Legacy OpenVZ FAQ

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search



What is a container (Virtual Environment, Virtual Private Server, VPS, VE)?[edit]
See Container.
What are highlights of OpenVZ technology?[edit]

In short, OpenVZ is the only highly scalable virtualization technology with near-zero overhead, strong isolation and rapid customer provisioning that's ready for production use right now. Deployment of OpenVZ improves efficiency, flexibility and quality of service in the enterprise environment.

Who needs OpenVZ? How it can be used?[edit]
See Use cases.
What applications can run inside an OpenVZ container?[edit]

Most applications can be installed to a container without any modifications. Oracle, DB/2, Weblogic, Websphere and other big applications run just fine inside an OpenVZ container. Applications and services do not have to be aware of OpenVZ. However, direct access to hardware is not available by default.

How is OpenVZ different from other technologies?[edit]
See Introduction to virtualization.
How is OpenVZ secured & updated?[edit]
See Security.
How scalable is OpenVZ?[edit]

OpenVZ technology scales as well as standard Linux kernel — up to thousands of CPUs and terabytes of RAM. Besides, a single container could be scaled up from taking a little fraction of available resources up to all resources available dynamically — you do not even have to restart the container. For example, containers can natively use up to all available CPUs which is different from hypervisor technology which requires special tricks like co-scheduling and even the best hypervisors are inefficient with more then 4-8 vCPUs.

How does OpenVZ improve efficiency of services?[edit]

For existing hardware, OpenVZ allows to utilize its processing power better by improving average load from 3-5% to at least 30-50%, while still providing ability to handle peak loads. To decrease complexity, OpenVZ provides standardized and centralized server management, logically decoupled from actual hardware. And when its time to buy new servers, you can now use few more powerful servers instead of many little ones — with added benefits of better reliability, better peak performance and typically longer lifespan.

How does OpenVZ improve flexibility of services?[edit]

By providing unified scalable platform with such unique features as rapid application and updates provisioning. Each container is hardware independent and can be moved to another OpenVZ-based system in seconds over the network. This allows for ease of hardware maintenance (move out all containers and do whatever you need with the box) and improved availability (keep a synchronized copy of your container elsewhere and start it up when primary service failed). If your old box is not able to cope with peak load anymore, just move your containers to a new one.

What is the performance overhead?[edit]

Near zero. There is no emulation layer, only security isolation, and all checking is done on the kernel level without context switching.

What are performance expectations?[edit]

Peak performance is achieved when only one container has active tasks. In this case, it could use 100% of available resources: all CPUs, all physical memory, all disk and network bandwidth. OpenVZ is not limiting you to a single-CPU virtual machine.

I want to show my appreciation to OpenVZ and put some logo to my site. Where to get it?[edit]
See Artwork.
Are there any control panels available for OpenVZ?[edit]
See Control_panels. OVZ Web panel is recommended.
What kind of documentation is available?[edit]
Aside from this wiki, which contains lots of information, you can check extensive manual pages.

Installation and upgrade[edit]

What hardware is supported by OpenVZ kernel?[edit]
See Virtuozzo HCL.
Why there are different kernel flavours available and what do they mean?[edit]
See Different kernel flavors (UP, SMP, ENTERPRISE, ENTNOSPLIT).
How do I rebuild the kernel?[edit]
See Kernel build.
What does 021stab018 in OpenVZ kernel version mean?[edit]
See Kernel versioning.
How can I check package signatures?[edit]
See Package signatures.
Is it possible to run x86 container on a x86_64 arch?[edit]
Sure :) We actually did some work on that to enable migration of x86 container from x86 to x86_64 and back, and to enable using 32-bit iptables in 32bit container on an x86_64 system.
What filesystems should I choose for saving my containers?[edit]
Currently, ext4 is recommended. Any filesystem which supports Unix style permissions is usable, such as Ext3 or ReiserFS. XFS works, but does not have support for disk quotas inside containers.


How do I set up VPN for a container?[edit]
See VPN via the TUN/TAP device.
What is veth and how do I use it?[edit]
See Virtual Ethernet device.
Why doesn't net-snmpd work on my containers?[edit]
See SNMPD in container.
Can I use private IPs for my containers?[edit]
See NAT.

User Beancounters (UBC)[edit]

What are those User Beancounters?[edit]

See UBC.

What units are UBC parameters measured in?[edit]

See UBC parameter units.

How do I set up a container which is able to get X Mb of RAM?[edit]

See Setting UBC parameters.

I can not start a program in container: it reports out of memory. What do I do?[edit]

See Resource_shortage.

How can I reset failcnt in /proc/user_beancounters?[edit]

See UBC failcnt reset.


My kernel crashed. What should I do?[edit]
See When you have an oops.
I see a lot of processes in D state. What does that mean?[edit]
See Processes in D state.
My container cannot access the internet. What should I do?[edit]

If you can ping the host node but receive an error similar to:

[root@test /]# ping
PING ( 56(84) bytes of data.
From icmp_seq=1 Destination Host Prohibited

then likely the host node has an active firewall. Running the command

[root@host ~]# /etc/init.d/iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

will turn it off. If that works, then you know iptables firewall needs to be configured.