Slashdot Mirror
One-Machine Linux Cluster
An AC wrote: Forget Beowulf ? clusters, Jacques Gelinas has made available a kernel patch to enable many virtual servers running on the same machine, even the same kernel. Read his original message posted to the Linux kernel list." Imagine what this will mean for hosting companies...
haha.. better read the fine print and make sure you actuallu get your own *computer* including box and powersuppy, and motherboard-- or you may end up sharing your box with 100 other ppl :-P
Isn't this like the BDSs jail() syscall?
Slashdotted before I could read the whole thing. :( But, as a sysadmin for a smallish web devolopment/hosting company I could REALLY use some separation between certain clients. Sure, this isn't ready for production systems but one day it may be.
The patcher is right...modern CPUs (for my industry) have PLENTY of power. What I hate is having to run some third party app for a client (even in a Linux environment) that *might* affect the whole machine. This patch holds the promise that I won't have as much to worry about.
Yes, this is a good thing.
Here before all but 8486 of you.
Well hey, on a multiprocessor machine it might be interesting. Dedicate a processor for each node and you have four beowulf nodes in one box.
Not only would it be cool for developers to test Beowulf-enabled code, but it would be awesome to have each node independantly accessible from the network.
Someone doesnt understand the reason for a cluster
/. article to hosting companies. This is like the Sandinavian ISP that replaced a bunch of Sun boxen with a much smaller number of larger IBM mainframes. The mainframes run IBM's VM (stands for Virtual Machine), which is roughly analogous to the "root-kernel" dicussed in the linked-to articles, then runs many independent copies of Linux under VM. Each user gets his own copy of Linux to screwup^H^H^H^H^H^H^H do as wishes with. VM 'fools' the copies of Linux into thinking they each have their own machine. Here we have Linux replacing VM, so now a Free product can do some of this (assuming it works, which, being brand new, I wouldn't bet my income on. But I'll bet it will work well soon.), though not all: VM lets you run multiple OS's on the box, which this doesn't. But it does a lot - separate root logins/passwords and process lists for the 'vurtual Linuxen', for example.
I think that was whoever wrote the headline. This doesn't buy you what a cluster buys you, which is more MIPS and RAM working on the same problem. This buys you multiple relatively independent environments on one machine. Hence the reference in the
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
what would happen if you ran a fork bomb on one of the virtual servers? would it bring the whole physical machine down or just the virtual machine?
I SURVIVED THE GREAT SLASHDOT BLACKOUT OF 2002!
EXACTLY what the FreeBSD jail() call does...
Basically chroot on steroids...
Well, it is good the linux crowd took such
a good idea over.. if now only they would take
the concepts of having three branches ( RELEASE,STABLE,CURRENT) to the kernel...
On another note though.... with linux's history of root kit's, ths is certainly something i would not use for a commercial offering...
Jail isn't the same as this. If you read the jail manpages, it gives lots of examples how running with a jail involves very interesting problems for some uses. This different technique has different problems for other uses, and does some things nicely that jail does not. And user mode Linux is different, and better for yet other purposes.
Firstly, you're an idiot if you still haven't realized staff comments aren't in italics.
Secondly, Beowulf clusters were only mentioned because they are the complete opposite of the subject matter:
Beowulf clusters bring the computing power of several computers together for a single task, whereas with this a single computer could be used for several isolated tasks.
Some of you should hand over your geek badges, right now.
IBM has been doing this for some time on their mainframes, where it actually makes sense because of the massive amounts of processing power.
At the moment, User Mode Linux does separate the processes in a VM from the host system. That's because the kernel image itself is writable for the processes running in a UML virtual machine, which means that processes can break out of the virtual machine pretty easily and gain access to the account running UML on the host system. In addition, even if this is corrected (perhaps it has been during the last few weeks, I haven't checked), the kernel memory would still be read-only for the processes run by it, so different processes in the virtual machine could snoop each other. This means that User Mode Linux is great for testing stuff, but it only moderately increases security.
The patches for compartmentalization which mimic FreeBSD's jail(8) feature are completely different. If they are done properly (and checking this will require some time), they can provide complete separation of the processes running in different compartments. Performance is probably a bit better, too, because only one kernel is running, and not a stack of two.
Again, if you need compartmentalization now, and you have security concerns, you should either use FreeBSD, or GNU/Linux on S/390. This new kernel feature will need a bit of time to settle down and work correctly (from a security point of view).
Linux can natively be configured to enforce disk quotas and (with more difficulty) manage network bandwidth without any special virtual server software. Also the native unix process scheduling algorithm does reduce the priority of CPU bound tasks. The getrlimit(2) system call can be used to set various limits per process (not per virtual server unless the virtual server runs as one process I guess.) I know of no way to specifically limit disk bandwidth on Linux.
Freeware such as s_context and user mode linux provide no control over how much resources one virtual server gets over another besides disk usage. Other limited resources like CPU, disk and network bandwidth (RAM?) are shared just like they would be shared by separate processes under a single Linux system.
FreeVSD is not a virtual server, but a collection of scripts, binaries and multiple copies of hard-linked read-only filesystems for the common system environment. It is has the best chance for winning the total performance award but has no extra features for resource limits between systems.
True virtual machines. (E.g., vmware) provide very good isolation, but this leads to little sharing of excess unused resources between virtual servers I believe. They also have poorer performance in general because so much emulation is done.
The commercial, proprietary Private Server product from Ensim seems good from the marketing blurbs which say that they have "their own guaranteed share of the servers resources, including CPU, memory and bandwidth". I wonder what the performance penalty for this is and how much does it cost? Can anyone comment?
Much respect to this guy. He's taken something thats big, hairy and complex and looked at it from a different direction. Because he's got access to the source he's been able to do something novel with it in what appears to be an efficient and simple way...you couldn't do that with any of the closed source OSes out there today!
/bin /lib etc. from a generic set but users can modify them if they need to - this would allow a sysadmin to keep the default system current while not preventing 'owners' of an individual image from being able to change things if they need to....I vaguely remember something like this for CDs - anyone got the details? Time for a bit of experimentation ;-)
The beauty of this is that there's *one* kernel running so, apart from any overhead of selecting the environment, you pretty much get the same performance as running native. This has got to have 1001 applications.
One of the things I'd personally like to see is some kind of overlaid filesystem so each image by default gets
Jail SYNOPSIS jail path hostname ip-number command ...
DESCRIPTION
The jail command imprisons a process and all future descendants.
Please see the jail(2) man page for further details. .... ....
FreeBSD 4.4 April 28, 1999