注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "Funtoo:User Services/Containers"

From Funtoo
Jump to navigation Jump to search
 
(26 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Funtoo Containers ==
'''One of the unique aspects of the Funtoo community is that we allow supporters of Funtoo to use our compute infrastructure.''' Our compute infrastructure is based on Funtoo Linux and LXD, a very capable and production-ready container-based compute platform that scales incredibly well. It provides you with a 'virtual' Funtoo environment, but gives you native, bare-metal performance and is capable of hosting various workloads, such as Web server, database, game servers and more. Here's some information about our 3rd-generation compute platform:
__NOTOC__
__NOTITLE__
'''One of the unique aspects of the Funtoo community is that we allow supporters of Funtoo to use our compute infrastructure.''' Our compute infrastructure is based on Funtoo Linux and LXD, a very capable and production-ready container-based compute platform that scales incredibly well. It provides you with a 'virtual' Funtoo environment, but gives you native, bare-metal performance. Here's some information about our second-generation compute platform:


{{TableStart}}
{{TableStart}}
<tr><th>Technology</th><td>LXD (3)</td></tr>
<tr><th>Technology</th><td>LXD 5.6+</td></tr>
<tr><th>Linux Kernel</th><td>debian-sources-lts-4.9.110-1</td></tr>
<tr><th>Linux Kernel</th><td>debian-sources-6.x</td></tr>
<tr><th>Storage</th><td>ZFS RAID-Z</td></tr>
<tr><th>Storage</th><td>ZFS on SSD, BTRFS on SSD available for Docker (please request)</td></tr>
<tr><th>IO Acceleration</th><td>Intel Optane L2ARC and ZIL</td></tr>
{{TableEnd}}
<tr><th>CPU Cores</th><td>40 (80 hyperthreaded)</td></tr>
<tr><th>CPU MHz</th><td>2.4 GHz (2.8 GHz turbo)</td></tr>
<tr><th>RAM</th><td>128GB ECC</td></tr>
<tr><th>IPv6</th><td>'''Yes'''</td></tr>


{{TableEnd}}
Now you can follow our exact deployment steps to build your own compute cluster. See the following pages for more information on how to set up LXD under Funtoo Linux. We use a similar setup in production, except that we use a dedicated network/bridge as well as dedicated storage volumes for storing containers:


Now you can follow our exact deployment steps to build your own compute cluster. See [[Funtoo Compute Initiative]] for details on how to do this. (Note that this currently documents our original compute infrastructure, not our new 2nd-generation infrastructure.)
* [[LXD]]
* [[LXD/GPU Acceleration]]
* [[Funtoo Compute Initiative]] (this page is in need of updates)


=== Build Something Beautiful ===
=== Build Something Beautiful ===
Line 23: Line 18:


{{TableStart}}
{{TableStart}}
<tr class="danger"><th>Price</th><th>RAM</th><th>CPU Threads</th><th>Disk Space</th><th>Sign Up</th></tr>
<tr class="danger"><th>Price</th><th>RAM</th><th>CPU Threads</th><th>Disk Space</th>
<tr><td>'''$15/mo'''</td><td>4GB</td><td>8 Cores</td><td>60GB</td><td>[https://funtoo.chargebee.com/hosted_pages/plans/container_small Sign Up! (small)]</td></tr>
<tr><td>'''$15/mo'''</td><td>4GB</td><td>8 Cores</td><td>60GB</td></tr>
<tr><td>'''$30/mo'''</td><td>12GB</td><td>16 Cores</td><td>120GB</td><td>[https://funtoo.chargebee.com/hosted_pages/plans/container_medium Sign Up! (medium)]</td></tr>
<tr><td>'''$30/mo'''</td><td>8GB</td><td>16 Cores</td><td>120GB</td></tr>
<tr><td>'''$45/mo'''</td><td>48GB</td><td>32 Cores</td><td>240GB</td><td>[https://funtoo.chargebee.com/hosted_pages/plans/container_large Sign Up! (large)]</td></tr>
<tr><td>'''$45/mo'''</td><td>16GB</td><td>24 Cores</td><td>240GB</td></tr>
{{TableEnd}}
{{TableEnd}}


As you can see, this pricing is well below market rates, and includes fast SSD (solid state disk) storage, one IPv4 address, and lots of bandwidth. We believe that by enabling you to do great things with Funtoo Linux, our community and technology will benefit. So we see this as a win for everyone.
{{Note|To sign up, email {{c|support@funtoo.org}} and let us know your funtoo username, specify your desired container size, hostname (something.host.funtoo.org), and public SSH key. You'll receive a secure link to set up your recurring payment. I will then deploy your container.}}
 
As you can see, this pricing is well below market rates, and includes fast SSD (solid state disk) storage, one IPv4/IPv6 address, and lots of bandwidth. We believe that by enabling you to do great things with Funtoo Linux, our community and technology will benefit. So we see this as a win for everyone.


