Slashdot Mirror
One-Machine Linux Cluster
An AC wrote: Forget Beowulf ? clusters, Jacques Gelinas has made available a kernel patch to enable many virtual servers running on the same machine, even the same kernel. Read his original message posted to the Linux kernel list." Imagine what this will mean for hosting companies...
What is this good for?
Tick tock tick tock.
Semantically, that should be a meta-beowulf cluster of those.
Keeping
Honestly, you might be on to something here :)
A virtual Beowulf that is physically a beowulf node itself...Naah, that'd take some clever hacking, a cluster of cluster servers. Probably not possible.
Slightly off topic, but does anyone know: i got two machines, duron 850, and a pentium 450, with basic cluster operations, what programs can actually cluster? can i cluster these two computers together to form a better computer for a certain task? I want to try and put them together, and see how many websites hits they could take before they fall over. Thanks in Advanced Peter Revill
Microsoft IIS is to webserving as KFC is to healthy eating
"a cluster of clusters" sounds awfully like an array of arrays which is a multi-dimensional array. Hmm... A multi-dimensional cluster perhaps?
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
haha.. better read the fine print and make sure you actuallu get your own *computer* including box and powersuppy, and motherboard-- or you may end up sharing your box with 100 other ppl :-P
Is it just me, or is this a dumb idea? I mean, why bother with a cluster if you aren't exploiting some OTHER computer's resources. You might as well just run the job directly under Linux--you'd get the same performance (probably better).
I always thought the point of a Cluster is desgined to add machines and combine into a "virtual" machine, that has much more porcessing power and disk capabilities than a single standalone box.
Thence, this may be a good idea for adding virtual machines, say for additional processes and purposes, but a cluster in the way I unsderstand it, ie putting two or more cheaper machines together to make one much, much more powerful "virtual" one.
BUT, combining this WITH a hardware cluster - now that is a good and worthwhile idea.
"Old Rallydrivers never die - they just fail to book in on time"
If this gets used, I can see some companies taking advantage of the possible savings from using one computer instead of a couple for those Beowulfed tasks. Maybe Dreamworks can shrink their renderfarm ;)
...one programmer scratches an itch and we all get a possibly incredibly useful utility. (And yes, I know Linux is actually Free [being GPL'd], rather than just Open Source - but Free is a subset of Open Source and Open Source lets this happen.) Try that in Windows - nyahh!
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Isn't this like the BDSs jail() syscall?
As far as i know... this was supposed to be one of the big wins for the mainframes... i recall some note about 44000 linuxes running together on a single IBM mainframe? sorry dont have the link handy...
A crank is a little thing that makes revolutions
Beowulf clusters of virtual Beowulf clusters of virtual Beowulf clusters.
On a more serious note, though, this still does not give you the advantages a dedicated server does. You do not have the dedicated *hardware* resources and it is likely much slower than just going the "chroot route" (due to all of these virtual machines on one server...)
Do you like German cars?
Slashdotted before I could read the whole thing. :( But, as a sysadmin for a smallish web devolopment/hosting company I could REALLY use some separation between certain clients. Sure, this isn't ready for production systems but one day it may be.
The patcher is right...modern CPUs (for my industry) have PLENTY of power. What I hate is having to run some third party app for a client (even in a Linux environment) that *might* affect the whole machine. This patch holds the promise that I won't have as much to worry about.
Yes, this is a good thing.
Here before all but 8486 of you.
Well hey, on a multiprocessor machine it might be interesting. Dedicate a processor for each node and you have four beowulf nodes in one box.
Not only would it be cool for developers to test Beowulf-enabled code, but it would be awesome to have each node independantly accessible from the network.
Here is another project that just turns the kernel into another runnable process. You need to have a filesystem for it to mount and run with (available at the site) and from there you can have it run just about everything you can under the main host (within reason). It can be totally isolated, networked, and/or use its own hostfs to read directly from the host system's directory tree.
only took 10 minutes, now i can't read the rest of the site. :(
[and i can't fucking post this comment because of the stupid 20 second rule! morons!]
Ohh god...
type beowulf=packed array[0..255] of system;
type cluster=packed array[0..255,0..255,0..255] of beowulf;
Slightly recursive...
cluster[0[255],0[255],0[255]] = isPrime(bignumhere);
Thats if I remember my multidimensional linked arrays correctly. (and no, it isn't C++ either, sorta Pascal.)
Basically the same idea as Galaxy. Check it out for ideas.... http://www.openvms.compaq.com/availability/galaxy. html
It would help if you would read more than just the title before you commented...
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
Take a look at the jail(8) and jail(2) manapges.
