[FoRK] Docker 1.0 was Re: OSX VMs/backup, Re: Dunning-Kruger effect discriminatory environs
sdw at lig.net
Thu Jun 12 05:03:34 PDT 2014
A container isn't a VM, even though it feels like it is. Processes are running on the host OS natively. It is just an extension
of chroot: Certain system calls look at a certain table among a set of tables. The "host" is just the default table. I haven't
looked at the code for a long time, but I believe every involved system call already pays the tiny price to decide whether you
are the "host" or a container even for "native" process system calls.
In other words, containers are effectively free. Additionally, as opposed to a VM, there is no emulation at all, no additional
copy of a kernel and kernel data, completely shared use of buffers, over subscription of memory, text images of processes
running in unrelated containers, etc. All the benefits of running multiple processes on a Linux kernel with strict security and
logical separation of networking, process ID/etc. space, sockets, file systems (chroot), etc.
The main negative is that a process hogging CPU or memory can affect other containers in ways you can prevent more completely
with a VM. However, there is a lot of existing practice managing this as all of the cheap web hosting has been done by
containers for a very long time. The security issues were addressed long ago due to that severe test. In running your own
services on containers, you can decide how to balance CPU cores, load, storage access, memory, etc. You might put 20
lightweight / infrequent services on one machine and just 1 of a heavyweight system role on another. And "machine" can be a raw
machine or a VM.
The power of Docker et al is being able to easily develop, build, and test system configurations more like
edit/compile/debugging for software. We automate complex software builds for a reason. Finally we have that for system
configuration. Since getting certain system administrators to document or knowledge share anything seems to be impossible, this
becomes invaluable fast.
On 6/11/14, 10:16 AM, Gregory Alan Bolcer wrote:
> I'm skeptical. I run Linux, Windows, OSX both natively and virtually. I
> believe commercial production software should be ran as close to the target
> production native OS as possible.
> On Wed, Jun 11, 2014 at 9:44 AM, Stephen Williams <sdw at lig.net> wrote:
>> I'm not the only one who thinks Docker is great. As soon as I saw Docker
>> I was sold. Interesting how when I suggest it to others sometimes they are
>> very skeptical. It is a good opportunity to detect who is ruled by a herd
>> mentality of following accepted paths vs. those who can examine something
>> context free on merits and make a decision for themselves. Well, after
>> noting if they're still running Windows or not. ;-)
>> On 6/10/14, 12:25 PM, Ken Meltsner wrote:
>>> Docker 1.0 is out, including a Mac OS X and Windows version (using
>>> Virtual Box and Boot2Docker to run a minimal Linux image, though --
>>> not native)
>>> The all-in-one Windows installer for the corporate among us is at
>>> https://github.com/boot2docker/windows-installer/releases And now I
>>> have no reason not to try it...
>>> http://boot2docker.io/ Boot2Docker – installs Virtual Box and other
>>> Lots of directions under installation (
>>> https://docs.docker.com/installation/#installation ) for the Linux
>>> distribution of your choice.
>>> Thanks to sdw for recommending it in the first place.
>>> Ken Meltsner
>> FoRK mailing list
Stephen D. Williams sdw at lig.net stephendwilliams at gmail.com LinkedIn: http://sdw.st/in
V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407
AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres
Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer
More information about the FoRK