Let me start by explaining what a container is, it is normal process on the host machine (any Linux based m/c) with following characteristics,
- It feels like a VM, but it is not.
- Uses the host Kernel.
- Cannot boot a different Operating System.
- Can’t have its own modules.
- Does not need “init” as PID (Process id) as “1”
LXC (LinuX Containers) technology was developed long ago and is an Operating System level virtualization technology. This was existing from the days of BSD and System-V Release 4 (Popular Unix flavors during 1980-90’s). But until recently, no one new how much it can help us in saving in terms of resource utilization. Because of this technology change, all enterprises are moving towards adoption of virtualization (be it Cloud or be it Docker containers). This also helped in better management of OpEX(Operational expenditures) and CaPEX(Captial expenditures) costs. Using this technique, we can create and run multiple and isolated Linux virtual environments on a single Linux host machine (called control host). LXC mainly uses Linux’s cgroups and namespaces functionalities, which were introduced in version 2.6.24(kernel version) onwards. In parallel many advancements in hypervisors happened like that of KVM, QEMU, Hyper-V, ESXi etc. Especially KVM (Kernel Virtual Machine) which is core of Linux OS, helped in this kind of advancement.
Difference between LXC and LXD is that LXC is the original and older way to manage containers but it is still supported, all commands of LXC starts with “lxc-“ like “lxc-create” & “lxc-info“, whereas LXD is a new way to manage containers and lxc command is used for all containers operations and management.
All of us know that “Docker” utilizes LXC and was developed using Go language, cgroups, namespaces and finally the Linux Kernel itself. Complete Docker has been built and developed using LXC as the basic foundation block. Docker is completely dependent on underlying infrastructure & hardware and using the Operating System as the medium. However, Docker is a portable and easily deployable container engine; all its dependencies are run using a virtual container on most of the Linux based servers. Groups, and Namespaces are the building block concepts for both LXC and Docker containers. Following are the brief description of these concepts.
C Groups (Control Groups)
With Cgroups each resource will have its own hierarchy.
- CPU, Memory, I/O etc will have their own control group hierarchy. Following are various characterics of Cgroups,
- Each process is in each node
- Each hierarchy starts with one node
- Initially all processes start at the root node. Therefore “each node” is equivalent to “group of processes”.
- Hierarchies are independent, ex: CPU, Block I/O, memory etc
As explained earlier there are various Cgroup types as listed below,
1) Memory Cgroups
a) Keeps track of pages used by each group.
b) File read/write/mmap from block devices
c) Anonymous memory(stack, heap etc)
d) Each memory page is charged to a group
e) Pages can be shared across multiple groups
2) CPU Cgroups
a) Track users/system cpu time
b) Track usage per CPU
c) Allows set to weights
d) Can’t set cpu limits
3) Block IO Cgroup
a) Keep track of read/write(I/O’s)
b) Set throttle (limits) for each group …