Log in

No account? Create an account

Previous Entry | Next Entry

Is OpenVZ obsoleted?

Oh, such a provocative subject! Not really. Many people do believe that OpenVZ is obsoleted, and when I ask why, three most popular answers are:

1. OpenVZ kernel is old and obsoleted, because it is based on 2.6.32, while everyone in 2013 runs 3.x.
2. LXC is the future, OpenVZ is the past.
3. OpenVZ is no longer developed, it was even removed from Debian Wheezy.

Let me try to address all these misconceptions, one by one.

1. "OpenVZ kernel is old". Current OpenVZ kernels are based on kernels from Red Hat Enterprise Linux 6 (RHEL6 for short). This is the latest and greatest version of enterprise Linux distribution from Red Hat, a company who is always almost at the top of the list of top companies contributing to the Linux kernel development (see 1, 2, 3, 4 for a few random examples). While no kernel being ideal and bug free, RHEL6 one is a good real world approximation of these qualities.

What people in Red Hat do for their enterprise Linux is they take an upstream kernel and basically fork it, ironing out the bugs, cherry-picking security fixes, driver updates, and sometimes new features from upstream. They do so for about half a year or more before a release, so the released kernel is already "old and obsoleted", as it seems if one is looking at the kernel version number. Well, don't judge a book by its cover, don't judge a kernel by its number. Of course it's not old, neither obsoleted -- it's just more stable and secure. And then, after a release, it is very well maintained, with modern hardware support, regular releases, and prompt security fixes. This makes it a great base for OpenVZ kernel. In a sense, we are standing on the shoulders of a red hatted giant (and since this is open source, they are standing just a little bit on our shoulders, too).

RHEL7 is being worked on right now, and it will be based on some 3.x kernel (possibly 3.10). We will port OpenVZ kernel to RHEL7 once it will become available. In the meantime, RHEL6-based OpenVZ kernel is latest and greatest, and please don't be fooled by the fact that uname shows 2.6.32.

2. OpenVZ vs LXC. OpenVZ kernel was historically developed separately, i.e. aside from the upstream Linux kernel. This mistake was recognized in 2005, and since then we keep working on merging OpenVZ bits and pieces to the upstream kernel. It took way longer than expected, we are still in the middle of the process with some great stuff (like net namespace and CRIU, totally more than 2000 changesets) merged, while some other features are still in our TODO list. In the future (another eight years? who knows...) OpenVZ kernel functionality will probably be fully upstream, so it will just be a set of tools. We are happy to see that Parallels is not the only company interested in containers for Linux, so it might happen a bit earlier. For now, though, we still rely on our organic non-GMO home grown kernel (although it is already optional).

Now what is LXC? In fact, it is just another user-space tool (not unlike vzctl) that works on top of a recent upstream kernel (again, not unlike vzctl). As we work on merging our stuff upstream, LXC tools will start using new features and therefore benefit from this work. So far at least half of kernel functionality used by LXC was developed by our engineers, and while we don't work on LXC tools, it would not be an overestimation to say that Parallels is the biggest LXC contributor.

So, both OpenVZ and LXC are actively developed and have their future. We might even merge our tools at some point, the idea was briefly discussed during last containers mini-conf at Linux Plumbers. LXC is not a successor to OpenVZ, though, they are two different projects, although not entirely separate (since OpenVZ team contributes to the kernel a lot, and both tools use the same kernel functionality). OpenVZ is essentially LXC++, because it adds some more stuff that are not (yet) available in the upstream kernel (such as stronger isolation, better resource accounting, plus some auxiliary ones like ploop).

3. OpenVZ no longer developed, removed from Debian. Debian kernel team decided to drop OpenVZ (as well as few other) kernel flavors from Debian 7 a.k.a. Wheezy. This is completely understandable: kernel maintenance takes time and other resources, and they probably don't have enough. That doesn't mean though that OpenVZ is not developed. It's really strange to argue that, but please check our software updates page (or the announce@ mailing list archives). We made about 80 software releases this year so far. This accounts for 2 releases every week. Most of those are new kernels. So no, in no way it is abandoned.

