Greetings, ----- Original Message ----- > I have need to implement operating system level virtualization > to isolate a application on RHEL 5.5. Which one in following you would > suggest me for implementation > Linux-VServer, lxc, OpenVZ or anyone else.
I'm a big OpenVZ person myself and have been using it for close to 5 years now... and my primary distro of choice for the host node is either RHEL or CentOS... mainly because the two OpenVZ stable branches are based on RHEL kernels. LXC definitely shows potential but you'll have to wait for RHEL 6 to use it... or use some other distro with a newer kernel that has LXC support and tools packaged up. Fedora and Ubuntu seem to be leading the way with LXC even though they aren't trying very hard. At least they package the tools. LXC is mainly painful because it lacks a comprehensive admin tool like OpenVZ's vzctl. I haven't used LXC much so I am NOT speaking from experience but from what little information I've gathered reading the LXC user mailing list. I think LXC is definitely the future of containers (aka OS Virtualization) because: 1) It is in the mainline kernel, and 2) Neither OpenVZ nor Linux-VServer have any plans of ever going to the mainline. Just how long it will take LXC to mature or a vzctl type app to appear for it, I don't know. LXC may languish for yet another few years unless someone in the distro community starts showing it some love. Linux-VServer is good too but I'm less familiar with it. One thing to point out though is that OpenVZ (and Linux-VServer so far as I know) does not work with SELinux. It might in fact be compatible with SELinux BUT the install / configuration instructions for OpenVZ say to disable it. I'm not sure if that is mainly because they don't want to have to support that configuration... or if life would be good if there was an OpenVZ specific SELinux policy created. In any event, it really depends on what it is you are wanting to do with the OS Virt isolation. It may be that simply chroot'ing and using SELinux would work well enough... but if you have more advanced needs (resource limits, checkpointing, isolated network stack, etc) OpenVZ would be a better fit. Some might say that it would be better to use hardware virtualization like Xen paravirt because it has some advantages over OS Virt... like being able to run different kernels... and with fully virtualized, different OSes. Again, it all depends on what you are trying to do. OS Virtualization definitely has benefits in density and scalability... and to a lesser degree performance... but it isn't right for everything... which is why having all of these different solutions is good... as they all have their own strengths and weaknesses. If you decide you want to check out OpenVZ, I recommend you read the OpenVZ Users Guide (a bit dated but still good - http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf), the Quick Install Guide (http://wiki.openvz.org/Quick_installation), and / or the CentOS Howto (http://wiki.centos.org/HowTos/Virtualization/OpenVZ). I wrote the later. And finally, one last OpenVZ related resource, the #openvz IRC channel on Freenode. I'm there most of the time during MST work hours. TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work] _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
