[clug] Virtual Machines
Tony Lewis
gnutered at yahoo.com.au
Tue Sep 4 10:04:30 GMT 2007
Brett Worth wrote:
> I'm looking at aggregating some servers into a single virtualised
> host. So far I've done some experimentation with Xen and it seems to
> work pretty well. Rather than just forge ahead I thought I'd have a
> play with KVM but before I do I thought I'd prod the list for
> opinions.
>
I've been bitten with the virtualisation bug for the last year or so.
My sweet spot at the moment is Xen + Linux-Vservers, The best bit is
that Debian etch has a kernel and userland tools that have both. So no
patching or compiling required.
Vservers are very lightweight - everything runs under the one kernel,
but have isolated process spaces, file systems, and IP addresses, so for
the most part they are blissfully unaware of each other. A modest
machine can run a dozen vservers without struggling. I use these when I can
Xen has "stronger" virtualisation. It virtualises networking more, and
each instance runs its own kernel, so intuitively there is more
overhead. I hear reports it's in the order of 2-5%, so it's not
crippling. Thus you get things like different internal clocks. If you
have a VT-enabled processor, you can reportedly run non-modified guest
OSes, namely Windows. I haven't tried it.
The userland tools for both are nice. The Debian Xen userland tools in
particular are great, IMO.
Now, combine good userland tools with a local package repository, or
apt-cacher, and you can whip up a new vserver in a couple of minutes,
test out your idea, and then delete it again. A couple of scripts to
customise your template guests, and the whole process is delightfully
pain-free.
Now for the compromises:
* watch out for disk I/O. If I run a "cp" command in one vserver,
another vserver (happens to be a busy web server) crawls.
* you can't have per-vserver firewalls, but shorewall maps well to
managing vserver guests. I believe per-guest packet filtering in
Xen is OK
* Vservers guests have no 127.0.0.1 each (it's snaffled by the host)
so any application that tries to bind to 127.0.0.1 will fail
* Xen won't play well with VMware, and I suspect Xen won't play well
with OpenVZ. Vservers play well with VMware, not sure about
OpenVZ. Personally, at the moment, I need VMware more than I need
Xen, so I use a vserver-only kernel, and run VMware in a vserver guest
* if you use Xen, you need to use a modern distro - nothing earlier
than etch or edgy. This is because you need a Xen-ised libc6, or
you'll be forever deleting /lib/tls in your guests
HTH
Tony
More information about the linux
mailing list