On Friday, April 24, 2015 10:23:01 PM lee wrote: > "J. Roeleveld" <jo...@antarean.org> writes: > > On Thursday, April 23, 2015 11:03:53 PM lee wrote: > > Do you have anything that you find insufficiently documented or is too > > difficult? > sure, lots
Have you contacted the Xen project with this? > > Containers. > > Chroots don't have much when it comes to isolation. > > What exactly are the issues with containers? Ppl seem to work on them > and to manage to make them more secure over time. Lack of clear documentation on how to use them. All the examples online refer to systemd-only commands. > >> >>Which the "better" tool, or combination of tools is, depends on what > >> >>you > >> >>want to accomplish. You could use containers in a VM, too, or use > >> >>virtualbox along with containers to run the odd VMs that require full > >> >>virtualzation. > >> >> > >> > Virtualbox is nice for a quick test. I wouldn't use it for production. > >> > >> Why not? > > > > Several reasons: > > > > 1) I wouldn't trust a desktop application for a server > > So that's a gut feeling? No, a combination of experience and common sense. A desktop application dies when the desktop dies. > > 2) The overhead from Virtualbox is quite high (still better then VMWare's > > desktop versions though) > > Overhead in which way? I haven't done much with virtualbox yet and > merely found it rather easy to use, very useful and to just work fine. Virtualbox is easy when all you want is to quickly run a VM for a quick test. It isn't designed to run multiple VMs with maximum performance. In my experience I get on average 80% of the performance inside a Virtualbox VM when compared to running them on the machine directly. With Xen, I can get 95%. (This is using normal work-loads, lets not talk about 3D inside a VM) > Compared to containers, the overhead xen requires is enormous, Hardly comparable. Containers run inside the same kernel. With Xen, or any other virtualisation technology, you run a full OS. > and it > doesn't give you a stable system to run VMs on because dom0 is already > virtualized itself. Why doesn't it provide a stable system? The dom0 has 1 task and 1 task only: Manage the VMs and resources provided to the VMs. That part can be made extremely stable. My Lab machine (which only runs VMs for testing and development) currently has an uptime of over a year. In that time I've had VMs crashing because of bad code inside the VM. Not noticing any issues there. Neither with stability nor with performance. My only interaction with the dom0 there is the create/destroy/start/stop/... VMs. > I don't know how that compares to virtualbox --- I > didn't have time to look into it and it just worked, allowing me to run > a VM on the fly on the same machine I'm working on without any ado. For that scenario, VirtualBox is quite well suited. I wouldn't run Xen on my desktop or laptop. > That VM was simply a copy of a VM taken from a vmware server, and the > copy could be used without any conversion or anything. Good luck doing that when you installed the VMWare client tools and drivers inside a MS Windows VM. > You can't do > that with xen because you'll be having lots of trouble to convert the > VM, to convert the machine you're working on to xen and to get it to > work, to work around all the problems xen brings about ... Some days > later you might finally have it working --- which is out of the question > because the VM is needed right away. And virtualbox does just that. Look into the pre-configured versions of Xen, like what Citrix offers. I can import VMs from VMWare as well without issue. (Apart from the VMWare client tools as mentioned, but Virtualbox has the same issues) > I was really surprised that virtualbox worked that well. Maybe xen will > get there some time. Xen already is there. Please understand that Xen and Virtualbox have their own usecases: Xen is for dedicated hosts running VMs 24/7 Virtualbox is for testing stuff quickly on a laptop/desktop The only common part is that they both run VMs. -- Joost
