[Users] Re: vzsplit does not work

Scott Dowdle dowdle at montanalinux.org
Wed Jan 7 02:07:54 EST 2009 

Peter,

----- "Peter Thomassen" <mail at peter-thomassen.de> wrote:
> Debian has vzctl version 3.0.22 for their upcoming release. But I want
> to avoid upgrading the whole system to a beta state. The kernel I am 
> using, 2.6.26, is from Debian backports, i.e. it's backported from the
> upcoming release to the stable one ("Etch"). There is a special openvz
> package for this kernel, so I would have expected that it works
> together with other packages from "Etch".

With regards to Debian's meaning of the word "stable" applied to the packages provided by them for OpenVZ, they aren't.  I don't mean to offend anyone from the Debian project and respect the work they have put into the OpenVZ packages they have provided thus far... and commend them for the work they've done for the upcoming release.  I don't know much about the 2.6.26 OpenVZ kernel they are packaging but I'm going to assume that it is similar to the 2.6.24 kernel Ubuntu has.  It doesn't have the scheduler used in 2.6.18 so I don't think container scheduling is as flexible (I don't know the details) nor the CPU control.  There are problems with checkpointing and live migration doesn't work so well.  I haven't used 2.6.24 myself but I'm going from reports from people I trust.

There have been many bugs fixes and additions made to vzctl from 3.0.11 to current (3.0.22) and I believe some the changes were security related... so I'm not sure why Debian hasn't updated vzctl.  Given that a lot of OpenVZ's functionality depends on vzctl I see it as almost as important a component as the kernel.

> The kernel packages mentioned in the Wiki are packaged in March and May, 
> resp. I prefer packages that are maintained more frequently (for 
> security updates etc.).

I'd recommend you contact the packagers of those and voice your concerns and see if they could come up with a more recent package.  I'm not sure if they can or not... as upstream abandoned 2.6.18 long ago and I'm not sure how maintained it is for security patches.  I know a number of people using that packaging of the kernel and I haven't heard of any real world security issues with it... so my guess would be that it is an acceptable risk... but yes it would be nice to find out more of the specifics.

That's the good thing with the RHEL-based kernels... they may be a little older but Red Hat maintains them, back ports some features, back ports drivers, and does all of the security patch back porting.  I wonder if you could use RHEL kernel package on Debian?  I know you'd have to update the bootloader manually but perhaps it would work?

TYL,
-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]

More information about the Users mailing list