| Production stable kernel for Debian based Systems [message #38482] |
Fri, 25 December 2009 10:28  |
ceelian
Messages: 11
Registered: October 2006
|
Junior Member |
|
|
Hi,
Well i must admit that i am confused which openvz kernel is the current stable one for running openvz on a debian/ubuntu based hardwarenodes.
Especially which one should i choose if don't want to compile the kernel myself and which one should i choose if do want to compile it myself.
Are the http://debian.systs.org/ Kernels recent enough for production use or are they outdated as well? The most recent i could found there was linux-image-2.6.18-20-ovz-amd64_028stab064.8dso1_amd64.deb
As i read on the openvz wiki this kind of versioning is the old one (http://wiki.openvz.org/Kernel_versioning). So is there a precompiled "new" stable kernel for debian based systems? Is the wiki article outdated or the kernel?
What are your experiences? Which Kernel do you use in Production Environment?
thx in advance,
ceelian
|
|
|
|
|
|
|
|
| Re: Production stable kernel for Debian based Systems [message #38525 is a reply to message #38482] |
Tue, 29 December 2009 09:41  |
ceelian
Messages: 11
Registered: October 2006
|
Junior Member |
|
|
| Quote: |
linux-image-2.6.26-2-openvz-686 is in the Debian lenny/stable distribution.
|
That's what i am a bit scared, and i must admit that i have several IMHO security critical bugs with this kernel (see http://forum.openvz.org/index.php?t=msg&th=8199&star t=0& )
| Quote: | There is even an lenny repository with kernel 2.6.28. Use it at your own risk!
|
This quote ist from http://wiki.openvz.org/Installation_on_Debian#2_Using_Debian _lenny_repositories
And if you have a look on http://wiki.openvz.org/Kernel_versioning you see that all Kernels above 2.6.18 are development/unstable kernels.
I really thought that Debian only ships very well tested stable software but regarding OpenVZ there is a IMHO a unstable OpenVZ Kernel shipped with lenny.
I am working with OpenVZ already for 5 Years in Production Environment never ever had serious security troubles, but since half a year we have to struggle kernel bugs which needs to get fixed soon to be save from an exploiting attack. Therefore we need a security maintained OpenVZ Kernel which is as recent (in the meaning of security not in Kernel Version Number) as possible.
I really don't want to build one myself unless there is no other way to go.
Has anyone experiences with the Repo from Thorsten Schifferdecker (http://debian.systs.org/)?
I had good experiences with the FZA Line in the past, but thought they were a bit outdated while i was thinking that the debian 2.6.22 is stable.
Are they still a good choice?
Thx,
ceelian
[Updated on: Tue, 29 December 2009 09:42] Report message to a moderator |
|
|
|
|
|
| Re: Production stable kernel for Debian based Systems [message #38534 is a reply to message #38525] |
Tue, 29 December 2009 15:32 |
efball
Messages: 41
Registered: September 2006
Location: Santa Rosa, California
|
Member |
|
|
| ceelian wrote on Tue, 29 December 2009 04:41 | | Quote: |
linux-image-2.6.26-2-openvz-686 is in the Debian lenny/stable distribution.
|
That's what i am a bit scared, and i must admit that i have several IMHO security critical bugs with this kernel (see http://forum.openvz.org/index.php?t=msg&th=8199&star t=0& )
|
That was three years ago. (lenny wasn't even released then). When I do a "netstat -tapn" in a vz container with the linux-image-2.6.26-2-openvz-686 kernel I'm only seeing processes from the container I'm in.
| Quote: | There is even an lenny repository with kernel 2.6.28. Use it at your own risk!
And if you have a look on http://wiki.openvz.org/Kernel_versioning you see that all Kernels above 2.6.18 are development/unstable kernels.
|
But the 2.6.28 kernel is in testing, not stable. The 2.6.26 kernel is the debian lenny/stable kernel (openvz or not), which sounds pretty stable to me, and debian updates it with security patches.
| Quote: | I am working with OpenVZ already for 5 Years in Production Environment never ever had serious security troubles, but since half a year we have to struggle kernel bugs which needs to get fixed soon to be save from an exploiting attack. Therefore we need a security maintained OpenVZ Kernel which is as recent (in the meaning of security not in Kernel Version Number) as possible.
I really don't want to build one myself unless there is no other way to go.
Has anyone experiences with the Repo from Thorsten Schifferdecker (http://debian.systs.org/)?
I had good experiences with the FZA Line in the past, but thought they were a bit outdated while i was thinking that the debian 2.6.22 is stable.
Are they still a good choice?
|
No the FZA kernels are obsolete (I used them with Etch). ovzkernel-2.6.18-686 appears recent, but I really haven't used it much.
E Frank Ball efball@efball.com
|
|
|
|
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
