Just recently our technology partner Odin (previously known as Parallels), the company that propelled the development of isolated containers technology for Linux, celebrated its 15th anniversary. Below is the interview with representatives from Odin, where they revealed some of the details about the company’s participation in the development process of several open source projects, about the containers technology they provide and their influence on the container market nowadays.
This article was originally published at OpenNet. Here we provide its translation with our own observations and comments, as we are closely acquainted with Odin containers solution which is used within Jelastic Cloud from the very beginning of our platform creation.
Odin is one of the founders of the container-based virtualization industry. How did you grow your business and what tasks did you aim to achieve?
Over 15 years we have been doing container-based virtualization of servers on the level of OS, and our company (named SWsoft in those days) became well-known very fast because of this system. In 2001 Odin released Virtuozzo – a container virtualization solution that gained popularity in the hosting market. The open source version became known as OpenVZ. From 2005 OpenVZ existed as an independent project. In Odin we tried to make Virtuozzo for FreeBSD, but it was an unpromising attempt, and we closed it. In 2005 Virtuozzo version for Windows was launched.
According to the report of the Linux Foundation, Odin was in the list of the developing companies that contributed the most in the core Linux kernel. For example, only for OpenVZ project we made approximately 1700 patches in the kernel. From last news, RedHat gave thanks to Vladimir Davidov for reporting some serious issues - CVE-2014-0203 and CVE-2014-4483 in the latest RHEL6 kernel update (the second problem was detected by one of our automatic tests using Linux Test Project). Vasiliy Averin received a commendation for error detection CVE-2014-5045, Dmitriy Monahov – for CVE-2012-4508.
The container project of Odin still remains the only commercially successful project in the field of virtualization on operating systems. With revealing interest in containers by Google (high density comparing to the hypervisors, high performance and elastic response when you reconfigure the system due to the changed load for mass provisioning of the web services), technology started to appear in the enterprise segment. The OpenVZ project constantly improves and ports to new kernels. The company adds new functionality, improves performance and launches updates, including those connected with security. We are focusing on the stabilization of the kernel based on RHEL7, which is quickly approaching to the status of beta.
It is worth mentioning that OpenVZ received official technical support from Odin and the opportunity to get financial help.
Today, the task of Odin is to bring the technology of container virtualization into the mainstream of Linux, so that every Linux server in the world could have an opportunity to create the containers.
What technologies have been adopted in OpenVZ kernel Linux?
The OpenVZ project as a part of company’s container development, is aimed to transfer all of its functionality in Linux kernel (it is already 2/3 implemented). The kernel has PID, network namespaces, the parts of cgroups resource controllers, NFS-virtualization, and the mass of different fixes. There has been implemented the extension of the opportunities to manage container resources, “freezing” the container’s conditions and resumption of their work with a minimum of kernel modifications, live migration of containers from one physical server to another. This work will be continued.
Why? We have mutually beneficial relationships with the OS-community: we create new technologies, sharpen them with our users, and return to the kernel. Why should we give it to them? Once in a few years, changes have to be moved to a new code base, and this is not the most exciting work and that takes a lot of time.
The second reason is that someone else can add identical functionality, but it won’t be appropriate for our needs. It is important to understand that the promotion of own code in the kernel often creates long discussions with other developers, and, as a result, from the initial patch nothing is left at the end.
Does Odin have any connection to the development of LXC tool?
We always hear that the developers differentiate LXC and OpenVZ projects. This is unfortunate, because the team that develops OpenVZ, also actively develops LXC, merely in cooperation with other companies. And the contribution of developers from Odin in LXC is significant – more than half of the code is written by us, and some parts are done only by the Odin team. As developers, we only win from the fact that containers have been used by other companies, for instance, Google and IBM. That’s why we do not oppose LXC and OpenVZ. Basically, these are interpenetrating things, merely, LXC is under development, and it is not ready for mass consumption, and OpenVZ is a turnkey solution, suspension over LXC.
In 2005 Google was looking for elastic resource scaling. It was necessary that each user had an opportunity to get a qualified web service at any time, regardless if the current loads and remaining resources could be used for business background tasks. Google employees have experimented with traditional visualization, but they abandoned to apply it. At the same time, a group of developers was working with Linux and the concept based on the mechanism of cgroups. In a few months Google has hired this group to work on containerization of their data centers. In January 2008, a part of cgroup technology, used at Google, was transferred into the kernel.
