[Users] Re: New Kernel Patch
Scott Ok, so now I know when squeeze might come out... But how long is Scott the current version of Debian going to be supported? Is that Scott related to the release of squeeze? See other posting in this thread. With regards to official support of OpenVZ as well as Linux-VServer on the next stable Debian release (squeeze), take a look at http://lwn.net/Articles/357623/ To summarize: - Linux-VServer will be deprecated; a migration path to LXC worked out - OpenVZ ... well, it will have continued support in/from Debian ... if it can provide an up to date patch that is :-) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: New Kernel Patch
¿No more OpenVZ debian support? It's not possible, I have five host machines with Debian lenny and OpenVZ. What can I do? Debian is the standard at GNU/Linux operating systems, how it's possible? El 18/01/2010, a las 11:14, Suno Ano escribió: Sorry, but so far we only tested on Debian Lenny. But I guess it works on Debian Squeeze as well. Suno, want to give that a try? Dietmar Just tested - 2.6.18 does not work with new udev (missing Dietmar signalfd support). Yes I know, tested that as well. See my last post. I tried to update a few of my hosts running on .26 yesterday which did not work because the recent udev in Debian testing is not compatible with .26 anymore. I run a few host systems on .26 which happens to be the last officially supported OpenVZ kernel on Debian. German: Auf gut Deutsch, a schena Schmarrn :-) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users -- Analizado antispam/virus. _ Jorge Fuertes - http://jorgefuertes.com jo...@jorgefuertes.com GnuPG key-id: 6B55C7A8 Socio Hispalinux nº: 1510 _ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Suno Ano suno.ano-Oxd/z3mdz0lafugrpc6...@public.gmane.org writes: I hate bridges therefore I use lxc.network.type = macvlan which is the equivalent to OpenVZ's venet device ... basically a pipe-like connection between container and host. No bridge involved. Imho a bride just complicates a setup and introduces an additional layer of indirection. In OpenVZ I prefer just moving the VLAN network interfaces into the guests like NETDEV=eth0.114 in /etc/vz/conf/114.conf. I presume I can get the same result with lxc.network.type=phys lxc.network.link=eth0.114 Even better would be if I could do macvlan on top of eth0.114. Is that possible? /Benny ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Jorge Debian is the standard at GNU/Linux operating systems, Let us just say it is used by many many folks ... :-) there are other great Linux distributions out there. Jorge how it's possible? Debian just provides Linux as one of its kernel flavors. Amongst Linux kernels in Debian there were kernels with OpenVZ support. Only if the OpenVZ project provides a patch set can it be included in kernels shipped by Debian. Jorge It's not possible, I have five host machines with Debian lenny Jorge and OpenVZ. What can I do? Use some other kind of virtualization like for example KVM or LXC etc. The overall point of the matter is, look whether or not it is in mainline or not because then you can be pretty sure what is happening right now will not repeat itself with another kind of virtualization technology you pick. Please also note that the folks involved in OpenVZ contributed a lot to LXC and we shall all thank them for doing so. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Scott How much longer is the current version of Debian going to be Scott supported? If the RC bugs are down to a sane number the freeze for squeeze (next stable Debian release) is planned to happen in march. However, dates surrounding this event are still very fuzzy at this point. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: New Kernel Patch
On Tue, Jan 19, 2010 at 07:02:57PM +0100, Suno Ano wrote: Scott How much longer is the current version of Debian going to be Scott supported? If the RC bugs are down to a sane number the freeze for squeeze (next stable Debian release) is planned to happen in march. However, dates surrounding this event are still very fuzzy at this point. Er, but with that you've just begun to start calculating the end-of-support date. The testing distribution goes through periods of being frozen, and only then new stable gets released. And then a year after *that* does the old stable release gets its security updates abandoned. So if we assume that the next release happens late this year, that means the current version will cease to be supported late next year. -- 2. That which causes joy or happiness. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Josip Er, but with that you've just begun to start calculating the Josip end-of-support date. The testing distribution goes through Josip periods of being frozen, and only then new stable gets released. Josip And then a year after *that* does the old stable release gets Josip its security updates abandoned. So if we assume that the next Josip release happens late this year, that means the current version Josip will cease to be supported late next year. All true, I should have been more detailed, true that. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: New Kernel Patch
Suno Ano, - Suno Ano suno@sunoano.org wrote: Scott How much longer is the current version of Debian going to be Scott supported? If the RC bugs are down to a sane number the freeze for squeeze (next stable Debian release) is planned to happen in march. However, dates surrounding this event are still very fuzzy at this point. Ok, so now I know when squeeze might come out... but how long is the current version of Debian going to be supported? Is that related to the release of squeeze? TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work] ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
