Book Image

Containerization with LXC

Book Image

Containerization with LXC

Overview of this book

In recent years, containers have gained wide adoption by businesses running a variety of application loads. This became possible largely due to the advent of kernel namespaces and better resource management with control groups (cgroups). Linux containers (LXC) are a direct implementation of those kernel features that provide operating system level virtualization without the overhead of a hypervisor layer. This book starts by introducing the foundational concepts behind the implementation of LXC, then moves into the practical aspects of installing and configuring LXC containers. Moving on, you will explore container networking, security, and backups. You will also learn how to deploy LXC with technologies like Open Stack and Vagrant. By the end of the book, you will have a solid grasp of how LXC is implemented and how to run production applications in a highly available and scalable way.

Related Content you might be interested in

Current Title:

Small book image
Containerization with LXC
Feb, 2017 | 352 pages
Small book image
KVM Virtualization Cookbook
Konstantin Ivanov
Jun, 2017 | 340 pages
Small book image
OpenStack Bootcamp
Vinoth Kumar Selvaraj
Nov, 2017 | 302 pages
Small book image
Troubleshooting Docker
John Wooten | Rajdeep Dua | Vaibhav Kohli
Mar, 2017 | 290 pages
Table of Contents (17 chapters)
Containerization with LXC
Containerization with LXC
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Dedication
Dedication
Preface
Preface
Free Chapter
1
Introduction to Linux Containers
Introduction to Linux Containers
The OS kernel and its early limitations
The case for Linux containers
Linux namespaces – the foundation of LXC
Summary
2
Installing and Running LXC on Linux Systems
Installing and Running LXC on Linux Systems
Installing LXC
Building and manipulating LXC containers
Summary
3
Command-Line Operations Using Native and Libvirt Tools
Command-Line Operations Using Native and Libvirt Tools
Using the LVM backing store
Using the Btrfs backing store
Using the ZFS backing store
Autostarting LXC containers
LXC container hooks
Attaching directories from the host OS and exploring the running filesystem of a container
Freezing a running container
Limiting container resource usage
Building and running LXC containers with libvirt
Summary
4
LXC Code Integration with Python
LXC Code Integration with Python
LXC Python bindings
Libvirt Python bindings
Vagrant and LXC
Putting it all together – building a simple RESTful API to LXC with Python
Summary
5
Networking in LXC with the Linux Bridge and Open vSwitch
Networking in LXC with the Linux Bridge and Open vSwitch
Software bridging in Linux
Connecting LXC to the host network
Summary
6
Clustering and Horizontal Scaling with LXC
Clustering and Horizontal Scaling with LXC
Scaling applications with LXC
Summary
7
Monitoring and Backups in a Containerized World
Monitoring and Backups in a Containerized World
Backing up and migrating LXC
Monitoring and alerting on LXC metrics
Simple autoscaling pattern with LXC, Jenkins, and Sensu
Summary
8
Using LXC with OpenStack
Using LXC with OpenStack
Deploying OpenStack with LXC support on Ubuntu
Summary
LXC Alternatives to Docker and OpenVZ
LXC Alternatives to Docker and OpenVZ
Building containers with OpenVZ
Building containers with Docker
Running unprivileged LXC containers
Summary

The OS kernel and its early limitations

The current state of Linux containers is a direct result of the problems that early OS designers were trying to solve – managing memory, I/O, and process scheduling in the most efficient way.

In the past, only a single process could be scheduled for work, wasting precious CPU cycles if blocked on an I/O operation. The solution to this problem was to develop better CPU schedulers, so more work can be allocated in a fair way for maximum CPU utilization. Even though the modern schedulers, such as the Completely Fair Scheduler (CFS) in Linux do a great job of allocating fair amounts of time to each process, there's still a strong case for being able to give higher or lower priority to a process and its subprocesses. Traditionally, this can be accomplished by the nice() system call, or real-time scheduling policies, however, there are limitations to the level of granularity or control that can be achieved.

Similarly, before the advent of virtual memory, multiple processes would allocate memory from a shared pool of physical memory. The virtual memory provided some form of memory isolation per process, in the sense that processes would have their own address space, and extend the available memory by means of a swap, but still there wasn't a good way of limiting how much memory each process and its children can use.

To further complicate the matter, running different workloads on the same physical server usually resulted in a negative impact on all running services. A memory leak or a kernel panic could cause one application to bring the entire operating system down. For example, a web server that is mostly memory bound and a database service that is I/O heavy running together became problematic. In an effort to avoid such scenarios, system administrators would separate the various applications between a pool of servers, leaving some machines underutilized, especially at certain times during the day, when there was not much work to be done. This is a similar problem as a single running process blocked on I/O operation is a waste of CPU and memory resources.

The solution to these problems is the use of hypervisor based virtualization, containers, or the combination of both.

Previous Section
End of Section 2
Next Section