Slashdot Mirror
OpenVZ Pushing for Linux Kernel Inclusion
RomanianClimber writes to tell us News.com is reporting that SWSoft is trying to get OpenVZ into the Linux kernel. OpenVZ is an operating system level server virtualization solution, built on Linux. From the article: "In
this, it has a major ally: Red Hat, the top seller of the open-source operating system, which plans to add the software to its free Fedora version of Linux for enthusiasts. The companies' move to make OpenVZ partitioning standard in Linux is timely, said Pund-IT analyst Charles King."
You can compile anything you want into the kernel.
If this becomes part of the official kernel, then it becomes the kernel maintainer's problem.
If Red Hat comiles it into their distro's kernel, it is Red Hat's problem to maintain.
So if I were the kernel maintainer, I would need a very compelling reason to take on the extra work.
Now, I've seen SW-Soft at work numerous reasons and I don't quite agree with their principles of development. Just check out their forums, they have an awesome community of people asking features in their higer end products and they never want to implement those. Instead, they're creating some kinds of "solution" to allow "lower TCO" and "easier management", at an extra cost of course. I've used their software, and it's quite buggy.
Now, Virtuozzo is one of their most awesome products, but I still don't feel right about having a company control over a piece of software embedded into a kernel. I have a chilly feeling about what they might do next and about what they're actually gaining by enabling this.
Just my two cents, I'm sure I'll get many replies of people disagreeing.
The hip way to get your IP. No ads, ever.
If you want something in there, then by god, put it in there. There's no huge patchwork system that affects everyone using linux when one company wants to change the underlying functioning. They can do it, and sell it if they can, while the rest of us can go happily on our way not using it.
Memory is like an orgasm. It's a lot better if you don't have to fake it. --Cray Seymore
Both Intel and AMD are releasing CPUs which support OS partitioning in hardware this year (2006). Does the OpenVZ project support or have plans to support these hardware features?
I am a viral sig. Please help me spread.
Has there been a serious investigation of potential patent claims against OpenVZ. This looks like a potentially hazardous inclusion.
If due diligence has been done, and no problems on the horizon, then that's great. Just would hate to have something like this included and have it open up another SCO-like situation. Recognizing that one is Copyright based, and the other would probably be Patent, and in particular US patent based.
Wasn't redhat doing a major Xen push too? Fedora Core 5 will include xen host and guest kernels plus xen3, and from what i heard their putting a major effort into getting that usable too.
Never bet on a single horse i guess?
Or am i missing something and are OpenVZ and Xen very different products? (doesn't sound like it)
Upside of Xen seems to be the ability to run *bsd and other OS's in guest domains too, no mention of this in OpenVZ
SWSoft are the makers of Virtuozzo a commercial product that allows hosting companies to offer Virtual Private Servers.
A rival technology is Xen from Cambridge University, which is free.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Nice to see some progress in the Linux arena. But neither the quoted article nor the OpenVZ web site list too many alternative solutions. Here is one from another world (non-unix): OpenVMS Galaxy by Digital (now HP). Galaxy is part of OpenVMS, since more than half a decade.
o .html (an early online documentation, hosted by on a non-Digital/HP system)
t m
http://h71000.www7.hp.com/wizard/wiz_3191.html (check the date - 1999!)
http://www.s-and-b.ru/syshlp/vms_html/6512/6512pr
http://h71000.www7.hp.com/availability/index.html (Lots of information about High Availability/Disaster Tolerance)
"All the world's a stage" or was it "All the galaxy's a stage?"
http://scifi.about.com/library/weekly/aa022800b.h
There are several ways to do this, with varying levels of stability and performance.
QEMU will run Linux, BSDs, and Windows, from either Windows or Linux.
Colinux will run linux from Windows XP. I'm not sure what the latest Fedora Image for it is, but I run a 2.6 kernel based Gentoo build from XP frequently (for that nethack fix).
I'm not sure either is suitable, but i would recommend looking at them, as they are both interesting projects, if not immediately useful to you.
ah, mod points
How does this benefit over current inclusion of User Space Linux? Does it allow other operating systems a la VMware? Is it platform-agnostic? Any info?
-molo
Using your sig line to advertise for friends is lame.
