Containers in the upstream kernel (as compared to VZ kernel) Containers in the upstream kernel (as compared to VZ kernel) Kir Kolyshkin, Sergey Bronnikov OpenVZ Virtuozzo Containers

Who we are? Who we are? • OpenVZ is an open source implementation of Linux containers • Kir Kolyshkin - leading OpenVZ for 10 years • Sergey Bronnikov - community manager of OpenVZ project

OpenVZ contribution to the Linux kernel: OpenVZ contribution to the Linux kernel: 0 100 200 300 400 2000+ commits

Is OpenVZ kernel upstreamed yet? ● Yes! ● About 60% ● Biggest pieces: – NET and PID namespaces – Memory cgroup, device cgroup – CRIU – NFS virtualization

Virtuozzo kernel changes (LOC) Virtuozzo kernel changes (LOC) RHEL5 (2.6.18) RHEL6 (2.6.32) RHEL7 (3.10) 0 70000 140000 210000 280000 264,641 202,746 66,324

Things we (still) need to add 1/2 ● Ploop and related ext4 changes ● Memory management and accounting – backport of kmemcg – idle memory tracking (for vcmmd) – network buffers memory accounting – OOM killer virtualization ● /sys and /proc virtualization

Things we (still) need to add 2/2 ● Network: venet, iptables (marks) ● FUSE upstream backports ● Printk virtualization ● /dev/console virtualization ● Time namespace (for monotonic timers wrt migration) ● Misc legacy (vziolimit, vzlist, vzredir, vznetstat, beancounters...) – Beancounters: numiptent, numfile, numproc

Any patches? Questions? Any patches? Questions? Kir Kolyshkin kir@openvz.org, @kolyshkin Sergey Bronnikov sergeyb@openvz.org, @estet