[ale] OpenVZ Adventures

Michael H. Warfield mhw at WittsEnd.com
Mon Aug 29 11:23:59 EDT 2011


On Mon, 2011-08-29 at 07:30 -0400, Wolf Halton wrote: 
> Jim Lynch showed me OpenVZ a couple of weeks ago, and I put it on my
> CentOS test server.  For fun, I wrote a little script that would build
> and start OVZ containers with Ubuntu 10.04.  I started the script on
> friday night to build up to 4096 containers or use up the hard drive
> space, whichever came first.  I had 2 150GB drives mirrored and CentOS
> with a GUI, so there was about 140GB free when I left for the weekend.
> When I got back Monday morning, there were 288 working containers,
> using 65% of the ram and 15% of the swap space.  All 24 cores were
> running at about 5% capacity.  This was a successful experiment, IMO.
> Now I want to see if I can build a router in there in one container
> and a /23 private network in there.

I use to use OpenVZ very extensively (and Vservers before that) with
well over 4 dozen guest systems across several hosts on 4 different
networks) but had to drop them on 3 of those networks because they could
not keep up on kernel revs and the number of features I needed
(containers, MD5 signatures on tcp for BGP, etc, etc, etc) kept piling
up to the point they became unusable.  LXC is a very workable,
functional, (albeit not totally complete) replacement for OpenVZ unless
you're running an open cloud or hosting environment that may be prone to
highly hostile guests (we've sill got a few bolt holes to put bolts in
there yet).

Don't get me wrong.  Kir and Pavel have been busting their rears
patching and working on the kernels trying to keep up and doing a decent
enough job of it.  But, last I looked, they're still only up to 2.6.32
and even that is ranked as a "development" branch and not even stable
(can you say CentOS 6) and, last I looked, they still were not fully
supporting CGROUPS or Containers properly (which is a LOT more than just
LXC virtualization) and systemd, which Fedora 15 wants, will absolutely
hurl chunks on it.  I do pick up their latest kernels and check.
Well...  They DID pick up MD5 signatures so I COULD get BGP working with
them.  That's something, at least.

I did also find several "supported" options were in OpenVZ but NOT in
the stock config.  So, I was forced to rebuild custom kernels even then
to get some features.  OpenVZ needs full kernel support (and they are
contributing to the containers project) and to GET OFF the "Red Queen's
Race" of custom patched kernels.  The OpenVZ patches are NOT going tin
to the stock kernels.  Linus and the powers that be have handed down the
word and Containers and Name Spaces are the future.  The OpenVZ is
contributing to that and will have to adapt to it going forward.  Ubuntu
even stopped supporting them for a while because of this.
  
I've got a script laying around here that will inhale an OpenVZ config
and spit out an LXC config that's pretty darn close.  That's what I used
to migrate 3 dozen VM's from OpenVZ to LXC in under a couple of hours,
including the migration between the two adjacent hosting servers.

There's also support in libvirt for "lxc" (lower case) containers.
While the containers are basically the same, the config is totally
different (XML - Gag).  CGROUPS and NS Name Spaces are in the stock
distributions and there's no game of keep-up or custom patching kernels.

> Wolf

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110829/763cf63c/attachment-0001.bin 


More information about the Ale mailing list