Could you pls help me to understand how VMWare VIC actually works?
I'm familiar with Docker, and has very basic overview of CoreOS. Docker is your environment container which increase your app portability, whereas CoreOS is very lightweight Linux system, which has a bare minimum to launch Docker container.
In other hand, there are lots of virtual machines (e.g. VMWare), which are so heavy that humanity had to invent Docker. The only VM's benefit over Docker is that it's more secure.
Questions:
So why trying to put Docker inside virtual machine? In other words, why do you need VIC?
How can virtual machine be "small"? Isn't it a container than?
Why do you need additional layer like Photon OS? Why not just start Docker instances directly from VM. Docker inside OS, OS inside VM sounds like an overhead?
I've played with VIC for sometime and I try to answer your question.
Lets imagine VIC as a docker daemon you can send commands like ps,run etc Usually VIC has lots of resources assigned. When VIC receive a run command it will spawn a new VM with demanded profile. You can provide how much memory and cpu should have assigned via docker arguments. The docker runs in this small VM spawned exclusively for the docker container. So it's grated that each container will run in its own VM. When you stop the container the VM is shut down as well. The VIC has implemented all features of docker so far e.g. volumes, network... except exec command.
Well, it's just design that can be considered as an overhead. VIC creates for each container it's own VM which runs the container. I believe this "a hack" to provide old fashioned VMware tools for docker ecosystem.
Definitely, this is an overhead, but it's nothing significant I suppose. You can have a look into Photon Controller which should be the product without the additional layer. But it has not support for VMware tools yet.
I'd would say it has some pros and cons:
PROS:
VIC spawns new VM automatically with desired cpu and mem profiles
VIC can be controlled via native docker calls
VIC supports other VMware products. Monitoring, storages, networking
CONS:
List item
VIC has some bugs in docker implementation or its not working the same way as native docker. So its hard to integrate it with others systems like mesos, marathon.
VIC supports only 1.23 docker API version
VIC doesn't support exec command
Related
Every Docker image, as I understand, is based on base image - for example, Ubuntu.
And if I want to isolate any process I should deploy ubuntu docker base image (where is difference with Vagrant here?), and create a necessary subimage after it installing on ubuntu image?
So, if Ubuntu is launched on Vagrant and on Docker, where is practice difference?
And if to use docker provider in Vagrant - where here is difference between Vagrant and Docker?
And, in Docker is it possible to isolate processes on some PC without base image without it's sharing to another PC?
Vagrant is a utility to help you automate setting up VMs. Docker is a utility that helps you use containerization in linux.
A virtual machine runs a whole system, and emulates hardware. Containers section off processes in a single running kernel without emulating hardware.
Both a VM and a Docker image may be Ubuntu 14.04, but with the Docker image you don't need to run the whole OS.
For example, if I want to run an nginx container based on ubuntu, I'd end up with only the nginx process running. No upstart/systemd/init is needed. A VM would run an init system, manage its own networking, and run other services as well. The container image approach that uses a linux distro base is mostly for convenience.
It is entirely possible to run Docker containers with very minimal images. A statically compiled binary alone in an image is all you'd need to run a container.
Vagrant : Vagrant is a project that helps the spawning of virtual machines. It started as an command line of VirtualBox, something similar to Gemfile for VM's. You can choose the base image to start with, network, IP, share folders and put it all in a file that anyone can reuse to spawn the same configured machine. Vagrant has different extensions, provisioning options and VM providers. You can run a VirtualBox, VMware and it is extensible enough to be able to create instances on EC2.
Docker : Docker, allows to package an application with all of its dependencies into a standardized unit of software development. So, it reduces a friction between developer, QA and testing. It dynamically change your application, adding new capabilities every single day, scaling out services to quickly changing the problem areas. Docker is putting itself in an excited place as the interface to PaaS be it networking, discovery and service discovery with applications not having to care about underlying infrastructure. Yes, their are still issues with docker in production, but, hopefully, we'll see the solutions to those problems, as docker team and contributors working hard on those issues. As Docker Volume driver allows third-party container data management solutions to provide data volumes for containers which operate on data, such as database, key-value stores, and other stateful applications. The latest version is coming with much more flexibility, complete orchestration build-in, advanced networking, secrets management, etc. As you can see one, rexray, as volume plugin and provides advanced storage functionality. emccode/rexray We're finally starting to agree on more than just images and run time.
