Amolith
/
secluded
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

further progress on LXD post

This commit is contained in:
Amolith 2023-08-23 21:51:27 -04:00
parent 8582acb440
commit 1a7e566d5b
Signed by: Amolith
GPG Key ID: 8AE30347CE28D101
1 changed files with 58 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
content/posts/lxd-containers-for-human-beings.md
View File

@ -88,23 +88,17 @@ issue instructions to the CPU, etc.
[vb]: https://www.virtualbox.org/
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
direction: up
hk: Host kernel
hk.1h: Type 1 hypervisor
k1: Guest kernel
k2: Guest kernel
k3: Guest kernel
os1: Guest OS
os2: Guest OS
os3: Guest OS
app1: Many apps
app2: Many apps
app3: Many apps
app1 <- os1 <- k1 <- hk
app2 <- os2 <- k2 <- hk
app3 <- os3 <- k3 <- hk
hk.h: Type 1 hypervisor
hk.h.k1: Guest kernel
hk.h.k2: Guest kernel
hk.h.k3: Guest kernel
hk.h.k1.os1: Guest OS
hk.h.k2.os2: Guest OS
hk.h.k3.os3: Guest OS
hk.h.k1.os1.app1: Many apps
hk.h.k2.os2.app2: Many apps
hk.h.k3.os3.app3: Many apps
```
### Type 2 hypervisors
@ -114,59 +108,58 @@ hypervisors have to first go through the operating system, adding an additional
layer to the stack.
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
direction: up
hk: Host kernel
os: Operating system
os.2h: Type 2 hypervisor
k1: Guest kernel
k2: Guest kernel
k3: Guest kernel
os1: Guest OS
os2: Guest OS
os3: Guest OS
app1: Many apps
app2: Many apps
app3: Many apps
os <- hk
app1 <- os1 <- k1 <- os
app2 <- os2 <- k2 <- os
app3 <- os3 <- k3 <- os
hk.os: Host OS
hk.os.h: Type 2 hypervisor
hk.os.h.k1: Guest kernel
hk.os.h.k2: Guest kernel
hk.os.h.k3: Guest kernel
hk.os.h.k1.os1: Guest OS
hk.os.h.k2.os2: Guest OS
hk.os.h.k3.os3: Guest OS
hk.os.h.k1.os1.app1: Many apps
hk.os.h.k2.os2.app2: Many apps
hk.os.h.k3.os3.app3: Many apps
```
## Containers
As most people know them right now, containers are exclusive to Linux.[^1] This is
because they use namespaces and cgroups to achieve isolation.
- **[Linux namespaces]** partition kernel resources like process IDs, hostnames,
user IDs, directory hierarchies, network access, etc.
- **[Cgroups]** limit, track, and isolate the hardware resource use of a set of
processes
[Linux namespaces]: https://en.wikipedia.org/wiki/Linux_namespaces
[Cgroups]: https://en.wikipedia.org/wiki/Cgroups
### Application containers
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
# Application containers
| { near: top-center }
Host kernel.Container runtime.c1: Container
Host kernel.Container runtime.c2: Container
Host kernel.Container runtime.c3: Container
direction: up
Host kernel -> Hypervisor
Hypervisor -> One app
Hypervisor -> Few apps
Hypervisor -> Full OS -> Many apps
Host kernel.Container runtime.c1.One app
Host kernel.Container runtime.c2.Few apps
Host kernel.Container runtime.c3.Full OS.Many apps
```
### System containers
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
# System containers
| { near: top-center }
direction: up
os1: Full OS
os2: Full OS
os3: Full OS
app1: Many apps
app2: Many apps
app3: Many apps
Host kernel -> os1 -> app1
Host kernel -> os2 -> app2
Host kernel -> os3 -> app3
hk: Host kernel
hk.c1: Container
hk.c2: Container
hk.c3: Container
hk.c1.os1: Full OS
hk.c2.os2: Full OS
hk.c3.os3: Full OS
hk.c1.os1.app1: Many apps
hk.c2.os2.app2: Many apps
hk.c3.os3.app3: Many apps
```
## When to use VMs
@ -200,10 +193,10 @@ See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a
{{< adm type="note" >}}
**Note:** the instructions below say to install LXD using [Snap.][snap] I
personally dislike Snap, but LXD is a Canonical product and Canonical is doing
their best to push Snap down everyone's throats ¯\\\_(ツ)\_/¯ One of the first
things the Incus project did was [rip out Snap support,][rsnap] and I can't wait
until they have proper `.deb`s 😁
personally dislike Snap, but LXD is a Canonical product and they're doing their
best to prmote it as much as possible. One of the first things the Incus project
did was [rip out Snap support,][rsnap] so it will eventually be installable as a
proper native package.
[snap]: https://en.wikipedia.org/wiki/Snap_(software)
[rsnap]: https://github.com/lxc/incus/compare/9579f65cd0f215ecd847e8c1cea2ebe96c56be4a...3f64077a80e028bb92b491d42037124e9734d4c7
@ -222,3 +215,5 @@ until they have proper `.deb`s 😁
### Usage
{install my URL shortener}
[^1]: Docker containers on Windows and macOS actually run in a Linux VM.