User: Password:
|
|
Subscribe / Log in / New account

CRtools 0.1 released

CRtools 0.1 released

Posted Jul 25, 2012 15:14 UTC (Wed) by gebi (subscriber, #59940)
In reply to: CRtools 0.1 released by slashdot
Parent article: CRtools 0.1 released

> What's the point of "separating services into containers"?

What's the point of chroot?

In the end it's all about separation.
Be it security or in our case mostly management wise.
Each service inside an openvz instance can painlessly administrated by another admin without special care about stepping on the toes of 20 other administrator for the other services.

Some services are really bad in separation, be it syslog configuration of all the daemons, network configuration for additional ip addresses for the different services or even the reducing of necessary configuration!
As most things are done by policy with one service per container (or even done by e.g puppet).

As you see there are a _whole_ lot of reasons to split up services.

> Assuming no kernel bugs...

Assuming the earth is flat has about the same probability of being right.

> Hardware-level virtualization is a different matter though and can in principle improve security.

openVZ has near zero overhead both in terms of speed and resource usage.
Most of the time it's just one rsyslog process more per service, which is at the edge of rounding errors if you speak about 128GB being the minimal amount of ram in current intel dual cpu servers (16G sticks).


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds