ADMIN

Recommendations

Info

VirtuAlizAtion openVz © sculpies, Fotolia.com Operating system virtualization with OpenVZ Container Service the virtualization technology market is currently concentrating on hypervisor-based systems, but hosting providers often use an alternative technology. container-based solutions such as openVz/ Virtuozzo are the most efficient way to go if the guest and host systems are both linux. By thomas drilling Hypervisor-based virtualization solutions are all the rage. Many companies use Xen, KVM, or VMware to gradually abstract their hardware landscape from its physical underpinnings. The situation is different if you look at leased servers, however. People who decide to lease a virtual server are not typically given a fully virtualized system based on Xen or ESXi, and definitely not a root server. Instead, they might be given a resource container, which is several magnitudes more efficient for Linux guest systems and also easier to set up and manage. A resource container can be implemented with the use of Linux VServer [1], OpenVZ [2], or Virtuozzo [3]. Benefits Hypervisor-based virtualization solutions emulate a complete hardware layer for the guest system. Ideally, any operating system including applications can be installed on the guest, which will seem to have total control of the CPU, chipset, and peripherals. If you have state-of-the-art hardware (a CPU with a virtualization extension – VT), the performance is good. However, hypervisor-based systems do have some disadvantages. Because each guest installs its own operating system, it will perform many tasks in its own context just like the host system does, meaning that some services might run multiple times. This can affect performance because of overlapping – one example of this being cache strategies for the hard disk subsystem. Caching the emulated disks on the guest system is a waste of time because the host system already does this, and emulated hard disks are actually just files on the filesystem. Parallel Universes Resource containers use a different principle on the basis that – from the application’s point of view – every operating system comprises a filesystem with installed software, space for data, and a number of functions for accessing devices. For the application, all of this appears to be a separate universe. A container has to be designed so that the application thinks it has access to a complete operating system with a run-time environment. From the host’s point of view, containers are simply directories. Because all the guests share the same kernel, they can only be of the same type as the host operating system or its kernel. This means a Linux-based container solution like OpenVZ can only host Linux guests. From a technical point of view, resource containers extend the host system’s kernel. Adding an abstraction layer then isolates the containers from one another and provides resources, such as CPU cycles, memory, and disk capacity (Figure 1). Installing a container means creating a sub-filesystem in a directory on the host system, such as /var/lib/vz/ gast1; this is the root directory for the guest. Below /var/lib/vz/gast1 is a regular Linux filesystem hierarchy but without a kernel, just as in a normal chroot environment. 52 Admin 01 www.Admin-mAgAzine.com
openVz VirtuAlizAtion live migration, checkpointing and restoring OpenVZ containers can be shifted from one physical host to another during operations (Live migration). Ideally, the user will not even notice this process. However, the host environment must be configured to support live migration from a technical point of view. In other words, both virtual environments must reside on the same subnet, and data transmission rate must be high enough. Additionally, the target virtual environment (VE) must have sufficient hard disk space. If these conditions are fulfilled, the following command starts the migration: vzmigrate ‐online target IP VEID Target IP is the network address of the VE into which you want to migrate to the VE with the ID of VEID. Of course, the vzmigrate tool supports a plethora of different options (e.g., for migrating over secure connections). The exact syntax and other examples of applications are discussed [12]. Additionally, OpenVZ can create what it refers to as checkpoints (snapshots) of VEs: A checkpoint freezes the current state of the VE and saves it in a file. The checkpoint can be created from within the host context with the vzctl chkpnt VEID command. The checkpoint file can be used later to restore the VE on another OpenVZ host with vzctlrestore VEID. The container abstraction layer makes sure that the guest system sees its own process namespace with separate process IDs. On top of this, the kernel extension that provides the interface is required to create, delete, shut down and assign resources to containers. Because the container data are extensible on the host file system, resource containers are easy to manage from within the host context. Efficiency Resource containers are magnitudes more efficient than hypervisor systems because each container uses only as many CPU cycles and as much memory as its active applications need. The resources the abstraction layer itself needs are negligible. The Linux installation on the guest only consumes hard