Slashdot Mirror

Sorry,

ZFS not yet, DTrace not yet

Zones, virtualserver are available for linux since 2001 ;-) I used it since 2001 and very stable software. Very easy to maintain patch or rpm in zones.

you can check the ftp site for the first release that I know of
ftp://ftp.solucorp.qc.ca/pub/vserver/old//

patch-2.4.16ctx-4 42 KB 2001-11-26 00:00:00

New dev can be found here:

http://linux-vserver.org/Welcome_to_Linux-VServer. org/

- You can unify 2 Zones to uses less disk space in linux vservers can you do that with Solaris Zones ? ;-)

A meta-configuration tool? No...that's just spin. This is just a (almost isn't) package manager that includes a scheduler and a template engine.

It doesn't look like it does anything you can't do with cron, rsync, your package manager and the scripting language of your choice easier (because you can get more features and support from the combination). Why would anyone actually need this?

Silly indeed. If you're looking to actually manage OpenSSH and most of the actual system tools without actually having to write that configuration tool (and you want to do it through a GUI), then you want something that can read and write configuration files.

For that there's the old linuxconf or webmin. Of course a lot of distros feel inclined to make their own stuff.

vserver maybe this will help :-)

For those of you interested in running many Linux hosts on one physical machine, check out the VServer Project. With it you can run many Linux environments using the same kernel. It provides process, filesystem, network and resources isolation levels.

johncompanies "linux virtual hosting" service gives you root on a virtual server with 4Gbyte of disk, 40Gbyte transfer/month, and up to 10 IP addresses. I've had my account for almost two months now, and overall I've been quite happy with it. Although they are coy about the software used to multiplex the server, I'm pretty sure they use SWsoft's Virtuozzo.

My "virtual server" has been rebooted twice; once it didn't come back up, and they never did find out why. They were able to get it running within a few hours of my emailing them about it. (They said if I had sent my message to the right address and put URGENT in the subject the response time, they would have responded within minutes.)

Performance is good; it usually takes about 4 seconds to un-tar and compile djb's checkpassword package. The worst I've seen was when it took 20 seconds (which is how long it normally takes my home machine, an AMD K6-2 "334 MHz" with 32 Mbyte of RAM.)

Support is also good, but not particularly fast. They will work on a problem until it is resolved to your satisfaction; they really want to make you happy. But it might take some time, because they offer "unlimited tech support" to all their customers.

One potential weak point is their authentication for support requests, since they seem to just accept email from my address as being "from me", without asking for a password or anything.

With the appearance of usermode linux and vserver, Linux virtual hosting is becoming common, so if I ever become unhappy here, it shouldn't be too much trouble to move my system elsewhere.

A bunch of people have taken the ideas of isolating programs or users into jails even further. Take a look at this site.

Use Vserver it uses a patched kernel so you can't do things like what you mentioned.

Vserver does just that.

I can't believe no one has mentioned Vserver. It has a similar approach (chroot) but uses a patched kernel for more security:

http://www.solucorp.qc.ca/miscprj/s_context.hc

The problem you mentioned has been fixed in Vserver by the way.

I can't believe no one has mentioned Vserver. It has a similar approach (chroot) but uses a patched kernel for more security:

http://www.solucorp.qc.ca/miscprj/s_context.hc

The main problem I've had with it is that it was made for RedHat. Since I don't use RedHat I was never able to get it to work right (mainly due to lack of time to mess with it).

I can't believe no one has mentioned Vserver. It has a similar approach but uses a patched kernel for more security:

http://www.solucorp.qc.ca/miscprj/s_context.hc

Note that there is a project that attempts to add jail-syscall-like functionality to the Linux kernel: vserver.

I haven't tested it yet, but it looks very promising.

Vservers (here)
may be helpful as restricted usage environments.

UML is not the same as jail(), but the vservers/ctx kernel patch and programs is, and it's got more features too.

