CHENNAIHEARTS

DOCKER

DIGGING DEEPER INTO LINUX

AJIRA / HACK & LEARN / CHENNAI HEARTS DOCKER

PROCESS TREE

▸init (pid 0)▸cron▸sshd▸<your-login>▸ls, ps, …

▸<other-login>▸tty0▸tty1, … tty5▸nginx/apache/…

AJIRA / HACK & LEARN / CHENNAI HEARTS DOCKER

CGROUPS

▸Designate a part of a process tree as a CGroup

▸Then you can do:▸Resource Limits▸CPU Affinity▸Scheduler Priority▸Accounting▸Control/Stop/Restart

AJIRA / HACK & LEARN / CHENNAI HEARTS DOCKER

CHROOT

▸/var/lib/ftp-data▸folder1, folder2, …

▸chroot /var/lib/ftp-data▸ls /folder1

▸Fake “/” for an entire process tree▸FTP and other Static file servers▸Compiling/Installing (fakeroot)▸dev/proc/…?

AJIRA / HACK & LEARN / CHENNAI HEARTS DOCKER

NAMESPACES

▸ We can already do:▸ Virtual Networks (bridged, etc)▸ Virtual Mounts (sshfs, nfs, etc)

AJIRA / HACK & LEARN / CHENNAI HEARTS DOCKER

OVERALL

▸CGroups+Chroot+Namespaces = Lightweight VM?

▸Natively supported by Kernel▸No Overhead▸No Special Hardware Support Needed (runs on plain vanilla Linux, no CPU VX support needed)

▸Memory usage (e.g. run two ubuntu vms)▸Boot speed▸Resource injection (eg. shared folder)

AJIRA / HACK & LEARN / CHENNAI HEARTS DOCKER

CONTAINERS

▸ LXC - LinuX Containers - lxc-utils▸ Docker▸ Rocket