Last Updated: July 14, 2024
·
2.116K
· itseranga

Linux containers #lxc

What are LinuX Containers

  • LXC (LinuX Containers) is light weight virtualisation system
  • It is based on linux(kernal) and allows for creation and management of many virtualized linux environments on a single parent host
  • These virtualized environments(call containers) are invisible to each other
  • Unlike some other virtualization solutions, no hardware emulation is used and the container shares the kernel with the host,
  • It makes LXC lightweight and easy to get started with
  • The concept behind the LXC is Containers

More on containers

  • Simply containers provide operating system level virtualization mechanism
  • Containers are group of processes in linux box
  • Inside the box it looks like a VM(but not a VM)
  • In outside the box it looks like group of processes
  • Following figure describes how multiple containers looks on a single host

Picture

VMs vs Containers

  • VMs consists with hypervisor which provides emulated hardware for virtual machine images
  • So VMs allows to creates many self contained systems via hypervisor

Picture

  • As I mentioned, containers are not VMs
  • Containers are more light weight than VMs, since it shares kernal with host without hardware emulation(hypervisor)
  • Containers use kernal features such as kernel namespaces, and control groups(cgroups)
  • Kernel namespaces provide basic isolation and CGroups use for resource allocation
  • Basically containers provide same functionality which provides by VMs, with out any hypervisor overhead

Picture

Namespaces

  • Kernel namespaces provide basic isolation
  • It guarantee that each container cannot see or affect other containers
  • For an example, with namespaces you can have multiple processes with same PID in different environments(containers)
  • There are six types of namespaces available
  1. pid (processes)
  2. net (network interfaces, routing...)
  3. ipc (System V IPC)
  4. mnt (mount points, filesystems)
  5. uts (hostname)
  6. user (UIDs)

CGroups

  • CGroups(Control Groups) allocate resources (memory, CPU, disk I/O) between containers
  • It ensure that each container gets its fair share of memory, CPU, disk I/O(resources),
  • Also It guarantee that single container not over consuming the resources

Docker and LXC

  • Docker provides high-level API which is capable to create and maintain lightweight virtualization environments(processes isolation)
  • It is really an extension of LXC’s capabilities
  • Docker used the LXC as default execution environment
  • Actually docker contains wrapper around the LXC to make their functionality
  • But recently (after docker version 0.9) they have replaced the LXC with their own execution environment call libcontainers

Reference