| 1 |
"J. Roeleveld" <joost@××××××××.org> writes: |
| 2 |
|
| 3 |
> On Friday, April 24, 2015 10:23:01 PM lee wrote: |
| 4 |
>> "J. Roeleveld" <joost@××××××××.org> writes: |
| 5 |
>> > On Thursday, April 23, 2015 11:03:53 PM lee wrote: |
| 6 |
>> > Do you have anything that you find insufficiently documented or is too |
| 7 |
>> > difficult? |
| 8 |
>> sure, lots |
| 9 |
> |
| 10 |
> Have you contacted the Xen project with this? |
| 11 |
|
| 12 |
I've been asking questions on mailing lists. What do you expect? I |
| 13 |
could tell them "your documentation sucks" and they might say "go ahead |
| 14 |
and improve it then". I tried to improve it the little bit I could; |
| 15 |
it's on the wiki, if it's still there. |
| 16 |
|
| 17 |
>> > Containers. |
| 18 |
>> > Chroots don't have much when it comes to isolation. |
| 19 |
>> |
| 20 |
>> What exactly are the issues with containers? Ppl seem to work on them |
| 21 |
>> and to manage to make them more secure over time. |
| 22 |
> |
| 23 |
> Lack of clear documentation on how to use them. All the examples online refer |
| 24 |
> to systemd-only commands. |
| 25 |
|
| 26 |
True, there isn't much, if any, clear documentation. I followed the |
| 27 |
Gentoo wiki and it's working fine, though. |
| 28 |
|
| 29 |
>> >> > Virtualbox is nice for a quick test. I wouldn't use it for production. |
| 30 |
>> >> |
| 31 |
>> >> Why not? |
| 32 |
>> > |
| 33 |
>> > Several reasons: |
| 34 |
>> > |
| 35 |
>> > 1) I wouldn't trust a desktop application for a server |
| 36 |
>> |
| 37 |
>> So that's a gut feeling? |
| 38 |
> |
| 39 |
> No, a combination of experience and common sense. |
| 40 |
> A desktop application dies when the desktop dies. |
| 41 |
|
| 42 |
You cannot run it from the command line? It only runs in an X session? |
| 43 |
If that is so, I'm going to need something else. |
| 44 |
|
| 45 |
>> > 2) The overhead from Virtualbox is quite high (still better then VMWare's |
| 46 |
>> > desktop versions though) |
| 47 |
>> |
| 48 |
>> Overhead in which way? I haven't done much with virtualbox yet and |
| 49 |
>> merely found it rather easy to use, very useful and to just work fine. |
| 50 |
> |
| 51 |
> Virtualbox is easy when all you want is to quickly run a VM for a quick test. |
| 52 |
> It isn't designed to run multiple VMs with maximum performance. |
| 53 |
> In my experience I get on average 80% of the performance inside a Virtualbox |
| 54 |
> VM when compared to running them on the machine directly. With Xen, I can get |
| 55 |
> 95%. |
| 56 |
> (This is using normal work-loads, lets not talk about 3D inside a VM) |
| 57 |
|
| 58 |
Someone told me that you may find xen reducing the performance by up to |
| 59 |
40%. |
| 60 |
|
| 61 |
>> Compared to containers, the overhead xen requires is enormous, |
| 62 |
> |
| 63 |
> Hardly comparable. Containers run inside the same kernel. With Xen, or any |
| 64 |
> other virtualisation technology, you run a full OS. |
| 65 |
|
| 66 |
How is that not comparable? |
| 67 |
|
| 68 |
You don't need to run a full OS, and you're not stuck with fixed memory |
| 69 |
assignments without even the ability to overcommit when you use |
| 70 |
containers. With xen, you're stuck with what you initially assigned, |
| 71 |
may your VM currently use it or not. |
| 72 |
|
| 73 |
If my mail server was a xen VM, I'd have assigned 2GB to it; as a |
| 74 |
container, it uses less than one. If the machine I'm working on was a |
| 75 |
xen VM, I'd have assigned at least 16GB to it; as the host of the |
| 76 |
container, it costs me nothing. |
| 77 |
|
| 78 |
So obviously, the overhead required by xen is enormous. |
| 79 |
|
| 80 |
> |
| 81 |
>> and it |
| 82 |
>> doesn't give you a stable system to run VMs on because dom0 is already |
| 83 |
>> virtualized itself. |
| 84 |
> |
| 85 |
> Why doesn't it provide a stable system? |
| 86 |
> The dom0 has 1 task and 1 task only: Manage the VMs and resources provided to |
| 87 |
> the VMs. That part can be made extremely stable. |
| 88 |
|
| 89 |
It's already virtualized itself. With containers, I have a |
| 90 |
non-virtualized system as usual, as stable as they are. A container is |
| 91 |
like just another service I can start or stop, and I can access it |
| 92 |
easily because it simply resides under /etc/lxc while I can use the host |
| 93 |
for whatever else I'm doing. |
| 94 |
|
| 95 |
With xen, I have a virtualized system to begin with, which is wasted |
| 96 |
because it's only purpose is to provide a way to maintain other VMs. I |
| 97 |
can't fully use any of these VMs because for what I'm doing, I'd have to |
| 98 |
pass through my NVDIA card to one of them. IIUC, I wouldn't even be |
| 99 |
able to log in to the host because it won't have a graphics card, |
| 100 |
provided that I actually could pass the graphics card through, which |
| 101 |
appears to be pretty much impossible. |
| 102 |
|
| 103 |
