New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
AFAIK, Docker is built on top of LXC.
Edit: ah I see they have their own thing now
yup, they changed that a while back
So is solusvm adding in LXC support in the next year?
Nope
LXC is the mature solution? :ooooooo
To answer the question, Docker has the traction and the corporate support plus it's got dem features. So it's clear who the winner is.
do you think it's a winner takes all kinda thing? I mean, that would mean that OpenVZ is dead as well?
Docker networking can be a pain if you are trying to use it as a do-everything vps, but I love it for containerizing things behind a proxy or deliberate forward.
I guess it does keep you from exposing stuff you don't intend to.
The issue becomes resolved with a virtual router.
Having not used lxc more than once I'm not sure I can criticize it, but I am highly skeptical that a cage-match style judgement is the right idea here. LXC and Docker are just part of a tool kit and remember our toolbox has KVM and OpenVZ and SmartOS Zones too. You might find yourself running a KVM with Docker or OpenVZ in it for some production projects or you might run docker right on the OS controlling the actual hardware for testing or you might end up net booting a room full of SmartOS servers.
The best case scenario is to know them all and support more than one. Kind of like programming languages. You might love C but then you might need to write a web app and it would just be so much easier to use python/flask to quickly deploy it. It doesn't mean C is bad, it just means you have multiple tools and some fit better than others on different problems.
Imagine if you were a plumber and the only tool you had was a hammer, because it was your favorite tool. How long would you keep that job?
If you are thinking "hey im going to start a hosting company" I'd start by at least offering KVM's as they have the least limitations and then choose another to support.
I'd vote for none of those two. Why? Well, I'm a RHEL guy and use CentOS everywhere, except on development machines, where the newest Fedora Server builds get used.
I recently tried digging into LXC with CentOS. The basic setup was okayish after using the ElRepo Kernel Mainline repository to get a bleeding-edge 4.2 kernel. Setting up a new CentOS 7 container also worked fine, after dealing with a few strange errors that occured due to systemd. Luckily, I was able to get all issues together by stumbling through mailing lists.
Next step ahead: Unprivileged containers. I spend over a day trying to get it to work, but no chance at all. First, I had to modify the container root system a lot - disabling services, editing unit files, setting permissions correctly, ... Whenever I went one step ahead, two more issues came up.
After appending hours of research, I got a container with bridged networking up and running. So much excitement! Wait... Uhm... When pinging a host, the binary gets stuck without any outlut at all... Sending SIGINT then displays the first ping and exits the binary properly. Uhm, what, same thing with traceroute? Hmmm, did I screw up DNS?
Nope, nada. So, time for ltrace - and I was able to see that gethostbyaddr() hangs indefinitely. Next step was using strace - and what a great surprise, my container opens up a socket to communicate with the kernel, more specifically some networking namespace.
And guess what... The kernel doesn't reply, the socket keeps waiting forever. It was driving me nuts, and after searching FOREVER, I found that issue somewhere. It's related to systemd, which messes up something. Can be fixed by an upgrade to v218+... And CentOS 7 has v208 or so per default.
Tried an update, system didn't make it, dead. What a great ride with LXC. Does anyone know similar lightweight technologies, which are like more... businessproof? I'll stick to Xen or KVM until a properly working solution comes up.
So, you might be asking yourself: What about Docker? I hate it's networking concept and the whole storage thingy, the layered FS seems to be totally overcomplicated and messy for usual, mostly static setup. But it's probably good for quickly spinning up test instances.
But if I really have to decide... Docker. Seems more mature so far, better support available due to a huge community and lots of up-to-date articles.
Networking is pluggable, here's one: https://github.com/weaveworks/docker-plugin - You can even tell it to do no networking and roll your own diy solution.
Storage - you use volumes for anything that doesn't need to be in layered fs. Either directly hosted directories or "volume containers".
No. Docker is focus on the enterprise, swarm, micro-services field. Different niche.
It depends what you are selling and who you are selling it to. If you want an OpenVZ alternative then LXC, if you want a more devops oriented containerisation system then Docker.
Yes docker originally used LXC (linuxcontainers.org) but then decided to develop their own container technology libcontainer.
I use LXC and have for several years. Docker is good technology also but really for a different purpose than LXC.
I'd also suggest to look beyond just LXC and see how LXC & LXD are fitting into the overall architectural solution Canonical has been putting together with OpenStack, the new OpenStack Neutron LXD plugin (nclxd) that will allow OpenStack to use LXD to deploy & manage LXC contrainers either locally or remotely.
Then how all that (LXD/LXC, OpenStack etc) fits with the work on Juju as a service orchestration tool.
I think this github can give you some ideas of whats coming with 16.04 Ubuntu release.. note the "single installer" mode allows you to install all of OpenStack' services into LXC containers...
https://github.com/Ubuntu-Solutions-Engineering/openstack-installer
Stephane Graber's 10 part blog on the capabilities & features of LXC 1.x is also a great reference:
https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/
This site has quite a few good how-to & guides for LXC including quite a bit about networking LXC containers.
https://www.flockport.com/guides/
Too bad LXC on CentOS isn't up to snuff but I'm not sure that's an LXC issue? Couple that with the introduction of SystemD and I guess there are bound to be some kind of problems but those will disappear over time.
I use Ubuntu and LXC has worked great. Same on Debian (which by the way Proxmox uses & just released its v4.0 converting from OpenVZ to LXC container use).
I've run CentOS containers in my Ubuntu Host which I guess you know using the "-t download" option when creating a container you can install...
centos 6 amd64 default 20151011_02:16
centos 6 i386 default 20151011_02:16
centos 7 amd64 default 20151011_02:16
And in my limited use those CentOS LXC containers worked but then again I was just testing other software that required CentOS at the time.
