Virtualization overview ● Xen ● Separate host i guest kernel (dom0, domU) ● Not upstream, massive duplication of kernel code ● Linux Vserver, OpenVZ (Virtuozzo), sVirt (SELinux based) ● Single kernel, out-of-tree patches ● Linux Containers - LXC ● chroot on steroids, based on cgroup Linux support ● Part of standard kernel, based on things you already know! ● Full-system virtualization: KVM, VirtualBox, VMWare ● But you can run LXC inside them! (e.g. EC2)
cgroup ● Process namespace in kernel ● Devices (even X11 in LXC!) ● CPU (sched, cpu account, cpuset) - NUMA ● Memory (not in Debian's kernel) ● Block I/O scheduling, limits ● Linus' 2.6.38 magic patch ● Setsid create new scheduler entry ● Used by Google Chrome, systemd...
Under construction ● Still not in: Linux 188.8.131.52 ● lxc-attach ● Attach process (bash) inside running container ● Needed to set default route outside container ● lxc-checkpoint ● Similar to lxc-(un)freeze with checkpoint to disk ● https://ckpt.wiki.kernel.org/
LXC summary ● Isolate ● one application – lxc-execute ● whole OS – lxc-start ● use templates (lxc-create) ● Familiar Linux networking (bridges) ● Limiting features varies (kernel config/version) ● Ready to use today!