10 minute read

Going Virtual With OpenVZ

This article is an introduction to OpenVZ, an open source containerbased virtualisation solution for Linux.

In computing, virtualisation is the creation of a virtual version of a hardware platform, operating system, storage or network resource. Let's briefly look at each type.

Advertisement

Hardware virtualisation: This provides an environment to create virtual machines and there are three different types—full, partial, and para-virtualisation. In full virtualisation, each OS instance and its applications run in a separate VM on top of virtual hardware. The computer system is available as a software construct with the same behaviour as a physical computer system. There are two types of full virtualisation: bare metal, by which the hypervisor runs on the underlying hardware, without a host OS; and hosted virtualisation, by which the hypervisor runs on top of the host OS (such as Windows or Linux). In partial virtualisation, the virtual machine simulates multiple instances of much of an underlying hardware environment—specifically, address spaces—but not the entire OS. In computing, para-virtualisation is a technique that represents a software interface to virtual machines that is similar, but not identical to, that of the underlying hardware resources.

Network virtualisation: Here, the physical network is segmented into logical parts to provide network virtualisation by combining network resources such as switches, NICs, firewalls, load balancers, VLANs, storage devices, Ethernet and Fiber Channel, as well as network functionality into a single, software-based network administrative entity. In internal network virtualisation, a host is configured with guest containers to create a virtual network in a box. In external network virtualisation, networks are shared or sub-divided into virtual networks using VLANs and switches.

Storage virtualisation: This is the union of multiple network storage devices into something that appears to be a single storage unit. It provides abstraction on top of various storage techniques, and hence enables flexibility.

Memory virtualisation: This decouples RAM from individual systems in the data centre, and aggregates them into a virtualised memory pool, which can be made available to any computer in the virtual environment.

Software virtualisation: Broadly, we can categorise this into three types: ƒ OS-level virtualisation, by which multiple virtualised environments (multiple isolated user-space instances) can be hosted within a single instance. ƒ Application virtualisation is related to hosting individual applications separated from the underlying OS. ƒ Service virtualisation is emulating the behaviour of dependent components that are needed to execute an application for development or testing purposes.

Data virtualisation: This is the process of abstracting databases, files, etc, with the use of a single data access layer.

Desktop or client virtualisation: This is the virtualisation technology of separating the desktop from the physical machine.

OpenVZ

OpenVZ is a container-based virtualisation solution for Linux. It creates multiple isolated and secure Linux servers known as Virtual Private Servers (VPS) on a single physical machine. Figure 2 depicts its architecture. Each container or VPS performs and executes instructions exactly like a stand-alone server. A VPS has root access, users, processors, memory, IP addresses,

Hardware • Full • Bare-Metal • Hosted • Partial • Para Network • Internal

Network

Virtulizaion • External

Network

Virtulization

VIRTULIZATION

Storage • Block

Virtulization • File

Virtulization Memory • Application

Level • OS Level

Integration Software • OS Level • Application • Service Data • Database Software • Virtual desktop

Infrastructure • Hosted Virtual

Desktop

Figure 1: Types of virtualisation

files, system libraries and configuration files, applications, ports, and routing rules. OpenVZ is an open source product available under the GNU GPL (General Public License).

So how do OpenVZ containers differ from the traditional virtual machine architecture? Well, they run on the same OS kernel as the host system, but allow multiple Linux variants in individual containers. This single-kernel implementation enables running containers with much less overhead. Hence, OpenVZ offers higher efficiency and manageability than traditional virtualisation technologies. It uses a single patched Linux kernel, and as a result can run only Linux—and doesn't have the overhead of a hypervisor (a tiny part of the CPU resources is used on virtualisation—around 1-2 per cent); it is fast and efficient.

OpenVZ features

The main features are listed below.

P h

y s i c a l H o s t

# 1

Root access Users, Processors, Memory, Files, Applications Virtual Private Server

Root access Users, Processors, Memory, Files, Applications Virtual Private Server

OpenVZTemplate Open VZLayer Host OS Hardware Network

Figure 2: OpenVZ architecture

P h

y s i c a l H o s t

# 2

Root access Users, Processors, Memory, Files, Applications Virtual Private Server

Root access Users, Processors, Memory, Files, Applications Virtual Private Server

OpenVZTemplate Open VZLayer Host OS Hardware Network

ƒ OpenVZ uses a single kernel (Linux) implementation and hence it is as scalable as the Linux kernel. ƒ Virtualisation overhead is very low (approximately 1-2 per cent). ƒ Live migration of VPS and the checkpointing feature allows users to migrate a VPS from one physical host to another without needing to shut down the VPS. ƒ Resource management allows OpenVZ to share available host system resources among VPSs in an efficient manner; it guarantees QoS—not only providing performance, resource isolation, and protection from denial-of-service attacks, but also collecting usage information to monitor the system’s health. ƒ By default, direct access to hardware is not available. ƒ OpenVZ has undergone a thorough security audit, which was performed by Solar Designer. ƒ IPsec is supported inside containers since kernel version 2.6.32. ƒ OpenVZ technology scales up to thousands of CPUs and terabytes of RAM.

Therefore, the benefits include near-zero overhead, strong isolation, improved flexibility, efficiency, and quality of service. Note that Oracle, DB/2, WebLogic, WebSphere and other big applications run efficiently inside OpenVZ containers. Applications and services need not be OpenVZaware. Along with standardised server management, note that OpenVZ kernels are based on Red Hat Enterprise Linux kernels, which are conventional and well maintained. By default, OpenVZ restricts container access to physical devices, making containers hardware-independent.

Its limitations are that OpenVZ supports only Linux distributions and not Windows. The /dev/loopN devices are often restricted in deployments, which restricts the ability to mount disk images. OpenVZ is restricted to providing only a few VPN technologies based on Point-to-Point Protocol (PPP), such as PPTP Point-to-Point Tunnelling Protocol (PPTP), Layer 2 Tunnelling Protocol (L2TP) and TUN/TAP (virtual network kernel devices).

OpenVZ Use-Cases Development and testing

Developers and testers need access to different Linux variants to develop and test an application—hence, testing and development groups often require a lot of hardware resources. By using OpenVZ, developers and testers can create multiple partitions with different Linux variants and configurations residing on one physical host. Hosting Useful to have isolated users and costefficient containers that behave like a server, to support multiple versions of an application, and offer easy administration.

A comparison of OpenVZ with its counterparts

How does OpenVZ compare with other virtualisation technologies such as Xen, KVM, VirtualBox, VMware Player and VMware Workstation? Table 1 gives a comparison.

Table 1

OpenVZ Xen KVM VirtualBox VMware Player VMware ESX/ ESXi

Type of hypervisor Hosted Bare-metal Hosted Hosted Hosted Bare-metal

License

Host OS supported

Guest OS supported GPL GPL GPL version 2 GPL version 2

Linux NetBSD, Linux, Solaris FreeBSD, Linux, Illumos Windows, Linux, Mac OS X x86, Solaris, FreeBSD, eComStation

Linux variants FreeBSD, NetBSD, Linux, Solaris, Windows XP & 2003 Server FreeBSD, Linux, Solaris, Windows DOS, Linux, Mac OS X Server, FreeBSD, Haiku, OS/2, Solaris, Syllable, Windows

USB support Yes - Yes Yes Proprietary, free of charge for personal noncommercial use Proprietary

Windows, Linux No host OS

Windows, Linux, Solaris, FreeBSD, OSx86 (as FreeBSD), virtual appliances, Netware, OS/2, SCO, BeOS, Haiku, Darwin,

Yes Windows, Linux, Solaris, FreeBSD, OSx86 (as FreeBSD), virtual appliances, Netware, OS/2, SCO, BeOS, Haiku, Darwin, others: run arbitrary OS

Yes

Live migration Yes Yes Yes Yes Snapshots per VM Yes (Vz dump) Yes Yes

GUI Yes (EasyVZ) Yes Yes Yes No

No

Yes Yes

Yes

Yes

Installation and configuration

1. Download the repository file and (all these steps must be performed as the root) put it in the ‘/etc/yum.repos.d’ directory:

wget http://download.openvz.org/openvz.repo

2. Import the GPG key that belongs to the repository:

rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

3. Find the OpenVZ kernel package:

yum search vzkernel vzkernel.i686 : The Linux kernel vzkernel-debug.i686 : The Linux kernel compiled with extra debugging enabled vzkernel-debug-devel.i686 : Development package for building kernel modules to : match the debug kernel vzkernel-devel.i686 : Development package for building kernel modules to match: the kernel vzkernel-firmware.noarch : Firmware files used by the Linux kernel vzkernel-headers.i686 : Header files for the Linux kernel for use by glibc Name and summary matches only, use "search all" for everything

