Difference between revisions of "Leaflet"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(initial version)
 
(added categories)
 
(23 intermediate revisions by 3 users not shown)
Line 1: Line 1:
OpenVZ is an a project lightweight virtualization solution built on Linux. It creates multiple isolated, secure containers (an improved chroot providing a complete virtual environment) on a single physical server. Each container acts as a separate virtual machine, with its own process IDs, devices, network addresses and routing, and adjustable resource limits.  OpenVZ can create hundreds of containers on a single physical server, each of which may be rebooted independently.
+
= Container-based virtualization for Linux. Fast, lightweight, secure. Choose three. =
Because OpenVZ uses a chroot-based mechanism to provide lightweight virtual machines, both the host and guest OS must be Linux (although each container may run a different Linux distribution). Using containers imposes only a 1-3% performance penalty compared to running the same processes on the host system.
 
  
OpenVZ is free software; everyone can use, redistribute and modify it under the terms of the GNU General Public License.
+
== What is OpenVZ? ==
OpenVZ consists of a modified Linux kernel plus user-level tools. The kernel adds a notion of containers, provides virtualization, isolation,  resource management, checkpointing, and live migration.
 
  
== Virtualization and Isolation ==
+
OpenVZ is a project that combines the following container virtualization technologies for Linux:
  
Each container has its own independent:
+
*'''Virtuozzo kernel''', a Linux kernel with patches that implements OpenVZ kernel functionality.
  
* Files - system libraries, applications, /proc and /sys, file locks
+
*'''Management utilities''', such as vzctl, for managing container life cycle.
* Processes - each container has its own PID 1 init
 
* Users and groups - including root with its own UID 0
 
* Networking - virtualized network devices, IP addresses, per-container routing and iptables rules
 
* IPC objects - shared memory, semaphores, messages
 
* Filesystem - FIXME
 
  
and more – everything that makes it feel like a dedicated system.
+
*'''Checkpoint/Restore In Userspace''', or CRIU (pronounced kree-oo, IPA: /krɪʊ/, Russian: криу), is a software tool for Linux that enables you to freeze a running application (or a part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in userspace. Docker and LXC use CRIU for migrating containers between servers.
  
== Resource Management ==
+
*'''P.Haul''' is the project on top of CRIU that implements the live migration usage scenario.
  
Kernel shares and limits containers' resources, so no single container can abuse system resources. The four main subsystems are:
+
*'''LibCT''' is a container management library that provides a convenient API for front-end programs for managing the entire container life cycle.
  
* cgroups
+
== 10-year anniversary - a short [http://openvz.org/History history] of the OpenVZ project ==
* Fair CPU scheduler. Balances CPU time between containers according to the priorities assigned so no container can abuse the CPU. Can be used to provide hard CPU limits and guarantees.
 
* I/O scheduler. Distributes available I/O bandwidth between containers according to assigned priorities, with detailed statistics of I/O activity.
 
* Two-level disk quota. First level is per-container disk quota, second level is the standard UNIX per-user and per-group disk quota inside a container.
 
  
== Live Migration and Checkpointing ==
+
'''1999''':
  
OpenVZ can freeze/save the complete state of a container into a dump file (a process known as checkpointing), then create a new container from this dump file. This is similar to suspend-to-disk on a notebook, the difference is OpenVZ only checkpoints a single container, not the whole system.
+
*Nov 1999: SWsoft chief scientist formulates three key components of Linux containers: a set of processes with namespace isolation, a file system to share code and RAM, and isolation of resources.
The container can also be restored on a different physical server, allowing live migration which doesn't interrupt existing user sessions.  
 
  
== User-level Tools ==
+
'''2000''':
  
'''prlctl''' is a high-level command line tool to control  containers and virtual machines. It can create, start, stop, delete, and set various parameters, such as IP addresses, CPU limits, disk quotas...
+
*Feb 2000: A team of five people start working on the first mockup version of Virtuozzo (namespaces, isolation, vzfs).
Typical prlctl commands:
+
*Jul 2000: A limited public beta testing starts on two public servers (Virtuozzo 0.1 and control panels). The number of VEs reaches 5000 during summer.
  