Great for trying out other distributions, safe tryout of 'apt-get dist-upgrade', etc, etc.

Somebody has to mention the Virtual Private Servers (vservers) and security contexts (ctx) patch, which takes chroot(), and adds the good stuff from jail() and more to make completely separated contexts for process groups, without the overhead of another kernel.

I've been running Debian 2.2r7 and RedHat7.2 in parallel with Debian/Woody on the same box for months now with this patch.

Agreed that RedHat, Suse, and the others are doing a really nice job.

However, Fyi: Not all Debian users are '13-year old Deb-zealot's. A lot are much more experienced than that. I've been using Linux since there was just slackware, and I've switched a couple of times between RedHat and Debian and now am really comfortable with Debian for the desktops and servers and clean Redhat installs in a vserver context for signoff.

Most experienced Linux users choose their distribution on its technical merits with respect to their needs, not whether or not they think that they should sponsor a particularly nice company. Those two are independent decisions.

Then there's redhat's apacheconf , which is a GTK based GUI for apache, or also linuxconf which uses Xwindows, curses or a web interface, or you could use webmin via a web interface, all open source tools. Personally I like to do it by hand as I haven't come across anything that lets me specify php settings per virtual host, but that's just me.

Linus started work on Linux by himself. We can all remember his famous usenet posting :) Back then, Linus did everything himself (and with a few others), but everyone contributing was a kernel hacker. Now, there are lots of people contributing, some just send patches every once a while, others work on large projects that need kernel patching, creating problems. One such project that I will use as an example is vserver, which lets you run multiple "virtual servers" on one Linux machine. They have a kernel patch, and from watching the dev list, grow frustrated from some updates in the kernel that break their patch. The same can be said for drivers as well, companies don't want to keep a developer just so their linux driver is up to date. Linus isn't about to let them put it in the kernel tree either, so what can be done?

Believe it or not, being closed source has some advantages. One of the strongest points of Windows (and there aren't many) is that of binary compatibility. Why? Because there is actually a need for an API that doesn't change with every release.

Linux must provide a stable, non-changing API for lower level functionality, if it is going to suceed in the mainstream. You can't keep writing your own drivers forever! This is something that most hardcore kernel developers don't think about, because they are constantly updating things.

They removed linuxconf (good text console based configurator). You can get it here. RedHat still hasn't learned to use a real GCC release and instead they continue to use that lame 2.96. (so you will have to get GCC 2.95.3 for Linux 2.5 kernel compiles (per the directions in their docs) and get GCC 3.0.4 for everything else. This is getting ANNOYING, RedHat. ANNOYING.) "kgcc" (gcc 2.91.66-egcs.1.1.2-release)is still there for 2.4 builds.

KDE 3/ XFree 4.2 had some video corruption for me on a cheesy ATI card in a server, but no show stoppers. Seems like more goodness from the KDE team.

Good - they use glibc 2.2.5 - a standard GNU release, but they compiled it with the LAME 2.96 compiler. We shall SEE if they got the compiler It has been said that if a broken compiler compiles a library the library can be strangely broken and very difficult to debug. This goes to show RedHat why they shouldn't do this, and properly couple GLIBC 2.2.5 with GCC 3.0.4 as intended by GNU. Bero seems adamant about maintaining a 2.96 fork, which is costing time and resources and annoying users. I wouldn't care so much if 1.1.2, 2.95.3, 3.04 and RH-BROKEN.296-special were all included, but such is not the case. Lame.

Now that 2.2.5 can be compiled by GNU GCC, as well as KDE, RedHat is just being spiteful and not properly deprecating GCC 2.96X.

I give this a 5/5, because it's not a bad system, but it will require a man's touch. Mandrake and SuSE are starting to give this a run for its money, for sure.

NOTE: RedHat, please, just make it easier to play with the system and include the stuff that we all will go and download 20 seconds after install. Please. This compiling compilers like 2.95.3 and 3.0.4 is a waste of my time.

All in all, its good to upgrade at this point if you run a server to not have to do all the updates.

Note: About my insinuations about GCC 2.96 brokenness, I work side by side with a person who used to be on the GCC/GNU team, and has found strange bugs in certain version of the glibc that has been compiled by the 2.96 series. It went away when using release glibc compiled by release GCC. I personally have seen evidence that this is not FUD concerning GCC 2.96 - so please, all the flaming Bero zealots explain why is it now better to have a kluged compiler when the GCC team has far superceded it?

here is NT to Linux migration kit with some other brilliant software!

Try this URL

Look here to see why. This is the 21st century, and there is no reason to continue using stone age tools for serious work.

Something I've been pondering (a little) is that since Linux boxes are fixable (regardless of distro), why couldn't this fixing be automated? Have a program that diagnoses the problem by trying to dial out, run traceroute, start X, and / or whatever, then when an error is encountered "check" (for some definition of checking) relevant config files or whatnot for errors, maybe asking the user some questions in the process.

Granted, this would be a task in full parity with making something like Linuxconf or XST, but if somebody did, imagine what it would do to the support costs!

K12linux.org is a great site for info and their Red Hat Distro. I have meet Eric and Paul a few times, really great people. They have developed quite a following because they are making implimenting a thin client setup really easy.

K12ltsp is based on www.ltsp.org which is in version 3.0 right now. I use this software to set up computer labs in non-profits in and around Portland. We are a NP ourselves) It is gaining maturity, system administration is barely more work than working on a box running programs locally. You need to have DHCP running on the server, TFTP setup, and allow it to serve applications to remote X-Clients, and that is about it.

Here are some links for further reading on what others have done.
umn
olinux
solucorp
askslashdot
gbdirect
tucows
XDM

"Clustering under vserver scheme is pretty dumb, if it was in fact meant to be serious."

The vserver scheme is the _inverse_ of a cluster, not meant at all for applications that you would otherwise run on a multi-node cluster.

Did you even go to the vserver homepage , and read the introduction of the introduction? ->

Linux computers are getting faster every day. So we should probably end up with less, more powerful servers. Instead we are seeing more and more servers. While there are many reasons for this trend (more services offered), the major issue is more related to security and administrative concerns.

Is it possible to split a Linux server into virtual ones with as much isolation as possible between each one, looking like real servers, yet sharing some common tasks (monitoring, backup, ups, hardware configuration, ...) ?

We think so ...

"Clustering under vserver scheme is pretty dumb, if it was in fact meant to be serious."

The vserver scheme is the _inverse_ of a cluster, not meant at all for applications that you would otherwise run on a multi-node cluster.

Did you even go to the vserver homepage , and read the introduction of the introduction? ->

Linux computers are getting faster every day. So we should probably end up with less, more powerful servers. Instead we are seeing more and more servers. While there are many reasons for this trend (more services offered), the major issue is more related to security and administrative concerns.

Is it possible to split a Linux server into virtual ones with as much isolation as possible between each one, looking like real servers, yet sharing some common tasks (monitoring, backup, ups, hardware configuration, ...) ?

We think so ...

If youre hosting, you cant beat this solution

Folks over at Solucorp

Have made kernel patch and utilites to make this almost painless, as well as some precompiled kernels, (I would laways roll my own but ..)

This as I said kicks for hosting, its not just a chroot, and its not like the jail on BSD, its....well different.

This isnt somethign youre going to do on your desktop machine , its going to allow you to span resources, this is COMPLETLEY different from VMWare etc, for all the yahoos that are gonna say this has been around forveer.

After SEVERLY abusing our test server to hell an back starting 2-1 we are going to be offering hosting in this enviroment , we have clients that want their own playground but dont want the maintenece, some have semi-secure data theyre just no comfortable on a shared solution and cant quite justify a dedicated box, were already slated for 10 clients and with their current traffic and traffic times, they will all play very nicley on the same machine

P.S. LOAD up on the ram , and make sure to use SCSI , Low ram and Ide will work but start to bog under load, remeber you have 10 different Linux installations trying to access the disk at once.....

I've been looking at doing my own LFS similar to kaladix and potentially using what might be a smilar patch and tools to this hp stuff mentioned . I need to go checkout this hp patch and spend some time with it to find out what its about.

At one time I looked into SE Linux but noted there was some problem with using LVM with it due to attributes that were used on files, But maybe this has changed? I suppose I could go look again.

I like the idea of setting things up my way (LFS) anyways and using it as the base server and having other virtual servers.

Linux can natively be configured to enforce disk quotas and (with more difficulty) manage network bandwidth without any special virtual server software. Also the native unix process scheduling algorithm does reduce the priority of CPU bound tasks. The getrlimit(2) system call can be used to set various limits per process (not per virtual server unless the virtual server runs as one process I guess.) I know of no way to specifically limit disk bandwidth on Linux.

Freeware such as s_context and user mode linux provide no control over how much resources one virtual server gets over another besides disk usage. Other limited resources like CPU, disk and network bandwidth (RAM?) are shared just like they would be shared by separate processes under a single Linux system.

FreeVSD is not a virtual server, but a collection of scripts, binaries and multiple copies of hard-linked read-only filesystems for the common system environment. It is has the best chance for winning the total performance award but has no extra features for resource limits between systems.

True virtual machines. (E.g., vmware) provide very good isolation, but this leads to little sharing of excess unused resources between virtual servers I believe. They also have poorer performance in general because so much emulation is done.

The commercial, proprietary Private Server product from Ensim seems good from the marketing blurbs which say that they have "their own guaranteed share of the servers resources, including CPU, memory and bandwidth". I wonder what the performance penalty for this is and how much does it cost? Can anyone comment?

Yes, but a little more general purpose. See
the FAQ entry
here

A non-techie will never figure out the mess that is /etc. Until there are applets and/or wizards for every single file in /etc, Linux will not be ready for prime time.

I, on the other hand, dread the day that there is a wizard for every /etc file.

There are a couple trends I hate about GUI config, and certainly not all config programs are guilty of this, but I have noticed all of these "in the wild" at certain times:

• When the GUI config tool is intended as the primary configurator, and the actual config file is in XML or binary, or documentation on the commands is sparse.
• When the GUI config tool completely overwrites the existing configuration to achieve it's functions instead of reading in the existing file and delicately changing just the lines needed. (linuxconf is guilty of this, especially to the sendmail setup where it practically takes over.)

Although nobody has made one that I've seen, I'd love to see a configurator that has the original text config file in a window pane below or beside the main options panel, and update it as options are changed, so you can see the actual commands and what is being changed. Maybe even color highilight the changed lines. That would rock.

What we need to do is start a project which will create these applets, with a consistant look and feel, which will appear in a control panel when an app is installed.

We don't need to _start_ anything, just join one of the existing projects if you want to help: linxuconf, gnomecc, webmin, etc.

...and what, exactly, are RPM, apt-get, linuxconf, etc.? Those are package managers and system configurators tied to other Linux distros.

1. RPM is licensed under the GPL.
   
2. Apt-get is part of the Debian Operating System, which is licensed under the GPL.
   
3. Linuxconf is licensed under the GPL.
4. YaST is not free software.
   

I liked this better: www.solucorp.qc.ca/xterminals/
especially the nice setup.sh script.

I could make that list even longer with many more projects that Red Hat either funds, maintains, develops or contributes to, but I think I've already proven my point.

The thing that BOTH Micro$oft and Linux could learn from Novell is integration. Netware Administrator (NWadmin for the uninitiated) does everything. No, I mean *everything*.

This is exactly what Linuxconf is trying to do, and pretty sucessfully so far too. User administration, sendmail setup, apache setup, bind, wu-ftpd, system services, all from one app.

