June 13, 2017 at 15:21LXC aka Linux Container: simplicity and reliability
What is an LXC? 
The acronym stands for Linux Container. It is a container virtualization system that operates within the Linux operating system. What does it mean? With LXC, you can run several completely isolated and independent from each other instances of Linux on a single computer. In addition, it is possible to create a reliable cluster of several dozen servers, when the same instance of the container is run on several physical machines at once, and if one server fails, the container does not stop working for a minute. Also, container data is located on several repositories at once, this is implemented by various methods (ceph). This allows, in addition to live migration of the container between the nodes of the cluster, to further increase the reliability of data storage,
A bit about virtualization mechanisms
What is the difference between virtual machines and containers? traditional types of virtualization, for example, KVM spend server resources on servicing the virtual environment itself, in the case of a container, up to 95% of the power is allocated directly to the container and it works essentially at the host machine level. We will measure container performance below in this article.
Comparison of LXC and KVM
| Lxc | Kvm |
|---|---|
| Changing the disk size - in the case of the LXC container, increasing or decreasing the disk occurs very quickly almost on the fly | Since KVM is a fully isolated container, changing the disk size requires a reboot of the virtual machine, just like on a physical server |
| Expansion of RAM, CPU cores, disk etc. Does not require a reboot, if continuous operation of the virtual machine is required then the choice is obvious | Any changes to the VPS settings require a reboot. |
| Fast reload container | As mentioned above - KVM requires as much time to restart as a regular server |
| Quick installation of any image of both the operating system and ready-made templates (OpenVPN, TorrenServer, OpenLDAP, MediaServer, OwnCloud, we have more than 100 different templates for all occasions) | The ability to install various versions of Windows and FreeBSD both from templates and from its own ISO |
| Create your own internal network between containers | Create your own internal network between containers |
In fact, LXC is not a complete virtualization system. There is no virtual hardware environment as such, but a safe isolated space is created. LXC is characterized by high functionality, compactness and flexibility in terms of resources, extraordinary performance, ease of use. With this mechanism, you can create a data center consisting of several containers for various purposes. As an example, we configure one container as a router and we have a firewall behind it in the DMZ –web segment, mail and file servers.
Creating a container using our hosting as an example
So, let's proceed to the order ( link to the basket ) - select the host name, password for root, the parameters of the CPU, RAM and disk, then go to the choice of the template for the container and click “Next”, for the tests we made a promotional code HelloHabr, which will allow a month Testing is completely free. Then we register in the billing and if something went wrong we create a request to the support. We go into the client’s office, select the freshly created container and proceed to the tests. What access opportunities are offered to us in your personal account - the simplest is the noVNC console which allows you to manage the container directly from the browser:
... further SPICE console - is a remote display display system (built) for a virtual environment that allows you to view the virtual “desktop” of the computing environment not only on the machine on which it is running, but also from anywhere via the Internet (from the wiki ), also in the Backup section we can take both an instant snapshot of the container and a full backup of the virtual machine, it is possible to choose both the type of archive and the type of copy.
We can also set up tasks for Backup that will be executed according to a specific schedule with an email notification.
I would also like to mention one more convenient option - setting up a firewall directly from the browser, which is very convenient for those who do not know the fine-tuning firewall in Linux. Everything is very convenient for experienced administrators, as well as for beginners.
Performance testing
I took the very initial configuration for tests and now I want to see how much it is enough for simple tasks, I will test the performance using the unixbench package first add the missing packages
apt-get install build-essential libx11-dev libgl1-mesa-dev libxext-devthen download unixbench itself and proceed with testing -
cd /tmp/
wget https://github.com/kdlucas/byte-unixbench/archive/master.zip
unzip master.zipand run
./RunWe are waiting for unixbench to test the container and enjoy the result.
