Pros and cons for OpenVZ 7 as compared to KVM

2»

Comments

  • flipsflips OG
    edited December 2019

    Hm, @WSS ... Care to define what characterizes a pig kernel? :lol:
    Maybe pig = messy kernel? :) I usually use the advanced debian installer option, since I have some options to build more targeted boot image and such ... :) I guess I should use the same with KVM VPS installs...

  • DanielDaniel OG
    edited December 2019

    Anotger thing I forgot to mention that I really dislike about OpenVZ is its handling of CPU cores. On a VPS, when you ask how many CPUs the system has using the glibc sysconf(_SC_NPROCESSORS_ONLN) function, it returns the right number of virtual CPUs, but when you ask it which CPU the current thread is executing on using sched_getcpu, it returns the actual real CPU ID. So on a VPS that doesn't use CPU affinity, you code can be running on "CPU #3" (for example) on a VPS with just one virtual CPU. Great, thanks OpenVZ. There's leaky abstractions like that all over the place, where they only override some syscalls but not all of them.

    This is not a problem on KVM, of course, as the kernel isn't virtualized.

    @WSS said: OpenVZ 6 with the 2.3.32-stab13x(something) backported some ctls used by systemd so Ubuntu 18 would work. As well, if you use KernelCare/kpatch, you will often get security, and firmware updates.

    Sure, but it's just security updates and a few necessary updates, right? That still means you're missing out on most of the new features. For example, PSI was only added in 4.20.

    Thanked by (1)flips
  • WSSWSS Retired

    @flips said:
    Hm, @WSS ... Care to define what characterizes a pig kernel? :lol:

    It's fat, and wasteful.

    @Daniel said:
    Sure, but it's just security updates and a few necessary updates, right? That still means you're missing out on most of the new features. For example, PSI was only added in 4.20.

    "Just enough to make it work", essentially. Rarely more. They're not going to add what the userland doesn't require. OpenVZ is a reactionary hypervisor- when stuff breaks they'll look into implementing what's required, rather than, you know, ensuring the system works. As you've witnessed yourself, OpenVZ does some really bizarre things, and I can't say I'm a fan.

    Thanked by (1)flips

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • @WSS said: OpenVZ does some really bizarre things, and I can't say I'm a fan.

    So, you won't be joining my OpenVZ Fan Boys Discord?!? :p :lol: ... (Ok, I'll go to bed now.) :#

  • @WSS said: "Just enough to make it work", essentially. Rarely more. They're not going to add what the userland doesn't require. OpenVZ is a reactionary hypervisor- when stuff breaks they'll look into implementing what's required, rather than, you know, ensuring the system works.

    And I think the only reason they can even have that low level of support is thanks to paid Virtuozzo users. If Virtuozzo disappeared, OpenVZ would die along with it. I doubt any other company would pick up OpenVZ dev given there's so many other choices these days.

    Thanked by (1)WSS
  • WSSWSS Retired

    @Daniel said:
    I doubt any other company would pick up OpenVZ dev given there's so many other choices these days.

    As do I. The way that it works by repatching the kernel for every major revision, and the fact it is now two major builds behind doesn't really ingratiate itself with those of us who would/will/do have to support these products. Although emulating the complete hardware stack is a bit excessive in many cases, having to rely on out-of-band kernel patches which are then patched by yet another third party, well.. don't even get me started about having to maintain in-house drivers on top of these two stacks.

    I really wish it would just fucking die.

    Thanked by (1)Daniel

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • Hm, VSwap, I see I have 0 KB in my SolusVM panel ...
    This is something that's defined in the host/hypervisor?
    Or just what I do swapon inside my container/VM? :)

    (Or does it have to be defined outside my VM, since it's a shared kernel?) B)

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @flips said:
    Hm, VSwap, I see I have 0 KB in my SolusVM panel ...
    This is something that's defined in the host/hypervisor?
    Or just what I do swapon inside my container/VM? :)

    (Or does it have to be defined outside my VM, since it's a shared kernel?) B)

    If its one of the NAT services that is because they dont come with any swap.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said: If its one of the NAT services that is because they dont come with any swap.

    I figured that might be the case. I'm just curious. :) So with OVZ, I can't just set swapon inside the container?

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @flips said:

    @AnthonySmith said: If its one of the NAT services that is because they dont come with any swap.

    I figured that might be the case. I'm just curious. :) So with OVZ, I can't just set swapon inside the container?

    Nope, it is managed from the host node.

    Thanked by (1)flips

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • flipsflips OG
    edited March 2020

    To follow up my own question/comments in The Cest Pit, it seems that, even though iptables-legacy and nft both use the netfilter layer in the kernel, nft won't work properly on OpenVZ 7 (tested with Debian 10).

    When trying to add rules, getting:
    Error: Could not process rule: Operation not supported

    I'm guessing the issue would be the nft_ct and nft_counter kernel modules (and maybe others).
    So for now running iptables-legacy and Ferm for firewall on OVZ. :)

    Thanked by (1)artem
Sign In or Register to comment.