Andrey Vagin <[email protected]> Libcontainer: joining forces under one roof Docker Moscow Meetup 2015
Jul 15, 2015
Andrey Vagin <[email protected]>
Libcontainer: joining forces under one roof
Docker Moscow Meetup 2015
3
History
● Parallels Virtuozzo Containers
● Linux-VServer
● OpenVZ
● LXC
● Linux-utils (unshare, nsenter)
● SystemD (systemd-nspawn)
● Libcontainer (Docker)
OpenVZ2005
LXC2008
Libcontainer2014
Virtuozzo2001
systemdLinux-utils2009
VServer
4
Linux Containers
Namespace
Cgroups
● Cgroups limits resources
– Cpu
– Memory
– Blkio
– Freeze
● Namespaces isolates environment
– MNT, PID, NET, IPC, USER, UTS
6
Libcontainer
● Avoid external dependencies
● Create a library to joining forces
– Docker, Google, Parallels, RedHat, etc
● Support other container technologies (OpenVZ, jails, zones)
● Reuse in other projects (not only in Go)
8
API
● Factory
– Create(), Load()
● Process
– Env, capabilities, cwd
● Container
– Namespaces, cgroup
– ID(), Start(), Destroy()
– Pause()/Resume()
– Stats(), Processes()
9
Libct
– Libct is a containers management library which provides convenient API for frontend programs to rule a container during its whole lifetime
● In C
● Bindings for other languages (Go, Python)
10
Hierarchy
Docker
LXC
execdriver
Libcontainer
Linux Libct
Linux OpenVZ
Linux Kernel OpenVZ Linux Kernel
11
The current state and future plans
● Implement the new API for Libcontainer (DONE)
● Migrate Docker to use the new API
● Integrate Libct into Libcontainer
12
Q&A
● https://github.com/docker/libcontainer
● https://github.com/xemul/libct
● Andrey Vagin <[email protected]>
Thank you