kernel level virtualisation requirements.

Ade Lovett ade at FreeBSD.org
Mon Oct 15 20:13:12 PDT 2007 

On Oct 15, 2007, at 17:09 , Julian Elischer wrote:
> There are many levels of virtualisation.

Sure, we can take that one as read :)

[.. snip good description..]

> The one I'm particularly interested in is the kind of which "jails"  
> is a member.
> It's the one that requires us to make architectural changes to our  
> kernel the most,
> but it is also the one that can be the most efficient. It does NOT  
> however allow
> running of different OS's (other than possibly allowing one to have  
> a virtual system
> that runs a userland we can emulate, e.g. some Linux an dearlier  
> versions of FreeBSD.

Definitely a noble goal, and one that I am willing to dedicate my  
meagre knowledge to.

The reason I brought up the RELENG_<multi> concept is one that would  
likely address a very real cost.  The physical hardware is, these  
days, a very small percentage, of the TCO.  To take an example, let's  
look at package building.

Now, with a few tweaks and hacks, it's possible to take a CURRENT  
machine (well, RELENG_7 right now at least in my case), and with a  
further few prayers, make RELENG_5/6 chroot's to build packages in  
addition.  The machine itself as more than enough horsepower to do  
this - and cuts dramatically the amount of power and space required  
to do the job.

However, this is not necessarily an ideal solution, since there is  
the fairly major unknown of differences between a "true" RELENG_5  
system, and one that is RELENG_5 userland + RELENG_7 kernel.  As APIs  
and ABIs change, so these unknowns become more fragile.

jails absolutely serve a purpose, something which I also make  
extensive use of, albeit in testbed environments, for solid  
segregation of application-level services whilst running on the same  
hardware, but it does really require that both the master and all  
jails are synced up as far as kernel + userland goes, for each jail.

I have no magic bullet to solve this, since I don't believe there is  
one, but perhaps by widening the scope a little (but still focusing  
on what we currently know as jails) we can, possibly, get to full  
virtualisation.

-aDe

More information about the freebsd-arch mailing list