From wikipedia "Whereas VMs attempt to virtualize "a complete set of hardware," VPSs represent a "lighter" abstraction, virtualing instead "an operating system instance." All VPSs run atop a single operating system kernel. The VPS mechanism multiplexes this one OS kernel to look like multiple OS (and server) instances, especially from the perspective of running applications, users, and network services.
You don't want a VPS, what you want is something to create a VM like VMWare. It creates seperate virtual machines allowing you to run (like I do) Gentoo and XP at the same time.
Orationem pulchram non habens, scribo ista linea in lingua Latina
You don't want a VPS.... but your hosting provider does, especially now that off the shelf hardware is so fast that under full load, if you divide the CPU by 10 or even 100 under lighter loads, your'e still I/O and network bound.
Although Virtuozzo is "built on top of OpenVZ", is Virtuozzo's kernel component a publicly available version of OpenVZ, built without using any proprietary patches or modules?
..."
http://openvz.org/documentation/tech/virtuozzo states "Differently from OpenVZ, Virtuozzo(TM) is developed and designed to run production workloads in 24×7 environments
and goes on to list, among Virtuozzo's advantages over OpenVZ:
"Higher VPS density. Virtuozzo(TM) provides efficient memory and file sharing mechanisms enabling higher VPS density and better performance of VPSs.
"Improved Stability, Scalability, and Performance. Virtuozzo(TM) is designed to run 24×7 environments with production workloads on hosts with up-to 32 CPUs."
Why should Linux accept a kernel patch if (unlike Linux itself) it is not designed to run 24×7 environments with production workloads on hosts with up-to 32 CPUs?
well this will probably run multiple kernels, but probably means multiple times the work and the administration headaches, with Solaris Zones you share the kernel, but you only need to administer one core install of the OS.
A base install of Solaris in a zone, uses just 100MB of harddisk space. And on modern hardware takes less than 15 minutes per zone to install. Of course if you use the latest and greatest Solaris Express releases, you can use ZFS+Zones to cut the size of each zone down to 50MB of disk space, and zone creation time down to create a zone in 1 minute or less. You could also download and install brandz(Solaris patches that allows user to run Linux binaries in a Solaris Zone), and have even more choice. If you wish to debug your apps, you can use a stable dtrace and debug userland of both Solaris and Linux. And the Solaris kernel.
I've got to agree with the parent that there's no reason to fear companies putting software into the kernel. Lots of them do, and we're always encouraging companies to write open source drivers in the kernel.
What follows is purely speculation based on my feelings. Do not consider it to be factual, or make stock/software purchasing or sales decisions based on it. YMMV, IANAL, whatever.
The real problem I see, as an ex-swsoft customer, is that they really don't care as much about bugs or broken features as they do about marketing points. They made all sorts of claims about their software when they sold it to us, but many things weren't ready for nearly a year by which time we were forced to pay an additional "maintenance" fee if we really wanted to get those features. (or for that matter, any security updates) By then we were so dissatisfied with Virtuozzo and HSPC, we didn't bother paying for the upgrade. They also refused our requests for access to their source RPMs, even ones marked as being GPLed.
I've looked over their OpenVZ information already, to see if they are finally playing nice with the open source community, and the first thing I noticed is that they are refusing to release vzfs, which is required to get any decent performance/scalability with Virtuozzo. They're doing it for marketing reasons, i.e. they want people to view OpenVZ as something of a demo product before getting the "real" product, Virtuozzo. I believe they could easily release vzfs if they wanted to, but they recognize that their customer support (and programming quality) is such that nobody would willingly pay for it if they could get the software source code for free. Also, they'd probably quickly be cut out of development, because their code lacks the quality of that normally found in the linux kernel, and there are plenty of other people (eg vservers) who would take over.
If anyone really wants to get full Virtuozzo style resource sharing into linux, I suggest they start working on either XenFS or some vservers based copy-on-write filesystem. Without vzfs, OpenVZ is barely an improvement over vservers in that it supports "user beancounters", and it is barely an improvement over Xen in that it supports a shared kernel resources. If XenFS was functional, Xen would be a much superior product in terms of resource usage and security, at the very slight cost of an extra context switch for guest/host inter-kernel communications. If vservers had something equivalent to the UBC code, then (thanks to vservers unification) it would have all the functionality of Virtuozzo. The only thing missing in either case is commercial support, and I'm sure there would be people happy to offer that as well.
