Re: systemd effectively mandatory now due to GNOME
On Thu, Oct 24, 2013 at 09:11:30AM +0100, Jonathan Dowland wrote:
> On Thu, Oct 24, 2013 at 02:09:46AM +0200, Adam Borowski wrote:
> > And I for one heavily use vservers
> It's a professional shame of mine that we are still trying to get rid of
> some old vserver instances at $WORK.
lxc is still nowhere close to vserver (or openvz) functionality. It lacks
even basics like "vserver enter" (you can't access a container more than
once other than via ssh or similar), not to speak about holding hostile
root. vserver probably is too heavily in maintenance mode to pretend to
satisfy this anymore, but not catching all intentional attackers doesn't
mean not stopping unintentional breakage -- or even intentional but
not sophisticated enough intruders.
And xen and kvm are so inefficient memory wise it's not funny. With
vserver, an empty container costs you only as much as the actual processes
need, while being able to get required memory immediately; with xen/kvm you
need to provision it with a large piece of slack so it can allocate things
before the baloon driver notices it must request more. Multiply the slack
by the number of virtual machines and you end up with most of your memory
doing nothing. Typical good practices with vserver include keeping every
service in a container on its own...
> I didn't think they'd rebased onto anything more recent than 2.6.20, I now
> see (with some dread) that you can get those patches for 3.x series kernels.
As every new major release adds more syscalls and refactoring to handle,
there's usually some slight lag: 3.10 kernels got ported only as of 3.10.9
(last update: 3.10.15) and 3.11 is not yet there. Claiming it's stuck at a
six and a half years old kernel, though, suggests your information might be
a bit stale.
> However, it does mean I can file your systemd experience (singular) in
> the "I tried systemd in conjunction with $INSANESHIT and something
> broke!" bucket. Rube Goldberg indeed…
Debian's infrastructure relies pretty heavily on chroot, and even that
would require Rube Goldberg steps to have daemons talk between the host
and guest. Needing this in the first place is wrong, as the whole point
of chroots/lxc/vserver/openvz/BSD jails/... is separation.