item "channel-list domain-id" List virtual channel interfaces for a domain. .SS "\s-1VIRTUAL TRUSTED PLATFORM MODULE\s0 (vTPM) \s-1DEVICES\s0" .IX Subsection "VIRTUAL TRUSTED PLATFORM MODULE (vTPM) DEVICES" .IP "\fBvtpm-attach\fR \fIdomain-id\fR \fIvtpm-device\fR" 4 .IX Item "vtpm-attach domain-id vtpm-device" Creates a new vtpm (virtual Trusted Platform Module) device in the domain specified by \fIdomain-id\fR. \fIvtpm-device\fR describes the device to attach, using the same format as the \fBvtpm\fR string in the domain config file. See \fBxl.cfg\fR\|(5) for more information. .IP "\fBvtpm-detach\fR \fIdomain-id\fR \fIdevid|uuid\fR" 4 .IX Item "vtpm-detach domain-id devid|uuid" Removes the vtpm device from the domain specified by \fIdomain-id\fR. \&\fIdevid\fR is the numeric device id given to the virtual Trusted Platform Module device. You will need to run \fBxl vtpm-list\fR to determine that number. Alternatively, the \fIuuid\fR of the vtpm can be used to select the virtual device to detach. .IP "\fBvtpm-list\fR \fIdomain-id\fR" 4 .IX Item "vtpm-list domain-id" List virtual Trusted Platform Modules for a domain. .SS "\s-1VDISPL DEVICES\s0" .IX Subsection "VDISPL DEVICES" .IP "\fBvdispl-attach\fR \fIdomain-id\fR \fIvdispl-device\fR" 4 .IX Item "vdispl-attach domain-id vdispl-device" Creates a new vdispl device in the domain specified by \fIdomain-id\fR. \&\fIvdispl-device\fR describes the device to attach, using the same format as the \&\fBvdispl\fR string in the domain config file. See xl.cfg for more information. .Sp \&\fB\s-1NOTES\s0\fR .RS 4 .Sp .RS 4 As in \fIvdispl-device\fR string semicolon is used then put quotes or escaping when using from the shell. .Sp \&\fB\s-1EXAMPLE\s0\fR .Sp .RS 4 xl vdispl-attach DomU connectors='id0:1920x1080;id1:800x600;id2:640x480' .Sp or .Sp xl vdispl-attach DomU connectors=id0:1920x1080\e;id1:800x600\e;id2:640x480 .RE .RE .RS 4 .RE .RE .RS 4 .RE .IP "\fBvdispl-detach\fR \fIdomain-id\fR \fIdev-id\fR" 4 .IX Item "vdispl-detach domain-id dev-id" Removes the vdispl device specified by \fIdev-id\fR from the domain specified by \fIdomain-id\fR. .IP "\fBvdispl-list\fR \fIdomain-id\fR" 4 .IX Item "vdispl-list domain-id" List virtual displays for a domain. .SH "PCI PASS-THROUGH" .IX Header "PCI PASS-THROUGH" .IP "\fBpci-assignable-list\fR" 4 .IX Item "pci-assignable-list" List all the assignable \s-1PCI\s0 devices. These are devices in the system which are configured to be available for passthrough and are bound to a suitable \s-1PCI\s0 backend driver in domain 0 rather than a real driver. .IP "\fBpci-assignable-add\fR \fI\s-1BDF\s0\fR" 4 .IX Item "pci-assignable-add BDF" Make the device at \s-1PCI\s0 Bus/Device/Function \s-1BDF\s0 assignable to guests. This will bind the device to the pciback driver. If it is already bound to a driver, it will first be unbound, and the original driver stored so that it can be re-bound to the same driver later if desired. If the device is already bound, it will return success. .Sp \&\s-1CAUTION:\s0 This will make the device unusable by Domain 0 until it is returned with pci-assignable-remove. Care should therefore be taken not to do this on a device critical to domain 0's operation, such as storage controllers, network interfaces, or GPUs that are currently being used. .IP "\fBpci-assignable-remove\fR [\fI\-r\fR] \fI\s-1BDF\s0\fR" 4 .IX Item "pci-assignable-remove [-r] BDF" Make the device at \s-1PCI\s0 Bus/Device/Function \s-1BDF\s0 not assignable to guests. This will at least unbind the