LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

November 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS November 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SL: not a good choice as a workstation
From:	ToddAndMargo <[log in to unmask]>
Reply To:	ToddAndMargo <[log in to unmask]>
Date:	Sat, 8 Nov 2014 18:42:41 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (103 lines)

On 11/08/2014 02:58 PM, 7 Mosgalin wrote:
> Hi ToddAndMargo!
>
>   On 2014.11.08 at 11:06:00 -0800, ToddAndMargo wrote next:
>
>> Hi Vladimir,
>>
>> Do you have a good reference you like that I could
>> learn this container stuff?
>
> Containers are pretty basic concepts. Were links I provided (as well as
> systemd-nspawn page) not enough?
>
> Basically it's chroot on steroids, allows program (or lots of programs,
> up to "all the programs in typical operating system, starting from
> init") execute in lightweight isolation - filesystem isolation, socket
> isolation, process space isolation and limits (memory, CPU, IO etc) for
> whole container. (chroot offers only low-quality filesystem isolation).
>
> There are various ways of doing this isolation, on Linux most popular
> and used in production would be OpenVZ (used for many years). More
> modern way is LXC (available in EL since EL7 out of the box). It is a
> much newer technology but we use it in production already on new systems
> instead of OpenVZ and it works.
>
> Applications in containers run at full speed, but environments you can
> run are limited, because host kernel version is the same.
> E.g. under SL7 you can perfectly run SL6 or F20 containers or any other
> Linux distributions compatible with 3.10 kernel, but it's not
> guaranteed that you'll be able to run, say, EL3 (kernel 2.4 based)
> container or future distributions which require features from newer
> kernels.
>
>
> Since containers themselves is very simple concept and there aren't as
> many complex technologies and pitfalls involved as with virtualization,
> there isn't much read about containers themselves. You can get familiar
> with certain isolation (container) technology. Just google for some
> documentation on its basic usage and that's it. In many aspects
> containers are way, way simpler than virtualization so there just isn't
> much you need to know to use them.
>
> I already explained basics, so I don't know what to add about it. If
> you want me to repeat it:
>
> OpenVZ - works great, production-ready, not supported from the box on
> any popular Linux distribution (requires special kernel and tools).
> Unless you need to work with existing installation, don't bother.
>
> LXC (native tools) - new, semi-production ready, works on EL7 out
> of the box, except for few pitfalls which might be fixed in the future
> (we got affected by selinux problems - kernel hanged/crashed (!) with
> selinux enabled, had to disable it; also got affected by bug
> https://bugzilla.redhat.com/show_bug.cgi?id=1004724 when running
> PostgreSQL in container; there is workaround)
>
> LXC under libvirt - very new, not production ready, but this is the way
> RedHat wants you to use containers. There is documentation available
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Resource_Management_and_Linux_Containers_Guide/index.html
>>From our experience, it doesn't work well enough yet to be used in
> production. Very immature tools and various problems. But, it will play
> nice with selinux when it'll work better.
>
> Note that documentation from link above still might be useful to you,
> even if you won't use LXC under libvirt
>
> Docker - a way to run single application in any kind of container. Very
> new, very hot technology, lots of interest in it (Redhat recently had
> webinar about docker, for example). Very easy to use, but its usage is
> limited comparing to container technology as a whole and it's still
> immature/not production ready.
> There is some documentation from the link above.
> When this technology matures, it *will* be the best solution for your
> task ("run Fedora 20 wine under SL7") and similar ones.
>
> systemd-nspawn - think of it as of very primitive alternative to
> Docker. Very limited and primitive and not for production usage (and
> likely will never be), but easy to use and excellent for simple use at
> desktop systems right now.
> The documentation would be its manpage and resources on the internet.
> http://maci0.wordpress.com/2014/05/02/run-any-applications-on-rhel7-containerized-with-3d-acceleration-and-pulseaudio-steam-pidgin-vlc/
> is a good link (the command line with lots of bind mount arguments shows
> how to let application use high-performance interface to X11 and even
> run 3D applications without speed loss), as well as
> http://www.alapshin.com/posts/systemd-chroot/ (in Russian).
>
>

Hi Vladimir,

Thank you!

I will have to read over very slowly. Also have to figure
out the difference between a "container" and a "KVM
virtual machine" (of which I have lots).

-T
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV