This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
manuals:vps:vpsadminos [2020/04/10 22:44] – [vpsAdminOS] snajpa | manuals:vps:vpsadminos [2023/02/02 23:36] – deleted openVZ parolek | ||
---|---|---|---|
Line 1: | Line 1: | ||
< | < | ||
====== vpsAdminOS ====== | ====== vpsAdminOS ====== | ||
- | Since [[information: | + | Since OpenVZ |
- | aren' | + | don' |
meant choosing a different virtualization technology. Linux kernel now | meant choosing a different virtualization technology. Linux kernel now | ||
- | has some support for containers, so we've decided to stick with that. Next, | + | has some support for containers, so we've decided to use it. |
- | we needed some distribution that we could use on nodes to serve as | + | We needed some distribution that we could use on nodes to serve as |
- | hypervisors, as a replacement of Scientific Linux 6 with OpenVZ kernel. | + | a hypervisor, as a replacement of Scientific Linux 6 with OpenVZ kernel. |
- | We've chosen [[https:// | + | We've chosen [[https:// |
- | the system and its configuration and then reproducibly build it. And since | + | configure |
- | we have a bit specific | + | we're maintaining |
- | on top of NixOS. | + | |
[[https:// | [[https:// | ||
[[https:// | [[https:// | ||
It's a //live// distribution serving as a hypervisor for container | It's a //live// distribution serving as a hypervisor for container | ||
- | virtualisation. | + | virtualisation. |
- | our own userspace tools to manage containers called '' | + | vpsAdminOS naturally integrates with vpsAdmin, our administration interface |
- | internally uses LXC. vpsAdminOS naturally integrates with vpsAdmin, our | + | with web interface. However, vpsAdminOS is meant to be fully usable even on its own, |
- | administration interface with web interface, which you're all using to manage | + | outside vpsFree.cz' |
- | your VPS. However, vpsAdminOS is meant to be fully usable even on its own, as | + | |
- | a replacement to OpenVZ Legacy deployments. If you have some OpenVZ servers | + | |
- | and would like a newer system, you can consider vpsAdminOS. We also have | + | |
- | [[https:// | + | |
- | with migration of OpenVZ containers onto vpsAdminOS. | + | |
- | + | ||
- | ===== Migration from OpenVZ to vpsAdminOS ====== | + | |
- | The upgrade of our infrastructure with all VPSes to vpsAdminOS is divided into | + | |
- | several phases: | + | |
- | + | ||
- | - Developing vpsAdminOS into something usable | + | |
- | - Integration with vpsAdmin | + | |
- | - Opening of a staging environment with vpsAdminOS | + | |
- | - Testing, fixing bugs, implementing missing features, preparing for production | + | |
- | - New production nodes are using vpsAdminOS (:!: we're here :!:) | + | |
- | - vpsAdminOS is available in Prague | + | |
- | - Gradual migration of all VPS from OpenVZ nodes to vpsAdminOS, one node after another | + | |
- | - End of story | + | |
- | + | ||
- | ===== What does it mean for members ====== | + | |
- | We're trying to make the migration to vpsAdminOS as seamless as possible, so | + | |
- | that one day your VPS will stop on the OpenVZ node and will start on | + | |
- | vpsAdminOS node a while later, without you having to do anything. However, it | + | |
- | depends on what programs you're running and what configuration changes you | + | |
- | have made. That' | + | |
- | in the [[# | + | |
- | and solve problems before we start migration production VPS. | + | |
- | + | ||
- | ===== Changes in VPS behaviour ===== | + | |
- | ==== User namespaces ==== | + | |
- | VPS in vpsAdminOS are using so called //user namespaces// | + | |
- | means that your system user and group IDs are mapped to different values on | + | |
- | the host. For example, the root user in your VPS has UID 0, but from the | + | |
- | host's point of view, its UID is e.g. 666000. Every member has been assigned a | + | |
- | unique user namespace, which ensures that your data is isolated from other | + | |
- | users. In case an attacker manages to leave the container, he will not be able | + | |
- | to access data from VPS belonging to other members. | + | |
- | + | ||
- | Every member is assigned a user namespace of 524288 user/group IDs. It means | + | |
- | that you can use UID/GID from 0 to 524287. All VPS from one member are in the | + | |
- | same user namespace. In the future, it will be possible to define custom | + | |
- | UID/GID maps for VPS and NAS datasets, which will let each member to isolate | + | |
- | his own VPS and yet share some chosen range of user/group IDs. | + | |
- | + | ||
- | ==== General ==== | + | |
- | Changes regarding VPS, but independent on the distribution used: | + | |
- | + | ||
- | * ''/ | + | |
- | * Swap is not shown in ''/ | + | |
- | + | ||
- | ==== Debian/ | + | |
- | + | ||
- | * Network is configured using '' | + | |
- | * ''/ | + | |
- | * If there is a directory called ''/ | + | |
- | + | ||
- | ===== Behaviour changes in vpsAdmin ===== | + | |
- | + | ||
- | * NAS and snapshots are not accessed using vpsAdmin [[manuals: | + | |
- | * IP address management is split into routed and interface addresses | + | |
- | * Reinstalling VPS on vpsAdminOS no longer deletes subdatasets and does not reset its configuration to the initial state, e.g. VPS features remain as they were. | + | |
- | * VPS features: bridge, iptables and NFS aren't configurable, | + | |
- | * It is possible to change the network interface name within the VPS in VPS details page. | + | |
===== Staging environment ====== | ===== Staging environment ====== | ||
Line 98: | Line 34: | ||
All mounts are removed when cloning, because NAS isn't acessible as of yet, | All mounts are removed when cloning, because NAS isn't acessible as of yet, | ||
see [[# | see [[# | ||
- | |||
- | ==== Supported distributions ==== | ||
- | |||
- | * Alpine 3.8, 3.9 | ||
- | * Arch | ||
- | * CentOS 7, 8 | ||
- | * Debian 9, 10 | ||
- | * Fedora 29, 30 | ||
- | * Gentoo | ||
- | * NixOS | ||
- | * openSUSE Leap 15.1, Tumbleweed | ||
- | * Slackware 14.2 | ||
- | * Ubuntu 16.04, 18.04 | ||
- | * Void Linux | ||
==== Features ==== | ==== Features ==== | ||
Line 117: | Line 39: | ||
Features can be turned on/off individually. When any change is made, the VPS restarts. | Features can be turned on/off individually. When any change is made, the VPS restarts. | ||
- | {{ : | + | {{ : |
- | * Docker (experimental) - Enables support for Docker. | ||
* FUSE - " | * FUSE - " | ||
* KVM - " | * KVM - " | ||
Line 125: | Line 46: | ||
* PPP - " | * PPP - " | ||
* TUN/TAP - "TUN routing/TAP bridging" | * TUN/TAP - "TUN routing/TAP bridging" | ||
- | |||
- | We recommend only setting the features that your really need. | ||
==== More about vpsAdminOS ==== | ==== More about vpsAdminOS ==== |