Last updated: Aug 9, 2019
IMAGE GALLERY (7)
- Linux Container Deamon
- full linux OS
- it’s a machine container
- containers run as processes on host OS
- Linux only hypervisor, without a hypervisor, lightvisor
- provides isolation at kernel level using
- + virtual machines running at host speed
- WRitten on top of
- Source Code
- Available images list
LXC - Linux Containers
- LXC is a userspace interface for the Linux kernel containment features1
- create and manage system or application containers
- currently implemented using
- provides whole OS like VMs1
- is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel
cgroupslimitation and prioritization of resources (CPU, memory, networking)
namespaceisolation of working environment including
- we are virtualizing the operating system and not the hardware
- LXC works in the vanilla Linux kernel requiring no additional patches to be applied to the kernel sources
- LXC source-code on github
- Dont forget to configure storage pool
- LXC commands
LXC containers can be of two kinds:
- Privileged containers
- Unprivileged containers
Sample LXC commands
lxd init lxc launch ubuntu:18.04 <name> lxc exec <name> -- /bin/bash lxc stop <name> sudo lxc list sudo lxc image list lxc launch images:kali kali # Set the password for user lxc exec first -- /bin/bash passwd ubuntu exit lxc console first sudo usermod --append --groups lxd avi lxc image list ubuntu: # provides a login shell for the preconfigured account ubuntu inside the container lxc exec webserver -- sudo --login --user ubuntu PORT=80 PUBLIC_IP=your_server_ip CONTAINER_IP=your_container_ip \ sudo -E bash -c 'iptables -t nat -I PREROUTING -i eth0 -p TCP -d $PUBLIC_IP --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT -m comment --comment "forward to the Nginx container"' sudo iptables -t nat -L PREROUTING lxc remote list lxc storage list lxc image list images:cent lxc profile show default lxc profile edit <custom> lxc file push myfile myfile/root free -m nproc
Here’s how the command breaks down:
-t nat specifies that we’re using the nat table for address translation. -I PREROUTING specifies that we’re adding the rule to the PREROUTING chain. -i eth0 specifies the interface eth0, which is the default public interface on Droplets. -p TCP says we’re using the the TCP protocol. -d $PUBLIC_IP specifies the destination IP address for the rule. –dport $PORT: specifies the destination port (such as 80). -j DNAT says that we want to perform a jump to Destination NAT (DNAT). –to-destination $CONTAINER_IP:$PORT says that we want the request to go to the IP address of the specific container and the destination port.
How to restrict resources
lxc config set ubuntu18 limits.memory 512MB # verify free -m
Is LXD same as Docker? Which one is better and how?
Docker was originally based on
LXD, but now they have moved to their own libraries.
Both are containerization technologies. Container runtime environments
Docker are implementation technologies (software programs) owned by canonical and docker Inc respectively to
run linux-container on hosts providing user with an easy API interface to manage them.
We can use all these tools together. Docker can run a app side-by-side a LXC container. LXC container can run a docker. Nested containerization is possible. Running docker inside LXC
KVM vs LXD?
- KVM will start with a BIOS, then a bootloader that loads its Kernel and OS-user space, followed by loading drivers and CPU-scheduling for application processes
- LXD are thinner and removes lot of overhead
How to create custom LXC images? And provision them?
- External provisioners like Ansible
- LXD REST API
# cretate new project lxc project create client-website -c features.images=false -c features.profiles=false lxc profile show default --project default lxc move dbserver dbserver --project client-website --target-project client2-website
- Hardware assists, supported h/w