Actually meta means about, not doubling meaning. IE: Meta-moderate - Moderation about moderation. Your example would be Beowulf about beowulf, not Beowulf of Beowulf. I highly doubt that this was the original intention. I'd imagine linking all the virtual machines together like a cluster would never come close to the performance of the original machine as one.
You're supposed to italicize the reader submissions? Then again, nobody else seems to realize that Slashdot doesn't write the stuff in italics, so I guess I can't blame him ;)
Chris DiBona of course!
Derek Greene
This has just about zero to do with clustering, if anything this is the opposite of clustering. However this IS very very interesting for Web Hosts and just about anyone else that wants to create and maintain multiple environments for developement, test, etc. Image, being able to carve up a mid-range machine like you can an S390 (or other Mainframe class machine Like Sun's E10/15K). So suppose IBM takes this an runs with it. Linux is already ported to RS/6000 and AS/400, now you could get 8 processors of RS/6000 goodness, run production on 4 processors, Test on 2 processors, and Dev on 2 processors.
The devil will be in how you refresh test and dev from production, but that can probably be done inside Logical Volume Manager.
This is very very cool stuff it will be very ineresting to see how it stacks up against the big boys in Virtual machine space.
What if it is just turtles all the way down?
... of clustering. Its... slicing your box up...
I am displeased to see so many of you people replying and asking why this would be a good idea.
:)
The point is that this is *l337*. *That* is the point.
If there happens to be a practical application, that is completely secondary.
Slashdot 's editors are dickheads
Typical - lots of geek credibility, incredibly limited usefulness, and will do nothing to make Linux more usable for the general population. We want world domination, but everyone has to get a CS degree to use our OS.....
I believe this package is very popular with webhosts. One user can totally hose the machine, the rest are not impacted. Trust me, I know.
Microsoft has decided to cluster-enable the BSOD so that response times for rebooting can be quicker.
"One-Machine Linux Cluster"
Actually I did, which is why I added my comment about adding this TO a hardware cluster. What I was querying was that a) the title of the article appeared to be misleading and 2) It doesnt really seem to me to be much of a point on a single box.
But as I said, with a hardware cluster AND this, now that's a good idea.
"Old Rallydrivers never die - they just fail to book in on time"
Can anyone tell me how this is different than User Mode Linux?
Opus: the Swiss army knife of audio codec
How bout you stop feeling all high and mighty cause you can read, and give the man a god damn answer instead of your useless garbage posts?
Someone doesnt understand the reason for a cluster
/. article to hosting companies. This is like the Sandinavian ISP that replaced a bunch of Sun boxen with a much smaller number of larger IBM mainframes. The mainframes run IBM's VM (stands for Virtual Machine), which is roughly analogous to the "root-kernel" dicussed in the linked-to articles, then runs many independent copies of Linux under VM. Each user gets his own copy of Linux to screwup^H^H^H^H^H^H^H do as wishes with. VM 'fools' the copies of Linux into thinking they each have their own machine. Here we have Linux replacing VM, so now a Free product can do some of this (assuming it works, which, being brand new, I wouldn't bet my income on. But I'll bet it will work well soon.), though not all: VM lets you run multiple OS's on the box, which this doesn't. But it does a lot - separate root logins/passwords and process lists for the 'vurtual Linuxen', for example.
I think that was whoever wrote the headline. This doesn't buy you what a cluster buys you, which is more MIPS and RAM working on the same problem. This buys you multiple relatively independent environments on one machine. Hence the reference in the
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Hostpro, now Interland has this sort of thing for freeBSD. It used to be called vserver. The new improved version is called Freedom. It's been out for years.
This concept is not new... A project known as FreeVSD has been in production for a while now.
The software is released under the GPL, and is striving to be the most advanced and finely tuned web hosting system available.
More information can be found here:
http://www.freevsd.org/
There is no
I wonder how this would work with mosix... it could be a dream system!
You could use mosix to combine the compute resources of several boxes to look like one box. And then, you could use this divy up the space so that people don't step on each other. When anyone (working in thier own space) kicks off a large compile, the load would transparently be distributed among all the boxen.
Of course, I have zippy experience with any of this, but it sounds possible.
HIV Crosses Species Barrier... into Muppets
i use an "appliance server" at mediatemple.net that uses the same sort of thing. just a small, isolated linux os on a shared box. works great! i'm fairly sure they use technology developed by ensim. read up on it here. nice to see this made available elsewhere though...
What many people think it means is often something like a parallel file system. which is not the same.
If I recall right, backups can be a pain, but that would vary and depend on the software
"It is a greater offense to steal men's labor, than their clothes"
what would happen if you ran a fork bomb on one of the virtual servers? would it bring the whole physical machine down or just the virtual machine?
