LXC containers or extremely fast virtualization

Posted on 2009/11/06 by Stéphane Graber

Update: Added an hardy i386 template, mentioned the need of bridge-utils and fixed typo (s/addbr/brctl addbr/g)

This (quite long) post is about the LXC (Linux containers), an example of its usage on Karmic is provided after the introduction to contextualization.

Most of you are probably already familiar with “usual” virtualization as kvm/virtualbox/vmware/… These are now extremely fast ways to do “full” virtualization of an OS on a host running either the same OS or a completely different one.
In Ubuntu, the most widely used is probably KVM used with libvirt and virt-manager as frontend.

At Revolution Linux, we have literately hundreds of virtual machines for each of our customers and we noticed that they are all Ubuntu virtual machines running on Ubuntu hosts. Then, running them in a “full” virtualization environment adds unneeded overhead and makes resource assignment quite difficult (you can’t easily change the CPU/RAM/DISK/NIC of a running virtual machine).

So, what we are currently doing is using contextualization instead of regular virtualization.
Contextualization can (in a much simpler way) be seen as improved chroots, these “chroots” are called containers and work just like a regular virtual machine, inside them you have your own network interface, can apply disk/cpu/ram quotas and start/stop/suspend as many of them as you want.
All the quotas and restrictions can be changed on the fly without needing any restart, because it’s technically just a set of process running on the host, not a single process as with virtualization.
It also means that you can list/kill or execute a process in any of these containers, directly from the host (a container obviously can’t access another’s processes).

The technology we have been using for more then a year now has been OpenVZ (open source implementation of Virtuozo) which basically is a huge patchset on top of the Linux kernel and only exists in Ubuntu hardy (8.04 LTS).

What I’ve been looking at more recently and hope to have working correctly in Lucid (10.04 LTS) is LXC. LXC is basically the same as OpenVZ except that it’s in the upstream kernel and uses already existing kernel features such as “cgroups” for example.
LXC is also supported by libvirt although it’s not working in Karmic, that will let users play with it just like any other virtualization technology using their existing scripts and interfaces.

Here’s a quick howto to make it work on Karmic with an Ubuntu 8.04 amd64 container (I’ve had issues making Karmic to work in a container):

  • Install bridge-utils: sudo apt-get install bridge-utils
  • Install LXC from my PPA (upstream snapshot) : https://launchpad.net/~stgraber/+archive/ppa/+packages
  • Create /var/lib/lxc/: mkdir -p /var/lib/lxc/
  • amd64 template (if your computer is running Ubuntu 64bit): Get http://www.stgraber.org/download/lxc-ubuntu-8.04-amd64.tar.gz (Hardy amd64 image)
  • i386 users (if your computer is running Ubuntu 32bit): Get http://www.stgraber.org/download/lxc-ubuntu-8.04-i386.tar.gz (Hardy i386 image)
  • Uncompress it in /var/lib/lxc/ (will create an ubuntu directory containing a configuration file and a root directory)
  • Mount cgroups somewhere: sudo mkdir /dev/cgroup && mount -t cgroup none /dev/cgroup
  • Create a bridge with: sudo brctl addbr br0
  • Set an IP on the bridge: ifconfig br0 192.168.2.1 (VE will be 192.168.2.2 by default)
  • Start the VE: lxc-start -d -n ubuntu
  • Enter the VE: “lxc-console -n ubuntu” or “ssh root@192.168.2.2” (root password is “password”)

The VE (virtual environment) configuration file is in: /var/lib/lxc/ubuntu/config

Additional information can be found on:

Also, I plan to have a session about it at UDS-Lucid in Dallas

Posted in LXC, Planet Ubuntu | 19 Comments

Edubuntu 9.10 is out !!!

Posted on 2009/10/29 by Stéphane Graber

On this Thursday 29th of October, the Edubuntu community is extremely pleased to announce that the 9.10 release is out !!!

edubuntu logo

Some may have thought Edubuntu was kind of dead, especially after changing its name to become an Add-on, these days are over and we are happy to announce that it’s now a full distribution again and is provided as a DVD image.

