This article was written by Jose De la Rosa (Dell Linux Engineering) and Kent Baxley (Canonical Field Engineer)
LXC (LinuX Containers) provide an isolated operating system environment with its own file system, network, process and block I/O space. A favorite way to describe containers is that they are like “chroot on steroids”, since they provide the file system isolation that chroot jails provide but they go beyond that by also providing an IP address, a separate process domain, user ids and dedicated access to the host’s physical resources (i.e. memory, CPU) which chroot jails do not provide.
There are two Linux kernel features that make LXC containers possible:
The kernel in Ubuntu Server 14.04 LTS has built-in support for namespaces and cgroups so you can readily deploy LXC containers on day one.
One of the main advantages of containers is process and system isolation, which is ideal for developers who need to experiment by installing test libraries or binaries and for system administrators who want to run applications in an isolated environment for management or security purposes.
In Ubuntu Server 14.04 LTS, you can deploy containers that run other Linux distributions such as RHEL and CentOS, so containers can also be used if you need quick access to an alternate Linux distribution than what’s running on your host.
Another widely-used term to describe LXC containers is “lightweight virtualization”. Containers are similar to virtual machines (VMs) because they provide isolated computing environments all running independently on the same host. However, containers have very low overhead because you are not installing a separate operating system for the container and you do not need a hypervisor running on the host along with its overhead.
Figure 1 shows how VMs compare to containers. As you can see, containers do not have the same overhead as VMs and are thus faster to deploy, take up less resources and can achieve performance levels near those of the host they run on. Table 1 lists a comparison of some important metrics between VMs and containers.
Containers are not going to replace virtual machines any time soon (or ever) but there are many use cases where the speed and flexibility of containers are better suited than virtual machines.
Figure 1: Virtualization vs. Containers
Virtualization (i.e. kvm, xen)
Requires a hypervisor and a full operating system image.
Does not require a hypervisor or a separate operating system image.
Any OS supported by the hypervisor
Most Linux distros, uses same kernel as host
Typical server deployment
10 – 100 VMs
100 - 1000 containers
Less than a minute
Physical resources use (i.e. memory, CPU)
Each VM has resource reserved for its own use
Shared by all containers
Table 1: Comparison between virtual machines and containers
In this example we used a PowerEdge R620 server, but you can use any PowerEdge server that has been certified with Ubuntu Server 14.04 LTS.
You can use containers in Ubuntu 14.04 LTS by installing just a few packages. After installing the base OS, you can start deploying dozens of containers in a matter of minutes. To install:
$ sudo apt-get update
$ sudo apt-get install lxc
Installing the lxc package will automatically start a dnsmasq instance on your host and will create a default network bridge (i.e. lxcbr0) that will be used by the containers to get an IP address and access your host over network 10.0.3.0. These settings can be adjusted but here we used the default values.
To create your first container named lxc-test, run:
$ sudo lxc-create –n lxc-test
This will download a minimal Ubuntu 14.04 image from http://images.linuxcontainers.org/ and install the operating system inside the container. This can take a few minutes to finish, depending on your network connection.
Once the container is installed, start it:
$ sudo lxc-start –n lxc-test –d
The “-d” (“daemon”) option starts it in the background. You can get container details (including its IP address) with ‘lxc-info’:
$ sudo lxc-info –n lxc-test
Name: lxc-testState: RUNNINGPID: 17954IP: 10.0.3.156CPU use: 2.18 secondsBlkIO use: 160.00 KiBMemory use: 9.13 MiB[…]
There are several ways to access a container (note that the default login id and password for an Ubuntu container are ‘ubuntu’ and ‘ubuntu’):
Spawn a shell directly in the container:
$ sudo lxc-attach -n lxc-test
Access the containers’ console (to detach, press ‘Ctrl + a’ at the same time, followed by ‘q’).
$ sudo lxc-console -n lxc-test
SSH into the container (get IP address from the ‘lxc-info’ output):
$ ssh email@example.com
When you are done with the container (i.e. you are done testing that new test application) you can stop and destroy your container in 2 easy steps:
$ sudo lxc-stop –n lxc-test
$ sudo lxc-destroy –n lxc-test
Of course! But we will cover those in a future article. Here are a few fun things you can do with containers:
If you’d like to learn more in the meantime, check out these useful sites:
Thanks, this document is very usefully