Hi Ted,
> 1) I downloaded the VM
> (http://www.postcogito.org/vsdemo0.5-ubuntu10_04-32bit.7z ) and it runs,
> but am unsure what I should look for. Within the Ubuntu VM, a message
> comes up (Welcome to Kiko's 'Vservers on the Desktop' Demo!", and there
> are a number of links in the upper panel to Firefox, Corporate Firefox,
> LibreOffice etc. The pw allows me to get root access, but as best I
> can tell the vserver is not using an LV. Can you throw me a tip as to
> what I might look for to see how you configured partitions etc.?
You're correct. In this demo, I didn't use LVMs at
all -- I used unified (or "hashified") clones because
they reuse disk space AND memory, allowing much more
vservers in the same memory footprint. This is my "2nd
gen" solution; the LVM thing was my "1st gen"
approach.
In the demo, the "Banking Firefox" icon is the one
that best describes the fundamental idea I wanted
to achieve: a vserver that re-clones itself out of
a "master" template, providing a fast "self-cleaning
reinstall" effect in case of breach. Actually, we
can go further: if re-cloning is cheap and fast,
we don't even try to detect that we've been breached;
we simply re-clone every time.
> 2) My Linux Vserver clones take about 10 min to complete...my
> impression is yours get completed much more quickly. Is that possibly
> because I'm not using hashify, have a slower machine, or have a larger
> vserver to clone (with the Mate desktop etc.)?
Yep, that's primarily because you didn't hashify them.
When you hashify, almost everything is done with
hard links, which are much faster to create and
take almost no disk space. When you don't hashify,
the clone operation actually copies the whole contents
of every file in the vserver, which takes much longer
and duplicates the disk space usage.
BTW, how long did it take in your system for the
clones to start?
> 3) I've been looking at "kpartx" as a way to create nested LVMs,
> assuming I'd clone a new Vserver, create some nested LVMS, and then move
> the Vserver's "/home" to one nested LVM and everything else to another
> (my assumption being this may not work but am experimenting...). Do you
> use "kpartx" in your work, or some other approach when creating nested
> LVMs? When I issue something like "kpartx -av /dev/vg2/LVM" I get no
> output on the command line and so am wondering if kpartx works with my
> set up (Encrypted RAID, LVM, Wheezy).
As I said, I used LVMs in an earlier version of this
system. At the time I used plain lvs, I didn't feel
a need to have them nested. There was a clone script
that snapshotted a particular lv, mounted it and
started the vserver in it. The annoying thing was
that I had to have nearly one lv and filesystem
per vserver, which prevented me from using hashified
vservers. The LVM snapshotting did save some disk
space, but because of the different filesystems,
we had many idential versions of libc, bash, etc., loaded several times,
wasting a lot of memory.
And, overall, the solution ended up being quite
complicated. When I changed to hashified cloned
vservers in a same filesystem, all these downsides
went away and the overall solution ended up a lot
simpler.
The demo VM you got does a lot more than that;
it compartimentalizes the X Window System, Pulse
Audio, etc., because it was meant to be a "desktop
system". In a server system, it gets much simpler.
Take a look at the "vstart/vclone" scripts.
Hope this helps.
-Marco.
Received on Wed Feb 5 20:39:41 2014