It’s a mistake to include Xen in a Linux distro

As the title show, it's a mistake to include Xen in a linux distro. Why?

Somebody would argue that Xen is a very useful technology. Xen does the virtualization work very well and many projects are using Xen which prove Xen is so great.

I'm not mean Xen is not good. However, just because Xen is a hypervisor that is based on another microkernel that is not Linux kernel itself. Linux distros that ship Xen today actually are running an entirely different Operating System kernel that most users even don't notice that. Xen should be a separate, purpose-built kernel, so it should never be a part of the Linux kernel. Isn't it strange that you think you are running a linux OS, but this 'linux' has a kernel that is not linux, which is another kernel. You take away the Linux kernel, how could you say the OS is Linux.

Just before the born of the Linux native virtualization KVM, the distros shipped Xen because there exist no other choices. Many Linux developers at that time know little about virtualization. Xen seemed a pretty easy and pretty good choise. So the Linux community made the hasty decision to ship Xen instend of investing in makeing Linux's own hypervisor. But now KVM has come for more than five years(since kernel 2.6.20 in Feb, 2007. KVM actually has a longer history. It was out there before being merged into mainline kernel code.) and KVM has proven itself to be completent to replace Xen. The most important thing is that KVM as a part of the linux kernel leverages the features of kernel like memory management, process scheduling and so on, making the kernel a perfect hypervisor. So, there is no reasons to ship Xen in Linux distros any more.

COPYRIGHT WWW.DOGEYE.NET

什麼是敏感指令

1974年,Popek和Goldberg在美國电脑協會的通訊期刊上發表了一篇論文"虛擬化第三代架構的一般性要求"(Formal Requirements for Virtualizable Third Generation Architectures)。在這篇文章中,提出了敏感指令的概念。

敏感指令(Sensitive Instructions)的定義: 敏感指令是這樣一組指令,這些指令的行為取決於指令執行時處理器的工作模式,以及指令在記憶體中的位置。

——-

對敏感指令的處理是虛擬化技術的一個關鍵點。在用戶態執行的敏感指令如果總會造成陷入(always generates a trap),這樣的敏感指令也屬於特權 指令。在不使用Wmware提出的動態二進制翻譯機制的情況下,除非所有的敏感指令都是特權指令,虛擬機管理程式才能保證正確運行。換言之,如果某種處理器架構的所有的敏感指令都是特權指令的一個子集,我們就可以說這種處理器架構是可虛擬化的。在這種情況下,我們就可以肜經典的“陷入後模擬“(trap-and-emulate)的方法實現虛擬化。按照這個定義,在嵌入式工業中最常見的ARM架構則不是可虛擬化的,因為ARM的敏感指令有些是特權指令,有些則不是。

原文 from the paper "KVM for ARM" by Christoffer Dall and Jason Nieh, Columbia University:Popek and Goldberg define sensitive instructions as the group of instructions where the effect of their execution depends on the mode of the processor or the location of the instruction in physical memory. A sensitive instruction is also privileged if it always generates a trap, when executed in user mode. The VMM can only guarantee correct execution without the use of dynamic translation if all sensitive instructions are also privileged. In other words, an architecture is virtualizable if and only if the set of sensitive instrucctions is a subset of the seet of privileged instructions. If that is the case, the VMM can be implemented using a classic trap-and-emulate solution. Unfortunately, ARM is not virtualizable as the architecture defines both sensitive privileged instructions and sensitive non-privileged instructions.

ykyi.net 翻译

traceroute failed.Specify protocal traceroute used manually to fix it.

Today, I ran the traceroute program on a machine running FreeBSD. It failed once and again.

Traceroute complained:

traceroute: sendto: Permission denied.

So I tried to ping. Ping failed, too. I then checked out the configuration of the firewall, which actually denied the pass through of ICMP packet. So I set it to allow ICMP pacakges to pass through the firewall. Ping worked as I expected. But traceroute still failed.