== Container FAQ ==
== Container FAQ ==


;How do I sign up?: Click one of the links above to sign up. Once you have signed up, email '''support@funtoo.org''' requesting your container be set up, and attach a SSH public key (do '''not''' include a private key!) that you'd like to use for root logins to your container. Also specify the hostname you'd like to use, if you did not specify one on the signup page. See [[#Generating SSH Keys|Generating SSH Keys]] below for info on generating an SSH public key if you need assistance with this.
;How do I sign up?: Email '''support@funtoo.org''' requesting your container be set up, specifying the plan you want, your funtoo username, and attach a SSH public key (do '''not''' include a private key!) that you'd like to use for root logins to your container. Also specify the hostname you'd like to use, if you did not specify one on the signup page. See [[#Generating SSH Keys|Generating SSH Keys]] below for info on generating an SSH public key if you need assistance with this. We will send you a link to a secure signup form that you can use to enter your credit card or PayPal payment information.


;Where are your servers located?: Our servers are located at [[Organization:Brownrice_Internet|Brownrice Internet]], in Taos, New Mexico, USA at a small yet highly-efficient datacenter. Oban and his team have consistently provided very high levels of service to Funtoo and I would have no problems recommending them for general hosting needs. If you decide to use them, please let them know that you were referred by Funtoo.
;Where are your servers located?: Our servers are located in the southwest United States.


{{Note|I will generally have the container set up within 24 hours of sending email, often much sooner. If you do not hear from me after a day, please re-send email as it may have not made it, or been accidentally marked as spam by Gmail.}}
;Do I get root access?: Yes, you get full root access to your container.


;Do I get root access?: Yes, you get full root access to your container.
;Can I reboot my container?: Yes, reboot normally and it will come back up.  


;Can I reboot my container?: Yes, reboot normally and it will come back up. You can also use [[Lobot]], our IRC bot, to do this.
;Can I start or stop my container?: Yes -- soon via our upcoming Web control panel.
Let me know you want to do this as it needs to be enabled.


;Can I start or stop my container?: Yes, this functionality is available via [[Lobot]]. (Lobot needs to be upgraded to work with our 2nd gen infrastructure so it currently not functional for rebooting containers. This will be fixed soon.)
;Do you have IPv6? Yes, IPv6 is available on all containers.


;Do you support IPv6?: Yes, IPv6 is enabled and supported by default.
;Can I use Docker inside my container?: Yes, but we recommend you request a BTRFS filesystem and also use a "medium"-size container or larger, unless your Docker containers will be fairly minimal.


;Can I run Docker inside my container?: Yes. See [[LXD/Docker_in_LXD|Docker in LXD]].
;Can I use LXD inside my container, so I can have containers inside my container?: Yes. See [[LXD]].


;Can I use LXD inside my container, so I can have containers inside my container?: Yes. See [[LXD/LXD_in_LXD#Preparing_the_container_to_host_LXD|here.]]
; Can I use KVM inside my container? Yes -- but you need to let me know so I can enable this.


;Do you back up my container?: No, I do not back up your container for you. You are responsible for backing up your own data. If you need help setting this up, contact me and I can suggest some approaches.
;Do you back up my container?: No, I do not back up your container for you. You are responsible for backing up your own data. If you need help setting this up, contact us and we can suggest some approaches.


;What will be the hostname of my container?: It will be something.host.funtoo.org.
;What will be the hostname of my container?: It will be something.host.funtoo.org.
Line 59: Line 57:
;Can you set up reverse DNS?: Yes -- this is not done by default, but if you need it, I can get it set up for you.
;Can you set up reverse DNS?: Yes -- this is not done by default, but if you need it, I can get it set up for you.


;How much bandwidth is ''really'' included?: For most typical uses of your container, this is not something you need to worry about. Containers are on servers with a gigabit uplink. Our bandwidth plan is set up so that everyone should have lots of burstable bandwidth, assuming light use at other times. If you have continuous high bandwidth needs, please email me to discuss first.
;How much bandwidth is ''really'' included?: For most typical uses of your container, this is not something you need to worry about. Containers are on servers with a gigabit uplink. Our bandwidth plan is set up so that everyone should have lots of burstable bandwidth, assuming light use at other times. If you have continuous high bandwidth needs, please email us at support@funtoo.org to discuss first.
 
;Why is my Portage tree read-only?: A read-only Portage tree is mapped into <code>/var/git/meta-repo</code> and is used by default by all containers. It is automatically updated hourly, so there is no need to run <code>emerge --sync</code>. This saves disk space. There is generally no need to have your own local Portage tree, but if you want to have one, you are able to do so by configuring an alternate location for meta-repo.


;How do I upgrade the kernel in my VPS?: A virtual container shares a kernel with the host, so you do not have the ability to change the kernel from "inside" the container.
;How do I upgrade the kernel in my VPS?: A virtual container shares a kernel with the host, so you do not have the ability to change the kernel from "inside" the container.


;Can I set up my own firewall?: Yes, it is possible to use iptables from within your container.
;Can I set up my own firewall?: Yes, it is possible to use iptables from within your container.


;Can I set up OpenVPN in my container?: Yes, quite a few people do this, and should be ready to go by default.
;Can I set up OpenVPN in my container?: Yes, quite a few people do this. We will need to enable the proper device support to enable this, so please request this if needed.


;Is it okay to host a game server?: Yes, many people do.
;Is it okay to host a game server?: Yes, many people do.


;Is it okay to run Folding@Home, Hentai@Home, or other services that continually consume CPU (coin generation) or donate CPU power or bandwidth to other services?: No, this is not okay. The CPU and network resources provided to you are for your own use only and are not to be donated to other projects or used to generate coins.  
;Is it okay to run Folding@Home, Hentai@Home, or other services that continually consume CPU (coin generation) or donate CPU power or bandwidth to other services?: No, this is not okay. The CPU and network resources provided to you are for your own use only and are not to be donated to other projects without approval from us first or used to mine crypto.  


;Is it okay to use my container to be a compute-focused server for another Open Source project?: Check with me first. Most of the time, this will be okay, unless CPU and/or IO utilization will be very high and continuous, and thus unsuitable for shared computing resources.
;Is it okay to use my container to be a compute-focused server for another Open Source project?: Check with us first. Most of the time, this will be okay, unless CPU and/or IO utilization will be very high and continuous, and thus unsuitable for shared computing resources.


;Is it okay to host commercial efforts on my container?: Yes, this is fine, as long as you assume full responsibility for the quality of service. Funtoo containers are provided with no service level agreements or warranty.
;Is it okay to host commercial efforts on my container?: Yes, this is fine, as long as you assume full responsibility for the quality of service. Funtoo containers are provided with no service level agreements or warranty.
Line 88: Line 82:
If you specify a passphrase when prompted, your local private key (<code>~/.ssh/id_rsa</code>) will be encrypted, and ssh will prompt you for this passphrase prior to connecting. If you don't specify a passphrase, then you won't need to enter anything to connect but it you need to be extra careful that you don't allow others to access your private key as it will be immediately useable by them to access any of your accounts.  
If you specify a passphrase when prompted, your local private key (<code>~/.ssh/id_rsa</code>) will be encrypted, and ssh will prompt you for this passphrase prior to connecting. If you don't specify a passphrase, then you won't need to enter anything to connect but it you need to be extra careful that you don't allow others to access your private key as it will be immediately useable by them to access any of your accounts.  


The file you will need to send me is <code>~/.ssh/id_rsa.pub</code> or <code>~/.ssh/id_dsa.pub</code> (if you used the <code>-t dsa</code> option with <code>ssh-keygen</code>. This is the ''public'' key... it's safe to send over email since all I or anyone else can use it for is to grant you access to a system via your private key. Just don't send your private key to me. :)
The file you will need to send us is <code>~/.ssh/id_rsa.pub</code> or <code>~/.ssh/id_dsa.pub</code> (if you used the <code>-t dsa</code> option with <code>ssh-keygen</code>. This is the ''public'' key... it's safe to send over email since all I or anyone else can use it for is to grant you access to a system via your private key. Just don't send your private key to us. :)


== Policies ==
== Policies ==
Line 100: Line 94:
The VPS is for '''your personal use'''. No reselling.  
The VPS is for '''your personal use'''. No reselling.  