I SURVIVED THE GREAT SLASHDOT BLACKOUT OF 2002!
EXACTLY what the FreeBSD jail() call does...
Basically chroot on steroids...
Well, it is good the linux crowd took such
a good idea over.. if now only they would take
the concepts of having three branches ( RELEASE,STABLE,CURRENT) to the kernel...
On another note though.... with linux's history of root kit's, ths is certainly something i would not use for a commercial offering...
I mean come on, can you imagine a bigwolf cluster of these?
I might not know a lot about PCUs but if you can have more than one kernel for each PCU, you could have a HUGE wolf cluster (like 4 cluster's per PCU).
Man, I doubt my win95 machine supports this but if anyone knows of any bigwolf libraries for win95, please mail me electronically at malda@slashdot.org
The funniest thing I have heard on slashdot !!!
How many times have you heard friends say, "We need a beuwolf cluster of those"??
Firstly, you're an idiot if you still haven't realized staff comments aren't in italics.
Secondly, Beowulf clusters were only mentioned because they are the complete opposite of the subject matter:
Beowulf clusters bring the computing power of several computers together for a single task, whereas with this a single computer could be used for several isolated tasks.
Some of you should hand over your geek badges, right now.
Or the manager of VA Systems/Research/cheesecake
IBM has been doing this for some time on their mainframes, where it actually makes sense because of the massive amounts of processing power.
(Goodbye, karma.)
I know this is completely off-topic, but here it is anyway.
Your understanding of the prefix "meta-" is incomplete. In addition to indicating syntactic self-reference (see Hofstader), it can also indicate semantic self-reference (see... well, Hofstader; he talks about this, too, in his discussion of GOD: God Over Djinn).
SGI has a device for connecting crossbar routers together to form large single-system-image computers. It's called a metarouter:a router for routers.
Likewise, a cluster of clusters would be properly called a metacluster. Since "Beowulf" is commonly synonymous with "cluster," the term "meta-beowulf" is pretty much correct, even though it makes me cringe.
Yeah, way to catch up, guys.
You open source people are really on the ball.
Think about a system where you want to use IP filter to control what a network host/ports a service (or the hacker that has cracked your service) accesses.
If it addresses many of the issues that normal chroot has, then it may be good.
Isolation of applications against each other.
It's going to be intresting to see how much overhead this has when compared to vmware, usermode linux, or just chroots. (Tried 'em all).
If the overhead of this is not higher than chroot then it will be a big win.
Are you paranoid if you know that they just want to know everything you say and do?
I could be mistaken here, but it is my impression that any user can spin off a virtual machine.
What happens in the following scenario:
A user spins off a vserver, specifying the IP address of the default gateway for the parent server. The user then somehow convinces the parent server that it really *is* the gateway, and effectively takes the parent server off the network. If this is possible, someone without physical access to the network, but with an unpriviledged login to the parent server, could effectively perform a DOS attack on it.
I must be missing something here. It can't be this simple. Can anyone point out where I've gone wrong?
You bring up fifty instances of WINE. Each one of those instances brings up its own LINE emulator (okay, except it's not an emulator, but you know what I mean). You get each one of THOSE instances to broadcast on a different local IP on the machine, and then you cluster them all together from a serving process, no?
How'm I doing? Better not quit my job as a VB instructor?
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
Co-location is kinda pricey, but use linux enabled with domains, and you could split the cost with other people. Then nobody has to bitch about ROOT access. If I ran a small ISP, I could offer linux domains for cheap, virtual servers. If someone messed up a domain, just restore from the nightly backup and they are up and running. Get a couple dual proc boxes, with dual nics (inet/nfs+backup), and a 60 gig (raided?). Make 2 gigs per domain, and NFS mount the /home dirs on some nas. If you could get the backups working, where handling domains are like files, just copy and go, this could be some powerful tool for the busy admin.
-
Sometimes I've believed as many as six impossible things before breakfast. -Lewis Carroll (1832 - 1898)
What!?!? What happens when you bind, say, sshd to port 22 on multiple servers? Do you also need multiple ethernet cards and ip addresses? The docs don't say anything about that...
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
user-mode-linux has been around for quite a while now. it allows you to run the linux kernel on top of linux with its own filesystem, etc. if you're interested, grab the patch or check out the alan cox branch of the kernel.
When we upgrade databases, we assign a dedicated server because we dont want to use the all the cpu horsepower. If we ran a linux with virtual domains, we could upgrade on the same box and not use up all the resources, and the box could stay in production. Thou the article said there is a draw back on a shared file system, allow some kind of snapshots of file systems and you could make a very powerful combination. If you could move a snapshot file system to a domain, you could test, upgrade, whatever. Interesting idea.