I was very confused, I tried to run the tcpdump to find out why. Tcpdump showed that traceroute was sending UDP packet. Oh, my gosh. I had always thought traceroute was implemented on ICMP. After I read the tcpdump manpage. I found traceroute default on using udp protocal, but user can switch to use icmp by indicating the -M icmp or -I(The capitalized i). Alternatively, you can also command traceroute to use raw packet of specified protocol for tracerouting by specifying -P(beware P is capitalized). When you use raw packet, the default protocol is 253 (rfc3692). So, I ran traceroute using the command as: traceroute -P ICMP www.the_host.com, everything worked fine.

COPYRIGHT WWW.DOGEYE.NET

如何正确地提交内核补丁包

原文:https://lwn.net/Articles/500443/

翻译:ykyi.net 

Greg Kroah-Hartman(又Greg KH)在执行一个了不起的作务:减少内核开发者,尤其是维护者的暴躁情绪。他在日本横滨举行的全球Linux大会上的讲演呼吁公众理解内核维护者的工作,内核贡献者的什么样的行为会导致内核维护者变得暴戾。但是,如果内核贡献者们能够遵守一些约束,他代表他自己做了许多承诺。

Greg Kroah Hartman把Linux内核称之为"有史以来最宏大的软件开发项目",而且它的开发速度也是“亘古未有”。从3.0到3.4,有373个公司的2833位开发者参于了Linux内核的开发。这一年,(2011年的5月到,2012年的5月),Linux内核在每个小时会有5.79处变动。而且这个开发速度仍然要加速,如果你看看3.4的开发过程,每小时共有7.21处变动。这里所说的变动仅仅指能够被合并到主干的补丁包,而那些被拒绝的补丁包没有被统计进来。

补丁包修改了哪些文件,内核开发者就把补丁包发给负责这些文件的维护者。所以的内核维护者,现在大概有700人。他们把改变应用到130个子系统的维护者那里。再从子系统的维护者到Linus的Linux内核代码分支。最后并必Linux内核的主干。如果提交的补丁包一路通过的话。

因此,来看看为什么一些补丁包不会被接受呢?Greg Kroah Hartman以刚过去的两个星期收到的补丁包为例,这两个星期刚好处于3.5版本的Merge Window时间。Merge Window是一个他确不应该接收到许多补丁包的时间段。他应该在Merge Window开始前收到所以有可能会在Merge Window其间被发往Linux Torvalds的补丁包。不过,他说他在这两个星期的时间里收到487个补丁包。其中的大多数都有很多问题,有些补丁包来自那些本应该对内核有更好理解的内核开发者们。

坏的补丁包

Greg KH举例说明了一些他收到的坏的补丁包。其中一个补丁包被命名为:patch 48/48(一个有48个补丁集的最后一个),但是其它的47个都没有。他还收到一堆补丁但没有写清楚先后顺序。如此,他要么猜测一个顺序,这毫无疑问会失败。另一个替代方案就是安全不管这个补丁了。另外还收到过有10个补丁的补丁集,但是2号补丁确丢失了。

另外有一个通过邮件发送来的补丁包被声明“机密”。Greg KH说他经常收到此类方式的补丁。对于此类补丁,你无能为力。因为Linux是在开放的生态中开发的,你不能够给邮件列表发送一个机密邮件偷偷就合并一个补丁。很明显,这种方式发来的补丁是因为在处理邮件阶段的模板造成的,但是'机密'必须被去掉。

还有不良排版的补丁包。比如所有的Tab符都被转成了空格,Microsoft Exchange常常这么做。如果对于你,开发环境是个问题的话,那可以像IBM,Microsoft或者还有其它公司那样,在角落里再放一台Linux机器给开发者用来发送邮件。有时候diff的输出的行前空格都被剥去了,或者diff的输出并不是unified格式(见另一篇博文,讲述如何用diff生成linux内核补丁包)。虽然久经考验的Linux开发者们可以熟练的编辑原始diff输出格式,但是diff的原始输出本身是件很令人恐怖的事情,他们本不应该被如此对待编辑它们。

