[Users] SIMFS users

Gena Makhomed gmm at csdoc.com
Tue Jul 21 16:24:46 PDT 2015 

On 22.07.2015 0:11, Kir Kolyshkin wrote:

> The biggest problem with simfs appears to be security. We have recently
> found a few bugs (not in simfs per se, but in the kernel in general,
> i.e. these
> are not our bugs for the most part) that can be exploited to escape
> the simfs and let container access the host file system. One single bug
> like that should have everyone who is at least slightly concerned about
> security to move to ploop. And there were a few :(

simfs need for using OpenVZ with ZFS

> Other "why not simfs" considerations are listed at
> http://openvz.org/Ploop/Why#Before_ploop

there are three levels:

1. before ploop: simfs over ext4
2.   with ploop: ext4 over ploop over ext4
3.  after ploop: simfs over ZFS

comparing (1) and (2) - ploop win,
but compating (2) with (3) - simfs win!

and comparing (2) and (3) - I have no reasons to use ploop.

https://github.com/pavel-odintsov/OpenVZ_ZFS/blob/master/openvz_storage_backends.md

ZFS has many advantages over ploop, for example, compression:

container contains 62 GiB of files, but on disk these files
use only 11 GiB - compression level is near 6x for such files,
average compression level near 2x if using lz4 algorithm,
and files is not pictures/movies/compressed archives.

other advantage - L2ARC and ZIL - ploop don't have such features.
L2ARC accelerate disk read operations, ZIL accelerate sync writes,
transform sync writes to pool into async writes to pool.

so, simfs over ZFS works faster and use less space on the HDD/SDD,
comparing to overengineered FS stack "ext4 over ploop over ext4".
also simfs over ZFS is more simple / more handy for administration.

>> To get back to the original question that Sergey asked: He maybe asked
>> because they're considering to eventually drop simfs support. Because
>> that's how I'd test the waters if I were to retire some legacy features
>> from my own projects. To that I humbly say: Please don't. We like that
>> ugly duckling and would like to keep it. Alternatively: Give us a really
>> good reason (or a "killer-feature") that makes it a "must have" item.

If you drop simfs support and don't provide any other way how to use ZFS
for OpenVZ containers - I will be forced to migrate from OpenVZ
to KVM and/or Docker, using ZFS on hardware node and zvols for vm
disks and mount XFS inside vms with "discard,noatime" option -
in such way vm disk overhead will be very low - unused disk blocks
inside vm will be also marked as unused blocks on hardware node,
and memory overhead with KVM can be partially solved via KSM.

Docker already contains ZFS storage driver.

-- 
Best regards,
  Gena

More information about the Users mailing list