device from pciback. If the \-r option is specified, it will also attempt to re-bind the device to its original driver, making it usable by Domain 0 again. If the device is not bound to pciback, it will return success. .IP "\fBpci-attach\fR \fIdomain-id\fR \fI\s-1BDF\s0\fR" 4 .IX Item "pci-attach domain-id BDF" Hot-plug a new pass-through pci device to the specified domain. \&\fB\s-1BDF\s0\fR is the \s-1PCI\s0 Bus/Device/Function of the physical device to pass-through. .IP "\fBpci-detach\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR \fI\s-1BDF\s0\fR" 4 .IX Item "pci-detach [OPTIONS] domain-id BDF" Hot-unplug a previously assigned pci device from a domain. \fB\s-1BDF\s0\fR is the \s-1PCI\s0 Bus/Device/Function of the physical device to be removed from the guest domain. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-f\fR" 4 .IX Item "-f" If this parameter is specified, \fBxl\fR is going to forcefully remove the device even without guest domain's collaboration. .RE .RS 4 .RE .IP "\fBpci-list\fR \fIdomain-id\fR" 4 .IX Item "pci-list domain-id" List pass-through pci devices for a domain. .SH "USB PASS-THROUGH" .IX Header "USB PASS-THROUGH" .IP "\fBusbctrl-attach\fR \fIdomain-id\fR \fIusbctrl-device\fR" 4 .IX Item "usbctrl-attach domain-id usbctrl-device" Create a new \s-1USB\s0 controller in the domain specified by \fIdomain-id\fR, \&\fIusbctrl-device\fR describes the device to attach, using form \&\f(CW\*(C`KEY=VALUE KEY=VALUE ...\*(C'\fR where \fBKEY=VALUE\fR has the same meaning as the \fBusbctrl\fR description in the domain config file. See \fBxl.cfg\fR\|(5) for more information. .IP "\fBusbctrl-detach\fR \fIdomain-id\fR \fIdevid\fR" 4 .IX Item "usbctrl-detach domain-id devid" Destroy a \s-1USB\s0 controller from the specified domain. \&\fBdevid\fR is devid of the \s-1USB\s0 controller. .IP "\fBusbdev-attach\fR \fIdomain-id\fR \fIusbdev-device\fR" 4 .IX Item "usbdev-attach domain-id usbdev-device" Hot-plug a new pass-through \s-1USB\s0 device to the domain specified by \&\fIdomain-id\fR, \fIusbdev-device\fR describes the device to attach, using form \f(CW\*(C`KEY=VALUE KEY=VALUE ...\*(C'\fR where \fBKEY=VALUE\fR has the same meaning as the \fBusbdev\fR description in the domain config file. See \fBxl.cfg\fR\|(5) for more information. .IP "\fBusbdev-detach\fR \fIdomain-id\fR \fIcontroller=devid\fR \fIport=number\fR" 4 .IX Item "usbdev-detach domain-id controller=devid port=number" Hot-unplug a previously assigned \s-1USB\s0 device from a domain. \&\fBcontroller=devid\fR and \fBport=number\fR is \s-1USB\s0 controller:port in the guest domain the \s-1USB\s0 device is attached to. .IP "\fBusb-list\fR \fIdomain-id\fR" 4 .IX Item "usb-list domain-id" List pass-through usb devices for a domain. .SH "DEVICE-MODEL CONTROL" .IX Header "DEVICE-MODEL CONTROL" .IP "\fBqemu-monitor-command\fR \fIdomain-id\fR \fIcommand\fR" 4 .IX Item "qemu-monitor-command domain-id command" Issue a monitor command to the device model of the domain specified by \&\fIdomain-id\fR. \fIcommand\fR can be any valid command qemu understands. This can be e.g. used to add non-standard devices or devices with non-standard parameters to a domain. The output of the command is printed to stdout. .Sp \&\fBWarning:\fR This qemu monitor access is provided for convenience when debugging, troubleshooting, and experimenting. Its use is not supported by the Xen Project. .Sp Specifically, not all information displayed by the qemu monitor will necessarily be accurate or complete, because