The biggest changes for this release are:

  • Moving to a DVD image
  • LTSP installation working from the DVD (text mode)
  • Live (ready to use) environment with possibility to install
  • LTSP-Cluster is now packaged in Universe
  • Sabayon is working again

The release announcement can be found on the Edubuntu website along with download information: here.

It’s now time to celebrate Ubuntu’s and its derivative’s latest release, then we can start thinking of what to work on for 10.04 (Lucid Lynx) which will be a Long Term Support release.

I’d like to say a huge thank you to everyone who was involved in creating that great release and helped getting Edubuntu back to what it was if not even better. I’m sure that in the next 6 months, we’ll achieve a lot more.

An Ubuntu OpenWeek session is planned on Thursday the 5th of November at 19:00 UTC on IRC (#ubuntu-classroom) where I’ll try to explain how to get involved in that great community and what are our plans for the release to come.

Posted in Edubuntu, Planet Ubuntu | Leave a comment

Going to Linux Symposium 2009 in Montreal

Posted on 2009/07/11 by Stéphane Graber

Linux symposium logo

I’ll be leaving tomorrow to Montreal for a week-full of conference at the Linux Symposium 2009.

Revolution Linux will be giving two “project updates” one from Julien Desfossez about processus tracing in kernel space with his kernel module Kolumbo and another by Benoit des Ligneris and myself about what’s going on with LTSP and LTSP-Cluster.

Other than that I’ll be around at the conference all week so if you want to talk feel free to catch me or poke me on irc/mail.

Posted in Conferences, Planet Ubuntu | Leave a comment

Going to the Libre Graphics Meeting in Montreal (May 6-9)

Posted on 2009/04/19 by Stéphane Graber

From Wednesday the 6th of May to Saturday the 9th I’ll be attending Libre Graphics Meeting in Montreal

LGM 2009 logo

LGM 2009 is the fourth annual worldwide meeting of teams developing open source graphics applications.
Developers from projects like Scribus, Krita, Inkscape, Gimp, Blender, … will be there for hacking and discussing.

Working mainly on LTSP and LTSP-Cluster at Revolution Linux, I’ve proposed two talks (they’re yet to be accepted), the first (with Benoit St-André) on “LTSP and graphics applications” and the second on “Keeping in touch with Ubuntu”.

I hope it’ll be a good opportunity to discuss the use of graphic softwares in schools with technologies like LTSP and NX, what should be improved to make them more remote-X friendly and also more friendly for our users.

I also hope to have more people to know how Ubuntu is working so that they can use the different resources available and know how to best integrate with the way Ubuntu is developed.

Posted in Conferences, Planet Ubuntu | Leave a comment

LTSP past and future

Posted on 2009/03/31 by Stéphane Graber

For those of you not yet familiar with LTSP, it’s the Linux Terminal Server Project which goal is to transform a regular workstation into a terminal server that can be used by thin clients. Thin clients are either old computers recycled as thin clients or specialized minimal computers (usually disk less and without moving parts) that are used to boot off the network.

Thin clients evolving

Until now, LTSP was mainly used to do something of these good old P2s unused in the back of the computer lab but things are gently starting to change. Even if you can still use it with old computers running everything on the server and so not using much CPU on the thin clients we’re now seeing way more powerful thin clients appearing (usually Atom-based) where it’d be a waste just to use them as regular all-server-side thin clients.


1520-PXE from Diskless Workstation

Localapps are finally there

Starting with Jaunty’s LTSP one now has the possibility to choose which application will run on the server and which will run locally.

For these of you not living all day in LTSP’s world, our issue was that these thin clients just weren’t using their CPU, everything running on the server. In order to decrease the load on the servers and use the thin clients a bit more, we got the idea of running some of the softwares locally, showing them just like regular application (you usually can’t tell which one are remote and which one are local). They can access the same files and settings as their remote equivalent could, making them from a user point of view almost identical to traditional remote applications (just a bit faster).