Next, the xtermkit I used in our project - it's written by Jacques Gelinas of linuxconf fame.

And lastly, check out the Linux Terminal Server Project. Another form of basically the same concept.

Check them out - I fully believe X terminals are a wonderful way to reduce costs - hardware, software, and management - when compared to more traditional desktop computer systems.

Personnally, I would not use laptop for the following reasons :

• When they break, part are expensive;
• Most use non-standard video chipset, meaning possible headache configuring X on these machine;
• Price/performance ratio lower than desktop box(not really revelant for X-term);
• Their keyboard are'nt exactly ergonomic;
• Older LCD are'nt comfortable to work on. Ten inches viewable, come on !

I never completed a similar project, but I would definitely do it with second-hand PC if I had to. A nice place to buy older hardware is IT Xchange. They are a bit pricey, but the inventory is large. Personnally, I'll buy a batch of identical machine to ease maintenance. I'll definitely buy brand new monitor however (for picture quality and reliability).

Another option would be older Sun hardware (SS2, SS5). However, these suffer from some of the same problem as laptop (expensive part, price/performance ratio, etc.). But if you insist on exotic hardware, you could get these cheap on Ebay.

Have you given a tought about the network? X is a network hog, so it would be worth considering network capacity. IMHO, switched 10baseT sould be enough, and I'll choose that over shared 100baseT anytime.

Also, you should give the Linux based diskless X terminal toolkit a look.

Just my 2 bit ...

Cheers //Johan

• Java

  There seems to have been something of a "trainwreck" with respect to Java. There are lots of "nearly done" Java environments out there, including Kaffe, GCJ, Jikes, "Blackdown," and likely others.

  Unfortunately, none are truly useful without some combination of classes (ala GNU Classpath) and some combination of AWT/Swing. And that has been rather less rapidly forthcoming in the "reasonably free form" that is necessary in order for it to be ubiquitous enough for people to really use it to deploy applications, or to use it as a layer on which to build further infrastructure like EJB.

  Is anybody near to deploying a complete "libre" Java for Linux?

• System Config Tools

  There's Linuxconf. There's COAS. There's cfengine. And Ganymede (tho it needs Java; see above...) and bunches of other system config tools one one degree of incompleteness or another.

  Big, expensive things like UniCentre are also getting ported, although they're not likely of great interest on the home front.

  Is there any intent to try to have some useful protocols to allow intercommunications of some of these systems, or to perhaps pick an existing one rather than recreating the wheel?

• Testing/Standards

  There has been some lipservice about Linux Standard Base (LSB), but it is not evident that anyone has either deployed substantially changed systems as a result of attempting to conform to some common guidelines, nor to actually provide ways of conforming systems to standards.

  There are lots of tools out there to run systems through automated test suites; that is apparently one of the major tasks of one ACLs for Linux project. In other contexts, we find ANSI Common LISP Conformance Tests. The folks at Cygnus run EGCS through testing, and provide EGCS Test Suite Results. Greg is being used to validate that GnuStep conforms to its documentation.

  ... And every "dot zero" release of Red Hat Linux fills many with fear as it tends to at least appear undertested.

  And then there's the Extreme Programming approach (particularly associated with Smalltalk) where one of the core requirements is of Continuous Integration Tests that are integrated in with the development process.

  But it is, often enough, not clear that people are depending in much more than merely the notion that Because it's Open Source, naturally bags of people will want to spend their weekends testing my code.

  We badly need to have some regression tests so that some testing takes place as distributions are constructed. Debian does some of this with dpkg-related tools; it is highly unfortunate that similar tools have not cropped up around RPM.

  Question: What are you doing to help contribute to the public body of test suite code?

I'm using a single boot floppy for each machine, and they then mount root from an NFS server. Performance is great, you certainly would not know you were working on a 486. And, in addition to the cost savings and more than acceptable performance, administration is a breeze.

The kit I started with is developed by the author of linuxconf. You may find it here: xterm.