Wednesday, August 17, 2011

Anybody using lxc or OpenVZ in production?

I asked a similar question yesterday on Twitter ("Anybody using Linux Containers (lxc) in production, preferably with Ubuntu?") and it seemed to have struck a chord, because many people asked me to post the answers to this question, and many other people answered the question.

Both Linux Containers (or lxc as the project is known) and OpenVZ are lightweight virtualization systems that operate at the file system level, and as such can be attractive to people who are looking to split a big physical server into containers, while achieving resource isolation per container. I personally want to look into both primarily as a means to run several MySQL instances per physical server while ensuring better resource isolation , especially in regards to RAM.

In any case, I thought it would be interesting to post the replies I got on Twitter to my question.

From AlTobey:

"I'm using straight cgroups without namespaces in production. It's pretty nice for fine-grained scheduler control."

From ohlol:

"I just began using lxc. Have three hosts in it so far as a test run. Not doing NAT, just plain bridging right now."

From vvuksan:

"I have been using it for about a week on my laptop to replace Vagrant/Virtualbox. Works great so far."

"I just posted a short write up of how I use LXC on my laptop"

From ohlol:

"Have you tried lxc without libvirt? I found it to be a bit easier to deal with."

From vvuksan:

"Yes that is a red herring. You do not need libvirt. I had it installed already so went with it by default."

"It just helps me not have to set up dnsmasq, iptables etc. :-) But you can certainly do away with it."

From ohlol:
"Have you tried doing an apt-get upgrade in lxc? What a PITA :)"

"btw, if you ever get to that point: helped get me to a working solution"

From ichilton:

"ive been using OpenVZ in production with Debian Stable (on the host and guests) for over a year with no problems...."

From griggheo:

"@ichilton you had to recompile the kernel for OpenVZ support in Debian right?"

From ichilton:

"I didn't, there was an OpenVZ kernel package but it was Lenny at the time and not upgraded yet - will have to check Squeeze."

From ichilton:

"@vvuksan interested why you did that originally and what the advantages are in hindsight?"

From vvuksan:

"Speed. The dev env needs 5-6 boxes running at the same time and with Vbox my laptop becomes really slow. With LXC not so much."

From sstatik:

"LXC should be considerably smoother in 11.10 for both 11.10/10.04 guests. I want to see laptop-based microclouds become common."
From mitchellh:

"@sstatik @griggheo Laptop based microclouds are the future. We're just missing quality software to help manage it."

From heckj:

"@sstatik @griggheo documentation and details getting better? its arcane to use in 11.04, and that is 1000x better than 10.x..."

So there you have it, a small snapshot of why and how people are using lxc/OpenVZ, especially on Ubuntu. I'll post my own experiences as I start playing with lxc and potentially OpenVZ.


Jan Dittberner said...

We use LXC for the new (non-critical) infrastructure hosting machine for

Robert said...

Be warned - AFAIK lxc isn't "secure" yet. (It's escapable from)

AndrewSK said...

I use OpenVZ/Proxmox extensively. Very happy with it.

Stefan Schlesinger said...


I started to use OpenVZ, since I've been working for an ISP in my previous job. We are still using it on every server for my current job, also a quite large project.

I can only tell you that I don't want to miss it anymore and I felt that its easiness of use and low overhead is incomparable to technologies such as Xen or VMWare.

Feel free to contact me, if you want to talk about it further. I'm usually around on #infra-talk (sts).



Amelia @ IT Management said...

I'm planning to use OpenVZ. The responses you post are quite helpfult in my decision to push through or not.

I heard it's easier to use and has very low overhead. I'm looking forward to my experience.

30loops said...

We based our infrastructure around LXC containers.

Modifying EC2 security groups via AWS Lambda functions

One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...