This article is an introduction to OpenVZ, an open source container-based virtualisation solution for Linux.
In computing, virtualisation is the creation of a virtual version of a hardware platform, operating system, storage or network resource. Let’s briefly look at each type.
Hardware virtualisation: This provides an environment to create virtual machines and there are three different types:full, partial, and para-virtualisation. In full virtualisation, each OS instance and its applications run in a separate VM on top of virtual hardware. The computer system is available as a software construct with the same behaviour as a physical computer system. There are two types of full virtualisation: bare metal, by which the hypervisor runs on the underlying hardware, without a host OS; and hosted virtualisation, by which the hypervisor runs on top of the host OS (such as Windows or Linux). In partial virtualisation, the virtual machine simulates multiple instances of much of an underlying hardware environment specifically, address spaces but not the entire OS. In computing, para-virtualisation is a technique that represents a software interface to virtual machines that is similar, but not identical to, that of the underlying hardware resources.
Network virtualisation: Here, the physical network is segmented into logical parts to provide network virtualisation by combining network resources such as switches, NICs, firewalls, load balancers, VLANs, storage devices, Ethernet and Fiber Channel, as well as network functionality into a single, software-based network administrative entity. In internal network virtualisation, a host is configured with guest containers to create a virtual network in a box. In external network virtualisation, networks are shared or sub-divided into virtual networks using VLANs and switches.
Storage virtualisation: This is the union of multiple network storage devices into something that appears to be a single storage unit. It provides abstraction on top of various storage techniques, and hence enables flexibility.
Memory virtualisation: This decouples RAM from individual systems in the data centre, and aggregates them into a virtualised memory pool, which can be made available to any computer in the virtual environment.
Software virtualisation: Broadly, we can categorise this into three types:
OS-level virtualisation, by which multiple virtualised environments (multiple isolated user-space instances) can be hosted within a single instance.
Application virtualisation is related to hosting individual applications separated from the underlying OS.
Service virtualisation is emulating the behaviour of dependent components that are needed to execute an application for development or testing purposes.
Data virtualisation: This is the process of abstracting databases, files, etc, with the use of a single data access layer.
Desktop or client virtualisation: This is the virtualisation technology of separating the desktop from the physical machine.
OpenVZ is a container-based virtualisation solution for Linux. It creates multiple isolated and secure Linux servers known as Virtual Private Servers (VPS) on a single physical machine. Figure 2 depicts its architecture. Each container or VPS performs and executes instructions exactly like a stand-alone server. A VPS has root access, users, processors, memory, IP addresses, files, system libraries and configuration files, applications, ports, and routing rules. OpenVZ is an open source product available under the GNU GPL (General Public License).
So how do OpenVZ containers differ from the traditional virtual machine architecture? Well, they run on the same OS kernel as the host system, but allow multiple Linux variants in individual containers. This single-kernel implementation enables running containers with much less overhead. Hence, OpenVZ offers higher efficiency and manageability than traditional virtualisation technologies. It uses a single patched Linux kernel, and as a result can run only Linux and doesn’t have the overhead of a hypervisor (a tiny part of the CPU resources is used on virtualisation-around 1-2 per cent); it is fast and efficient.
The main features are listed below.
- OpenVZ uses a single kernel (Linux) implementation and hence it is as scalable as the Linux kernel.
- Virtualisation overhead is very low (approximately 1-2 per cent).
- Live migration of VPS and the checkpointing feature allows users to migrate a VPS from one physical host to another without needing to shut down the VPS.
- Resource management allows OpenVZ to share available host system resources among VPSs in an efficient manner; it guarantees QoS not only providing performance, resource isolation, and protection from denial-of-service attacks, but also collecting usage information to monitor the system’s health.
- By default, direct access to hardware is not available.
- OpenVZ has undergone a thorough security audit, which was performed by Solar Designer.
- IPsec is supported inside containers since kernel version 2.6.32.
- OpenVZ technology scales up to thousands of CPUs and terabytes of RAM.
Therefore, the benefits include near-zero overhead, strong isolation, improved flexibility, efficiency, and quality of service. Note that Oracle, DB/2, WebLogic, WebSphere and other big applications run efficiently inside OpenVZ containers. Applications and services need not be OpenVZ-aware. Along with standardised server management, note that OpenVZ kernels are based on Red Hat Enterprise Linux kernels, which are conventional and well maintained. By default, OpenVZ restricts container access to physical devices, making containers hardware-independent.
Its limitations are that OpenVZ supports only Linux distributions and not Windows. The /dev/loopN devices are often restricted in deployments, which restricts the ability to mount disk images. OpenVZ is restricted to providing only a few VPN technologies based on Point-to-Point Protocol (PPP), such as PPTP Point-to-Point Tunnelling Protocol (PPTP), Layer 2 Tunnelling Protocol (L2TP) and TUN/TAP (virtual network kernel devices).