This is how LXC project (LinuX Containers) was born. Close to this time, Odin launched OpenVZ. In 2011 Google and Odin agreed for cooperation working with their container technologies. It resulted in the implementation of Linux kernel v.3.8 in 2013, in which all current container technologies for Linux were connected. It helped to prevent the painful division of KVM and Xen kernels.
Can СRIU make live migration for containers?
CRIU is the project that was also born in the process of interaction between Odin team and a community of Linux kernel developers. This technology can stop the processes on Linux and restore them at another place or at a different time based on received data (checkpoint/restore technology). Moreover, this is the first implementation of the applications’ snapshot technology, which runs on unmodified OS (a kernel + system library) Linux (for example, accessible in Fedora since the 19th version) and supports any state of processes. Projects of this kind have been done before, however, they had some drawbacks, or they needed a special kernel to tighten up system libraries, or there were some limits of maintained states.
The first implementation of checkpoint/restore from Odin appeared in 2005, and it supported OpenVZ and Virtuozzo containers. The author of it is the legendary Alexey Kuznetsov who is the creator of 90% TCP/IP stack in Linux. We tried to bring it to an upstream kernel already at that time, but we did not succeed. The next attempt was done by Oren Laadan in 2008. He suggested a more versatile version of the kernel implementation, but the community was not excited about such complex code, and the attempt again failed. Then, in 2011, the head of the development team of Odin Server Virtualization, Pavel Emelyanov, decided to take another road - when most of the logic is implemented in the space of the user, and kernel modifications are minimal. Thus, CRIU (Checkpoint/Restore [mostly] In Userspace) was born. In the fall of 2013, the first major release of CRIU 1.0 was announced, and in September 2014 the version1.3 was launched providing, among others, one very important thing for the whole market – live migration of containers, including Docker and LXC. This we achieved thanks to another project – P. Haul that is built over CRIU and implements live migration.
Why do we need it? There are lots of ways on how to use this technology: in addition to live migration, the acceleration of the large applications start, update of the kernel without rebooting, load balancing, saving the task status in case of system failure. Why does the community need it? There are several scenarios of usage, including network load balancing, behavior analysis of applications on another machine, processes duplication and etc.
What is the relationship of Odin with Docker project?
Docker is not a competitor but a partner for system libraries. Sometimes we get some strange questions about the competition with Docker that handles containers as well. We consider them strange because the existing container projects are not in the state of the competition on the market. For a long time in the past, various container projects (for instance, OpenVZ, LXC, Docker) coexisted rather than in parallel, offering their users a similar experience in essence, but different in its implementation and detailed technology. But the clouds continue to grow and their popularity increases along with them. And the developers of container virtualization technology unite to solve the problems.
We work together on system library projects that provide an interface to the kernel container components. First of all, the Libcontainer project started by Docker, now involves Odin, Canonical, Google and RedHat, and they agreed on joint development. Secondly, libct library that was started by our colleague Pavel Yemelyanov, and now is actively developed with a help of Docker, LXC and Google. In particular, we are working on support of Docker in OpenVZ kernel (backend in the libct) and inside OpenVZ container. Both projects have the same objectives, which is to standardize Docker with Linux kernel and lock in to the major programming languages, and, thus, to expand the number of usage scenarios for the containers’ industry.
These libraries are necessary because the kernel does not have such term as “container”. Speaking of containers, the kernel developers mean several different kernel subsystems that, if used properly, let isolate the applications in virtual environments. These are mainly cgroups and namespaces. The direct use of kernel interfaces is possible but rather non-trivial. Libraries designed to simplify the procedure of their use giving programmers the interface that has more typical terms: “container”, “computing resources”, “virtual network” and etc.
Does Odin participate in the development of virtualization technology?
We are involved in the development of libvirt, the cross-platform library for virtualization management, organized by RedHat. There we have added support for the above mentioned Odin Cloud Server and OpenVZ products.
Congratulations to our partner Odin on their 15th anniversary and the enormous success they have achieved.
If you would like to discover how Jelastic uses container technology, enabling live migration, full isolation and security, smart distribution of containers, high density, memory de-duplication, full orchestration and more, sign up for your 2-week free trial now!