in a Xen system qemu does not have a complete view of the guest. .Sp Furthermore, modifying the guest's setup via the qemu monitor may conflict with the Xen toolstack's assumptions. Resulting problems may include, but are not limited to: guest crashes; toolstack error messages; inability to migrate the guest; and security vulnerabilities which are not covered by the Xen Project security response policy. .Sp \&\fB\s-1EXAMPLE\s0\fR .Sp Obtain information of \s-1USB\s0 devices connected as such via the device model (only!) to a domain: .Sp .Vb 2 \& xl qemu\-monitor\-command vm1 \*(Aqinfo usb\*(Aq \& Device 0.2, Port 5, Speed 480 Mb/s, Product Mass Storage .Ve .SH "TRANSCENDENT MEMORY (TMEM)" .IX Header "TRANSCENDENT MEMORY (TMEM)" .IP "\fBtmem-list\fR \fI[\s-1OPTIONS\s0]\fR \fIdomain-id\fR" 4 .IX Item "tmem-list [OPTIONS] domain-id" List tmem pools. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-l\fR" 4 .IX Item "-l" If this parameter is specified, also list tmem stats. .RE .RS 4 .RE .IP "\fBtmem-freeze\fR \fIdomain-id\fR" 4 .IX Item "tmem-freeze domain-id" Freeze tmem pools. .IP "\fBtmem-thaw\fR \fIdomain-id\fR" 4 .IX Item "tmem-thaw domain-id" Thaw tmem pools. .IP "\fBtmem-set\fR \fIdomain-id\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "tmem-set domain-id [OPTIONS]" Change tmem settings. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-w\fR \fI\s-1WEIGHT\s0\fR" 4 .IX Item "-w WEIGHT" Weight (int) .IP "\fB\-p\fR \fI\s-1COMPRESS\s0\fR" 4 .IX Item "-p COMPRESS" Compress (int) .RE .RS 4 .RE .IP "\fBtmem-shared-auth\fR \fIdomain-id\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "tmem-shared-auth domain-id [OPTIONS]" De/authenticate shared tmem pool. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-u\fR \fI\s-1UUID\s0\fR" 4 .IX Item "-u UUID" Specify uuid (abcdef01\-2345\-6789\-1234\-567890abcdef) .IP "\fB\-a\fR \fI\s-1AUTH\s0\fR" 4 .IX Item "-a AUTH" 0=auth,1=deauth .RE .RS 4 .RE .IP "\fBtmem-freeable\fR" 4 .IX Item "tmem-freeable" Get information about how much freeable memory (\s-1MB\s0) is in-use by tmem. .SH "FLASK" .IX Header "FLASK" \&\fB\s-1FLASK\s0\fR is a security framework that defines a mandatory access control policy providing fine-grained controls over Xen domains, allowing the policy writer to define what interactions between domains, devices, and the hypervisor are permitted. Some example of what you can do using \s-1XSM/FLASK:\s0 \- Prevent two domains from communicating via event channels or grants \- Control which domains can use device passthrough (and which devices) \- Restrict or audit operations performed by privileged domains \- Prevent a privileged domain from arbitrarily mapping pages from other domains. .PP You can find more details on how to use \s-1FLASK\s0 and an example security policy here: .IP "\fBgetenforce\fR" 4 .IX Item "getenforce" Determine if the \s-1FLASK\s0 security module is loaded and enforcing its policy. .IP "\fBsetenforce\fR \fI1|0|Enforcing|Permissive\fR" 4 .IX Item "setenforce 1|0|Enforcing|Permissive" Enable or disable enforcing of the \s-1FLASK\s0 access controls. The default is permissive, but this can be changed to enforcing by specifying \*(L"flask=enforcing\*(R" or \*(L"flask=late\*(R" on the hypervisor's command line. .IP "\fBloadpolicy\fR \fIpolicy-file\fR" 4 .IX Item "loadpolicy policy-file" Load \s-1FLASK\s0 policy from the given policy file. The initial policy is provided to the hypervisor as a multiboot module; this command allows runtime updates to the policy. Loading