What is LXC?

Linux Containers (LXC) is an open source Linux container project dating 2009. LXC is a container manager and provides a set of tools to manage containers, a wide choice of containers OS templates and advanced networking and storage capabilities for things like cloning and snapshotting.

Containers are isolated lightweight Linux operating environments that run within your host Linux OS. Containers do not emulate the hardware layer, and can thus run at near native speed without the performance overhead of virtualization. It's the best of both worlds.

In normal usage applications and web stacks are installed and configured on bare metal servers or VMs for production, or on developer PCs/laptops for testing. For instance a user could install PHP, MySQL, Nginx and Drupal and configure them to work together. But now the applications are stuck so to speak on the server they have been installed and can't be easily moved. You could install on a VM and gain some portability and flexibility but at a performance overhead.

Now install the same stack in a container and you get near bare metal performance and the ability to move the container across servers and Linux hosts easily. A container is high performance and portable, so you essentially get a mobile server that is lightweight and easy to manage. You can clone, backup and snapshot containers in seconds! This completely simplifies management and opens up a whole new level of flexibility in running and deploying applications.

LXC was initially developed by Daniel Lezcano and Serge Hallyn dating from 2009 at IBM. LXC development is currently led by Stephane Graber and Serge Hallyn, both of Ubuntu.

How do containers work?

A container is a mini Linux OS running within your Host Linux OS. But its not a full fledged Linux OS, its a lightweight minimal pared down Linux OS environment for running your apps. A container is like a lightweight VM. The advantage of using a container to run your apps is containers are portable, thus you can move containers across various Host Linux OSs and servers.

So suppose you install PHP, Mysql, Nginx and WordPress in a container on a Ubuntu Linux 14.04 Host. The container is portable across any Linux OS so you can move it to another Debian, Ubuntu, CentOS, Redhat, Fedora host easily. This means you are not stuck to any host, server or vps/cloud provider.

You could be running a Debian Wheezy host with multiple Ubuntu, Fedora, CentOS or Arch containers and vice versa all portable across servers and any Linux Host OS. This also let's you test and run apps across various Linux distributions whatever your host linux OS, so if there is an app or library that only works in a particular Linux distribution you can run that distribution in a container. You can install multiple versions of let's say php, nginx or mysql in containers and they are isolated from each other.

The other big advantage of containers is they are fast and operate at near bare metal speeds, so you do not have to sacrifice performance like you would with virtualization. Containers are lightweight and have very little overhead. Containers are also easier to manage, you can clone and snapshot containers which makes moving, backup up, updating and generally managing your apps in containers much simpler. A container can also share data with the Host much more simply than a VM.

Container support is already there in the Linux kernel. kernel >3.2 works, but > 3.8 preferred. You need a container manager to manage containers, provide minimal container OS templates and that's what the LXC project does. The LXC project provides a set of tools to manage containers, a wide choice of minimal container OS templates and advanced networking and storage capabilities for things like clones and snapshots.

Instead of installing your apps on your host and 'coupling' them you can install apps in containers and 'decouple' your apps and data giving you the flexibility of apps that you can move around easily.

Are containers an alternative to virtual machines?

Not only are they an alternative but a superior more efficient alternative. Virtual machines deliver flexibility but at a performance penalty. With containers that overhead goes away and you get near bare-metal performance.

What's not to like, think extremely lightweight containers that deliver all the flexibility without sacrificing performance and can scale effortlessly. Containers make the idea of virtualization and emulating an entire OS and hardware layer just to run apps redundant.

You can launch multiple container instances at a fraction of a resource that a vm would use.

The caveat is use cases where one needs to virtualize an OS other than Linux, need specific kernel versions or deploy a multi-tenant environment, where full blown virtualization remains the only option.

What is the Flockport App Store

The Flockport App store provides ready to use applications and web stacks that can be deployed on any server, any cloud and any provider. Flockport apps are based on LXC containers and operate at bare metal speeds.

No more endless hours wasted installing and configuring servers and applications, or poring through online guides just to get your applications or stacks installed. Just deploy a container and you are ready to go. Even better containers are portable and can be backed up, cloned or moved across servers with ease so you are not stuck to any server or cloud provider.

LXC containers provides extraordinary flexibility and performance to all users, and Flockport is about making LXC accessible to a wider audience and simple to use.

Why haven't I heard of this before?

LXC has been baking for some time. Ubuntu has been the target deployment environment with documentation support for other distributions minimal to lacking. This may have led to the perception that it is somewhat immature and held back its adoption to a large extent.

Are there alternatives, why is LXC better?

Linux container technology is supported by the mainline Linux kernel, which ensures compatibility across platforms, simplifies its usage and paves the way for widespread adoption.

Containers are an open source technology supported by the Linux kernel. The LXC project is the user land part of the project that provides a set of tools to manage containers, support for advanced networking and storage capabilities and a wide choice of minimal container OS templates.

There have been other container projects before like OVZ, Linux VServer that haven't gained traction due to the requirements of a customized kernel, which introduces new constraints and complexity.

The LXC project provides a full set of capabilities and features to install, deploy and manage container instances. It takes literally seconds and a single command to deploy an OS instance with minimal container OS images for the most popular distributions.

