Fedora

Video: KVM within KVM, aka Nested

Submitted by Scott Dowdle on Fri, 04/01/2016 - 13:51

A few of us were talking about VDI and KVM in IRC and our buddy kaptk2 told me that nested KVM was working pretty well these days... since Fedora 19 he said.  I had not tried it yet so I thought I'd give it a try.  It worked so well that I thought I'd make a screencast showing it off. The original recording size was 1920x1080 (plus titlebar) and I scaled it down to 1280x734... so full-screen it for a better view beyond the embedded 824x473 video.  Oh, and yes SELinux is enabled and in enforcing mode everywhere.  Umm, and NO, this is NOT an April fools joke!

There is a tiny bit of work to do to get it going but not much.  Add a kernel boot parameter and configure the CPU details for the VM.  For more info, see this:
https://fedoraproject.org/wiki/How_to_enable_nested_virtualization_in_KVM


nested-kvm-on-fedora-23.webm (21 minutes, 21.5 MB)

Video: Comparing Fedora 23 and Korora 23 (Cinnamon)

Submitted by Scott Dowdle on Wed, 03/30/2016 - 17:13

A user with the IRC nick of CoffeeMan wanted to know how Fedora 23 and Korora 23 (Cinnamon edition) compared for resource usage because he was seeing performance differences between the two.  There shouldn't really be much in the way of differnces other than branding and themes... so I created two KVM VMs and installed them both side-by-side.  While I realize that running two VMs at the same time isn't really that bright when it comes to getting accurate performance metrics, it at least gives one an idea how of they compare... and things like the number of processes, CPU usage, RAM used, disk used, etc... shouldn't really vary that much.

While it is a fairly boring, not-much-action video, at least it is small.  28+ minutes at about 16.4 MB.  It is 200Kbit (variable bit-rate) with no audio with a resolution of 1280x491 at 25FPS.  Not too bad.  I have made the default size in the browser be 824x316 so go full screen for a much better view.

fedora23-vs-korora23-resource-usage.webm (28.5 minutes - 16.4 MB)

Video: Fedora 23 LXC - Debian SID and CentOS 7 XFCE containers via X2Go

Submitted by Scott Dowdle on Sun, 02/07/2016 - 17:21

Being a LONG-TIME OpenVZ user, I've been avoiding LXC some. Mainly because it wasn't quite done yet. I thought I'd give it a try on Fedora 23 to see how well it works... and the answer is surprisingly... fairly well. I made two screencast (without sound). I just used the lxc-{whatever} tools rather than virt-manager. Both containers just use the default network config (DHCP handed out via DNSMasq provided by libvirtd) which is NAT'ed private addresses... and were automatically configured and just worked. Here's a list of all of the container OS Templates they offer on x86:

centos 6 amd64 default 20160205_02:16 
centos 6 i386 default 20160205_02:16 
centos 7 amd64 default 20160205_02:16 
debian jessie amd64 default 20160204_22:42 
debian jessie i386 default 20160204_22:42 
debian sid amd64 default 20160207_11:58 
debian sid i386 default 20160204_22:42 
debian squeeze amd64 default 20160204_22:42 
debian squeeze i386 default 20160204_22:42 
debian wheezy amd64 default 20160204_22:42 
debian wheezy i386 default 20160204_22:42 
fedora 21 amd64 default 20160205_01:27 
fedora 21 i386 default 20160205_01:27 
fedora 22 amd64 default 20160205_01:27 
fedora 22 i386 default 20160205_01:27 
gentoo current amd64 default 20160205_14:12 
gentoo current i386 default 20160205_14:12 
opensuse 12.3 amd64 default 20160205_00:53 
opensuse 12.3 i386 default 20160205_00:53 
oracle 6.5 amd64 default 20160205_11:40 
oracle 6.5 i386 default 20160205_11:40 
plamo 5.x amd64 default 20160207_11:59 
plamo 5.x i386 default 20160207_13:13 
ubuntu precise amd64 default 20160205_03:49 
ubuntu precise i386 default 20160205_03:49 
ubuntu trusty amd64 default 20160205_03:49 
ubuntu trusty i386 default 20160205_03:49 
ubuntu trusty ppc64el default 20160201_03:49 
ubuntu vivid amd64 default 20160205_03:49 
ubuntu vivid i386 default 20160205_03:49 
ubuntu wily amd64 default 20160205_03:49 
ubuntu wily i386 default 20160205_03:49 
ubuntu xenial amd64 default 20160205_03:49 
ubuntu xenial i386 default 20160205_03:49

