VZ7 vs VZ6: Is there a reason to be updated?
In the past year, a new version of our main product, the Virtuozzo virtualization system, has been released. Since then, we constantly get questions: “Is it worth updating?”, “How is 7 better than 6?” And so on. Therefore, during the holidays, there was a desire to dot the i and in one post to tell about the differences between the latest version of Virtuozzo from the previous ones.
I would like to immediately note that this post was prepared for users of Virtuozzo 6 and earlier versions, as well as the open project OpenVZ (about which we have already written ). This, of course, does not mean that it is impossible or uninteresting to read to those who are not yet using Virtuozzo ... just here we will substantively talk about the differences of the latest version, so that those interested in habrochane can make a decision whether the update is relevant or there is no sense in it yet.
The Virtuozzo platform itself has become more extensive. The product now includes our proprietary Systems Container solution, which allows you to run lightweight virtual machines, a KVM-based hypervisor to manage virtual machines, and software-defined storage. The advantage is that it all works as a single virtualization center, so you can create “lightweight” virtual machines and full-fledged VMs, allocating resources of a single Virtuozzo Storage data storage, creating it based on the hard and solid-state drives installed in the servers.
')
Both in the open and in the commercial platform (which are being developed synchronously and using the same source code), we switched to the KVM hypervisor. The reason is very simple: in recent years, KVM has made a very big leap forward, and we have found that we do not have time with our proprietary hypervisor for the pace of development of the industry. It turned out that it is much more promising to participate in the KVM project, contributing to the development of an open virtualization system, as well as complementing it with the necessary functions for use in the VZ7. More than 200 patches and improvements have been implemented, which make virtuoso-style KVM a more efficient solution.
At the request of our users, we also implemented a number of innovations for containers. Due to the transition of Virtuozzo to the new Linux 3.10+ kernel (RHEL 7), support for cgroups and namespaces has been added, which provides a higher level of isolation compared to kernel modules. Also, instead of the usual container IDs in Virtuozzo 7, a single UUID is used.
The new version of Virtuozzo also introduced full support for CRIU , a software tool for Linux that allows you to freeze the container and save it to disk as a simple set of files. As a result, you can restore it from the same point, and with the right actions, the application will not even notice that it has changed the working environment. CRIU and the P.Haul project are helping to create a new ecosystem for “live migration” of containers based on open technologies (CRIU is a completely OpenSource project), and this is a huge leap in migration issues compared to Virtuozzo 6. The fact is that CRIU is more part of it is implemented in user space and requires almost no kernel modifications. Due to this, the development of the tool itself does not require the release of permanent patches for the kernel and their coordination, as well as reloads when the system is updated - a critical issue for industrial environments.
Another interesting feature that helps reduce losses when working with the new Virtuozzo 7 is ReadyKernel. The new version of our operating system Virtuozzo Linux supports the ability to install security updates without rebooting servers. On the one hand, this allows patches to be installed immediately, reducing the risks of hacking and system compromise, and on the other hand, it does not lose money due to the stopping of services caused by a reboot.
Virtuozzo 6 users are already familiar with the system of installing kernel updates without rebooting - Rebootless Kernel Update (RKU). But the fact is that RKU still did not work so well - it stopped the containers, loaded the new kernel, and after that launched the container or VM. Yes, this mechanism allowed to load almost any core, but still led to some downtime. In Virtuozzo 7, by using the 3.10+ kernel, we switched to the kpatch technology, and everything became much better.
According to our specialists, using ReadyKernel helps to save up to 200 administrators working hours per month (http://www.iksmedia.ru/news/5336522-Virtuozzo-Linux-7-ekonomit-zakazchi.html) for every 10,000 servers.
The backup tools in Virtuozzo 7 have also been seriously reworked. For this, a new API was developed and the CBT (changed block tracking) mechanism was implemented. To do this, we used the standard QEMU / KVM mechanisms, creating a system for generating snapshots, saving images of containers and virtual machines in the QCOW format. Virtuozzo 7. Because of this, the creation of cumulative backups began to happen much faster than in Virtuozzo 6.