disk space. How- ever, you can’t load any drivers or kernels from within a container. The predecessors of container virtualization in the Unix world are technologies that have been used for decades, such as chroot (Linux), jails (BSD), or Zones (Solaris). With the exception of (container) virtualization in User- Mode Linux [4], only a single host kernel runs with resource containers. OpenVZ OpenVZ is the free variant of a commercial product called Parallels Virtuozzo. The kernel component is available under the GPL; the source code for the matching tools under the QPL. OpenVZ runs on any CPU type, including CPUs without VT extensions. It supports snapshots of active containers as well as the Live migration of containers to a different host (see the box “Live Migration, Checkpointing and Restoring”). Incidentally, the host is referred to as the hardware node in OpenVZ-speak. To be able to use OpenVZ, you will need a kernel with OpenVZ patches. One problem is that the current stable release of OpenVZ is still based on kernel 2.6.18, and what is known as the super stable version is based on 2.6.9. It looks like the OpenVZ developers can’t keep pace with official kernel development. Various distributions have had an OpenVZ kernel, such as the last LTS release (v8.04) of Ubuntu, on which this article is based (Figure 2). Ubuntu 9.04 and 9.10 no longer feature OpenVZ, apart from the VZ tools; this also applies to Ubuntu 10.04. If you really need a current kernel on your host system, your only option is to download the beta release, which uses kernel 2.6.32. The option of using OpenVZ and KVM on the same host system opens up interesting possibilities for a free super virtualization solution with which administrators can experiment. If you are planning to deploy OpenVZ in a production environment, I suggest you keep to the following recommendations: You must disable SELinux because OpenVZ will not work correctly otherwise. Additionally, the host system should only be a minimal system. You will probably want to dedicate a separate partition to OpenVZ and to mount this below, /ovz, for example Besides this, you Applications Container Context Resource Container 1 Resource Container 2 Resource Container 3 OpenVZ Abstraction Layer Applications Host Context Host System Kernel Figure 1: In virtualization based on resource containers, the host and guest use the same kernel; therefore, they must be of the same type. This means that a Linux host can only support Linux guests. Figure 2: openSUSE with Ubuntu: System virtualization with resource containers is an interesting option if you need to host (multiple) Linux guest systems as efficiently as possible on a Linux host system. www.Admin-mAgAzine.com Admin 01 53
Page 1 and 2: ADMIN Network & Security Rescue CD
Page 3 and 4: Welcome to Admin WELCOME ALL FOR AD
Page 5 and 6: Table of Contents SERVICE 8 Spacewa
Page 7 and 8: POWERHOUSE PERL 11 cool projects! F
Page 9 and 10: Spacewalk Features configuration fi
Page 11 and 12: Spacewalk Features Figure 2: Assign
Page 13 and 14: Spacewalk Features kickstart profil
Page 15 and 16: Icinga Features Table 1: States Opt
Page 17 and 18: Icinga Features ministrators only n
Page 19 and 20: Icinga Features Figure 6: Network o
Page 21 and 22: MySQL Forks and Patches Features th
Page 23 and 24: MySQL Forks and Patches Features In
Page 25 and 26: Exchange 2010 Features © peapop, F
Page 27 and 28: they can now synchronize text messa
Page 29 and 30: Backup Software Features data. One
Page 31 and 32: Backup Software Features tended), l
Page 33 and 34: Backup Software Features Two “wiz
Page 35 and 36: Backup & Disaster Recovery Georgeto
Page 37 and 38: OCFS2 Tools ing. OCFS2 is fairly si
Page 39 and 40: OCFS2 Tools F Figure 2: Unspectacul
Page 41 and 42: To do this, you need to change the
Page 43 and 44: Synergy Tools Figure 1: Synergy as
Page 45 and 46: SystemTap Tools The SystemTap [3] t
Page 47 and 48: SystemTap Tools Instead of searchin
Page 49 and 50: Package Your Scripts Virtualization
Page 51: Linux Magazine ACADEMY curl U http:
Page 55 and 56: OpenVZ Virtualization a number of c
Page 57 and 58: OpenVZ Virtualization OpenVZ kernel
Page 59 and 60: AND SAVE 30%! ADMIN Network & Secur
Page 61 and 62: Virtual Machine Manager Virtualizat
Page 63 and 64: Virtual Machine Manager Virtualizat
Page 65 and 66: Teamviewer Management and be contro
Page 67 and 68: NOV. 7-12 2010 24th Large Installat
Page 69 and 70: Chef Management Server Provides rec
Page 71 and 72: Chef Management ‐r http://s3.amaz
Page 73 and 74: Chef Management Figure 5: The clien
Page 75 and 76: Sysinternals Management AdInsight a
Page 77 and 78: Sysinternals Management Name Table
Page 79 and 80: PAM and Hardware Nuts and Bolts Fig
Page 81 and 82: November 13-19, 2010 • Ernest N.
Page 83 and 84: PAM and Hardware Nuts and Bolts to
Page 85 and 86: ON NEWSSTANDS NOW ! UBUNTU USER MAG
Page 87 and 88: modSecurity nutS And boltS complex
Page 89 and 90: ModSecurity Nuts and bolts Insider
Page 91 and 92: REAL SOLUTIONS FOR REAL NETWORKS Ea
Page 93 and 94: Daemon Monitoring Nuts and Bolts Fi
Page 95 and 96: VPns with SSTP nuTS And BoLTS Hands
Page 97 and 98: VPNs with SSTP Nuts and Bolts Figur
Page 100: DEDICATED SERVERS £59 FROM PER MON

ADMIN

Create successful ePaper yourself

Delete template?

Save as template?