Re: lxc linux image flavour
Hi all I can now announce an "half official" statement from Kir (who is the project manager of openvz) that they are now dedicated to make a openvz. This is what he states: - Hi Ola, guys, Thanks for the info. We have discussed this at length and the resolution is we are all for it. This means we will try hard to do a rebase as soon as possible, and I hope we will succeed. If (or whenever you will) know the exact deadline date (or any close approximation), please let us know, this is important. Also, can you please point us to the location of the git repository of what will become the linux kernel for the next debian release? I checked git.debian.org but where there are too many kernels to look at. If it is not in git then when it is? Regards, Kir. -- So it looks like we are going to have openvz available in squeeze. Best regards, // Ola On Mon, Jan 25, 2010 at 12:46:42AM +0100, maximilian attems wrote: > On Sun, Jan 24, 2010 at 03:17:14PM +0100, Marco d'Itri wrote: > > On Jan 24, maximilian attems wrote: > > > > > the plan as decided in Portland was to go forward with openvz > > > if upstream provides us with a patch in time. as currently this > > > looks quite bad (latest available patch is for 2.6.27, there is > > > no sign of a patch for 2.6.32, nor any schedule like it happened > > > to be for Lenny). > > I expect that it will be released after the first beta of RHEL 6. > > point to an official statement of an openvz dev. > currently it looks like they are waiting too long to be in the squeeze > boat also kernel version should match. > > > -- > To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > -- - Ola Lundqvist --- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Jan 25, Bastian Blank wrote: > On Mon, Jan 25, 2010 at 12:26:42AM +, Marco d'Itri wrote: > > Actually I meant "vzctl exec" so this is not even close: I need to > > change the context of a running process. > Hu? "vzctl exec" does a fork and an exec. Please enlighten me where the > support you want is actually implemented. It does, but it does not have to. :-) It is not documented anywhere and as usual the Parallels developers are less than helpful, but you can use setluid(2) to associate the caller with a beancounter and then an IOCTL on /dev/vzctl to move it in a container. I used this in libpam_vz, which with some careful planning allows multiple contexts to share a lot of stuff (with a decent unionfs even most of the file system). http://ftp.linux.it/pub/People/md/libpam-vz/ -- ciao, Marco signature.asc Description: Digital signature
Re: lxc linux image flavour
On Sun, Jan 24, 2010 at 06:19:02PM +0100, Suno Ano wrote: > As you can see from http://sunoano.pastebin.com/m4b5380dc , line 29, > Cgroup memory controller is not. This setting is mandatory if you want > to control the available memory per containers and the like. It is not mandantory for the system. > Bastian> The description reads like it is possible to enable/disable > Bastian> the overhead on boot time. Please elaborate. > Nope, it has to be enabled at build-time. http://lxc.teegra.net Please show this on the source. Bastian -- Yes, it is written. Good shall always destroy evil. -- Sirah the Yang, "The Omega Glory", stardate unknown -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Sun, 24 Jan 2010, Suno Ano wrote: > Bastian> Please describe the _kernel_ improvements over the normal > Bastian> images. Most of it is already enabled in the default images > Bastian> and does not warrant for an extra image. > > As you can see from http://sunoano.pastebin.com/m4b5380dc , line 29, > Cgroup memory controller is not. This setting is mandatory if you want > to control the available memory per containers and the like. IMO most > folks would want that, if just to make sure their local sandbox does not > go wild for some reason, thus eating up all memory. if we want to ennable it for the default image, we need a benchmark test of obvious stuff like fork()/exit to check that it didn't degrade. if results are in the noise of the relevant benchmark we can shipp it indeed in linux-2.6 without the need of a special featureset. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Mon, Jan 25, 2010 at 12:26:42AM +, Marco d'Itri wrote: > Actually I meant "vzctl exec" so this is not even close: I need to > change the context of a running process. Hu? "vzctl exec" does a fork and an exec. Please enlighten me where the support you want is actually implemented. Bastian -- ... The prejudices people feel about each other disappear when they get to know each other. -- Kirk, "Elaan of Troyius", stardate 4372.5 -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