There is currently no Web panel - these servers will be set up using my own automated tool and you will be provided with ssh access. I can periodically reload VPS images as needed.  
There is currently no Web panel - these servers will be set up using my own automated tool and you will be provided with ssh access. We can periodically reload VPS images as needed.  


This service is offered as a thank-you gift to Funtoo Linux supporters as long as sufficient capacity is available, with no warranty for uptime or anything else.
This service is offered as a thank-you gift to Funtoo Linux supporters as long as sufficient capacity is available, with no warranty for uptime or anything else.
Line 108: Line 102:
While I host several production sites on this infrastructure, you assume all risk for hosting your production services on your VPS.  
While I host several production sites on this infrastructure, you assume all risk for hosting your production services on your VPS.  


I will make a best-effort-only attempt to provide support via IRC and email, and do not offer 24/7 support for your VPS.  
We will make a best-effort-only attempt to provide support via Discord/Telegram and email via the support@funtoo.org alias.


'''US-Legal activities only. No spam will be tolerated.'''
'''US-Legal activities only. No spam will be tolerated.'''
Line 115: Line 109:


Compiling with -j(NUM-CPUS+1) is encouraged (this is Funtoo, after all -- I want you to enjoy fast compiles :), but it's not okay to continually max CPU, IO, or network utilization. '''So, no folding@home, massive file sharing, etc. '''
Compiling with -j(NUM-CPUS+1) is encouraged (this is Funtoo, after all -- I want you to enjoy fast compiles :), but it's not okay to continually max CPU, IO, or network utilization. '''So, no folding@home, massive file sharing, etc. '''
I am currently not supporting IPv6 but will look into adding such support if there is enough interest.


'''You are responsible for backups. '''
'''You are responsible for backups. '''


I reserve the right to change plans and pricing in the future.
We reserve the right to change plans and pricing in the future.


[[Category:Official Documentation]]
[[Category:Official Documentation]]

Latest revision as of 18:28, June 22, 2023

One of the unique aspects of the Funtoo community is that we allow supporters of Funtoo to use our compute infrastructure. Our compute infrastructure is based on Funtoo Linux and LXD, a very capable and production-ready container-based compute platform that scales incredibly well. It provides you with a 'virtual' Funtoo environment, but gives you native, bare-metal performance and is capable of hosting various workloads, such as Web server, database, game servers and more. Here's some information about our 3rd-generation compute platform:

TechnologyLXD 5.6+
Linux Kerneldebian-sources-6.x
StorageZFS on SSD, BTRFS on SSD available for Docker (please request)

Now you can follow our exact deployment steps to build your own compute cluster. See the following pages for more information on how to set up LXD under Funtoo Linux. We use a similar setup in production, except that we use a dedicated network/bridge as well as dedicated storage volumes for storing containers:

Build Something Beautiful

If you support Funtoo Linux, we also want to support you in your Funtoo Linux adventure. Support Funtoo Linux at a level of $15/mo and receive a Funtoo Linux virtual container. Here are the configurations currently being offered:

PriceRAMCPU ThreadsDisk Space
$15/mo4GB8 Cores60GB
$30/mo8GB16 Cores120GB
$45/mo16GB24 Cores240GB
   Note

To sign up, email support@funtoo.org and let us know your funtoo username, specify your desired container size, hostname (something.host.funtoo.org), and public SSH key. You'll receive a secure link to set up your recurring payment. I will then deploy your container.

As you can see, this pricing is well below market rates, and includes fast SSD (solid state disk) storage, one IPv4/IPv6 address, and lots of bandwidth. We believe that by enabling you to do great things with Funtoo Linux, our community and technology will benefit. So we see this as a win for everyone.

Container FAQ

How do I sign up?
Email support@funtoo.org requesting your container be set up, specifying the plan you want, your funtoo username, and attach a SSH public key (do not include a private key!) that you'd like to use for root logins to your container. Also specify the hostname you'd like to use, if you did not specify one on the signup page. See Generating SSH Keys below for info on generating an SSH public key if you need assistance with this. We will send you a link to a secure signup form that you can use to enter your credit card or PayPal payment information.
Where are your servers located?
Our servers are located in the southwest United States.
Do I get root access?
Yes, you get full root access to your container.
Can I reboot my container?
Yes, reboot normally and it will come back up.
Can I start or stop my container?
Yes -- soon via our upcoming Web control panel.

Let me know you want to do this as it needs to be enabled.