BTW, if you have a Sun StarFire with domains plugged into an EMC terabyte storage, you spent millions to do just that!
Isn't this basically what Bochs and VMWare are capable of?
I am displeased to see so many of you people replying and asking why this would be a good idea.
The point is that this is *l337*. *That* is the point.
Somehow I'm sure I could find a similar phrase in a "famous last words" collection somewhere ;-)
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
It seems like this is the same kind of thing this person is talking about...? Is this more general in some way? What exactly is my host using anyway?
This patch sounds somewhat similar. Uhh...is it at all similar, aside from the fact that it virtualizes in the other direction? Could it be turned inside out and extended in that direction ?
If you just want to setup a web server, you don't really need to do a Beowulf cluster. There are a lot of ways to split web traffic load among different servers.
The easiest would be to separate your program out serially, rather then in parallel. (So, for example if you needed a database, you could run the database on one machine, and the HTTP logic on another). If you had three or more machines, you could use one of them as a 'dispatcher' as a sort of proxy server that would send requests to different machines to split up the traffic. With just two machines, I suppose you could use round robin DNS where different computers would get different IP addresses for your domain name, so the load is distributed among your boxes. You'd probably have to run your own DNS server, though. Finally, if you're just serving static pages, you don't really need to worry about anything. Just about any PC on the market today can do thousands of hits per second of static HTML. More then you'd probably ever need.
autopr0n is like, down and stuff.
Yeah! Let's take single machine, split it into 4 logical machines, and then combine them into 1 logical machine! DOH!
Arguably, the above post was +2, Funny. +5, Insightful is just plain bad moderation. Time to break out my red M2 pen.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Having these calls available to non-root opens up a can of worms. The system provided looks clean, except he should limit its execution with yet another capability.
this is barely funny +2, let alone insightful +5
If you're going to flame someone, you should probably do it directly, in a followup thread, rather then just launching a 'general' flame in a root comment. I don't know if you'r reading at -1 or what, but I have no idea who you're talking too...
autopr0n is like, down and stuff.
Linux can natively be configured to enforce disk quotas and (with more difficulty) manage network bandwidth without any special virtual server software. Also the native unix process scheduling algorithm does reduce the priority of CPU bound tasks. The getrlimit(2) system call can be used to set various limits per process (not per virtual server unless the virtual server runs as one process I guess.) I know of no way to specifically limit disk bandwidth on Linux.
Freeware such as s_context and user mode linux provide no control over how much resources one virtual server gets over another besides disk usage. Other limited resources like CPU, disk and network bandwidth (RAM?) are shared just like they would be shared by separate processes under a single Linux system.
FreeVSD is not a virtual server, but a collection of scripts, binaries and multiple copies of hard-linked read-only filesystems for the common system environment. It is has the best chance for winning the total performance award but has no extra features for resource limits between systems.
True virtual machines. (E.g., vmware) provide very good isolation, but this leads to little sharing of excess unused resources between virtual servers I believe. They also have poorer performance in general because so much emulation is done.
The commercial, proprietary Private Server product from Ensim seems good from the marketing blurbs which say that they have "their own guaranteed share of the servers resources, including CPU, memory and bandwidth". I wonder what the performance penalty for this is and how much does it cost? Can anyone comment?
Would this isolate a virtual server from the other running on the same machine or is it actually only one 'multi-server' kernel?
I was wondering whether this could be a solution (a la VMWare) to develop kernel drivers and patches without risking to crash the machine.
I use the commercial Ensim Linux Private server technology... indeed it is perfect hosting. I've hosted over 50 Linux servers (VPS) on one physical machine (a big dell) with very few bumps. I reccomend about 30-40 though. Some of Ensim's products are rock solid - like the VPS itself, which is coined as the heart of "ServerXchange"; however a few of the "add-ons" need a little work. It's good because there are a large number of users who require root control over a server to install apps, and maintain security, etc - but don't need all of the hardware behind a dedicated box. They just want out of shared-hosting hell. It's important to note that the Ensim product completely isolates each VPS (virtual private server) including the Disk, CPU, Mem/Swap, Network, and soon disk activity on the physical server. I've stressed tested the Ensim VPS servers, have broken them, run really bad rm commands - and it is possible to wipe out a VPS and the others keep churning. Outside of not being able to mount the floppy disk or whatever they function like dedicated servers. I've found very few limitations. I run NFS mounts, IDS software, IPChains, and almost any other app. The Ensim stuff has been in development for years, so you also benefit from numerous code revisions, upgrades, and tuning. Something to think about... free is not always better. I am defintely an advocate of the Ensim product and thought I should give it good light. I've got 4 boxes for Linux hosting servers instead of 120.