Anyway, in my mind Docker & LXC/LXD are solving two different problems. One is application oriented and the other is as a lightweight VM alternative to KVM, VIrtualBox etc. for traditional OS use.
You can also run Docker inside LXC containers!
OpenVZ is secure and stable, IMO better than both of them.
For security it seems that currently openvz is better, but LXC seems to be the future as it's included in the kernel.
Has LXC still this problem where it was pretty easy to get root on the host once you were able to gain root access on a container?
Docker is good for testing stuff, moving containers around and installing a dev system. LXC is probably better to set up a server.
Also did read this in another thread:
Don't know what it's worth? Might be pretty good and light to isolate processes...
Oh Noes... Not even more systemd stuff... ;-)
(Not so much based on technical aspects. I just don't like Poettering's phiz.)
@NeoXiD,
just came over this thread, and just couldn't let go sharing my experience too.
I also started to curiously to test LXC on CentOS 7 with vanilla kernel etc and it worked to some degree. I didn't test running unprivileged containers, but that's a must for hosting environment.
For my purpose, i need to find an alternative to KVM guests, they are too heavy. So what i ended up with was systemd-nspawn, which i had never heard about nor used until this summer. Now only problem was seemingly the ability to run macvtap networking, and for that i had to install the following from COPR:
systemd.x86_64 219-8.el7.centos @lnykryn-systemd
systemd-libs.x86_64 219-8.el7.centos @lnykryn-systemd
systemd-networkd.x86_64 219-8.el7.centos @lnykryn-systemd
systemd-resolved.x86_64 219-8.el7.centos @lnykryn-systemd
systemd-sysv.x86_64 219-8.el7.centos @lnykryn-systemd
So now i'm happily running my MariaDB server on a systemd-nspawn container, but privileged. IIRC, unprivileged support is coming soon to nspawn. And when that support lands for CentOS 7, IMHO, there is no need to look at anything else to run lightweight containers as nspawn backed by Redhat and lennart poettering. Now i only wish there was a good working FOSS container web panel to manage it, something like HyperVM but with support for nspawn.
Using machinectl to manage the container, it's pretty wonderful.
Could have written much about my experience, but sorry i'm time constrained these days..
Solus will be supporting whatever Parallels does with CentOS 7. It's called Virtuozzo core and I believe it supports OpenVZ and KVM simultaneously like Proxmox. Also sounds like the this next iteration of OpenVZ will use a lot more features already in the mainline Kernel. Basically moving closer towards what Docker and LXC are doing. They are adding OpenVZ features into Libvirt so there is a lot of work going on there as well.
Here are links to show that I am an expert on the subject because I spent a few seconds doing a google search.
http://openvz.livejournal.com/49158.html
https://github.com/OpenVZ/vzkernel
I feel like I am missing something with Docker
Like what? A purpose? Seems the only people excited about it are application developers. I just spin up a VPS if I want to test an application. I don't get any limitations that way. Don't need the portability so I haven't found a use for it.
People talking about it as a very good app, and I haven't tested it. I have switched from OVZ to LXC and works good, but I don't know if it suits my needs
I've used LXC but recently switched to Docker. I feel that the docker is more stable package thank LXC. By stable I mean the comfy for the developer. Not system stability. When you're not doing sys admin task and only developing a thing (yeah... thing) Docker would allow you to spin up something quickly.
Also I can see that the Docker is very active on development. Seems like they're going to give some great features in near future as more and more developers are starting to use it.
After using lxc (through LXD tools), never going back to OpenVZ. LXD installs on a 14.04 Ubuntu base, and configures most of the basic stuff automatically (yes, unprivileged containers too). Has been extremely stable and I really like its cli. Don't try using lxc directly though, nothing but frustration. I don't care much for CentOS, so I can't comment on that.
Snapshots, Images, VM transfer between lxd hosts(live migration coming soon), runs on any of the newer kernels, etc. Don't get me wrong, openvz is probably more stable/reliable and feature rich right now, but the 2.6x kernel and some kernel module access problems make me sad (like trying to install ufw).
Docker has always felt half-assed to me. Adding as many shiny things as possible as fast as possible to woo the crowd, but not really caring about long-term stability, usability, consistency, or pretty much anything beyond what they can sell to the Silicon Valley developer crowd.
The core goal seems to be "raising another round of funding", every time, all the time. If I read articles like this one or this one, that image is only confirmed further. Those are recent articles, too.
I'm much happier about the prospects of LXC, which is not subject to the wishes and desires of a single vendor (who has a conflict of interest), but is developed by many parties, and incorporated into the Linux mainline kernel - with its individual components (eg. cgroups) usable as well, without necessarily needing to use the entire stack.
Does LXD could add a vulnerability or something or does it just makes the process easier? (Never tried it, but did find quite easy to use LXC, the only problem being that it can be weak right now from an isolation perspective)
If you do need a huge ton of automation, Docker. If you just need stability and easy of management, LXD. Use AUFS with Docker and LXCFS with LXC/LXD.
Last I heard LXC/LXD was a far cry from what OpenVZ can do and not really production ready. OpenVZ is openly supporting LXC features though so it's not a competive thing as far as I can tell. If anything it sounds like they are converging.
So anyone saying LXD rules and OpenVZ sucks is probably just more Ubuntu fanboy nonsense or new shiny object syndrome.
Good job complaining about something nobody in this thread actually said.
Thanks for mentioning that. Just grab a new server and get things working, I'm pretty happy with the nspawn.