On the other hand, I'd be happy if they did release vzfs, not because I plan to use it, but because I think more choice is better. I'm not sure I'd want it in the kernel over Xen or vservers though.
What I'd really like to know is if there will be some way for me to ssh in to my server and "press" the power button for a virtual machine and have it start up. Or, will it require that I be able to export my display before I can start it up? And would there be any way to remotely grab the console of an already active virtual machine?
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
OpenVZ doesn't care about processor virtualization features. OpenVZ (like VServer) is all about implementing a system like FreeBSD jails. In this model, there's only one kernel running, but different sets of processes are isolated from each other through operating system features. The separation applies to things like the 'ps' command and the /proc interface in general, as well as things like sockets and networking.
With OpenVZ/VServer, you can set up security and network separation so that certain processes will think of themselves as on 'internal-web-server', while others will think of themselves as 'external-web-server', and the two sets of processes would not be able to interact with each other in ways other than through the same kind of networking connections that they would use if they were on separate pieces of physical hardware.
Something like Xen or VMWare achieves this virtualization by simulating separate processors, memory, and I/O space hardware. OpenVZ/VServer doesn't incur this overhead, but does require much more significant modifications to the Linux kernel, as lots of system calls have to be modified to enforce the process group separation rules.
- jon
Ganymede, a GPL'ed metadirectory for UNIX
They aren't quite the same thing. Xen is more useful in a number of situations, but requires multiple copies of the kernel to be running. Yes, in some instances it is an advantage (such as when developing kernel drivers, so that a panic/oops doesn't take down the entire system), but for hosting (which is what Virtuozzo is for), you want better resource usage. Unfortunately, OpenVZ doesn't include the filesystem driver, which gives much better resource sharing, but at least it still includes the per-VPS resource limits (called ubc in OpenVZ).
With OpenVZ or vservers, a user could (in theory, I've never heard of it actually happening) take a remote user exploit, then if there is a local kernel exploit they could take control of (or at least crash) the entire machine. With Xen, it isn't possible for a VPS user to take control of the entire machine, even if there is a kernel exploit for the VPS kernel.
The bottom line is that, right now, OpenVZ provides a lot less isolation and a little more resource sharing than Xen, and a lot less resource sharing but a little more resource control than vservers. If XenFS is finished, then OpenVZ will provide a lot less isolation and a lot less resource sharing than Xen...
Something else to know about Xen is that although 2.x let you assign devices to a guest kernel, Xen 3.x does not allow that yet. That means you can't yet develop hardware drivers in Xen 3 guests (like you could under Xen 2.x) and you can't do things like run a MythTV backend or hardware accelerated graphics in Xen 3.x. Of course, OpenVZ can't do any of that anyway, but that's a really handy feature of Xen 2.x, and it is expected to eventually return to Xen 3.x.
You've got that backwards. CentOS takes the RHEL SRPMS released by Red Hat, rebuilds the binaries, and reassembles them into a distribution.
All the current x86 virtualization stuff is going to be out of date soon. It will be just adding kludges to the kernel to implement stuff that required by virtualization deficiencies in old x86 stuff. If you need those kludges, Xen should be enough.
This is because Intel and AMD are going to allow new and far more efficient ways of doing virtualization, with hardware assistance (lookup Intel Vanderpool and AMD Pacifica).
So, I don't see much long term gain for the effort for all the minuses.
You risk lower quality and increased maintenance costs. And you might also increase exposure to patent claims (but I bet IBM can smash anyone to pulp especially with virtualization patents).
You will still need developers to work on Vanderpool and Pacifica stuff, and I think you'd get better "bang for buck" with that (plus I think it will be a lot more fun).
I myself work on software which uses a VServer modification to the kernel. Although I do see advantages to setting this up so that it's included into the kernel. I see many more problems that this create then the good it would bring through.
Two really big problems I see are these two.
1) There is many other virtual server projects which do the same thing as OpenVZ. If one is included into the kernel, and the others conflict with eachtother over that, that's really going to complicate the linux world.
2) Multiple projects use vserver software currently in project, or they are developing on one of the many different virtual server project. This would cause problems for every one of those peoples project. Companies could loose lots of money because of a foolish decision like this.
The choice should be up to the user, and they should not be restricted to any one server virtualization project. This would get rid of competition over virtual server projects. If they are going to include this virtual server software, they should include all of the current virtual server projects and make them options. Most of them are probably incompatible with eachother, so the code has to make sure those conflicts do not happen.
Maybe an alternative should be to have a patchset made by the OpenVZ which could be given to linux for each kernel release, and multiple trees could be made. A regular kernel, then alternative virtual server kernels.
To allow this to happen would be something like Xorg saying they will only support Intel video cards from now on. Anyone with anything which doesn't have the intel chipset on their video card which is supported is screwed. Or for the linux kernel to only support AMD processors, it just wouldn't make sence. The foolish decision of OpenVZ to request this above all the other server virtualization projects is an extremely greedy and foolish choice I think.
I hope linus says no, or comes and checks the slashdot comments to read this and then tells them no. I may even have to fire him off an email about this.
While I can understand OpenVZ's side of things, overall this would be an extremely bad decision. I hope this never comes to be, for it will be a very sad day.
As for OpenVZ, Quit with the greed, keep your project as a seperate kernel addon to give a more competitive market.
Xen has caused major shifts in business direction for commercial virtualisation companies: VMWare suddenly released their VMWare player in part as an effort to make their "virtual machine file format" the standard one. Look they even want to support virtualisation standards now! SWSoft kicked off OpenVZ for similar motivation: because Xen is a competing solution and (they gamble) that it is going to be better to give away a corresponding part of their "crown jewels" to get more of a market share.
:) ).
Getting your virtualiser into the kernel (or a vendor tree) isn't about control, it's about being in technical pole position to sell copies of their commercial products. Xen might be free, and might have started this all off, but they too have a commercial arm, XenSource, trying to sell Xen Optimizer, presumably as a coda to other products. SWSoft have Plesk, HSPComplete, PEM and others. And VMWare has ESX/GSX server. All of their selling would be made easier, and their marketing departments made very happy, if the king of open source projects, Linux, includes parts of their core technology.
While I'm not sure what the critiera are for acceptance into the kernel, I don't think it's going to happen for SWSoft. From an engineering standpoint, their technology is not much different from Linux vserver which has been around a while to do much the same job and I imagine its invasive kernel changes to keep everything partitioned are just as (un)appealing to kernel maintainers. On the other hand the Xen kernel changes implement a new "architecture", albeit a virtual one, and (last I looked) were only around 150K in size. So I would have thought that the Xen guys have more of a shot at this one because the bulk of their software is maintained outside of the Linux kernel, and seems like the better solution from an engineering standpoint.
But with CPU virtualisation extensions becoming all the rage this year, I think it'll be a while before the best solution shakes itself out engineering-wise: there is still too much vendor "buy-in" for any of these solutions to seem like a good bet for the mainline kernel.
Also NB from the article that SWSoft have made lots of money from selling a modified Linux kernel, and yes for years before OpenVZ they would give out the sources to Virtuozzo licensees. It's not clear to me whether Virtuozzo uses a forked OpenVZ codebase and they are continuing to develop virtuozzo's kernel bits in secret (which would seem like madness on top of running openvz, but that's commerce for you
Matthew @ Bytemark Hosting
Other posts have covered it, but a quick summary:
OpenVZ is a subset of a commercial product called Virtuozzo. It provides "virtual private server" functionality similar to FreeBSD jail() or Solaris Zones, including a private virtual network stack, private process space, and such, to each instance. However, it all runs on top of a single (specially modified) Linux kernel. Its advantages are in easy resource sharing among instances - since everything is running under one kernel, resource sharing (disk, memory) is made simpler. However, it has the disadvantage of less isolation - if the kernel crashes or is subverted, the entire system is at risk. Also, unlike with Xen, for example, you can only run Linux distributions (with the same kernel version). You cannot run other OSes (like NetBSD, FreeBSD, etc.).
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"