In addition, it became possible emergency recovery! Even if at some point the backup system stopped working, you can simply convert the QCOW2 file to any image using the qemu-img utility.
We have already said a few words about the new memory management technology, which is implemented in both OpenVZ 7 and Virtuozzo 7. The novelty covers containers, VMs, and the storage system. Advanced Memory Management (AMM) controls all memory management, including KSM, as well as memory prediction technologies for various WSS sets. This makes automatic balancing possible with minimal impact on user experience. AMM supports both Windows and Linux guest systems, and Online Memory Management (OMM) tools ensure that the right amount of memory is available for containers, and also allows you to increase or decrease it without rebooting - and this is another way to ensure continuity of services.
Starting with Virtuozzo 7, we support working with containers and VMs via libvirt. Thanks to this, Virtuozzo can work with large ecosystems that use libvirt — that is, OpenStack and Virtual Machine Manager. That is, OpenStack users can unlock the full potential of OpenStack to manage a private or public cloud using containers and VM Virtuozzo through the OpenStack API or the Horizon panel. The new module Virtuozzo Storage also helps create a software-defined storage system for OpenStack
The last thing we’ll talk about today is the ability to instantly install ready-made and already configured applications for any users. Maintaining such a directory on your own, keeping track of updates is very difficult. Therefore, in the new version we have created our own, ready-made set of the Virtuozzo Application Catalog. Together with Bitnami, we maintain a constantly up-to-date set of dozens of applications and development environments that are already ready for deployment as a virtual machine or container: WordPress, Redmine, SugarCRM, Alfresco, Drupal, MediaWiki, GitLab, and many others.
Today we talked about the general differences between Virtuozzo 7 and the previous version. So if you are our user, now that the holidays are over, you can consider the need for an update. In the meantime, we will prepare a post on how to upgrade to the "seven" with minimal losses.
I would like to immediately note that this post was prepared for users of Virtuozzo 6 and earlier versions, as well as the open project OpenVZ (about which we have already written ). This, of course, does not mean that it is impossible or uninteresting to read to those who are not yet using Virtuozzo ... just here we will substantively talk about the differences of the latest version, so that those interested in habrochane can make a decision whether the update is relevant or there is no sense in it yet.
About the platform
The Virtuozzo platform itself has become more extensive. The product now includes our proprietary Systems Container solution, which allows you to run lightweight virtual machines, a KVM-based hypervisor to manage virtual machines, and software-defined storage. The advantage is that it all works as a single virtualization center, so you can create “lightweight” virtual machines and full-fledged VMs, allocating resources of a single Virtuozzo Storage data storage, creating it based on the hard and solid-state drives installed in the servers.
')
Hypervisor
Both in the open and in the commercial platform (which are being developed synchronously and using the same source code), we switched to the KVM hypervisor. The reason is very simple: in recent years, KVM has made a very big leap forward, and we have found that we do not have time with our proprietary hypervisor for the pace of development of the industry. It turned out that it is much more promising to participate in the KVM project, contributing to the development of an open virtualization system, as well as complementing it with the necessary functions for use in the VZ7. More than 200 patches and improvements have been implemented, which make virtuoso-style KVM a more efficient solution.
More secure containers
At the request of our users, we also implemented a number of innovations for containers. Due to the transition of Virtuozzo to the new Linux 3.10+ kernel (RHEL 7), support for cgroups and namespaces has been added, which provides a higher level of isolation compared to kernel modules. Also, instead of the usual container IDs in Virtuozzo 7, a single UUID is used.
