[lug] Hosting Question

Sean Reifschneider jafo at tummy.com
Mon Oct 2 01:17:48 MDT 2006

On Sun, Oct 01, 2006 at 01:55:02PM -0600, dio2002 at indra.com wrote:
>linux virtualization.  in your recomendation above, under your tummy xen
>environment are you further virtualizing your DNS, email and or web

I don't know of anyone running additional levels of virtualization under
the VPS.  Xen wasn't capable of doing it until recently, and then only with
appropriate hardware support (VT or similar processor capabilities should
do it, to at least one level of virtualization).  With User Mode Linux you
can do it, but you have to build the kernels for each level specially to
support each level.

>i assume not but am wondering what the real benefit others gain by running
>those services virtualized?  i imagine they run in user space so will not

There are many benefits to running services virtualized.  One is that if
one of the services is compromised, it's much harder for the attacker to to
interfere with other services, depending on how solid the separation is
in the virtualization.

Another benefit of running virtualized services is management.  Each of the
virtual images can do just one thing.  Setting up the virtual image to do
just DNS, for example make sit real simple.  And if you want to upgrade it,
it's so isolated that you can just work on that single thing.  Back-out to
a previous image if an update fails can also be extremely easy.

It's much easier to do an upgrade of a server if it's just running one
service, than if it's running 10.  Because instead of having to do 10 all
at the same time, you can just concentrate on one.

>it seems like it just adds more complexity and overhead.

Sure, it does add complexity.  You just have to decide if there are other
tradeoffs that make it worth it.  Last year I helped one of the local guys
here in Fort Collins get his new Athlon dual-core system running with Xen.
His idea was to run it as a workstation, but also as his public web server,
which he wanted isolated from the workstation.

We did get it running that evening, exactly as he wanted, but he ended up
giving up on the idea in the long term because of the complexity of it.

>also.  under xen, do you firewall under the xen child or on the parent OS

I run a firewall on every system capable of it.  For the Xen host machine,
it's "forward" firewall rule is usually just to allow, and the Xen child
machines run their own firewall for input.

>hosting the xen VPSs?  it seems that the parent really owns the hardware
>and the first crack at the packets coming off the interface so that
>firewalling would have to take place there versus in the xen child?  but

It could take place at the host level, but it can also happen in the
virtualized clients as well.

>under your base tummy VPS offering, your disk alotment is 1.5G.  Is it
>easy to install CentOS (or any of the other popular distros you recommend)

We do the CentOS install for you.  You then just run "yum update" regularly
or "yum install" to get the updates and package you want.  You probably
also want to run "yum clean all" periodically to clean out the package
files after they've been used.

>1) require lots of manual compiling and patching to get the base OS up and
>running (a crapshoot as to how much space the base will require) and
>hopefully have enough space left over or

I just do "yum install" for the software, I try not to custom compile
packages whenever possible.

>2) will it be a fairly straightforward install script/gui for the base
>minimal system with *known install requirements* + add/update additional

"yum install".

>finally.. you mentioned that tummy.com was running on your own VPS.  which
>package - base, enhanced or premium, under which distro, and how much
>space was remained outside of the base OS for websites?

We have various services running on pretty much every level and
customizations.  As I said, for a long time we ran mirrors.tummy.com on a
Xen virtual with 1TB of disc space and 1GB of RAM.  That was running
Ubuntu, IIRC.  Most of our virtual services are running on CentOS with the
base or enhanced service level.  Depends on what they need to do...

 A computer lets you make more mistakes faster than any invention in human
 history -- with the possible exceptions of handguns and tequila.
                 -- Mitch Ratcliffe
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>

More information about the LUG mailing list