This blog was originally published for: LinuxAcademy
Hello, Linux Academy community. October has been an exciting month of learning about Cyber Security as part of Cyber Security Awareness month. However, as the month has come to an end, it’s time to check back in with our It’s Okay To Be New: Containers series.
We started our journey learning about the History of Container Technology and then followed it up with getting some hands-on command line time in our Docker Quickstart for Everyone. We were then lucky enough to be joined on our Journey by an amazing Docker Captain by the name of Mike Irwin to discuss what docker is, why we use containers, and understanding namespaces. However, now having a chance to take a step back and look at a journey, I feel that we may have missed a crucial step; discussing Linux Containers (LXC).
On the LXC website, LXC is defined “…as the well-known set of tools, templates, library, and language bindings. It’s pretty low level, very flexible, and covers just about every containment feature supported by the upstream kernel.” Being new to LXC, I had to re-read this definition a few times, and it left me wondering what exactly LXC is.
LXC is a userspace and memory location in which user processes run; the interface allows users to create and manage containers on their systems. For many in the industry, LXC is a middle ground between a chrooted environment and a full-fledged virtual machine. I’ve always found it easier to think of it as operating system level virtualization. In OS virtualization, the goal is not the same as standard hardware virtualization, the goal in is to allow us to create multiple isolated systems on a shared host. These isolated environments are referred to as containers. With LXC we can make use of Linux namespaces and cgroups to be able to create containerized environments. LXC is paired with LXD which is the Linux container daemon. It can be thought of as an extension to LXC. LXD exposes the Rest API that connects the LXC software library allowing for hosts to run multiple LXC containers while only using a single system daemon. This daemon can integrate with host-level security features as well as handle networking and data storage.
All this information is well and good, but as I always say, the best way to learn something is to get your hands dirty. So spin up an Ubuntu cloud server and take a chance at installing and playing with LXD.
This guide was written to run on Ubuntu and as LXC:
sudo apt remove lxd lxd-client liblxc1 lxcfs --purge --yes sudo snap install lxd
At this time, just use the default values for all questions.
Play with LXC
You can list available images on the images remote with: (Note: You can think of the remote like an image repository.)
lxc image list images
You can create new containers with lxc launch:
lxc launch ubuntu:16.04 ubuntu-container lxc launch images:centos/6 centos-container
Confirm they exist with: