LXC aka Linux Container: simplicity and reliability
What is LXC? 
The abbreviation stands for Linux Container. This is a container virtualization system that operates within the Linux operating system. What does it mean? With LXC, you can run several completely isolated and independent instances of Linux OS on the same computer. In addition, it is possible to create a reliable cluster of several dozens of servers, when the same container instance runs on several physical machines at once and in the event of a single server failing, the container operation does not stop for a minute. Also, container data is located on several repositories at once; this is implemented by various methods (ceph). In addition to live container migration between cluster nodes, it also makes it possible to further increase the reliability of data storage, flexibly increase the container's disk subsystem within ... well, the limits are practically unlimited — as long as there is enough storage and the storage can be very large, for example, in our case we build storage in several petabyte of information.
A bit about the mechanisms of virtualization
What is the difference between virtual machines and containers? traditional types of virtualization, for example, KVM spend server resources on servicing the virtual environment itself, in the case of a container up to 95% of power is given directly to the container and it works essentially at the host level. We will give the performance measurements of containers later in this article.
Comparison of LXC and KVM
| Lxc | KVM |
|---|---|
| Changing the size of the disk - in the case of the container LXC increase or decrease of the disk is very fast almost on the "fly" | Since KVM is a fully isolated container, changing the size of the disk requires rebooting the virtual machine, just like on a physical server |
| RAM expansion, CPU cores, disk etc. Does not require rebooting, if continuous operation of the virtual machine is required, then the choice is obvious | Any changes to the VPS settings require a reboot. |
| Fast container reload | As mentioned above, KVM requires as much time to restart as a regular server. |
| Quick installation of any image of both the operating system and ready-made templates (OpenVPN, TorrenServer, OpenLDAP, MediaServer, OwnCloud, we have more than 100 different templates for all occasions) | Ability to install various versions of Windows and FreeBSD from both templates and from its own ISO |
| Creating your own internal network between containers | Creating your own internal network between containers |
In fact, LXC is not a complete virtualization system. There is no virtual hardware environment as such, but it creates a secure, isolated space. LXC is distinguished by high functionality, compactness and flexibility in terms of resources, extraordinary efficiency, and ease of use. With this mechanism you can create a data center consisting of several containers for various purposes. As an example, we configure one container as a router and the firewall is located in the DMZ –web segment, mail server and file server.
Creating a container on the example of our hosting
So let's proceed to the order ( link to the basket ) - choose the host name, password for root, CPU, RAM and disk parameters, then go to the template for the container and click "Next", for the tests we did the promo code HelloHabr, which will allow the month test for free. Next, register in the billing and if something went wrong create a request to the support. Go to the client office, select the newly created container and proceed to the tests. What access possibilities are offered to us in your personal account - the simplest is the noVNC console that allows you to manage the container directly from the browser:
... further SPICE console - is a display system (rendering) of a remote display, built for a virtual environment, which allows you to view the virtual "desktop" of the computing environment not only on the machine on which it is running, but also from anywhere via the Internet (from wiki ), also in the Backup section we can make both an instant snapshot of the container, and a full backup of the virtual machine, it is possible to choose both the type of archive and the type of copy.
We can also set up tasks for Backup that will be executed on a specific schedule with an alert to email.
I would also like to mention one more convenient option - configuring the firewall is indirectly from the browser, which is very convenient for those who do not own the fine settings of the firewall in Linux. Everything is very convenient for both experienced administrators and beginners alike.
