headers
Phil Lello | 1 Jul 2011 17:39

Migrating to OpenVZ from BSD jails

Hi all,

I'm currently using a development environment using multiple bsd jails, and would like to migrate to openvz.

The jails need to emulate Ubuntu 10.04 (kernel 2.6.32), however I believe the patches for this kernel are still experimental.

Is this true? If so, are the known issues to do with stability or security?

My needs could probably be met by a simple chroot, but binding IP addresses to a container means I can keep this environment much closer to production (which uses real hardware nodes instead of jails). I don't hugely need a separate pid space (provided all my start/stop scripts use pidfiles instead of polling running processes - something I wouldn't want to make assumptions about).

The only other option I can think of would be full/para virtualisation, but I've currently got about 30 BSD jails, so this makes memory requirements excessive (unless I'm using a bubble memory driver). Full virtualisation is also not ideal, because at some point my dev environment will move to a VM, and nested virtualisation carries it's own set of headaches.

Thanks for any help or advice you can offer,

Phil

_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users
Permalink | Reply | 1 comment |
headers
Scott Dowdle | 1 Jul 2011 19:40
Favicon

Re: Migrating to OpenVZ from BSD jails

Greetings,

----- Original Message -----
> The jails need to emulate Ubuntu 10.04 (kernel 2.6.32), however I
> believe the patches for this kernel are still experimental.
> 
> Is this true? If so, are the known issues to do with stability or
> security?

Depends.

There are two branches based on 2.6.32... the generic one and the RHEL6-based one.  Both are still marked as
"Development" here:

http://wiki.openvz.org/Download/kernel

There is also a 2.6.32-based kernel that Debian has in their repos for Debian 6.  I believe it uses the OpenVZ
2.6.32 generic patch but of course Debian's kernel isn't the stock kernel.org kernel.

I've heard of a few differences in functionality between the RHEL6-based kernel and that shipped by
Debian.  Ubuntu does not offer an OpenVZ kernel that I'm aware of.

I've been using the RHEL6-based kernel on RHEL 6.1 and it seems to work fine but it isn't a production machine
and I haven't done a whole lot of testing.  The OpenVZ Project has been updating the RHEL6-based kernel
frequently both to keep up with RHEL kernel updates as well as fix OpenVZ-related bugs that are reported.

So, what host node distro are you planning on using?  I'd recommend using the RHEL6-based OpenVZ kernel if at
all possible.  If you haven't done so already, I strongly recommend you setup a system and give it a try for
yourself... and do some testing.  If you find any bugs report them to bugzilla.openvz.org.

TYL,
--

-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
Permalink | Reply | 0 comments |
headers
Sebastian Bachmann | 3 Jul 2011 13:26
Gravatar

Right use of Hostname and Name


Hello,
We have some servers with some more OpenVZs installed. All running
Debian lenny, squeeze and lenny bpo.
Now we have some troubles with the Hostname and FQDN of some VZ's. In
the config files of all VZs is the HOSTNAME set to the FQDN. The NAME is
set to the Hostname of the host.
In some hosts we can now see, that /etc/hostname is the FQDN, in some
not. In the VZ's where in the /etc/hostname is the hostname, $(hostname
-f) gives the FQDN... So i think some hosts have some problems with the
hostname and the real FQDN...

So what is the right usage of HOSTNAME and NAME in the VZ conf? where i
should use the FQDN and where just the hostname?

thanks!
sebastian
Permalink | Reply | 1 comment |
headers
Scott Dowdle | 5 Jul 2011 20:54
Favicon

Re: Right use of Hostname and Name

Greetings,

----- Original Message -----
> So what is the right usage of HOSTNAME and NAME in the VZ conf? where i
> should use the FQDN and where just the hostname?

vzctl's --name flag is just for vzctl so you can use a name rather than the ctid... just like hostnames are
generally friendlier than IP addresses.  It is really just a symlink in /etc/vz/names/ that points to the
config.  To the best of my knowledge, only vzctl allows you to use it... whereas, for example, vzmigrate
does not.

The --hostname flag is for setting the hostname of the container.  Where the value gets written into the
container is distro specific.  For example, in Red Hat / Fedora OS Templates, the value gets written to
/etc/sysconfig/network.  Other distros might expect it to be elsewhere.

The man page for vzctl is a little lean in the descriptions for --name and --hostname but I think it is clear enough.

TYL,
--

-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
Permalink | Reply | 0 comments |
headers
JR Richardson | 8 Jul 2011 19:53
Picon

UDP socket buffer strategy for VoIP Service Containers

Hi All,

I'm running Asterisk servers on OVZ with great success.  Most of the
systems are pretty small usage, just a few phones and active channels.
 I used vzsplit to generate my resource parameters so all systems are
set equally on the hardware node.

Sometimes I'll get a container pushing the limits of these 2 resources:

othersockbuf          21.88 kb      562.56 kb      553.39 kb
1.98 mb             59
dgramrcvbuf            0.00 kb      260.06 kb      260.42 kb
260.42 kb           70

I assume this is due to active calls.

Can someone shed some light on the direct correlation between UDP
sockets and VoIP Calls?  Are the resource parameter in kb the amount
of UDP bandwidth on the network?  All VoIP/RTP traffic is UDP G.711.

I do not have any complaints about voice quality issues or anything
that would indicate the incremental counts over the soft limit are
really affecting performance of the container or the VoIP Service.

Would it be ok increase the soft limits to something like 1/4 or 1/2
the total resource of the hardware node and increase the hard limit to
MAX_ULONG?

Any suggestions or info would be appreciated.

Thanks.

JR
--

-- 
JR Richardson
Engineering for the Masses
Permalink | Reply | 0 comments |
headers
MK | 18 Jul 2011 16:36
Picon
Favicon

Problems on AVX "Sandy Bridge" hardware

I have a small VPS I use for testing and personal projects which is
run under openVZ by a commercial provider. About 3 weeks ago, the
provider migrated to using new Xeon "Sandy Bridge" processors.  I do a
lot of things with apache mod_perl, and at that point, most of it broke;
the apache worker exits after receiving SIGILL, "Illegal instruction".

That is not a perl error, and a very simple test case confirmed this.
So I ran apache in gdb and have a backtrace pasted here:

http://pastebin.com/16SrEzHM

This backtrace is nearly identical to one from a bug reported last year
for glibc 2.12 on AVX enabled hardware:

http://sourceware.org/bugzilla/show_bug.cgi?format=multiple&id=12113

Wikipedia claims that the 2011 Xeon "Sandy Bridge" is the only
currently available processor using these new extensions:

http://en.wikipedia.org/wiki/Advanced_Vector_Extensions#CPUs_with_AVX

Apparently glibc 2.13, gcc 4.6, and kernel 2.6.30 support AVX.  I
imagine this is generally true as I could find no reports of any 
problem besides the glibc 2.12 issue from last year.   There is a
"small reproducer" .zip attached to that report, and it does reproduce
on the VPS, which is running Fedora 14, glibc 2.13 built with gcc
4.5.1, and kernel 2.6.32-238.

So I reported this as a glibc bug, but with fedora:

https://bugzilla.redhat.com/show_bug.cgi?id=720176

Andreas Schwab points out there that according to my dump
of /proc/cpuinfo (in the report), the processor *is not* AVX enabled.
However, it definitely is a "Sandy Bridge" and the model number from
cpuinfo, "Intel(R) Xeon(R) CPU E31230", is according to Intel an AVX
processor:

http://ark.intel.com/Product.aspx?id=52271

This lead me to ask about the issue on the linux kernel devel mailing
list.   Responses there claim that this is likely due to the
virtual containerization (ie, openVZ) screwing up the cpu flags. 

Could that be due to some misconfiguration by the vendor?  Right now,
they claim no one else has reported such a problem, but have no idea
how many (if any) of their other clients are running mod_perl, and the
only other software I have noticed which triggers the problem is the
"small reproducer" (qv.) from the original glibc 2.12 bugzilla report on
sourceware.org.

Or could this be a problem intrinsic to openVZ?

Sincerely, Mark Eriksen

--

-- 
"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)
Permalink | Reply | 0 comments |
headers
Gary Wallis | 23 Jul 2011 18:01

vzlist stderr message Invalid value for DEVICES

I started getting a strange stderr message from vzlist

[root <at> rc5 ~]# vzlist | head
Invalid value for DEVICES=c:196:255:rw, skipped
       CTID      NPROC STATUS    IP_ADDR         HOSTNAME
...

Thanks for any clues or information about how I can find the 
"c:196:255:rw" device.

Cheers!
Gary
Permalink | Reply | 1 comment |
headers
Gary Wallis | 23 Jul 2011 18:20

Re: vzlist stderr message Invalid value for DEVICES

Gary Wallis wrote:
> I started getting a strange stderr message from vzlist
> 
> [root <at> rc5 ~]# vzlist | head
> Invalid value for DEVICES=c:196:255:rw, skipped
>       CTID      NPROC STATUS    IP_ADDR         HOSTNAME
> ...
> 
> Thanks for any clues or information about how I can find the 
> "c:196:255:rw" device.
> 
> Cheers!
> Gary
> _______________________________________________
> Users mailing list
> Users@...
> https://openvz.org/mailman/listinfo/users
> 
> 

Found it...it is the pseudo dev

[root <at> rc5 ~]# ls -Rl /dev | grep 196 | grep 255
crw-rw----  1 root root 196, 255 Feb  1 14:55 pseudo

Main issue remains: Any ideas why this dev would have an invalid value?
Permalink | Reply | 0 comments |

Gmane