有些补丁包是在错误的目录下被创建的,比如在一个驱动器目录下。有个补丁包在/usr/src/linux-2.6.32目录下被创建,但是这个补丁包里面有好些错误,包括源代码树的年龄,而且它隐含假设它是在root上构建。在root上构建是相当之危险,如果linux的构建过程中出现一个bug,就有可以把整个文件系统都删除。没有一个内核核心开发者留意到了这个情况,因为他们没有使用root。有建议说把这种bug留下来当成一种威慑力(原作者开玩笑),自然不会被采纳,不过那么极端的危险情况是真的有可能发生啊。

还有离谱的,有些补丁包是针对一个本来与这个补丁包毫无关系的代码树。Greg KH说他曾经收到一个补丁包针对SCSI代码树,实在想不通这个与SCSI毫无关系的补丁关怎么会针对SCSI代码树创建。

然后还有代码风格的问题。有些补丁包没有使用Linux内核的代码风格。提交补丁包的开发者也知晓这个问题,但是他们似乎在说“我不管,让我的代码通过吧!”Greg KH说,现有一些工具可以帮助定位到有这些问题的代码并修复它们。所以,没有任何借口发送不符合代码风格的补丁包。

Greg KH还着重说了编译不能通过的问题。他说,有些内核内核贡献者把不能通过编译的补丁包也发过来。或者有些补丁包集3/6失败了,在6/6修复了。我甚于收到过补丁包在5/8失败,但是作者附带了一个说明说作者在未来某个时候会发来改正方案。另外还有补丁包很明显没有正确的内核文档部分,因为在构建文档的时候会失败,很明显补丁包的创建者根本就没有运行过内核文档抽取工具。(不想译了,太多了…呜~~累死了.)

One of the patches he got "had nothing to do with me". It was an x86 core kernel patch, which is not an area of the kernel he has ever dealt with. But the patch was sent only to him. "I get odd patches" a lot, he said.

The last patch he mentioned was 450K in size, with 4500 lines added. Somebody suggested that it be broken up, but in the meantime several maintainers actually reviewed it, so the submitter didn't really learn from that mistake.

All of this occurred during a "calm two weeks", he said. These are examples of what maintainers deal with on a weekly basis and explains why they can be grumpy. That said, he did note that this is the "best job I've ever had", but that's not to say it couldn't be improved.

If someone sends him a patch and he accepts it, that means he may have to maintain it and fix bugs in it down the road. So it's in his self interest to ignore the patch, which is an interesting dynamic, he said. The way around that is to "give me no excuse to reject your patch"; it is as simple as that, really.

Rules

Kroah-Hartman then laid out the rules that contributors need to follow in order to avoid the kinds of problems he described. Use checkpatch.pl, he said, because he will run it on your patch and it is a waste of his time to have to forward the results back when it fails. Send the patch to the right people and there is even a script available (get_maintainer.pl) to list the proper people and mailing lists where a patch should be sent.

Send the patch with a proper subject that is "short, sweet, and descriptive" because it is going to be in the kernel changelog. It should not be something like "fix bugs in driver 1/10". In addition, the changelog comment should clearly say what the patch does, but also why it is needed.

Make small changes in patches. You don't replace the scheduler in one patch, he said, you do it over five years. Small patches make it easier for reviewers and easier for maintainers to accept. In a ten-patch series, he might accept the first three, which means that the submitter just needs to continue working on the last seven. The best thing to do is to make the patch "obviously correct", which makes it easy for a maintainer to accept it.

Echoing the problems he listed earlier, he said that patches should say what tree they are based on. In addition, the order of the patches is important, as is not breaking the build. The latter "seems like it would be obvious" but he has seen too many patches that fail that test. To the extent that you can, make sure that the patch works. It is fine to submit patches for hardware that you don't have access to, but you should test on any hardware that you do have.

Review comments should not be ignored, he said. It is simply common courtesy if he takes time to review the code that those comments should be acted upon or responded to. It's fine to disagree with review comments, but submitters need to say why they disagree. If a patch gets resent, it should be accompanied with a reason for doing so. When reviewer's comments are ignored, they are unlikely to review code the next time.

