Introduction to linux containers
Download as PPTX, PDF3 likes1,609 views
Linux containers (LXC) enable the simultaneous running of multiple isolated Linux instances on a single host, sharing the same kernel while allowing resource constraints. They provide benefits like rapid provisioning, near bare-metal performance, and lightweight operation. However, LXC faces challenges including lack of industry tooling, security concerns, and integration issues with existing virtualization technologies.
Introduction to linux containers
- 2. What's Linux Containers? Linux Containers(LXC) allow running multiple isolated Linux instances (containers) on the same host. Containers share the same kernel with anything else that is running on it, but can be constrained to only use a defined amount of resources such as CPU, memory or I/O. A container is a way to isolate a group of processes from the others on a running Linux system.
- 3. Why Linux Containers? Provision in seconds / milliseconds Near bare metal runtime performance VM-like agility – it’s still “virtualization” Flexibility • Containerize a “system” • Containerize “application(s)” Lightweight • Just enough Operating System (JeOS) • Minimal per container penalty Growing in popularity
- 4. Virtual Network Types LXC containers support the following networking types: • empty - creates only loopback interface and assigns it to the container. • vlan - a vlan interface is linked with the interface specified in container's configuration and is assigned to a the container. • phys - an already existing interface is assigned to the container. This is useful when you want to assign a physical network interface to a LXC container. • none - will cause container to use host's network namespace.
- 5. Terminology in LXC • Chroot : A change root (chroot, or change root jail) is a section in the file system which is isolated from the rest of the file system. For this purpose, the chroot command is used to change the root of the file system. • Cgroups : Kernel Control Groups (commonly referred to as just “cgroups”) are a Kernel feature that allows aggregating or partitioning tasks (processes) and all their children into hierarchical organized groups to isolate resources. • Container : A “virtual machine” on the host server that can run any Linux system, for example openSUSE, SUSE Linux Enterprise Desktop, or SUSE Linux Enterprise Server.
- 6. Terminology Continued... • Container Name : A name that refers to a container. The name is used by the lxc commands. • Kernel Namespaces : A Kernel feature to isolate some resources like network, users, and others for a group of processes. • LXC Host Server : The system that contains the LXC system and provides the containers and management control capabilities through cgroups.
- 7. Hypervisors vs. Linux Containers Hardware Operating System Hypervisor Virtual Machine Operating System Bins / libs Ap p Ap p Virtual Machine Operating System Bins / libs Ap p Ap p Hardware Hypervisor Virtual Machine Operating System Bins / libs Ap p Ap p Virtual Machine Operating System Bins / libs Ap p Ap p Hardware Operating System Container Bins / libs Ap p Ap p Container Bins / libs Ap p Ap p Type 1 Hypervisor Type 2 Hypervisor Linux Containers Containers are isolated, but share OS and, where appropriate, libs / bins.
- 8. Docker vs. LXC vs. Hypervisor
- 9. Docker: LXC Virtualization? Docker decouples the LXC provider from the operations • LXC provider agnostic Docker “images” run anywhere docker is supported • Portability
- 10. Who’s Using LXC Google app engine & infra is said to be using some form of LXC RedHat OpenShift dotCloud (now docker inc) CloudFoundry (early versions) Rackspace Cloud Databases Parallels Virtuozzo (commercial product)
- 11. LXC Gaps There are gaps… •Lack of industry tooling / support •Full orchestration across resources (compute / storage / networking) •Fears of security •Not a well known technology… yet •Integration with existing virtualization and Cloud tooling •Not much / any industry standards •Missing skillset •Slower upstream support due to kernel dev process
- 12. LXC: Use Cases For Traditional VMs There are still use cases where traditional VMs are warranted. •Virtualization of non Linux based OSs •Windows •AIX •LXC not supported on host •VM requires unique kernel setup which is not applicable to other VMs on the host (i.e. per VM kernel config)
- 13. Features Of Linux Containers Lightweight and resource – friendly Comprehensive process and resource isolation Run multiple versions of an operating system on a single server Rapid and Easy deployment
- 14. Advantages Easier maintenance and backup of individual virtual machines than one 'big' linux server Running different 'servers' on one physical computer saves hardware and power costs Security separation, hardware access from inside a vm may be restricted
- 15. Disadvantages Speed issues if too many vm's are using the same hardware at the same time (especially hard drive access, recommend a SSD). If hardware breaks, all virtual machines machines are affected. Might have problems accessing hardware, as access to that hardware might be restricted.