4. Install vzkernel.i686 with yum install vzkernel and it will automatically update the GRUB bootloader. 5. Edit /boot/grub/menu.lst to verify the OpenVZ kernel entry.

title OpenVZ (2.6.32-042stab072.10) root (hd0,0) kernel /vmlinuz-2.6.32-042stab072.10 ro root=UUID=954e09c7-75ba-426d-aeca-c79d00ed3d16 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-042stab072.10.img title CentOS (2.6.32-279.el6.i686) root (hd0,0)

6. After installing the OpenVZ kernel, you need to install

user-level tools for OpenVZ (yum install vzctl vzquota); vzctl is used to perform different tasks on VPSs such as

Start, Stop, Create, Destroy, Set parameters, etc, while vzquota is used to manage the VPS quotas. 7. Edit /etc/sysctl.conf and add or modify the following settings: 8. Load the new settings with sysctl –p 9. Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all. 10. SELinux needs to be disabled; edit /etc/sysconfig/selinux and set the value of SELINUX to disabled. 11. Reboot the system. You can check the release with uname –r and should get something like 2.x.xx-xxxstabxxx.x. 12. OpenVZ is installed in a way that it is possible to boot the system either with OpenVZ support or without it. At present, it is not possible to create VPSs. Different VPSs can run different versions of Linux. A VPS is based on a specific

OS template; OS templates are packages available with

OpenVZ. You need to install the corresponding OS template in OpenVZ to create a VPS. After you install at least one

OS template, you can create any number of VPSs with the help of standard OpenVZ utilities, and can configure their network, and work with these VPSs as you work with fully functional Linux servers. First download a CentOS template:

wget http://download.openvz.org/template/precreated/centos6-x86_64.tar.gz

13. Copy the downloaded template into /vz/template/cache. 14. Each VPS must have its own unique ID (here, we used 121) and create the VPS with:

vzctl create 121 --ostemplate centos-6-x86_64 --config basic

15. Set a hostname and IP address for the VPS:

vzctl set 121 --hostname testvps.com --save vzctl set 121 --ipadd 192.168.0.201 –save

16. You can now start the VPS with vzctl start 121; stop it with vzctl stop 121 and restart it with vzctl restart 121.

EasyVZ: OpenVZ management GUI

EasyVZ is a GUI management console for OpenVZ. It lets you easily create, destroy, manage and monitor VPSs. The pre-requisites for using it are: 1. You have to have an OpenVZ-enabled kernel running. 2. All OpenVZ utilities need to be installed. 3. To create new VPSs, you need templates installed in /vz/ template/cache.

The source distribution contains two directories; the backend directory contains the server source code. Start the server on the OpenVZ node that you intend to manage:

cd backend/ python server.py The client can be run on the same machine:

cd gui/ python ezvz.py

Monitoring system resource consumption

It is possible to check the system resource statistics from within a VPS, which allows you to understand what particular resource limits are preventing an application from starting. These statistics report the current and maximum resources consumption for the running VPS, and can be obtained from the /proc/user_beancounters file:

vzctl exec 101 cat /proc/user_beancounters

Monitoring memory consumption

Users can monitor memory parameters for the hardware node and for particular VPSs:

vzmemcheck –v

The –v option is used to display the memory information for each VPS.

Enabling VPN for a VPS

A Virtual Private Network allows you to establish a secure network connection over an insecure public network. It is possible to set up a VPN for a separate VPS via the TUN/TAP device. 1. The tun module needs to be loaded before OpenVZ is started; you can load it with:

lsmod | grep tun or modprobe tun

2. Allow the VPS to use the TUN/TAP device:

vzctl set 121 --devices c:10:200:rw –save

3. Create the subsequent device inside the VPS and set the proper permissions.

References

[0] http://en.wikipedia.org/wiki/Comparison_of_platform_ virtual_machines [1] http://en.wikipedia.org/wiki/Network_virtualization [2] http://en.wikipedia.org/wiki/Storage_Virtualization [3] http://en.wikipedia.org/wiki/Memory_virtualization [4] http://wiki.openvz.org/Main_Page [5] http://wiki.openvz.org/VPS_vs_Dedicated [6] http://wiki.openvz.org/Use_cases [7] http://sourceforge.net/projects/easyvz/ [8] http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf

By: Mitesh Soni

The author is a Technical Lead at iGATE. He is in the Cloud Services (Research & Innovation) Group and loves to write about new technologies. Blog: http://clean-clouds.com

This article is from: