The power of linux containers
I am a long time user of virtualisation solutions. I have been doing it for over 12 years by this point, and I've seen alot of different solutions come and go over the years.
all that they had in common, was, that they took up space and memory. usually you had to calculate double the memory that was used inside the guest os for one machine.
virtualisation still has its place. it is the ultimate solution to run applications on non-local operating systems safely, but things have changed considerably over the past few years.
once upon a time we had so called chroot or jails, which we put things, mainly single applications into, to secure the “host” from possible attacks on these applications. typical examples where dns servers, webservers, some peoples even put mailservers into jails. and they where great with running secure shells for friends of you, who wanted to run their irc bouncer in a somewhat safe environment and you didnt wanted them to steer around in your text archives.
not too long ago, we had something compareable, it was called “vz” or “openvz”. these where restricted subsystems, which where rather simple to setup and to manage. sadly theyre also based on a certain set of kernel patches, which fell behind over time. and from a security standpoint, speed standpoint and so many other reasons you want to stay at least half recent with kernel releases.
modern kernels have had the functionality to run user process virtualisation now for a while. and one of the first rather mature solution in the field was and is called LXC.
I've been running LXC containers for the better part of the past 3 years. I am totally happy with what theyre able to do. I usually put up containers by themes or by experiments im doing. if I want a wiki, I make a container for it. I have my mailserver, my dns setup, my webblog (this one right here), a git repo etc… all inside of containers.
the performance is astonishing. I host my stuff mostly on raspberry pi minipcs. and they perform incredible well. to paint some picture:
this blog, is on one raspberry pi, with 4 other containers, all are being very active with what theyre hosting.
more on LXC:
Stephane Graber talking about LXC and one of its major features, the security aspect.