Linux Containers (LXC) Explained
Before jumping into the world of containers and container-based technology, I believe that it is important to have atleast a basic understanding of Linux Containers (LXC) since it is the "backbone" for the majority of the projects. Once you understand the basics of LXC, it will make a container-based technology like Docker much easier to grasp from the start.
A Linux Container, in its most basic definition, is an operating system level virtualization method for running one or multiple isolated Linux systems on a single host. These isolated Linux systems are called "containers" and utilize control groups (cgroups) for resource isolation. Cgroups became part of kernel functionality with release version 2.6.24 and allow for namespace isolation to provide complete isolation of applications view of the OS which allows it be given its own PID space, file system structure and network interfaces. Although each container is provided its own space and can be constrained to specified resource allocation, all containers share the host's kernel. You can imagine containers as processes in a box in that containers run as Linux processes on top of the Linux kernel. See below image for a visual representation of the layers.
 |
| Figure 1. Containers all share the same kernel and host OS and may also share the host's binaries and libraries as well. |
Advantages / Disadvantages
The advantages of containers depends solely on the environment needs. There are several benefits to utilizing this technology but there are also disadvantages as well. Let's list out some of the advantages of containers and then list out the disadvantages. Please note these pros and cons are a matter of opinion so where I see it as an advantage some might not.
Advantages
- Lightweight - As mentioned above, Linux containers are extremely lightweight due to the fact that they are not full fledged operating systems and take advantage of being a running process on the Linux kernel.
- Open Source - Who doesn't like open source? Lots of enhancements and features being added all the time and also a backed community of people out there. Companies like Red Hat also have paid support in newer releases of their OS.
- API - LXC is written in C, python3, shell and lua but has several language bindings including python, lua, ruby and Go. This would give the ability to program automate as far as your heart desires.
- BTRFS - If you haven't read or heard about BTRFS yet then I would suggest taking a look at its features. I won't get into discussing BTRFS here but note that container technology is a great case to take advantage of some of its features.
- Isolation - Cgroups give admins the advantage of running multiple systems and applications inside containers on the same host without any interference to other containers. This reduces overhead an in return can help you better utilize resources like CPU and memory which will also in turn save rack space. A great way to get maximum utilization out of your hardware and return on investment.
- Fast Deployment - One of the best advantages in my opinion and what I believe to be one of the main inspirations to a lot of the container-based technologies like Docker. You can create container templates, setup a repository, clone new instances from templates and be up and running in a matter of minutes.
- Runs Linux - Linux is totally wicked awesome but that's not what I'm getting at. You can run several different flavors of Linux on the same host as long as they both share the same kernel. So for example you can run CentOS containers alongside Ubuntu containers on a Fedora host.
Disadvantages
- Only Linux - Although you are able to run many different Debian and rpm based containers on the same host regardless of host OS, you are strictly limited to running Linux. You cannot run Windows, BSD, or OSX since containers utilize the Linux Kernel.
- Configuration - I have found, especially in the beginning, configuring containers can be a bit of a task and a little frustrating at times. But if you play around with them for awhile it will start to click.
- All command line - To me this is an advantage but to some this might be a disadvantage. There is no GUI program that comes with LXC for configuration or management of containers or repos.
- Security - There are many people that do not believe that containers are secure. Security has come a long way through the integration of SELinux so I would say that this point could and probably should be argued.
Getting Started
With this being part 1 of the series, let's go ahead and move forward with getting LXC installed on a system. LXC works on multiple flavors of Linux but for this demo and the rest of my demos I will be using CentOS 7. In the next post, we will dig deeper into LXC and start configuration.
1. The first thing you are going to need to do is install the EPEL Repository for CentOS 7 if you have not already done so. This repository will contain the necessary packages for LXC. You can use wget like below to download. If you already have that repo on your machine skip to step 2.
# wget http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
# rpm -ivh epel-release-7-0.2.noarch.rpm
2. Install the main LXC package along with the bridging utilities package for ethernet bridging.
# yum install -y lxc bridge-utils
That's it! Extremely simple. You can watch the video below for a visual on getting LXC installed. Please check back soon for Part 2 where I will walk us through setting up the host for networking.
2. Install the main LXC package along with the bridging utilities package for ethernet bridging.
# yum install -y lxc bridge-utils
That's it! Extremely simple. You can watch the video below for a visual on getting LXC installed. Please check back soon for Part 2 where I will walk us through setting up the host for networking.
No comments:
Post a Comment