Power of Simplicity Linux Containers
Containers are primary tool for deployment nowadays. Every deployment strategy circles around better use of containerization. There are good reasons for this hype. Container technology is built to improve productivity, security, and better utilization of underlying hardware resources. While the discussion on containers sparks the image of Docker in your mind. The concept of containerization is broader than the Docker itself. Since containerization technology coincides with virtualization. It is very important to be able to distinguish between containerization and virtualization to devise a robust deployment strategy.
Virtualization vs Containerization
Virtualization and Containerization are very different technologies in terms of implementation and application. The objective of virtualization and containerization is to improve the efficiency of environments and utilize hardware resources properly. Virtualization and containerization used at different layers and completely isolated in terms of development. Virtualization uses the hypervisor to create a logical representation of underlining hardware resources. It is used to create software-defined networks, virtual machines, software-defined data centers. You can use VMware, Vagrant, KVM to reduce the hardware cost of your IT infrastructure. It provides agility in rolling out customized environments while making easier to maintain the existing infrastructure in a virtualized environment. Virtualization is facilitating big public cloud providers like Azure, AWS to reduce the cost of operations and offer costly IT infrastructure on a shared tenant basis. On the other hand, Containers uses various kernel modules to provide an isolated environment for applications. By using containers you can package your application with all of its dependencies. Containerization helps to make your software development life cycle agile, efficient, more secure and consistent while deployment.
Containerization is a platform-independent technology. You package your application and deploy it across a different set of platforms. In case of migration you just have to migrate your container without touching your application code. Containerization helps in making the deployment process more predictable and provides more security for the application.
LXC Vs Docker
LXC and Docker both are great containerization tools. Arguably both are very different in design and implementation. LXC project was the first attempt by open source community to create a container technology. Docker was later forked from the LXC project. So it is very important to understand the difference between the two. A deep understanding of containers can help to devise a more efficient strategy for container deployment. It provides us a clear picture as to what is supposed to be containerized and where we are better off while using virtualization. LXC containers use Kernel features like namespace and cgroup. An LXC container is more near to the VM in design. On the contrary Docker containers are designed appropriately for micro service application-specific containers. Docker container behaves just like an application closely packaged with dependencies. If there is no process is running in Docker than it is exited from running state. LXC containers are more simple and design and yet powerful for providing security. You can configure and install just about anything that you can do with a VM. Let’s take an example to understand the paradigm of LXC container
LXC and Docker both are great containerization tools. Arguably both are very different in design and implementation. LXC project was the first attempt by open source community to create a container technology. Docker was later forked from the LXC project. So it is very important to understand the difference between the two. A deep understanding of containers can help to devise a more efficient strategy for container deployment. It provides us a clear picture as to what is supposed to be containerized and where we are better off while using virtualization. LXC containers use Kernel features like namespace and cgroup. An LXC container is more near to the VM in design. On the contrary Docker containers are designed appropriately for micro service application-specific containers. Docker container behaves just like an application closely packaged with dependencies. If there is no process is running in Docker than it is exited from running state. LXC containers are more simple and design and yet powerful for providing security. You can configure and install just about anything that you can do with a VM. Let’s take an example to understand the paradigm of LXC container
Install LXC container
Here I am installing lxc container in a centos machine
yum -y install epel-release
yum -y install debootstrap perl libvirt libcap-devel libcgroup wget bridge-utils
yum -y install lxc lxc-templates lxc-extra
Check if our installation is working. Make sure there is no warning here
lxc-checkconfig
We will create a bridge network in the host operating system for LXC containers. Edit /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0
Now we have to create a file for our newly created bridge connection
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
By default LXC use /usr/local/share/lxc/templates/ directory to store its default templates. Templates like Ubuntu, Centos, SuSe are available to use out of box. Here we will use the Ubuntu template to spin up an Ubuntu container. Make sure to copy these username and password credentials for your container.
lxc-create -n jumphost -t ubuntu
Now we need to start our container
lxc-start -n jumphost -d
We can check the state of the container its memory and CPU details by
lxc-info -n jumphost
We will take the console access of our container. Make sure to provide your username and password as you have copied from above step
lxc-console -n jumphost
After we get the console access we can go ahead and check IP of our container. We configured our container to take IP from DHCP. Now we will install OpenSSH-server and client package on this machine to use this as a jump host for our host machine.
yum install openssh-server openssh-client
Now we have to make sure that we can connect with the host machine by ssh. At this point, our host machine’s port 22 is open for the whole world. Now we will configure our host machine to accept ssh connection only from our LXC container. Make sure you create these rule in host machine
iptables -A INPUT -p tcp –dport 22 –source 192.168.0.5/24 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j DROP
We can see our guest LXC container acting as a jumphost server for our host machine. LXC containers are designed very simple and powerful. You can use LXC container for your web server, mail server, etc. You can configure these containers just like any other VM on the machine. It is very different than Docker containers which are made specifically for application perspective. Docker container has layered architecture which is very different from LXC container which is like a VM.
