OpenVZ MAD Profile
A distributed independent cloud capable of running Podman pods on low RAM hosts.
Distibuted means reliable, independent means free as in freedom, low RAM means cheaper as the VPS cost is dominated by the RAM amount.
Prepare the pods:
smith-strace
to minify them (optional)Configure the nodes:
sudo
on the hostsConfigure the master
ansible all -m ping
is all greenEnjoy ansible-playbook -i hosts.ini deploy.yaml
AlmaLinux 8 and RHEL 8 should work too.
ssh-add -l
ssh-copy-id root@{server-ip}
./bootstrap.sh {server-ip}
ssh {server-ip}
- now it should let you in with your key (note no root@
- the previous step created the same remote user as whoami
!)sudo yum update --security
smith-strace
script workwith such low operation cost even a hobbyist can afford operating a complex multi-server web service for years. And I hope that such improved longevity of hobbyist projects will bring more innovations to the web, as entry cost is at least twice as lower.
One problem of using cheaper VPS providers is that many of them die each year. So some provisions for redundancy must be made, as a VPS can just disappear along with its hosting company without any notice.
vzmaster newnode
with only IPs and root passwords from activation emailsvzmaster deploy
to build and push a new version of your applicationnewnode
/deploy
ansible
. No management or data collection daemon processes whatsoever on slaves besides init
and sshd
.init
/PID 0
in the spirit of /etc/inittab
copy
(not pull over HTTPS, so no image registry)Rootfs:
Container runners:
Command and control:
Supervision/zombie reaping:
Image building:
bootstrap
)strace-chroot
to create the rootfs
part)vzmaster {push|start|kill}
as a front end to Ansiblerunch {start|kill}
runch start
monitors using a shell loopMaster-slave:
Slave only:
vzexec
container runner with integrated container crash supervision and auto restartbootstrap
bootstrap
to avoid repetitionall
iptables
setup to open portsxdelta3
or bsdiff
Less ad hoc implementation of what was in 0.x, and in addition:
Slave only:
runch
with runc
Master only:
Master-slave:
Slave only:
Master only:
For more complex cases, strace-trace
uses strace
Linux only tool to trace system calls and find all files opened during the test run:
$ strace-trace perl -MHTTP::Date -e 'print time2str(time())."\n"'
$ cat spec
/etc/localtime
/usr/bin/perl
/usr/lib/libc.so.6
/usr/lib/libcrypt.so.1
/usr/lib/libdl.so.2
/usr/lib/libm.so.6
/usr/lib/libpthread.so.0
/usr/lib/locale/locale-archive
/usr/lib/perl5/core_perl/CORE/libperl.so
/usr/lib/perl5/core_perl/Config.pm
/usr/share/perl5/core_perl/Carp.pm
/usr/share/perl5/core_perl/Exporter.pm
/usr/share/perl5/core_perl/Time/Local.pm
/usr/share/perl5/core_perl/constant.pm
/usr/share/perl5/core_perl/strict.pm
/usr/share/perl5/core_perl/vars.pm
/usr/share/perl5/core_perl/warnings.pm
/usr/share/perl5/core_perl/warnings/register.pm
/usr/share/perl5/vendor_perl/HTTP/Date.pm
The spec
file created in current directory can be used to create a minimal OCI rootfs/chroot