{"id":20123,"date":"2025-03-21T15:33:51","date_gmt":"2025-03-21T08:33:51","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=20123"},"modified":"2025-05-07T15:29:38","modified_gmt":"2025-05-07T08:29:38","slug":"openvz-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/openvz-la-gi\/","title":{"rendered":"OpenVZ l\u00e0 g\u00ec? \u01afu &#038; Nh\u01b0\u1ee3c \u0111i\u1ec3m | Ki\u1ebfn tr\u00fac &#038; L\u1ecbch s\u1eed"},"content":{"rendered":"\n<p>OpenVZ l\u00e0 g\u00ec? N\u1ebfu b\u1ea1n \u0111ang t\u00ecm hi\u1ec3u v\u1ec1 <a href=\"https:\/\/interdata.vn\/blog\/ao-hoa-la-gi\/\">\u1ea3o h\u00f3a<\/a> container tr\u00ean Linux, ch\u1eafc h\u1eb3n \u0111\u00e3 nghe \u0111\u1ebfn OpenVZ. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd cung c\u1ea5p cho b\u1ea1n c\u00e1i nh\u00ecn to\u00e0n di\u1ec7n v\u1ec1 OpenVZ, t\u1eeb \u0111\u1ecbnh ngh\u0129a, l\u1ecbch s\u1eed ph\u00e1t tri\u1ec3n, \u0111\u1ebfn ki\u1ebfn tr\u00fac chi ti\u1ebft. InterData c\u0169ng s\u1ebd ph\u00e2n t\u00edch \u01b0u nh\u01b0\u1ee3c \u0111i\u1ec3m, bao g\u1ed3m hi\u1ec7u su\u1ea5t, m\u1eadt \u0111\u1ed9 container, qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean, v\u00e0 nh\u1eefng h\u1ea1n ch\u1ebf c\u1ea7n l\u01b0u \u00fd.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#OpenVZ-la-gi\" >OpenVZ l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Lich-su-phat-trien-cua-OpenVZ\" >L\u1ecbch s\u1eed ph\u00e1t tri\u1ec3n c\u1ee7a OpenVZ<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Kien-truc-cua-OpenVZ\" >Ki\u1ebfn tr\u00fac c\u1ee7a OpenVZ<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Chia-se-Kernel\" >Chia s\u1ebb Kernel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Co-lap-Container-Container-Isolation\" >C\u00f4 l\u1eadp Container (Container Isolation)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Quan-ly-tai-nguyen\" >Qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#He-thong-tap-tin-File-System\" >H\u1ec7 th\u1ed1ng t\u1eadp tin (File System)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Nhung-uu-diem-cua-OpenVZ\" >Nh\u1eefng \u01b0u \u0111i\u1ec3m c\u1ee7a OpenVZ<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Hieu-suat-gan-nhu-nguyen-ban-Near-Native-Performance\" >Hi\u1ec7u su\u1ea5t g\u1ea7n nh\u01b0 nguy\u00ean b\u1ea3n (Near-Native Performance)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Mat-do-Container-cao\" >M\u1eadt \u0111\u1ed9 Container cao<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Quan-ly-tai-nguyen-linh-hoat\" >Qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean linh ho\u1ea1t<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#De-dang-quan-ly\" >D\u1ec5 d\u00e0ng qu\u1ea3n l\u00fd<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Kha-nang-di-chuyen-truc-tiep-Live-Migration-%E2%80%93-Tuy-phien-ban\" >Kh\u1ea3 n\u0103ng di chuy\u1ec3n tr\u1ef1c ti\u1ebfp (Live Migration &#8211; T\u00f9y phi\u00ean b\u1ea3n)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Nhung-nhuoc-diem-cua-OpenVZ\" >Nh\u1eefng nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a OpenVZ<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Gioi-han-ve-he-dieu-hanh\" >Gi\u1edbi h\u1ea1n v\u1ec1 h\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#It-linh-hoat-trong-tuy-chinh-Kernel\" >\u00cdt linh ho\u1ea1t trong t\u00f9y ch\u1ec9nh Kernel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Van-de-tiem-an-ve-bao-mat\" >V\u1ea5n \u0111\u1ec1 ti\u1ec1m \u1ea9n v\u1ec1 b\u1ea3o m\u1eadt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/#Ho-tro-cong-dong\" >H\u1ed7 tr\u1ee3 c\u1ed9ng \u0111\u1ed3ng<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"OpenVZ-la-gi\"><\/span>OpenVZ l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/interdata.vn\/blog\/openvz-la-gi\/\">OpenVZ<\/a> l\u00e0 m\u1ed9t c\u00f4ng ngh\u1ec7 <strong>\u1ea3o h\u00f3a c\u1ea5p <a href=\"https:\/\/interdata.vn\/blog\/he-dieu-hanh\/\">h\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/a><\/strong> (OS-level virtualization) d\u00e0nh cho Linux. N\u00f3 cho ph\u00e9p m\u1ed9t <a href=\"https:\/\/interdata.vn\/blog\/may-chu-server-la-gi\/\">m\u00e1y ch\u1ee7<\/a> v\u1eadt l\u00fd ch\u1ea1y nhi\u1ec1u b\u1ea3n sao h\u1ec7 \u0111i\u1ec1u h\u00e0nh \u0111\u1ed9c l\u1eadp, g\u1ecdi l\u00e0 &#8220;container&#8221; (ho\u1eb7c Virtual Private Servers &#8211; <a href=\"https:\/\/interdata.vn\/blog\/vps-la-gi\/\">VPS<\/a>). C\u00e1c container n\u00e0y chia s\u1ebb chung m\u1ed9t kernel Linux, gi\u00fap ti\u1ebft ki\u1ec7m t\u00e0i nguy\u00ean v\u00e0 \u0111\u1ea1t hi\u1ec7u qu\u1ea3 cao h\u01a1n so v\u1edbi <a href=\"https:\/\/interdata.vn\/blog\/ao-hoa-toan-phan-la-gi\/\">\u1ea3o h\u00f3a to\u00e0n ph\u1ea7n<\/a>.