There are now other container managers like Docker which uses the same kernel capabilities as LXC. While LXC provides OS containers that are like lightweight VMs Docker runs the container OS without an init so it can only run a single app, removes storage persistence and builds the container with layers of aufs. This is mainly designed for devops, PAAS and deployment centric use cases and adds significant complexity to containers. These are know as App containers. Unless you need a container that can only run a single app without storage, there is little need to deal with the additional complexity.

OS containers offer near seamless migration from your VM workloads. Whatever works for your VM deployments will work for OS containers.  The ability to gain the advantages of container technology without needing to re engineer how you deploy applications is an incredible value proposition.

Please see Understanding the key differences between LXC and Docker in the News section.

Support for other distributions?

Flockport containers are based on LXC and will run on any environment that supports LXC. LXC is part of the mainline Linux kernel and thus widely supported across all Linux distributions. To get started visit our Documentation section.

Flockport also provides a lightweight Flockbox VM with a fully functioning LXC environment and the Flockport Utility that lets users try the Flockport App store and LXC in minutes. Flockbox VM images are available for VMWare, VirtualBox and KVM and can be used on Windows and OSX too.

Does Flockport support Windows, OSX?

Flockport depends on LXC support, and LXC is a linux application tightly wedded to the Linux kernel so it does not work on Windows and OSX. But no need to feel left out.

Flockport provides lightweight VM images for Virtualbox, Vmware and KVM that lets users try the Flockport app store and LXC in seconds.

Can I run specific kernels in LXC containers?

No, LXC containers 'piggyback' on the host's kernel, the speed comes from the fact they do not emulate an entire OS and hardware layer. It works on the kernel of the host system, so you cannot run specific kernel versions with container technology.

About Flockport

Flockport is a startup focused on building an App store based on LXC containers that users can deploy in seconds on any server, any cloud and any provider. Flockport is focused on simplicity and making things just work. And giving users cloud like flexibility of portables instances and workloads that can be moved across servers easily.

Users can have clean and minimal base systems, with applications and web stacks deployed in containers that can backed up cloned,  backed up, deployed and moved across servers in seconds.

Users benefit in simplicity and a platform for app discovery, app developers get a platform to showcase their applications that users can try easily, and server and cloud providers gain by taking away the complexity of deploying apps, increasing accessibility and accelerating adoption. It benefits everyone in the ecosystem.

Are containers secure?

LXC containers are as robust and secure as any linux distribution. And since a container lives in its own isolated system provides an additional layer of security as any attack has to break through the container first to even get to the host system.

LXC supports apparmour, selinux and seccomp. It also supports user namespaces, a relatively new Linux kernel feature which enables unprivileged containers. This however depends on a number of upstream packages that are not yet widely supported in most distributions.

You can learn more about LXC security in Stephane Graber's excellent 10 part LXC 1.0 blog post series.

Here is his post on LXC security features.

What are unprivileged containers?

Unprivileged containers are an exciting new feature that uses user namespaces  in the linux kernel. Learn more about it from the lead developer of LXC Stephane Graber here.

This is in development and requires features that are only available in the latest versions of Ubuntu,  the Linux kernel and a number of updated packages that are supported in Ubuntu 14.04.

It will take some time to mature and be widely available in other distributions at which point Flockport will transition to unprivileged containers.

What does Flockport mean?

The computing community was taken by surprise a couple of years ago by an engineer at CERN reminiscing fondly about pets and cattle in a scientific presentation.

It took a while for folks to realise said engineer was not exercised by fluffy pets or the oversupply of wholesome dairy animals in Switzerland but servers and virtual machines.

The idea being pets are servers that cannot be easily replaced and need to be nurtured, while cattle are representative of VMs that are disposable and easily replaced.

The easy portability of containers allows us I think to add a new breed to this endearing group; sheep. Even more agile, faster, portable and replaceable.

How do I use Flockport containers in the cloud?

Flockport containers are just like VMs and can be deployed in any cloud environment. We will shortly enable users to deploy Flockport containers directly to a number of public clouds directly from Flockport.com.

In the interim users can also deploy containers in the KVM instances without any performance hit, or if they control their servers deploy native Flockport or their own LXC containers and run many more container instances on their systems than they could VMs and even better get near bare metal performance. The same flexibility without sacrificing any performance. For low latency high performance applications workloads it makes perfect sense

What are the benefits for applications users, developers and operations?

It takes the pain out of managing and scaling web applications. With our preconfigured applications and web stacks containers, users can get going in seconds. Flockport containers deliver you straight to the launch pad.

You can test multiple configurations, multiple app versions, multiple stacks and multiple target environments with ease on the same host system and snapshot, clone, backup, destroy and move containers across systems effortlessly. The LXC end-user benefits in our news section provides a overview of basic use cases.

How secure are Flockport containers?

Flockport containers are built with the base Debian or Ubuntu template provided by LXC with default applications settings according to official guides where available so you get a default fresh install.