# prlctl create 101 --ostemplate centos-7-x86_64 --vmtype=ct
+
'''2002''':
# prlctl set 101 --name virtuozzo
 
# prlctl set virtuozzo --ipadd 10.10.2.2
 
# prlctl set 101 --userpasswd root:XXXXXX
 
# prlctl set virtuozzo --diskspace 20G
 
# prlctl start virtuozzo
 
# prlctl exec virtuozzo ps ax
 
# prlctl enter virtuozzo
 
# prlctl backup virtuozzo
 
# prlctl list -a
 
# prlctl stop virtuozzo
 
# prlctl delete virtuozzo
 
  
'''prlsrvctl''' - utility for managing Virtuozzo.
+
*Jan 2002: SWsoft (now known as Odin) rolls out the initial release of Virtuozzo for Linux.
  
Typical prlsrvctl commands:
+
'''2005''':
# prlsrvctl info
 
# prlsrvctl net list
 
# prlsrvctl problem-report –send
 
  
'''pmigrate''' utility allows you to migrate physical servers to virtual machines and containers  on a node running Virtuozzo. For example, to move a physical server to the virtual machine, you can execute the following command:
+
*2005: SWsoft creates the OpenVZ Project to release the core of Virtuozzo under GNU GPL.
# pmigrate h 192.168.1.130 v localhost/VM
+
*2005: SWsoft acquires a hosting/development company Express with their own containers for FreeBSD (later dropped due to a small number of clients).
  
'''pstat''' - top-like utility for gathering statistics.
+
'''2006''':
  
== Templates ==
+
*Jan 2006: Rebase to kernel 2.6.15.
 +
*Oct 2006: Port to SPARC and PPC.
 +
*Nov 2006: Port to 2.6.18 kernel.
 +
*Nov 2006: Live migration capability added to OpenVZ.
  
Templates are container images of various Linux distributions used for rapid container deployment. You can use or modify existing templates, or build your own that suits your particular needs.
+
'''2007''':
It is easy to create your own template for OpenVZ by installing a consistent set of packages that forms the base of operating system userland. This can be done with the help of utilities such as yum or debootstrap, depending on the distribution.
 
Precreated templates are available for:
 
  
* CentOS
+
*Mar 2007: Port to RHEL5 kernel.
* Debian
+
*Mar 2007: Port to 2.6.20 kernel.
* Ubuntu
+
 
* etc.
+
'''2008''':
 +
 
 +
*Apr 2008: Rebase to kernel 2.6.25.
 +
*Oct 2008: Port to ARM.
 +
 
 +
'''2009''':
 +
 
 +
*Aug 2009: Parallels is in Top 10 Linux kernel contributors with their patches for Linux containers. The contributions to the kernel include PID, IPC, and network namespaces, the last one being the biggest.
 +
 
 +
'''2011''':
 +
 
 +
*Jul 2011: Pavel Emelianov sends initial RFC and code. The idea of CRIU came up earlier when OpenVZ team realized that merging in-kernel checkpoint/restore was impossible. Re-implementing it in userspace looked crazy for everyone, Andrew Morton and Linus Torvalds included ("Some crazy russians").
 +
*Sep 2011: Cyrill Gorcunov makes the first commit to the CRIU project.
 +
 
 +
'''2012''':
 +
 
 +
*Jul 2012: CRIU v0.1 is available.
 +
*Oct 2012: vzctl for upstream Linux kernel is available.
 +
 
 +
'''2014''':
 +
 
 +
*Dec 2014: Parallels announces merging OpenVZ and Parallels Cloud Server into a single common open source codebase.
 +
 
 +
'''2015''':
 +
 
 +
*Apr 2015: The source code of the RHEL7-based kernel is published and kernel development process becomes open.
 +
*Jun 2015: The source code of most userspace utilities is published.
 +
*Jul 2015: A yum repository with Virtuozzo RPM packages and installation ISO image is published and regularly updated.
 +
*Jul 2015: Virtuozzo 7 Technical Preview - Containers is announced.
  
 
== Frequently Asked Questions ==
 
== Frequently Asked Questions ==
Line 77: Line 81:
 
'''What is a container (Virtual Environment, Virtual Private Server)?'''
 
'''What is a container (Virtual Environment, Virtual Private Server)?'''
  
A container (CT) is an isolated entity which performs and executes exactly like a stand-alone server. Containers can be rebooted independently and have root access, users/groups, IP address(es), memory, processes, files, applications, system libraries and configuration files.
+
A container (CT) is an isolated entity which works exactly like a standalone server. Containers can be rebooted independently and have root access, users/groups, IP addresses, memory, processes, files, applications, system libraries, and configuration files.
  
 
'''What is a virtual machine?'''
 
'''What is a virtual machine?'''
  
Virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both.
+
A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both.
  
 
'''What are the highlights of OpenVZ technology?'''
 
'''What are the highlights of OpenVZ technology?'''
  
OpenVZ is highly scalable virtualization technology for Linux with near-zero overhead, strong isolation and rapid customer provisioning that's ready for production use right now. Deployment of OpenVZ improves efficiency, flexibility and quality of service in the enterprise environment.
+
OpenVZ is a highly scalable virtualization technology for Linux with near-zero overhead, strong isolation and rapid customer provisioning that is ready for production use out of the box. Deployment of OpenVZ improves efficiency, flexibility, and quality of service in the enterprise environment.
  
 
'''How is OpenVZ different from other technologies?'''
 
'''How is OpenVZ different from other technologies?'''
  
Virtual Machines boot separate kernels on emulated hardware instances. OpenVZ runs all containers under a single Linux kernel. OpenVZ offers much higher density, hosting thousands of containers on a single physical server, but can only run Linux in those containers. Virtual machine solutions usually top out at a few dozen instances, but can run different operating systems in each.
+
Virtual machines boot separate kernels on emulated hardware instances. OpenVZ runs all containers under a single Linux kernel. OpenVZ offers a much higher density, enabling to host thousands of containers on a single physical server, but can only run Linux in those containers. Virtual machine solutions usually top out at a few dozen instances, but can run different operating systems in each.
  
 
'''What is the relationship between OpenVZ and LXC?'''
 
'''What is the relationship between OpenVZ and LXC?'''
  
OpenVZ develops new container technology that then goes upstream into the vanilla Linux kernel. OpenVZ has about a 5 year headstart on LXC, but is actively feeding technology upstream into vanilla containers. Several internal details currently differ (OpenVZ adds new system calls, vanilla uses the cgroups filesystem, new clone flags, and other mechanisms).
+
OpenVZ develops a new container technology that then goes upstream into the vanilla Linux kernel. OpenVZ has an about 5 year head start on LXC, but is actively feeding the technology upstream into vanilla containers. Several internal details currently differ (OpenVZ adds new system calls, vanilla uses the cgroups filesystem, new clone flags, and other mechanisms).
What applications can run inside an OpenVZ container?  
+
 
Applications and services do not have to be aware of OpenVZ, and most install without any modifications: Java, Oracle, DB/2, Weblogic, Websphere and many other big applications run just fine inside OpenVZ containers. However, direct access to hardware is not available by default; if required it must be provided by the system administrator.
+
'''What applications can run inside an OpenVZ container?'''
 +
 
 +
Applications and services do not have to be aware of OpenVZ, and most are installed without any modifications: Java, Oracle, DB/2, Weblogic, Websphere, and many other big applications run just fine inside OpenVZ containers. However, direct access to hardware is not available by default; if required it must be provided by the system administrator.
  
 
'''How scalable is OpenVZ?'''  
 
'''How scalable is OpenVZ?'''  
  
