Slashdot Mirror
OpenVZ Pushing for Linux Kernel Inclusion
RomanianClimber writes to tell us News.com is reporting that SWSoft is trying to get OpenVZ into the Linux kernel. OpenVZ is an operating system level server virtualization solution, built on Linux. From the article: "In
this, it has a major ally: Red Hat, the top seller of the open-source operating system, which plans to add the software to its free Fedora version of Linux for enthusiasts. The companies' move to make OpenVZ partitioning standard in Linux is timely, said Pund-IT analyst Charles King."
From: the website
Second technique: Para-Virtualized Machines. This technique also requires a VMM, but most of its work is performed in the Guest OS code, which in turn is modified to support this VMM and avoid unnecessary use of privileged instructions. The paravirtualization technique also enables running different OSs on a single server, but requires them to be ported. The paravirtualization approach is used by Xen, UML.
Third technique: Virtualization on the OS Level. Most applications running on a server can easily share a machine with others, if they could be isolated and secured. Further, in most situations, different operating systems are not required on the same server, merely multiple instances of a single Operating System. OS Virtualization systems have been designed to provide the required isolation and security to run multiple applications or copies of the same (or similar i.e different Linuxes) OS on the same server. OpenVZ, Linux VServer are examples of OS virtualization.
SWSoft are the makers of Virtuozzo a commercial product that allows hosting companies to offer Virtual Private Servers.
A rival technology is Xen from Cambridge University, which is free.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
There are several ways to do this, with varying levels of stability and performance.
QEMU will run Linux, BSDs, and Windows, from either Windows or Linux.
Colinux will run linux from Windows XP. I'm not sure what the latest Fedora Image for it is, but I run a 2.6 kernel based Gentoo build from XP frequently (for that nethack fix).
I'm not sure either is suitable, but i would recommend looking at them, as they are both interesting projects, if not immediately useful to you.
ah, mod points
From wikipedia "Whereas VMs attempt to virtualize "a complete set of hardware," VPSs represent a "lighter" abstraction, virtualing instead "an operating system instance." All VPSs run atop a single operating system kernel. The VPS mechanism multiplexes this one OS kernel to look like multiple OS (and server) instances, especially from the perspective of running applications, users, and network services.
You don't want a VPS, what you want is something to create a VM like VMWare. It creates seperate virtual machines allowing you to run (like I do) Gentoo and XP at the same time.
Orationem pulchram non habens, scribo ista linea in lingua Latina
So what are the pros and cons of Xen versus OpenVZ? My initial reaction is that Xen is the way to go because it is REALLY running different Linux instances. This is good because you can upgrade different instances to different OS versions. I know on those big Sun boxes with virtual environments its a pain in the butt because to upgrade the OS you have to upgrade a zillion applications at once to the new OS version which is a nightmare. But with real virtualisation with completely different kernels running you can upgrade one virtual instance to a completely different kernel without affecting hundreds of other apps running on the same machine.
Although Virtuozzo is "built on top of OpenVZ", is Virtuozzo's kernel component a publicly available version of OpenVZ, built without using any proprietary patches or modules?
..."
http://openvz.org/documentation/tech/virtuozzo states "Differently from OpenVZ, Virtuozzo(TM) is developed and designed to run production workloads in 24×7 environments
and goes on to list, among Virtuozzo's advantages over OpenVZ:
"Higher VPS density. Virtuozzo(TM) provides efficient memory and file sharing mechanisms enabling higher VPS density and better performance of VPSs.
"Improved Stability, Scalability, and Performance. Virtuozzo(TM) is designed to run 24×7 environments with production workloads on hosts with up-to 32 CPUs."
Why should Linux accept a kernel patch if (unlike Linux itself) it is not designed to run 24×7 environments with production workloads on hosts with up-to 32 CPUs?
I've got to agree with the parent that there's no reason to fear companies putting software into the kernel. Lots of them do, and we're always encouraging companies to write open source drivers in the kernel.
What follows is purely speculation based on my feelings. Do not consider it to be factual, or make stock/software purchasing or sales decisions based on it. YMMV, IANAL, whatever.
The real problem I see, as an ex-swsoft customer, is that they really don't care as much about bugs or broken features as they do about marketing points. They made all sorts of claims about their software when they sold it to us, but many things weren't ready for nearly a year by which time we were forced to pay an additional "maintenance" fee if we really wanted to get those features. (or for that matter, any security updates) By then we were so dissatisfied with Virtuozzo and HSPC, we didn't bother paying for the upgrade. They also refused our requests for access to their source RPMs, even ones marked as being GPLed.
I've looked over their OpenVZ information already, to see if they are finally playing nice with the open source community, and the first thing I noticed is that they are refusing to release vzfs, which is required to get any decent performance/scalability with Virtuozzo. They're doing it for marketing reasons, i.e. they want people to view OpenVZ as something of a demo product before getting the "real" product, Virtuozzo. I believe they could easily release vzfs if they wanted to, but they recognize that their customer support (and programming quality) is such that nobody would willingly pay for it if they could get the software source code for free. Also, they'd probably quickly be cut out of development, because their code lacks the quality of that normally found in the linux kernel, and there are plenty of other people (eg vservers) who would take over.
