Long time no see. It's 11pm here now and I'm still in the office. Just though about why not to post to the blog right before I drive home. Really, why not?
I'm mostly working on new vzctl release lately (you can see the progress in vzctl's git web interface here). The ultimate task is to fix most of bugs opened for vzctl in OpenVZ bugzilla (some are dated back to 2007 -- no, they are not critical or even major, but anyway). So far the list of vzctl bugs yet opened are down to one singe page (i.e. scroll bar has disappeared from the browser window) which is a big improvement.
The process is somewhat slow because ( why?Collapse )
The way to perfection is never easy. That doesn't mean we shouldn't try.
I finally did an upgrade of forum software used on forum.openvz.org. As any big upgrade, it went not so flawlessly as I wanted it to. Read on for some details.
The first problem is "Compact messages" operation caused all the messages to, hmm, be ultimately compacted, or in plain words deleted. Have restored it from the backup, so a few messages written after the last backup were lost. I apologize if it caused any problems for you. Some people may still find messages that
Next problem is forum theme -- basically you have to recreate it from scratch, haven't done that yet, still thinking of what layout will be more convenient.
Yet another problem we found only today is with private messaging, basically rendering it useless. The thing is, a new version of forum software introduced a separate limits on total size of private messages for admins and moderators. Strange enough, upgrade script did't care and just set the new values to zero! Tracked it down by reading the source code, fixed the limits, problem solved. Fortunately no one has seen it, except for the admins and moderators -- which is kinda funny.
Also, I fixed a bug in the forum code (well, technically not a bug but a bad interaction of old version of PHP vs. forum software) which prevented indexing of non-latin (i.e. cyrillic, i.e. russian) messages. So now it's possible for Russian-speaking users to use search.
Finally, I am still a bit unsure if the forum functions fine after the upgrade. So if you find any problems with forum, please let me know.
Yet again I spent almost full working day trying to improve antispam protection on wiki.openvz.org.
Currently 99% of all spam on the web is link spam -- bad guys are adding lots of links to the sites they promote in order to increase page rank values for that sites. In fact they get no profit from that, since in all recent mediawiki installation (including wikipedia itself) all the external links comes with ref="nofollow" attribute. That attribute is respected by Google crawler and other such bots and basically means "ignore this link".
Nevertheless spammers keep inserting trash into such wikis. Recently such activity mostly comes in a form of a user page (or user talk page) creation that looks like, well, a legitimate user page (something along the lines of "My name is John Doe, I'm Java coder, my hobbies are swimming and fishing") but with a blatant plug added ("Here are some cool sites: [1] [2] [3] ...").
For about 2 years or so wiki.openvz.org asks you to login/register in order to edit, so anonymous edits are not allowed. That helps a bit, but still there are bots that performs register, log in and post.
So now I have added another restriction: users that have just registered can not create new pages. Here "just registered" means "registered less than 24 hours ago". Note that such users can still freely edit existing pages. Let's see if it helps.
Oh, almost forgot to say it: looks like captchas don't work at all! Either spammers have good OCR tools, or they hire enough human beings to "manually" decipher those cryptic images.
Second, my friend Bernhard and I helped Kir with his booth on the LinuxTag. It was a great pleasure for us because Kir is a really cool guy. We had the chance to hear and learn a lot about Kernel development and OpenVZ in general. Also it was very nice to discuss our OpenVZ server farm at work with Kir's Know How. Quote "Kir: Uhh, you perl scripts are really hardcoded" - :o)
I hope we will see us before the next LinuxTag next year. As we spoke about we decide to help the project by doing support on the forum/blog and maybe some wiki stuff (system use case).
For all readers we took some pictures from the booth and us. You can find them on our blog page systec.blogsite.org.
I am almost ready for the LinuxTag, my flight from Moscow to Berlin is tomorrow mid-day. I have prepared booklets, even in German (thanks to Mario and Bernhard, OpenVZ users from Austria who will also help me with the booth). And I will even have a monitor to demo Overo Gumstix running Linux (thanks to Björn from XtreemFS). So if you are visiting LinuxTag this year, come to say hello!
If you happen to be on a different continent, North America, then I welcome you to visit LinuxSymposium. This is a quite a big annual event, and unlike LinuxWorld (which is now called OpenSourceWorld) they haven't changed their name for 10 years (well, hmm, actually they dropped the Ottawa prefix since this year it will be held in Montreal -- but at least they left the Linux part, the one that is most important for me). For the LinuxSymposium I am preparing a tutorial and a BoF. So, again, come to say hello! :)
I have just got my passport back from the German embassy today, with a shiny new Schengen visa and booked tickets to Berlin. Yes, this is for LinuxTag event which will take place in Berlin, Germany, from 24th to 27th of June. OpenVZ will have a booth on the show.
Are there any OpenVZ users living not too far from Berlin* who can help me with the booth (i.e. be a booth star together with me)? Please contact me by leaving a comment here or email to kir at openvz dot org, I need your help.
* from my perspective every German city is not too far from Berlin :) but YMMV.
There is a nice feature in vzctl (well, technically not in vzctl binary itself; it just comes in vzctl package) that many people don't know about -- completion. This basically makes it able to save a few keystrokes when typing.
Say you want to create a container. You type vzct and press <TAB> -- it completes that to vzctl and a space after. This is usual feature of bash -- it looks all the binaries available in $PATH and tries to complete their names.
Now let's see the vzctl completion: # vzctl cr<TAB> completes to # vzctl create and then after yet another <TAB> it suggests a CT ID which is the MAX+1 (i.e. if you have containers 101, 102 and 105 it will suggest 106): # vzctl create 106 Now we want to specify an OS template: # vzctl create 106 --os<TAB> will get you to # vzctl create 106 --ostemplate and then you press <TAB> again twice to see the list of available OS templates: # vzctl create 106 --ostemplate <TAB><TAB> centos-5-x86 centos-5-x86-devel fedora-9-x86 suse-11.1-x86 Now you type in the first few characters of the OS template you want to use: # vzctl create 106 --ostemplate f<TAB> and it will complete that to # vzctl create 106 --ostemplate fedora-9-x86 Now, unless you want to specify --config or some other parameters, just press Enter.
This completion is smart -- say, if you want to start a container, type in # vzctl start <TAB><TAB> and it will give you the list of container IDs that can be started (i.e. all the stopped containers).
And so on and so forth. Well, you say, it doesn't work! In that case you have to enable it, here's how.
On a RHEL, CentOS or Fedora system run yum install bash-completion and then relogin (i.e. log out and log in again). If your host system is Gentoo, run emerge bash-completion and then eselect bashcomp enable vzctl. I hope someone will comment on how to enable this for Debian/Ubuntu/SUSE or whatever your favorite distro is.
I am preparing an updated set of precreated templates; those should be ready tonight or tomorrow, available from the usual place.
In addition to a bunch of updated templates, this time we add a few new ones: - Fedora 10 (aka Cambridge) - openSUSE 11.1 - Ubuntu 9.04 (aka The Jaunty Jackalope)
OpenSUSE is interesting -- apparently they dropped yum (which was available in 10.3 and 11.0 but not in 11.1) and now they have something called zypper. Also note that openSUSE lacks the code name. Apparently the SUSE guys are already aware of the issue and have a plan to fix it -- the next release (openSUSE 11.2) will be codenamed Fichte, after the German XIIX century philosopher. Subsequent openSUSE releases will also be named after famous philosophers -- Rousseau, Voltaire, Lessing (although I'm not sure which Lessing do they have in mind, probably Theodor). Interesting... maybe they got the naming idea from OpenVZ kernels. ;)
Also, during the next update (i.e. in about a month, not now) we are going to remove a few templates that are old and unsupported: - Debian 3.1 "Sarge" (EOL 30 Mar 2008) - Fedora 7 (EOL 13 Jul 2008) - openSUSE 10.3 (EOL 19 Sep 2008) - Fedora 8 (EOL 7 Jan 2009) - Ubuntu 7.10 (EOL 18 Apr 2009) Anybody who's using those distros inside containers should updated to something more (r|d)ecent and supported. You have been warned.
PS For people who use our stable kernels (i.e. RHEL5 branch) -- please note that you have to update to the latest kernel (028stab062.3 at the moment) in order to use Fedora 10 in containers. This is due to a few new system calls recently added to the Linux kernel which Fedora 10 userland expect to have in the kernel. Those syscalls were just backported to our RHEL5 branch by the OpenVZ team.
From time to time, somebody critisizes OpenVZ kernel patch for its intrusiveness and size. Right, it is big and intrusive -- it adds a whole lot of new features into the kernel. But how big is it?
Our engineer prepared some stats on three different kernels: 1. OpenVZ stable kernel (based on 2.6.18-RHEL5); 2. OpenVZ development kernel (based on 2.6.27); 3. RHEL5.3 kernel (based on 2.6.18). You can see the results by clicking the image at the right.
Some notes for the graph. For OpenVZ kernels, we distinguish between core kernel changes and the stuff that is built as modules. For RHEL kernel, we break the patchset down into a few categories, such as drivers, Xen, GFS, ext4 and so on; "other" means everything not covered by any other category. The numbers are thousands lines of code added and deleted, combined. A table below the graph has some more details, like how many files were changed, how many lines added and deleted.
Now to the conclusions. Two major points can be made: 1. Even without drivers, RHEL5 kernel patches add/delete 434 KLOCs*, which is 8.5x times bigger then OpenVZ kernel modifications (51 KLOC). So, yes, OpenVZ patch set is big, but not that big. 2. OpenVZ based on mainstream 2.6.27 kernel requires 40% less** modifications to the kernel due to on-going effort to integrate the functionality into mainstream.
* KLOC is a thousand lines of source code. ** we only count the core changes, omitting the modules.
I tried it and was able to migrate a CentOS 7 container... but the Fedora 22 one seems to be stuck in the "started" phase. It creates a /vz/private/{ctid} dir on the destination host (with the same…
The fall semester is just around the corner... so it is impossible for me to break away for a trip to Seattle. I hope one or more of you guys can blog so I can attend vicariously.
Comments
Do you still stand by your opinions above now in 2016?…