Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Containerization with LXC

You're reading from   Containerization with LXC Build, manage, and configure Linux containers

Arrow left icon
Product type Paperback
Published in Feb 2017
Publisher Packt
ISBN-13 9781785888946
Length 352 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Konstantin Ivanov Konstantin Ivanov
Author Profile Icon Konstantin Ivanov
Konstantin Ivanov
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Introduction to Linux Containers FREE CHAPTER 2. Installing and Running LXC on Linux Systems 3. Command-Line Operations Using Native and Libvirt Tools 4. LXC Code Integration with Python 5. Networking in LXC with the Linux Bridge and Open vSwitch 6. Clustering and Horizontal Scaling with LXC 7. Monitoring and Backups in a Containerized World 8. Using LXC with OpenStack A. LXC Alternatives to Docker and OpenVZ

The case for Linux containers

The hypervisor as part of the operating system is responsible for managing the life cycle of virtual machines, and has been around since the early days of mainframe machines in the late 1960s. Most modern virtualization implementations, such as Xen and KVM, can trace their origins back to that era. The main reason for the wide adoption of these virtualization technologies around 2005 was the need to better control and utilize the ever-growing clusters of compute resources. The inherited security of having an extra layer between the virtual machine and the host OS was a good selling point for the security minded, though as with any other newly adopted technology there were security incidents.

Nevertheless, the adoption of full virtualization and paravirtulization significantly improved the way servers are utilized and applications provisioned. In fact, virtualization such as KVM and Xen is still widely used today, especially in multitenant clouds and cloud technologies such as OpenStack.

Hypervisors provide the following benefits, in the context of the problems outlined earlier:

  • Ability to run different operating systems on the same physical server
  • More granular control over resource allocation
  • Process isolation – a kernel panic on the virtual machine will not effect the host OS
  • Separate network stack and the ability to control traffic per virtual machine
  • Reduce capital and operating cost, by simplification of data center management and better utilization of available server resources

Arguably the main reason against using any sort of virtualization technology today is the inherited overhead of using multiple kernels in the same OS. It would be much better, in terms of complexity, if the host OS can provide this level of isolation, without the need for hardware extensions in the CPU, or the use of emulation software such as QEMU, or even kernel modules such as KVM. Running an entire operating system on a virtual machine, just to achieve a level of confinement for a single web server, is not the most efficient allocation of resources.

Over the last decade, various improvements to the Linux kernel were made to allow for similar functionality, but with less overhead – most notably the kernel namespaces and cgroups. One of the first notable technologies to leverage those changes was LXC, since kernel 2.6.24 and around the 2008 time frame. Even though LXC is not the oldest container technology, it helped fuel the container revolution we see today.

The main benefits of using LXC include:

  • Lesser overheads and complexity than running a hypervisor
  • Smaller footprint per container
  • Start times in the millisecond range
  • Native kernel support

It is worth mentioning that containers are not inherently as secure as having a hypervisor between the virtual machine and the host OS. However, in recent years, great progress has been made to narrow that gap using Mandatory Access Control (MAC) technologies such as SELinux and AppArmor, kernel capabilities, and cgroups, as demonstrated in later chapters.

You have been reading a chapter from
Containerization with LXC
Published in: Feb 2017
Publisher: Packt
ISBN-13: 9781785888946
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime