

Rethinking the guest operating system - justincormack
http://lwn.net/SubscriberLink/567222/d02ddd1c4e25ae22/

======
rwmj
A lot like: [http://www.openmirage.org/](http://www.openmirage.org/)

This is an operating system that runs directly on the Xen hypervisor, written
in OCaml, which does away with the usual OS abstractions.

~~~
masklinn
Or [http://erlangonxen.org/](http://erlangonxen.org/) which does away with a
"traditional" OS entirely, running an erlang runtime directly on top of Xen.

~~~
rwmj
Right, they all sound similar.

What the article doesn't really emphasize enough is the aim of Cloudius is
entirely about running the JVM. This of course will guarantee popularity
amongst "enterprise" types.

However it's still very similar to running a JVM in a process directly on the
host. You could do something similar by running a JVM on the host and using
cgroups to confine it.

Cloudius's USP is that existing clouds are already running full guest
operating systems, so their OS-v running a JVM fits into this landscape
naturally. Architecturally it's nothing new.

I wish Dor & Avi well though :-) (ex Red Hat associates)

~~~
nl
BEA (now Oracle) had their JVM (JRockit) running on a hypervisor. I've never
seen it in real life, but apparently it was a real thing[1] at one point.

[1]
[http://www.javaworld.com/community/node/4304](http://www.javaworld.com/community/node/4304)

~~~
jared314
The current product page has download links:

[http://www.oracle.com/technetwork/middleware/jrockit/overvie...](http://www.oracle.com/technetwork/middleware/jrockit/overview/index.html)

------
kalleboo
So in the end, we're reinventing the OS with a hypervisor acting as the
kernel? Are the current hypervisors better or worse than the Linux kernel at
this task? What's the reason people don't just run these processes straight in
a regular Linux install with properly configured users/chroots/quotas?

~~~
Negitivefrags
I for one, really dislike this drive towards VMs for everything.

VMs are mostly about solving the same problems that operating systems were
there to solve in the first place, only slower.

I personally think that part of the problem is the way software is installed
and configured by modern package managers and distributions. It makes people
see the installed software as part of the operating system almost. If you want
two webservers with different configurations you therefore need two operating
systems.

The concept for creating a couple of different users and running the software
out of each one seems foreign to modern system admin these days.

~~~
arethuza
One additional reason for the popularity of VMs in enterprise environments is
that software vendors will often refuse to support applications on servers
that have other applications installed.

Supporting high-availability of guest servers by allowing "live" migration
from one host to another is pretty cool as well - either for fail-over or to
allow hardware maintenance.

The default position these days in enterprise environments seems to be that a
server will be a VM unless you have a _really_ strong case for having
dedicated hardware (and that only ever seem to apply for database clusters).

------
pantalaimon
This seems a bit ridiculous to me.

In the beginning you had

[OS] -> App

Then, people would put those Apps into a VM, the trend going to one VM per
app.

[OS] -> [VM] -> [App]

Just to realize that the VM may be too much of an overhead, so now OSv comes
along to cut that down, relying on the OS for memory management, task
scheduling, etc, effectively ending up with

[OS] -> [translation layer] -> App

So that's just a glorified sandbox, why not just use LXC?

~~~
harrytuttle
Actually just screw all of that and have:

[OS] -> App

Cheaper, less administrative overhead, less abstraction, less vendor tie in
(if you go POSIX for example).

I think that might upset the virtualization proponents though...

~~~
radq
Wouldn't that be less secure? I understand that it's possible to use chroot
and stuff, but isn't the whole point of virtualization/LXC that you have
better isolation and more control over quotas and stuff?

I am just curious as to why people would use virtualization at all if it is
possible to accomplish the same thing using regular processes.

~~~
harrytuttle
Would more code be more secure? To quote Theo de Raadt, who sums my opinion up
nicely as well:

 _" You are absolutely deluded, if not stupid, if you think that a worldwide
collection of software engineers who can't write operating systems or
applications without security holes, can then turn around and suddenly write
virtualization layers without security holes."_

Quotas are easy enough to enforce. Most UNIX derivatives (including Linux)
have disk and process quotas, some for over 3 decades.

Virtualization seems to be best used for reselling (and overselling) hosts
that are smaller than the physical machine and not much else.
Migration/failover is a non issue if you know what you are doing and if you
need larger machines, it's just more overhead on top of a dedicated host. Plus
it's increased administrative cost and more expense as a whole.

