MANAGE AND AUDIT
The xl toolstack
The xl toolstack, and its associated "xl" executable, provides a lot of commands to manage all domains.
You can manage guests (start/stop/reboot/destroy), dynamically add/remove hardware, set or monitor the hypervisor or guests, etc.
Commands can be sorted in two main groups, some useful for dom0, some for domUs.
Just run "xl" to get a list of the subcommands with a short description, and "xl help <subcommand>" for specific help.
bash-completion works for xl subcommands, but on Debian, root does not have bash-completion active by default. As usual, there are many places to set that, globally or not, at your own risk.
Relevant files: /root/.bashrc, a users' .bashrc, /etc/bash.bashrc.
Once set somewhere, you can "xl<space><tab>" to get the list of subcommands, and use autocompletion with root.
Some dom0 commands
Get information about a Xen host
xl info
The virt_caps line tells you what kind of domU you can run
xl info | grep virt_caps
virt_caps : pv hvm hvm_directio pv_directio hap shadow
Here it can run PV, PVH and HVM, using PCI passthrough, hap and shadow page tables
Display a list of running domains, with their names and ids
xl list
Likewise, with live ressources usage
xl top
xentop -d 1 -z
Display Xen console
xl dmesg
xl debug-keys KEY
Some domU commands
Start a domU
xl create /path/to/domu.cfg
Reboot or shutdown a domain (the guest must support it)
xl reboot|shutdown <Domain>
Pause/unpause a domain
xl pause <Domain>
xl unpause <Domain>
Destroy, aka "force kill" a crashed domain
xl destroy <Domain>
Devices handling
xl pci-attach
xl block-attach
xl network-attach
xl usbctrl-attach
xl cd-inject
Scripting
Convert domain name to id and reverse
xl domid <Domain_name>
xl domname <Domain_id>
Used for commands not supporting id -and- name syntax, and you only have one of the two
<command_requiring_id> $(xl domid "hvm-domu")
<command_requiring_name> $(xl domname "42")
xenstore-ls /local/domain/$(xl domid DOMU_NAME)
Logging
Logs are available :
- with "xl dmesg"
- in "/var/log/xen"
- in "/var/log/syslog", or systemd's journal
The various sources contain different type of logs.
xl dmesg
xl dmesg is Xen's dmesg, the hypervisor logs. They can contain dom0 and domUs machine boot logs, when started and halted, the ressources in use, etc.
Think of them as low level logs. They can be useful when a domain does not boot.
The availability of details in xl dmesg is set via the Xen command line options "loglvl" and "guest_loglvl".
Defaults if not manually set (at the time of writing) : "loglvl=warning" and "guest_loglvl=none/warning".
The buffer can also be logged to a file.
It requires setting an option in /etc/default/xen :
XENCONSOLED_TRACE=all
And then set the xenconsole parameters in the init script /etc/init.d/xen :
XENCONSOLED_ARGS=--log="$XENCONSOLED_TRACE" --log-dir="$XENCONSOLED_LOG_DIR" --timestamp=all --overflow-data=keep
The logs will by default be stored in /var/logs/xen/console/hypervisor.log and /var/logs/xen/console/domu-name.log.
/var/log/xen
Contains various dom0 and domUs boot logs, and qemu logs.
- xl-domu-name.log qemu-dm-domu-name.log
- those kind of files relates to domUs to set the level of display in those files : in xl-*, run the domain with xl -vvv create. For qemu: ?
- the Xenstore daemon log
- all accesses made to the Xenstore
- logs devices hotplugging
/var/log/syslog or systemd's journal
For hotplugging events of devices, like NICs or disks that get attached and removed to/from domUs.
Scripts in /etc/xen/scripts, used for hotplugging events, output in the syslog.
Note: since bookworm and with systemd, you have to manually install rsyslog/syslog-ng to get the good old syslog file.
XenStore
The Xenstore is used to represent a view of the system, about dom0 and domUs. It looks like a directory tree, with a root and leaves.
It is a global store used by all domains. Some parts are only accessible from dom0.
Reference on the Xen wiki : Xenstore.
To get an overview of what's in there, do xenstore-ls, but better use a pager !
The root tree is like :
/local/domain /vm /libxl
Some examples :
# read top-level nodes, with or without full paths xenstore-ls -f /local/domain xenstore-ls /vm xenstore-ls /libxl # read /local node describing dom0 xenstore-ls /local/domain/0 # read /libxl nodes describing domU with id 3 xenstore-ls -f /libxl/3 # in programs xenstore-ls -f /libxl/$(xl domid DOMU_NAME)
Non-official apps
The following apps are not provided by Xen, but may be used to manage a Xen system. All are open source and free.
With them, you can manage dom0, but also domUs.
Virtual Machine Manager (virt-manager), by libvirt
It's an hypervisor-agnostic application, part of libvirt, to manage your VMs ecosystem.
You can connect to a local hypervisor and remote ones, so you can install it on a dom0 or on a management machine.
It provides a GUI to add/edit/manage guests and network bridges.
If you've seen the VirtualBox GUI or any desktop-like hypervisor, you can imagine what it's like !
See https://virt-manager.org
To install : apt install virt-manager
Cockpit (from redhat)
RedHat created a new tool, web-based, called cockpit. It's like webmin.
See https://cockpit-project.org
To install : apt install cockpit
Xen Orchestra (XOA) and XOA Lite
It's the management part of XCP-NG, and it's lightweight version. I don't think it's compatible with Xen on Debian, so not-XAPI vanilla Xen. Maybe the Lite one ?