Maintainer's role

When you follow those rules there are certain things you can expect from him, Kroah-Hartman said, and that you should expect from the other maintainers as well. That statement may make other maintainers mad, he joked, but it is reasonable to expect certain things. For his part, he will review patches within one or two weeks. Other maintainers do an even better job than that, he said, specifically pointing to David Miller as one who often reviews code within 48 hours of its submission. If you don't get a response to a patch within a week, it is fine to ask him what the status is.

He can't promise that he will always give constructive criticism, but he will always give "semi-constructive criticism". Sometimes he is tired or grumpy, so he can't quite get to the full "constructive" level. He will also keep submitters informed of the status of their patch. He has scripts that will help him do so, and let the submitter know when the patch gets merged into his tree or accepted into the mainline. That is unlike some other maintainers, he said, where he has submitted patches that just drop into a "big black hole" before eventually popping up in the mainline three months later.

He ended by putting up a quote from Torvalds ("Publicly making fun of people is half the fun of open source programming. …") that was made as a comment on one of Kroah-Hartman's Google+ postings. The post was a rant about a driver that had been submitted, which even contained comments suggesting that it should not be submitted upstream. He felt bad about publicly posting that at first, but Torvalds's comment made him rethink that.

Because kernel development is done in the open, we are taking "personal pride in the work we do". As the code comment indicated, the driver developer didn't think it should be submitted because they realized the code was not in the proper shape to do so. It is that pride in the work that "makes Linux the best engineering project ever", he said. Sometimes public mocking is part of the process and can actually help instill that pride more widely.

Linux内核维护者的职责

原文: http://www.linuxfoundation.org/news-media/blogs/browse/2012/06/role-linux-kernel-maintainer

翻译: ykyi.net

几个星期前在日本举行的Linux大会(LinuxCon)上,我做了一个演讲,题目是"Linux内核维护者,他们在做什么,如何能够帮到他们"。

这个演讲的视频可以通过这个链接看到。如果你想要幻灯片,和我的讲演稿,可以在这个地址获得。

如果你之前觉得为什么一个开源工程的维护者对发给他/她的东西总是如此古怪乖戾,那我强烈推荐你去看看我为这个演讲写的笔记,或者幻灯片,里面包含了所有的笔记。

另外,如果你想要知道如何才能令你的内核补丁包得到通过,请先看看上文提到的幻灯片,我不想过多重复了。

嗯,有一个例外!

首先,看起来我的这个演讲引发了一连串热烈的讨论。最最开始是因为Jake Edge在lwn.net上一篇精彩的总结(这篇文章我有翻译前半部分,点击这里),引来了大量评论各有大量围观群众。这些人中的绝大部分应该没有看过上面提到的幻灯片,也应该看到我的演讲的视频,无论如何还是激起了大家的兴趣。普罗大众总是会因为某些人在大吵的时候兴奋地在一旁围观。

接着,Jon Corbet撰文加入了争论。他做了一个非常非常好的总结:开源工程的维护者们总是被海量的低质量提交沦陷,总是要日复一日地不停地回复已经被回答过好多次的同样问题。人们看起来从不去阅读文档,而通常在文档里就能找到答案。再一次,强烈建议你看看上文提到的幻灯片或者笔记或者视频。刚才提到的两篇文章也值得一读,包括下面的精彩评论。

(什么,你还没有订阅过 lwn.net,为什么不订阅呢?真是为你感到羞愧啊!现在还不快去订阅?) 译者注:订阅lwn.net是要支付付用的。原作者在文章中给lwn.net做广告呵呵。

后来, Linux内核峰会的召集期限已过,收到的很多提议都是关于内核维护者的。他们的工作量,如何解决已经出现的棘手问题。如果你有兴趣的话,可以在 这里 了解到到底我们在为什么抓狂。 

对于我演讲里所讲述过的内容,在这里我还想重复的是:身为一个内核子系统的维护者,对于那些给我发送关于我负责的内核部分的内核补丁包的开发者,我如下承诺:

  • 我会在一到两个星期内复审你的补丁包(参见下文)
  • 我会对你的补丁包提出准建设性的批判意见。
  • 如果你提交的补丁包被拒绝的话,我会给你被拒的理由。如果补丁包被接收,我会告诉你补丁包会被合并到哪个分支,你可以从哪里看到它以及什么时候你可以看到它最终被合并到linus的分支中。

就这样。对于提交者,我希望看到格式良好,文档丰富,可以整洁地应用到代码树的补丁包,而且做了真正有用的事情。这样的话,你我都会很开心,是吗?