The VMs would reside on LVM volumes and be hardly accessible --- though |
| 104 |
now I'd use ZFS subvolumes, making that as easy as with containers. |
| 105 |
|
| 106 |
Power management wouldn't work. The xen documentation sucks. Everything |
| 107 |
would be difficult and troublesome. It's extremely difficult to install |
| 108 |
a VM --- I never figured out how to actually do that. I'd be hugely |
| 109 |
wasting resources. |
| 110 |
|
| 111 |
I'd never have the feeling that there is a stable platform to work with, |
| 112 |
and it's not something I would want to have to maintain. |
| 113 |
|
| 114 |
> My Lab machine (which only runs VMs for testing and development) currently has |
| 115 |
> an uptime of over a year. In that time I've had VMs crashing because of bad |
| 116 |
> code inside the VM. Not noticing any issues there. Neither with stability nor |
| 117 |
> with performance. |
| 118 |
> My only interaction with the dom0 there is the create/destroy/start/stop/... |
| 119 |
> VMs. |
| 120 |
|
| 121 |
How can you use it for testing when it's so ridiculously difficult to |
| 122 |
install a VM? How do you do updates without rebooting when a new kernel |
| 123 |
version comes along? How do you adjust resource allocations depending |
| 124 |
on changing workloads? |
| 125 |
|
| 126 |
>> I don't know how that compares to virtualbox --- I |
| 127 |
>> didn't have time to look into it and it just worked, allowing me to run |
| 128 |
>> a VM on the fly on the same machine I'm working on without any ado. |
| 129 |
> |
| 130 |
> For that scenario, VirtualBox is quite well suited. I wouldn't run Xen on my |
| 131 |
> desktop or laptop. |
| 132 |
> |
| 133 |
>> That VM was simply a copy of a VM taken from a vmware server, and the |
| 134 |
>> copy could be used without any conversion or anything. |
| 135 |
> |
| 136 |
> Good luck doing that when you installed the VMWare client tools and drivers |
| 137 |
> inside a MS Windows VM. |
| 138 |
|
| 139 |
That's what it was. |
| 140 |
|
| 141 |
It gets troublesome when the VM is distributed across multiple files --- |
| 142 |
I started trying to convert that and never had the time to finish. |
| 143 |
|
| 144 |
>> You can't do |
| 145 |
>> that with xen because you'll be having lots of trouble to convert the |
| 146 |
>> VM, to convert the machine you're working on to xen and to get it to |
| 147 |
>> work, to work around all the problems xen brings about ... Some days |
| 148 |
>> later you might finally have it working --- which is out of the question |
| 149 |
>> because the VM is needed right away. And virtualbox does just that. |
| 150 |
> |
| 151 |
> Look into the pre-configured versions of Xen, like what Citrix offers. |
| 152 |
> I can import VMs from VMWare as well without issue. (Apart from the VMWare |
| 153 |
> client tools as mentioned, but Virtualbox has the same issues) |
| 154 |
|
| 155 |
Citrix is commercial, isn't it? |
| 156 |
|
| 157 |
IIRC, I tried to get xen to work with Centos (no chance), something else |
| 158 |
which I don't remember and finally Debian. Debian worked, but it is a |
| 159 |
total mess with too much ancient software and their backports, requiring |
| 160 |
backports kernels for xen and because of kernel bugs and problems with |
| 161 |
dracut/initramfs-tools (which are supposed to be fixed now). |
| 162 |
|
| 163 |
Add to that the sucking documentation of xen, things like power |
| 164 |
management not working and all the quirks like the clocks being offset |
| 165 |
despite the docs saying that they will be synced automagically, the |
| 166 |
impossibility to install an OS in a VM and the enormous waste of |
| 167 |
resources, and I really don't want to use xen --- particularly not for |
| 168 |
production. It's simply too troublesome. |
| 169 |
|
| 170 |
>> I was really surprised that virtualbox worked that well. Maybe xen will |
| 171 |
>> get there some time. |
| 172 |
> |
| 173 |
> Xen already is there. |
| 174 |
|
| 175 |
Not by far, it doesn't even have good documentation yet and is too |
| 176 |
troublesome and too difficult to use. |
| 177 |
|
| 178 |
> Please understand that Xen and Virtualbox have their own usecases: |
| 179 |
> |
| 180 |
> Xen is for dedicated hosts running VMs 24/7 |
| 181 |
|
| 182 |
If you can get it to work and if you have the time to get it there, it's |
| 183 |
a nice solution for VMs. That's very big ifs, not even to mention to |
| 184 |
work around the quirks. |
| 185 |
|
| 186 |
> Virtualbox is for testing stuff quickly on a laptop/desktop |
| 187 |
|
| 188 |
If it works only for that, what's the alternative? Sooner than later, |
| 189 |
I'll have to set up some Windoze VMs at work, and I really don't want to |
| 190 |
use xen. |
| 191 |
|
| 192 |
|
| 193 |
-- |
| 194 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 195 |
might swallow us. Finally, this fear has become reasonable. |
Archives