The first one shows the basics of LXC installation on Fedora 23 (per their wiki page on the subject) as well as creating a Debian SID container, getting it going, installing a lot of software on it including XFCE and most common desktop software... and accessing it via X2Go... and configuring XFCE the way I like it. This one was made on my home laptop and my network is a bit slow so I cut out a few long portions where packages were downloading and installing but everything else is there... yes including quite a bit of waiting for stuff to happen.

lxc-on-fedora-23-debian-sid-GUI-container.webm (25 MB, ~41.5 minutes)

The second video is very similar to the first but it is a remote ssh session with my work machine (where the network is way faster) and shows making a CentOS 7 container, installing XFCE and the same common desktop software, and then connecting to it via X2Go using an ssh proxy, and configuring XFCE how I like it. It was done in a single, un-edited take and includes a bit of waiting as stuff downloads and installs... so you get the complete thing from start to finish.

lxc-on-fedora-23-centos-7-GUI-container.webm (22.7 MB, ~31 minutes)

I recorded the screencasts with vokoscreen at 25 frames-per-second @ slightly larger than 720p resolution... and then converted them to webm (vp9) with ffmpeg @ 200kbit video. They compressed down amazing well. I recommend playback in full-screen as the quality is great. Enjoy!

Video: The Mystery of Dan Walsh

Submitted by Scott Dowdle on Thu, 08/27/2015 - 17:21

Everyone knows Red Hat's Dan Walsh as the SELinux guy... and more recently as the guy who pronounces Docker in a Boston accent as "Dockah". Turns out he was the subject of a recent TNT Network's Rizzoli and Isles episode. Enjoy. Oh, and, "All roads lead... to Dan Walsh." (the missing last 3 seconds)

For those with iFrame issues, here's the direct link:
dan-walsh-mystery.webm

Video: Super Privileged Containers

Submitted by Scott Dowdle on Fri, 07/17/2015 - 10:55

For anyone who hasn't seen this yet who is interested in containers, this is a must see. Watch Red Hat's SELinux guru Dan Walsh explain and demo Super Privileged Containers from the Red Hat Summit 2015. Enjoy!

For those who are iFrame challenged, here's the direct YouTube link:
https://www.youtube.com/watch?v=dM2Fc53Dtd4

Video: Demystifying systemd (RHS 2015)

Submitted by Scott Dowdle on Tue, 06/30/2015 - 03:43

I haven't watched this yet... but I'm sure it is a new classic... with a title like Demystifying systemd. There are a number of awesome videos from Red Hat Summit 2015 so check them out.

For those with iframe issues, here's the direct link:
https://www.youtube.com/watch?v=S9YmaNuvw5U

Video: Containers with systemd

Submitted by Scott Dowdle on Mon, 06/15/2015 - 14:00

Linux Weekly News had a write-up in their Weekly Edition last week... of Lennart Poettering's talk (Containers with systemd) at LinuxCon Japan 2015. That article should be available freely later this week... but I found a recording of what appears to be the same talk at a different event from April 2015. Here are the slides. Enjoy!

For those with iFrame issues, here's the direct link:
https://www.youtube.com/watch?v=d4SwL2t5Yh4

Here's some documentation on that stuff if you are looking for it.

Want more? How about more of a hands-on approach? Gábor Nyers can provide more... in his presentation from the recent OpenSUSE Conference 2015.

Video: Fedora 22 MATE Desktop OpenVZ container on release day

Submitted by Scott Dowdle on Tue, 05/26/2015 - 14:48

If you didn't notice, Fedora 22 was released today. Today I refreshed the Fedora 22 OS Template I made for OpenVZ and uploaded it to contrib. For fun, I thought I'd build a MATE Desktop GUI container right in front of your eyes... and then connect to it via x2go.

Installing a desktop environment in a container can be fraught with danger for the uninitiated. The problem? Well, it always drags in NetworkManager, a graphical login manager, and various other packages / services that aren't really appropriate for a container. With a handful of systemd statements though, it is an easy fix. Watch and I'll show you how. Enjoy!

