LOCATION

36/7, West Rajiv Nagar
Gurgaon, India
  +91-8431380442
  enquiry@hybridskill.com


91 Springboard
Co-working place 3rd Floor, 175 & 176,
Bannerghatta Main Rd, Dollars Colony
Bengaluru, Karnataka 560076
  +91-8431380442
  enquiry@hybridskill.com

Power of Simplicity Linux Containers



Containers are primary tool for deployment nowadays. Every deployment strategy circles around better use of containerization. There are good reasons for this hype. Container technology is built to improve productivity, security, and better utilization of underlying hardware resources. While the discussion on containers sparks the image of Docker in your mind. The concept of containerization is broader than the Docker itself. Since containerization technology coincides with virtualization. It is very important to be able to distinguish between containerization and virtualization to devise a robust deployment strategy.

Virtualization vs Containerization

Virtualization and Containerization are very different technologies in terms of implementation and application. The objective of virtualization and containerization is to improve the efficiency of environments and utilize hardware resources properly. Virtualization and containerization used at different layers and completely isolated in terms of development. Virtualization uses the hypervisor to create a logical representation of underlining hardware resources. It is used to create software-defined networks, virtual machines, software-defined data centers. You can use VMware, Vagrant, KVM to reduce the hardware cost of your IT infrastructure. It provides agility in rolling out customized environments while making easier to maintain the existing infrastructure in a virtualized environment. Virtualization is facilitating big public cloud providers like Azure, AWS to reduce the cost of operations and offer costly IT infrastructure on a shared tenant basis. On the other hand, Containers uses various kernel modules to provide an isolated environment for applications. By using containers you can package your application with all of its dependencies. Containerization helps to make your software development life cycle agile, efficient, more secure and consistent while deployment.

Containerization is a platform-independent technology. You package your application and deploy it across a different set of platforms. In case of migration you just have to migrate your container without touching your application code. Containerization helps in making the deployment process more predictable and provides more security for the application.

LXC Vs Docker

LXC and Docker both are great containerization tools. Arguably both are very different in design and implementation. LXC project was the first attempt by open source community to create a container technology. Docker was later forked from the LXC project. So it is very important to understand the difference between the two.  A deep understanding of containers can help to devise a more efficient strategy for container deployment. It provides us a clear picture as to what is supposed to be containerized and where we are better off while using virtualization. LXC containers use Kernel features like namespace and cgroup. An LXC container is more near to the VM in design. On the contrary Docker containers are designed appropriately for micro service application-specific containers. Docker container behaves just like an application closely packaged with dependencies. If there is no process is running in Docker than it is exited from running state. LXC containers are more simple and design and yet powerful for providing security. You can configure and install just about anything that you can do with a VM.  Let’s take an example to understand the paradigm of LXC container

LXC and Docker both are great containerization tools. Arguably both are very different in design and implementation. LXC project was the first attempt by open source community to create a container technology. Docker was later forked from the LXC project. So it is very important to understand the difference between the two.  A deep understanding of containers can help to devise a more efficient strategy for container deployment. It provides us a clear picture as to what is supposed to be containerized and where we are better off while using virtualization. LXC containers use Kernel features like namespace and cgroup. An LXC container is more near to the VM in design. On the contrary Docker containers are designed appropriately for micro service application-specific containers. Docker container behaves just like an application closely packaged with dependencies. If there is no process is running in Docker than it is exited from running state. LXC containers are more simple and design and yet powerful for providing security. You can configure and install just about anything that you can do with a VM.  Let’s take an example to understand the paradigm of LXC container

 

Install LXC container

Here I am installing lxc container in a centos machine

yum -y install epel-release

yum -y install debootstrap perl libvirt libcap-devel libcgroup wget bridge-utils

yum -y install lxc lxc-templates lxc-extra

 

Check if our installation is working. Make sure there is no warning here

 lxc-checkconfig

 

We will create a bridge network in the host operating system for LXC containers. Edit /etc/sysconfig/network-scripts/ifcfg-eth0

 

DEVICE=eth0

ONBOOT=yes

TYPE=Ethernet

IPV6INIT=no

USERCTL=no

BRIDGE=br0

 

Now we have to create a file for our newly created bridge connection

/etc/sysconfig/network-scripts/ifcfg-br0

 

DEVICE=br0

TYPE=Bridge

BOOTPROTO=dhcp

ONBOOT=yes

 

By default LXC use /usr/local/share/lxc/templates/ directory to store its default templates. Templates like Ubuntu, Centos, SuSe are available to use out of box. Here we will use the Ubuntu template to spin up an Ubuntu container.  Make sure to copy these username and password credentials for your container.

 

lxc-create -n jumphost -t ubuntu

 

Now we need to start our container

 

lxc-start -n jumphost  -d

 

We can check the state of the container its memory and CPU details by

 

lxc-info -n jumphost

 

We will take the console access of our container. Make sure to provide your username and password as you have copied from above step

 

lxc-console -n jumphost

 

After we get the console access we can go ahead and check IP of our container. We configured our container to take IP from DHCP. Now we will install OpenSSH-server and client package on this machine to use this as a jump host for our host machine.

 

yum install openssh-server openssh-client

 

Now we have to make sure that we can connect with the host machine by ssh. At this point, our host machine’s port 22 is open for the whole world. Now we will configure our host machine to accept ssh connection only from our LXC container. Make sure you create these rule in host machine

 

iptables -A INPUT -p tcp –dport 22 –source 192.168.0.5/24 -j ACCEPT

iptables -A INPUT -p tcp –dport 22 -j DROP

 

We can see our guest LXC container acting as a jumphost server for our host machine. LXC containers are designed very simple and powerful. You can use LXC container for your web server, mail server, etc. You can configure these containers just like any other VM on the machine. It is very different than Docker containers which are made specifically for application perspective. Docker container has layered architecture which is very different from LXC container which is like a VM.



Article by Umesh Upadhyay


Leave a Reply