<\/p>\n<p>OpenVZ, vi\u1ebft t\u1eaft c\u1ee7a Open Virtuozzo, c\u00f3 ngu\u1ed3n g\u1ed1c t\u1eeb ph\u1ea7n m\u1ec1m th\u01b0\u01a1ng m\u1ea1i Virtuozzo c\u1ee7a c\u00f4ng ty SWsoft (sau n\u00e0y l\u00e0 Parallels). <strong>\u0110i\u1ec3m kh\u00e1c bi\u1ec7t ch\u00ednh<\/strong> l\u00e0 OpenVZ l\u00e0 phi\u00ean b\u1ea3n <a href=\"https:\/\/interdata.vn\/blog\/open-source-la-gi\/\">m\u00e3 ngu\u1ed3n m\u1edf<\/a>, \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh v\u00e0o n\u0103m 2005. \u0110i\u1ec1u n\u00e0y mang l\u1ea1i l\u1ee3i \u00edch cho c\u1ed9ng \u0111\u1ed3ng, v\u1edbi s\u1ef1 \u0111\u00f3ng g\u00f3p li\u00ean t\u1ee5c v\u00e0 minh b\u1ea1ch, nh\u01b0ng c\u00f3 th\u1ec3 \u0111i k\u00e8m m\u1ed9t s\u1ed1 gi\u1edbi h\u1ea1n.<\/p>\n<figure id=\"attachment_25876\" aria-describedby=\"caption-attachment-25876\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/12\/OpenVZ.jpg\" alt=\"OpenVZ\" width=\"800\" height=\"420\" title=\"\"><figcaption id=\"caption-attachment-25876\" class=\"wp-caption-text\">OpenVZ<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Lich-su-phat-trien-cua-OpenVZ\"><\/span>L\u1ecbch s\u1eed ph\u00e1t tri\u1ec3n c\u1ee7a OpenVZ<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>OpenVZ c\u00f3 ngu\u1ed3n g\u1ed1c t\u1eeb <strong>ph\u1ea7n m\u1ec1m th\u01b0\u01a1ng m\u1ea1i Virtuozzo<\/strong>, \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n b\u1edfi c\u00f4ng ty SWsoft, sau n\u00e0y \u0111\u1ed5i t\u00ean th\u00e0nh Parallels, Inc. (nay l\u00e0 Odin). Virtuozzo l\u00e0 m\u1ed9t trong nh\u1eefng gi\u1ea3i ph\u00e1p \u1ea3o h\u00f3a container \u0111\u1ea7u ti\u00ean tr\u00ean th\u1ecb tr\u01b0\u1eddng, v\u00e0 OpenVZ ch\u00ednh l\u00e0 phi\u00ean b\u1ea3n <a href=\"https:\/\/interdata.vn\/blog\/source-code-la-gi\/\">m\u00e3 ngu\u1ed3n<\/a> m\u1edf c\u1ee7a c\u00f4ng ngh\u1ec7 n\u00e0y, \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh l\u1ea7n \u0111\u1ea7u v\u00e0o n\u0103m 2005, mang \u0111\u1ebfn m\u1ed9t lu\u1ed3ng gi\u00f3 m\u1edbi.<\/p>\n<p>S\u1ef1 ra \u0111\u1eddi c\u1ee7a OpenVZ v\u00e0o n\u0103m 2005 <strong>\u0111\u00e1nh d\u1ea5u m\u1ed9t c\u1ed9t m\u1ed1c quan tr\u1ecdng<\/strong> trong l\u0129nh v\u1ef1c \u1ea3o h\u00f3a. N\u00f3 cho ph\u00e9p c\u1ed9ng \u0111\u1ed3ng ng\u01b0\u1eddi d\u00f9ng v\u00e0 c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n ti\u1ebfp c\u1eadn, s\u1eed d\u1ee5ng v\u00e0 \u0111\u00f3ng g\u00f3p v\u00e0o m\u1ed9t c\u00f4ng ngh\u1ec7 \u1ea3o h\u00f3a m\u1ea1nh m\u1ebd m\u00e0 tr\u01b0\u1edbc \u0111\u00e2y ch\u1ec9 c\u00f3 trong s\u1ea3n ph\u1ea9m th\u01b0\u01a1ng m\u1ea1i. Vi\u1ec7c m\u1edf m\u00e3 ngu\u1ed3n \u0111\u00e3 th\u00fac \u0111\u1ea9y ph\u00e1t tri\u1ec3n nhanh.<\/p>\n<p>D\u1ef1 \u00e1n OpenVZ <strong>\u0111\u01b0\u1ee3c duy tr\u00ec v\u00e0 ph\u00e1t tri\u1ec3n<\/strong> b\u1edfi m\u1ed9t c\u1ed9ng \u0111\u1ed3ng c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n, v\u1edbi s\u1ef1 h\u1ed7 tr\u1ee3 t\u1eeb Parallels. C\u00e1c phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a OpenVZ th\u01b0\u1eddng xuy\u00ean \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh, bao g\u1ed3m c\u00e1c c\u1ea3i ti\u1ebfn v\u1ec1 hi\u1ec7u su\u1ea5t, b\u1ea3o m\u1eadt, v\u00e0 t\u00ednh n\u0103ng. Tuy nhi\u00ean, s\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a OpenVZ c\u00f3 ph\u1ea7n ch\u1eadm l\u1ea1i trong nh\u1eefng n\u0103m g\u1ea7n \u0111\u00e2y.<\/p>\n<p>S\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c c\u00f4ng ngh\u1ec7 container m\u1edbi h\u01a1n nh\u01b0 <strong><a href=\"https:\/\/interdata.vn\/blog\/docker-la-gi\/\">Docker<\/a> v\u00e0 LXC<\/strong> \u0111\u00e3 t\u1ea1o ra s\u1ef1 c\u1ea1nh tranh \u0111\u00e1ng k\u1ec3. C\u00e1c c\u00f4ng ngh\u1ec7 n\u00e0y c\u00f3 ki\u1ebfn tr\u00fac kh\u00e1c bi\u1ec7t, t\u1eadp trung v\u00e0o \u1ea3o h\u00f3a \u1ee9ng d\u1ee5ng thay v\u00ec \u1ea3o h\u00f3a to\u00e0n b\u1ed9 h\u1ec7 \u0111i\u1ec1u h\u00e0nh. \u0110i\u1ec1u n\u00e0y d\u1eabn \u0111\u1ebfn s\u1ef1 thay \u0111\u1ed5i trong xu h\u01b0\u1edbng c\u1ee7a \u1ea3o h\u00f3a container. Docker ph\u1ed5 bi\u1ebfn r\u1ed9ng r\u00e3i, thay \u0111\u1ed5i c\u1ee5c di\u1ec7n.