LXC is the new container virtualization technology of the Linux world. It’s free, it’s fast and it’s open source. Although it’s meant to replace OpenVZ, it’s not quite there yet.
Despite this fact LXC is an immensely useful tool to run various applications in mostly separated environments. As with all new technology, no in-depth documentation exists to date, so bear with me as I endeavor to show you how it is all put together.
How do you limit a group of processes on Linux? – The classic answer to that is: you don’t. The reason for that is simple. Linux’ historical resource limiting solution – ulimit – works on a process level. If you start a new process, that process has limits of it’s own, which is the direct explanation for the fork bomb’s effectiveness.
Unbeknownst to a lot of sysadmins however, Linux has a new toy to play with: control groups. As you might have guessed these are groups of processes, which limits can be applied to as a whole. How do they work? Bear with me and I’ll show you…
LXC (Linux Containers) is the new flagship of container-based virtualization on Linux. Although being around for quite some time, LXC is still not feature complete which leads to many people still using OpenVZ. Mostly based on Michael Renner’s work, here are the features that are missing and those already complete in a nice overview. The data represented here takes Ubuntu 12.04 as a basis, as it is the distribution that supports LXC best.
Looking for an LXC vs. OpenVZ lineup? Read my side by side comparison!
After a few nights trying to get the OpenVZ kernel patch properly applied and compiled on Ubuntu 12.04 I decided to give LXC a shot. Although I finally got OpenVZ to work, I wasn’t really satisfied with the results. My main problem was, that the kernel version was quite old and there are some features in the newer kernels I really need. As my last information on LXC was it still being quite experimental, so I wasn’t expecting much. Boy, was I in for a surprise…