9:56 PM
Brian Seltzer
The answer is that all your programs may not play well together, may have conflicting dependencies, may run best or be easiest to install on different distros. You may be a cloud developer and you want to design your scalable app to run across many instances. Whatever the case, you can do all of the above, all on a single kernel.
Container-based Virtualization
No hypervisor, that's right, we're talking about a different kind of virtualization, called container-based virtualization, sometimes called Linux containers. The concept is that an isolated process space is created, a Linux file system is rooted in a directory somewhere, an instance of init is spawned, it has its own configuration, an IP address, and suddenly you have the appearance of a virtual machine. In reality, it's another set of processes running on the same kernel, but it looks like a VM, with its own processes and its own identity.
Because it doesn't have its own kernel, the VM "boots" way faster and uses far less memory than a full-blown copy of Linux running on a hypervisor, so it has far less impact on system resources. So running five or ten VMs in a gig or two of RAM is not much problem at all.
The great news is that you can run various distros along side each other, so for example, you can run copies of Ubuntu and CentOS on the same kernel. Now keep in mind, I'm not talking about running these VMs in graphical mode, these are Linux server instances like CentOS minimal, Ubuntu server, etc. You may be able to run X, but I haven't tried it. I want to run a bunch of instances in text mode, running app components like Tomcat, Glassfish, Mongo, and MySQL.
There are a few container-based solutions that are popular, namely LXC (Linux Containers), and OpenVZ. For this post, I'll focus on OpenVZ. Let's walk through the configuration. Let's build an OpenVZ host running CentOS 6.2, then we'll deploy an Ubuntu 12.04 server VM on top.
Installing OpenVZ
I'll skip past the part where we install CentOS 6.2, assuming that you've got it running on your laptop, or dare I say it, a copy running in Virtual Box or VMware Player. Yes we can run OpenVZ VMs in a VM in a hypervisor. After you have CentOS install, it's advisable to bring the install up to date with the latest updates. Open a terminal, and type the following:
sudo bash
yum upgrade
Now that you're up to date, we can install OpenVZ by typing the following:
yum install wget
wget -P /etc/yum.repos.d http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
yum update
yum install openvz-kernel-rhel6 vzctl vzquota
After the install completes, edit the file /etc/sysctl.conf and add the following lines to the bottom of the file:
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Next, disable selinux by editing the file /etc/selinux/config and set SELINUX=disabled
Now reboot.
Installing the Web Interface
After rebooting we can install the web management interface for OpenVZ. To do this, open a terminal window and type the following:
sudo bash
wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh
Configuring the Firewall
Finally, we need to tweak the iptables firewall to allow the host for forward traffic for the VMs, and allow access to the web interface. To do this, edit the file /etc/sysconfig/iptables and add the lines shown highlighted below. The order of the lines is important, ACCEPT rules need to come before REJECT rules. Notice that I've remarked (disabled) the REJECT rule for forwarding.
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 3000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
# -A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
To make the changes take effect, type:
sudo service iptables restart
Building VMs
Now we can start using the web panel. Open a web browser and browse to
The default user name is admin and the password is admin. You should change the password right away using the My Profile menu item, you can also create new users using the Users menu item.
Now click on Physical Servers / localhost. Then click on the OS Templates item in the right-hand pane.
Click Install New OS Template, choose one from the list, (keep in mind that you can't install a 64 bit template on a 32 bit host) then click Install. The template will take a few moments to be downloaded and show up in the templates list. Once is shows up, click on localhost again.
Now click Create Virtual Server in the right-hand pane. In the dialog, enter the following information:
Enter a VEID (choose a unique number for each VM, you can start with 1).
Choose an OS template
Specify a hostname, IP address, and the root password you want in the VM.
Next, click on Additional Settings and specify a DNS server address (if you're on home wireless you might use 192.168.1.1) and a DNS search domain (localdomain), then click Create.
Now we can start the VM, highlight it and click Change State - start.
Within a second or two, your new VM will be running. You can now SSH into your VM as root (ssh root@
Rinse and repeat. The OS templates are minimal server installs, so not a lot of disk space or memory is used per VM, so you should be able to spin up a bunch. Enjoy!
Related Posts:
Image icons used on this site are courtesy of Oxygen-icons.org
1 comments:
Post a Comment