对意下一到两周的回复时间:

当然了, 如果我生病了,或者我正在这个星球上某个地方旅行。我的回复就会适当延迟。你绝对可以随时发邮件给我询问你的patch的状态。我很乐意回复这些邮件。我宁可一一处理好所有这些询问邮件,而不是让等待了几周的开发者发疯。

另外,要注意一下合并窗口(Merge Window)的问题。在整个Merge Window阶段,我不能接受任何在我的分支Release上还没有修正所有已知bug的补丁包。所以这意味着,通常在Linus的Release前一周开始,一共三周的时间内,我不会处理你提交的补丁包。在这段时间内,上百份补丁包会堆积起来,所以请给我一些时间让我从补丁海里面脱身出来。一般到-rc3的时候,我就赶上了,但如果没有呢,人可以写邮件给我咨询。

copyright ykyi.net

 

中山大学软件学院11级硕士研究生2012年上学期软件项目管理期末考试试题

如题,这是中山大学软件学院02年上学期期末的软件项目管理期末考试试题 for MSE 11.

The final exam of Software Project Management in the first semester of 2012 for MSE 11, Software School, Sun Yat-sen University.

一 概念题,名词解释(每题5分,共30分)

1. WBS (Work Breakdown Structure)

2. CPM (Critical Path Method)

3. 里程碑 (Milestone)

4. RAM (Responsibility Assignment Matrix)

5. SPI (Software Process Improvement)

6. 决策树

二. 问答题(每题10分,共70分)

1. 请具体解释项目管理知识体系的九大知识域?

2. 如何理解迭代式开发,有何优缺点?

3. 什么是CMMI? CMMI的五个级别各有什么要求?

4. 简述软件项目的风险管理过程。

5. 如何估算软件项目的成本。

6. 项目经理应用哪些能力?为什么?

7. 请具体解释五大项目管理过程组。

What is 802.11 and their friends.

WLAN(Wireless Lan) was invented in University of Hawaii, 1970, under the leadership of Professor Norman Abramson.The wireless network communicated using radios, without using phone lines making it easy to deploy over Hawaii islands.

Original WLAN hardware was used as an alternative to cabled network where cabling was impossible or difficult. The protocals of WLAN at that time was proprietary. Many companies and universities appealed to establish a set of protocals as industry protocals. In the end of the 1990s, IEEE 802.11(Wifi) came to satisfy the urgent need. Subsequent amendments such as 802.11a, 802.11b, 802.11g, 802.11n was published in the following years. Other proprietary protocals was then graduately replaced by 802.11 family.

The original 802.11 was ratified in 1997 specifies two raw data rates of 1 and 2 megabits persecond to be transmitted via radio.The frequency band was set at 2.4GHZ.

The 802.11a amendment was ratified in 1999 which uses the same core protocol as the 802.11 standard but the frequncy band is set at 5 GHz. The maximum raw data rate of 802.11a can achieve 54 Mbit/s.

The 802.11b amendment was ratified in 1999 also which has a maximum raw data rate of 11 Mbit/s and works at the frequence band of  2.4 GHz as same as the 802.11 legacy.

The 802.11g amendment was ratified in June 2003. This flavor uses the 2.4GHz band, too, but it can reach a maximum raw data rate of 54 Mbit/s. Because of its prominent performance, 802.11g standard swept the consumer world even before the standard was fully ratified.

The 802.11n amendment was ratified in 2009. The maximum raw data rate can achieve 300 Mbit/s, even 600 Mbit/s due to the intruction of MIMO(multiple-input multiple-output) technology.

Actually, when we say 802.11, it should be the base standard of 802.11 in1999. All subsequent released amendments are based on 802.11 in 1999. However, it is probably too academic to stick to this outside the working group that produces and developments the IEEE 802.11 family.

