If the publication about the future can be pass, article «a part 1» will be mandatory to perusal to understand, about what we here spoken :)
Technical implementation of a subsystem of limitation of the hardware resources of containers
For completeness of the description we mandatory should affect aspect of demarcation not only resources of system and the rights, but also the hardware resources.
What resources to us need to be divid between users:
Hard disk (loading on it)
For all similar restrictions the subsystem of cgroups are us. Loading on an input/output can be fix by means of a subsystem of cgroups blkio, and, it are important to mark that there are as possibility of the job of rigid limits in bytes/seconds and operations per second (IOPS), and a possibility of the job of weight factors (that is, for example, 10 % from all server). Storage are limit by means of memory cgroup, here all are simple enough — we specified volume of the RAM if the container exceeded it — process tested the message of OOM. For the processor possibility of instructions of loading in percentage are admissible only that spoke singularities of implementation of the scheduler Linux.
Total, for implementation of demarcation of usage of resources we us the following cgroups:
The g report initially were prepar for performance at conference of the company of FastVPS ROCK IT 2013 which had transit on August 24-25, 2013 in the City of Tallinn, Estonia.
Probably, someone hearing it personally (thanks!), but all the same I recommends to familiarize, as the g publication are more detailed and considered much more the details (smile) lower in the report
The publication had for an object to lead the short review of open source of means available in the market for development of several virtual surroundings on the basis of the physical server with Linux onboard, and also to tell about advantages of usage of containers to creation of clouds :)
Open source of the decision on the basis of Linux for creation of the virtual surroundings
In the light of New Year's holidays with them essential attribute — hyperactivity of DoS/DDoS of attacks it would be desirable to lift one rarely enough us (but thus effective enough) a method of reflection of attacks — lock on the basis of an accessory of IP units of addresses to the Centre defin provider/date.
I wants to tell to you about our researches in the field of automation of setting the kastomnykh of decisions on the basis of Parallels Cloud Server.
From the moment of implementation of PCS for upkeep of notes for our clients at once there were a question on automation of setting of the images (Debian + the panel on a choice of ISPmanager Lite/Pro or FastPanel) as on OpenVZ we achiev some successes in creation of finite images with already install stuffing it were decid to make similar images and for PCS.
not so long ago the command of OpenVZ letting out a new kernel with support of ipsec in the container. For a long time it would be desirable to refuse an indirect software on local Windows to the machine and to use possibility of adjustment of the protect VPN channel forces of the most system. As the server we will use Debian 7 the container on OpenVZ. As the client — standard VPN the client of Windows. As authorization — authorization on PSK (on a key).