Linux - ContainersThis forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just noticed this evidently new sub-forum. Linux container? I haven't heard that term. What does it mean? Or, what does a Linux container do and why would we want one?
I found this on the Wikipedia page. I'm figuring out that the key seems to be:
Quote:
...allows limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and also namespace isolation functionality that allows complete isolation of an applications' view of the operating environment, including process trees, networking, user IDs and mounted file systems.
My knowledge is only good enough to vaguely understand that. But it seems to indicate that enhancing security was the point. The giveaways are using "isolation" twice and, elsewhere on the page, mentioning chroot jails. Am I right?
Last edited by newbiesforever; 11-25-2017 at 01:13 PM.
If I may suggest some light reading, you will want to research packages and documentation for things like LXC (or LXD) and OpenVZ for some different kinds of linux containers. Some Ubuntu documentation will only discuss one kind or another as if they were the entire world, but in fact there are several different types of Linux Containers. Read for general concepts first, rather than getting hung up on one particular implementation.
Using LXC style containers is more like chroot jails, isolating as little as a single process or an entire system environment much like full or para virtualization. An OpenVZ style container is designed to support complete linux system environments with even better separation and isolation, and greater power. (The latest OpenVZ also supports full virtualization alongside containers.) And these are just two examples, there are others.
Containers do virtualization using the kernel, and so are limited to the processes and systems that are supported by that kernel. They offer fine control, and much better density and performance as compared to full virtualization that must RUN a separate kernel. They a built faster, start faster, run faster, shut down faster, and provide much better server ROI: better even than full virtualization can.
Wonderfully interesting tools. We in IT get the very BEST toys to work with! ;-)
A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.
One thing to note is that with a VM, hardware allocation is locked in, where as with a container, like Docker, takes only what it needs. Pretty good stuff especially where I work, I always see VMs that are over-allocated with RAM and storage and never doing anything with it.
Last edited by JockVSJock; 11-26-2017 at 06:05 PM.
A Linux container is similar in concept – but not in implementation – to "a chroot jail, on steroids."
"Virtual Machines" are often used merely as a mechanism for providing isolation. But, "if isolation is all that you really need," virtual machines are an inefficient way to do it. Containers provide an alternative way of satisfying the same isolation requirements, albeit in a fundamentally different way than virtual machines do.
The Linux kernel now has a combination of facilities which, when used together, can put "rose-colored glasses" on a process and also strictly confine its resource usage. "Containers," then, provide a convenient way to cause all of these separate facilities to work seamlessly together, in order to create for a process (group) the illusion that it is operating in an isolated environment and that it is in charge of that environment. In reality, the process is being directly executed by the Linux host.
Since containers are basically just a set of rules, they can be created and destroyed almost instantaneously, and they have none of the overhead of virtual machines. Furthermore, you aren't having to deal with the influence of the hypervisor: everything is actually being done by the host Linux OS and is directly managed by its various schedulers. Ifyour particular requirements can be satisfied by containers, they're the way to go.
There are several types of containers, depending on the exact level and nature of isolation that you require. They employ the underlying Linux kernel facilities in different ways to satisfy different objectives.
Last edited by sundialsvcs; 11-28-2017 at 02:01 PM.
In a virtual machine (VM), the computer virtualizes a whole computer.
Inside the virtual machine you install a full operating system.
This thing takes a lot of system resources and you can have just a couple of VMs on your computer.
However, a Linux container (https://linuxcontainers.org/) does about the same as a VM,
but does not take that many resources. You can have many more Linux containers on a single computer than VMs.
On my desktop computer I happen to run now five Linux containers.
There are several ways to get Linux containers on your Linux computer.
My preference is to use LXD (pre-installed on Ubuntu, but can also install on other distributions).
LXD is a management software for Linux containers, that helps you avoid many manual tasks.
Linux containers (with LXD) are so lightweight, that you can test them from your Web browser (for free)!
Go through the tutorial at https://linuxcontainers.org/lxd/try-it/ and you will get a good understanding how they work.
In that website, they create an LXC (well LXD/LXC container) for you over the browser, and inside there they let you create your own containers (nested containers).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.