Do you have IPv6? Yes, IPv6 is available on all containers.
Can I use Docker inside my container?
Yes, but we recommend you request a BTRFS filesystem and also use a "medium"-size container or larger, unless your Docker containers will be fairly minimal.
Can I use LXD inside my container, so I can have containers inside my container?
Yes. See LXD.
Can I use KVM inside my container? Yes -- but you need to let me know so I can enable this.
Do you back up my container?
No, I do not back up your container for you. You are responsible for backing up your own data. If you need help setting this up, contact us and we can suggest some approaches.
What will be the hostname of my container?
It will be something.host.funtoo.org.
Can I also point my DNS to the container's IP address, so I can use another hostname?
Yes, of course.
Can you set up reverse DNS?
Yes -- this is not done by default, but if you need it, I can get it set up for you.
How much bandwidth is really included?
For most typical uses of your container, this is not something you need to worry about. Containers are on servers with a gigabit uplink. Our bandwidth plan is set up so that everyone should have lots of burstable bandwidth, assuming light use at other times. If you have continuous high bandwidth needs, please email us at support@funtoo.org to discuss first.
How do I upgrade the kernel in my VPS?
A virtual container shares a kernel with the host, so you do not have the ability to change the kernel from "inside" the container.
Can I set up my own firewall?
Yes, it is possible to use iptables from within your container.
Can I set up OpenVPN in my container?
Yes, quite a few people do this. We will need to enable the proper device support to enable this, so please request this if needed.
Is it okay to host a game server?
Yes, many people do.
Is it okay to run Folding@Home, Hentai@Home, or other services that continually consume CPU (coin generation) or donate CPU power or bandwidth to other services?
No, this is not okay. The CPU and network resources provided to you are for your own use only and are not to be donated to other projects without approval from us first or used to mine crypto.
Is it okay to use my container to be a compute-focused server for another Open Source project?
Check with us first. Most of the time, this will be okay, unless CPU and/or IO utilization will be very high and continuous, and thus unsuitable for shared computing resources.
Is it okay to host commercial efforts on my container?
Yes, this is fine, as long as you assume full responsibility for the quality of service. Funtoo containers are provided with no service level agreements or warranty.

Generating SSH Keys

To generate an SSH key pair, do this as the user that you'll be using to log in to your container:

user $ ssh-keygen -t rsa 

If you specify a passphrase when prompted, your local private key (~/.ssh/id_rsa) will be encrypted, and ssh will prompt you for this passphrase prior to connecting. If you don't specify a passphrase, then you won't need to enter anything to connect but it you need to be extra careful that you don't allow others to access your private key as it will be immediately useable by them to access any of your accounts.

The file you will need to send us is ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub (if you used the -t dsa option with ssh-keygen. This is the public key... it's safe to send over email since all I or anyone else can use it for is to grant you access to a system via your private key. Just don't send your private key to us. :)

Policies

Privacy

We will not, under any circumstances whatsoever, give out or sell your information to anyone.

We use only companies which practice secure processing of online funds so that you, as a client or supporter, can be assured that your private information will be safe and secure.

Refunds

For Funtoo Monthly Support, if you wish to change your support level or cancel your support, simply contact us and we will apply the changes to take effect before the next billing cycle. Monthly Support is non-refundable.

Contact

To change your subscription, or if you have any questions regarding your subscription, please contact container support at support@funtoo.org.

VPS Usage Rules

   Important

Please read these policies and make sure you understand them. This is not an exhaustive list.

The VPS is for your personal use. No reselling.

There is currently no Web panel - these servers will be set up using my own automated tool and you will be provided with ssh access. We can periodically reload VPS images as needed.

This service is offered as a thank-you gift to Funtoo Linux supporters as long as sufficient capacity is available, with no warranty for uptime or anything else.

There are no refunds.

While I host several production sites on this infrastructure, you assume all risk for hosting your production services on your VPS.

We will make a best-effort-only attempt to provide support via Discord/Telegram and email via the support@funtoo.org alias.

US-Legal activities only. No spam will be tolerated.

These VPS systems are intended for funtoo enthusiasts only. I am providing (particularly in the higher-level plans) generous default resource limits with the understanding that the VPS will be used for general Funtoo use and server stuff.

Compiling with -j(NUM-CPUS+1) is encouraged (this is Funtoo, after all -- I want you to enjoy fast compiles :), but it's not okay to continually max CPU, IO, or network utilization. So, no folding@home, massive file sharing, etc.

You are responsible for backups.

We reserve the right to change plans and pricing in the future.