Difference between revisions of "Vzctl for upstream kernel"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(enlarge, split into more sections)
(rename article)
(31 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Warning| Running vzctl on upstream kernels is considered an experimental feature.}}
+
{{DISPLAYTITLE: vzctl for upstream kernel}}
  
With this release vzctl tool is expected to run with Upstream Linux kernels. At the moment, it provides just basic functionality.
+
'''This article describes using OpenVZ tool vzctl as an alternative to LXC tools.'''
It is currently possible to create and start a container with the same steps as one would use for a normal OpenVZ container. Other functionality may be present with limited functionality, while some are not present at all.
+
 
 +
Recent vzctl releases (starting from version 4.0) can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality.
 +
It is currently possible to create, start and stop a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all. We appreciate all bug reports, please file to [http://bugzilla.openvz.org/enter_bug.cgi?component=vzctl bugzilla].
 +
 
 +
Running vzctl on upstream kernels is considered an experimental feature. See [[#Limitations]] below.
 +
 
 +
== Installation ==
 +
 
 +
{{Note|This section describes installation for RPM-based distros. See [[#Building]] below if you want to compile vzctl from source.}}
 +
 
 +
First, set up OpenVZ yum repository. Download [[download:openvz.repo|openvz.repo]] file and put it to your <code>/etc/yum.repos.d/</code> repository,
 +
and import OpenVZ GPG key used for signing RPM packages. This can be achieved by the following commands, as root:
 +
<pre><nowiki>
 +
wget -P /etc/yum.repos.d/ http://download.openvz.org/openvz.repo
 +
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
 +
</nowiki></pre>
 +
In case you can not cd to /etc/yum.repos.d, it means either yum is not installed on your system, or yum version is too old.
 +
 
 +
Then, install vzctl-core package:
 +
 
 +
yum install vzctl-core
 +
 
 +
== Usage ==
 +
 
 +
For supported features, usage is expected to be the same as standard vzctl tool. See {{man|vzctl|8}} for more information.
 +
 
 +
=== Networking ===
 +
{{Note|IP mode networking (--ipadd / --ipdel) is currently not supported}}
 +
 
 +
Networking is available through the switches <code>--netdev_add</code>, <code>--netif_add</code>, and their respective deletion counterparts.
 +
Unfortunately now it requires some manual configuration.
 +
 
 +
== Bridged networking ==
 +
 
 +
The following example assumes
 +
* you already have a bridge configured on the host system
 +
* bridge interface name is virbr0
 +
* CT is running Red Hat like distro (CentOS)
 +
 
 +
vzctl set $CTID --netif_add eth0,,,,virbr0 --save
 +
 
 +
echo "NETWORKING=yes" > /vz/private/$CTID/etc/sysconfig/network
 +
 
 +
cat << EOF > /vz/private/$CTID/etc/sysconfig/network-scripts/ifcfg-eth0
 +
DEVICE=eth0
 +
BOOTPROTO=dhcp
 +
ONBOOT=yes
 +
EOF
 +
 
 +
vzctl start $CTID
 +
 
 +
After this, you can find CT IP using this:
 +
# ip netns exec $CTID ip address list
  
 
== Limitations ==
 
== Limitations ==
The following vzctl commands are not working at all:
 
* <code>quotaon</code>/<code>quotaoff</code>/<code>quotainit</code> (vzquota-specific)
 
* <code>convert</code>, <code>compact</code>, <code>snapshot*</code> (ploop-specific)
 
* <code>console</code> (need a virtual /dev/console, /dev/ttyN device)
 
* <code>enter</code>, <code>exec</code> and <code>runscript</code> (need pidns entering support)
 
* <code>chkpnt</code>, <code>restore</code> (currently need OpenVZ-kernel-specific checkpointing, [http://crui.org/ CRIU] will be supported later)
 
 
The following commands have severe limitations:
 
* <code>stop</code>. A container can be stopped from inside (say if one is connected to CT over ssh) in case the underlying kernel supports rebooting a PID namespace (> 3.4). Using vzctl, the "stop" command is not supported, unless accompanied by the --fast switch, which will simply forceably kill all processes in the container.
 
  
Software that depend on information supplied by the proc filesystem may not work correctly, since there is not a full solution for full /proc virtualization. For instance, /proc/stat is not yet virtualized, and top will show distorted values.
+
{{Note|We recommend using [[Download/kernel/rhel6|OpenVZ kernel]] for features, stability and security}}
  
Setting resources like --physpages and --cpuunits work, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:
+
The following vzctl commands are not working at all with the non-OpenVZ kernel:
** cpu.cfs_quota_us
 
