Re: Linux 3.2 in wheezy

To: debian-devel@lists.debian.org
Subject: Re: Linux 3.2 in wheezy
From: Adam Borowski <kilobyte@angband.pl>
Date: Mon, 30 Jan 2012 01:44:59 +0100
Message-id: <[🔎] 20120130004459.GA22039@angband.pl>
In-reply-to: <[🔎] 1327872371.5400.375.camel@deadeye>
References: <20120129182205.GR12704@decadent.org.uk> <[🔎] 1327867067.13223.3.camel@hidalgo> <[🔎] 1327872371.5400.375.camel@deadeye>

On Sun, Jan 29, 2012 at 09:26:11PM +0000, Ben Hutchings wrote:
> On Sun, 2012-01-29 at 20:57 +0100, Yves-Alexis Perez wrote:
> > On dim., 2012-01-29 at 18:22 +0000, Ben Hutchings wrote:
> > > Featuresets
> > > -----------
> > > 
> > > The only featureset provided will be 'rt' (realtime)
> > > 
> > > If there are particular container features that should be enabled or
> > > backported to provide a useful replacement for OpenVZ or VServer,
> > > please let us know.  We cannot promise that these will all be enabled
> > > but we need to know what is missing. 
>  
> See the complaints about removing OpenVZ in wheezy despite 4 years'
> advance notice of this.

lxc wasn't anywhere near feature parity with vserver/openvz then.

It would be nice to have some documentation about how lxc is different from
them, and how to work around bugs and limitations.  I for one spent ~10
hours (ok, only) checking out lxc and I'm nowhere near comfortable enough to
even think about production use or migration yet.  There are tens of
thousands of sysadmins in this state so a list of caveats would be nice
(rather than mere howtos).

Example problems:

* how to uncorrupt ttys (ssh in works fine)?  Unlike a serial console,
  setting TERM, stty and TIOCGWINSZ seems to be not enough.

* how to execute a command in a running VM?  lxc-execute complains that the
  container is busy, forcing it results in processes in both sessions not
  seeing each other (ie, they end up in different cgroups instead of
  entering the existing one).

* how to ensure good isolation while still being able to do useful work? 
  The point of vserver is that even root inside a VM shouldn't be able to
  affect the host, on lxc you keep hurting the host by accident.  Messing
  with capabilities blindly is trial and error, which is precisely what you
  don't want to do in a system meant for security.

And so on, so on.  I bet there is documentation for every quirk somewhere
out there -- it's just that researching every question takes a long time
spent googling rather than doing useful work.  This is what people complain
about.

Such a list of migration issues won't write itself, but I'm afraid it would
take someone who knows lxc well rather than a person who takes features of
vserver or openvz for granted.

-- 
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets.  Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.

Reply to:

Follow-Ups:
- Re: Linux 3.2 in wheezy
  - From: md@Linux.IT (Marco d'Itri)
- Re: Linux 3.2 in wheezy
  - From: Bernd Zeimetz <bernd@bzed.de>

References:
- Re: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Linux 3.2 in wheezy
Next by Date: Bug#657932: ITP: ical2html -- create an HTML table from icalendar data
Previous by thread: Re: Linux 3.2 in wheezy
Next by thread: Re: Linux 3.2 in wheezy
Index(es):
- Date
- Thread