Shulou(Shulou.com)05/31 Report--

This article will explain in detail what is the main difference between LXC and Docker. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

An overview of both

Container technology runs independently and encapsulates the application workload from the host system. Think of a container as an operating system in a host operating system that can install and run applications. For practical purposes, it is like a virtual machine.

The LXC project provides a minimum sample of container operations for different configurations and user-space applications to manage the container life cycle. This feature of the LXC project and the Linux kernel enable the impersonation mechanism to be enabled normally.

Portability

Container technology decouples the application from the host operating system, extracts the program and makes it portable on any system that supports LXC. The low-key saying is: very easy to use. Users can run any program in a container on such a raw and minimal library Linux operating system (just like running the LAMP stack in a container).

Because the application and workload are relatively independent, users can run multiple versions of languages, such as PHP,Python,Ruby,Apache, which can coexist and hide in containers. To implement cloud computing, it is as if these examples and workloads can be flexibly moved to other systems, replicated, and quickly configured.

Can't virtual technology do that?

No, virtual technology can also be done, but there will be a certain degree of performance loss, flexibility will also be reduced. Instead of mimicking the hardware level, container technology uses cgroup and namespaces in the Linux kernel to create a portable, near-bare-metal virtual operating system environment. Because it is not virtualized storage, container technology does not care about the underlying storage or file system, but where you put it and where it operates.

This fundamentally changes how we virtualize workloads and applications, because containers are faster, more convenient and more efficient than hardware virtualization, except that their workloads require the operating system, not Linux or a specific Linux kernel version.

So VMWare is over?

Not so fast! Virtual technology is relatively mature, and there are a wide range of tools and ecosystems to support its configuration in different environments. As for workloads, it requires a non-Linux operating system, or only specific core virtualization technologies.

LXC

LXC originated from the development of the Linux kernel by cgroup and namespaces, which supports portable virtual operating system environments (container technology), and Daniel Lezcano and Serge Hallyn did some of its early work, which dates back to 2009 at IBM.

The LXC system provides tools to manage containers, advanced network and storage support, and a wide selection of minimum container operating system templates. It is currently led by a two-person team: Stephane Graber and Serge Hallyn from Ubuntu. LXC is supported by Ubuntu.

How to distinguish between them

The purpose of producing Docker is to minimize the number of programs running in the container, to run only a single program, and to manage the program through Docker.

With Docker, you can configure, network, store, and orchestrate through Docker from underlying applications.

LXC avoids that issue with a normal operating system environment and therefore can quickly replace virtual machines with all applications and tools, as well as any management and orchestration level.

In addition, Docker uses hierarchies to disable storage persistence. LXC supports AUFS hierarchies and overrides, widely supports COW cloning and snapshots with brtfs, ZFS, and LVM Thin, and leaves the choice to the user. Distributed storage in LXC container technology is bundled and installed to reach the host or another container for the user.

Both Docker and LXC set up a default NAT network. In addition, if Docker sets a port to forward to the host, there will be a-p flag, for example, "- p80 80" is 80 forwarded from the host to the container. With NAT, the local host can access the container directly through IP. When external services are needed, they can be easily done through IPtable rules. When external services are consumed, only port forwarding is needed. As to why this is necessary, it is not clear why.

To put things together, Docker gives very little control over IP and host files, so you can't set static IP to the container, which is a bit confusing for IP's task assignment. We need to use the "--Links" flag to connect the container, which adds an entry to the connected container on the / etc/ host.

With LXC, assigning static IP, dynamic IP, using multiple network devices is much easier, you can use the / etc/hosts file, basically there is no limit to using the Linux network stack. Do you want to connect the container on the host? Users use GRE,L2TPV3 or VXLAN to quickly set levels, or any network technology in use.

LXC container technology can run everything that a virtual machine runs seamlessly.

Docker

Docker was released by dotcloud, now Docker, in March 2013. it was originally based on the LXC project to create a single application container. Docker has now developed their own tool to directly use the core namespaces and cgroup: libcontainer.