<\/p>\n<p>M\u1eb7c d\u00f9 v\u1eady, OpenVZ <strong>v\u1eabn \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng<\/strong> trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p nh\u1ea5t \u0111\u1ecbnh, \u0111\u1eb7c bi\u1ec7t l\u00e0 trong l\u0129nh v\u1ef1c <a href=\"https:\/\/interdata.vn\/blog\/web-hosting-la-gi\/\">web hosting<\/a> v\u00e0 cung c\u1ea5p VPS. C\u00e1c d\u1ef1 \u00e1n nh\u01b0 <a href=\"https:\/\/interdata.vn\/blog\/proxmox-la-gi\/\">Proxmox<\/a> VE, m\u1ed9t n\u1ec1n t\u1ea3ng \u1ea3o h\u00f3a m\u00e3 ngu\u1ed3n m\u1edf ph\u1ed5 bi\u1ebfn, v\u1eabn t\u00edch h\u1ee3p OpenVZ nh\u01b0 m\u1ed9t t\u00f9y ch\u1ecdn \u1ea3o h\u00f3a container b\u00ean c\u1ea1nh <a href=\"https:\/\/interdata.vn\/blog\/kvm-la-gi\/\">KVM<\/a>. \u0110i\u1ec1u n\u00e0y ch\u1ee9ng t\u1ecf OpenVZ v\u1eabn c\u00f2n gi\u00e1 tr\u1ecb s\u1eed d\u1ee5ng.<\/p>\n<p>Trong t\u01b0\u01a1ng lai, OpenVZ c\u00f3 th\u1ec3 <strong>kh\u00f4ng c\u00f2n l\u00e0 l\u1ef1a ch\u1ecdn h\u00e0ng \u0111\u1ea7u<\/strong> cho \u1ea3o h\u00f3a container, nh\u01b0ng di s\u1ea3n c\u1ee7a n\u00f3 v\u1eabn c\u00f2n. Nh\u1eefng \u0111\u00f3ng g\u00f3p c\u1ee7a OpenVZ trong vi\u1ec7c th\u00fac \u0111\u1ea9y s\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a c\u00f4ng ngh\u1ec7 \u1ea3o h\u00f3a container l\u00e0 kh\u00f4ng th\u1ec3 ph\u1ee7 nh\u1eadn. V\u00e0 n\u00f3 v\u1eabn c\u00f3 th\u1ec3 t\u00ecm th\u1ea5y ch\u1ed7 \u0111\u1ee9ng trong c\u00e1c h\u1ec7 th\u1ed1ng hi\u1ec7n c\u00f3.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Kien-truc-cua-OpenVZ\"><\/span>Ki\u1ebfn tr\u00fac c\u1ee7a OpenVZ<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>OpenVZ s\u1eed d\u1ee5ng ki\u1ebfn tr\u00fac \u1ea3o h\u00f3a c\u1ea5p h\u1ec7 \u0111i\u1ec1u h\u00e0nh, c\u00f2n g\u1ecdi l\u00e0 \u1ea3o h\u00f3a d\u1ef1a tr\u00ean container. \u0110i\u1ec1u n\u00e0y c\u00f3 ngh\u0129a l\u00e0 t\u1ea5t c\u1ea3 c\u00e1c container (VPS) tr\u00ean m\u1ed9t m\u00e1y ch\u1ee7 v\u1eadt l\u00fd <strong>chia s\u1ebb chung m\u1ed9t nh\u00e2n (kernel)<\/strong> Linux duy nh\u1ea5t. Ki\u1ebfn tr\u00fac n\u00e0y kh\u00e1c bi\u1ec7t so v\u1edbi \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, n\u01a1i m\u1ed7i <a href=\"https:\/\/interdata.vn\/blog\/virtual-machine-la-gi\/\">m\u00e1y \u1ea3o<\/a> c\u00f3 kernel ri\u00eang. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Chia-se-Kernel\"><\/span>Chia s\u1ebb Kernel<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 <strong>\u0111\u1eb7c \u0111i\u1ec3m c\u1ed1t l\u00f5i<\/strong> c\u1ee7a ki\u1ebfn tr\u00fac OpenVZ. Thay v\u00ec m\u1ed7i m\u00e1y \u1ea3o c\u00f3 m\u1ed9t kernel ri\u00eang, t\u1ea5t c\u1ea3 c\u00e1c container tr\u00ean c\u00f9ng m\u1ed9t m\u00e1y ch\u1ee7 v\u1eadt l\u00fd \u0111\u1ec1u s\u1eed d\u1ee5ng chung kernel c\u1ee7a <a href=\"https:\/\/interdata.vn\/blog\/he-dieu-hanh-server\/\">h\u1ec7 \u0111i\u1ec1u h\u00e0nh m\u00e1y ch\u1ee7<\/a>. Vi\u1ec7c chia s\u1ebb kernel gi\u00fap OpenVZ ti\u1ebft ki\u1ec7m t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng, gi\u1ea3m \u0111\u1ed9 tr\u1ec5 v\u00e0 \u0111\u1ea1t \u0111\u01b0\u1ee3c m\u1eadt \u0111\u1ed9 container cao h\u01a1n so v\u1edbi \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n.<\/p>\n<p>Nh\u1edd chia s\u1ebb kernel, OpenVZ <strong>c\u00f3 hi\u1ec7u su\u1ea5t g\u1ea7n nh\u01b0<\/strong> t\u01b0\u01a1ng \u0111\u01b0\u01a1ng v\u1edbi hi\u1ec7u su\u1ea5t c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh g\u1ed1c. C\u00e1c ti\u1ebfn tr\u00ecnh trong container th\u1ef1c thi tr\u1ef1c ti\u1ebfp tr\u00ean kernel c\u1ee7a m\u00e1y ch\u1ee7, kh\u00f4ng c\u1ea7n th\u00f4ng qua m\u1ed9t l\u1edbp \u1ea3o h\u00f3a trung gian d\u00e0y \u0111\u1eb7c. Tuy nhi\u00ean, \u0111i\u1ec3m h\u1ea1n ch\u1ebf l\u00e0 t\u1ea5t c\u1ea3 container ph\u1ea3i ch\u1ea1y c\u00f9ng phi\u00ean b\u1ea3n h\u1ec7 \u0111i\u1ec1u h\u00e0nh. \u0110i\u1ec1u n\u00e0y \u0111\u00f4i khi g\u00e2y kh\u00f3 kh\u0103n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Co-lap-Container-Container-Isolation\"><\/span>C\u00f4 l\u1eadp Container (Container Isolation)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1eb7c d\u00f9 chia s\u1ebb kernel, OpenVZ v\u1eabn \u0111\u1ea3m b\u1ea3o <strong>s\u1ef1 c\u00f4 l\u1eadp<\/strong> gi\u1eefa c\u00e1c container. M\u1ed7i container c\u00f3 m\u1ed9t kh\u00f4ng gian ng\u01b0\u1eddi d\u00f9ng (user space) ri\u00eang bi\u1ec7t, bao g\u1ed3m h\u1ec7 th\u1ed1ng t\u1eadp tin, ti\u1ebfn tr\u00ecnh, ng\u01b0\u1eddi d\u00f9ng, v\u00e0 m\u1ea1ng ri\u00eang. \u0110i\u1ec1u n\u00e0y ng\u0103n ch\u1eb7n c\u00e1c container can thi\u1ec7p l\u1eabn nhau, \u0111\u1ea3m b\u1ea3o t\u00ednh b\u1ea3o m\u1eadt v\u00e0 \u1ed5n \u0111\u1ecbnh. S\u1ef1 c\u00f4 l\u1eadp n\u00e0y l\u00e0 y\u1ebfu t\u1ed1 quan tr\u1ecdng.