This article is for those who are just starting to use Linux containers and Docker. I've put together a rough overview to help you understand containers that are hard to reach if you haven't touched them.
Since it is long, I wrote it in two parts: Introduction to Linux Container / Docker (Part 2).
A container is simply a technology that isolates an application from the host OS. Create an isolated space in the Linux OS and create an environment that can operate without interfering with processes in other containers or processes on the host OS. At the same time, a clean environment can be provided by creating an environment separate from the existing host OS.
Before we dive into the details of containers, let's start with Linux. The word Linux has two meanings: a "Linux kernel" in a narrow sense and a "Linux distribution" in a broader sense.
The kernel is the core part of the OS and performs basic process management and memory management. The kernel is common to all Linux operating systems.
The Linux kernel alone cannot be installed directly on a PC or server. A "Linux distribution" is a package of various drivers, libraries, and applications required to interact with HW.
Example:
** ⇒Although it looks different, all Linux operating systems use the same Linux kernel. ** (Of course, the version is different)
LXC is a tool for creating a container environment using the functions of the Linux kernel. It mainly uses the following kernel functions.
--Namespace… Divide processes and NW resources (virtual NIC, etc.) so that they cannot interfere with each other. --CGroup: Group procells and limit the resources such as CPU and memory that can be used by each.
--In many cases, the library (JDK in this case) on the OS is shared by multiple software. --Some of the libraries and packages included by default are not used --Software that works in one environment does not work in another environment (environmental difference)
--All dependent packages should be in the container, and vice versa. --It works the same on any Linux OS that uses the same kernel. --Processes inside the container are isolated by Namespace and cannot interfere outside the container.
** It's easier to understand (I think) to think of a container as an "isolated process" than to think of it as a "compact VM" **
VM ... Emulate hardware and boot OS on it Container ... Apparently quarantine processes and directories on the same OS
** VMs and containers are similar and different. The approach is exactly the opposite. ** **
VM ... Overhead for emulating hardware and running OS The container ... the entity is just a process running on the host OS, so there is almost no overhead. (*)
VM ... Install and use a lot of software like a physical server Container ... Basically 1 container 1 software. Do not enter unnecessary libraries and commands (*)
ls
and yum
. This can be a little tricky to use.You can see this by using the ps
command inside the container.
Normally, Linux derives a large number of child processes from the init process of PID1, but you can see that PID1 suddenly becomes Apache in the container.
Usually like this. PID1 is init
.
It has the following merits. (Quoted from LXC official website)
Improved security By preventing an application from interfering with other applications, it is possible to reduce the damage caused when the system is invaded.
Improved loose coupling Since applications can be run in one host OS without interfering with each other, changes to one software do not affect other software.
System abstraction The container hides the host OS and hardware, and can create an environment that operates stably in any environment.
--In a container, you can easily create and destroy an application and a set of libraries required to execute it.
--The substance of the container is a directory or process on the host OS separated by Namespace.
--Basically, only the minimum files necessary for operation are put in the container, It is not impossible to use it as a container for the entire distribution.
Continue to Introduction to Linux Container / Docker (Part 2).
Recommended Posts