OpenVZ scales as well as Linux: we've tested 64 CPUs with 128 GB of RAM. It scales down to embedded devices like smart phones or plug computers. A single container can dynamically scale from taking a tiny fraction to all available resources, and may be adjusted without restarting it.
+
OpenVZ scales as well as Linux does: we've tested 64 CPUs with 128 GB of RAM. It scales down to embedded devices like smart phones or plug computers. A single container can dynamically scale to take from a tiny fraction to all available resources and that can be adjusted without restart.
  
 
'''How does OpenVZ improve efficiency?'''
 
'''How does OpenVZ improve efficiency?'''
  
OpenVZ improves utilization of existing hardware by increasing average load while still providing the ability to handle peak loads. When buying new servers, using a few powerful boxes instead of many little ones allows better reliability, better peak performance and typically longer lifespan.  
+
OpenVZ improves utilization of existing hardware by increasing average load while still providing the ability to handle peak loads. When buying new servers, using a few powerful boxes instead of many small ones allows better reliability, better peak performance and typically longer lifespan.
  
 
'''How does OpenVZ improve flexibility of services?'''
 
'''How does OpenVZ improve flexibility of services?'''
  
Each container is hardware independent, and can be moved to another OpenVZ-based system over the network in seconds. This eases hardware maintenance (move out all containers and do whatever you need with the box) and improves availability (keep a synchronized copy of your container elsewhere and start it up if primary service fails). When your old box can no longer cope with peak load, live migrate your containers to a new one.  
+
Each container is hardware-independent and can be moved to another OpenVZ-based system over network in seconds. This eases hardware maintenance (move out all containers and do whatever you need with the box) and improves availability (keep a synchronized copy of your container elsewhere and start it up if primary service fails). When your old box can no longer cope with peak load, you can live migrate your containers to a new one.
  
 
'''What is the performance overhead?'''  
 
'''What is the performance overhead?'''  
  
Near zero. There is no emulation layer, only security isolation and resource accounting. All checking is done in the kernel without context switching.  
+
Near zero. There is no emulation layer, only security isolation and resource accounting. All checking is done in the kernel without context switching.
  
 
'''Where do I get (or put) more answers?'''
 
'''Where do I get (or put) more answers?'''
  
 
OpenVZ wiki is your friend. See http://wiki.openvz.org/
 
OpenVZ wiki is your friend. See http://wiki.openvz.org/
 
  
 
== Use cases ==
 
== Use cases ==
Line 122: Line 127:
 
=== Server Consolidation ===
 
=== Server Consolidation ===
  
* Uniform management  
+
* Uniform management.
* Easy to upgrade from Virtuozzo OpenVZ edition to commercial Virtuozzo
+
* Easy to upgrade from Virtuozzo OpenVZ edition to the commercial Virtuozzo.
* Scalable  
+
* Scalable.
* Fast migration  
+
* Fast migration.
  
 
=== Development and Testing ===
 
=== Development and Testing ===
  
Different distros can co-exist  
+
* Different distros can co-exist.
A container can be created in a minute
+
* A container can be created in a minute.
• Can have hundreds of containers  
+
* A server can have hundreds of containers.
Cloning, snapshots, rollbacks  
+
* Cloning, snapshots, rollbacks are available.
A container is a sandbox: work/play, no fear  
+
* A container is a sandbox: one can work and play without fear.
  
 
=== Security ===
 
=== Security ===
  
* Give each app its own isolated container  
+
* Give each app its own isolated container.
* Security hole in an app will not affect others  
+
* Security hole in an app will not affect others.
* Dynamic resource management controls runaway processes
+
* Dynamic resource management controls runaway processes.
  
 
=== Hosting ===
 
=== Hosting ===
  
* Isolated users
+
* Users are isolated.
* A container is like a real server, just cheaper  
+
* A container is like a real server, just cheaper.
* Much easier to admin
+
* Much easier to administer.
 +
 
 +
=== Education ===
 +
 
 +
* Every student can have root access.
 +
* Different distributions are supported.
 +
* Low hardware requirements.
 +
 
 +
 
 +
 
  
=== Educational ===
+
Stay tuned: https://twitter.com/_openvz_
  
* Every student can have root access
+
== See also ==
* Different distributions
 
* No need for a lot of hardware
 
  
== Recently added features ==
+
* [https://github.com/fedoradesign/flock2015booklet Fedora Flock 2015 booklet]
  
* Rebased on RHEL 7 kernel
+
[[Category:Events‏‎]]
* vcmmd – Virtuozzo containers memory management daemon
+
[[Category:Design]]
* Containers CPU binding (cpumask)
 
* PCI device delegation
 
* NFS mount migration
 
* Journaled per-container quota
 
* ext4 safe writeback mode
 

Latest revision as of 11:05, 27 August 2015

Container-based virtualization for Linux. Fast, lightweight, secure. Choose three.[edit]

What is OpenVZ?[edit]

OpenVZ is a project that combines the following container virtualization technologies for Linux:

  • Virtuozzo kernel, a Linux kernel with patches that implements OpenVZ kernel functionality.
  • Management utilities, such as vzctl, for managing container life cycle.
  • Checkpoint/Restore In Userspace, or CRIU (pronounced kree-oo, IPA: /krɪʊ/, Russian: криу), is a software tool for Linux that enables you to freeze a running application (or a part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in userspace. Docker and LXC use CRIU for migrating containers between servers.
  • P.Haul is the project on top of CRIU that implements the live migration usage scenario.
  • LibCT is a container management library that provides a convenient API for front-end programs for managing the entire container life cycle.

10-year anniversary - a short history of the OpenVZ project[edit]

1999:

  • Nov 1999: SWsoft chief scientist formulates three key components of Linux containers: a set of processes with namespace isolation, a file system to share code and RAM, and isolation of resources.

2000:

  • Feb 2000: A team of five people start working on the first mockup version of Virtuozzo (namespaces, isolation, vzfs).
  • Jul 2000: A limited public beta testing starts on two public servers (Virtuozzo 0.1 and control panels). The number of VEs reaches 5000 during summer.

2002:

  • Jan 2002: SWsoft (now known as Odin) rolls out the initial release of Virtuozzo for Linux.

2005:

  • 2005: SWsoft creates the OpenVZ Project to release the core of Virtuozzo under GNU GPL.
  • 2005: SWsoft acquires a hosting/development company Express with their own containers for FreeBSD (later dropped due to a small number of clients).

2006:

  • Jan 2006: Rebase to kernel 2.6.15.
  • Oct 2006: Port to SPARC and PPC.
  • Nov 2006: Port to 2.6.18 kernel.
  • Nov 2006: Live migration capability added to OpenVZ.

2007:

  • Mar 2007: Port to RHEL5 kernel.
  • Mar 2007: Port to 2.6.20 kernel.

2008:

  • Apr 2008: Rebase to kernel 2.6.25.
  • Oct 2008: Port to ARM.

2009:

  • Aug 2009: Parallels is in Top 10 Linux kernel contributors with their patches for Linux containers. The contributions to the kernel include PID, IPC, and network namespaces, the last one being the biggest.

2011:

  • Jul 2011: Pavel Emelianov sends initial RFC and code. The idea of CRIU came up earlier when OpenVZ team realized that merging in-kernel checkpoint/restore was impossible. Re-implementing it in userspace looked crazy for everyone, Andrew Morton and Linus Torvalds included ("Some crazy russians").
  • Sep 2011: Cyrill Gorcunov makes the first commit to the CRIU project.

2012:

  • Jul 2012: CRIU v0.1 is available.
  • Oct 2012: vzctl for upstream Linux kernel is available.

2014:

  • Dec 2014: Parallels announces merging OpenVZ and Parallels Cloud Server into a single common open source codebase.