Sorry if I sound a little upset, but I'm really tired of the FreeBSD vs. Linux war. I think it's pointless and don't make any good to anyone or the OpenSource community.
Jail is in some way like chroot (as other has pointed). It imprision some process placing some restrictions to what the process can do and the idea of this new patch is to run an entire new machine (with his own kernel, process list, etc...) over the same machine.
So just stop trying to start a flame and find a better use for your time, I guess that all the community will be happy on this.
There is an article (spanish only) commenting this kernel feature here:
d &name=Sections&file=index&req=viewarticle&artid=2.
http://www.hispacluster.org/modules.php?op=modloa
In fact, this article was generated collecting the opinions of many users who post comments about this topic.
I hope it could give you some ideas about the implication of this important feature in the Linux future.
greetings,
lekter
http://www.hispacluster.org
What are these moderators thinking !
You guys might want to look at freevsd (http://www.freevsd.org) which has been doing this for a while.
Well, it really depends on the application. *If* it spends a lot of time in the kernel, or worse gets locked in it, then the whole machine will come to a halt.
From the description it seems like the kernel is shared (no 'one kernel for one virtual host') so extensive locking performed on behalf on one application *will* influence others. Even if you have lots of extensive computing power.
Or just imagine - 99% of CPU hogged by an application you cannot kill. Or is there some form of 'master' context that can influence all others?
e-mail: karol at tls-technologies.com
www: http://www.tls-technologies.com
sig: not found
It's the control over it.
Mainframes have insane amounts of control over user processes (a Linux image essentially becomes same), as well as the ability to allocate more resources, fewer, provide fine-grained process accounting, shut down processes, migrate them elsewhere (part of the IBM dataceter Linux concept is the ability to migrate nodes around the country as needed).
What a mainframe doesn't have to offfer is insane amounts of processor power or memory. Disk, and disk I/O are quite another matter -- the amount of aggregate bandwidth a z390 has to offer is impressive.
PC-based virtualization clearly has some advantages, through not all of those offered by a mainframe. A rack of virtualized PCs probably does offer a higher processor density than the equivalent mainframe, however.
What part of "gestalt" don't you understand?
By virtualize the computer, one can assamble a linux cluster to run that configuration and then have not X computers as the number of computers in the cluster, but X*N computers... a big step... I wander if there is a P2P way to use this... (like seti@home...).
Much respect to this guy. He's taken something thats big, hairy and complex and looked at it from a different direction. Because he's got access to the source he's been able to do something novel with it in what appears to be an efficient and simple way...you couldn't do that with any of the closed source OSes out there today!
/bin /lib etc. from a generic set but users can modify them if they need to - this would allow a sysadmin to keep the default system current while not preventing 'owners' of an individual image from being able to change things if they need to....I vaguely remember something like this for CDs - anyone got the details? Time for a bit of experimentation ;-)
The beauty of this is that there's *one* kernel running so, apart from any overhead of selecting the environment, you pretty much get the same performance as running native. This has got to have 1001 applications.
One of the things I'd personally like to see is some kind of overlaid filesystem so each image by default gets
Jump onto a FBSD system and "man jail"
Imagine a cluster of beowulf clusters - each system running multiple instances of linux!
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
I wonder if it would be practical to associate absolute CPU time limits or CPU usage percentages with a security context id in order to prevent a certain security context from hogging all CPU ressources.
A similar thing would be desireable for resident set size (real RAM usage) and virtual size (process size) per security context.
That'll be about 14 then, I guess.
Imagine a Beowolf cluster of these!
Sounds of paper rustling...
Ah there it is! Nope sorry still an honours English degree.
Though what the hell I'm going to do with a one mchine cluster I have no idea. ;)
As it was alredy stated - you cannot dedicate CPUs to virtual hosts.
But to make Beowulf you don't need to - you still got a virtual machine for each host. The fact that they use the same CPU does not matter - they will only get slower.
And yes, virtual hosts can be independently (to some extent) accessible. As written in the note, they can use distinct IP addresses meaning i.e. that all the vhosts can bind to the same port simultaneously. If you want more independence, why not install some multi-interface cards (or just 4 ol' Ethernet NICs).
e-mail: karol at tls-technologies.com
www: http://www.tls-technologies.com
sig: not found
Jail SYNOPSIS jail path hostname ip-number command ...
DESCRIPTION
The jail command imprisons a process and all future descendants.
Please see the jail(2) man page for further details. .... ....