Live migration
The new version of Virtuozzo also introduced full support for CRIU , a software tool for Linux that allows you to freeze the container and save it to disk as a simple set of files. As a result, you can restore it from the same point, and with the right actions, the application will not even notice that it has changed the working environment. CRIU and the P.Haul project are helping to create a new ecosystem for “live migration” of containers based on open technologies (CRIU is a completely OpenSource project), and this is a huge leap in migration issues compared to Virtuozzo 6. The fact is that CRIU is more part of it is implemented in user space and requires almost no kernel modifications. Due to this, the development of the tool itself does not require the release of permanent patches for the kernel and their coordination, as well as reloads when the system is updated - a critical issue for industrial environments.
Security updates - without stopping services
Another interesting feature that helps reduce losses when working with the new Virtuozzo 7 is ReadyKernel. The new version of our operating system Virtuozzo Linux supports the ability to install security updates without rebooting servers. On the one hand, this allows patches to be installed immediately, reducing the risks of hacking and system compromise, and on the other hand, it does not lose money due to the stopping of services caused by a reboot.
Virtuozzo 6 users are already familiar with the system of installing kernel updates without rebooting - Rebootless Kernel Update (RKU). But the fact is that RKU still did not work so well - it stopped the containers, loaded the new kernel, and after that launched the container or VM. Yes, this mechanism allowed to load almost any core, but still led to some downtime. In Virtuozzo 7, by using the 3.10+ kernel, we switched to the kpatch technology, and everything became much better.
According to our specialists, using ReadyKernel helps to save up to 200 administrators working hours per month (http://www.iksmedia.ru/news/5336522-Virtuozzo-Linux-7-ekonomit-zakazchi.html) for every 10,000 servers.
Backup and Restore
The backup tools in Virtuozzo 7 have also been seriously reworked. For this, a new API was developed and the CBT (changed block tracking) mechanism was implemented. To do this, we used the standard QEMU / KVM mechanisms, creating a system for generating snapshots, saving images of containers and virtual machines in the QCOW format. Virtuozzo 7. Because of this, the creation of cumulative backups began to happen much faster than in Virtuozzo 6.
In addition, it became possible emergency recovery! Even if at some point the backup system stopped working, you can simply convert the QCOW2 file to any image using the qemu-img utility.
Memory management
We have already said a few words about the new memory management technology, which is implemented in both OpenVZ 7 and Virtuozzo 7. The novelty covers containers, VMs, and the storage system. Advanced Memory Management (AMM) controls all memory management, including KSM, as well as memory prediction technologies for various WSS sets. This makes automatic balancing possible with minimal impact on user experience. AMM supports both Windows and Linux guest systems, and Online Memory Management (OMM) tools ensure that the right amount of memory is available for containers, and also allows you to increase or decrease it without rebooting - and this is another way to ensure continuity of services.
OpenStack support
Starting with Virtuozzo 7, we support working with containers and VMs via libvirt. Thanks to this, Virtuozzo can work with large ecosystems that use libvirt — that is, OpenStack and Virtual Machine Manager. That is, OpenStack users can unlock the full potential of OpenStack to manage a private or public cloud using containers and VM Virtuozzo through the OpenStack API or the Horizon panel. The new module Virtuozzo Storage also helps create a software-defined storage system for OpenStack
Application Catalog
The last thing we’ll talk about today is the ability to instantly install ready-made and already configured applications for any users. Maintaining such a directory on your own, keeping track of updates is very difficult. Therefore, in the new version we have created our own, ready-made set of the Virtuozzo Application Catalog. Together with Bitnami, we maintain a constantly up-to-date set of dozens of applications and development environments that are already ready for deployment as a virtual machine or container: WordPress, Redmine, SugarCRM, Alfresco, Drupal, MediaWiki, GitLab, and many others.
Conclusion
Today we talked about the general differences between Virtuozzo 7 and the previous version. So if you are our user, now that the holidays are over, you can consider the need for an update. In the meantime, we will prepare a post on how to upgrade to the "seven" with minimal losses.
Source: https://habr.com/ru/post/319112/
All Articles