>>>>> "EW" == Ed W <li...@wildgooses.com> writes:
EW> Hi, I'm an enthusiastic linux-vserver user. Any particular
EW> reason you moved away?
The only real reason was that after upgrading the host to Debian 6.0
OpenAFS access stopped to work in my VServer guests which was a big
trouble for me. I couldn't find any quick solution and because Debian
is going to drop VServer support in the next major release anyway, with
LXC being the suggested replacement, I decided to move to LXC right now
to save me from both current and future troubles.
EW> Any conclusions, thoughts so far?
I'm just a home user so I can't speak about larger installations but the
differences in my environment are noticeable.
VServer is more mature and provides useful utilities. There are no such
things as vserver-stat, `vserver stop', `vserver enter', `vserver exec',
vapt-get, hashify or copy-on-write in LXC. VServer also defines finer
set of capabilities, e.g. you can allow FUSE or user mounting in VServer
guests without giving them whole CAP_SYS_ADMIN.
LXC is integrated in the official kernel which is an advantage itself.
It provides better device and network isolation, e.g. `mknod /dev/null'
is easily possible and each container can have its own routing and
filtering rules. I can run OpenVPN in a container (no previous success
with VServer), X server works also fine (not considering security) and
OpenAFS is accessible without any problems. It's possible to run just a
single application in an isolated environment. I also find LXC easier
to learn and set up. I've experienced some annoying bugs, at least with
the kernel included in Debian stable, but they are not fatal for me and
can be avoided with some care.
Generally, I could basically move my guests to LXC rather easily and it
solved some problems I had previously with VServer. OTOH there were
some problems with LXC and some DIY things that took me a lot of time to
handle. One of them being how to get a hashify equivalent (well, I'm
not completely off-topic!:-) to better utilize hardware resources
(especially memory related). It seems something like aufs + aubrsync +
hardlink could solve the problem partially if I can get it working.
Another problem is how to run aubrsync without stopping the containers
running on the aufs file system (aubrsync remounts it read-only for a
while).
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
