thr3ads.net - CentOS virt - [CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers [Jan 2021]

If this information is useful, please help other people find it:
Share via:

Scott Dowdle

2021-Jan-25 20:24 UTC

[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers

Greetings,

----- Original Message -----> I found only two possible free/open source alternatives for OpenVZ 6:
> 
> - LXC
> - systemd-nspawn
Some you seem to have overlooked?!?

1) OpenVZ 7
2) LXD from Canonical that is part of Ubuntu
3) podman containers with systemd installed (set /sbin/init as the entry point)

I use LXC on Proxmox VE (which I guess should be #4 above) some although I
primarily use it for VMs.

Oh, LXD is supposedly packaged for other distros but given that they aren't
much into SELinux and they are into snaps, I'd not really recommend it
outside of Ubuntu.

TYL,
-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]

Gena Makhomed

2021-Jan-25 21:28 UTC

head link

[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers

On 25.01.2021 22:24, Scott Dowdle wrote:
>> I found only two possible free/open source alternatives for OpenVZ 6:
>>
>> - LXC
>> - systemd-nspawn
> Some you seem to have overlooked?!?
> 
> 1) OpenVZ 7
> 2) LXD from Canonical that is part of Ubuntu
> 3) podman containers with systemd installed (set /sbin/init as the entry
point)
OpenVZ 7 has no updates, and therefore is not suitable for production.

LXC/LXD is the same technology, as I understand from linuxcontainers.org

podman can't be a replacement for OpenVZ 6 / systemd-nspawn because
it destroys the root filesystem on the container stop, and all changes
made in container configs and other container files will be lost.
This is a nightmare for the website hosting server with containers.

systemd-nspawn probably is the best fit for my tasks.
But systemd-nspawn also have some major disadvantages
in the current RHEL-stable and RHEL-beta versions:

https://bugzilla.redhat.com/show_bug.cgi?id=1913734

https://bugzilla.redhat.com/show_bug.cgi?id=1913806

Answering to your previous question:

 > in the reproduction steps, disabling SELinux is a step?

SELinux must be disabled, because if SELinux is enabled
- it prevents systemd-nspawn containers from starting.

SELinux permissive mode is useless because it consumes
more resources compared to completely disabled SELinux.

-- 
Best regards,
  Gena

CentOS virt - Jan 2021 - OS-level virtualization using LXC and systemd-nspawn containers

[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers

[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers