No
YesSummary
This article describes the best practices and known limitations of Parallels Virtuozzo Containers (PVC) for Linux and Parallels Server Bare Metal (PSBM).This article will help you to better understand OS virtualization capabilities and choose an appropriate usage scenario for your Parallels Virtuozzo Containers product.
Known limitations
Despite the higher densities and faster management operations provided by container virtualization as compared to hypervisor solutions, the fact that containers share the same OS kernel with their host leads to certain restrictions in their use. This section provides recommendations to follow when deploying and maintaining Parallels Virtuozzo Containers for Linux. These recommendations are imposed by the nature of OS virtualization.-
Third-party drivers
Parallels Virtuozzo Containers for Linux and Parallels Server Bare Metal support the same set of devices as an upstream kernel. If drivers for certain devices are not included in the stock Red Hat Enterprrise Linux distribution, it is necessary to recompile the drivers for PVC kernel manually.
NOTE: It is necessary to recompile drivers each time a kernel update is installed. Perform extensive testing of recompiled drivers before installing them on a production system.
Related Knowledge Base articles:
111488 Which hardware is Parallels Server Bare Metal compatible with?
111375 How to create driver disk for Parallels Server Bare Metal installation
111113 How to compile custom drivers for PVC kernel
114181 How to compile IBM RDAC drivers for PVC kernel
6731 How to build HP-ILO modules for PVC
-
Kernel modules and iptables
It is not possible to load kernel modules from inside a container; however, all modules loaded on the node are generally available for all containers. Parallels Virtuozzo Containers for Linux, however, provides the capability to restrict several modules' availability for particular containers. These include iptables modules and network device-related modules.
Related Knowledge Base articles:
113056 Managing iptables modules in containers
113000 Issues with firewall on HW Node - Impossible to use ip_nat and ipt_state modules
112493 [Info] Is IPSec supported inside Parallels Virtuozzo Containers for Linux containers?
-
Online migration
Online migration of containers requires both source and destination nodes to match specific conditions in order to successfully restore a container's memory on the destination host. The destination node must have not fewer capabilities than the source node.
Related Knowledge Base articles:
113024 Online container migration product version compatibility
113781 Online migration and checkpointing limitations for Linux containers
113129 Preparing containers for migration
111855 /vz over NFS: online migration does not work
-
OS compatibility
Parallels Virtuozzo Containers for Linux and Parallels Server Bare Metal support most modern and popular Linux distributions as the host OS (PVC) and the guest OS. It is possible to create custom OS templates; however, these OSes must use the same mainstream kernel as supported distributions.
Related Knowledge Base articles:
111921 Which OS templates are supported by Parallels Virtuozzo Containers 4.7?
112437 Host OS versions supported by Parallels Virtuozzo Containers for Linux
Best practices
-
Planning deployment and upgrade
Before deploying or upgrading the Parallels Virtuozzo Containers infrastructure, it is recommended that you review the relevant deployment guides, best practices documents, and recommendations.
Related Knowledge Base articles:
113433 Best Practices for Parallels Virtuozzo Containers as an IaaS Virtualization Platform
112499 Parallels Virtuozzo Containers for Linux FAQ
111815 Recommended resources for planning an upgrade from Parallels Virtuozzo Containers for Linux 3.0 or 3.0 SP1
112388 Is it possible to perform an in-place upgrade from Parallels Virtuozzo Containers for Linux 3.0 to 4.7?
112334 Upgrade Path from Parallels Virtuozzo Containers 3.0 for Linux on CentOS 4 to Parallels Containers 4.7 on CentOS 6.x
112554 Upgrade paths for PVC for Linux 3.0 node registered in PBA-S
Related documentation:
Parallels Virtuozzo Containers Deployment Resources
-
Keeping server up-to-date
Both host OS vendors and Parallels are continually publishing updates to provide the latest security patches and stability improvements.
Related Knowledge Base articles:
1170 How do I keep a PVC installation up-to-date?
1647 How do I update the base OS on a PVC server?
111318 Which repository is safe to use with Parallels Server Bare Metal?
111582 How to apply PVC updates on a spare node in an Active-Passive RHL cluster
-
Configuring network
Container hosting is inextricably bound to network services, which is why it is necessary to plan the network schema of containers, network topology, and provided services requirements.
Related Knowledge Base articles:
112961 How to create a container attached to two different networks
113732 Power Panel on Parallels Server Bare Metal 5 best practices
1004 Which ports should be opened on the PVC Hardware Node and Service Container?
-
Backing up containers
Make backups on a regular basis and periodically do a test backup restore.
NOTE: Without a backup, there is no guarantee that customers' services can be restored after a failure.
Read the below-mentioned resources and select a backup which suits your needs best.
Related Knowledge Base articles:
113790 Backups in PVC and PSBM
8133 How to increase PVA Agent timeouts for backup operations
114248 How to move container backups to another server
Related documentation:
Parallels Virtual Automation Administrators Guide
-
Mitigating failures
It is necessary to be prepared for possible failures and to be able to quickly bring up a customer's services. There are several general recommendations which virtually eliminate the downtime of your customers:
- Make backups on a regular basis and periodically do a test backup restore.
- Consider deploying clustered servers and services.
-
Ensure Hardware Nodes have enough resources to host the required amount of services.
In the case of a clustered installation, it is necessary to consider the total load on the server if all resource groups are failed over to a single machine. - Configure the environment to facilitate troubleshooting of failures.
Related Knowledge Base articles:
1449 How to handle a server crash scenario
10049 How to handle a server hang scenario
10041 How to set up a serial console to a Linux server
10044 How to configure kernel crash dumps on a Linux server
112599 How do I determine if my container is hacked/compromised?
112807 UBC resources in Parallels Virtuozzo Containers for Linux
112740 Memory limits in Parallels Virtuozzo Containers for Linux
Related documentation:
Clustering in Parallels Virtuozzo Containers-Based Systems
Parallels Virtuozzo Containers 4.7 for Linux - Deploying Clusters in Parallels-Based Systems