The power of linux containers

Published: 2017-06-03

I am a long-time user of virtualisation solutions. I have been doing it for over 12 years by this point, and I've seen alot of different solutions come and go over the years. All that they had in common, was, that they took up space and memory. Usually, you had to calculate double the memory that was used inside the guest os for one machine.

I am a long-time user of virtualisation solutions. I have been doing it for over 12 years by this point, and I've seen alot of different solutions come and go over the years.

All that they had in common, was, that they took up space and memory. Usually, you had to calculate double the memory that was used inside the guest os for one machine.

Virtualisation still has its place. It is the ultimate solution to run applications on non-local operating systems safely, but things have changed considerably over the past few years.

Once upon a time we had so called chroot or jails, which we put things, mainly single applications into, to secure the “host” from possible attacks on these applications. Typical examples where dns servers, webservers, some peoples even put mail servers into jails. And they where great with running secure shells for friends of you, who wanted to run their irc bouncer in a somewhat safe environment and you did not wanted them to steer around in your text archives.

Not too long ago, we had something comparable, it was called “vz” or “openvz”. These where restricted subsystems, which where rather simple to setup and to manage. Sadly they're also based on a certain set of kernel patches, which fell behind over time. And from a security standpoint, speed standpoint and so many other reasons you want to stay at least half recent with kernel releases.

Modern kernels have had the functionality to run user process virtualisation now for a while. And one of the first rather mature solution in the field was and is called LXC.

I've been running LXC containers for the better part of the past 3 years. I am totally happy with what they're able to do. I usually put up containers by themes or by experiments i am doing. If I want a wiki, I make a container for it. I have my mail server, my dns setup, my weblog (this one right here) , a git repo etc. all inside of containers.

The performance is astonishing. I host my stuff mostly on raspberry pi minipcs. And they perform incredibly well. To paint some picture:

This blog is on one raspberry pi, with 4 other containers, all are being very active with what they're hosting.

More on LXC:

Stephane Graber talking about LXC and one of its major features, the security aspect.