Hello,

I was asked for help by a person who wants to standardize all systems on CentOS. This person wants to migrate some physical servers to virtual, such as a web server, DNS servers, and some Proxmox containers.

This person likes Proxmox but that is Debian based and he wants to standardize everything to CentOS. He is prepared to move to a different interface.

I have been using Linux for many years, but I am a CentOS newbie and not a sysadmin. I have only VirtualBox experience. I appreciate recommendations about:

* Whether to use CentOS 6.5 or CentOS 7.

* Sane methods for virtualizing the existing servers.

More info:

I am not too concerned about the new technologies in CentOS 7, such as GNOME 3, systemd, etc. These systems are servers and once the standardization is established, I suspect subsequent systems will be similar. I expect most remote maintenance to be performed by SSH. CentOS 7 has four more years until EOL, which this person likes, and seems to have better virtualization support. But he is open to using 6.5 as well.

My understanding is KVM only supports full virtualization. As CentOS supports KVM, is that the most straightforward approach? Seems a nuisance to perform a full install with each VM. Or is the common practice to install an OS as the host, create a first VM with the same OS (full install), and then use that first VM as a template? Or can the host install be used as a template?

Or is LXC a better approach seeing as all operating systems will be the same? (I am showing my ignorance as I really don't know whether LXC is a sane choice).

Also appreciated are thoughts about migrating the physical systems to virtual. For example, I believe the person's web server is running Mandriva and Apache 2.2. Once a CentOS "web server" VM is created, is the migration little more than copying config files and web pages?

The person's DNS servers currently run djbdns, but the owner has tinkered some with preparing to move to bind.

This person plans to use two physical machines for redundancy and wants/hopes to quickly copy VMs from one system to the other in the event of hardware failure.

What about security? What are recommended practices for keeping all VMs and the host secure? Do I understand correctly that KVM provides the best sandboxing and LXC is not good at that? I get the feeling that despite KVM being a full system virtualization, KVM has the fewest headaches.

I have CentOS 6.5 and 7 installed on my personal systems, but I am learning at somewhat a snail's pace. As I am new to CentOS design I am hoping a post to this forum might help me get oriented.

Useful links are welcomed. I am already up to my eyeballs in docs to read.

Thanks for any help!

Personaly I would go with the higher number if its an all new approach. If there allready are some things in place I would stick with this version for the time beeing and then upgrade all of them when the time is right.

You can create a template with a base installation and then just copy the disk or even clone the whole machine. Depends how knowledge you are about the cli of kvm or if you use any GUI for it. Both possible in both. Just one is easier in one and vice versa. I usually just copied the disk image and used that as a starting point. Maybe the toolchain "foreman" might come in handy. There are a lot of tools to help out on mass deploing with KVM. Same goes for the control.

LXC follow a bit of a different approach then other virtualisation technologies. It does not really give every system a whole os/hardware plate to stand on. It uses the host os (mostly its libraries) and create "containers". This gives some speed and some lower memory footprint. But might bring up trouble if you need different versions of libraries and alike. I dont know how to do an upgrade say from cent 7 to cent 8 on lxc. Definitely something you should checkout before hand.

If you have only linux machines you could boot them into rescue mode and then start to copy files to a premade disk image you want to use for the vm. The whole process is just a bit long to explain in detail here. But basicly you would just copy the files into a disk image, boot the new machine into rescue mode as well and then check on the boot manager and partition layout and like. Or you could attach the physical harddisk of the "to-be-copied" machine and then dd the whole content *cough*

One step after another. Why not first get everything virtualisied and then plow new ground?

In case of hardware errors you might not be able to copy anymore... Get the replication going before that. I dont know of any but there sure is a cluster option for kvm or lxc. Else you might have to use some shared space for both vm hosts. NAS, SAN, iSCSI, ...

I'd say KVM is a bit better to secure then LXC but intrusion on the host itself just spells DOOM II. Though you can use some SSL encrypted VNC or even a spice session going with KVM. I'd say all the usual security preperations are needed for both the guests and host. Make sure the administrative connecions are locked and secured.
We all are GNU, ain't we . You just learn what you need at the time it needs to be done

Some stuff to read on to get a hang of KVM/qemu
http://en.wikibooks.org/wiki/QEMU

Why don't you just take a spare machine install CentOS, install KVM, play around some. Remove KVM install LXC, play around some. What you also have to keep in mind is the extended networking you have to take care of on the host machine. There are 3 ways how you could attach the guest machines network. All with there pros and cons.
My advice get your hands dirty and while waiting for the installation or file copies to finish read some about kvm/qemu and lxc.

oVirt will provide all the features he is looking for, including central management and templates. And it mainly runs on CentOS and Fedora

There have been some pre-made virtual appliances in various VM technologies. Might wish to look at something like that. You just download and start usually.

KVM supports hardware and emulated modes.

Some of the features of commercial and some free vm is an ability to clone and move between hardware. Some while online. Might look at the more advanced tools out there.

Thanks for the replies. For the short term, the person decided to keep the Proxmox host although he converted the physical servers to CentOS 6.5 virtual servers.

We also decided not to go with CentOS 7. Just too many changes from previous releases.

The remaining question is how best to migrate from Proxmox (Debian based) to CentOS as the host. Proxmox uses OpenVZ containers. I haven't yet found a tutorial about migrating from Proxmox to CentOS. That said, Proxmox has a very nice web browser interface and features. Thus, moving to a CentOS host has to provide a similar interface and features. Right now, staying with Proxmox is less stressful and everything "just works."

Not sure there is a great reason to move from proxmox but maybe some speed and other features are desirable with other vm.

Three basic ways to move a vm. Export it to a common format and then import it. Doesn't always work.

Use a P2V app.

Use any sort of clone method that one would use on a real system.

Exporting the containers to a different format is not the challenge. Moving everything onto a different host is the challenge: Debian->CentOS.

As I mentioned, the Proxmox interface is very nice. Tough to overcome that even when the Proxmox host is Debian and the person would like to standardize everything on CentOS. So for now Proxmox remains the exception to the desire to standardize.