Docker has recently celebrated two years and based on the Docker OpenStack Wiki page “It is expected the driver will return to mainline Nova in the Kilo release.” The driver let you treat a Docker Linux container in the same way you treat a VM. If you wonder what is the difference between the two then you are asking a good question. A VM is an abstraction of physical hardware while a container is an abstraction performed in the operation system. More about that here. You can have an Ubuntu OS container running inside Fedora or Mac OS X or even Windows 8. Confused? I’ll try to help you with that in this blog post.
What is Docker?
Docker is one kind of a Linux container. You can find more information about LXC and other Linux containers here. Think of a lightweight and isolated software entity running inside your OS and sharing the kernel with it. By isolated I mean a software entity with its own network, users, PID and more. By sharing kernel I mean a software entity that piggybacking (or relying on) the kernel in its host whether it’s Linux, Mac OS X or Windows. The last two are available by installing boot2docker that provide the kernel to the host OS.
Containers rely on cgroups and namespaces Linux technologies. cgroups (abbreviated from control groups) is a Linux kernel feature that provides isolation to resources (CPU, memory, disk I/O, network). In that respect running the
top command will show different results inside a container than running the same command outside of the container, on the host machine.
Namespaces are isolation areas. For example Neutron uses network namespaces for routers and dhcp servers running in the network node. Running
ip netns will show what network namespaces are currently running in our system.
$ ip netns qdhcp-4a04382f-03bf-49a9-9d4a-35ab9ffc22ad qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f
route -n will show different results in a network namespace than running the same command on the host machine. That said, running the
ps command to check the current processes running in our systems will show same results in a network namespace as in the host machine due to isolation being only in the networking aspect.
Docker takes advantage of several namespaces to provide isolation from the host machine. Inside a Docker container you’ll have different process trees, network, user IDs and mounted file systems than in the host machine. Docker requires kernel 3.8 as its minimum. To check out if your kernel is ready you may want to run the the
lxc-checkconfig command. See the output below for kernel 3.13.0:
ubuntu@docker-instance1:~$ lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.13.0-46-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled
Now that you have more understanding of what Docker is all about let’s get down to business. In my next blog post I’ll describe basic usage of Docker.