6

I want to comprehend all that differ a container from a virtual machine. A filesystem with all operational system can be observed for both of these virtualization methods. But in a Docker container, e.g. centos 5.x, if I exec uname -a in container's shell, the output shows my host kernel version. How does it works and the main differences from a classic virtual machine (vmware, virtualbox, xen, etc)?

Thiago Rider Augusto
  • 695
  • 1
  • 8
  • 18
  • This has already been answered [on StackOverflow](http://stackoverflow.com/questions/16047306/how-is-docker-different-from-a-normal-virtual-machine) – BMitch Jul 11 '16 at 12:59
  • might be helpful https://shivab.com/blog/docker/2019/01/10/introduction-to-docker-and-containerization/ – Shiva Sep 30 '19 at 12:09

2 Answers2

12

Both forms allow multiple operating systems to run on a single physical machine.

With containers, these operating systems are isolated (they have their own file systems, processes, libraries including the libc, IP address, etc.) but they are nevertheless sharing the very same kernel. That's the reason why uname -a showed your host kernel version.

With traditional virtualization, the operating systems have each one their own kernel running. These multiple kernels are not running on top of the real hardware, but on top of a virtualized hardware provided by a piece of software called an hypervisor. This is an extra layer compared to container based virtualization.

Each kind of virtualization has its strenghts and weaknesses. Containers are more limited in the choice of operating systems, the container one must be supported by the running kernel (e.g.: Solaris zones on Solaris, LXC on Linux, WPAR on AIX) although technically, nothing forbid kernel developers to implement the support for "alien" userlands (e.g.: lxbrand = Linux zones on Solaris 10 and SmartOS, or more recently Ubuntu runtime on Windows 10) while with hypervisors, the operating system needs only to be supported by the virtual hardware, which allows much heterogeneous configurations (e.g. : Linux 32 bit and 64 bit kernels, *BSDs, Solaris, Windows, Mac OS X, ...)

The major advantage of containers is they are much lighter, the application performance is essentially the same as what it would be with a true bare metal OS installation. New container instantiation is much faster because there is no extra kernel to boot, and the virtual environment density can be much higher because there are no extra kernels to run.

Note that Docker is not a container implementation. Docker is a building/packaging/distribution standard for applications running in containers and include an engine to run them and recently added an orchestrator too. This engine plays a role similar to the one of an hypervisor, but for applications on containers.

jlliagre
  • 8,861
  • 18
  • 36
  • I really liked your answer! For the last: Why Docker can't be considered a container implementation? – Thiago Rider Augusto Jul 10 '16 at 17:51
  • 1
    Docker relies on Linux containers in the kernel to function. Docker is to containers as an OVA virtual appliance is to a hypervisor (KVM, ESXi). One standardizes the application, the other runs it. – John Mahowald Jul 10 '16 at 23:29
  • 1
    @JohnMahowald Beware that Docker ceased to depend on Linux Containers since version 0.9. Current Docker relies on runc (formerly libcontainer) which is platform independent and has been pulled out from Docker (see https://blog.docker.com/2015/06/open-container-project-foundation/ ). Docker CEO and co-founder Ben Golub stated a couple of years ago: *There is no fundamental reason why we have to stay in Linux. We can also manage BSD Jails or Solaris Zones, which are sort of the equivalent low-level technology for Solaris, and we have some stuff in the works for .Net as well. * – jlliagre Jul 11 '16 at 00:53
  • 1
    @JohnMahowald Also, Docker is not only similar to OVA, it also runs applications like an hypervisor runs VMs (docker engine https://www.docker.com/products/docker-engine ) and even recently added an orchestrator ( https://blog.docker.com/2016/06/docker-1-12-built-in-orchestration/ ). – jlliagre Jul 11 '16 at 01:01
  • Point taken about Docker's abstraction layer and orchestration. I mentioned Linux containers as something specific to show Docker doesn't do most of the low level OS work. – John Mahowald Jul 12 '16 at 17:35
1

A good starting point would be to read the Wikipedia article:

Operating-system-level virtualization is a server virtualization method in which the kernel of an operating system allows the existence of multiple isolated user-space instances, instead of just one. Such instances, which are sometimes called containers, software containers, virtualization engines (VEs) or jails (FreeBSD jail or chroot jail), may look and feel like a real server from the point of view of its owners and users.

On Unix-like operating systems, this technology can be seen as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource-management features to limit the impact of one container's activities on other containers. [...]


I want to comprehend all that differ a container from a virtual machine.

With virtualization technology, the package that can be passed around is a virtual machine and it includes an entire operating system as well as the application. A physical server running three virtual machines would have a hypervisor and three separate operating systems running on top of it.

By contrast a server running three containerized applications as with Docker runs a single operating system, and each container shares the operating system kernel with the other containers. Shared parts of the operating system are read only, while each container has its own mount (i.e., a way to access the container) for writing. That means the containers are much more lightweight and use far fewer resources than virtual machines.

What else do you want to know? Which details are you missing, exactly?

gxx
  • 5,591
  • 2
  • 22
  • 42
  • Why centos 5.x containers running over Ubuntu 16.04 reports kernel version to be 4.4.x if centos 5.x has a 2.6.x kernel? And how does it works with (old libs from centos 5 with a brand new kernel)? – Thiago Rider Augusto Jul 09 '16 at 23:34
  • 1
    @ThiagoRiderAugusto Because the container, as described, does use the kernel of the host, in contrast to virtualization. – gxx Jul 09 '16 at 23:35