A very brief Introduction to Neural Network.

 

I have huge interests in the mysterious Artificial Intelligence. Because of the lack of time to devote into learning AI, I still barely know AI related theories. Tonight I read something about Neural Network, which plays a important role in the AI field.
 
So, what is A NEURAL NETWORK?
A neural network is a massively parallel distributed processor made up of simple processing units that has a natural propensity for storing experiential knowledge and making it available for use. It resemble the brain in two respects:
knowledge is acquired by the network from its environment through a learning process.
Interneuron connection strengths  known as synaptic weights, are used to store the acquired knowledge.
 
Let us take the human vision as an example to demonstrate why it is necessary to study neural network. Human vision is a very complex information processing task. It is the function of the visual system to provide a representation of the the environment around us and to supply the information we need to interact with the environment. The brain accomplishes recognition task at the same time. For instance, the brain can recognize a familiar face embedded in an unfamiliar scene in shorter than a blink of eye, actually 100-200ms, whereas tasks of much lesser complexity take a great deal longer on a very powerful computer.
 
What's the reason makes the biological brains so efficient? How to let our machines think and do reasoning like biological brains do. The course of Neural Network has been trying to answer these questions from the day the course was established.
A typical neural network has many useful properties and capacities. 1. Nonlinearity 2. Input-output Mapping 3. Adaptivity 4. Evidential Response 5. Contextual Information 6. Fault Tolerance 7. VLSI(Very Large Scale Integrated) Implementability. 8. Uniformity of Analysis and Design 9. Neurobiological Analogy.
 

A easy way to add copyright information automatically into post(English Version英文版)

 

Several weeks ago, I decided to write about two blog posts every day. I used to write copyright information manually in the post. Apparently, it's better to let the machine do this type of trivial work automatically. So, I searched the plugins to try to find a convenient one. Indeed, I found the plugin named "add post URL" which is able to help the author to insert copyright information into the post. When I clicked the 'DETAIL' button to see more. A warning message popped up: "This plugin has not been tested with your current version of WordPress". I was scared. Because I once had a bad experience about how untested plugin ruined my wordpress as a whole. So, the option of using plugin to insert copyright information was ruled out.

 

Then, I tried to modify wordpress's sourcecode by myself. I googled some related post taking about how to do this kind of work. One article suggested to modify the single.php file, which I am not very sure if the file name will change depends on different themes you use. I reckon the file name will be like the style of "single.php", more or less. Now, you locate the following code in single.php.

 