<\/p>\n<p>S\u1ef1 c\u00f4 l\u1eadp \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n nh\u1edd c\u00e1c <strong>t\u00ednh n\u0103ng c\u1ee7a kernel Linux<\/strong> nh\u01b0 namespaces v\u00e0 cgroups. Namespaces t\u1ea1o ra c\u00e1c kh\u00f4ng gian t\u00ean ri\u00eang bi\u1ec7t cho c\u00e1c t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng, trong khi cgroups gi\u1edbi h\u1ea1n v\u00e0 qu\u1ea3n l\u00fd vi\u1ec7c s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean c\u1ee7a t\u1eebng container. Nh\u1edd \u0111\u00f3, m\u1ed7i container ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t m\u00e1y ch\u1ee7 \u0111\u1ed9c l\u1eadp, ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng nh\u1eadn ra s\u1ef1 kh\u00e1c bi\u1ec7t.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quan-ly-tai-nguyen\"><\/span>Qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>OpenVZ s\u1eed d\u1ee5ng c\u01a1 ch\u1ebf <strong>qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean hai c\u1ea5p \u0111\u1ed9<\/strong>. C\u1ea5p \u0111\u1ed9 th\u1ee9 nh\u1ea5t l\u00e0 qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean tr\u00ean to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng, \u0111\u1ea3m b\u1ea3o r\u1eb1ng t\u1ed5ng t\u00e0i nguy\u00ean s\u1eed d\u1ee5ng b\u1edfi t\u1ea5t c\u1ea3 c\u00e1c container kh\u00f4ng v\u01b0\u1ee3t qu\u00e1 t\u00e0i nguy\u00ean v\u1eadt l\u00fd c\u1ee7a m\u00e1y ch\u1ee7. C\u1ea5p \u0111\u1ed9 th\u1ee9 hai l\u00e0 qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean cho t\u1eebng container ri\u00eang l\u1ebb, ki\u1ec3m so\u00e1t l\u01b0\u1ee3ng <a href=\"https:\/\/interdata.vn\/blog\/cpu-server\/\">CPU<\/a>, <a href=\"https:\/\/interdata.vn\/blog\/ram-server\/\">RAM<\/a>.<\/p>\n<p>C\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd ch\u00ednh c\u1ee7a OpenVZ l\u00e0 <code>vzctl<\/code>. \u0110\u00e2y l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 d\u00f2ng l\u1ec7nh m\u1ea1nh m\u1ebd, cho ph\u00e9p ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb <strong>t\u1ea1o, c\u1ea5u h\u00ecnh, kh\u1edfi \u0111\u1ed9ng, d\u1eebng<\/strong>, v\u00e0 qu\u1ea3n l\u00fd c\u00e1c container. <code>Vzctl<\/code> cung c\u1ea5p c\u00e1c t\u00f9y ch\u1ecdn \u0111\u1ec3 thi\u1ebft l\u1eadp gi\u1edbi h\u1ea1n t\u00e0i nguy\u00ean, c\u1ea5u h\u00ecnh m\u1ea1ng, v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 b\u1ea3o tr\u00ec kh\u00e1c. Nh\u1edd vzctl, m\u1ecdi th\u1ee9 tr\u1edf n\u00ean d\u1ec5 ki\u1ec3m so\u00e1t.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"He-thong-tap-tin-File-System\"><\/span>H\u1ec7 th\u1ed1ng t\u1eadp tin (File System)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed7i container trong OpenVZ c\u00f3 m\u1ed9t <strong>h\u1ec7 th\u1ed1ng t\u1eadp tin ri\u00eang bi\u1ec7t<\/strong>, th\u01b0\u1eddng \u0111\u01b0\u1ee3c tri\u1ec3n khai d\u01b0\u1edbi d\u1ea1ng m\u1ed9t th\u01b0 m\u1ee5c con tr\u00ean h\u1ec7 th\u1ed1ng t\u1eadp tin c\u1ee7a m\u00e1y ch\u1ee7. \u0110i\u1ec1u n\u00e0y cho ph\u00e9p m\u1ed7i container c\u00f3 m\u1ed9t m\u00f4i tr\u01b0\u1eddng \u0111\u1ed9c l\u1eadp, v\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng, th\u01b0 vi\u1ec7n, v\u00e0 c\u1ea5u h\u00ecnh ri\u00eang. H\u1ec7 th\u1ed1ng t\u1eadp tin ri\u00eang n\u00e0y gi\u00fap t\u0103ng t\u00ednh linh ho\u1ea1t.<\/p>\n<p>H\u1ec7 th\u1ed1ng t\u1eadp tin c\u1ee7a container th\u01b0\u1eddng s\u1eed d\u1ee5ng m\u1ed9t <strong><a href=\"https:\/\/interdata.vn\/blog\/templates-la-gi\/\">template<\/a> (m\u1eabu)<\/strong> h\u1ec7 \u0111i\u1ec1u h\u00e0nh. Template n\u00e0y ch\u1ee9a c\u00e1c t\u1eadp tin v\u00e0 th\u01b0 m\u1ee5c c\u1ea7n thi\u1ebft \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng m\u1ed9t h\u1ec7 \u0111i\u1ec1u h\u00e0nh t\u1ed1i thi\u1ec3u. Ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb c\u00f3 th\u1ec3 t\u00f9y ch\u1ec9nh template n\u00e0y ho\u1eb7c t\u1ea1o template ri\u00eang \u0111\u1ec3 \u0111\u00e1p \u1ee9ng nhu c\u1ea7u c\u1ee5 th\u1ec3 c\u1ee7a t\u1eebng container. Vi\u1ec7c n\u00e0y gi\u00fap tri\u1ec3n khai nhanh ch\u00f3ng h\u01a1n.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Nhung-uu-diem-cua-OpenVZ\"><\/span>Nh\u1eefng \u01b0u \u0111i\u1ec3m c\u1ee7a OpenVZ<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>OpenVZ mang l\u1ea1i nhi\u1ec1u l\u1ee3i \u00edch, \u0111\u1eb7c bi\u1ec7t trong c\u00e1c t\u00ecnh hu\u1ed1ng c\u1ea7n hi\u1ec7u su\u1ea5t cao, m\u1eadt \u0111\u1ed9 m\u00e1y \u1ea3o l\u1edbn v\u00e0 qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean hi\u1ec7u qu\u1ea3. Nh\u1eefng \u01b0u \u0111i\u1ec3m ch\u00ednh bao g\u1ed3m hi\u1ec7u su\u1ea5t g\u1ea7n nh\u01b0 nguy\u00ean b\u1ea3n (near-native performance), m\u1eadt \u0111\u1ed9 container cao, qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean linh ho\u1ea1t v\u00e0 d\u1ec5 d\u00e0ng, c\u0169ng nh\u01b0 kh\u1ea3 n\u0103ng di chuy\u1ec3n tr\u1ef1c ti\u1ebfp (live migration) trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Hieu-suat-gan-nhu-nguyen-ban-Near-Native-Performance\"><\/span>Hi\u1ec7u su\u1ea5t g\u1ea7n nh\u01b0 nguy\u00ean b\u1ea3n (Near-Native Performance)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Do chia s\u1ebb kernel v\u1edbi m\u00e1y ch\u1ee7, OpenVZ <strong>gi\u1ea3m thi\u1ec3u \u0111\u00e1ng k\u1ec3 \u0111\u1ed9 tr\u1ec5<\/strong> do \u1ea3o h\u00f3a. C\u00e1c ti\u1ebfn tr\u00ecnh trong container ch\u1ea1y tr\u1ef1c ti\u1ebfp tr\u00ean kernel c\u1ee7a m\u00e1y ch\u1ee7, kh\u00f4ng c\u1ea7n th\u00f4ng qua nhi\u1ec1u l\u1edbp \u1ea3o h\u00f3a trung gian nh\u01b0 trong \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n (full virtualization). \u0110i\u1ec1u n\u00e0y mang l\u1ea1i hi\u1ec7u su\u1ea5t g\u1ea7n nh\u01b0 t\u01b0\u01a1ng \u0111\u01b0\u01a1ng v\u1edbi khi ch\u1ea1y tr\u1ef1c ti\u1ebfp tr\u00ean ph\u1ea7n c\u1ee9ng.<\/p>\n<p>V\u00ed d\u1ee5, n\u1ebfu m\u1ed9t <a href=\"https:\/\/interdata.vn\/blog\/web-application-la-gi\/\">\u1ee9ng d\u1ee5ng web<\/a> ch\u1ea1y tr\u00ean OpenVZ VPS, n\u00f3 s\u1ebd <strong>truy c\u1eadp tr\u1ef1c ti\u1ebfp<\/strong> v\u00e0o c\u00e1c t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng (CPU, RAM, I\/O) th\u00f4ng qua kernel c\u1ee7a m\u00e1y ch\u1ee7. \u0110i\u1ec1u n\u00e0y kh\u00e1c bi\u1ec7t so v\u1edbi vi\u1ec7c ph\u1ea3i th\u00f4ng qua m\u1ed9t hypervisor (tr\u00ecnh \u1ea3o h\u00f3a) v\u00e0 m\u1ed9t kernel ri\u00eang bi\u1ec7t trong \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, gi\u00fap gi\u1ea3m thi\u1ec3u \u0111\u1ed9 tr\u1ec5 v\u00e0 t\u0103ng t\u1ed1c \u0111\u1ed9 x\u1eed l\u00fd.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Mat-do-Container-cao\"><\/span>M\u1eadt \u0111\u1ed9 Container cao<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ki\u1ebfn tr\u00fac chia s\u1ebb kernel c\u1ee7a OpenVZ cho ph\u00e9p <strong>ch\u1ea1y nhi\u1ec1u container h\u01a1n<\/strong> tr\u00ean c\u00f9ng m\u1ed9t m\u00e1y ch\u1ee7 v\u1eadt l\u00fd so v\u1edbi \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n. V\u00ec c\u00e1c container kh\u00f4ng c\u1ea7n m\u1ed9t kernel ri\u00eang bi\u1ec7t, ch\u00fang ti\u00eau t\u1ed1n \u00edt t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng h\u01a1n. \u0110i\u1ec1u n\u00e0y \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch cho c\u00e1c nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 hosting, t\u1ed1i \u01b0u h\u00f3a vi\u1ec7c s\u1eed d\u1ee5ng ph\u1ea7n c\u1ee9ng.<\/p>\n<p>M\u1ed9t m\u00e1y ch\u1ee7 v\u1eadt l\u00fd c\u00f3 th\u1ec3 <strong>ch\u1ee9a h\u00e0ng tr\u0103m container<\/strong> OpenVZ, t\u00f9y thu\u1ed9c v\u00e0o c\u1ea5u h\u00ecnh ph\u1ea7n c\u1ee9ng v\u00e0 y\u00eau c\u1ea7u t\u00e0i nguy\u00ean c\u1ee7a t\u1eebng container. Trong khi \u0111\u00f3, n\u1ebfu s\u1eed d\u1ee5ng \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, s\u1ed1 l\u01b0\u1ee3ng m\u00e1y \u1ea3o tr\u00ean c\u00f9ng m\u1ed9t m\u00e1y ch\u1ee7 s\u1ebd b\u1ecb gi\u1edbi h\u1ea1n \u0111\u00e1ng k\u1ec3 do m\u1ed7i m\u00e1y \u1ea3o c\u1ea7n m\u1ed9t kernel ri\u00eang, chi\u1ebfm d\u1ee5ng nhi\u1ec1u t\u00e0i nguy\u00ean h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quan-ly-tai-nguyen-linh-hoat\"><\/span>Qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean linh ho\u1ea1t<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>OpenVZ cung c\u1ea5p c\u00e1c <strong>c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean<\/strong> m\u1ea1nh m\u1ebd, cho ph\u00e9p ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb ki\u1ec3m so\u00e1t chi ti\u1ebft vi\u1ec7c s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean c\u1ee7a t\u1eebng container. C\u00f4ng c\u1ee5 <code>vzctl<\/code> cho ph\u00e9p thi\u1ebft l\u1eadp gi\u1edbi h\u1ea1n CPU, RAM, I\/O, v\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/number-of-processes-la-gi\/\">s\u1ed1 l\u01b0\u1ee3ng ti\u1ebfn tr\u00ecnh<\/a> cho m\u1ed7i container. \u0110i\u1ec1u n\u00e0y \u0111\u1ea3m b\u1ea3o r\u1eb1ng kh\u00f4ng c\u00f3 container n\u00e0o chi\u1ebfm d\u1ee5ng qu\u00e1 nhi\u1ec1u t\u00e0i nguy\u00ean, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c container kh\u00e1c.