Re: [Users] linux-2.6.20-openvz tree
Carl-Daniel Hailfinger wrote: On 22.03.2007 16:59, Kirill Korotaev wrote: Speaking about upstream merges: there are 2 network virtualization implementations currently exist. I'm not sure how much time it will take to merge this work, it is very much depends on netdev@ maintainers. Maybe 2-3 month. OK, so the target is 2.6.22 or 2.6.23, if the usual time between releases is used as a basis for the estimation. Why are you interested in that? Do you want to use some particular feature? Yes. I currently use Linux policy routing for ONE machine performing double/triple/... NAT. Many people state that this is impossible, but it works fine unless two connections from the different subnets have identical 5-tuples. In that case, the connection tracking code gets confused. Unfortunately, the 5-tuple used by connection tracking and NAT has no means to incorporate the NF mark, so I hope I can use different containers for that. However, last time I checked, all network virtualization attempts did NOT consider one aspect I consider important for double NAT and virtual routers: Efficiency. Once I use virtualization, I am constrained to virtual network interfaces and suffer the overhead of multiple routing/bridging decisions for one packet. It would be great if I could make physical interfaces accessible in a VE without resorting to bridging or routing. For example, move eth0 and eth1 to one VE, eth2 and eth3 to another VE and keep eth4 under control of the HN. This was possible for years in OpenVZ: man vzctl http://openvz.org/documentation/mans/vzctl.8 Network devices control parameters --netdev_add name move network device from VE0 to a specified VE --netdev_del name delete network device from a specified VE this is exactly the thing you are talking about: you can move eth0 and eth1 to one VE, eth2 and eth3 to another VE and keep eth4 to HN. And sure, this removes overhead of virtual network devices, additional routing/bridging etc. At the same time you can use separate NAT/firewall,routing,arp tables inside each VE. Isn't it the thing you want? I admit that most of this can be done with policy routing and NF marks, but connection tracking cares about neither of them. Regards, Kirill ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
Darryl Ross wrote: I've not been able to get migrations working in openvz at all. Care to file a bug report (or two) to bugzilla.openvz.org? I just end up using the same process I use under linux-vserver to migrate guests between machines: rsync once, rsync a second time (to reduce the time stopped), stop the guest, resync a third time, start guest on new host. This is basically what vzmigrate script does (well, there's no intermediate rsync, but it can be added quite easily. I also have some other issues with openvz as well. One is related to the resource limits -- every guest I've built I've had to play with the limits to get the software I need to run. The defaults just don't seem usable. Perhaps those defaults are better suited for a lot of tiny/lightweight VEs. If your VEs are relatively large, I suggest you to either use vzsplit utility to generate an initial config, OR use something like example C from http://wiki.openvz.org/UBC_configuration_examples_table On the other side, the problem with linux-vserver is by default a guest (a VE) is NOT limited, which means you can not give it to an untrusted party without doing some additional work. The OpenVZ idea is like the one for your firewall -- deny all by default, then allow what you need. Here, as well, you start with a limited set of resources, and then tailor those to your environment. Of course it can be changed server-wide by having a different config set as default. One other thing, which isn't really a major issue, just an annoyance, is that if I run netstat or ps on the host it shows me all of the sockets open and programs running, even those inside the guests, whereas under linux-vserver the host machine is a context in it's own right, so they are hidden. There is a two-liner patch available to switch to hide VE processes from VE0 behavior: http://download.openvz.org/contrib/kernel-patches/diff-ve0-proc-own-processes-only My only issue with linux-vserver is the lack of network interface virtualisation, but I've been working around that for so long it's not really that much of an issue for me. My recommendation at this point is still towards linux-vserver. I'm planning on migrating work away from openvz back to linux-vserver as well. What are the reasons (if other than specified above)? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] UBC parameters for Oracle Server
We have a central Linux server for some development related services in our department. One of it is a Oracle 10gR2 Database server with two instances. I have managed to get it working but the needed parameters look a little bit odd to me. Especially the privvmpages must be really high and seams to climb up over time?? Version: 2.5 uid resource heldmaxheldbarrier limitfailcnt 107001: kmemsize 16705667 24744140 2500 3200 0 lockedpages 0 8 32 32 0 privvmpages 39619714256673 1900 2000 0 shmpages 131714 132690 256000 256000 0 dummy 0 0 0 0 0 numproc 123462 1024 1024 0 physpages195320 220490 0 2147483647 0 vmguarpages 0 0 256000 2147483647 0 oomguarpages 209597 223636 256000 2147483647 0 numtcpsock 98121 1024 1024 0 numflock 49 53100110 0 numpty1 2 16 16 0 numsiginfo0256256256 0 tcpsndbuf157784 406584 5120002048000 0 tcprcvbuf 2392 622184 5120002048000 0 othersockbuf 178964 512824 5120002048000 0 dgramrcvbuf 0 8364 132096 512000 0 numothersock115122 1024 1024 0 dcachesize0 010240002048000 0 numfile4091 8192 16384 16384 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 numiptent10 10128128 0 Is there any downside in setting privvmpages that large for a 4GB/Dual-Proc Maschine or should i simply let it that way? Thanxs Andreas ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] UBC parameters for Oracle Server