The webstack is optimised with Nginx, PHP-FPM and APC/Memchache (containers with PHP 5.4 are configured with APC and PHP 5.5 with memcache) and Nginx fastcache in some containers. The objective is to get users to a configured instance they can launch in their browser ready to deploy as quickly as possible.

LXC containers are as robust and secure as any linux distribution. And since a container lives in its own isolated system provides an additional layer of security as any attack has to break through the container first to even get to the host system.

LXC supports apparmour, selinux profiles and seccomp. You can learn more about LXC security in Stephane Graber’s excellent 10 part LXC 1.0 blog post series. Here is his post on LXC security features.

How do I use a Flockport container?

Please see the Get Started page. For more details visit the Documentation and News section.

Does Flockport benefit an user with little experience with Linux?

Probably and in all fairness very little, you need have at minimum some experience installing web applications like WordPress and be familiar with the Linux command line, and have an idea of how web stacks and applications are installed and deployed.

For these individuals Flockport makes it much easier and faster to get to the launch stage. Or you need to be willing to learn. Our instructions do not presume any level of user knowledge but simply the desire to learn and the ability to follow instructions properly. But those already familiar with Linux and web applications will benefit most.

How large are Flockport containers?

Container are actually quite minimal. The Flockport download sizes vary from 100MB for PHP based applications to around 300MB for Ruby based applications. For example Discourse, a ruby forum app is the largest Flockport container at 332MB and WordPress one of the lightest at around 120MB.

Given the container contains the OS, the webstack and the application this is impressive.

Flockport recently introduced micro containers based on Alpine Linux. Micro containers are fraction of the size of Debian and Ubuntu based containers and a great way to build and deploy lightweight apps.

How much space does a typical Flockport container take on a host system?

Depending on the application environment anything from 500MB to 1.5GB uncompressed. The base OS containers are actually quite tiny at around 100MB for a 32 bit Ubuntu Precise container and around 150MB for a 64 bit Debian Wheezy container.

How do I control container resource usage?

LXC container resource usage is managed through cgroups. Please see the LXC Advanced guide to learn how to use cgroups to manage your container resource usage.

Is this complex?

Actually no, the command below is all it takes to deploy a base container OS from scratch in seconds (Depending on your network speed)

lxc-create -t debian -n p1

With the single command above LXC downloads the template OS specified, creates a container called p1, configures basic networking and it's done.

Your container is ready and you can launch the container and install apps and stacks as required. On our test systems this process takes 10 seconds, because container OS's are cached once downloaded.

With a downloaded Flockport container it's as simple as:

lxc-start -n containername -d

This starts the container and you can access the application on your browser at http://mycontainername.org

Can I run this in a 32 bit environment?

Yes, but it limits your options needlesly, to running only 32 bit containers. 64 bit host systems are preferred. With a 64 bit host system you can run both 32 bit and 64 bit containers offering more flexibility and choice. Though we do have 32 bit containers available for download.

How do I upload containers?

To upload containers please follow the upload guide available on the Upload page and refer to the Flockport container conventions Containers will undergo a security review and be posted in our downloads section with due credits and under the community tag.

We would first like to thank any uploaders for sharing their expertise, time and effort. We would also request them in the spirit of Flockport to ensure their containers do not contain any intellectual property they are not authorized to distribute, and strictly do not in any way contain viruses, worms, spam or any advertising related functionality.

It's the sole responsibility on the uploader to ensure their container is not compromised in any way. Any infringement will result in an instant ban without exception. Flockport exists to provide easy to use, secure and safe containers. Please read the terms of use section before uploading any material.

The containers should be easy to use and documented properly.

How is LXC different from Docker?

Containers are made possible by Namespaces support in the Linux kernel. The LXC projects provides containers, tools to manage them, support for advanced networking and storage capabilities and a wide choice of minimal container OS templates. These are like lightweight VMs and are OS container

Docker took the LXC OS container as a base to do a few things on top. Docker runs the Container OS without an init so it can only run a single app, removes storage persistence and builds the container with layers of aufs. This is mainly designed for devops, PAAS and deployment centric use cases and adds significant complexity to containers. Unless you need a container that can only run a single app without storage, there is little need to deal with the additional complexity.

For general users LXC gives you a way to run lightweight portable virtual machines and gives you a multi process environment likeIf you are already running VMs and would like the benefits of containers without the performance overhead of virtualization LXC offers a seamless transition. It is now well supported across distributions. Docker is a way to build a PAAS or a distributed architecture using containers.

Flockport Store vs Docker Hub

Flockport is build ground up for end users. We are trying to make it as easy as possible for end users to try server apps without the need to install and configure multiple components like databases, web servers, apps etc. The Flockport model is you download the app, let's say a WordPress container, start it and access it on the browser.

We use LXC containers as it gives users a lightweight OS environment similar to a VM or a bare metal OS that users would be familiar with. And LXC allows us to package the app and stack in a single container.

This allows us to keep things simple and removes an entire layer of complexity other container solutions like Docker introduce with single app environments which requires users to understand things like the need to launch apps in 'non daemon mode', building loosely coupled components, linking components together with custom networking and the lack of storage persistence. This requires a lot of expertise and knowledge and would be counterproductive if the objective of making things simple and more accessible.


Register | Lost your password?