Hi,
On Thu, Nov 07, 2013 at 09:44:52AM +0100, Allan Latham wrote:
> I think this is an important subject but is only a subset of a major
> disadvantage of vserver.
>
> I looked at vserver a while ago and I really liked it from a technical
> point of view. Dealing with networking is a challenge at first because
> all the guest IPs are really on the host and there is no forwarding
> taking place - it impinges on how you set up iptables.
No they are not. You just need to know how. Combine network
namespaces with network contexts. In our case we have seperate
firewalls, and each network namespace get it's own vlan
interface. Within that network namespace you can have multiple
network contexts of the same network security level.
> However that is not the greatest problem. The resulting system must be
> handed over to a client who does not have the deep knowledge of the
> technician who set it up. In our case throughout the entire system and
> applications there are just two components which require compilation
> from source with patches. This is frowned upon from a management point
> of view but can be justified because there is no alternative.
>
> In the case of vserver there are alternatives: OpenVZ, LXC, Xen and KVM.
OpenVZ and Xen are no real alternatives. They require massive
kernel patching. KVM and LXC requires no patching. vserver
requires minimal kernel patching. LXC on it's own is not mature
enough. Vserver enriches the LXC. KVM is just a virtual machine
in which you can't share resources or poke at it's insides
without being part of it.
> Whatever the technical arguments, all of these are better documented
> than vserver and are available as standard packages in Debian Wheezy.
> Management loves this as they can always find someone who can help when
> the original technician is no longer available.
But the original question was OpenStack. You just don't do a
quick install of openstack.
> Before I wrote this I took a look again at the documentation. Please try
> it yourselves and imagine you have practical working knowledge of Linux
> but you are not 'sysop of the year' nor do you know (or want to know)
> the internals of vserver or any other similar tool. You just want to try
> out multiple guests on one box so you can convince the boss it is worth
> looking at it.
Again, openstack doesn't work like that. kvm works like that,
vserver works like that, but openstack is a massive
infrastructure design you must have thought off.
> As a minimum you need consistent up-to-date documentation, packages -
> including libvirt - and guest images for the top 3 server distros.
>
> I know it's a free product and documentation and packaging is volunteer
> work but I would hate to see this fine product go under because it's so
> hard to use.
Actually: I have never had so much help as with vserver on irc.
Somehow irc is much better with vserver than this mailing list
;-).
> In the end we chose KVM on Debian Wheezy (guests and hosts). Why?
>
> 1. All involved were already familiar with KVM virtual servers on a
> server farm.
> 2. It works out of the box - we used libvirt but we also know how to do
> it 'by hand' with qemu-kvm.
Those are valid reasons: you know how to use it, you understand
how it works. We use KVM within vserver to virtualize windows
boxes. But vserver is our main virtualizationt technique in our
"cloud".
> I wish you all a great future and I think devoting effort in this
> direction is the best decision you could make. You've done a great job
> technically now's the time to roll it out to the world before it's too
> late. The best technically does not always win - anyone remember the
> Betamax vs VHS battle.
You have made valid remarks, but they boil down to this: you know
how it works or you don't.
There is a lot of terms and levels mixed when talking clouds and
virtualization. KVM can be a very tiny portion of a full fledged
openstack structure. The same goes for lxc. OpenVZ is more
complex. Vserver is also a small part of the total picture.
A company deciding to use openstack shall have enough resources
and clue to be able to use the virtualization technique they
chose. If you start using openstack without a clue, you will feel
the wrath later.
I don't need openstack, but you are right that it makes
acceptence a little higher, because right now vserver is I think
the only technique that's really capable to drive your iron to
it's max.
Daniel has very reasonable questions. Vserver already does a lot
and is very well integrateable in any process.
My 2 cents ;-)
Regards,
Ard van Breemen
Received on Fri Nov 15 15:43:20 2013