Marco d'Itri wrote: > On Jan 24, maximilian attems wrote: [] >> On the negative side it doesn't have yet checkpointing support >> and not all net/ has netns support yet. > It's not just that, AFAIK there is no match for many of the > user_beancounters features (especially the accounting part) and e.g. > lack of the equivalent of "vzctl enter" is a critical issue for my > applications. Accounting is done in cgroups. Not as flexible as in openvz, but it works. As of `vzctl enter', there's something very similar, but it requires to have getty (or similar) running on ttyN in guest. Probably not what you want. > While I am happy to see better support for lxc in Debian, it does not > look like an openvz replacement yet. It doesn't, indeed. Both has their own bad and good sides. The main "good" about lxc is that it's in the standard kernel, and kernel components are ready (maybe modulo some features like freezing/migration). Openvz, linux-vserver, other things - all require quite intrusive patches, which complicating support tasks alot. /mjt -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
In linux.debian.kernel maximilian attems wrote: >On Sun, Jan 24, 2010 at 03:17:14PM +0100, Marco d'Itri wrote: >> lack of the equivalent of "vzctl enter" is a critical issue for my >> applications. >looks feasable thanks to libvirt: >virsh --connect lxc:/// console v1 >http://libvirt.org/drvlxc.html Actually I meant "vzctl exec" so this is not even close: I need to change the context of a running process. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Sun, Jan 24, 2010 at 03:17:14PM +0100, Marco d'Itri wrote: > On Jan 24, maximilian attems wrote: > > > the plan as decided in Portland was to go forward with openvz > > if upstream provides us with a patch in time. as currently this > > looks quite bad (latest available patch is for 2.6.27, there is > > no sign of a patch for 2.6.32, nor any schedule like it happened > > to be for Lenny). > I expect that it will be released after the first beta of RHEL 6. point to an official statement of an openvz dev. currently it looks like they are waiting too long to be in the squeeze boat also kernel version should match. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Sun, Jan 24, 2010 at 03:17:14PM +0100, Marco d'Itri wrote: > lack of the equivalent of "vzctl enter" is a critical issue for my > applications. looks feasable thanks to libvirt: virsh --connect lxc:/// console v1 http://libvirt.org/drvlxc.html -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
In linux.debian.kernel Suno Ano wrote: > Marco> So it will not actually be available in squeeze, and squeeze > Marco> cannot work with the lenny kernels unless they are rebuilt with > Marco> CONFIG_SYSFS_DEPRECATED=n. You could as well have said proposed > Marco> to wait and use the RHEL6 kernels. >I did not propose anything. I just pointed out one possible migration >path from OpenVZ to LXC. I have a few servers running testing with >2.6.26. One could wait (read "not upgrade") till LXC provides for >beancounters etc. and then migrate to squeeze and thus LXC. Unlike Red Hat, Debian does not backport features so you can only count on what is in 2.6.32 now. You obviously have not upgraded testing recently, because the version of udev currently in testing cannot work with the standard lenny kernel. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Sun, 2010-01-24 at 15:17 +0100, Marco d'Itri wrote: > On Jan 24, maximilian attems wrote: > > > the plan as decided in Portland was to go forward with openvz > > if upstream provides us with a patch in time. as currently this > > looks quite bad (latest available patch is for 2.6.27, there is > > no sign of a patch for 2.6.32, nor any schedule like it happened > > to be for Lenny). > I expect that it will be released after the first beta of RHEL 6. [...] I believe there already has been a beta, just not a public one. RH seems to be very secretive about this release. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo. signature.asc Description: This is a digitally signed message part
Re: lxc linux image flavour
>> - Those environments in need for limits/beancounters (disk quota >> etc.) May probably have to wait another six months or so until it >> will be available in LXC. Till then it is quite possible to run on >> 2.6.26 with OpenVZ and then migrate things to LXC. Marco> So it will not actually be available in squeeze, and squeeze Marco> cannot work with the lenny kernels unless they are rebuilt with Marco> CONFIG_SYSFS_DEPRECATED=n. You could as well have said proposed Marco> to wait and use the RHEL6 kernels. I did not propose anything. I just pointed out one possible migration path from OpenVZ to LXC. I have a few servers running testing with 2.6.26. One could wait (read "not upgrade") till LXC provides for beancounters etc. and then migrate to squeeze and thus LXC. And yes, squeeze rc1 would probably not have beancounters but some later rc would probably provide it in case the kernel gets an update. As for RHEL6, nobody seems to know when it will be released. One thing I am sure, I am not proposing to wait for RHEL6 kernels since I am in favor of LXC since it is in mainline and not maintained out of tree as is OpenVZ. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
In linux.debian.kernel Suno Ano wrote: > - most folks run Linux-VServer, OpenVZ, LXC etc. on boxes they own plus > they control themselves so that is not really an issue I wonder how you came to this conclusion. > - those environments in need for limits/beancounters (disk quota etc.) > may probably have to wait another six months or so until it will be > available in LXC. Till then it is quite possible to run on 2.6.26 > with OpenVZ and then migrate things to LXC. We have excellent So it will not actually be available in squeeze, and squeeze cannot work with the lenny kernels unless they are rebuilt with CONFIG_SYSFS_DEPRECATED=n. You could as well have said proposed to wait and use the RHEL6 kernels. > Marco> Lack of the equivalent of "vzctl enter" is a critical issue for > Marco> my applications. >I do not remember the exact command now but from what I remember >hearing/reading last week, that feature will be available shortly. I remember hearing last week that there is no simple way to move a running process to a different cgroup, so it will be very hard to implement this. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
Bastian> Please describe the _kernel_ improvements over the normal Bastian> images. Most of it is already enabled in the default images Bastian> and does not warrant for an extra image. As you can see from http://sunoano.pastebin.com/m4b5380dc , line 29, Cgroup memory controller is not. This setting is mandatory if you want to control the available memory per containers and the like. IMO most folks would want that, if just to make sure their local sandbox does not go wild for some reason, thus eating up all memory. Bastian> Lxc is the userspace part. You are right but then I think maximilian certainly referred to the kernelspace part of LXC here. At least that is my reading ... context matters :) Bastian> The description reads like it is possible to enable/disable Bastian> the overhead on boot time. Please elaborate. Nope, it has to be enabled at build-time. http://lxc.teegra.net -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Sun, Jan 24, 2010 at 01:37:26PM +0100, maximilian attems wrote: > I thus propose to enable an lxc (linux containers) [1] flavour: Please describe the _kernel_ improvements over the normal images. Most of it is already enabled in the default images and does not warrant for an extra image. > * lxc is merged in linux-2.6 and continuously improved > (the maintenance of it should be thus much lower then >it was for openvz) lxc is the userspace part. > * RESOURCE_COUNTERS and CGROUP_MEM_RES_CTLR enabled > (has overhead that is not acceptable, for general purpose images) The description reads like it is possible to enable/disable the overhead on boot time. Please elaborate. Bastian -- The sight of death frightens them [Earthers]. -- Kras the Klingon, "Friday's Child", stardate 3497.2 -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: lxc linux image flavour
On Jan 24, maximilian attems wrote: > the plan as decided in Portland was to go forward with openvz > if upstream provides us with a patch in time. as currently this > looks quite bad (latest available patch is for 2.6.27, there is > no sign of a patch for 2.6.32, nor any schedule like it happened > to be for Lenny). I expect that it will be released after the first beta of RHEL 6. > On the negative side it doesn't have yet checkpointing support > and not all net/ has netns support yet. It's not just that, AFAIK there is no match for many of the user_beancounters features (especially the accounting part) and e.g. lack of the equivalent of "vzctl enter" is a critical issue for my applications. While I am happy to see better support for lxc in Debian, it does not look like an openvz replacement yet. -- ciao, Marco signature.asc Description: Digital signature
lxc linux image flavour
hello, the plan as decided in Portland was to go forward with openvz if upstream provides us with a patch in time. as currently this looks quite bad (latest available patch is for 2.6.27, there is no sign of a patch for 2.6.32, nor any schedule like it happened to be for Lenny). I thus propose to enable an lxc (linux containers) [1] flavour: * Containers are sets of processes with private namespaces, which can look like separate boxes * lxc is merged in linux-2.6 and continuously improved (the maintenance of it should be thus much lower then it was for openvz) * lxc is fast and bench mark tested [2] * the lxc userland is in sid and available for many archs * libvirt support * the 2.6.32 feature/fixes patch is tiny [3] * RESOURCE_COUNTERS and CGROUP_MEM_RES_CTLR enabled (has overhead that is not acceptable, for general purpose images) On the negative side it doesn't have yet checkpointing support and not all net/ has netns support yet. I'll wait until 1st of February and until contrary notice would add an lxc flavour to 2.6.32. kind regards maks [1] http://www.ibm.com/developerworks/linux/library/l-lxc-containers/ http://lwn.net/Articles/219794/ [2] http://lwn.net/Articles/179345/ [3] http://lxc.sourceforge.net/patches/2.6.32/2.6.32-rc6/share-af-unix-socket-sysctl.patch https://lists.linux-foundation.org/pipermail/containers/2010-January/022529.html https://lists.linux-foundation.org/pipermail/containers/2010-January/022600.html signature.asc Description: Digital signature