new security policy will reset runtime changes to device labels. .SH "PLATFORM SHARED RESOURCE MONITORING/CONTROL" .IX Header "PLATFORM SHARED RESOURCE MONITORING/CONTROL" Intel Haswell and later server platforms offer shared resource monitoring and control technologies. The availability of these technologies and the hardware capabilities can be shown with \fBpsr-hwinfo\fR. .PP See for more information. .IP "\fBpsr-hwinfo\fR [\fI\s-1OPTIONS\s0\fR]" 4 .IX Item "psr-hwinfo [OPTIONS]" Show Platform Shared Resource (\s-1PSR\s0) hardware information. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-m\fR, \fB\-\-cmt\fR" 4 .IX Item "-m, --cmt" Show Cache Monitoring Technology (\s-1CMT\s0) hardware information. .IP "\fB\-a\fR, \fB\-\-cat\fR" 4 .IX Item "-a, --cat" Show Cache Allocation Technology (\s-1CAT\s0) hardware information. .RE .RS 4 .RE .SS "\s-1CACHE MONITORING TECHNOLOGY\s0" .IX Subsection "CACHE MONITORING TECHNOLOGY" Intel Haswell and later server platforms offer monitoring capability in each logical processor to measure specific platform shared resource metric, for example, L3 cache occupancy. In the Xen implementation, the monitoring granularity is domain level. To monitor a specific domain, just attach the domain id with the monitoring service. When the domain doesn't need to be monitored any more, detach the domain id from the monitoring service. .PP Intel Broadwell and later server platforms also offer total/local memory bandwidth monitoring. Xen supports per-domain monitoring for these two additional monitoring types. Both memory bandwidth monitoring and L3 cache occupancy monitoring share the same set of underlying monitoring service. Once a domain is attached to the monitoring service, monitoring data can be shown for any of these monitoring types. .PP There is no cache monitoring and memory bandwidth monitoring on L2 cache so far. .IP "\fBpsr-cmt-attach\fR \fIdomain-id\fR" 4 .IX Item "psr-cmt-attach domain-id" attach: Attach the platform shared resource monitoring service to a domain. .IP "\fBpsr-cmt-detach\fR \fIdomain-id\fR" 4 .IX Item "psr-cmt-detach domain-id" detach: Detach the platform shared resource monitoring service from a domain. .IP "\fBpsr-cmt-show\fR \fIpsr-monitor-type\fR [\fIdomain-id\fR]" 4 .IX Item "psr-cmt-show psr-monitor-type [domain-id]" Show monitoring data for a certain domain or all domains. Current supported monitor types are: \- \*(L"cache-occupancy\*(R": showing the L3 cache occupancy(\s-1KB\s0). \- \*(L"total-mem-bandwidth\*(R": showing the total memory bandwidth(KB/s). \- \*(L"local-mem-bandwidth\*(R": showing the local memory bandwidth(KB/s). .SS "\s-1CACHE ALLOCATION TECHNOLOGY\s0" .IX Subsection "CACHE ALLOCATION TECHNOLOGY" Intel Broadwell and later server platforms offer capabilities to configure and make use of the Cache Allocation Technology (\s-1CAT\s0) mechanisms, which enable more cache resources (i.e. L3/L2 cache) to be made available for high priority applications. In the Xen implementation, \s-1CAT\s0 is used to control cache allocation on \s-1VM\s0 basis. To enforce cache on a specific domain, just set capacity bitmasks (\s-1CBM\s0) for the domain. .PP Intel Broadwell and later server platforms also offer Code/Data Prioritization (\s-1CDP\s0) for cache allocations, which support specifying code or data cache for applications. \s-1CDP\s0 is used on a per \s-1VM\s0 basis in the Xen implementation. To specify code or data \s-1CBM\s0 for the domain, \s-1CDP\s0 feature must be enabled and \s-1CBM\s0 type options need to be specified when setting \s-1CBM,\s0 and the type options (code and data) are mutually exclusive. There is no \s-1CDP\s0 support on L2 so far. .IP "\fBpsr-cat-set\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR \fIcbm\fR" 4 .IX Item "psr-cat-set [OPTIONS] domain-id cbm" Set cache capacity bitmasks(\s-1CBM\s0) for a domain. For how to specify \fIcbm\fR please refer to . .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-s \s-1SOCKET\s0\fR, \fB\-\-socket=SOCKET\fR" 4 .IX Item "-s SOCKET, --socket=SOCKET" Specify the socket to process, otherwise all sockets are processed. .IP "\fB\-l \s-1LEVEL\s0\fR, \fB\-\-level=LEVEL\fR" 4 .IX Item "-l LEVEL, --level=LEVEL" Specify the cache level to process, otherwise the last level cache (L3) is processed. .IP "\fB\-c\fR, \fB\-\-code\fR" 4 .IX Item "-c, --code" Set code \s-1CBM\s0 when \s-1CDP\s0 is enabled. .IP "\fB\-d\fR, \fB\-\-data\fR" 4 .IX Item "-d, --data" Set data \s-1CBM\s0 when \s-1CDP\s0 is enabled. .RE .RS 4 .RE .IP "\fBpsr-cat-show\fR [\fI\s-1OPTIONS\s0\fR] [\fIdomain-id\fR]" 4 .IX Item "psr-cat-show [OPTIONS] [domain-id]" Show \s-1CAT\s0 settings for a certain domain or all domains. .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-l \s-1LEVEL\s0\fR, \fB\-\-level=LEVEL\fR" 4 .IX Item "-l LEVEL, --level=LEVEL" Specify the cache level to process, otherwise the last level cache (L3) is processed. .RE .RS 4 .RE .SS "Memory Bandwidth Allocation" .IX Subsection "Memory Bandwidth Allocation" Intel Skylake and later server platforms offer capabilities to configure and make use of the Memory Bandwidth Allocation (\s-1MBA\s0) mechanisms, which provides OS/VMMs the ability to slow misbehaving apps/VMs by using a credit-based throttling mechanism. In the Xen implementation, \s-1MBA\s0 is used to control memory bandwidth on \s-1VM\s0 basis. To enforce bandwidth on a specific domain, just set throttling value (\s-1THRTL\s0) for the domain. .IP "\fBpsr-mba-set\fR [\fI\s-1OPTIONS\s0\fR] \fIdomain-id\fR \fIthrtl\fR" 4 .IX Item "psr-mba-set [OPTIONS] domain-id thrtl" Set throttling value (\s-1THRTL\s0) for a domain. For how to specify \fIthrtl\fR please refer to . .Sp \&\fB\s-1OPTIONS\s0\fR .RS 4 .IP "\fB\-s \s-1SOCKET\s0\fR, \fB\-\-socket=SOCKET\fR" 4 .IX Item "-s SOCKET, --socket=SOCKET" Specify the socket to process, otherwise all sockets are processed. .RE .RS 4 .RE .IP "\fBpsr-mba-show\fR [\fIdomain-id\fR]" 4 .IX Item "psr-mba-show [domain-id]" Show \s-1MBA\s0 settings for a certain domain or all domains. For linear mode, it shows the decimal value. For non-linear mode, it shows hexadecimal value. .SH "IGNORED FOR COMPATIBILITY WITH XM" .IX Header "IGNORED FOR COMPATIBILITY WITH XM" xl is mostly command-line compatible with the old xm utility used with the old Python xend. For compatibility, the following options are ignored: .IP "\fBxl migrate \-\-live\fR" 4 .IX Item "xl migrate --live" .SH "TO BE DOCUMENTED" .IX Header "TO BE DOCUMENTED" We need better documentation for: .IP "\fBtmem\fR" 4 .IX Item "tmem" Transcendent Memory. .SH "SEE ALSO" .IX Header "SEE ALSO" The following man pages: .PP xl.cfg(5), xlcpupool.cfg(5), xentop(1), \fBxl\-disk\-configuration\fR\|(5) \&\fBxl\-network\-configuration\fR\|(5) .PP And the following documents on the xen.org website: .PP .PP For systems that don't automatically bring the \s-1CPU\s0 online: .PP .SH "BUGS" .IX Header "BUGS" Send bugs to xen\-devel@lists.xen.org, see http://wiki.xen.org/xenwiki/ReportingBugs on how to send bug reports.