Layered container

Docker initially built hierarchical containers based on LXC's support for Aufs, because Aufs may not be incorporated into the core, so now support for Brtfs, device mapping and overrides is also added

Docker container technology is made up of a base image, and a layered panel is added when the submission becomes a Docker image. When a mirror is run, its copy is started as a container, and any of its data is temporary until it is committed. Each commit is a separate mirror, so you can start with the mirror.

We have a guide in "how to overwrite with LXC" that describes to users how hierarchical structures work. With federation of file systems such as Aufs or overwrite (they differ in implementation, performance, and support a certain number of lower levels), the lower level is read-only, while the higher level is read and writable at run time. In the container content, it is usually the base operating system, but it is not necessary, while the upper layer panel is up to you to modify.

Although the idea of the layer panel sounds good, the hierarchical file system is still technically immature, and there is an inherent complexity and performance loss when using the layer panel. The "trapped layer panel" is a real example of adventure, which you can take a look at.

Single application container

Docker restricts container technology to running only a single process. Docker's underlying mirror operating system template is not designed to run multiple applications, processes, or services such as init,cron,syslog,ssh.

Let's take a look at the early stuff, which introduces the complexity of day-to-day user scenarios. Because the current architecture, applications, and services are designed for a normal multiprogramming operating system environment, you need to find a way to work in a Docker way or use tools to support Docker.

Take a simple application, such as WordPress. You may need to build three containers to consume each other's services. The PHP container, the Nginx container and the MySQL container plus two containers for persistent data from MysqlDB and WordPress files, respectively. Then install the WordPress file into both PHP-FPM and Nginx with appropriate permissions, and then to make things more exciting, find a way for containers to communicate with each other on the local network without occasional control of the network or Docker daemon setting IP! But we haven't calculated the cron and Email for WordPress account management. Hey!

In order to run multiple programs in Docker, you need a shell script, or a separate program management, such as runit or manager. But the Docker ecosystem sees it as an "anti-pattern", and the entire architecture of Docker is based on a container that runs a single program.

Code base

Docker provides users with public or personal push and pull mirrored databases. This is somewhat similar to Flockport app Store's preparation for users to use containers. In doing so, it is easy for users to share and distribute applications.

Dockerfile

Dockerfile is a script that tells Docker how to create a container from a mirror with a specific application. It is similar to using a specific installed application to create a LXC container through bash scripts.

Distance yourself from LXC

LXC features need to be overloaded by the Docker team to make them available in Docker. For example, LXC now supports unauthorized containers that allow non-root users to create and configure containers, and LXC is now committed to real-time migration and multi-host management. These are great advances for containers and pave the way for better security, multi-tenant workload and virtual parity.

Docker does not support these yet. With the recent libcontainer announcement, it is speculated that the gap between the two will widen.

There is no right or wrong way to run the container. How to use the container mainly depends on the user. The docker method is unique, and it will become a necessary way to customize the path at each stage, so as to find a way to Docker from installing and running the application to complete the task and achieve flexible expansion.

Prospect

Virtual technology is frozen in one state through operating systems and applications, making cloud computing possible and making it easy to transfer from hardware and operating systems. The operating system adds a lot: speed, flexibility and mobility, expanding the potential value.

Docker is good at wrapping containers and overlay file systems into a friendly developer model with dockerfile and submission. Flexible expansion issues such as hosting, monitoring, storage, and networking only make the model complex and fragile when you operate on a separate laptop.

On the other hand, the operating system container is similar to the virtual machine in performance, which makes it easier to use current tools to integrate into normal and distributed systems, without the need to develop any separate tools.

Docker is supported by venture capital and actively enters the market. Many users have heard of container technology in the content of Docker, but they are not clear about the operating system container technology and what they are familiar with. As you can see, users simply want to run the container, just like running a lightweight virtual machine, desperately trying to use the container technology, hierarchical structure and persistent storage of a single application.

If transferring the workload from the virtual machine requires additional engineering effort, then many large users and enterprises will not consider it at all, and after the transfer, it will be incompatible with the network, storage and hosting of their other infrastructure.

This is how LXC is recognized, not stubborn, and it has all the advantages of parallel computing in container technology-a seamless transition from virtual machines to LXC without the need for architects to restructure, which is an incredible value proposition.

This is the end of the article on "what is the main difference between LXC and Docker". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.