This is achieved using LTSP’s localapps and a bit of XDG magic. Basically you can now install firefox in your LTSP chroot, set LOCAL_APPS_MENU to True in your lts.conf and here you go with your usual firefox running locally on your thin client. The XDG magic takes care of adding the application in the menu if this one isn’t installed on the server and if it’s already installed on the server, will tweak the launchers to start the localapp.
As a result you’ll see a decreased CPU usage on the server and also spare a lot of bandwidth as you’ll be accessing the content directly and rendering locally instead of getting the X11 stream directly.

New X and multi-head support

X configuration was also improved a lot, in most case you won’t need to do anything as most common thin clients are already known and fixed and everything else will rely on X’s auto-detection.

You can also play with X RandR extension now and try dual or tri head setups with you thin clients just by playing with XRANDR_MODE_X and XRANDR_OUTPUT_X (X starting at 0 for the first defined screen), it’ll automatically generate a Virtual setting if required by your driver so you can then dual-head.
I’m currently using with my laptop as a thin client hooked up into a 1920×1080 screen using HDMI, its own screen at 1680×1050 and another external screen at 1280×1024 using VGA, all that with LTSP.

And even compiz !!!

For these of you who like eye candies, compiz work perfectly with LDM_DIRECTX set to True (so X11 doesn’t get encapsulated in SSH), then just run “env SKIP_CHECKS=yes compiz –replace” in a shell and you’ll get compiz (or set it in as autostarted application).
Warning: Using SKIP_CHECKS will start compiz without doing any checks, this is needed as the checks won’t work with LTSP but you’ll need to make sure your video card supports compiz without doing it or you may crash your X server.

Clustering for large networks

Since I’ve been at Revolution Linux I’ve been working on LTSP-Cluster which is a set of component on top of LTSP to make it load-balanced and easily manageable on very large networks.
Jaunty is the first release with LTSP-cluster integrated on the thin client, so if you’re managing a large centralized LTSP setup, you may want to have a look at our wiki.

Its core components are:
The Control Center, a web interface (PHP) used to access your network logs, thin clients hardware, organize your thin clients in a tree and set attributes (equivalent of lts.conf) based on the MAC address, position in the tree or even on the hardware of the thin client. Due to some design issue and difficulty to maintain, it’s being rewritten but will at least at the beginning keep the same database to make migration easier.

The Loadbalancer, made of two components, an agent to run on your servers and a server, the server will gather the various information from the servers and return the best server every-time it gets a request from the Control Center.

The Account Manager, a python service to run on the server that’ll create new accounts on the fly for autologin users and will also manage regular accounts, doing the cleanup and ensuring you aren’t logged in twice on the network.

We also have a few more components to do NX integration of the load-balancer and generation of pxelinux’s configuration files. The howto for a generic setup in OpenVZ is present on our wiki though anyone interested in improving the documentation is greatly welcome (just contact me and I’ll answer your questions and give your write access to the wiki so you can contribute).

The additional packages you need for ltsp-cluster services aren’t yet in Ubuntu, so you’ll need to use the PPA to install the loadbalancer server/agent and the control center. Code is available on Launchpad: https://launchpad.net/ltsp-cluster

Trying it out

Starting with Hardy, LTSP is now part of the Ubuntu Alternate CD-Rom.
It can be installed by selecting the “LTSP server” option from the cdrom boot menu, installation is easier if you have two network cards, one for internet and the other for your thin client LAN.
Complete instructions can be found here: https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall (also valid for Jaunty)

Resources

If you’re interested by LTSP, want to try it out or just get more information, these are useful resources:
Ubuntu LTSP help: https://help.ubuntu.com/community/UbuntuLTSP
Edubuntu handbook for LTSP: http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/server.html
LTSP’s website: http://www.ltsp.org
IRC: (please mention what distribution and version you’re using) or (LTSP used to be part of Edubuntu)

Posted in Planet Ubuntu | 9 Comments