Shulou(Shulou.com)06/02 Report--

What is a container

A container is a basic tool, which generally refers to any tool that can be used to hold other items, can be partially or completely closed, and can be used to hold, store and transport objects; objects can be placed in containers, and containers can protect the contents.

Humans have been using containers for at least 100,000 years.

1. Host-level virtualization

This implementation is to install virtual machine management software on the host, and then virtualize N complete systems, each with its own kernel. There are two types of implementations

Type-I type (install Virtual machine Manager directly on the host, no need to install the operating system on the host)

Xen 、 ESX/ESXI

1.2. Type-II type (Virtual Machine Manager needs to be installed on the host-based operating system)

VMware Workstation 、 kvm 、 VirtualBox

2. Container-level virtualization

Instead of creating a separate kernel for each virtual machine, this implementation isolates six resources on the host kernel through a kernel mechanism (namespaces), and each namespace is a separate container (virtual machine).

Up to now, the container technology in the whole linux field is realized by 6 namespaces, chroot and Cgroups at the kernel level.

2.1 、 Linux Namespaces

CLONE_NEWUTS

IPC

CLONE_NEWIPC semaphores, message queues, and shared memory

2.6.19PIDCLONE_NEWPID process number 2.6.24NetworkCLONE_NEWNET network devices, network stacks, ports and other 2.6.29MountCLONE_NEWNS mount points, file system 2.4.19UserCLONE_NEWUSER

Users and user groups 3.8

The isolation mechanism of containerization technology is implemented by namespaces, while containerization resource allocation is realized at the kernel level through the CGroups mechanism, which divides system-level resources into multiple groups, and then assigns the amount of resources in each group to a specific namespace process.

2.2.1, functions of CGroups

Blkio

Cpu

CPUcpuacct

CPU Resource usage report

Cpuset

There are two ways to dispatch CPU sets on multiprocessor platforms, one is proportion, the other is kernel number devices.

Device access freezer

Suspend or resume task

Memory

Memory usage and report perf_event

Perform unified performance testing of tasks in cgroup

Net_cls

The category identifier of the Datagram created by the task in cgroup

2.3The LXC (Linux Container)

LXC is the first solution to greatly simplify the use of container technology with a set of easy-to-use tools and templates in addition to Vserver. LXC relies on a set of toolkits to help us quickly create namespaces and use templates to install all kinds of files needed internally. At the same time, there are tools that do chroot switching automatically, so multiple parallel user spaces can be used, and each user space, like the virtual machine we used before, is a separate system.

III. The birth of Docker

Although LXC greatly simplifies the use of container technology, it is no less complex than using virtual machines in the past, its isolation is not as good as virtual machines, and it is not convenient for large-scale use and distribution. But the advantage is that it allows every process in user space to directly use the performance of the host without additional overhead. And then came the Docker.

In the early versions of Docker, the core was the second-packaged release of LXC. But through the mirror technology (the components needed by the user space of an operating system are arranged in advance and packaged into a file, image file), the image files are centrally placed in a warehouse. When you need to create a container, Docker invokes LXC's tool lxc-create. Therefore, Docker greatly simplifies the difficulty of using containers. To make the use of the entire container easier to manage, Docker uses a more sophisticated restriction mechanism in which only one process runs in a container. Docker uses hierarchical build and joint mount at the bottom of the image build. This advantage is that it will not be so huge in the future image distribution. You can freely combine images to mount in different environments.

2.3.The replacement of Docker container engine

Docker gets up early is based on the LXC container management engine. When it matured, Docker built a container engine called libcontainer. Later, with the intervention of CNCF, Docker developed an industrial standard container engine, called runC. The new version of Docker is currently used, and the container engine used is RunC.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.