10
Linux Containers Forks LXD Project As "Incus"
(www.phoronix.com)
This is a most excellent place for technology news and articles.
Does anyone actually use LXD? I never could figure out the deal with this.
I used to use LXC maybe 5 years ago but I've since replaced everything with docker/compose. The main difference between LXC and Docker is that LXC is meant to be more like a Virtual Machine than a container. LXC containers run their own instance of systemd and can run multiple processes easily. Docker is meant to run a single process although people sometimes do hacks with supervisord or s6 overlay to run multiple processes.
At the time LXC didn't really have a concept of images like Docker, it was just base images like Ubuntu 18.04 or Debian 9 and you'd shell in the container and install your stuff.
LXD is a tool built on top of LXC, confusingly enough the LXD client is called
lxc
... It's higher level and might have the ability to use images, not sure, I never felt the need to learn it.I've always used lxc and only recently tried docker.
I really cant wrap my head around all the crazy shit docker alters on your network settings like rewriting a bunch of firewall rules without telling you
Not sure if i was doing something wrong but that was my experience with docker
Docker is spaghetti-ware, they try to control everything, which ironically makes me Isolate my dockers in a vm.
Ok, i'm glad my solution to the problem (run docker in an lxc container) isn't as harebrained as i thought
Other people are doing the same
Haven't done that, but honestly I'm thinking that's my next workflow.
That is kind of the expected setup. Either a vm or a dedicated system. You let docker do its thing and it should work.
I run lxc because i want contained systems I control. That just means I have to do the work too.
Same, I love lxc like I love jails, you craft beautiful systems that are isolated and clean.
I wouldn't make a disposable jail, but I make disposable lxcs, lxcs are like temporary distros for me.
There are scripts for making a jail around single apps but yeah I typically don't use them that way. Lxc I very often install an app I want to test out and toss once I want to dedicate compile time to it.
Yeah, I'd want a jail dockerfile system too, I just usually do them manually. Still, a way to run dockerfiles to build jails would be epic if you could make it work.
I used gentoo for a decade, I just can't afford the downtime if my workstation goes down, so it's debian with lxc workspaces for a while, but gentoo actually runs well under lxc.
Mostly every app expects its own distro, either debian or centos, few actually are agnostic, so getting them to run on gentoo was always more of a challenge than on raw debian/Ubuntu.
I'm actually the opposite. Run gentoo as my host and toss up a debian lxc if needed. Worst case scenario im running just the kernel and everything else from a container (actually how i typically run when rebuilding a system from start).
I've never run into a situation where an app "couldn't" run in Gentoo. It's just that I've had cases where an app is build for a 8 year old LTS of debian with such old dependencies it wouldn't be worth my time building them all when i can just pull up a container with that super old build. The nice thing is that all the vulnerabilities that old Debian had is now in a container and less of a target.
I swear i must be lucky cuz i do often hear of gentpo fatigue but I've been running it since the project started and never had issues outside the things they legitimately broke.