Use the blue Nav bar above to access the main index pages!

Linux Virtualization without a Hypervisor

Want to run half a dozen copies of Linux on your laptop, but you don't have 8 GB or RAM?  You can, and you don't need Virtual Box, VMware Player, XEN, or KVM.  Those technologies are great, especially if you want to run Windows along side Linux, if you're just running Linux, there may be a better way.  See the problem with hypervisors is that when you start spinning up instances, you end up with a separate instance of the kernel for each one.  What a waste of RAM.  They're all trying to do the same thing, give your programs access to the hardware, so why not share a kernel?

The answer is that all your programs may not play well together, may have conflicting dependencies, may run best or be easiest to install on different distros.  You may be a cloud developer and you want to design your scalable app to run across many instances.  Whatever the case, you can do all of the above, all on a single kernel.

Container-based Virtualization
No hypervisor, that's right, we're talking about a different kind of virtualization, called container-based virtualization, sometimes called Linux containers.  The concept is that an isolated process space is created, a Linux file system is rooted in a directory somewhere, an instance of init is spawned, it has its own configuration, an IP address, and suddenly you have the appearance of a virtual machine.  In reality, it's another set of processes running on the same kernel, but it looks like a VM, with its own processes and its own identity.

Because it doesn't have its own kernel, the VM "boots" way faster and uses far less memory than a full-blown copy of Linux running on a hypervisor, so it has far less impact on system resources.  So running five or ten VMs in a gig or two of RAM is not much problem at all.

The great news is that you can run various distros along side each other, so for example, you can run copies of Ubuntu and CentOS on the same kernel.  Now keep in mind, I'm not talking about running these VMs in graphical mode, these are Linux server instances like CentOS minimal, Ubuntu server, etc.  You may be able to run X, but I haven't tried it. I want to run a bunch of instances in text mode, running app components like Tomcat, Glassfish, Mongo, and MySQL.

There are a few container-based solutions that are popular, namely LXC (Linux Containers), and OpenVZ.  For this post, I'll focus on OpenVZ.  Let's walk through the configuration.  Let's build an OpenVZ host running CentOS 6.2, then we'll deploy an Ubuntu 12.04 server VM on top.

Installing OpenVZ
I'll skip past the part where we install CentOS 6.2, assuming that you've got it running on your laptop, or dare I say it, a copy running in Virtual Box or VMware Player.  Yes we can run OpenVZ VMs in a VM in a hypervisor.  After you have CentOS install, it's advisable to bring the install up to date with the latest updates.  Open a terminal, and type the following:

sudo bash
yum upgrade

Now that you're up to date, we can install OpenVZ by typing the following:

yum install wget
wget -P /etc/yum.repos.d
rpm --import
yum update 
yum install openvz-kernel-rhel6 vzctl vzquota

After the install completes, edit the file /etc/sysctl.conf and add the following lines to the bottom of the file:

net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Next, disable selinux by editing the file /etc/selinux/config and set SELINUX=disabled

Now reboot.

Installing the Web Interface
After rebooting we can install the web management interface for OpenVZ.  To do this, open a terminal window and type the following:

sudo bash
wget -O - | sh

Configuring the Firewall
Finally, we need to tweak the iptables firewall to allow the host for forward traffic for the VMs, and allow access to the web interface.  To do this, edit the file /etc/sysconfig/iptables and add the lines shown highlighted below.  The order of the lines is important, ACCEPT rules need to come before REJECT rules.  Notice that I've remarked (disabled) the REJECT rule for forwarding.

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 3000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
# -A FORWARD -j REJECT --reject-with icmp-host-prohibited

To make the changes take effect, type:

sudo service iptables restart

Building VMs
Now we can start using the web panel.  Open a web browser and browse to :3000 (or localhost:3000 if your host has a browser).  The OpenVZ web interface should appear as shown below.

The default user name is admin and the password is admin.  You should change the password right away using the My Profile menu item, you can also create new users using the Users menu item.

Now click on Physical Servers / localhost.  Then click on the OS Templates item in the right-hand pane.

Click Install New OS Template, choose one from the list, (keep in mind that you can't install a 64 bit template on a 32 bit host) then click Install.  The template will take a few moments to be downloaded and show up in the templates list.  Once is shows up, click on localhost again.

Now click Create Virtual Server in the right-hand pane.  In the dialog, enter the following information:

Enter a VEID (choose a unique number for each VM, you can start with 1).
Choose an OS template
Specify a hostname, IP address, and the root password you want in the VM.

Next, click on Additional Settings and specify a DNS server address (if you're on home wireless you might use and a DNS search domain (localdomain), then click Create.

Now we can start the VM, highlight it and click Change State - start.

Within a second or two, your new VM will be running.  You can now SSH into your VM as root (ssh root@).

Rinse and repeat.  The OS templates are minimal server installs, so not a lot of disk space or memory is used per VM, so you should be able to spin up a bunch.  Enjoy!

Related Posts:


Anonymous said...
This comment has been removed by a blog administrator.

Post a Comment

Related Posts Plugin for WordPress, Blogger...