Hi ToddAndMargo! On 2014.11.08 at 11:06:00 -0800, ToddAndMargo wrote next:
> Hi Vladimir, > > Do you have a good reference you like that I could > learn this container stuff? Containers are pretty basic concepts. Were links I provided (as well as systemd-nspawn page) not enough? Basically it's chroot on steroids, allows program (or lots of programs, up to "all the programs in typical operating system, starting from init") execute in lightweight isolation - filesystem isolation, socket isolation, process space isolation and limits (memory, CPU, IO etc) for whole container. (chroot offers only low-quality filesystem isolation). There are various ways of doing this isolation, on Linux most popular and used in production would be OpenVZ (used for many years). More modern way is LXC (available in EL since EL7 out of the box). It is a much newer technology but we use it in production already on new systems instead of OpenVZ and it works. Applications in containers run at full speed, but environments you can run are limited, because host kernel version is the same. E.g. under SL7 you can perfectly run SL6 or F20 containers or any other Linux distributions compatible with 3.10 kernel, but it's not guaranteed that you'll be able to run, say, EL3 (kernel 2.4 based) container or future distributions which require features from newer kernels. Since containers themselves is very simple concept and there aren't as many complex technologies and pitfalls involved as with virtualization, there isn't much read about containers themselves. You can get familiar with certain isolation (container) technology. Just google for some documentation on its basic usage and that's it. In many aspects containers are way, way simpler than virtualization so there just isn't much you need to know to use them. I already explained basics, so I don't know what to add about it. If you want me to repeat it: OpenVZ - works great, production-ready, not supported from the box on any popular Linux distribution (requires special kernel and tools). Unless you need to work with existing installation, don't bother. LXC (native tools) - new, semi-production ready, works on EL7 out of the box, except for few pitfalls which might be fixed in the future (we got affected by selinux problems - kernel hanged/crashed (!) with selinux enabled, had to disable it; also got affected by bug https://bugzilla.redhat.com/show_bug.cgi?id=1004724 when running PostgreSQL in container; there is workaround) LXC under libvirt - very new, not production ready, but this is the way RedHat wants you to use containers. There is documentation available https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Resource_Management_and_Linux_Containers_Guide/index.html >From our experience, it doesn't work well enough yet to be used in production. Very immature tools and various problems. But, it will play nice with selinux when it'll work better. Note that documentation from link above still might be useful to you, even if you won't use LXC under libvirt Docker - a way to run single application in any kind of container. Very new, very hot technology, lots of interest in it (Redhat recently had webinar about docker, for example). Very easy to use, but its usage is limited comparing to container technology as a whole and it's still immature/not production ready. There is some documentation from the link above. When this technology matures, it *will* be the best solution for your task ("run Fedora 20 wine under SL7") and similar ones. systemd-nspawn - think of it as of very primitive alternative to Docker. Very limited and primitive and not for production usage (and likely will never be), but easy to use and excellent for simple use at desktop systems right now. The documentation would be its manpage and resources on the internet. http://maci0.wordpress.com/2014/05/02/run-any-applications-on-rhel7-containerized-with-3d-acceleration-and-pulseaudio-steam-pidgin-vlc/ is a good link (the command line with lots of bind mount arguments shows how to let application use high-performance interface to X11 and even run 3D applications without speed loss), as well as http://www.alapshin.com/posts/systemd-chroot/ (in Russian). -- Vladimir