For those with iFrame issues, here's a direct link to the webm video:
openvz-fedora22-mate-container.webm

You can pretty much use the same recipe for other desktop environments. The only thing you want to avoid are desktop environments that require accelerated 3D because those won't work over x2go. Which desktops use that? GNOME and Plasma 5... Cinnamon probably... and if you were on Ubuntu, Unity. XFCE, MATE, OpenBox, LXQT, etc work fine... although I haven't tried them all.

Video: LXD containers vs. KVM

Submitted by Scott Dowdle on Sat, 05/23/2015 - 07:03

Since I'm such a big container fan (been using them on Linux since 2005) and I recently blogged about Docker, LXC, and OpenVZ... how could I pass up posting this? Some Canonical guys gave a presentation at the recent OpenStack Summit on "LXD vs. KVM". What is LXD? It is basically a management service for LXC that supposedly adds a lot of the features LXC was missing... and is much easier to use. For a couple of years now Canonical has shown an interest in LXC and has supposedly be doing a lot of development work around them. I wonder what specifically? They almost seem like the only company who is interested in LXC.. or at least they are putting forth a publicly noticeable effort around them.

Why Should You Care?
If Canonical can actually deliver on their LXD roadmap it is possible that it will be a suitable substitute for OpenVZ. The main "problem" with OpenVZ is that it is not in the mainline kernel, whereas LXC is. In practice you have to purposefully make an OpenVZ host (currently recommended on RHEL6 or clone) but with LXC/LXD any contemporary Linux system should be able to do full-distro containers... aka containers everywhere for everyone.

How About a Roadmap
Where is LXD now? Well, so far it seems to be mostly a technology preview available in Ubuntu 15.04 with the target "usable and production ready" release slated for the next Ubuntu LTS release (16.04)... which if you weren't familiar with their numbering scheme is 2016 April.

That's about a year away, right... so what do they still have left to do? If you go to about 23:30 in the video you'll get to the "Roadmap" section. They have work to do on storage, networking, resource management and usage reporting, and live migration. A bit of that falls within the OpenStack context... integrating with various OpenStack components so containers will be more in parity with VMs for OpenStack users... but still, that's quite a bit of work.

The main thing I care about absolutely being there is isolation and resource management which are really the killer features of OpenVZ. So far as I can tell, LXD does not offer read-only base images and layering like Docker... so that would be an area for improvement I would suggest. BTW they are using CRIU for checkpointing and live migration... thanks Parallels/OpenVZ!

Certainly LXD won't really make it no matter how good it is until it is available in more Linux distributions than just Ubuntu. In a video interview a while back (which I don't have the link handy for at the moment) Mark Shuttleworth stated that he hopes and expects to see LXD in other distributions. One of the first distros I hope to see with LXD is Fedora and that's the reason I tagged this post appropriately.

Broadening the Echosystem
Historically I've been a bit of an anti-Canonical person but thinking more about it recently and taking the emotion out of it... I do wish Ubuntu success because we definitely need more FLOSS companies doing well financially in the market... and I think Red Hat (and OpenVZ) will have an incentive to do better. Competition is good, right? Anyway, enjoy the video. BTW, everything they tout as a benefit of LXD over KVM (density, speed of startup, scalability, etc) is also true of OpenVZ for almost a decade now.

For those with iFrame issues, here's the YouTube link:
LXD vs. KVM

Containers Should Contain
Let's face it, Docker (in its current form) sucks. Why? Well, ok... Docker doesn't totally suck... because it is for applications and not a full system... but if a container doesn't contain, it isn't a container. That's just how language works. If you have an airplane that doesn't fly, it isn't an airplane, right? Docker should really say it is an "Uncontainer" or "Uncontained containers"... or better yet, just use a different word. What word? I'm not sure. Do you have any suggestions? (Email me: dowdle@montanalinux.org)

What is containment? For me it is really isolation and resource control. If a container doesn't do that well, call it something else. OpenVZ is a container. No, really. It contains. OpenVZ didn't start life using the word container. On day one they were calling them "Virtual Environments" (VEs). Then a year or two later they decided "Virtual Private Server" (VPS) was the preferred term. Some time after switching to VPS, VPS became quite ambiguous and used by hosting companies using hardware virtualization backends like Xen and VMware (KVM wasn't born yet or was still a baby). Then OpenVZ finally settled on the word "container".

If you want a fairly good history of the birth and growth of OpenVZ over the years, see Kir's recent presentation.

Hopefully LXD will live up to "container" but we'll have to wait and see.