On Mon, 4 Jul 2016 00:20, Ciro Iriarte wrote:

2016-07-03 17:43 GMT-04:00 Yamaban wrote:

...

On Sun, 3 Jul 2016 23:07, Ciro Iriarte wrote:

...

Hi!,

I'm building a new NAS box (Leap + btrfs) which is a little over powered so I would love to use it as a personal virtualization lab.

Xenserver/ESXi/Proxmox/Acropolis are out because of software R6 and having a single host, so I'm turning to openSUSE. I've worked a lot with Xen years ago but I understand the guys that get all the attention these days are KVM and docker, and Xen might be a second class citizen.

Given I would like: - Software R6 on the host - Virtualization nesting - PCI passthrough - Some permanent VMs - Lots of temporary VMs

Would you suggest to go with XEN or KVM or Virtualbox in this specific scenario at this point in time?, can I assume docker will place nice with any of them?.

Short, incomplete answer: * XEN, KVM, Virtualbox, and VMware are all full virtual machines, and can run any client system. * LXC, and Docker are 'paravirtual' and as such can only run the same 'base' system, here Linux

- Full virtual systems allow greater freedom at the cost of a higher overhead. - paravirtual systems allow nearly the same compartmentalisation at much less overhead, but effective run the same kernel as the base (bare metal) machine.

It's a trade off.

Docker on Leap 42.1 per se plays nice with most of the images from hub.docker.com (some run better / performanter on a Debian base system, but for most cases that can be safely ignored)

The plus of docker is less configuration needed to start, but also as negative, less configurable compared to, - say KVM for example.

Check what you really need. - just a safe environment to run php? -- Docker wins. - some tricky extra on BSD? -- KVM for the win.

I'm not preaching one or the other, it's a matter of use case and familiarity (and thus ease of use)

- Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Thanks Yamaban, I understand docker is completely different solution (I've played with Solaris containers and Virtuozzo in the past) and it's on my ToDo list, my question was directly related to KVM vs Xen vs Virtualbox for this personal lab :)

I see you mentioned KVM, any reason not to use Virtualbox or Xen?.

Regards,

Honesty here: VMware and Virtualbox have the same problem: Kernelupdates of the Base system. Their Kernel modules need to be recomplied after every Kernelupdate. As long as I do not NEED a grapical interface from the VM I avoid both like pest, AIDS and lepra. On Xen, well I've never gotten warm with it in the past, so my (positive) experiance is very limited, so I'll neither argue for or against. KVM is the VM that is the best documented at this time, fully integrated in the kernel development, no extra compile at Kernel-update, and has a very active community. As it is, in case of troubles, the best help you can get for a VM is on KVM (at least at this time) Docker is great to isolate a single server-app per container and thus limit attack surface from the outside, as well as reducing impact of breaking or corruption of the server-app inside in the container. On "R6" I have no knowledge at all, but VM stacking / nesting I've seen working with KVM, and PCI passtrough is a matter of correct configuration. - Yamaban PS: I'm not the "last instance" on VM, more a opportunistic user. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

04.07.2016 00:43, Yamaban пишет:

Short, incomplete answer: * XEN, KVM, Virtualbox, and VMware are all full virtual machines, and can run any client system. * LXC, and Docker are 'paravirtual' and as such can only run the same 'base' system, here Linux

- Full virtual systems allow greater freedom at the cost of a higher overhead. - paravirtual systems allow nearly the same compartmentalisation at much less overhead, but effective run the same kernel as the base (bare metal) machine.

Please do not add to confusion. Answer is not only incomplete, but simply incorrect. Xen is hypervisor. It is loaded on bare metal as primary OS which in a sense restricts your choice of supported hardware and software available in dom0 - privileged guest used to control Xen. VB or QEMU run on top of standard OS and use its services. This means you have full power of mainstream Linux kernel. VNware can be both, but on this list it is mostly means "Player" (or "Workstation) which architecturally is the same as KVM/VB. ESX would be similar to Xen. All of them optionally provide paravirtualiztion interfaces to guest - this is special interface(s) between host and guest to optimize and enhance performance of guest systems. Pure hardware emulation usually is too slow to be practical in real life although both Xen and VMware started with this approach before extending is with host-guest communication. Finally KVM is really kernel paravirtualization API that guests use - it is by far *not* a separate virtualization product (if you ignore marketing buzz). In almost all cases when someone says "I am using KVM" in reality what is ultimately used is QEMU :) All of the above provide full virtualization - they emulate hardware environment, so each guest runs as full independent installation. This allows you to combine arbitrary guests with arbitrary operating systems (and in case of QEMU even with different processors) on a single host. LXC and Docker are containers - i.e. they restrict resources, available to application(s) that run inside containers and insulate them from other containers. What follows is, you can only run Linux applications because at the end all applications run on the same host system and kernel. You cannot have Windows, BSD or Solaris running as containers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

jdd wrote:

Le 03/07/2016 23:07, Ciro Iriarte a écrit :

...

Would you suggest to go with XEN or KVM or Virtualbox in this specific scenario at this point in time?, can I assume docker will place nice with any of them?.

if what you need is running temporary VM, for example to test distros, windows versions and so on, still running your usual system with full power, VirtualBox is ok, I use it for this. Use the openSUSE one, it gives you modules with every new kernel, so you never have to compile anything.

For what I tested it, Xen needs a permanent dom0 hypervisor that uses part of the power and need management

Yes, xen runs a Dom0, but it doesn't require much management. -- Per Jessen, Zürich (17.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

2016-07-04 3:53 GMT-04:00 Mathias Homann :

Am Sonntag, 3. Juli 2016, 17:07:28 schrieb Ciro Iriarte:

...

Given I would like: - Software R6 on the host

... No idea what you mean by this

...

- Virtualization nesting

For virt-in-virt you need hardware that supports it, then KVM can do it. More information here: https://fedoraproject.org/wiki/How_to_enable_nested_virtualization_in_KVM

...

- PCI passthrough

For PCI passthrough you need hardware that is new enough to have VT-d (or AMD I/O virtualization). Kernel parameter IOMMU=1 is needed to be able to use it. Check your BIOS settings for enabling it on the hardware.

...

- Some permanent VMs - Lots of temporary VMs

...

Would you suggest to go with XEN or KVM or Virtualbox in this specific scenario at this point in time?, can I assume docker will place nice with any of them?.

...KVM. With virt-manager it is really simple to set up another VM.

Mixing real virtualization with docker might cause issues, both technologies create and configure bridges on the fly, but I don't know if they are aware of each other.

Cheers Mathias

Thanks for all the input, I'm planning to run btrfs (raid 6) and disk encryption also, as this box will work mainly as NAS. I found not so good comments about running VM disks on btrfs unluckily... Still researching... Regards, -- Ciro Iriarte http://iriarte.it -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org