Information Technology Reference
In-Depth Information
can kill or interact with all processes, even ones in individual containers. For example, the
shell command ps , when running in a FreeBSD container (called a “jail”), displays only
processes running in that container. This is not a parlor trick; the container has no visibility
to other processes. However, when the same command is run on the host from outside any
container,it showsall processes, including those inside the each container.Thus, if youare
loggedintothemainhost(noparticularcontainer),youhaveglobalvisibilityandcanserve
as administrator for all containers.
Each container has its own copy of the packages, shared libraries, and other supporting
filesthatitrequires.Twocontainersrunningonthesamemachinecannothavedependency
or version conflicts. For example, without containers one program might require a partic-
ular version of a library while another requires a very different version and cannot operate
with the other version installed. This “dependency hell” is common. When each program
is put in a different container, however, each can have its own copy of the library and thus
the conflict is avoided.
Containers are very lightweight because they do not require an entire OS. Only the spe-
cificsystemfilesneededbythesoftwarearecopiedintothecontainer.Thesystemallocates
diskspaceasfilesareneeded,asopposedtoallocating alargevirtualdiskaheadoftime.A
containerrunsfewerprocessesbecauseitneedstorunonlytheonesrelatedtothesoftware.
System background processes such as SSH and other daemons do not run in the container
sincetheyareavailableintheoutsideoperatingsystem.Whenusingvirtualmachines,each
machine has a full complement of such daemons.
Containers are different from virtual machines. Each virtual machine is a blackbox. An
administrator logged into the physical machine cannot (without tricks) peer into the indi-
vidual virtual machines. A virtual machine can run a different operating system than its
host physical machine because it is emulating a full machine. A virtual machine is a larger,
less granular allocation of resources. When the virtual machine starts, a certain amount of
RAM and disk space is allocated and dedicated to that virtual machine. If it does not use
all of the RAM, the RAM can't be used by anything else. Virtual disks are often difficult
toresize, soyoucreate them largerthanneeded toreduce thechance that thecontainer will
need to be enlarged. The extra capacity cannot be used by other virtual machines—a situ-
ation called having stranded resources .
Containers do share some of the downsides of virtual machines. Downtime of the host
machine affects all containers. This means that planned downtime for patching the host
as well as unplanned outages affect all containers. Nevertheless, the host machine doesn't
have to do much, so it can run a stripped-down version of the operating system. Thus there
is less to patch and maintain.
Search WWH ::




Custom Search