2015:

  • Apr 2015: The source code of the RHEL7-based kernel is published and kernel development process becomes open.
  • Jun 2015: The source code of most userspace utilities is published.
  • Jul 2015: A yum repository with Virtuozzo RPM packages and installation ISO image is published and regularly updated.
  • Jul 2015: Virtuozzo 7 Technical Preview - Containers is announced.

Frequently Asked Questions[edit]

What is a container (Virtual Environment, Virtual Private Server)?

A container (CT) is an isolated entity which works exactly like a standalone server. Containers can be rebooted independently and have root access, users/groups, IP addresses, memory, processes, files, applications, system libraries, and configuration files.

What is a virtual machine?

A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both.

What are the highlights of OpenVZ technology?

OpenVZ is a highly scalable virtualization technology for Linux with near-zero overhead, strong isolation and rapid customer provisioning that is ready for production use out of the box. Deployment of OpenVZ improves efficiency, flexibility, and quality of service in the enterprise environment.

How is OpenVZ different from other technologies?

Virtual machines boot separate kernels on emulated hardware instances. OpenVZ runs all containers under a single Linux kernel. OpenVZ offers a much higher density, enabling to host thousands of containers on a single physical server, but can only run Linux in those containers. Virtual machine solutions usually top out at a few dozen instances, but can run different operating systems in each.

What is the relationship between OpenVZ and LXC?

OpenVZ develops a new container technology that then goes upstream into the vanilla Linux kernel. OpenVZ has an about 5 year head start on LXC, but is actively feeding the technology upstream into vanilla containers. Several internal details currently differ (OpenVZ adds new system calls, vanilla uses the cgroups filesystem, new clone flags, and other mechanisms).

What applications can run inside an OpenVZ container?

Applications and services do not have to be aware of OpenVZ, and most are installed without any modifications: Java, Oracle, DB/2, Weblogic, Websphere, and many other big applications run just fine inside OpenVZ containers. However, direct access to hardware is not available by default; if required it must be provided by the system administrator.

How scalable is OpenVZ?

OpenVZ scales as well as Linux does: we've tested 64 CPUs with 128 GB of RAM. It scales down to embedded devices like smart phones or plug computers. A single container can dynamically scale to take from a tiny fraction to all available resources and that can be adjusted without restart.

How does OpenVZ improve efficiency?

OpenVZ improves utilization of existing hardware by increasing average load while still providing the ability to handle peak loads. When buying new servers, using a few powerful boxes instead of many small ones allows better reliability, better peak performance and typically longer lifespan.

How does OpenVZ improve flexibility of services?

Each container is hardware-independent and can be moved to another OpenVZ-based system over network in seconds. This eases hardware maintenance (move out all containers and do whatever you need with the box) and improves availability (keep a synchronized copy of your container elsewhere and start it up if primary service fails). When your old box can no longer cope with peak load, you can live migrate your containers to a new one.

What is the performance overhead?

Near zero. There is no emulation layer, only security isolation and resource accounting. All checking is done in the kernel without context switching.

Where do I get (or put) more answers?

OpenVZ wiki is your friend. See http://wiki.openvz.org/

Use cases[edit]

Server Consolidation[edit]

  • Uniform management.
  • Easy to upgrade from Virtuozzo OpenVZ edition to the commercial Virtuozzo.
  • Scalable.
  • Fast migration.

Development and Testing[edit]

  • Different distros can co-exist.
  • A container can be created in a minute.
  • A server can have hundreds of containers.
  • Cloning, snapshots, rollbacks are available.
  • A container is a sandbox: one can work and play without fear.

Security[edit]

  • Give each app its own isolated container.
  • Security hole in an app will not affect others.
  • Dynamic resource management controls runaway processes.

Hosting[edit]

  • Users are isolated.
  • A container is like a real server, just cheaper.
  • Much easier to administer.

Education[edit]

  • Every student can have root access.
  • Different distributions are supported.
  • Low hardware requirements.



Stay tuned: https://twitter.com/_openvz_

See also[edit]