Vyom

कर्मण्येवाधिकारस्ते॥

Docker and Linux Containers (LXC) 1.0 Release

Libvirt The Unsung Hero of Cloud Computing Platforms

After a long gap of over 8 weeks I am writing this article. During this break got time to travel in India, which by the way was wonderful, and after returning started working on dockers and linux containers. During past weeks I spend some time experimenting with dockers and LXC and my first impressions were, why we need to re-invent the wheels when bare-metal computing can be scaled based on application demands, using modern fabric based computing advances like AMD seamicro and HP moonshot combined with tools like Cobbler, Ansible, Puppet, Chef, CFEngine etc. But after experimenting bit longer understood the real value of docker and LXC in making it easier to build self sufficient portable application enviroments which fits very well for certain use cases.

In this article I will be talking more about LXC 1.0 Release and its impact on docker. For the readers unfamiliar with Dockers and LXC I have included a short summary in the article, for details please check the links below:

What’s LXC?

LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers. LXC is something in the middle between chroot on stereoids and a full fledged virtual machine. LXC create an environment as close as possible to standard linux installation without the need for a separate kernel.

Features

LXC uses the following linux kernel features:

  • Kernel namespaces (ipc, uts, mount, pid, network and user)
  • Apparmor and SELinux profiles
  • Seccomp policies
  • Chroots (using pivot_root)
  • Kernel capabilities
  • Control groups (cgroups)

Components

LXC consists of following components at present:

  • The liblxc library
  • Language bindings (Python 3, Lua, Ruby and Go at present)
  • A set of standard tools to control the containers
  • Container templates

Licensing

LXC is free software, most of the code is released under the terms of the GNU LGPLv2.1+ license, some Android compatibility bits are released under a standard 2-clause BSD license and some binaries and templates are shipped under the GNU GPLv2 license.

What is Docker?

The idea behind docker is to create a lightweight portable self sufficient application container that will run virtually anywhere. Docker is an open source engine that automates the deployment of any application as lightweight portable self sufficient container that will run virtually anywhere on developer laptops, on virtual machines, bare-metal servers, OpenStack clusters, CloudStack clusters, public instances, or combination of the above.

Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. Common use cases for Docker include:

  • Automating the packaging and deployment of applications
  • Creation of lightweight, private PAAS environments
  • Automated testing and continuous integration/deployment
  • Deploying and scaling web apps, databases and backend services

Docker is developed using Go language and relies on LXC (Linux Containers). There is a roadmap to extend it to other container technology like Solaris, BSD Zones and Windows by implementing various containers technology as drivers. But for the near future docker only works on Linux.

LXC Release 1.0

On 20 th February 2014 LXC 1.0 version was released and set a significant milestone for Linux Containers and considered as production ready. This release features wide variety of improvenments to container security, a consistent set of tools, updated documentation and an API with multiple language bindings.

New Features

LXC 1.0 represent hard work of 144 contributors with 2,601 commits representing 42,241 lines of code with first commit in August, 2008 (according to ohloh [1]). LXC 1.0 release includes a major rework of the way LXC is structured. Following are some of the highlights of the new features of this release:

  • Support for fully unprivileged containers

  • Public stable API (liblxc1)

  • Official API bindings for lua and python3 (in tree)

  • Official API bindings for Go and ruby (out of tree)

  • Flexible backingstore system with support for:
    • standard directories (default)
    • btrfs
    • zfs
    • lvm
    • loop devices
    • aufs
    • overlayfs
  • Support for cloning and snapshotting containers

  • A reduced but more complete set of command line tools

  • Updated, more complete documentation

  • A new way of creating containers based on centrally generated images

  • Templates letting you create containers running most popular distributions

You can read more details about each feature in blog posts [2] by Stéphane Graber, who is one of the current maintainer of LXC project.

LXC 1.0 and Dockers

Current version of docker is 0.8 and due to heavy pace of development, it is still advised not be used in production (yet). Although some companies are already using docker in production and offering services based on it. Since docker stands on the giant shoulders of LXC, production release 1.0 of LXC might result in following changes in dockers.

  • Its most likely docker will incorporate all the changes from upstream LXC 1.0 in coming months andbe production ready. Docker version 1.0 is just round the corner.
  • Better security for docker containers - Support for fully unprivileged containers will help docker to offer better isolation of running containers and secure resource access from running containers to the host and other containers.
  • API bindings for GO will help Docker to implement LXC driver code using the API, instead of using userspace command line tools provided by LXC (currently Docker uses tools like lxc-start, lxc-attach instead fo relying on API’s provided by LXC).
  • Flexible backingstore systems support will help docker in supporting btrfs, zfs, lvm by leveraging LXC code directly instead of separate implementation. In docker 0.8 btrfs support is experimental and zfs support is in development, with LXC 1.0 docker will be able to support btrfs and zfs in next release.
  • Reduction of command set will help reduce complexity of docker.
  • Centrally generated images will help implementing better docker registry and index.

All of the above are just my personal views on the evolution of docker based on LXC 1.0 and does not represent the views and roadmap of docker or LXC projects. If you need more details on future development of docker please check the projects blog post Getting to Docker 1.0 [3]. I wrote this just out of my personal interest in docker and LXC.

Footnotes

[1]Linux Containers
[2]LXC 1.0: Blog post series
[3]Getting to Docker 1.0