** cpu.shares
 
** cpuset.cpus
 
** memory.limit_in_bytes
 
** memory.memsw.limit_in_bytes
 
** memory.kmem.limit_in_bytes
 
** memory.kmem.tcp.limit_in_bytes
 
  
=== Other binaries ===
+
* <code>quotaon</code>/<code>quotaoff</code>/<code>quotainit</code> (vzquota-specific)
 +
* <code>convert</code>, <code>compact</code>, <code>snapshot*</code> (ploop-specific)
 +
* <code>console</code> (needs a virtual /dev/console, /dev/ttyN device)
 +
* <code>chkpnt</code>, <code>restore</code> (currently need OpenVZ-kernel-specific checkpointing, [http://criu.org/ CRIU] will be supported later)
  
Pretty much everything else other than vzctl is not working. That includes:
+
The following binaries are not ported to work on top of upstream kernel:
 
* vzlist
 
* vzlist
 
* vzcalc
 
* vzcalc
Line 40: Line 79:
 
* vzubc
 
* vzubc
  
== Building and using ==
+
=== /proc and /sys ===
 +
Software that depend on information supplied by the proc filesystem may not work correctly, since there is not a full solution for full /proc virtualization. For instance, /proc/stat is not yet virtualized, and top will show distorted values.
 +
 
 +
=== Resource management ===
 +
 
 +
With non-OpenVZ kernel, setting resources like <code>--ram</code> and <code>--cpuunits</code> works, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:
 +
* cpu.cfs_quota_us
 +
* cpu.shares
 +
* cpuset.cpus
 +
* memory.limit_in_bytes
 +
* memory.memsw.limit_in_bytes
 +
* memory.kmem.limit_in_bytes
 +
* memory.kmem.tcp.limit_in_bytes
 +
 
 +
== Building ==
  
Upstream support is not enabled by default. To build it into vzctl, one needs to specify the <code>--with-cgroup</code> switch to <code>configure</code>:
+
In case you don't want to use packages provided by OpenVZ (available from [[Download/vzctl]]), but rather would like to compile vzctl from sources, read on.
  
  $ ./configure --with-cgroup --without-ploop
+
=== Dependencies ===
  
plus, of course, any other relevant options. Minimum versions for depencies is:
+
The following software needs to be installed on your system:
  
 
* iproute2 >= 3.0.0 (runtime only)
 
* iproute2 >= 3.0.0 (runtime only)
* libcg >= 0.38
+
* libcgroup >= 0.38
 +
 
 +
=== Download ===
 +
 
 +
You can get the latest released version from [[Download/vzctl/{{Latest vzctl}}#sources]] or directly from [[download:utils/vzctl/current/src/]].
 +
 
 +
If you are living on the bleeding edge, get vzctl sources from git. Then run autogen.sh to recreate auto* files:
 +
 
 +
git clone <nowiki>https://src.openvz.org/scm/ovzl/vzctl.git</nowiki>
 +
cd vzctl
 +
./autogen.sh
 +
 
 +
=== Compile ===
 +
 
 +
Usual <code>./configure && make</code> should do. But you probably want to specify more options. It makes sense to:
 +
 
 +
* enable cgroup support
 +
* add <code>--without-ploop</code> (unless you want [[ploop]] compiled it) because otherwise you will need ploop lib headers (available from [[Download/ploop]]).
 +
* enable bash completion support
 +
* set prefix to /usr
 +
 
 +
See <code>./configure --help</code> output for more details and options available.
 +
 
 +
So, the command will look like:
 +
 
 +
$ ./configure --with-cgroup --without-ploop --enable-bashcomp --prefix=/usr
 +
$ make -j4
 +
 
 +
=== Install ===
 +
 
 +
# make install
 +
 
 +
vzctl is also bundled in some Linux distributions, so you can install vzctl using native distro tools (i.e. your package manager):
 +
 
 +
* vzctl in [https://launchpad.net/ubuntu/+source/vzctl Ubuntu Linux] [https://help.ubuntu.com/community/OpenVZ Description]
 +
* vzctl-core in [https://apps.fedoraproject.org/packages/vzctl-core Fedora Linux] [https://fedoraproject.org/wiki/QA:Testcase_vzctl_base Description]
 +
* sys-cluster/vzctl in [http://packages.gentoo.org/package/sys-cluster/vzctl Gentoo Linux]
 +
* vzctl in [https://packages.debian.org/search?keywords=vzctl Debian Linux]
 +
 
 +
 
 +
== Known issues and workarounds ==
 +
 
 +
=== A container doesn't boot and udevd is in a process list ===
 +
udev doesn't work, because <code>uevent</code>s are not virtualized yet. If you don't know how to disable it, you can remove the udev package.
 +
 
 +
=== <code>vzctl enter</code> doesn't work ===
 +
 
 +
You see this when trying to use <code>vzctl enter</code>:
 +
 
 +
Unable to open pty: No such file or directory
  
For supported features, usage is expected to be the same as standard vzctl tool.
+
If a CT is executed in a user namespace, devpts must be mounted with the newinstance option. You can add this option in container's <code>/etc/fstab</code> file.
  
