Amolith
/
secluded
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

further progress on LXD post

This commit is contained in:
Amolith 2023-08-23 21:51:27 -04:00
parent 8582acb440
commit 1a7e566d5b
Signed by: Amolith
GPG Key ID: 8AE30347CE28D101
1 changed files with 58 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
content/posts/lxd-containers-for-human-beings.md
View File

@ -88,23 +88,17 @@ issue instructions to the CPU, etc.
[vb]: https://www.virtualbox.org/ [vb]: https://www.virtualbox.org/
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
direction: up
hk: Host kernel hk: Host kernel
hk.1h: Type 1 hypervisor hk.h: Type 1 hypervisor
k1: Guest kernel hk.h.k1: Guest kernel
k2: Guest kernel hk.h.k2: Guest kernel
k3: Guest kernel hk.h.k3: Guest kernel
os1: Guest OS hk.h.k1.os1: Guest OS
os2: Guest OS hk.h.k2.os2: Guest OS
os3: Guest OS hk.h.k3.os3: Guest OS
app1: Many apps hk.h.k1.os1.app1: Many apps
app2: Many apps hk.h.k2.os2.app2: Many apps
app3: Many apps hk.h.k3.os3.app3: Many apps
app1 <- os1 <- k1 <- hk
app2 <- os2 <- k2 <- hk
app3 <- os3 <- k3 <- hk
``` ```
### Type 2 hypervisors ### Type 2 hypervisors
@ -114,59 +108,58 @@ hypervisors have to first go through the operating system, adding an additional
layer to the stack. layer to the stack.
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
direction: up
hk: Host kernel hk: Host kernel
os: Operating system hk.os: Host OS
os.2h: Type 2 hypervisor hk.os.h: Type 2 hypervisor
k1: Guest kernel hk.os.h.k1: Guest kernel
k2: Guest kernel hk.os.h.k2: Guest kernel
k3: Guest kernel hk.os.h.k3: Guest kernel
os1: Guest OS hk.os.h.k1.os1: Guest OS
os2: Guest OS hk.os.h.k2.os2: Guest OS
os3: Guest OS hk.os.h.k3.os3: Guest OS
app1: Many apps hk.os.h.k1.os1.app1: Many apps
app2: Many apps hk.os.h.k2.os2.app2: Many apps
app3: Many apps hk.os.h.k3.os3.app3: Many apps
os <- hk
app1 <- os1 <- k1 <- os
app2 <- os2 <- k2 <- os
app3 <- os3 <- k3 <- os
``` ```
## Containers ## Containers
As most people know them right now, containers are exclusive to Linux.[^1] This is
because they use namespaces and cgroups to achieve isolation.
- **[Linux namespaces]** partition kernel resources like process IDs, hostnames,
user IDs, directory hierarchies, network access, etc.
- **[Cgroups]** limit, track, and isolate the hardware resource use of a set of
processes
[Linux namespaces]: https://en.wikipedia.org/wiki/Linux_namespaces
[Cgroups]: https://en.wikipedia.org/wiki/Cgroups
### Application containers
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md Host kernel.Container runtime.c1: Container
# Application containers Host kernel.Container runtime.c2: Container
| { near: top-center } Host kernel.Container runtime.c3: Container
direction: up Host kernel.Container runtime.c1.One app
Host kernel.Container runtime.c2.Few apps
Host kernel -> Hypervisor Host kernel.Container runtime.c3.Full OS.Many apps
Hypervisor -> One app
Hypervisor -> Few apps
Hypervisor -> Full OS -> Many apps
``` ```
### System containers
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md hk: Host kernel
# System containers hk.c1: Container
| { near: top-center } hk.c2: Container
hk.c3: Container
direction: up hk.c1.os1: Full OS
hk.c2.os2: Full OS
os1: Full OS hk.c3.os3: Full OS
os2: Full OS hk.c1.os1.app1: Many apps
os3: Full OS hk.c2.os2.app2: Many apps
app1: Many apps hk.c3.os3.app3: Many apps
app2: Many apps
app3: Many apps
Host kernel -> os1 -> app1
Host kernel -> os2 -> app2
Host kernel -> os3 -> app3
``` ```
## When to use VMs ## When to use VMs
@ -200,10 +193,10 @@ See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a
{{< adm type="note" >}} {{< adm type="note" >}}
**Note:** the instructions below say to install LXD using [Snap.][snap] I **Note:** the instructions below say to install LXD using [Snap.][snap] I
personally dislike Snap, but LXD is a Canonical product and Canonical is doing personally dislike Snap, but LXD is a Canonical product and they're doing their
their best to push Snap down everyone's throats ¯\\\_(ツ)\_/¯ One of the first best to prmote it as much as possible. One of the first things the Incus project
things the Incus project did was [rip out Snap support,][rsnap] and I can't wait did was [rip out Snap support,][rsnap] so it will eventually be installable as a
until they have proper `.deb`s 😁 proper native package.
[snap]: https://en.wikipedia.org/wiki/Snap_(software) [snap]: https://en.wikipedia.org/wiki/Snap_(software)
[rsnap]: https://github.com/lxc/incus/compare/9579f65cd0f215ecd847e8c1cea2ebe96c56be4a...3f64077a80e028bb92b491d42037124e9734d4c7 [rsnap]: https://github.com/lxc/incus/compare/9579f65cd0f215ecd847e8c1cea2ebe96c56be4a...3f64077a80e028bb92b491d42037124e9734d4c7
@ -222,3 +215,5 @@ until they have proper `.deb`s 😁
### Usage ### Usage
{install my URL shortener} {install my URL shortener}
[^1]: Docker containers on Windows and macOS actually run in a Linux VM.