I've read that you shouldn't ssh into a docker container. But why? I'd like to use a docker container as a replacement for a normal VM. What are the disadvantages? I know that this will create a lot of layers. But I could flatten my container on a regular base.
Can I use the container as a regular vm and what is the "worst case" that can happen?
Docker containers are optimized around running single processes. Virtual machines are optimized around running entire operating systems.
At a technical level you generally can run something that looks like a full VM inside a Docker container, but it's a lot of hand setup. For instance, a typical systemd setup wants to manage several host devices and kernel-level configuration options, and your choices to run systemd are either (a) let it manage the host and possibly conflict with the host's systemd, or (b) manually figure out which unit files you can't run and disable them. All of the prebuilt Docker images run only single services (just MySQL, just Nginx, just a Python runtime, ...) and so you're also giving up this ecosystem.
A VM certainly gives up some amount of efficiency by virtualizing hardware devices and running multiple OS kernels, but if you really want to run a VM, it's not a huge performance loss; just run a VM if that's the model you want to use.
No you can't use it as a replacement for a VM since you can only have one entrypoint on a docker container. You can not expose multiple services on multiple ports like you would on a regular virtual machine.
Questions
How does lxd provide Full operating system functionality within containers, not just single processes?
How is it different from lxc/docker + wrappers?
Is it similar to a container that is launched with docker + supervisor/wrapper script to contain multiple processes in one container?
In other words:
What can I do with lxd that I cannot do with some wrappers over lxc and docker ?
Why is it available only in ubuntu if they are making use of mainline kernel features (namespaces and cgroup )?
How does lxd provide Full operating system functionality within containers, not just single processes?
Containers are Isolated Linux systems using the cgroups capabilities for limit cpu/memory/network/etc in the Linux kernel, without the need for starting a full virtual machine.
LXD uses the capabilities provided by liblxc (that is based in LXC) and from this comes the capabilities for full OS functionality.
How is it different from lxc/docker + wrappers?
LXD use liblxc from LXC. Docker is more application focused, only the principal process for your app inside the container (using libcontainer now by default, Docker did use liblxc first for this)
Is it similar to a container that is launched with docker + supervisor/wrapper
script to contain multiple processes in one container?
Something similar. The diference between LXD and Docker is that Docker is an application container, LXD is a system container. LXD use upstart/systemd like principal process inside the container and by default is ready to be a full VM environment with very light memory/cpu usage. Yes, you can build your docker with supervisorctl/runit, but you need to do manually this process. You can check how is done in http://phusion.github.io/baseimage-docker/ that do something similar inside a container.
What can I do with lxd that I cannot do with some wrappers over lxc and docker ?
live migrations of containers, use your containers like full virtual machines, precise config for dedicate cpu cores/memory/network I/O for use in your container, run your container process in unprivileged mode (root process inside your container != root process in your host) by default Docker work in privileged mode, only now in Docker 1.10 they implement unprivileged mode but you need to review (and maybe rewrite) your Dockerfiles because many things will not work in unprivileged mode.
LXD and Docker are diferent things. LXD gives you a "full OS" in a container and you can use any deployment tool that works in a VM for deploying applications in LXD. With Docker your application is inside the container and you need diferent tools for deploying applications in Docker and do metric for performance. Docker is designed to run on various OS platforms, like Windows. LXD/LXC can only run on Linux: this is the reason Docker no longer uses LXC as part of its stack.
Why is it available only in ubuntu if they are making use of mainline kernel features (namespaces and cgroup )?
LXD has commercial support from Canonical if is needed, but you can build LXD in Centos 7, ArchLinux (with kernel patched) check https://github.com/lxc/lxd. Gentoo supports LXD now https://wiki.gentoo.org/wiki/LXD.
LXD is based on liblxc, its purpose is to control some lxc with added capabilities, like snapshots or live migration. LXD is linked to LXC and they are OS centered.
Docker is much more application centered, based at the beginning on LXC but now independent from LXC, it can use openvz or whatever. Docker only focuses on application with lib and dependency, not on OS.
look at this for more :
https://www.flockport.com/lxc-vs-lxd-vs-docker-making-sense-of-the-rapidly-evolving-container-ecosystem/
Regards.
