OpenVZ7 or LXC
As the title says, I know there are plenty of such topics online, but those arr mostly old.
I believe lxc has very much evolved these years, with few people using it for production, so anything you can say about it, performance , resource-overhead etc.
Maybe providers who do LXC can throw some light
Also, lets add a poll.
ovz or lxc
- What one would you prefer?25 votes
- OVZ748.00%
- LXC52.00%
Comments
Well, I believe Proxmox uses LXC now, and it's a well-respected software, all things considered. I believe OpenNebula uses LXC based containers by default, although I believe some providers use OpenVZ on it too.
LXC isn't really designed for multi-tenant environments (read: hosting), unlike OpenVZ.
HostUS | OpenVZ & KVM VPS in 10 worldwide locations with our own Breeze Panel!
Thanks for your comment @AlexanderM! I'm trying to understand more about LXC and OpenVZ. Could you or anybody else please explain in a little more detail?
What features need to be added to LXC to make it suitable for multi-tenant?
Is there something about the needed features such that they would not play well with LXC's fundamental design dependencies such as the Linux kernel's cgroups and namespaces?
By what method does OpenVZ provide the needed features which are missing from LXC?
Thanks in advance for any help! Best wishes from Mexico!
MetalVPS
Well, every OpenVZ container runs as root.
LXC supports unprivileged containers, means if someone manages to break out, on OpenVZ you would end up on the root account.
On LXC you just end up on an unprivileged account.
Plus, OVZ7 uses 3.x kernel, LXC uses 5.4+ which support Docker etc.
Free NAT KVM | Free NAT LXC
Speaking from a distance, my understanding is that LXC uses (can use) a standard kernel, whereas OpenVZ requires a modified kernel (which in practice is a modified RHEL/CentOS kernel). Other things being equal, this is a big advantage of LXC over OpenVZ.
At the same time, some providers (appear to) believe that the insulation of OpenVZ containers from one another is (used to be?) more complete than that of LXC containers, which (if true) makes OpenVZ the more appropriate choice for hosting providers. But at this point, the question becomes very technical.
"A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)
As @Neoon said, lxc has unprivileged system, so lxc containers r much isolated compared to openvz. (?)
https://webhorizon.net
You can run them unprivileged or privileged.
The support for unprivileged got better, works fine for microLXC so far.
But there are still some differences, between OVZ and LXC insulation.
Free NAT KVM | Free NAT LXC
The images with the captions are hilarious!
MetalVPS