<?php the_content(); ?>

<!–
Pagination for Multi-page posts
~~~ –>
<?php wp_link_pages('before=<p class="multi-page">Pages:&after=</p>'); // if this is a multipage post then show the navigation ?>
 
As long as you've found it, insert code that generate copyright information below the line <?php the_content(); ?>. Unfortunately, many people will soon find this is not going to work. Since many other plugins has already add texts into the post content. Take my blog for example, I use the plugin to automatically generate related posts list at the bottom of every post. So, in this way, copyright information will be put right below the related posts list, rather than expected right below the real post content. It is definitely undesirable. 
 
I did google more and found a solution. One article suggest to modify function.php and add a customer defined function to replace the original the_content() function in the single.php file. I read the code and found it's not easy to comprehend for a normal person who are not familiar with wordpress's code. I didn't understand the parameters transferred to the function at least. What is more, I greatly doubted this kind of solution will collide with my plugin generating related posts list.
 
Everything seemed to get stuck. I went out to have my supper and have some kind of fresh air. When I returned to the front of the computer. I suddenly figured out a perfect solution of add copyright info into my post without using plugin and heavy code. The idea is described as the following steps:
step 1: when you are composing your article, type some kind of special and simple string in the place where you expect to show up the copyright information. Take my blog for exambple, I type "COPYRIGHT   WWW.DOGEYE.NET" at the tail of every post.
step 2: Using php code to replace the special string to anything relatively verbose in the time when the post will be showing.
 
Isn't it a brilliant, simple and flexible idea.
To put this idea into real. You must make it clear that the two function the_content() and get_the_content() behaves differently. When the function the_content() is invoked, the content of the post is being printed out. get_the_content() is different, this function return the article text as a string return value. As you have got this point clear, you should comprehend the following code, which replace the the_content() function with get_the_content() function.
 
<?php
$thread_content = get_the_content();             // variable $thread_content holds the post content.
$thread_permalink = get_permalink();              // get the current post's permanent link.
$thread_title = get_the_title();                         // get the current post's title.
$dogeye_copyright = "<p style='font-weight:bold';><span>Original Article created by</span> <a href='http://ykyi.net' target='_blank'>DogEye.NET</a><br/><span>Repost is only allowed if original URL is reserved.</span><br/><a href=\"$thread_permalink\" target='_blank'>$thread_title<br/>$thread_permalink</a></p>";       // the HTML code that claiming copyright
 
// The following code change the simple string "COPYRIGHT  WWW.DOGEYE.NET" with more verbose HTML code.
