How does Docker implement networking and installation?
Linux - ContainersThis forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How does Docker implement networking and installation?
If Dockers are nothing but namespaced processes on the system then how does it handle the following:
If I install a software component within Docker does it get installed in the host operating system as well? Intution says thats the case, since if they are jailed processes.
How does docker namespace the networks? How does it handle networking?
If Dockers are nothing but namespaced processes on the system then how does it handle the following:
If I install a software component within Docker does it get installed in the host operating system as well? Intution says thats the case, since if they are jailed processes.
How does docker namespace the networks? How does it handle networking?
Docker containers don’t have a separate operating system. Programs running in a Docker container use the container host’s OS. In case you mean the filesystem: There are several filesystem implementations, including a simple filesystem subtree on the host. See https://docs.docker.com/storage/.
Docker uses the kernel’s network namespace feature.
How it handles networking? As pan64 says, read Docker documentation. In case you don’t find it: https://docs.docker.com/network/
Last edited by berndbausch; 12-10-2018 at 06:09 AM.
Docker containers don’t have a separate operating system. Programs running in a Docker container use the container host’s OS. In case you mean the filesystem: There are several filesystem implementations, including a simple filesystem subtree on the host. See https://docs.docker.com/storage/.
Docker uses the kernel’s network namespace feature.
How it handles networking? As pan64 says, read Docker documentation. In case you don’t find it: https://docs.docker.com/network/
I will check the networking part. But can you tell me what happens when you install a software package inside a container? Does that affect the host system as well?
I will check the networking part. But can you tell me what happens when you install a software package inside a container? Does that affect the host system as well?
Sure it does. Disk space is used. IO is generated. CPU is used. Processes in the container show up in the host’s process table. There is a wall or a hedge around the container’s resources, but the resources come from the host.
it is explained on the net, you will find the answers.
docker is an isolation therefore the processes inside the docker (hopefully) will not be able to go outside or into another docker. But from the host you will be able to see inside.
it is explained on the net, you will find the answers.
docker is an isolation therefore the processes inside the docker (hopefully) will not be able to go outside or into another docker. But from the host you will be able to see inside.
Let me understand this via a simple example, lets say I setup a container, and I start a bash shell within that container. Now there are a couple of things I cant understand
Lets say I do an apt-get install python3 in the container. Does that install python3 in the host OS as well? That is if I exit the shell of the container and I type python on the host bash shell will I get the python REPL? My thinking says that I should, if not I am really interested in knowing how docker separates that.
When for example I launch another process within a Docker, then does it show up as another process in the ps table?
How can you run a RHEL Docker within an Ubuntu OS? If so how? The RHEL OS has a completely different format, even when it comes to binaries I think. How do you support that in another OS?
The believe the main reason for this confusion is because I am unable to understand why Docker is not a VM. I have read about namespaces but it doesn't explain a lot of the things Docker is able to pull off like "magic".
Sure it does. Disk space is used. IO is generated. CPU is used. Processes in the container show up in the host’s process table. There is a wall or a hedge around the container’s resources, but the resources come from the host.
Does that software become a part of the host OS? That is in case of Ubuntu does it become a part of the host apt cache? If I do an apt-get remove from the host then will I be able to remove it from the system?
When you install something from within a container, the package is installed in the local filesystem for the container ("inside" the container). So if you install Python3 in a container, then the container has Python3 but your host OS does not have access to Python3.
I don't use Docker, but I do use open source containers, so here's an example that applies to both:
Does that software become a part of the host OS? That is in case of Ubuntu does it become a part of the host apt cache? If I do an apt-get remove from the host then will I be able to remove it from the system?
No. Software goes to the container’s filesystem, which can be implemented as a filesystem subtree on the host or in other ways. See http://docker.com/storage for details.
Let me understand this via a simple example, lets say I setup a container, and I start a bash shell within that container. Now there are a couple of things I cant understand
Lets say I do an apt-get install python3 in the container. Does that install python3 in the host OS as well? That is if I exit the shell of the container and I type python on the host bash shell will I get the python REPL? My thinking says that I should, if not I am really interested in knowing how docker separates that.
When for example I launch another process within a Docker, then does it show up as another process in the ps table?
How can you run a RHEL Docker within an Ubuntu OS? If so how? The RHEL OS has a completely different format, even when it comes to binaries I think. How do you support that in another OS?
Yes, processes run on the host and are visible there. You can kill them, for example.
You can run RHEL by copying all the files necessary for RHEL to the host.
Quote:
The believe the main reason for this confusion is because I am unable to understand why Docker is not a VM. I have read about namespaces but it doesn't explain a lot of the things Docker is able to pull off like "magic".
It’s not a VM because it doesn’t create virtual hardware and doesn’t run a separate kernel. Contained processes use the host’s resources. Processes in a VM run on virtual CPUs, virtual memory and access virtual devices. A VM runs - it uses CPU even when idle. A container doesn’t “run” at all. It’s a hedge around the software inside it. You can look through the hedge from outside, but not from inside.
If you are still confused, name some of the magic you allude to. We can try to explain how it’s done.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.