A comparison of OpenVZ with its counterparts
How does OpenVZ compare with other virtualisation technologies such as Xen, KVM, VirtualBox, VMware Player and VMware Workstation? Table 1 gives a comparison.
2. Import the GPG key that belongs to the repository:
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
3. Find the OpenVZ kernel package:
yum search vzkernel vzkernel.i686 : The Linux kernel vzkernel-debug.i686 : The Linux kernel compiled with extra debugging enabled vzkernel-debug-devel.i686 : Development package for building kernel modules to : match the debug kernel vzkernel-devel.i686 : Development package for building kernel modules to match: the kernel vzkernel-firmware.noarch : Firmware files used by the Linux kernel vzkernel-headers.i686 : Header files for the Linux kernel for use by glibc Name and summary matches only, use "search all" for everything
4. Install vzkernel.i686 with yum install vzkernel and it will automatically update the GRUB bootloader.
5. Edit /boot/grub/menu.lst to verify the OpenVZ kernel entry.
title OpenVZ (2.6.32-042stab072.10)
kernel /vmlinuz-2.6.32-042stab072.10 ro root=UUID=954e09c7-75ba-426d-aeca-c79d00ed3d16 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
title CentOS (2.6.32-279.el6.i686)
6. After installing the OpenVZ kernel, you need to install user-level tools for OpenVZ (yum install vzctl vzquota); vzctl is used to perform different tasks on VPSs such as Start, Stop, Create, Destroy, Set parameters, etc, while vzquota is used to manage the VPS quotas.
7. Edit /etc/sysctl.conf and add or modify the following settings:
8. Load the new settings with sysctl p
9. Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all.
10. SELinux needs to be disabled; edit /etc/sysconfig/selinux and set the value of SELINUX to disabled.
11. Reboot the system. You can check the release with uname r and should get something like 2.x.xx-xxxstabxxx.x.
12. OpenVZ is installed in a way that it is possible to boot the system either with OpenVZ support or without it. At present, it is not possible to create VPSs. Different VPSs can run different versions of Linux. A VPS is based on a specific OS template; OS templates are packages available with OpenVZ. You need to install the corresponding OS template in OpenVZ to create a VPS. After you install at least one OS template, you can create any number of VPSs with the help of standard OpenVZ utilities, and can configure their network, and work with these VPSs as you work with fully functional Linux servers. First download a CentOS template:
13. Copy the downloaded template into /vz/template/cache.
14. Each VPS must have its own unique ID (here, we used 121) and create the VPS with:
vzctl create 121 –ostemplate centos-6-x86_64 –config basic
15. Set a hostname and IP address for the VPS:
vzctl set 121 –hostname testvps.com –save
vzctl set 121 –ipadd 192.168.0.201 save
16. You can now start the VPS with vzctl start 121; stop it with vzctl stop 121 and restart it with vzctl restart 121.
EasyVZ: OpenVZ management GUI
EasyVZ is a GUI management console for OpenVZ. It lets you easily create, destroy, manage and monitor VPSs. The pre-requisites for using it are:
1. You have to have an OpenVZ-enabled kernel running.
2. All OpenVZ utilities need to be installed.
3. To create new VPSs, you need templates installed in /vz/template/cache.
The source distribution contains two directories; the backend directory contains the server source code. Start the server on the OpenVZ node that you intend to manage:
cd backend/ python server.py
The client can be run on the same machine:
cd gui/ python ezvz.py
Monitoring system resource consumption
It is possible to check the system resource statistics from within a VPS, which allows you to understand what particular resource limits are preventing an application from starting. These statistics report the current and maximum resources consumption for the running VPS, and can be obtained from the /proc/user_beancounters file:
vzctl exec 101 cat /proc/user_beancounters
Monitoring memory consumption
Users can monitor memory parameters for the hardware node and for particular VPSs:
The v option is used to display the memory information for each VPS.
Enabling VPN for a VPS
A Virtual Private Network allows you to establish a secure network connection over an insecure public network. It is possible to set up a VPN for a separate VPS via the TUN/TAP device.
1. The tun module needs to be loaded before OpenVZ is started; you can load it with:
lsmod | grep tun or modprobe tun
2. Allow the VPS to use the TUN/TAP device:
vzctl set 121 --devices c:10:200:rw save
3. Create the subsequent device inside the VPS and set the proper permissions.
The author is an Author of the book Implementing DevOps with Microsoft Azure available at https://goo.gl/AgcsBX . He contributes occasionally to https://clean-clouds.com and https://etutorialsworld.com.