,[ Initial Thought/Message ] | God I wish we had a .32 OpenVZ kernel then this discussion wouldn't | even take place ... I appreciate all the excellent work done by all | OpenVZ folks! Kir, you rock! Well, here it is: ` Hello folks! We have evaluated the situation once again and made the decision going forward with LXC. Yes, unfortunately that means ditching OpenVZ. This is nothing personal (although I am a bit sad since I have invested a lot of time) but purely logical. We want/need investment security therefore stuff needs to be in mainline. There is no argument against that, this is 2010 and not 1995 anymore i.e. out of tree is of no interest from a business point of view anymore. The next stable releases for Debian and Ubuntu are to be scheduled for March/April. At this moment no one knows if a new OpenVZ kernel will be available by then. This, we cannot have. We were looking at KVM and LXC. Linux-VServer and OpenVZ are not in mainline so they are not considered. KVM is to fat for what we want plus as it looks like after a few tests, switching from OpenVZ to LXC is quite feasible and the few LXC test systems we created during the last few days run smoothly on .32. As with OpenVZ, our hosts as well as containers will run Debian. There is quite good support for Debian already e.g. /usr/share/doc/lxc/examples/lxc-debian.gz for example. Michael I use to use Linux-vserver years and years ago but when they Michael broke IPv6 support moving from 1.x to 2.x I was forced to Michael abandon Linux-vserver and switch a number of VM's over to Michael OpenVZ. To this day IPv6 remains an experimental patch for Michael Linux-vserver and I see that question come up on their list Michael periodically, so I couldn't migrate back there, even if I Michael wanted to. That being said, IPv6 support in the OpenVZ vnet Michael device is nothing to brag about either and I have had to Michael strictly use the veth devices. Before OpenVZ we/I used Linux-VServer too. It is excellent I think but then here is the problem: LVS is basically a one-man show by Herbert Poetzl. He's a great guy and I meet him a few times in Vienna (were I live too). What happens if Herbert is run over by a train (which of course hopefully does not happen but you get the idea)?! This is a problem, so we switched to OpenVZ. Michael However... There is a new kid on the block, depending on your Michael requirements. Linux Containers or LXC. It still has a few rough Michael edges and some differences with OpenVZ but has the big Michael advantage that it's all in the mainline kernel (2.6.29 and Michael above), so no more patches (yeah!), it is supported under Michael libvirt, and the utilities are in the major cutting edge Michael distros like Fedora and Ubuntu. Michael, you are nothing but right here. Stuff must be in mainline, I cannot get tired of saying that enough these days. The energy spend sketching possible scenarios about what we are going to do if and when will resolve immediately once we use LXC. You just know what will be the case in X months for now ... that is an irreplaceable peace of mind. That is true for any Distros out there, host or container ... Michael I found that with a couple of scripts, I could directly convert Michael OpenVZ config files to LXC config files and start my old OpenVZ Michael containers as a container under LXC with no further Michael modification inside the container. Please provide your scripts to the public. I would love to see them, help improve things and maybe others will join in so nobody needs to be alone by switching to LXC. Dietmar, since we are both interested on making this work for Debian plus, we are in Austria, maybe we should work on this together a bit? Maybe even have a sprint? My email is suno.ano[at]sunoano.org just in case ... Here is what I found so far http://sysadmin-cookbook.rot13.org/#lxc , go down to ve2lxc. I have already started a very rough/ugly collection of bits and pieces of information for my personal matters which can be found at http://sunoano.name/ws/public_xhtml/linux_containers.html Michael Other than a couple of initial test containers I was Michael experimenting with, once I got my scripts settled down and Michael tested, I migrated over 3 dozen VM's from OpenVZ to LXC in a Michael single day with none of the containers experiencing more that a Michael minute or so of down time (transfer time between hosts). Michael Because there were no changes in the containers themselves, I Michael could migrate them back, if I needed to, just as fast. I want this! Tell us more please. Details sir ;-) Michael 1) /proc/mounts shows mounts outside of the container (ugly but Michaelnot fatal). Fixed in git. Is this true for kernels = .32 ? Michael 2) Possible to break out of a container file system (related to #1 Michael above). It's possible to break out of chrooted jails. Fixed in Michael git by using pivot root. This is serious and if you have
[Users] Re: New Kernel Patch
Sorry, but so far we only tested on Debian Lenny. But I guess it works on Debian Squeeze as well. Suno, want to give that a try? Dietmar Just tested - 2.6.18 does not work with new udev (missing Dietmar signalfd support). Yes I know, tested that as well. See my last post. I tried to update a few of my hosts running on .26 yesterday which did not work because the recent udev in Debian testing is not compatible with .26 anymore. I run a few host systems on .26 which happens to be the last officially supported OpenVZ kernel on Debian. German: Auf gut Deutsch, a schena Schmarrn :-) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: New Kernel Patch
Hey Suno et al... On Mon, 2010-01-18 at 11:00 +0100, Suno Ano wrote: : Michael I found that with a couple of scripts, I could directly convert Michael OpenVZ config files to LXC config files and start my old OpenVZ Michael containers as a container under LXC with no further Michael modification inside the container. Please provide your scripts to the public. I would love to see them, help improve things and maybe others will join in so nobody needs to be alone by switching to LXC. I'm already working on this. I don't want to wear out my welcome on this mailing list by going too far off topic or extending this out too far. As soon as I clean some things up so they're not too embarrassing to me, I'll put them up somewhere and make them available. I think I'll also suggest to the lxc maintainers that the time may have come for an lxc-users mailing list. :-) : Here is what I found so far http://sysadmin-cookbook.rot13.org/#lxc , go down to ve2lxc. I have already started a very rough/ugly collection of bits and pieces of information for my personal matters which can be found at http://sunoano.name/ws/public_xhtml/linux_containers.html I saw that site as well. I'm a Fedora user so some of my stuff is Fedora centric. I have some Ubuntu installations and probably need to do more work with that. Michael Other than a couple of initial test containers I was Michael experimenting with, once I got my scripts settled down and Michael tested, I migrated over 3 dozen VM's from OpenVZ to LXC in a Michael single day with none of the containers experiencing more that a Michael minute or so of down time (transfer time between hosts). Michael Because there were no changes in the containers themselves, I Michael could migrate them back, if I needed to, just as fast. I want this! Tell us more please. Details sir ;-) Not much to tell. Copied the configuration files over to the target host and then converted them into lxc configurations using the script I mentioned. Then rsync each machine to copy the bulk of the data and files that won't change, shut him down, final rsync to polish any final changes and get rid of the run files and locks, then start the VM on the new host under LXC. Rinse. Repeat. Michael 1) /proc/mounts shows mounts outside of the container (ugly but Michaelnot fatal). Fixed in git. Is this true for kernels = .32 ? Yes. It's fixed in lxc-start in git. It's not dependent on kernel. Now, once they clone to the new name space, they umount everything that is outside of the new container chroot. Michael 2) Possible to break out of a container file system (related to #1 Michael above). It's possible to break out of chrooted jails. Fixed in Michael git by using pivot root. This is serious and if you have Michael potential hostiles in a container, I wouldn't use LXC yet or Michael use the utilities from git. Also, is this true for kernels = .32 ? Again, yes. They fixed it by adding a pivot root after the chroot into lxc-start to avoid the public chroot breakout exploits. Michael 3) Halt and Reboot of a container not working. You have to Michaelmanually shut down and restart the container from the host. MichaelBeing worked on right now. I use a script that detects when Michaelthere's only one process running (init) in the container and Michaelthe container runlevel is 0 or 6 to decide to shut it down Michaelor restart it. Ugly but works. Can you please provide the scipt/resolution you are using. This is still true for = .32 yes? Hm, my containers started automatically when rebooting the host. I am on .32, Debian standard kernel in unstable: I posted part of that over on lxc-devel. I'll make it available as well. Starting containers when the host reboots is not the problem. The problem is if someone does a reboot, halt, init 6, or init 0 in the container. The init process doesn't exit so the container ends up sitting there running with a single process running in it. Lot of discussion on how to properly fix that. ,[ uname -a ] | Linux wks 2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64 GNU/Linux ` : Michael * Handles the bridge management for the eth interfaces Michael automatically, so no need for extra config files in the host. I hate bridges therefore I use lxc.network.type = macvlan which is the equivalent to OpenVZ's venet device ... basically a pipe-like connection between container and host. No bridge involved. Imho a bride just complicates a setup and introduces an additional layer of indirection. I tried the macvlan route. It almost worked. I found I could ping and connect to the VM from another machine but not from the host machine itself. Weird. May have been something peculiar in my particular setup or configuration but bridges worked fine and I was already using bridges and veth with OpenVZ and that made my conversion process easier as well. Michael Primary
Re: [Users] Re: New Kernel Patch
Suno, - Suno Ano suno@sunoano.org wrote: We have evaluated the situation once again and made the decision going forward with LXC. The SWsof / Parallels / OpenVZ folks saw the light a few years ago with regards to getting containers in the mainline... when they started contributing to what later became LXC. In fact, they have ranked highly among companies and developers contributing to the Linux kernel. See the following report in PDF format produced by the Linux foundation: http://www.linux.com/index.php?option=com_rubberdocview=docid=15format=raw On page 10, Pavel Emelyanov is ranked 21st On page 12, Parallels is ranked 11th On page 13, Parallels is ranked 9th I'm glad to see some folks are not only testing LXC but are going to be switching to it from OpenVZ and others. I'm not ready myself because LXC is currently missing too much for my needs... although I really do plan on checking it out real soon now and I'm guessing LXC might actually be appropriate for at least one of my use cases. You guys can help get the tools, bugs and features fleshed out so that the 2 years I predicted may be reduced. As previously stated, if you aren't adverse to using RHEL or CentOS as a host node (and some are), OpenVZ is contemporary with those and appears that it will be well supported for some time to come. I certainly hope that situation will improve but I don't expect it to. Now to hear if anyone has anything official to add to this discussion. :) TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work] ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