<\/p>\n<p>V\u00ed d\u1ee5, ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb c\u00f3 th\u1ec3 gi\u1edbi h\u1ea1n m\u1ed9t container ch\u1ec9 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng t\u1ed1i \u0111a 2 CPU cores, 4GB RAM, v\u00e0 50MB\/s I\/O. N\u1ebfu container \u0111\u00f3 c\u1ed1 g\u1eafng s\u1eed d\u1ee5ng v\u01b0\u1ee3t qu\u00e1 gi\u1edbi h\u1ea1n n\u00e0y, <strong>h\u1ec7 th\u1ed1ng s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111i\u1ec1u ch\u1ec9nh<\/strong> \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o c\u00e1c container kh\u00e1c kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng. Kh\u1ea3 n\u0103ng n\u00e0y r\u1ea5t quan tr\u1ecdng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o c\u00f4ng b\u1eb1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"De-dang-quan-ly\"><\/span>D\u1ec5 d\u00e0ng qu\u1ea3n l\u00fd<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>OpenVZ cung c\u1ea5p c\u00e1c <strong>c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd \u0111\u01a1n gi\u1ea3n v\u00e0 hi\u1ec7u qu\u1ea3<\/strong>, gi\u00fap ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb d\u1ec5 d\u00e0ng t\u1ea1o, c\u1ea5u h\u00ecnh, v\u00e0 qu\u1ea3n l\u00fd container. C\u00f4ng c\u1ee5 d\u00f2ng l\u1ec7nh <code>vzctl<\/code> cung c\u1ea5p m\u1ed9t giao di\u1ec7n tr\u1ef1c quan \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 qu\u1ea3n tr\u1ecb, t\u1eeb vi\u1ec7c t\u1ea1o m\u1edbi container, c\u1ea5u h\u00ecnh t\u00e0i nguy\u00ean, \u0111\u1ebfn vi\u1ec7c sao l\u01b0u v\u00e0 ph\u1ee5c h\u1ed3i. C\u00e1c thao t\u00e1c qu\u1ea3n l\u00fd t\u01b0\u01a1ng \u0111\u1ed1i d\u1ec5.<\/p>\n<p>So v\u1edbi vi\u1ec7c qu\u1ea3n l\u00fd c\u00e1c m\u00e1y \u1ea3o trong m\u00f4i tr\u01b0\u1eddng \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, vi\u1ec7c qu\u1ea3n l\u00fd container trong OpenVZ <strong>th\u01b0\u1eddng \u0111\u01a1n gi\u1ea3n h\u01a1n<\/strong>. C\u00e1c t\u00e1c v\u1ee5 nh\u01b0 kh\u1edfi \u0111\u1ed9ng, d\u1eebng, v\u00e0 di chuy\u1ec3n container th\u01b0\u1eddng nhanh h\u01a1n v\u00e0 \u00edt ph\u1ee9c t\u1ea1p h\u01a1n. \u0110i\u1ec1u n\u00e0y gi\u00fap gi\u1ea3m th\u1eddi gian v\u00e0 c\u00f4ng s\u1ee9c qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng. Qu\u1ea3n tr\u1ecb vi\u00ean c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n nhanh ch\u00f3ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kha-nang-di-chuyen-truc-tiep-Live-Migration-%E2%80%93-Tuy-phien-ban\"><\/span>Kh\u1ea3 n\u0103ng di chuy\u1ec3n tr\u1ef1c ti\u1ebfp (Live Migration &#8211; T\u00f9y phi\u00ean b\u1ea3n)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t s\u1ed1 phi\u00ean b\u1ea3n v\u00e0 c\u1ea5u h\u00ecnh c\u1ee7a OpenVZ h\u1ed7 tr\u1ee3 <strong>t\u00ednh n\u0103ng di chuy\u1ec3n tr\u1ef1c ti\u1ebfp<\/strong> (live migration), cho ph\u00e9p di chuy\u1ec3n container \u0111ang ch\u1ea1y t\u1eeb m\u00e1y ch\u1ee7 v\u1eadt l\u00fd n\u00e0y sang m\u00e1y ch\u1ee7 v\u1eadt l\u00fd kh\u00e1c m\u00e0 kh\u00f4ng g\u00e2y gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5. \u0110i\u1ec1u n\u00e0y r\u1ea5t h\u1eefu \u00edch cho vi\u1ec7c b\u1ea3o tr\u00ec h\u1ec7 th\u1ed1ng, <a href=\"https:\/\/interdata.vn\/blog\/load-balancing\/\">c\u00e2n b\u1eb1ng t\u1ea3i<\/a>, v\u00e0 n\u00e2ng c\u1ea5p ph\u1ea7n c\u1ee9ng m\u00e0 kh\u00f4ng l\u00e0m gi\u00e1n \u0111o\u1ea1n.<\/p>\n<p>T\u00ecm ki\u1ebfm gi\u1ea3i ph\u00e1p VPS hi\u1ec7u qu\u1ea3? D\u1ecbch v\u1ee5 <span style=\"color: #ff00ff;\"><strong><a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/interdata.vn\/thue-vps\/\" style=\"color: #ff00ff;\">thu\u00ea VPS gi\u00e1 r\u1ebb<\/a><\/strong><\/span> t\u1ea1i InterData cung c\u1ea5p h\u1ec7 th\u1ed1ng \u1ed5n \u0111\u1ecbnh, t\u1ed1c \u0111\u1ed9 cao nh\u1edd ph\u1ea7n c\u1ee9ng chuy\u00ean d\u1ee5ng th\u1ebf h\u1ec7 m\u1edbi nh\u01b0 b\u1ed9 x\u1eed l\u00fd AMD EPYC\/Intel Xeon, <a href=\"https:\/\/interdata.vn\/blog\/o-cung-ssd-nvme-la-gi\/\">\u1ed5 c\u1ee9ng SSD NVMe<\/a> U.2, c\u00f9ng dung l\u01b0\u1ee3ng \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u v\u00e0 b\u0103ng th\u00f4ng cao tr\u00ean n\u1ec1n t\u1ea3ng c\u00f4ng ngh\u1ec7 \u1ea3o h\u00f3a ti\u00ean ti\u1ebfn, mang l\u1ea1i tr\u1ea3i nghi\u1ec7m VPS ch\u1ea5t l\u01b0\u1ee3ng, uy t\u00edn.