What are containers?
LXC (LinuX Containers) provide an isolated operating system environment with its own file system, network, process and block I/O space. A favorite way to describe containers is that they are like “chroot on steroids”, since they provide the file system isolation that chroot jails provide but they go beyond that by also providing an IP address, a separate process domain, user ids and dedicated access to the host’s physical resources (i.e. memory, CPU) which chroot jails do not provide.
There are two Linux kernel features that make LXC containers possible:
- Namespaces: It isolates an application’s view of the operating system so that it thinks it has its own isolated instance of a global resource. There are several types of namespaces: process (pid), networking (net), inter-process communication (ipc), file system (mnt), hostname (uts) and user IDs (user).
- Control Groups: Also known as cgroups, it provides task grouping and controls and isolates container access to physical resources such as memory, CPU and disk I/O.
The kernel in Ubuntu Server 14.04 LTS has built-in support for namespaces and cgroups so you can readily deploy LXC containers on day one.
What can I do with containers?
One of the main advantages of containers is process and system isolation, which is ideal for developers who need to experiment by installing test libraries or binaries and for system administrators who want to run applications in an isolated environment for management or security purposes.
In Ubuntu Server 14.04 LTS, you can deploy containers that run other Linux distributions such as RHEL and CentOS, so containers can also be used if you need quick access to an alternate Linux distribution than what’s running on your host.
How do containers compare to virtual machines?
Another widely-used term to describe LXC containers is “lightweight virtualization”. Containers are similar to virtual machines (VMs) because they provide isolated computing environments all running independently on the same host. However, containers have very low overhead because you are not installing a separate operating system for the container and you do not need a hypervisor running on the host along with its overhead.
Figure 1 shows how VMs compare to containers. As you can see, containers do not have the same overhead as VMs and are thus faster to deploy, take up less resources and can achieve performance levels near those of the host they run on. Table 1 lists a comparison of some important metrics between VMs and containers.
Containers are not going to replace virtual machines any time soon (or ever) but there are many use cases where the speed and flexibility of containers are better suited than virtual machines.
Figure 1: Virtualization vs. Containers
| Virtualization (i.e. kvm, xen) | LXC Containers |
Footprint | Requires a hypervisor and a full operating system image. | Does not require a hypervisor or a separate operating system image. |
OS supported | Any OS supported by the hypervisor | Most Linux distros, uses same kernel as host |
Typical server deployment | 10 – 100 VMs | 100 - 1000 containers |
Boot time | Less than a minute | Seconds |
Physical resources (i.e. memory, CPU) | Each VM has resource reserved for its own use | Shared by all containers |
Table 1: Comparison between virtual machines and containers
Show me how to deploy a container, access it and remove it
For a hands-on example of how to deploy and use containers in Ubuntu Server 14.04 LTS, read this Dell TechCenter article.