Vzctl for upstream kernel

From OpenVZ Virtuozzo Containers Wiki
Revision as of 14:59, 13 September 2012 by Avagin (talk | contribs) (Networking)
Jump to: navigation, search

Since version 4.0, vzctl tool can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality. It is currently possible to create and start a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all.

Warning.svg Warning: Running vzctl on upstream kernels is considered an experimental feature. See #Limitatons below.

Installation

Yellowpin.svg Note: This section describes installation for RPM-based distros. See #Building below if you want to compile vzctl from source.

First, set up OpenVZ yum repository. Download openvz.repo file and put it to your /etc/yum.repos.d/ repository, and import OpenVZ GPG key used for signing RPM packages. This can be achieved by the following commands, as root:

wget -P /etc/yum.repos.d/ http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

In case you can not cd to /etc/yum.repos.d, it means either yum is not installed on your system, or yum version is too old.

Then, install vzctl-core package:

yum install vzctl-core

Usage

For supported features, usage is expected to be the same as standard vzctl tool. See vzctl(8) for more information.

Networking

Networking is available through the switches --netdev_add, --netif_add, and their respective deletion counterparts. In this case Virtual Ethernet device is added in CT.

One life hack may be useful while "vzctl enter" doesn't work.
If you use DHCP and don't know which an IP address is in CT, you can find it in  /vz/root/[CTID]/var/log/message.

"ip netns exec" can help you too, but it doesn't work sometimes.
$ ip netns exec [CTID] ip a

IP mode networking (--ipadd / --ipdel) is currently not supported.

Limitations

The following vzctl commands are not working at all:

  • quotaon/quotaoff/quotainit (vzquota-specific)
  • convert, compact, snapshot* (ploop-specific)
  • console (needs a virtual /dev/console, /dev/ttyN device)
  • enter, exec and runscript (need pidns entering support)
  • chkpnt, restore (currently need OpenVZ-kernel-specific checkpointing, CRIU will be supported later)

The following commands have severe limitations:

  • stop. A container can be stopped from inside (say if one is connected to CT over ssh) in case the underlying kernel supports rebooting a PID namespace (> 3.4). Using vzctl, the "stop" command is not supported, unless accompanied by the --fast switch, which will simply forceably kill all processes in the container.

The following binaries are not ported to work on top of upstream kernel:

  • vzlist
  • vzcalc
  • vzcfgvalidate
  • vzcpucheck
  • vzmemcheck
  • vzmigrate
  • vzeventd
  • vzpid
  • vzsplit
  • vzubc

/proc and /sys

Software that depend on information supplied by the proc filesystem may not work correctly, since there is not a full solution for full /proc virtualization. For instance, /proc/stat is not yet virtualized, and top will show distorted values.

Resource management

Setting resources like --ram and --cpuunits work, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:

  • cpu.cfs_quota_us
  • cpu.shares
  • cpuset.cpus
  • memory.limit_in_bytes
  • memory.memsw.limit_in_bytes
  • memory.kmem.limit_in_bytes
  • memory.kmem.tcp.limit_in_bytes


Building

Dependencies

The following software needs to be installed on your system:

  • iproute2 >= 3.0.0 (runtime only)
  • libcgroup >= 0.38

Download

You can get the latest released version from Download/vzctl/4.11.1#sources or directly from download:utils/vzctl/current/src/.

If you are living on the bleeding edge, get vzctl sources from git. Then run autogen.sh to recreate auto* files:

git clone git://git.openvz.org/pub/vzctl
cd vzctl
./autogen.sh

Compile

Usual ./confi

t makes sense to add --without-ploop (unless you want ploop compiled it) because otherwise you will need ploop lib headers.

$ ./configure --with-cgroup --without-ploop