VMs vs Containers VM App A App A’ App B Bin/libs Bin/libs Bin/libs container Guest Guest Guest App App App App er OS OS OS A A’ B B’ cko Hypervisor (Type 2) d Bin/libs Bin/libs Host OS Host OS SERVER SERVER
Containers App A App A’ Bin/libs Original App Copy of App Modified App Union file system al ows No OS to take us to only save the diffs. up space, resources, No OS. Can share Between container A or require restart. /bin/libs and container A’
LXC “chroot() on steroids” • LXC (LinuX Containers) let you run a Linux system within another Linux system. • a container is a group of processes on a Linux box, put together in an isolated environment. • Inside the box, it look like a VM. • Outside the box, it looks like a normal processes.
why LXC ? • Speed - Fast boots, create VM, deploy tasks • smal footprint • Virtualization - Own [net interface,fs] • Isolation security and resources.
AUFS • Another Union File System • Copy-on-write at the FS layer.
Cgroup • ulimit for groups of processes. • limit, account and isolate resources. • not perfect for limit I/O.
Good example ? • Do everything you do in VM, but fast! • How many VMs do you need ? • Continuous integration !!
docker is user-friendly interface to LXC.
docker did al the fol owing. . • It downloaded the base image from the docker index • it created a new LXC container • It al ocated a filesystem for it • Mounted a read-write layer • Allocated a network interface • Setup an IP for it, with network address translation • And then executed a process in there • Captured its output and printed it to you