> Improved Application Performance and Isolation. Run applications in isolated and secure lightweight containers utilizing SELinux and resource management. Linux containers provide a method of isolating a process and simulating its environment inside a single host. It provides application sandboxing technology to run applications in a secure container environment, isolated from other applications running in the same host operating system environment. Linux containers are useful when multiple copies of an application or workload need to be run in isolation, but share environments and resources. [1]
Looks like there is a major shift in that they will support containers out of the box now. Hopefully we will see some type of GUI to create containers and manage cgroups. There has also been major effort assigned to getting containers working with OpenStack and Docker. You can manually download/compile LXC today, on RHEL 6.4, but it seems like a bit of a hack, since you need to figure out networking and LVM on your own, never mind building base container images. Should be interesting.
I’m not sure what Systemd version they’ll end up shipping though.
The best part about Systemd is that the default framework for launching and monitoring services is essentially LXC without the padding (extra PID0 etc). This means every service can benefit and there’s no need for the unnecessary abstraction (the container) and all the (mental not necessary performance) overhead that goes with it.
Needless to say, I’m quite excited about what is happening on Linux nowadays :)
systemd-nspawn isn't recommended for production use. I can't tell you why that is, but if you search for it, you'll find a few places where Lennart Poettering recommends libvirt-lxc for deployment (which is completely unrelated to the other "LXC" project).
This means every service can benefit and there’s no need for the unnecessary abstraction
Of course you could run software on bare metal ;-) But containers are a nice way to ship whole projects including the dependencies. Especially if you deploy to lots of machines.
There's significant effort underway in the Docker community to get libvirt as a viable execution engine for Docker. Very similar to how you can choose between AUFS and LVM.
Exactly - if they support and test LXC now, and the market demands Docker a year into the lifecycle (RH generally don't add features between major releases, so it'd have to be worth it for them), it's still doable as it's a userspace addition.
Yeah, I have been doing some research for an upcoming screencast, and this type of idea is called Operating system-level virtualization [1], and there is a fairly good table with the various OS's and their take on OS-level virtualization. E.g. Solaris Containers, FreeBSD Jail, OpenVZ, HP-UX Containers, etc.
Thanks. FYI, I just posted this to HN [1]. Seeing as you put in all this effort, you should have people reading it, outside this thread. Looks like you made the front page too!
Looks like there is a major shift in that they will support containers out of the box now. Hopefully we will see some type of GUI to create containers and manage cgroups. There has also been major effort assigned to getting containers working with OpenStack and Docker. You can manually download/compile LXC today, on RHEL 6.4, but it seems like a bit of a hack, since you need to figure out networking and LVM on your own, never mind building base container images. Should be interesting.
[1] https://access.redhat.com/site/sites/default/files/pages/att...