1 |
Rich Freeman <rich0@g.o> writes: |
2 |
|
3 |
> On Mon, Jan 18, 2016 at 9:45 PM, Alec Ten Harmsel |
4 |
> <alec@××××××××××××××.com> wrote: |
5 |
>> |
6 |
>> All Joost is saying is that most resources can be overcommitted, since |
7 |
>> all the users will not be using all their resources at the same time. |
8 |
>> |
9 |
> |
10 |
> Don't want to sound like a broken record, but this is precisely why |
11 |
> containers are so attractive. You can set hard limits wherever you |
12 |
> want, but otherwise absolutely everything can be |
13 |
> over-comitted/shared/etc to the degree you desire. They're just |
14 |
> processes and namespaces and cgroups and so on. You just have to be |
15 |
> willing to live with whatever kernel is running on the host. Of |
16 |
> course, it isn't a solution for Windows, and there aren't any mature |
17 |
> VDI-oriented solutions I'm aware of. However, running as non-root in |
18 |
> a container should be very secure so there is no reason it couldn't be |
19 |
> done. I just spun up a new container yesterday to test out burp |
20 |
> (alas, ago beat me to the stablereq) and the server container is using |
21 |
> all of 54M total / 3M RSS (some of that because I like to run sshd and |
22 |
> so on inside). I can afford to run a LOT of those. |
23 |
|
24 |
Yes, I prefer containers over xen and kvm. They are easy to set up, |
25 |
have basically no overhead, no noticeable performance impact or loss, |
26 |
and handing over devices, like a network card, to a container is easy |
27 |
and painless. Unfortunately, as you say, you can't use them when you |
28 |
need Windoze VMs. |
29 |
|
30 |
BTW, is it as easy to give a graphics card to a container as it is to |
31 |
give it a network card? What if you have a container for each user who |
32 |
somehow logs in remotely to an X session? Do (can) you run X sessions |
33 |
that do not have a console and do not need a (dedicated) graphics card |
34 |
(just for users logging in remotely)? |
35 |
|
36 |
Having a container for each user would be much less painful than having |
37 |
a VM for each user. That brings back the question what to use when you |
38 |
want to log in remotely to an X session ... |