Performance testing
I took the initial configuration for the tests and now I want to see how much it suffices for simple tasks, I will test the performance using the unixbench package, first add the missing packages
apt-get install build-essential libx11-dev libgl1-mesa-dev libxext-dev then download the unixbench itself and start testing -
cd /tmp/ wget https://github.com/kdlucas/byte-unixbench/archive/master.zip unzip master.zip and run
./Run We wait while unixbench will test the container and we admire result
BYTE UNIX Benchmarks (Version 5.1.3) System: test: GNU/Linux OS: GNU/Linux -- 4.4.59-1-pve -- #1 SMP PVE 4.4.59-87 (Tue, 25 Apr 2017 09:01:58 +0200) Machine: x86_64 (unknown) Language: en_US.utf8 (charmap="ANSI_X3.4-1968", collate="ANSI_X3.4-1968") CPU 0: Intel(R) Xeon(R) CPU E5649 @ 2.53GHz (5076.7 bogomips) Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization 09:14:27 up 33 min, 2 users, load average: 0.23, 0.06, 0.06; runlevel Jun ------------------------------------------------------------------------ Benchmark Run: Tue Jun 13 2017 09:14:28 - 09:42:27 24 CPUs in system; running 1 parallel copy of tests Dhrystone 2 using register variables 29175436.4 lps (10.0 s, 7 samples) Double-Precision Whetstone 3707.9 MWIPS (8.9 s, 7 samples) Execl Throughput 4656.0 lps (30.0 s, 2 samples) File Copy 1024 bufsize 2000 maxblocks 874980.2 KBps (30.0 s, 2 samples) File Copy 256 bufsize 500 maxblocks 243115.0 KBps (30.0 s, 2 samples) File Copy 4096 bufsize 8000 maxblocks 1778945.2 KBps (30.0 s, 2 samples) Pipe Throughput 1587733.6 lps (10.0 s, 7 samples) Pipe-based Context Switching 273143.4 lps (10.0 s, 7 samples) Process Creation 11873.0 lps (30.0 s, 2 samples) Shell Scripts (1 concurrent) 5665.4 lpm (60.0 s, 2 samples) Shell Scripts (8 concurrent) 1061.0 lpm (60.0 s, 2 samples) System Call Overhead 1897076.6 lps (10.0 s, 7 samples) System Benchmarks Index Values BASELINE RESULT INDEX Dhrystone 2 using register variables 116700.0 29175436.4 2500.0 Double-Precision Whetstone 55.0 3707.9 674.2 Execl Throughput 43.0 4656.0 1082.8 File Copy 1024 bufsize 2000 maxblocks 3960.0 874980.2 2209.5 File Copy 256 bufsize 500 maxblocks 1655.0 243115.0 1469.0 File Copy 4096 bufsize 8000 maxblocks 5800.0 1778945.2 3067.1 Pipe Throughput 12440.0 1587733.6 1276.3 Pipe-based Context Switching 4000.0 273143.4 682.9 Process Creation 126.0 11873.0 942.3 Shell Scripts (1 concurrent) 42.4 5665.4 1336.2 Shell Scripts (8 concurrent) 6.0 1061.0 1768.3 System Call Overhead 15000.0 1897076.6 1264.7 ======== System Benchmarks Index Score 1372.3 ------------------------------------------------------------------------ Benchmark Run: Tue Jun 13 2017 09:42:27 - 10:10:50 24 CPUs in system; running 24 parallel copies of tests Dhrystone 2 using register variables 28791897.2 lps (10.1 s, 7 samples) Double-Precision Whetstone 3650.7 MWIPS (9.0 s, 7 samples) Execl Throughput 4573.6 lps (29.9 s, 2 samples) File Copy 1024 bufsize 2000 maxblocks 899496.3 KBps (30.0 s, 2 samples) File Copy 256 bufsize 500 maxblocks 243438.3 KBps (30.0 s, 2 samples) File Copy 4096 bufsize 8000 maxblocks 1960457.7 KBps (30.0 s, 2 samples) Pipe Throughput 1588441.9 lps (10.1 s, 7 samples) Pipe-based Context Switching 221247.7 lps (10.0 s, 7 samples) Process Creation 10910.9 lps (30.0 s, 2 samples) Shell Scripts (1 concurrent) 8683.0 lpm (60.1 s, 2 samples) Shell Scripts (8 concurrent) 1088.9 lpm (60.8 s, 2 samples) System Call Overhead 1899698.1 lps (10.1 s, 7 samples) System Benchmarks Index Values BASELINE RESULT INDEX Dhrystone 2 using register variables 116700.0 28791897.2 2467.2 Double-Precision Whetstone 55.0 3650.7 663.8 Execl Throughput 43.0 4573.6 1063.6 File Copy 1024 bufsize 2000 maxblocks 3960.0 899496.3 2271.5 File Copy 256 bufsize 500 maxblocks 1655.0 243438.3 1470.9 File Copy 4096 bufsize 8000 maxblocks 5800.0 1960457.7 3380.1 Pipe Throughput 12440.0 1588441.9 1276.9 Pipe-based Context Switching 4000.0 221247.7 553.1 Process Creation 126.0 10910.9 865.9 Shell Scripts (1 concurrent) 42.4 8683.0 2047.9 Shell Scripts (8 concurrent) 6.0 1088.9 1814.9 System Call Overhead 15000.0 1899698.1 1266.5 ======== System Benchmarks Index Score 1399.9 Some advertising
I would also like to remind you about our dedicated servers with protection against DDIS attacks.
Now you can order a 2x Intel Xeon E5540 with 32Gb ECC DDR3 RAM with full protection and a 240Gb SSD for only 3127 rubles. Also always available Intel Core i7-7700 from 3769 rub
For additional discounts in your personal account
')
Source: https://habr.com/ru/post/330794/
All Articles