Gena Makhomed
2021-Jan-26 16:12 UTC
[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers
On 26.01.2021 0:05, Scott Dowdle wrote:>> OpenVZ 7 has no updates, and therefore is not suitable for production.> The free updates lag behind the paid Virtuozzo 7 version and plenty of people are using it in production. I'm not one of those.See all released OpenVZ 7 updates: http://ftp.netinch.com/pub/openvz/virtuozzo/releases/ Lag between two serial updates can be up to 4-5 month. OpenVZ 7 has many other disadvantages, so I can't use it for production.>> LXC/LXD is the same technology, as I understand from linuxcontainers.org> LXD is a management layer on top of it which provides for easy clustering and even managing VMs. I think it is the closest thing to vzctl/prlctl from OpenVZ."Yes, you could use LXC without LXD. But you probably would not want to. On its own, LXC will give you only a basic subset of features. For a production environment, you?ll want to use LXD".>> podman can't be a replacement for OpenVZ 6 / systemd-nspawn because >> it destroys the root filesystem on the container stop, and all >> changes made in container configs and other container files will be lost. >> This is a nightmare for the website hosting server with containers.> No, it does NOT destroy the delta disk (that's what I call where changes are stored) upon container stop and I'm not sure why you think it does. You can even export a systemd unit file to manage the container as a systemd service or user service. volumes are a nice way to handle persistence of data if you want to nuke the existing container and make a new one from scratch without losing your data. While it is true you have to approach the container a little differently, podman systemd containers are fairly reasonable "system containers".podman is replacement for Docker, it is not replacement for OpenVZ 6 containers. I have containers with 1.6 TiB of valuable data - podman not designed to work in this mode and in such conditions. So I have only two alternatives for OS-level virtualization: LXC or systemd-nspawn. -- Best regards, Gena
Scott Dowdle
2021-Jan-26 16:41 UTC
[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers
Greetings, ----- Original Message -----> > LXD is a management layer on top of it which provides for easy > > clustering and even managing VMs. I think it is the closest thing > > to vzctl/prlctl from OpenVZ. > > "Yes, you could use LXC without LXD. But you probably would not want to. > On its own, LXC will give you only a basic subset of features. > For a production environment, you?ll want to use LXD".Have you tried LXD? Again, I'd only recommend it on Ubuntu LTS and I believe your target is CentOS so that is probably why you are excluding it, eh?> podman is replacement for Docker, > it is not replacement for OpenVZ 6 containers.Docker definitely targets "Application Containers"... with one service per container. podman says they can also do "System Containers" by running systemd as the entry point. Of course the vast majority of pre-made container images you'll find in container image repositories aren't built for that, but you can use distro provided images and build a system container image out of them. I have a simple recipe for Fedora, CentOS, and Ubuntu. I don't know how many people are using podman in this capacity yet, and I don't know if it is mature or not for production... but the limited testing I've done with it, has worked out fairly well... using Fedora or CentOS Stream 8 as the host OS... and yes, even running the container as a regular user after doing: setsebool -P container_manage_cgroup on Yes, podman does still use it's own private network addressing, but I guess that can be overcome by telling it to use the host network. I haven't tried that. Not exactly like OpenVZ's container networking for sure.> I have containers with 1.6 TiB of valuable data - podman > not designed to work in this mode and in such conditions.Persistent data really isn't an issue. You just have to understand how it works. Plenty of people run long-term / persistent-data Docker and podman containers... although granted, most folks say if you are using persistent data containers, you are doing it wrong. I guess I prefer to do it wrong. :)> So I have only two alternatives for OS-level virtualization: > LXC or systemd-nspawn.If CentOS is your target host, I'd guess that neither of those really are a good solutions... simply because they aren't supported and upstream doesn't care about anything other than podman for containers. LXC varies from one distro to the next... with different kernels, and different versions of libraries and management scripts. Again, LXD on an Ubuntu LTS host is probably the most stable... with Proxmox VE as a close second. Both of those upstreams care about system containers and put in a lot of effort to make it work. Good luck. TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work]