There is nothing bad in such high privvmpages settings. 1. Oracle manages it's caches itself and creates lots of mappings, which is the first reason of high privvmpages usages. 2. also please check the output of the following: # cat /proc/sys/kernel/exec-shield-randomize # cat /proc/sys/kernel/randomize_va_space RHEL kernels introduce randomization of virtual memory areas, but due to some reason it uses much more addition virtual memory for this. So you can disable it echoing '0' to one of these files. Thanks, Kirill [EMAIL PROTECTED] wrote: We have a central Linux server for some development related services in our department. One of it is a Oracle 10gR2 Database server with two instances. I have managed to get it working but the needed parameters look a little bit odd to me. Especially the privvmpages must be really high and seams to climb up over time?? Version: 2.5 uid resource heldmaxheldbarrier limit failcnt 107001: kmemsize 16705667 24744140 2500 3200 0 lockedpages 0 8 32 32 0 privvmpages 39619714256673 1900 2000 0 shmpages 131714 132690 256000 256000 0 dummy 0 0 0 0 0 numproc 123462 1024 1024 0 physpages195320 220490 0 2147483647 0 vmguarpages 0 0 256000 2147483647 0 oomguarpages 209597 223636 256000 2147483647 0 numtcpsock 98121 1024 1024 0 numflock 49 53100110 0 numpty1 2 16 16 0 numsiginfo0256256256 0 tcpsndbuf157784 406584 5120002048000 0 tcprcvbuf 2392 622184 5120002048000 0 othersockbuf 178964 512824 5120002048000 0 dgramrcvbuf 0 8364 132096 512000 0 numothersock115122 1024 1024 0 dcachesize0 010240002048000 0 numfile4091 8192 16384 16384 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 numiptent10 10128128 0 Is there any downside in setting privvmpages that large for a 4GB/Dual-Proc Maschine or should i simply let it that way? Thanxs Andreas ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
On Fri, 23 Mar 2007, Darryl Ross wrote: One other thing, which isn't really a major issue, just an annoyance, is that if I run netstat or ps on the host it shows me all of the sockets open and programs running, even those inside the guests, whereas under linux-vserver the host machine is a context in it's own right, so they are hidden. IMHO I prefer this behaviour to not showing me each of the vm's. The only thing I could ask for would be that there was a version of ps that showed the veid of each process (this may exist, I'm pretty behind in versions) --Jim ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
Jim Zajkowski wrote: On Fri, 23 Mar 2007, Darryl Ross wrote: One other thing, which isn't really a major issue, just an annoyance, is that if I run netstat or ps on the host it shows me all of the sockets open and programs running, even those inside the guests, whereas under linux-vserver the host machine is a context in it's own right, so they are hidden. IMHO I prefer this behaviour to not showing me each of the vm's. The only thing I could ask for would be that there was a version of ps that showed the veid of each process (this may exist, I'm pretty behind in versions) http://download.openvz.org/contrib/utils/vzprocps-2.0.11-6.13.swsoft.i386.rpm # vzps -E VEID shows processes of required VE only. Ok, we surely will add the ability to hide non-VE0 stuff in VE0 as was requested by some of people who get accustomed to vserver. Maybe it will be a new default some day in OpenVZ also. Thanks for your feedback, Kirill ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
I've just added ppc64 and sparc64 to OpenVZ list. The type of embedded platform you are developing for may steer your decision. I went looking for which cpu architectures are supported by openvz and vserver patches and found this wiki entry. Someone may care to update that entry. http://en.wikipedia.org/wiki/Comparison_of_virtual_machines -mike On Mar 22, 2007, at 4:36 PM, Ian P. Christian wrote: Enrico Weigelt wrote: Hi folks, does anyone known an good compasiron between OVZ + vserver ? I need an virtualization within embedded systems (small devices). I'm not sure this will help - but when I was looking at various visualizations systems, I decided vserver wasn't an option very quickly when I noticed it didn't do migrations. -- Ian P. Christian ~ http://pookey.co.uk ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] gdb pthreads question (bug #487)
Hi, I have problem with gdb debugging of threaded applications inside OpenVZ environment. Not only in virtual hosts, but on the hardware host also. It looks like gdb immediately have losing the pids of the threads. I have added bug into OpenVZ bugzilla, see http://bugzilla.openvz.org/show_bug.cgi?id=487 I'd like to ask for explaination, what is happening with threaded applications in OpenVZ? Is there some expectation or estimation, how difficult to fix that? -- WBR, Sergey Ivanov. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
Darryl Ross wrote: I've not been able to get migrations working in openvz at all. I just end up using the same process I use under linux-vserver to migrate guests between machines: rsync once, rsync a second time (to reduce the time stopped), stop the guest, resync a third time, start guest on new host. What problems did you have out of interest? 'vzmigrate --online' worked out of the box for me -- Ian P. Christian ~ http://pookey.co.uk ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