BYTE UNIX Benchmarks (Version 5.1.3)
System: test: GNU/Linux
OS: GNU/Linux -- 4.4.59-1-pve -- #1 SMP PVE 4.4.59-87 (Tue, 25 Apr 2017 09:01:58 +0200)
Machine: x86_64 (unknown)
Language: en_US.utf8 (charmap="ANSI_X3.4-1968", collate="ANSI_X3.4-1968")
CPU 0: Intel(R) Xeon(R) CPU E5649 @ 2.53GHz (5076.7 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
09:14:27 up 33 min, 2 users, load average: 0.23, 0.06, 0.06; runlevel Jun
------------------------------------------------------------------------
Benchmark Run: Tue Jun 13 2017 09:14:28 - 09:42:27
24 CPUs in system; running 1 parallel copy of tests
Dhrystone 2 using register variables 29175436.4 lps (10.0 s, 7 samples)
Double-Precision Whetstone 3707.9 MWIPS (8.9 s, 7 samples)
Execl Throughput 4656.0 lps (30.0 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks 874980.2 KBps (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks 243115.0 KBps (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks 1778945.2 KBps (30.0 s, 2 samples)
Pipe Throughput 1587733.6 lps (10.0 s, 7 samples)
Pipe-based Context Switching 273143.4 lps (10.0 s, 7 samples)
Process Creation 11873.0 lps (30.0 s, 2 samples)
Shell Scripts (1 concurrent) 5665.4 lpm (60.0 s, 2 samples)
Shell Scripts (8 concurrent) 1061.0 lpm (60.0 s, 2 samples)
System Call Overhead 1897076.6 lps (10.0 s, 7 samples)
System Benchmarks Index Values BASELINE RESULT INDEX
Dhrystone 2 using register variables 116700.0 29175436.4 2500.0
Double-Precision Whetstone 55.0 3707.9 674.2
Execl Throughput 43.0 4656.0 1082.8
File Copy 1024 bufsize 2000 maxblocks 3960.0 874980.2 2209.5
File Copy 256 bufsize 500 maxblocks 1655.0 243115.0 1469.0
File Copy 4096 bufsize 8000 maxblocks 5800.0 1778945.2 3067.1
Pipe Throughput 12440.0 1587733.6 1276.3
Pipe-based Context Switching 4000.0 273143.4 682.9
Process Creation 126.0 11873.0 942.3
Shell Scripts (1 concurrent) 42.4 5665.4 1336.2
Shell Scripts (8 concurrent) 6.0 1061.0 1768.3
System Call Overhead 15000.0 1897076.6 1264.7
========
System Benchmarks Index Score 1372.3
------------------------------------------------------------------------
Benchmark Run: Tue Jun 13 2017 09:42:27 - 10:10:50
24 CPUs in system; running 24 parallel copies of tests
Dhrystone 2 using register variables 28791897.2 lps (10.1 s, 7 samples)
Double-Precision Whetstone 3650.7 MWIPS (9.0 s, 7 samples)
Execl Throughput 4573.6 lps (29.9 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks 899496.3 KBps (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks 243438.3 KBps (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks 1960457.7 KBps (30.0 s, 2 samples)
Pipe Throughput 1588441.9 lps (10.1 s, 7 samples)
Pipe-based Context Switching 221247.7 lps (10.0 s, 7 samples)
Process Creation 10910.9 lps (30.0 s, 2 samples)
Shell Scripts (1 concurrent) 8683.0 lpm (60.1 s, 2 samples)
Shell Scripts (8 concurrent) 1088.9 lpm (60.8 s, 2 samples)
System Call Overhead 1899698.1 lps (10.1 s, 7 samples)
System Benchmarks Index Values BASELINE RESULT INDEX
Dhrystone 2 using register variables 116700.0 28791897.2 2467.2
Double-Precision Whetstone 55.0 3650.7 663.8
Execl Throughput 43.0 4573.6 1063.6
File Copy 1024 bufsize 2000 maxblocks 3960.0 899496.3 2271.5
File Copy 256 bufsize 500 maxblocks 1655.0 243438.3 1470.9
File Copy 4096 bufsize 8000 maxblocks 5800.0 1960457.7 3380.1
Pipe Throughput 12440.0 1588441.9 1276.9
Pipe-based Context Switching 4000.0 221247.7 553.1
Process Creation 126.0 10910.9 865.9
Shell Scripts (1 concurrent) 42.4 8683.0 2047.9
Shell Scripts (8 concurrent) 6.0 1088.9 1814.9
System Call Overhead 15000.0 1899698.1 1266.5
========
System Benchmarks Index Score 1399.9
Some advertising
I would also like to remind you about our dedicated servers with protection against DDoS attacks.
Now you can order 2x Intel Xeon E5540 with 32Gb ECC DDR3 RAM with full protection and a 240Gb SSD drive for only 3127 rubles. Also always in stock Intel Core i7-7700 from 3 769 rub.
For additional discounts to Wellcome in PM