| 1 |
Rich Freeman <rich0@g.o> writes: |
| 2 |
|
| 3 |
> On Mon, Jan 18, 2016 at 9:45 PM, Alec Ten Harmsel |
| 4 |
> <alec@××××××××××××××.com> wrote: |
| 5 |
>> |
| 6 |
>> All Joost is saying is that most resources can be overcommitted, since |
| 7 |
>> all the users will not be using all their resources at the same time. |
| 8 |
>> |
| 9 |
> |
| 10 |
> Don't want to sound like a broken record, but this is precisely why |
| 11 |
> containers are so attractive. You can set hard limits wherever you |
| 12 |
> want, but otherwise absolutely everything can be |
| 13 |
> over-comitted/shared/etc to the degree you desire. They're just |
| 14 |
> processes and namespaces and cgroups and so on. You just have to be |
| 15 |
> willing to live with whatever kernel is running on the host. Of |
| 16 |
> course, it isn't a solution for Windows, and there aren't any mature |
| 17 |
> VDI-oriented solutions I'm aware of. However, running as non-root in |
| 18 |
> a container should be very secure so there is no reason it couldn't be |
| 19 |
> done. I just spun up a new container yesterday to test out burp |
| 20 |
> (alas, ago beat me to the stablereq) and the server container is using |
| 21 |
> all of 54M total / 3M RSS (some of that because I like to run sshd and |
| 22 |
> so on inside). I can afford to run a LOT of those. |
| 23 |
|
| 24 |
Yes, I prefer containers over xen and kvm. They are easy to set up, |
| 25 |
have basically no overhead, no noticeable performance impact or loss, |
| 26 |
and handing over devices, like a network card, to a container is easy |
| 27 |
and painless. Unfortunately, as you say, you can't use them when you |
| 28 |
need Windoze VMs. |
| 29 |
|
| 30 |
BTW, is it as easy to give a graphics card to a container as it is to |
| 31 |
give it a network card? What if you have a container for each user who |
| 32 |
somehow logs in remotely to an X session? Do (can) you run X sessions |
| 33 |
that do not have a console and do not need a (dedicated) graphics card |
| 34 |
(just for users logging in remotely)? |
| 35 |
|
| 36 |
Having a container for each user would be much less painful than having |
| 37 |
a VM for each user. That brings back the question what to use when you |
| 38 |
want to log in remotely to an X session ... |
Archives