FreeBSD 4.4 April 28, 1999
Forget arguing about the definition of a 'cluster'. This is the technology that differentiates between PCs, servers, and mainframes.
IBM and Unisys mainframes (perhaps others, I've worked with these) have hardware partitions where CPUs are divided up. Linux is there now too.
This looks awesome on paper.
Now I can run an server that when my clients ask for shell access I dont have to cringe....
Anyone out there running this yet ?
Sig went tro...aahemmm.....fishing........
Chroot jails have their problems an annoyances. I've been toying around for a bit with the idea of using User Mode Linux as a security sandbox. This cluster-on-one-system looks even better, and a sibling comment to this one indicates that maybe User Mode isn't a safe jail, anyway.
Not having enough of a home DP Center to dedicate one box for a firewall, I end up running local services (properly configured for local ONLY access in addition to firewalled for local only) on the same machine. I think I've done a good job, but there's always that nagging doubt. Putting my local services in a -safe- virtual OS would give me an additional level of comfort. Chroot jails are ok for standalone things like BIND, but once you have several services interacting like a mail system, it gets a bit messy.
The living have better things to do than to continue hating the dead.
well i think that doesn't make sense, at least in my understanding of a cluster. first of all: what is a cluster for? i know two situations whane you might want to use a cluster: to gain performance or to gain redundancy (or to say so -> come closer to the 24/7 availability). in both way's a one cpu cluster won't help. so, what's the advantage of one....
oh yeah, before i forget.. i can already run multible apache instances on my single cpu machine
".Sig Stealer" was here
I think you are speaking beside the point; I am thinking what this gives us is 1 box, 3 people, each with blessed protection from the consequences of the mistakes of the other 2 (killing wrong procs, rm -rf /, etc)
Alright, this for all you people who always pipe up and say "but linux has had this for years" when
an announcment about a BSD happening is made. BSD HAD HAD THIS FOR A LONG TIME (couple of years). This sounds and looks astonishly similar to the BSD jail() written by PHK but with a messier interface. It is good stuff and hosting companies already use it a lot. Thanks for your time.
Back to the linux zealots.
Wow, that's enough karma to make you an official "Kool Kid" (tm)! Your opinions sure count now!
No, moron, it means that I don't have to whore for points. Your mommy should have pointed that out to you when she read you the article to which you replied.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Unix and Linux have always had the chroot() system call. This call was used to trap a process into a sub-directory. After the system-call, the process is led to believe that the sub-directory is now the root directory. This system call can't be reversed. In fact, the only thing a process can do is trap itself further and further in the file-system (calling chroot() again).
And...
The vserver is trapped into a sub-directory of the main server and can't escape. This is done by the standard chroot() system call found on all Unix and Linux boxes.
But, I thought you couldn't (safely) run root processes in a chroot jail, because escape is easy if you can call chroot? Eg, create a subdirectory in your jail and chroot to that (keeping the same current directory), then chroot("../../../../") to get out of jail. Is it really safe to give someone the root password to a vserver in this system?
Could this be used to give every remotely downloaded app a virtual machine, sort of like a java VM? As an advantage to java, with IPv6, you could give every app its own class C network off your 1 billion IP block.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
can you imagine a beowulf cluster of these these?!
I have been using this system for a couple years now....
http://www.freevsd.org/
freeVSD is an advanced web-hosting platform for ISPs, educational institutions and other large organisations. It allows multiple Virtual Servers to be created on a single hosting server, each with a truly separate and secure web-hosting environment. This reduces an ISP's hardware outlay and also lowers the cost of support due to delegated administration.
I've used Ensim before as well as some other decent web management packages, and yes it seems to be the same idea as what's mentioned above.
Heh. To every Microsoftie who ever said "Open source does not innovate," I humbly submit this amazing technology as proof positive that you are wrong.
Tired of FB/Google censorship? Visit UNCENSORED!
Why not run multiple instances of linux on top of a Mach server?
Another use that hasn't been mentioned here is testing your failover systems. Now, instead of buying two machines, you can buy one and simulate crashes to test the failover. Very useful stuff.
Note: for most packages there are ways to do this anyway, but they can become a PITA.
-no broken link
I can see using one of those old machines that we give to temps we don't like, slapping this patch on it, and the six or seven little used intranet sites on it. It'd be nice to take them off the mail server.
I really hate Dan Patrick.
I agree my post wasn't +5 *insightful*, but it's pretty fucking pathetic when you can get users (especially an AC) to tell you how to moderate, and you then proceed to do it.
I'd also love some links to show how it was "redundant."
And it was not a troll.
Slashdot 's editors are dickheads
Yes, the patch doesn't support hardware dedication. But my SUN background makes me ponder a line of thought.
:)
In Solaris, there are the psr* family of commands for processor administration. psradmin -f 0 will turn off processor 0. As long as this isn't physical powering down of processors, and simply instructions to the scheduler to disregard p0, you could, on the above vm, do something like:
Prod: psradm -f 4,5,6,7
Test: psradm -f 0,1,2,3,6,7
Dev: psradm -f 0,1,2,3,4,5
Leaving procs 0-3 for Prod, 4-5 for Test, and 6-7 for Dev.
Along the same lines, at boot time you can explicitly state memory ranges to the kernel, if linux can't detect your memory right, or you have known bad memory you want to avoid. With the same thought, the Prod, Test, and Dev kernels can be brought up explicitly stating the 0-2G, 2-3G, and 3-4G ranges as usable memory addresses.
You run into more problems when it comes to peripherals in the box, but how many serial ports do you really need? Just specify ttyS0 in the VM with the addresses of ttyS0,1,2 of the physical server.
Am I smoking crack, or should I just stick with my much-more-hardware-flexible Sparc architecture
This space for rent. Call 1-800-STEAK4U
Yeah! Let's take single machine, split it into 4 logical machines, and then combine them into 1 logical machine! DOH!
Sounds resonable to me, how else do you test your beowulf code before pushing it out to the big ol cluster? Before this there were 2 alternatives, a smaller test cluster, or VMware. Granted that if your app ends up network bound you probably dont have a very valid test here, but its at least as good as the vmware one, without the huge overhead.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
The company I host my sites on (http://www.dsvr.co.uk) uses this system and I think it's great. They cut an IBM RS6000 server into 100 accounts. Each account can host upto 300 domains, each virtual server run sendmail, mysql etc and surprisingly enough it all still runs *DAMM* quick :)
Verio's Virtual Private Server runs a modified FreeBSD 4.2 to accomplish this. Verio acquired best.com (bay area legends) and their VPS technology quite some time ago.
Stuart Eichert
One of the things I'd personally like to see is some kind of overlaid filesystem so each image by default gets /bin /lib etc. from a generic set but users can modify them if they need to - this would allow a sysadmin to keep the default system current while not preventing 'owners' of an individual image from being able to change things if they need to....I vaguely remember something like this for CDs - anyone got the details? Time for a bit of experimentation ;-)
The HURD has support for such an overlaid filesystem. It's flexible to the point where you could (I believe) mount a CD as a read-only device, and then write changes to the disc, storing your changes elsewhere. I'm pretty fuzzy on exactly how it works, but I've had it explained to me by a couple of HURD hackers and it sounds very neat.
Just to mention one error that shows up on almost every page, "independance" isn't the way to spell "independence". And yes, I know that he's Canadian, but I'm pretty sure that the British spelling is the same.
Nothing for 6-digit uids?
This is much like the jail() of BSD. This does not give any of the benefits of a clustering arrangement. That is, the benefit of having a cluster is that you can distribute process across multiple machines and run from a common storage server. Although this technology is very useful (and can be applied in all sorts of ways- We run Bind in a jail) it does not provide extra process space if only running on one machine.
Having sufficient RAM is the largest factor in commodity grade webhosting services, so having mutlitple instances of a cluster on the same machine does not really make sense, when the whole point of a cluster is to give faster computation and access time.
btw- we offer both of these services here, and we do it on FreeBSD.
You have to decide if your application needs to crunch numbers real fast, or if it needs to do a lot of I/O. Since you are communicating between 2 or more boxes, your bottleneck is I/O (ethernet, whatever). Number-crunching works well on clusters, because you are not shuttling stuff between the nodes so much.
On the other hand, databases with lots of little reads/writes have to spend most of their time sending data over the wire to each machine, and it is possible that if you cluster, your app could run slower than on a single machine. For these kinds of apps, you would get better performance from a multi-processor box (SMP).
You can, of course, take all of this into account, and engineer your app and the cluster accordingly. You can replicate your databases, etc. Basically, clustering is not a plug-and-play operation (although it is 31337 in front of your friends, even if you don't optimize it --- heh).
Need a Linux consultant in New Orleans?
Imagine a Beowolf Cluster of THESE!!!
Just interested, and the contributors to this thread seem pretty knowledgeable....
actually, It means "beyong" in greek.
metaphysics (meta ta physics): beyong physics
Or just imagine - 99% of CPU hogged by an application you cannot kill. Or is there some form of 'master' context that can influence all others?
Well, for those kinds of scenarios we could use a method frequently used by a renowned professional commercial platform. Just hunt down an MCSE, and tell them to fix the problem. I assure you, it will take only a few seconds.