LXD works in conjunction with LXC and is not designed to replace or supplant LXC. Instead, it’s intended to make LXC-based containers easier to use through the addition of a back-end daemon supporting a REST API and a straightforward CLI client that works with both the local daemon and remote daemons via the REST API.
LXD is more like docker host.
Every Docker image, as I understand, is based on base image - for example, Ubuntu.
And if I want to isolate any process I should deploy ubuntu docker base image (where is difference with Vagrant here?), and create a necessary subimage after it installing on ubuntu image?
So, if Ubuntu is launched on Vagrant and on Docker, where is practice difference?
And if to use docker provider in Vagrant - where here is difference between Vagrant and Docker?
And, in Docker is it possible to isolate processes on some PC without base image without it's sharing to another PC?
Vagrant is a utility to help you automate setting up VMs. Docker is a utility that helps you use containerization in linux.
A virtual machine runs a whole system, and emulates hardware. Containers section off processes in a single running kernel without emulating hardware.
Both a VM and a Docker image may be Ubuntu 14.04, but with the Docker image you don't need to run the whole OS.
For example, if I want to run an nginx container based on ubuntu, I'd end up with only the nginx process running. No upstart/systemd/init is needed. A VM would run an init system, manage its own networking, and run other services as well. The container image approach that uses a linux distro base is mostly for convenience.
It is entirely possible to run Docker containers with very minimal images. A statically compiled binary alone in an image is all you'd need to run a container.
Vagrant : Vagrant is a project that helps the spawning of virtual machines. It started as an command line of VirtualBox, something similar to Gemfile for VM's. You can choose the base image to start with, network, IP, share folders and put it all in a file that anyone can reuse to spawn the same configured machine. Vagrant has different extensions, provisioning options and VM providers. You can run a VirtualBox, VMware and it is extensible enough to be able to create instances on EC2.
Docker : Docker, allows to package an application with all of its dependencies into a standardized unit of software development. So, it reduces a friction between developer, QA and testing. It dynamically change your application, adding new capabilities every single day, scaling out services to quickly changing the problem areas. Docker is putting itself in an excited place as the interface to PaaS be it networking, discovery and service discovery with applications not having to care about underlying infrastructure. Yes, their are still issues with docker in production, but, hopefully, we'll see the solutions to those problems, as docker team and contributors working hard on those issues. As Docker Volume driver allows third-party container data management solutions to provide data volumes for containers which operate on data, such as database, key-value stores, and other stateful applications. The latest version is coming with much more flexibility, complete orchestration build-in, advanced networking, secrets management, etc. As you can see one, rexray, as volume plugin and provides advanced storage functionality. emccode/rexray We're finally starting to agree on more than just images and run time.
My understanding of Linux Containers (LXC) is that it provides a native hypervisor for Linux systems, similar to Windows' Hyper-V introduced in Windows 8. By "native hypervisor", I mean, the ability for the Linux system to host guest VMs inside of it without having to install any kind of specialized virtualization software.
My understanding of Docker is that it somehow builds on top of LXC, and allows application developers to define:
The exact app stack of a VM/node, including the OS, the exact configuration and tuning of the OS, and any tools or applications installed/configured/deployed to that OS; and
The exact resource requirements for running this VM/node, including CPU requirements, memory/disk/network requirements, load balancing and replication requirements, etc. Docker then figures out what nodes to run the container on, using these declared requirements as its baseline.
So first off, if my understanding of LXC or Docker is mislead at all, please begin by correcting me!
Assuming I'm more or less correct in my understanding, I ask:
What is the relationship between Docker and, say, vmWare or Xen VMs? Does Docker "sit on top" of the virtualization layer? In other words, are there "Docker bindings" for different virtualization platforms (vmWare, Xen, kvm, etc.), and I could take a Docker container for myapp and deploy it to any Docker-ified platform?
What is the relationship between LXC and Docker? Does Docker simply just extend LXC, or is it a similar (but completely separate) concept altogether? If its an extension of LXC, then in what way?
relationship between LXC and Docker, -> docker started using LXC, but since docker 0.9, docker uses libcontainer, and no longer uses lxc-start to start the containers. Compared to LXC, docker offers a REST Api, allows to move images from and to the registry, allows to build using Dockerfiles...