LXC containers in Ubuntu Server 14.04 LTS - OS and Applications - Wiki - OS and Applications - Dell Community

LXC containers in Ubuntu Server 14.04 LTS

OS and Applications

OS and Applications
Dell OS and Applications Solutions on Dell TechCenter - Project Sputnik, Microsoft Windows, Red Hat Linux, SUSE, Ubuntu, and more

OS and Applications - Wiki

LXC containers in Ubuntu Server 14.04 LTS

OS and Applications - Wiki

This article was written by Jose De la Rosa (Dell Linux Engineering) and Kent Baxley (Canonical Field Engineer)

What are containers?

LXC (LinuX Containers) provide an isolated operating system environment with its own file system, network, process and block I/O space. A favorite way to describe containers is that they are like “chroot on steroids”, since they provide the file system isolation that chroot jails provide but they go beyond that by also providing an IP address, a separate process domain, user ids and dedicated access to the host’s physical resources (i.e. memory, CPU) which chroot jails do not provide.

There are two Linux kernel features that make LXC containers possible:

  1. Namespaces: It isolates an application’s view of the operating system so that it thinks it has its own isolated instance of a global resource. There are several types of namespaces: process (pid), networking (net), inter-process communication (ipc), file system (mnt), hostname (uts) and user IDs (user).
  2. Control Groups: Also known as cgroups, it provides task grouping and controls and isolates container access to physical resources such as memory, CPU and disk I/O.

The kernel in Ubuntu Server 14.04 LTS has built-in support for namespaces and cgroups so you can readily deploy LXC containers on day one.

What can I do with containers?

One of the main advantages of containers is process and system isolation, which is ideal for developers who need to experiment by installing test libraries or binaries and for system administrators who want to run applications in an isolated environment for management or security purposes.

In Ubuntu Server 14.04 LTS, you can deploy containers that run other Linux distributions such as RHEL and CentOS, so containers can also be used if you need quick access to an alternate Linux distribution than what’s running on your host.

How do containers compare to virtual machines?

Another widely-used term to describe LXC containers is “lightweight virtualization”. Containers are similar to virtual machines (VMs) because they provide isolated computing environments all running independently on the same host. However, containers have very low overhead because you are not installing a separate operating system for the container and you do not need a hypervisor running on the host along with its overhead.

Figure 1 shows how VMs compare to containers. As you can see, containers do not have the same overhead as VMs and are thus faster to deploy, take up less resources and can achieve performance levels near those of the host they run on. Table 1 lists a comparison of some important metrics between VMs and containers.

Containers are not going to replace virtual machines any time soon (or ever) but there are many use cases where the speed and flexibility of containers are better suited than virtual machines.

Figure 1: Virtualization vs. Containers

 

 

Virtualization (i.e. kvm, xen)

LXC Containers

Footprint

Requires a hypervisor and a full operating system image.

Does not require a hypervisor or a separate operating system image.

OS supported

Any OS supported by the hypervisor

Most Linux distros, uses same kernel as host

Typical server deployment

10 – 100 VMs

100 - 1000 containers

Boot time

Less than a minute

Seconds

Physical resources use (i.e. memory, CPU)

Each VM has resource reserved for its own use

Shared by all containers

Table 1: Comparison between virtual machines and containers

Show me how to deploy a container, access it and remove it

In this example we used a PowerEdge R620 server, but you can use any PowerEdge server that has been certified with Ubuntu Server 14.04 LTS.

Install packages and create

You can use containers in Ubuntu 14.04 LTS by installing just a few packages. After installing the base OS, you can start deploying dozens of containers in a matter of minutes. To install:

$ sudo apt-get update

$ sudo apt-get install lxc

Installing the lxc package will automatically start a dnsmasq instance on your host and will create a default network bridge (i.e. lxcbr0) that will be used by the containers to get an IP address and access your host over network 10.0.3.0. These settings can be adjusted but here we used the default values.

To create your first container named lxc-test, run:

$ sudo lxc-create –n lxc-test

This will download a minimal Ubuntu 14.04 image from http://images.linuxcontainers.org/ and install the operating system inside the container. This can take a few minutes to finish, depending on your network connection.

Starting a container

Once the container is installed, start it:

$ sudo lxc-start –n lxc-test –d

The “-d” (“daemon”) option starts it in the background. You can get container details (including its IP address) with ‘lxc-info’:

$ sudo lxc-info –n lxc-test

Name:       lxc-test
State:      RUNNING
PID:        17954
IP:         10.0.3.156
CPU use:    2.18 seconds
BlkIO use:  160.00 KiB
Memory use: 9.13 MiB
[…]

Access a container

There are several ways to access a container (note that the default login id and password for an Ubuntu container are ‘ubuntu’ and ‘ubuntu’):

Spawn a shell directly in the container:

$ sudo lxc-attach -n lxc-test

Access the containers’ console (to detach, press ‘Ctrl + a’ at the same time, followed by ‘q’).

$ sudo lxc-console -n lxc-test

SSH into the container (get IP address from the ‘lxc-info’ output):

$ ssh ubuntu@10.0.3.156

Stop and destroy

When you are done with the container (i.e. you are done testing that new test application) you can stop and destroy your container in 2 easy steps:

$ sudo lxc-stop –n lxc-test

$ sudo lxc-destroy –n lxc-test

Anything else?

Of course! But we will cover those in a future article. Here are a few fun things you can do with containers:

  • Clone for later use
  • Take snapshots to save a particular state
  • ‘Freeze’ it to stop it temporarily from operating
  • Attach USB devices on your physical host to a container
  • Nesting (run a container inside a container)

If you’d like to learn more in the meantime, check out these useful sites:

https://help.ubuntu.com/lts/serverguide/lxc.html

https://linuxcontainers.org/

https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/

 

1
Comments