-- Another senseless waste of fine bytes.
Would it be possible to use this to have one 'host' kernel (something bare-bones), and another 'active' kernel running below the host? You could then change the kernel version on the 'active' part without a restart.
Just a thought...
-twb
Moderators don't seem to have any sense of humor here.
The parent is hilarious, but it's labeled as a troll.
And, your reply is modded as off-topic.
I wonder what moderation I'll get.
I'd probably be given mod access more often, but I haven't been able to pass the smoking crack requirement.
The first truth about awareness, as I have already told you, is that the world out there is not as we think it is. -DJ
Sun has machines entirely built around the concept of virtual hosts. Of course, they stole the idea from the mainframe world, where this has been going on for decades. I don't know of any systems that currently allow splitting a single CPU between domains, but I honestly don't see it as much of a benefit.
Which is definitely not to say that it's a bad or late thing--it's nice to see Linux playing with the Big Boys (tm) now and again. Just don't think that it's ground-breaking technology.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
During the course of my job, I have to recreate customer environments to duplicate their problems. Often these environments involve firewalls, NAT, or simply multiple subnets that are difficult and time-consuming to get past our IT guys (and even once we convince them of the need, it may be a week before any real progress is made on their end to set things up).
However, using this, I can hopefully get a single box set up with several "systems" using internal virtual networks that will allow me to have something like...
1: Server / Client Gateway
2: Client
3: Firewall / NAT / Router
4: Client Gateway
5: Client
With 1 and 2 being "inside" the firewall and 4 and 5 being "outside".
This would allow me to eliminate TONS of bureaucratic red-tape paperwork BS, and give a self-contained environment for some of my other coworkers to educate themselves on (95% of which have never done any actual hands-on work with a firewall or even done any routing).
While all this could be easily accomplished using a multi-processor Sun box and their domain / partitioning scheme, those tend to be a little more pricey than the dual-P2 I've already got sitting idle in the corner of my office...
Any comments on the feasibility of this scenario?
Would this package work for what I'd like to do?
Thanks...
-l
Hey, that's nice, but every business that needs virtual hardware domains is probably using a large Sun machine. Think they're going to replace it with a wimpy little Linux box? Don't make me laugh.
How does this compare to both
umlinux (I suspect this is not what's going on)
and
freevsd (Check it out)
http://www.freevsd.org
This could mean that finally people with a small application base (web server, email, maybe a instant messaging server) can get together a share a colocated server somewhere. If we could get 25 or so people together, the cost would only be $10/mo or so...
Apathy -- The state of numbness of the mind. When you are apathic, you can think.
FreBSD has been using the Jail code that PKH wrote years ago
You can also get a REAL linux box on a PCI Card , with a deicated CPU , ability to reboot etc. as per last weeks review at:
1 /1 435205
http://www.newsforge.com/article.pl?sid=01/11/0
can you imagine a virtual cluster of these things?
Some extremely large, well known hosting companies have trouble providing "reasonable" (trustworthy, timely, competent) support to corporate website virtual hosting clients, and I have repeatedly seen all hell break loose in the case of deadlines to push staging to live server from many time zones away.. for some reason I still don't understand, we were never allowed to touch the live server so we never even knew its directoy contents. Sheer hell. In this situation you seldom know if it's going to work on the live server (which is *not* the same as staging no matter what was promised) until D-Day.
I was even offered root access once to fix this provider's host but I had to refuse due to responsibility for all the other clients with virtual websites. The problems generally do not come from things that would crash a kernel, but from the economics of getting individuals to apply appropriate knowledge in the right place at the right time, within the context of a number of companies working together with their own agendas.
Using this virtual server patch, I can see a *lot* of time, effort, danger, stress, complaints, etc. all swept away into history!
Run a virtual servers on your local dev box and the remote staging and live machines, then use rsync from local to staging. Ssh into staging and rsync again, or have the admin staff do so. But the live machine can be isolated network-wise, so it is more likely that the user could be allowed onto the live server themselves.
Of course, 1) it isn't a real compartment with your own filesystem and everything, so for example installing Perl modules, tweaking boot scripts, or tweaking security ain't happening. 2) it isn't strong compartmentalization. And 3) you have to be running a linux kernel in the first place. And 4) the above problems tend to involve Suns, not linux boxes.
Seems this kind of idea is killer though. It would be really interesting if we could run something like this or (maybe better yet) user-mode-linux efficiently as a process inside a SunOS environment. Sounds like IBM had the right idea running a bunch of complete OS images on their heavy iron.
He'll be at Linux-Québec meeting's next week for those interested...
I use Vital Server and they rock. I can run any software and great performance.