Gena Makhomed
2021-Jan-25 21:28 UTC
[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers
On 25.01.2021 22:24, Scott Dowdle wrote:>> I found only two possible free/open source alternatives for OpenVZ 6: >> >> - LXC >> - systemd-nspawn> Some you seem to have overlooked?!? > > 1) OpenVZ 7 > 2) LXD from Canonical that is part of Ubuntu > 3) podman containers with systemd installed (set /sbin/init as the entry point)OpenVZ 7 has no updates, and therefore is not suitable for production. LXC/LXD is the same technology, as I understand from linuxcontainers.org podman can't be a replacement for OpenVZ 6 / systemd-nspawn because it destroys the root filesystem on the container stop, and all changes made in container configs and other container files will be lost. This is a nightmare for the website hosting server with containers. systemd-nspawn probably is the best fit for my tasks. But systemd-nspawn also have some major disadvantages in the current RHEL-stable and RHEL-beta versions: https://bugzilla.redhat.com/show_bug.cgi?id=1913734 https://bugzilla.redhat.com/show_bug.cgi?id=1913806 Answering to your previous question: > in the reproduction steps, disabling SELinux is a step? SELinux must be disabled, because if SELinux is enabled - it prevents systemd-nspawn containers from starting. SELinux permissive mode is useless because it consumes more resources compared to completely disabled SELinux. -- Best regards, Gena
Scott Dowdle
2021-Jan-25 22:05 UTC
[CentOS-virt] OS-level virtualization using LXC and systemd-nspawn containers
Greetings, ----- Original Message -----> OpenVZ 7 has no updates, and therefore is not suitable for > production.The free updates lag behind the paid Virtuozzo 7 version and plenty of people are using it in production. I'm not one of those.> LXC/LXD is the same technology, as I understand from > linuxcontainers.orglinuxcontainers.org is owned by Canonical and yes it documents LXC... but LXD is a management layer on top of it which provides for easy clustering and even managing VMs. I think it is the closest thing to vzctl/prlctl from OpenVZ.> podman can't be a replacement for OpenVZ 6 / systemd-nspawn because > it destroys the root filesystem on the container stop, and all > changes made in container configs and other container files will be lost. > This is a nightmare for the website hosting server with containers.No, it does NOT destroy the delta disk (that's what I call where changes are stored) upon container stop and I'm not sure why you think it does. You can even export a systemd unit file to manage the container as a systemd service or user service. volumes are a nice way to handle persistence of data if you want to nuke the existing container and make a new one from scratch without losing your data. While it is true you have to approach the container a little differently, podman systemd containers are fairly reasonable "system containers". TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work]