On Thu, Oct 24, 2013 at 09:11:30AM +0100, Jonathan Dowland wrote: > On Thu, Oct 24, 2013 at 02:09:46AM +0200, Adam Borowski wrote: > > And I for one heavily use vservers > > It's a professional shame of mine that we are still trying to get rid of > some old vserver instances at $WORK.
lxc is still nowhere close to vserver (or openvz) functionality. It lacks even basics like "vserver enter" (you can't access a container more than once other than via ssh or similar), not to speak about holding hostile root. vserver probably is too heavily in maintenance mode to pretend to satisfy this anymore, but not catching all intentional attackers doesn't mean not stopping unintentional breakage -- or even intentional but not sophisticated enough intruders. And xen and kvm are so inefficient memory wise it's not funny. With vserver, an empty container costs you only as much as the actual processes need, while being able to get required memory immediately; with xen/kvm you need to provision it with a large piece of slack so it can allocate things before the baloon driver notices it must request more. Multiply the slack by the number of virtual machines and you end up with most of your memory doing nothing. Typical good practices with vserver include keeping every service in a container on its own... > I didn't think they'd rebased onto anything more recent than 2.6.20, I now > see (with some dread) that you can get those patches for 3.x series kernels. As every new major release adds more syscalls and refactoring to handle, there's usually some slight lag: 3.10 kernels got ported only as of 3.10.9 (last update: 3.10.15) and 3.11 is not yet there. Claiming it's stuck at a six and a half years old kernel, though, suggests your information might be a bit stale. > However, it does mean I can file your systemd experience (singular) in > the "I tried systemd in conjunction with $INSANESHIT and something > broke!" bucket. Rube Goldberg indeed… Debian's infrastructure relies pretty heavily on chroot, and even that would require Rube Goldberg steps to have daemons talk between the host and guest. Needing this in the first place is wrong, as the whole point of chroots/lxc/vserver/openvz/BSD jails/... is separation. -- ᛊᚨᚾᛁᛏᚣ᛫ᛁᛊ᛫ᚠᛟᚱ᛫ᚦᛖ᛫ᚹᛖᚨᚲ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131024095931.ga13...@angband.pl