== Networking ==
+
== See also ==
Networking is available through the switches --netdev_add, --netif_add, and their respective deletion counterparts.
 
  
IP mode networking (--ipadd / --ipdel) is currently not supported.
+
* [[OpenVZ with upstream kernel]]

Revision as of 14:23, 22 June 2015


This article describes using OpenVZ tool vzctl as an alternative to LXC tools.

Recent vzctl releases (starting from version 4.0) can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality. It is currently possible to create, start and stop a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all. We appreciate all bug reports, please file to bugzilla.

Running vzctl on upstream kernels is considered an experimental feature. See #Limitations below.

Installation

Yellowpin.svg Note: This section describes installation for RPM-based distros. See #Building below if you want to compile vzctl from source.

First, set up OpenVZ yum repository. Download openvz.repo file and put it to your /etc/yum.repos.d/ repository, and import OpenVZ GPG key used for signing RPM packages. This can be achieved by the following commands, as root:

wget -P /etc/yum.repos.d/ http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

In case you can not cd to /etc/yum.repos.d, it means either yum is not installed on your system, or yum version is too old.

Then, install vzctl-core package:

yum install vzctl-core

Usage

For supported features, usage is expected to be the same as standard vzctl tool. See vzctl(8) for more information.

Networking

Yellowpin.svg Note: IP mode networking (--ipadd / --ipdel) is currently not supported

Networking is available through the switches --netdev_add, --netif_add, and their respective deletion counterparts. Unfortunately now it requires some manual configuration.

Bridged networking

The following example assumes

  • you already have a bridge configured on the host system
  • bridge interface name is virbr0
  • CT is running Red Hat like distro (CentOS)
vzctl set $CTID --netif_add eth0,,,,virbr0 --save
echo "NETWORKING=yes" > /vz/private/$CTID/etc/sysconfig/network
cat << EOF > /vz/private/$CTID/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
EOF
vzctl start $CTID

After this, you can find CT IP using this:

# ip netns exec $CTID ip address list

Limitations

Yellowpin.svg Note: We recommend using OpenVZ kernel for features, stability and security

The following vzctl commands are not working at all with the non-OpenVZ kernel:

  • quotaon/quotaoff/quotainit (vzquota-specific)
  • convert, compact, snapshot* (ploop-specific)
  • console (needs a virtual /dev/console, /dev/ttyN device)
  • chkpnt, restore (currently need OpenVZ-kernel-specific checkpointing, CRIU will be supported later)

The following binaries are not ported to work on top of upstream kernel:

  • vzlist
  • vzcalc
  • vzcfgvalidate
  • vzcpucheck
  • vzmemcheck
  • vzmigrate
  • vzeventd
  • vzpid
  • vzsplit
  • vzubc

/proc and /sys

Software that depend on information supplied by the proc filesystem may not work correctly, since there is not a full solution for full /proc virtualization. For instance, /proc/stat is not yet virtualized, and top will show distorted values.

Resource management

With non-OpenVZ kernel, setting resources like --ram and --cpuunits works, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:

  • cpu.cfs_quota_us
  • cpu.shares
  • cpuset.cpus
  • memory.limit_in_bytes
  • memory.memsw.limit_in_bytes
  • memory.kmem.limit_in_bytes
  • memory.kmem.tcp.limit_in_bytes

Building

In case you don't want to use packages provided by OpenVZ (available from Download/vzctl), but rather would like to compile vzctl from sources, read on.

Dependencies

The following software needs to be installed on your system:

  • iproute2 >= 3.0.0 (runtime only)
  • libcgroup >= 0.38

Download

You can get the latest released version from Download/vzctl/4.11.1#sources or directly from download:utils/vzctl/current/src/.

If you are living on the bleeding edge, get vzctl sources from git. Then run autogen.sh to recreate auto* files:

git clone https://src.openvz.org/scm/ovzl/vzctl.git
cd vzctl
./autogen.sh

Compile

Usual ./configure && make should do. But you probably want to specify more options. It makes sense to:

  • enable cgroup support
  • add --without-ploop (unless you want ploop compiled it) because otherwise you will need ploop lib headers (available from Download/ploop).
  • enable bash completion support
  • set prefix to /usr

See ./configure --help output for more details and options available.

So, the command will look like:

$ ./configure --with-cgroup --without-ploop --enable-bashcomp --prefix=/usr 
$ make -j4

Install

# make install

vzctl is also bundled in some Linux distributions, so you can install vzctl using native distro tools (i.e. your package manager):


Known issues and workarounds

A container doesn't boot and udevd is in a process list

udev doesn't work, because uevents are not virtualized yet. If you don't know how to disable it, you can remove the udev package.

vzctl enter doesn't work

You see this when trying to use vzctl enter:

Unable to open pty: No such file or directory

If a CT is executed in a user namespace, devpts must be mounted with the newinstance option. You can add this option in container's /etc/fstab file.

See also