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Nhung-nhuoc-diem-cua-OpenVZ\"><\/span>Nh\u1eefng nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a OpenVZ<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1eb7c d\u00f9 OpenVZ c\u00f3 nhi\u1ec1u \u01b0u \u0111i\u1ec3m, nh\u01b0ng n\u00f3 c\u0169ng c\u00f3 m\u1ed9t s\u1ed1 h\u1ea1n ch\u1ebf quan tr\u1ecdng c\u1ea7n xem x\u00e9t. Nh\u1eefng nh\u01b0\u1ee3c \u0111i\u1ec3m n\u00e0y bao g\u1ed3m gi\u1edbi h\u1ea1n v\u1ec1 h\u1ec7 \u0111i\u1ec1u h\u00e0nh, \u00edt linh ho\u1ea1t trong t\u00f9y ch\u1ec9nh kernel, c\u00e1c v\u1ea5n \u0111\u1ec1 ti\u1ec1m \u1ea9n v\u1ec1 b\u1ea3o m\u1eadt do chia s\u1ebb kernel, v\u00e0 s\u1ef1 h\u1ed7 tr\u1ee3 c\u1ed9ng \u0111\u1ed3ng c\u00f3 th\u1ec3 kh\u00f4ng b\u1eb1ng c\u00e1c c\u00f4ng ngh\u1ec7 \u1ea3o h\u00f3a kh\u00e1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gioi-han-ve-he-dieu-hanh\"><\/span>Gi\u1edbi h\u1ea1n v\u1ec1 h\u1ec7 \u0111i\u1ec1u h\u00e0nh<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t trong nh\u1eefng h\u1ea1n ch\u1ebf l\u1edbn nh\u1ea5t c\u1ee7a OpenVZ l\u00e0 <strong>t\u1ea5t c\u1ea3 c\u00e1c container ph\u1ea3i ch\u1ea1y<\/strong> c\u00f9ng m\u1ed9t phi\u00ean b\u1ea3n <a href=\"https:\/\/interdata.vn\/blog\/he-dieu-hanh-linux-la-gi\/\">h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux<\/a> (v\u00e0 c\u00f9ng kernel) v\u1edbi m\u00e1y ch\u1ee7. \u0110i\u1ec1u n\u00e0y c\u00f3 ngh\u0129a l\u00e0 b\u1ea1n kh\u00f4ng th\u1ec3 ch\u1ea1y c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nh\u01b0 Windows ho\u1eb7c FreeBSD trong container OpenVZ. B\u1ea1n c\u0169ng kh\u00f4ng th\u1ec3 c\u00f3 c\u00e1c container ch\u1ea1y c\u00e1c b\u1ea3n ph\u00e2n ph\u1ed1i Linux kh\u00e1c nhau tr\u00ean c\u00f9ng m\u1ed9t m\u00e1y ch\u1ee7.<\/p>\n<p>V\u00ed d\u1ee5, n\u1ebfu m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n ch\u1ea1y <a href=\"https:\/\/interdata.vn\/blog\/he-dieu-hanh-centos\/\">CentOS<\/a> 7, t\u1ea5t c\u1ea3 c\u00e1c container OpenVZ tr\u00ean m\u00e1y ch\u1ee7 \u0111\u00f3 <strong>c\u0169ng ph\u1ea3i ch\u1ea1y CentOS 7<\/strong>. B\u1ea1n kh\u00f4ng th\u1ec3 t\u1ea1o m\u1ed9t container ch\u1ea1y <a href=\"https:\/\/interdata.vn\/blog\/ubuntu-server-la-gi\/\">Ubuntu<\/a> ho\u1eb7c Debian. \u0110i\u1ec1u n\u00e0y kh\u00e1c v\u1edbi \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, n\u01a1i b\u1ea1n c\u00f3 th\u1ec3 ch\u1ea1y c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 phi\u00ean b\u1ea3n kernel kh\u00e1c nhau tr\u00ean c\u00f9ng m\u1ed9t m\u00e1y ch\u1ee7 v\u1eadt l\u00fd. H\u1ea1n ch\u1ebf n\u00e0y c\u1ea7n l\u01b0u \u00fd.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"It-linh-hoat-trong-tuy-chinh-Kernel\"><\/span>\u00cdt linh ho\u1ea1t trong t\u00f9y ch\u1ec9nh Kernel<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Do chia s\u1ebb kernel v\u1edbi m\u00e1y ch\u1ee7, vi\u1ec7c <strong>t\u00f9y ch\u1ec9nh kernel<\/strong> trong container OpenVZ r\u1ea5t h\u1ea1n ch\u1ebf. B\u1ea1n kh\u00f4ng th\u1ec3 d\u1ec5 d\u00e0ng t\u1ea3i c\u00e1c module kernel t\u00f9y ch\u1ec9nh ho\u1eb7c thay \u0111\u1ed5i c\u00e1c th\u00f4ng s\u1ed1 kernel trong container. B\u1ea5t k\u1ef3 thay \u0111\u1ed5i n\u00e0o \u0111\u1ed1i v\u1edbi kernel \u0111\u1ec1u ph\u1ea3i \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n tr\u00ean m\u00e1y ch\u1ee7, v\u00e0 s\u1ebd \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c container. H\u1ea1n ch\u1ebf v\u1ec1 kernel n\u00e0y r\u1ea5t l\u1edbn.<\/p>\n<p>Trong m\u00f4i tr\u01b0\u1eddng \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, b\u1ea1n c\u00f3 <strong>to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t kernel<\/strong> c\u1ee7a t\u1eebng m\u00e1y \u1ea3o. B\u1ea1n c\u00f3 th\u1ec3 c\u00e0i \u0111\u1eb7t c\u00e1c module kernel, \u0111i\u1ec1u ch\u1ec9nh c\u00e1c th\u00f4ng s\u1ed1, v\u00e0 th\u1eadm ch\u00ed <a href=\"https:\/\/interdata.vn\/blog\/compiler-trinh-bien-dich-la-gi\/\">bi\u00ean d\u1ecbch<\/a> kernel ri\u00eang. Trong OpenVZ, s\u1ef1 linh ho\u1ea1t n\u00e0y b\u1ecb h\u1ea1n ch\u1ebf \u0111\u00e1ng k\u1ec3, c\u00f3 th\u1ec3 g\u00e2y kh\u00f3 kh\u0103n cho m\u1ed9t s\u1ed1 \u1ee9ng d\u1ee5ng ho\u1eb7c tr\u01b0\u1eddng h\u1ee3p s\u1eed d\u1ee5ng \u0111\u1eb7c bi\u1ec7t c\u1ea7n can thi\u1ec7p s\u00e2u kernel.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Van-de-tiem-an-ve-bao-mat\"><\/span>V\u1ea5n \u0111\u1ec1 ti\u1ec1m \u1ea9n v\u1ec1 b\u1ea3o m\u1eadt<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1eb7c d\u00f9 c\u00e1c container \u0111\u01b0\u1ee3c c\u00f4 l\u1eadp v\u1edbi nhau, vi\u1ec7c chia s\u1ebb kernel <strong>t\u1ea1o ra m\u1ed9t r\u1ee7i ro b\u1ea3o m\u1eadt<\/strong> ti\u1ec1m \u1ea9n. N\u1ebfu m\u1ed9t <a href=\"https:\/\/interdata.vn\/blog\/lo-hong-bao-mat-la-gi\/\">l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/a> nghi\u00eam tr\u1ecdng \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong kernel c\u1ee7a m\u00e1y ch\u1ee7, t\u1ea5t c\u1ea3 c\u00e1c container tr\u00ean m\u00e1y ch\u1ee7 \u0111\u00f3 \u0111\u1ec1u c\u00f3 nguy c\u01a1 b\u1ecb \u1ea3nh h\u01b0\u1edfng. \u0110i\u1ec1u n\u00e0y kh\u00e1c v\u1edbi \u1ea3o h\u00f3a to\u00e0n ph\u1ea7n, n\u01a1i l\u1ed7 h\u1ed5ng trong m\u1ed9t m\u00e1y \u1ea3o th\u01b0\u1eddng kh\u00f4ng \u1ea3nh h\u01b0\u1edfng.<\/p>\n<p>V\u00ed d\u1ee5, m\u1ed9t l\u1ed7 h\u1ed5ng kernel cho ph\u00e9p leo thang \u0111\u1eb7c quy\u1ec1n (privilege escalation) c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c t\u1eeb b\u00ean trong m\u1ed9t container <strong>\u0111\u1ec3 truy c\u1eadp v\u00e0o m\u00e1y ch\u1ee7<\/strong> v\u00e0 c\u00e1c container kh\u00e1c. M\u1eb7c d\u00f9 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt nh\u01b0 SELinux v\u00e0 AppArmor c\u00f3 th\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro n\u00e0y, nh\u01b0ng nguy c\u01a1 v\u1eabn t\u1ed3n t\u1ea1i v\u00e0 c\u1ea7n \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd c\u1ea9n th\u1eadn, c\u1ea7n \u0111\u1ed9i ng\u0169 chuy\u00ean nghi\u1ec7p.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ho-tro-cong-dong\"><\/span>H\u1ed7 tr\u1ee3 c\u1ed9ng \u0111\u1ed3ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>So v\u1edbi c\u00e1c c\u00f4ng ngh\u1ec7 \u1ea3o h\u00f3a container ph\u1ed5 bi\u1ebfn h\u01a1n nh\u01b0 Docker v\u00e0 KVM, c\u1ed9ng \u0111\u1ed3ng h\u1ed7 tr\u1ee3 OpenVZ <strong>c\u00f3 ph\u1ea7n nh\u1ecf h\u01a1n<\/strong>. \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 g\u00e2y kh\u00f3 kh\u0103n khi b\u1ea1n c\u1ea7n t\u00ecm ki\u1ebfm th\u00f4ng tin, gi\u1ea3i ph\u00e1p cho c\u00e1c v\u1ea5n \u0111\u1ec1 k\u1ef9 thu\u1eadt, ho\u1eb7c t\u00ecm ki\u1ebfm c\u00e1c c\u00f4ng c\u1ee5 v\u00e0 t\u00e0i nguy\u00ean h\u1ed7 tr\u1ee3. M\u1eb7c d\u00f9 v\u1eabn c\u00f3 nh\u1eefng ngu\u1ed3n t\u00e0i li\u1ec7u, di\u1ec5n \u0111\u00e0n, nh\u01b0ng kh\u00f4ng nhi\u1ec1u.<\/p>\n<p>S\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a OpenVZ c\u0169ng <strong>c\u00f3 ph\u1ea7n ch\u1eadm l\u1ea1i<\/strong> trong nh\u1eefng n\u0103m g\u1ea7n \u0111\u00e2y, khi c\u00e1c c\u00f4ng ngh\u1ec7 container m\u1edbi h\u01a1n nh\u01b0 Docker v\u00e0 LXC tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn h\u01a1n. \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn vi\u1ec7c c\u1eadp nh\u1eadt c\u00e1c t\u00ednh n\u0103ng m\u1edbi, v\u00e1 l\u1ed7i b\u1ea3o m\u1eadt, v\u00e0 h\u1ed7 tr\u1ee3 c\u00e1c ph\u1ea7n c\u1ee9ng v\u00e0 ph\u1ea7n m\u1ec1m m\u1edbi nh\u1ea5t. C\u1ea7n c\u00f3 c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt k\u1ecbp th\u1eddi.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenVZ l\u00e0 g\u00ec? N\u1ebfu b\u1ea1n \u0111ang t\u00ecm hi\u1ec3u v\u1ec1 \u1ea3o h\u00f3a container tr\u00ean Linux, ch\u1eafc h\u1eb3n \u0111\u00e3 nghe \u0111\u1ebfn OpenVZ. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd cung c\u1ea5p cho b\u1ea1n c\u00e1i nh\u00ecn to\u00e0n di\u1ec7n v\u1ec1 OpenVZ, t\u1eeb \u0111\u1ecbnh ngh\u0129a, l\u1ecbch s\u1eed ph\u00e1t tri\u1ec3n, \u0111\u1ebfn ki\u1ebfn tr\u00fac chi ti\u1ebft. InterData c\u0169ng s\u1ebd ph\u00e2n t\u00edch \u01b0u nh\u01b0\u1ee3c \u0111i\u1ec3m, bao<\/p>\n","protected":false},"author":2,"featured_media":25876,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"class_list":["post-20123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/20123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=20123"}],"version-history":[{"count":3,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/20123\/revisions"}],"predecessor-version":[{"id":28056,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/20123\/revisions\/28056"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/25876"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=20123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=20123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=20123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}