From: "Toby Corkindale" <toby(a)dryft.net>
> On 5 November 2014 12:42, Peter Ross <Petros.Listig(a)fdrive.com.au> wrote:
>> I have to admit not really to understand the "support this or that
>> virtualisation"
>>
>> A virtualisation presents a "virtual computer" and this may slightly
>> differ depending on the virtualisation solution.
>>
>> But the same goes for physical machines.
>>
>> And I have not read: "Product XY only works on Dell T610 and HP ML 150".
>> I
>> can install it on a "no name box" as well. Why not on any VM?
>>
>> The ERP solution [not Oracle, btw] I am dealing with in-house runs on
>> Tomcat. Tomcat and Java are designed to live "everywhere".
>>
>> Of course the software is certified on Linux X and Windows Y only..
>
> So, in theory virtualisation should be roughly the same everywhere.
> And something like the JVM is designed to work almost everywhere.
> And usually it all works OK.
>
> However sometimes you get bizarre incompatibilities -- the one I'm
> thinking of is OpenVZ and the JVM.
> I don't know why, but the jvm just doesn't work right under OpenVZ --
> it's a well-known issue.
> (And one which I believe points out that openvz has been flawed all
> along; I wouldn't trust *anything* under it as a result)
Oracle does not support containers, Avi pointed out.
In short, containers and Jails are not full virtualisation.
As an example, FreeBSD jails are having a problem with shared System V
memory:
jail(8) man page:
https://www.freebsd.org/cgi/man.cgi?query=jail&sektion=8
allow.sysvipc
A process within the jail has access to System V IPC
primitives. In the current jail implementation, System V
primitives share a single namespace across the host and
jail environments, meaning that processes within a jail
would be able to communicate with (and potentially
interfere with) processes outside of the jail, and in other
jails.
Not that the default is 0(disabled):
"Some restrictions of the jail environment may be set on a per-
jail basis. With the exception of allow.set_hostname, these
boolean parameters are off by default."
If you really need to run multiple postgresql (e.g.) in various jails on
the same box you can run them with different UIDs (and enabling SysV
memory) but it makes security a "cooperative issue" - only recommended if
you control host and jail environment yourself (e.g. not a good idea for
web hosting)
The handbook writes about jails:
"Important:
Jails are a powerful tool, but they are not a security panacea. While it
is not possible for a jailed process to break out on its own, there are
several ways in which an unprivileged user outside the jail can cooperate
with a privileged user inside the jail to obtain elevated privileges in
the host environment.
Most of these attacks can be mitigated by ensuring that the jail root is
not accessible to unprivileged users in the host environment. As a general
rule, untrusted users with privileged access to a jail should not be given
access to the host environment."
I do not know this about OpenVZ (and in general Linux containers).
The documentation about Linux containers is a bit vague in this regard (or
I have not found the "ultimate answer" yet). One reason not to trust it
that much.
Here is one example about container issues mentioned (but not explained):
http://unix.stackexchange.com/questions/127001/linux-lxc-vs-freebsd-jail
"There are some known security issues with LXC that can be mitigated using
selinux, for example."
I actually would like to know what the "known security issues" are..
Cheers
Peter
Hi,
From: "Avi Miller" <avi.miller(a)gmail.com>
>> On 5 Nov 2014, at 12:42 pm, Peter Ross <Petros.Listig(a)fdrive.com.au>
>> wrote:
>>
>> I have to admit not really to understand the "support this or that
>> virtualisation"
>
> I misused some words and apologise: In the case of Oracle in particular,
> there is a difference between "supported" and "certified" - we support
> Oracle products on any platform to the best of our ability, but if we
> can't reproduce the issue internally, we may need to engage the
> HW/virtualisation vendor.
Thanks for clarification. I think I did not differentiate the two words as
well.
>> And I have not read: "Product XY only works on Dell T610 and HP ML 150".I
>> can install it on a "no name box" as well. Why not on any VM?
>
> We have hardware certification[1], just like we have virtualisation
> certification.
Oh, I did not know that.
>> (BTW: Is Oracle DB supported in a Oracle VirtualBox?)
>
> Yes, for development and test purposes. Not for production use, AFAIK.
> Then again, the performance you'd get in VirtualBox probably doesn't meet
> your production needs anyway.
That could be right. But I am actually not that sure how much it matters.
As I was "toying" with Oracle VM I moved a Zimbra Server running on
Ubuntu. From FreeBSD/VirtualBox to Oracle VM (Linux/Xen)
I did not "feel" a difference.
Maybe a benchmark question: Which benchmarks would you run to compare the
two in various ways?
If I have a bit time I like to try it.
I find it difficult to compare them in "normal usage" if you do not
migrate all VMs from one solution to another (on the same hardware)
because the overall load of a system has an impact on a VM as well.
I also tend to have a bit of "space" on the servers to avoid bottlenecks.
Usually I do not over-allocate (sorry, there is a better word I just
cannot remember just now) or at least not much. The space is also used as
a buffer if I have to migrate VMs/services suddenly (e.g. caused by a
failing machine)
The result may differ on different hardware as well. E.g. I could imagine
to have different results if I try the two stacks on a 32GB modern
hardware - or on a 5 years old machine with 8 GB only. Depends where I
find a bottleneck.
> Hope that makes things a little clearer from our perspective.
Yes it does:-)
Thanks
Peter
On 5 November 2014 12:42, Peter Ross <Petros.Listig(a)fdrive.com.au> wrote:
> I have to admit not really to understand the "support this or that
> virtualisation"
>
> A virtualisation presents a "virtual computer" and this may slightly
> differ depending on the virtualisation solution.
>
> But the same goes for physical machines.
>
> And I have not read: "Product XY only works on Dell T610 and HP ML 150". I
> can install it on a "no name box" as well. Why not on any VM?
>
> The ERP solution [not Oracle, btw] I am dealing with in-house runs on
> Tomcat. Tomcat and Java are designed to live "everywhere".
>
> Of course the software is certified on Linux X and Windows Y only..
So, in theory virtualisation should be roughly the same everywhere.
And something like the JVM is designed to work almost everywhere.
And usually it all works OK.
However sometimes you get bizarre incompatibilities -- the one I'm
thinking of is OpenVZ and the JVM.
I don't know why, but the jvm just doesn't work right under OpenVZ --
it's a well-known issue.
(And one which I believe points out that openvz has been flawed all
along; I wouldn't trust *anything* under it as a result)
Anyway, given such occurrences exist, I could see why software vendors
might not approve of their stuff being run in certain VMs. If they've
found it causes support headaches, they might just not want to go
there any more.
T
Hi Avi and all,
From: "Avi Miller" <avi.miller(a)gmail.com>
> We support most virtualization platforms including VMware, Hyper-V and
> Oracle VM. We also support most operating systems. Certification has also
> broaden to include RDBMS on Windows running on Hyper-V (with Oracle Linux
> certification on Hyper-V in progress).
I have to admit not really to understand the "support this or that
virtualisation"
A virtualisation presents a "virtual computer" and this may slightly
differ depending on the virtualisation solution.
But the same goes for physical machines.
And I have not read: "Product XY only works on Dell T610 and HP ML 150". I
can install it on a "no name box" as well. Why not on any VM?
(BTW: Is Oracle DB supported in a Oracle VirtualBox?)
The ERP solution [not Oracle, btw] I am dealing with in-house runs on
Tomcat. Tomcat and Java are designed to live "everywhere".
Of course the software is certified on Linux X and Windows Y only..
Practically I do not get any Linux support because "Windows is standard"
downunder. So I'm told.
Not to mention that I install an older version because the new one "is not
launched in Australia yet". It's available in Europe since April..
In one case I spoke to technical support in Germany to get some clues and
confirmation.
They were helpful but contract issues prevent them from supporting me
continuously.
I could have installed it under FreeBSD I guess. Wouldn't make any
difference, support-wise.
Did I mention that I love proprietary software? ;-)
Regards
Peter
SUSE Linux next version is about to be released and my broadband
allocation has plenty left to do this - but the SUSE release occurs just
after the broadband expiration. So I will have to wait, with a large
balance, until tomorrow - baah
I am interested in this as SUSE has a different 'take' on what users
want - some of my favourite utilities are hard to get and they are like
torture to install -
this was predictable - just bad timing.
Mike
Hi All,
Have searched a while, but can't even find the relevant forum where my
problem would be best addressed.
***** Background:
Recently installed Linux Mint MATE * Qiana on my desktop and laptop (64
& 32 bit versions respectively). Have a Lexmark E230 monochrome laser
printer, which the Mint install/setup routine handled easily and
effortlessly. It prints documents perfectly, whether I'm printing PDFs
from Document Viewer, Word docs from LibreOffice, or ASCII text from the
Pluma text editor.
***** Problem:
(On the 64-bit desktop, haven't tried the 32 bit laptop.) Whenever I
print a second document, regardless of which of the above apps I'm
using, I get printer code, instead of the desired document. For instance...
PJL ENTER LANGUAGE = PCLXL
) HP-PCL XL;1;1;Comment Copyright Artifex
Software, I
(then a new page, and the full range of random ASCII characters -- e.g.
foreign letters, emoticons, etc.)
I have to turn my printer off and on, for every item I want to print. Grr.
(Note: If I'm in LibreOffice and ask it to print multiple copies, I
don't have any problems.)
***** Question:
Any suggestions on =whose= forum I should direct this problem to? e.g.
Mint, Ubuntu, Debian, CUPS, some printer driver developer group, etc.?
(Note: I've found the Linux Mint forums the worst I've ever
encountered. And I've probably used well over a dozen in the past
decade. Lots of people asking questions, and nearly zero responses from
anyone knowledgeable.)
Thanks =very= much guys,
Carl Turney
Bayswater, Melbourne
* BTW: MATE is pronounced "MAH-tay". I have an Argentinian friend who
loves the locally-famous drink which the GUI is named after.
