Prev: apt-get and aptitude
Next: Fedora 12: Tips for setting up a second monitor?
From: Artist on 21 Mar 2010 00:16
Aragorn wrote:
> On Sunday 21 March 2010 01:15 in comp.os.linux.setup, somebody
> identifying as Artist wrote...
>
>> David Brown wrote:
>>> Artist wrote:
>>> An alternative to a simple chroot jail is to use OpenVZ. Then you
>>> have a separate Linux installation inside a virtual server, but it
>>> shares the
>>> same kernel as the host. It's much lighter than a full
>>> virtualisation
>>> such as KVM, but stronger and more controllable than a chroot jail.
>>> For example, you can limit the cpu and memory resources of the jail /
>>> virtual server, and you can use standard iptable firewalls to control
>>> traffic into and out of the virtual server. And since you can get
>>> shell access to it from the host, you don't need any working logins
>>> from within the virtual server itself.
>>>
>>> Since the virtual server has its own separate file system, you can
>>> install, apt-get, update, etc., as you want independently from the
>>> host
>>> (with the only restriction being that they share a kernel). You can
>>> even mix-and-match distros - I have a 64-bit Debian Etch host, with
>>> virtual servers being a mixture of 32-bit and 64-bit Debian Etch and
>>> Lenny. Installation of software is normally exactly the same as if
>>> it were for a simple host.
>>>
>> What I have is a XenServer based VPS account at a web host. This would
>> mean running a VS inside a VPS. Is that possible, practical and
>> desirable?
>
> Since OpenVZ does itself not use any hardware virtualization extensions
> for the operating system level virtualization layer, it is capable of
> running on top of Xen. This should include XenServer.
>
> On the other hand, for such a set-up, it is advisable to use one of
> the "stable" OpenVZ kernels such as 2.6.26 or 2.6.27 instead of the
> default 2.6.18 kernel and configure and compile it yourself from
> sources, so you can make it paravirtualized. Works much more
> efficiently than a stock OpenVZ kernel, which requires that the
> hardware does have virtualization extensions enabled, since the default
> OpenVZ kernel (2.6.18) does not have in-kernel Xen support yet while
> all post-2.6.23 kernels do[1], but it might not be enabled in the
> binary kernel package.
>
> [1] Xen domU support was added to the upstream vanilla kernel in 2.6.23
> but was at that stage still largely defunct for 64-bit and/or SMP
> guest systems.
>

The Debian Lenny I have is 32 bit.

--
If you desire to respond directly remove the "sj." from the domain name
part of my email address. It is a spam jammer.
From: David Brown on 21 Mar 2010 07:22
Artist wrote:
> David Brown wrote:
>> Artist wrote:
>>> I have seen the instructions for running Lighttpd in a chroot jail at:
>>> http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html
>>>
>>> These instructions involve a lot of copying of binaries to the jail.
>>> This would mean, I assume, that if I were to execute the:
>>> apt-get update
>>> command the binaries in the jail will not be updated and would have
>>> to follow up with a manual operation or script to update the jail. So
>>> is there a way to put the server in a chroot jail using apt-get,
>>> aptitude or synaptic that would include the jail in the update process?
>>>
>>> Also it appears that installing a server in a chroot jail is tricky
>>> given the frustrations this person has with it:
>>> http://redmine.lighttpd.net/boards/2/topics/2433
>>> So I want to know how important it is to run a web server in a jail,
>>> and how prevalent jailing it is.
>>>
>>
>> An alternative to a simple chroot jail is to use OpenVZ. Then you
>> have a separate Linux installation inside a virtual server, but it
>> shares the same kernel as the host. It's much lighter than a full
>> virtualisation such as KVM, but stronger and more controllable than a
>> chroot jail. For example, you can limit the cpu and memory resources
>> of the jail / virtual server, and you can use standard iptable
>> firewalls to control traffic into and out of the virtual server. And
>> since you can get shell access to it from the host, you don't need any
>> working logins from within the virtual server itself.
>>
>> Since the virtual server has its own separate file system, you can
>> install, apt-get, update, etc., as you want independently from the
>> host (with the only restriction being that they share a kernel). You
>> can even mix-and-match distros - I have a 64-bit Debian Etch host,
>> with virtual servers being a mixture of 32-bit and 64-bit Debian Etch
>> and Lenny. Installation of software is normally exactly the same as
>> if it were for a simple host.
>>
>
> Thanks for the tip on OpenVZ. I have an interest in it. Unfortunately I
> have Debian Lenny. The only distro I see for Debian at:
> http://download.openvz.org/debian/dists/
> is for Etch.
>

Lenny has OpenVZ support itself, so there is no need for the extra
repository from openvz.org:

<http://www.howtoforge.com/installing-and-using-openvz-on-debian-lenny-amd64>

Also look at <http://wiki.openvz.org/Installation_on_Debian>

<http://download.openvz.org/debian-systs/> has some newer versions of
the tools than Lenny, if you are looking for the latest and greatest
rather than the stablest.
First  |  Prev  | 
Pages: 1 2 3 4
Prev: apt-get and aptitude
Next: Fedora 12: Tips for setting up a second monitor?