1. By: Le Quoc Thai IOIT, VAST lquocthai@ioit.ac.vn SFD 2010 at IFI, Hanoi Virtualization & OpenVZ

2. Content Introduction: basic concepts Sharing experiences: solution selection, system installation, configuration, management Conclusions

3. Our “server farm” at IOIT :)) Servers: 4 identical old PCs (web, mail, database, DNS...)

4. … and our problems were Broken/Unstable hardware. Migration: compatibility. Fixed resource allocation

5. my boss was asking this question 4 new PCs or a single powerful server?

6. Other real life situations At a university (Vietnam): short term project vs. long time equipment amortization Nick van der Zweep (HP): data center's processing capability, only 10-15% used, thus wasted space & energy consumption.

7. what is common here? Balance: performance & usage

8. The right answer is...?

9. ... VIRTUALIZATION! =:>

10. Solution selection criteria Maturity Security Migration

11. Virtualization: definition (courtesy: M. Tim Jones)

12. Virtualization: what? Server Storage Operating systems Network Application

13. Basic concept: HW virtualization (courtesy: desktop-virtualization)

14. … OS virtualization (courtesy: LiveTime)

15. … server virtualization (courtesy: Redhat)

16. … in other way

17. From some old ideas... D2 (Detect & destroy): virus quarantine. Kevin Kettler (Dell, 2006): disposable desktop (due to virus infection) JVM: platform independent. Web browsers: security sandbox VLAN VPN

18. … to latest stories SaaS (Google Apps), PaaS, IaaS Cloud computing: privacy, information security (who control?)

19. Trends Technology centric toward service oriented: Server hosting: traditional vs. virtualized Data centers

20. Who are behind? Intel IBM Redhat Sun VMware Microsoft...

21. Solutions comparison Virtual machine VMWaren / QEMU / Microsoft Virtual Server Paravirtualization : various OS, same server Xen KVM: full virtualization VirtualBox (Sun Microsystem, Oracle): cho máy để bàn (GUI)

22. full virtualization (courtesy: M. Tim Jones)

23. Solutions comparison (cont.) Container virtualization: Ảo hóa mức hệ điều hành, cho hiệu suất và tính mở rộng tốt nhất. Solaris Zones / FreeBSD Jails OpenVZ : server virtualization (console) vs. emulation

24. OpenVZ: architecture (courtesy: OpenVZ)

25. OpenVZ features Single patch Linux kernel Linux only (both host & container), MS Windows not supported Supported by variety of distros: Debian, Ubuntu, CentOS, FedoraCore, Slackware...

26. OpenVZ remarkable strengths Performance: slower than direct execution, but only 1-2% CPU resources is for virtualization.

27. OpenVZ: installation plan For host HW: Athlon X2; as much RAM as possible (> 4G); quiet cooling, OS: Debian Lenny 5.0 No service, except SSH Partitioning scheme: / 1GB /boot 100MB /var 1GB /var/log 1GB

28. OpenVZ: installation plan For each container Partitioning scheme: depending on server usage 1 GB for / for each of them 1 GB for /var for each of them 1 GB (or more) for /var/log if it's a log server or a server with lot of logs (eg web) 1 GB (or more) for /var/lib if there is anything in it (eg MySQL, LDAP,...) and you should even do a dedicated LV for these services if they may be used for real (large databases) 1 GB (or more) for /var/spool for a mail server XX GB for /var/mail for a mail server XX GB for /var/www for a web server

29. OpenVZ: install & configure Template download: /var/lib/vz/template/cache Container creation $ vzctl create [veid] --ostemplate [OS template name] Vpsid should not be less than 101 Network config $ vzctl set [veid] --ipadd ipaddr -- nameserver nameserverIP --hostname hostname –save /etc/vz/conf/[veid].conf

30. OpenVZ: quickstart $ vzctl start/restart/stop/destroy veid 400-600MB per CT 1GB: 20 CTs in average $ vzctl enter veid Command execution without logging in $ vzctl exec veid

31. OpenVZ: security Change root password $ vzctl exec 101 passwd For normal users $ vzctl set veid --userpasswd user:passwd

32. OpenVZ: auditing $ vzlist $ vzctl status veid Statistics on resource usage $ vzcalc -v veid

33. OpenVZ: resource management Increasing storage $ vzctl set 123 --diskspace 20G:25G -- save

34. Bad thing had happened to me Server down only one time Host was running But 3 VE's was unreachable: ping or ssh Something wrong? $ vzlist -a (all VE's were still running) Ping from host to VE, or from host to the Internet

35. How did I fix it? Examine changes during 2 last reboots Revealed misconfiguration? sysctl -w net.ipv4.conf.eth0.proxy_arp=1 proxy_arp should be activated on CT interface, not host side (0 by default) $ grep. /proc/sys/net/ipv4/conf/*/proxy_arp Real cause DHCP: gateway was booting slower. Both host & CT's IP are dynamic

36. And that's all I had encountered … until now

37. Good things to try RAID LVM

38. Conclusions Virtualization was predicted as strategical technology for the year 2008 It's mature now.

39. OpenVZ : usage One single physical server Many separate logical server

40. Virtualization: benefits Resource efficiency: fast & flexible in mobilizating & sharing hardware. Security: one server running many services opened vs. many servers running single services (FOSS best practices) Cost

41. OpenVZ on Debian Debianized systems: shared software packages => very small VEs (300-400MB) Less problem as migrating to different hardware platform.

42. Who are using OpenVZ?

43. Who are making money of OpenVZ? https://appvz.com/vps.html ($19/mo) http://vpslink.com/ http://x10vps.com/openvz-hosting.php ($9.95/mo) http://www.a2hosting.com/services/vps-hosting/ ($8.97/mo) http://www.photonvps.com/vps.html ($10.95/mo) http://2host.com/ http://www.dreamhost.com/ http://www.hostgator.com/vps-hosting/

44. Who are making money of OpenVZ?

47. … and you too! Many dollar notes are waiting for you to collect. :D

48. References http://wiki.openvz.org http://www.kernelthread.com/publications/virtuali zation/ http://www.apac.redhat.com/rhel/virtualization

49. Special thanks to JC (HanoiLUG): for his recommendation, long discussion & technical support, and per review.

50. And thank you all for listening! Any questions?