As for Debian Wheezy, we are providing our repository with OpenVZ kernel and tools, as it was announced just yesterday.


( 7 comments — Leave a comment )
Mario Kleinsasser
Oct. 16th, 2013 04:41 am (UTC)
+1, nothing more to say.
Oct. 17th, 2013 06:07 pm (UTC)
You will be speaking at the Linux Symposium in Ottawa, Nov 2013. Will you talk about the reasons that OpenVZ is not all in the upstream kernel, and what we can do to help it get there? Or do we need to work at RedHat to help? Or perhaps contribute to Fedora.

Will you talk about 'stronger isolation, better resource accounting, plus some auxiliary ones like ploop'?
Steven Crothers
Oct. 24th, 2013 05:06 pm (UTC)
People make it sound like Debian's Kernel is relevant somehow to anything.

Last time I checked, the Debian project, as a whole, in it's entirety doesn't contribute anything noticeable to the Kernel.

Red Hat, Google, Intel, Parallels (OpenVZ), AMD, and even Microsoft make up larger percentages of any of Debian's upstream patching.

It's upsetting to see people actually use Debian (or even Ubuntu) as some "benchmark" of quality or relevance.
Oct. 24th, 2013 06:45 pm (UTC)
That was both harsh and uninformed. While I am definitely a Red Hat and Fedora fanboi I do recognise that Debian does actually contribute to the kernel. You just don't see them listed when LWN and/or Greg-KH does analysis on who created a NEW kernel release. If Debian doesn't show up in the who wrote the (new) kernel surveys, how does Debian contribute to the kernel? Simple, they are significant contributers to the kernels they run... so their contributions show up in the z releases (as in x.y.z) for the kernels that they ship. So for example, Debian 6 runs 2.6.32 (I think)... and Debian was a significant contributor to releases beyond 2.6.32.x. I'm sure they are also significnat contributers to whatever kernel version they are using in Debian 7 (3.2.x?).

Does contributing to the particular kernel versions they ship have as much ecosystem impact as those who make significant contributions to each new kernel release? Maybe not but it is still significant so please quit dogging on them.
Oct. 28th, 2013 02:31 am (UTC)
From my personal perspective, Debian is a good and solid distro (although I don't use it much myself -- and when I do, I need a cheat sheet like http://openvz.org/Package_managers).

Having said that, I fail to understand why people use Ubuntu on server systems -- their kernel team is basically non-existent, and for the server, I believe, kernel is of high importance.
Nov. 7th, 2013 10:26 am (UTC)
regarding using debian for servers

we use proxmox so have parts of the best of both worlds, RedHat kernel and Debian package management.

we use debian because:
1-debian updates never touch our configuration files.
2-can upgrade to next release.

the last time we ran centos was a few months ago. we have a primary and backup pbx system. for 3 years one ran centos. it was not upgradable to the next centos release . that has been our expierence with rpm based systems since redhat 5.

In my opinion redhat has the solid engeneering needed for kernel, but debian is easier to maintain for services like dhcp , dns, mail, imap etc.

and for firewall we've used pfsense for 5 years.
Andrew Beveridge
Nov. 13th, 2016 10:23 pm (UTC)
Any change in opinion in the last 3 years?
I've been using OpenVZ containers (made lazy by Proxmox) for years, but I've only just realized that even Proxmox has now moved over to LXC.

Do you still stand by your opinions above now in 2016?
Everywhere I turn it's seeming like OpenVZ as it was is now dead and only exists as a part of Virtuozzo, implying LXC really is the future of linux containers.
( 7 comments — Leave a comment )

Latest Month

July 2016
Powered by LiveJournal.com
Designed by Tiffany Chow