2nd Generation Funtoo Compute Infrastructure and Plan Upgrades

[drobbins]

Hi All,

We have deployed our second-generation compute infrastructure and have begun the process of moving containers over to it. This funtoo-based infrastructure is running on faster hardware and is using ZFS for storage. For more information on our second-generation platform, see https://www.funtoo.org/Funtoo_Containers

Also note that plans have been upgraded. Our base plan for $15/mo now comes with 8 cores and 60GB of storage (was 6 cores and 50GB previously.) The medium plan now has 16 cores and 120GB of storage (was 12 cores and 100GB). And our large plan now has 32 cores and 240GB of storage (was 24 cores and 200 GB). All existing containers will be automatically upgraded to these new resource levels when they are migrated to the new infrastructure :)

Best,

Daniel

[tux]

Hi Daniel,

Do we need to expect a downtime/reboot during the migration ? I'm going to backup some files just in case :)

Funtoo container plans are truly impressive !

[drobbins]

Migration typically involves 1-5 minutes of downtime. Typically if you do not have a ton (like 100GB of data) the downtime is closer to one minute. So pretty painless.

[s4uliu5]

Hi Daniel,

very interesting news!

Does it mean that OpenVZ  kernel will not be supported/updated, at funtoo, anymore? And if anybody is using OpenVZ right now should plan/start migration to LXD?

And just curious - why LXD?

Thank you!

[drobbins]

We will continue to support the OpenVZ RHEL6 kernel. This kernel will still be maintained upstream for several years.

LXD runs on newer kernels and is getting mature enough to use in production, so it worked well for us.

[drobbins]

One note that when we upgrade to core-kit-1.2, the minimum kernel supported will be linux-3.2. This upgrade should be happening within a week. You can choose not to upgrade and stay at core-kit 1.0 if you need OpenVZ RHEL6 compatibility. So it does appear that we will be moving away from OpenVZ for our default build.

[haxmeister]

The upgraded container is running well.. the performance is fantastic, thank you!

[palica]

There is more to come such as running LXD inside you container, or running Docker inside your container, or even running VirtualBox inside your container.

Teaser:

Ubuntu inside VBox inside my container.

[ennui]

My container was rebooted on Apr 17 22:36 UTC. Previously, my dovecot installation was non-functional since the migration to LXD, as execv() calls to dovecot's helper processes were failing. Now, after this reboot, dovecot is working as expected again.

Was there a mandatory access control (MAC) or some other restriction mechanism in place on the host system?

[palica]

yes, apparmor was blocking dovecot.

[ennui]

9 minutes ago, palica said:

yes, apparmor was blocking dovecot.

Understood. Thanks for rectifying.

[erikr]

Just to clarify, will I be able to make snapshots of / from within my container or the management console?

[palica]

this is planned through irc robot. including restarts of container. and other stuff. it is WIP.

[erikr]

9 hours ago, palica said:

this is planned through irc robot. including restarts of container. and other stuff. it is WIP.

Cool, I am always hesitant to get started with updated unless there is a  snapshot available to role back to. Or even better a snapshot to make the upgrade in until it is successful.

[palica]

i can create a snapshot for you right now if you want. pm me on irc.

[ennui]

@palica @drobbins: Is AppArmor blocking Dovecot again? I see my Dovecot processes went down around 2019-11-18 01:35:01 UTC:

Nov 18 01:35:01 [dovecot] master: Warning: Killed with signal 15 (by pid=21330 uid=0 code=kill)

Subsequent attempts to restart Dovecot are failing:

# /etc/init.d/dovecot start
Fatal: execv(/usr/bin/doveadm) failed: Permission denied
 * Error parsing /etc/dovecot/dovecot.conf
 * ERROR: dovecot failed to start

 

[palica]

@ennui sorry don't have access to funtoo infrastructure anymore. you'll have to wait for drobbins to answer this one.

[drobbins]

@ennui AppArmor is enabled again, and for a bit the dovecot mess resurfaced. But I disabled the dovecot profiles this should have already been resolved. If necessary, reboot your container and it should be fine.