OpenVZ7 or LXC

AbdullahAbdullah Hosting ProviderOG
edited July 2020 in General

As the title says, I know there are plenty of such topics online, but those arr mostly old. :)

I believe lxc has very much evolved these years, with few people using it for production, so anything you can say about it, performance , resource-overhead etc.
Maybe providers who do LXC can throw some light

Also, lets add a poll.

ovz or lxc
  1. What one would you prefer?25 votes
    1. OVZ7
      48.00%
    2. LXC
      52.00%
Tagged:

Comments

  • Well, I believe Proxmox uses LXC now, and it's a well-respected software, all things considered. I believe OpenNebula uses LXC based containers by default, although I believe some providers use OpenVZ on it too.

    Thanked by (1)Abdullah
  • AlexanderMAlexanderM Hosting Provider

    LXC isn't really designed for multi-tenant environments (read: hosting), unlike OpenVZ.

    HostUS | OpenVZ & KVM VPS in 10 worldwide locations with our own Breeze Panel!

  • @AlexanderM said:
    LXC isn't really designed for multi-tenant environments (read: hosting), unlike OpenVZ.

    Thanks for your comment @AlexanderM! I'm trying to understand more about LXC and OpenVZ. Could you or anybody else please explain in a little more detail?

    What features need to be added to LXC to make it suitable for multi-tenant?

    Is there something about the needed features such that they would not play well with LXC's fundamental design dependencies such as the Linux kernel's cgroups and namespaces?

    By what method does OpenVZ provide the needed features which are missing from LXC?

    Thanks in advance for any help! Best wishes from Mexico!

    Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
    The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!

  • NeoonNeoon OG
    edited July 2020

    Well, every OpenVZ container runs as root.

    LXC supports unprivileged containers, means if someone manages to break out, on OpenVZ you would end up on the root account.
    On LXC you just end up on an unprivileged account.

    Plus, OVZ7 uses 3.x kernel, LXC uses 5.4+ which support Docker etc.

    Thanked by (2)Abdullah Not_Oles
  • Speaking from a distance, my understanding is that LXC uses (can use) a standard kernel, whereas OpenVZ requires a modified kernel (which in practice is a modified RHEL/CentOS kernel). Other things being equal, this is a big advantage of LXC over OpenVZ.

    At the same time, some providers (appear to) believe that the insulation of OpenVZ containers from one another is (used to be?) more complete than that of LXC containers, which (if true) makes OpenVZ the more appropriate choice for hosting providers. But at this point, the question becomes very technical.

    Thanked by (3)Abdullah skorous vimalware

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • AbdullahAbdullah Hosting ProviderOG

    As @Neoon said, lxc has unprivileged system, so lxc containers r much isolated compared to openvz. (?)

  • @Abdullah said:
    As @Neoon said, lxc has unprivileged system, so lxc containers r much isolated compared to openvz. (?)

    You can run them unprivileged or privileged.
    The support for unprivileged got better, works fine for microLXC so far.

    But there are still some differences, between OVZ and LXC insulation.

  • @Neoon said:
    Well, every OpenVZ container runs as root.

    LXC supports unprivileged containers, means if someone manages to break out, on OpenVZ you would end up on the root account.
    On LXC you just end up on an unprivileged account.

    Plus, OVZ7 uses 3.x kernel, LXC uses 5.4+ which support Docker etc.

    The images with the captions are hilarious!

    Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
    The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!

Sign In or Register to comment.

This Site is currently in maintenance mode.
Please check back here later.

→ Site Settings