$thread_content = str_replace('COPYRIGHT  WWW.DOGEYE.NET', $dogeye_copyright, $thread_content);
 
echo $thread_content;    // print out the modified content.
?>
 
I suppose this piece of code snippet is easy to comprehend with comments. If you think it is useful, you could replace the site-specified string with your version. Hope this post will be helpful.
 
COPYRIGHT WWW.DOGEYE.NET

 

 

为什么要虚拟化

如今,虚拟化是炙手可热的一个高频词。一些质疑虚拟化的人经常会问:我们为什么要搞虚拟化呢,计算机硬件变得越来越便宜了啊!另一方面,一些痴迷虚拟化技术的狂人们在他们的桌式机上用虚拟机运行着四五个操作系统。他们或许也有同样的疑问。仅管他们看着虚拟机里旧式操作系统,模拟出的旧式硬件,觉得非常爽非常有成就感。但是他们却不太解释得清楚究竟为什么需要虚拟化技术。那么,这篇文章将要告诉你我们需要虚拟化技术的原因。

整合 Consolidation:

使用虚拟化技术的最常见原因是需要整合:把多台机器的工作负载全部整合到同一台机器上面。在更少的物理机器上运行更多的虚拟机。但是你肯定要问:计算机已经越来越便宜了呀。没错,计算机越来越便宜了。但是如果机器非常多的话,这个价格你是绝对不能忽略的。

典型的数据中心 A Typical(full) data center

让我们来看一看当今世界的数据中心。如今的数据中心里急缺存放机器的空间,房子里满满的塞满了机器,你找不到更多的地方来添置计算机或空调之类的设施。空间利用率已经接近极限了。但是,大多数机器的资源利用率却非常地低。大概平均只有10-20%的的资源利用率。简言之,数据中心的物理空间已经饱合,但是物理机器的使用能力确远远没有利用足够。那么,如果数据中心要承担多更的工作负载,你会再建一个数据中心呢还是想办法把没有利用好的资源利用起来。

只有数据中心还有空间让你添置机器,当然多加一台机器就相当容易的解决问题了。但无论如论你放不上新的机器的时候,你应该会有很大的麻烦说服BOSS新建一个数据中心。另外一个大问题是,即使BOSS答应新建一个数据中心来解决问题,但是巨大的电力供应从哪里来呢。一个一千万瓦功率的数据中心不是说接入电网就可以接入电网的。你或许还要说服电网的领导批准提升电网的供电能力。

虚拟化是解决这个问题的最佳办法。用虚拟化把所以机器的性能都利用起来吧!

隔离硬件(Hardware Isolation)

硬件的性能每个月都在快速提高。但是,当我们把工作负载转移到一台新的服务器的时候,我们还需要先在裸机上安装操作系统,然后再配置各种软件环境,再把所有的数据转移到这台新服务器上来。忙到最后我们还要心惊肉跳的祈祷一切顺利!

如果使用虚拟化,你就不必这么麻烦了,因为不再直接与硬件层交互。你只需要在新的机器上部署好虚拟环境,再把虚拟机整个移过来。不需要再额外配置什么鬼东西,因为配置就在虚拟机里面,你已经把虚拟机整个搬来了。

历史遗留的旧操作系统(Legacy Operating System)

计算机工业走了这么多年,碰到要维护旧的操作系统并不鲜见。不幸的是,你有一个致关重要的程序只能够在这个恐龙级别的操作系统下运行。但大多数老旧的操作系统不能够在新的硬件上运行呀,你又没有办法再配置一台旧硬件的机器。

解决方案就是使用虚拟化。比如Vmware的Binary rewriting,或者Xen又或者KVM都可以。工作原理则是虚拟层模拟了简单的硬件,从你的旧操作系统看过去,多核CPU变成了老旧操作系统支持的旧时代CPU,当然频率却变快了。多核,ACPI设备发现,中断路由,支持10G以太网,支持SATA都不会成为你运行旧操作系统的障碍,因为虚拟层(Virtualization Layer)!

当然了,虚拟化本身会占用一些性能。但是因为采用了虚拟化,你才能在非常快速的新硬件上运行旧操作系统,这样得到的效率提高要远远高于在原生态支持旧操作系统的旧硬件上运行。因此,还为你节省了电费。

测试(Testing)

不管你是学习软件开发的在校学生,还是大银行的首席信息官,你一定缺少足够多的测试硬件吧。

虚拟化可以解决这一问题。在虚拟机上测试新发布的Fedora Rawhide或者Debian Unstable先,而不是直接格掉机器安装。还能给你的开发团队一把虚拟机,让每人一台虚拟机想测试什么就测试什么。

维护(Maintenace)

有了虚拟化,能方便很多方面的维护。

比如使用即时迁移技术,像Vmware的vmotion,Xen的Live Migration,你可以在保持虚拟机上的操作系统正常工作的情况下把虚拟机从一台物理机器移动到另一台物理机器。这项技术确实非常有用啊,不仅仅可以用来在你的朋友面前炫燿。

还有很多情况,你可以使用到即时迁移技术。比如物理机的硬件故障。有一台机器的CPU风扇坏了,CPU的保护系统自动启用使用CPU工作在一个非常慢的速度。那么你就可以把虚拟机即时迁移到另一台健康的机器上,然后修理那台坏的机器而不致于产生Downtime。又如,某台虚拟机的工作负载越来越大,那么你可以这台虚拟机所在的物理机上另外一些虚拟机器迁移到其它物理机上,为这台需要更多资源的虚拟机提供更多支持。有时候你需要升级某台机器的硬件,那么先把这台机器上所有的虚拟机即时迁移到其它机器,再开始你的硬件升级工作,还是没有任何Downtime。酷毙了,是吗?

节省能源(Power Saveing)

举个例子,你有100台服务器运行着各种各样的100个服务程序。但每台服务器的负载只有不到50%,那么你可以用50台物理机器虚拟出100台虚拟机运行100个服务程序。一下子节省了50%的电力,不是吗?想想,一个功率是一千万瓦的数据中心如果能节省50%的电力,这是个多么了不起的数字啊!为你节省了电费钱,还为对抗全球变暖做出了贡献。

安全和性能隔离(Security and performance isolation)

如果你采用虚拟机把不同的程序运行在不同的虚拟机里面,那么如果其中有一个程序出错,吃光了所有的内存,它也不至于影响其它程序。因为其它程序运行在不同的虚拟机里,它们仍然运行得很好,一点都不会受到那个出错程序的影响。如果这些程序运行在同一个OS下,那情况就不妙了。

一个相似的情况下,如果有一台虚拟机被入侵者攻陷,那么入侵者仅仅只控制了这一台虚拟机,暂时不能对其它虚拟机造成直接威胁。当然,这些虚拟机应该相互隔离的很好,每台虚拟机都运行着自己的内核,大多数虚拟化技术都是这样做的。但有一种虚拟化技术叫做容器技术(Container Technoloties),如Linux VServer, Virtuozzo/OpenVZ和Solaris Zones,它们实现的虚拟化的隔离性要相当低一些,得到的好处是虚拟化自身消耗更少的硬件资源。

copyright ykyi.net