Introduction to linux containers
-
Upload
google -
Category
Engineering
-
view
165 -
download
2
Transcript of Introduction to linux containers
Linux Containers
What's Linux Containers? Linux Containers(LXC) allow running multiple isolated Linux instances
(containers) on the same host.
Containers share the same kernel with anything else that is running on it, but
can be constrained to only use a defined amount of resources such as CPU,
memory or I/O.
A container is a way to isolate a group of processes from the others on a
running Linux system.
Why Linux Containers? Provision in seconds / milliseconds
Near bare metal runtime performance
VM-like agility – it’s still “virtualization”
Flexibility• Containerize a “system”• Containerize “application(s)”
Lightweight• Just enough Operating System (JeOS)• Minimal per container penalty
Growing in popularity
Virtual Network Types
LXC containers support the following networking types:
• empty - creates only loopback interface and assigns it to the container.
• vlan - a vlan interface is linked with the interface specified in container's configuration and is assigned to a the container.
• phys - an already existing interface is assigned to the container. This is useful when you want to assign a physical network interface to a LXC container.
• none - will cause container to use host's network namespace.
Terminology in LXC
• Chroot : A change root (chroot, or change root jail) is a section in the file system which is isolated from the rest of the file system. For this purpose, the chroot command is used to change the root of the file system.
• Cgroups : Kernel Control Groups (commonly referred to as just “cgroups”) are a Kernel
feature that allows aggregating or partitioning tasks (processes) and all their children into hierarchical organized groups to isolate resources.
• Container : A “virtual machine” on the host server that can run any Linux system, for
example openSUSE, SUSE Linux Enterprise Desktop, or SUSE Linux Enterprise Server.
Terminology Continued...
• Container Name :A name that refers to a container. The name is used by the lxc commands.
• Kernel Namespaces : A Kernel feature to isolate some resources like network, users, and others for a
group of processes.
• LXC Host Server : The system that contains the LXC system and provides the containers and
management control capabilities through cgroups.
Hypervisors vs. Linux Containers
Hardware
Operating System
Hypervisor
Virtual Machine
Operating System
Bins / libs
App
App
Virtual Machine
Operating System
Bins / libs
App
App
Hardware
Hypervisor
Virtual Machine
Operating System
Bins / libs
App
App
Virtual Machine
Operating System
Bins / libs
App
App
Hardware
Operating System
Container
Bins / libs
App
App
Container
Bins / libs
App
App
Type 1 Hypervisor Type 2 Hypervisor Linux Containers
Containers are isolated, but share OS and, where appropriate, libs / bins.
Docker vs. LXC vs. Hypervisor
Docker: LXC Virtualization?
Docker decouples the LXC provider from the operations• LXC provider agnostic
Docker “images” run anywhere docker is supported• Portability
Who’s Using LXC
Google app engine & infra is said to be using some form of LXC
RedHat OpenShift
dotCloud (now docker inc)
CloudFoundry (early versions)
Rackspace Cloud Databases
Parallels Virtuozzo (commercial product)
LXC Gaps
There are gaps…
• Lack of industry tooling / support
• Full orchestration across resources (compute / storage / networking)
• Fears of security
• Not a well known technology… yet
• Integration with existing virtualization and Cloud tooling
• Not much / any industry standards
• Missing skillset
• Slower upstream support due to kernel dev process
LXC: Use Cases For Traditional VMs
There are still use cases where traditional VMs are warranted.
• Virtualization of non Linux based OSs
• Windows
• AIX
• LXC not supported on host
• VM requires unique kernel setup which is not applicable to other VMs on
the host (i.e. per VM kernel config)
Features Of Linux Containers
Lightweight and resource – friendly
Comprehensive process and resource isolation
Run multiple versions of an operating system on a single server
Rapid and Easy deployment
Advantages
Easier maintenance and backup of individual virtual machines than one 'big'
linux server
Running different 'servers' on one physical computer saves hardware and
power costs
Security separation, hardware access from inside a vm may be restricted
Disadvantages
Speed issues if too many vm's are using the same hardware at the same time
(especially hard drive access, recommend a SSD).
If hardware breaks, all virtual machines machines are affected.
Might have problems accessing hardware, as access to that hardware might
be restricted.