[Users] OpenVZ vs. vserver
Kir Kolyshkin
kir at openvz.org
Fri Mar 23 07:19:51 EDT 2007
Darryl Ross wrote:
> I've not been able to get migrations working in openvz at all.
Care to file a bug report (or two) to bugzilla.openvz.org?
> I just
> end up using the same process I use under linux-vserver to migrate
> guests between machines: rsync once, rsync a second time (to reduce the
> time stopped), stop the guest, resync a third time, start guest on new host.
>
This is basically what vzmigrate script does (well, there's no
intermediate rsync, but it can be added quite easily.
> I also have some other issues with openvz as well.
>
> One is related to the resource limits -- every guest I've built I've had
> to play with the limits to get the software I need to run. The defaults
> just don't seem usable.
>
Perhaps those defaults are better suited for a lot of tiny/lightweight
VEs. If your VEs are relatively large, I suggest you to either use
vzsplit utility to generate an initial config, OR use something like
example C from http://wiki.openvz.org/UBC_configuration_examples_table
On the other side, the problem with linux-vserver is by default a guest
(a VE) is NOT limited, which means you can not give it to an untrusted
party without doing some additional work.
The OpenVZ idea is like the one for your firewall -- deny all by
default, then allow what you need. Here, as well, you start with a
limited set of resources, and then tailor those to your environment. Of
course it can be changed server-wide by having a different config set as
default.
> One other thing, which isn't really a major issue, just an annoyance, is
> that if I run netstat or ps on the host it shows me all of the sockets
> open and programs running, even those inside the guests, whereas under
> linux-vserver the host machine is a context in it's own right, so they
> are hidden.
>
There is a two-liner patch available to switch to "hide VE processes
from VE0" behavior:
http://download.openvz.org/contrib/kernel-patches/diff-ve0-proc-own-processes-only
> My only issue with linux-vserver is the lack of network interface
> virtualisation, but I've been working around that for so long it's not
> really that much of an issue for me.
>
> My recommendation at this point is still towards linux-vserver. I'm
> planning on migrating work away from openvz back to linux-vserver as well.
What are the reasons (if other than specified above)?
More information about the Users
mailing list