If anyone really wants to get full Virtuozzo style resource sharing into linux, I suggest they start working on either XenFS or some vservers based copy-on-write filesystem. Without vzfs, OpenVZ is barely an improvement over vservers in that it supports "user beancounters", and it is barely an improvement over Xen in that it supports a shared kernel resources. If XenFS was functional, Xen would be a much superior product in terms of resource usage and security, at the very slight cost of an extra context switch for guest/host inter-kernel communications. If vservers had something equivalent to the UBC code, then (thanks to vservers unification) it would have all the functionality of Virtuozzo. The only thing missing in either case is commercial support, and I'm sure there would be people happy to offer that as well.
On the other hand, I'd be happy if they did release vzfs, not because I plan to use it, but because I think more choice is better. I'm not sure I'd want it in the kernel over Xen or vservers though.
OpenVZ doesn't care about processor virtualization features. OpenVZ (like VServer) is all about implementing a system like FreeBSD jails. In this model, there's only one kernel running, but different sets of processes are isolated from each other through operating system features. The separation applies to things like the 'ps' command and the /proc interface in general, as well as things like sockets and networking.
With OpenVZ/VServer, you can set up security and network separation so that certain processes will think of themselves as on 'internal-web-server', while others will think of themselves as 'external-web-server', and the two sets of processes would not be able to interact with each other in ways other than through the same kind of networking connections that they would use if they were on separate pieces of physical hardware.
Something like Xen or VMWare achieves this virtualization by simulating separate processors, memory, and I/O space hardware. OpenVZ/VServer doesn't incur this overhead, but does require much more significant modifications to the Linux kernel, as lots of system calls have to be modified to enforce the process group separation rules.
- jon
Ganymede, a GPL'ed metadirectory for UNIX
Your question doesn't quite make sense under OpenVZ. There isn't a console per se in OpenVZ guests, just as there isn't a separate kernel. You certainly can enable/disable guests at runtime via the command line, and they run through the boot process, but they don't have their own kernel or console. Once you do "vzctl start 1234" the system will run init within VPS number 1234, and then "vzctl exec 1234 some regular command" can be used to run a command within VPS number 1234, or "vzctl enter 1234" will give you an interactive shell (/bin/sh) executed within VPS number 1234. It isn't the same as a console though.
If you were running Xen, you'd get a real console when you did "xm console vm1234" (after creating the vm). But that's because it is running a real, complete linux kernel within the VM. It still wouldn't require you to export your display or anything like that, it's just a text console. I believe Xen 3.x also can export a VNC (graphical) display if you've got a VT enabled processor/BIOS (the new Macs supposedly have the processor support, but it is disabled), so that you can run Windows XP or whatever, and that runs without any modification to the guest OS at all.
You've got that backwards. CentOS takes the RHEL SRPMS released by Red Hat, rebuilds the binaries, and reassembles them into a distribution.
All the current x86 virtualization stuff is going to be out of date soon. It will be just adding kludges to the kernel to implement stuff that required by virtualization deficiencies in old x86 stuff. If you need those kludges, Xen should be enough.
This is because Intel and AMD are going to allow new and far more efficient ways of doing virtualization, with hardware assistance (lookup Intel Vanderpool and AMD Pacifica).
So, I don't see much long term gain for the effort for all the minuses.
You risk lower quality and increased maintenance costs. And you might also increase exposure to patent claims (but I bet IBM can smash anyone to pulp especially with virtualization patents).
You will still need developers to work on Vanderpool and Pacifica stuff, and I think you'd get better "bang for buck" with that (plus I think it will be a lot more fun).
In short, OpenVZ uses the single-kernel virtualization approach, which differs from either VMware or Xen: instead of trying to emulate something, kernel is modified to support multiple isolated environments, so each such environment looks-and-feels like a separate server. Good things about it is (1) best possible performance (no to little performance overhead due) and (2) hardware resources (CPU, RAM etc.) are controlled from within a single kernel, so resources are used most effectively.
-- Kir Kolyshkin, OpenVZ project leader.
Other posts have covered it, but a quick summary:
OpenVZ is a subset of a commercial product called Virtuozzo. It provides "virtual private server" functionality similar to FreeBSD jail() or Solaris Zones, including a private virtual network stack, private process space, and such, to each instance. However, it all runs on top of a single (specially modified) Linux kernel. Its advantages are in easy resource sharing among instances - since everything is running under one kernel, resource sharing (disk, memory) is made simpler. However, it has the disadvantage of less isolation - if the kernel crashes or is subverted, the entire system is at risk. Also, unlike with Xen, for example, you can only run Linux distributions (with the same kernel version). You cannot run other OSes (like NetBSD, FreeBSD, etc.).
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"