~~~
hrjet
I am little skeptical of VMs but not so much that I don't see any benefit in
it.

In theory, VMs should help reduce the attack surface by a lot. For example,
all the system calls in the VM are handled by the guest OS. The actual system
calls made to the host should be minimal and can be more easily audited.

------
mwcampbell
Like others here, I am unconvinced that there is any benefit to basically
using virtual machines as heavyweight processes. The existence of at least one
multi-tenant IaaS provider (Joyent) and a few multi-tenant PaaS providers
(Heroku, dotCloud) using OS-level virtualization suggests that a shared kernel
running multiple processes provides enough isolation.

~~~
yalogin
I am not so sure. I would say there is a market for both. There are things
that LXC based solutions cannot do yet. Solutions around VMs are very mature
and offer features like live migration of apps for e.g. by which I mean they
even do monitoring of apps running on the data center.

------
taproot
This sounds like a great opportunity for anyone wanting to get into os
development with a few easy tasks still todo.

I'm curious how you would configure and manage your applications. Like are you
able to attach to the input and output streams from the host or would you
still get some basic form of bash to manage it?

------
nl
Wow.

I've played with CoreOS a bit, but this is a much more radical change.

I love how people are beginning to rethink many of the things that all
successful operating systems have had in common so far.

The idea of using virtualization as an inherent layer in the application
architecture (ht IBM OS/360) is great for flexibility.

------
justanother
So we have a guest operating system that doesn't implement
multitasking/timesharing because you can safely leave that up to the
hypervisor. Is it just me, or is this more or less the same thing that was
done with VM/CMS on IBM 370s in 1972?

------
jbellis
1000 words on why this matters: [http://www.slideshare.net/eonnen/high-
performance-network-pr...](http://www.slideshare.net/eonnen/high-performance-
network-programming-on-the-jvm-oscon-2012/62)

~~~
mwcampbell
If the virtualization tax is high when you care about throughput, then isn't
that a case for _avoiding_ virtualization altogether?

------
pibi
Very similar to: [https://github.com/anttikantee/rumpuser-
xen](https://github.com/anttikantee/rumpuser-xen)

~~~
anttiok
Someone asked me to compare the two:

[http://blog.netbsd.org/tnf/entry/running_applications_on_the...](http://blog.netbsd.org/tnf/entry/running_applications_on_the_xen#comments)

tl;dr amount of code rewritten vs. reused

------
ogrisel
Will this make it possible to use docker.io directly under OSX without having
to use vagrant / virtualbox to run a linux host OS for LXC containers?

Right now, only Xen, KVM and EC2 HVM are supported hypervisors. Hopefully an
OSX might come with vmware support later.

~~~
lotyrin
No, this is sort of the opposite of containers.

Instead of having an full OS-like isolated system within a single OS without
virtualization, this is using virtualization but avoids having a full OS-like
system inside the guests.

~~~
ogrisel
Yes I understood that. But right now if you want to use docker.io on your OSX
dev box you have to run linux inside a VM to be able to leverage the docker.io
features (building and testing apps in lightweight containers) for later
deployment on the target cloud infrastructure.

If you have OSv working both under virtualbox or vmware on your OSX dev box
and under KVM or EC2 HVM on your cloud production environment, then it might
be possible to have a docker.io features directly under your OSX dev box.

~~~
lotyrin
Guess I'm confused: What features of Docker does this provide?

Also, if you're willing to virtualize something, and want Docker features, why
wouldn't you virtualize Docker?

~~~
ogrisel
docker is more like a frontend to pack, ship and deploy specific applications
and their configuration as "containers" to be run in lightweight isolated
environments (such as LXC currently).

Currently if you want to use docker under OSX you have to run it inside a
Linux VM (typically using the vagrant / virtualbox). But the Linux VM is using
a bunch of memory on your dev environment. If docker could run the app inside
virtualbox + OSv rather than having to use virtualbox + full linux + LXC I
assume you would get a more lightweight dev environment (faster boot times and
less memory usage).

~~~
taproot
I'm confused why can't docker run on bsd?

