本文翻译自:What does Docker add to lxc-tools (the userspace LXC tools)?
If you take a look at Docker's features, most of them are already provided by LXC. 如果你看一下Docker的功能,其中大部分已经由LXC提供。
So what does Docker add? 那么Docker添加了什么? Why would I use Docker over plain LXC? 为什么我会使用Docker而不是简单的LXC?
#1楼
参考:https://stackoom.com/question/1DTq6/Docker将什么添加到lxc-tools-用户空间LXC工具
#2楼
Let's take a look at the list of Docker's technical features , and check which ones are provided by LXC and which ones aren't. 让我们看一下Docker的技术特性列表 ,并检查哪些是由LXC提供的,哪些不是。
Features: 特征:
1) Filesystem isolation : each process container runs in a completely separate root filesystem. 1) 文件系统隔离 :每个进程容器在完全独立的根文件系统中运行。
Provided with plain LXC. 提供简单的LXC。
2) Resource isolation : system resources like cpu and memory can be allocated differently to each process container, using cgroups. 2) 资源隔离 :cpu和内存等系统资源可以使用cgroups以不同方式分配给每个进程容器。
Provided with plain LXC. 提供简单的LXC。
3) Network isolation : each process container runs in its own network namespace, with a virtual interface and IP address of its own. 3) 网络隔离 :每个进程容器都在自己的网络命名空间中运行,具有自己的虚拟接口和IP地址。
Provided with plain LXC. 提供简单的LXC。
4) Copy-on-write : root filesystems are created using copy-on-write, which makes deployment extremely fast, memory-cheap and disk-cheap. 4) 写时复制 :使用copy-on-write创建根文件系统,这使得部署速度极快,内存便宜且磁盘便宜。
This is provided by AUFS, a union filesystem that Docker depends on. 这是由AUFS提供的,它是Docker所依赖的联合文件系统。 You could set up AUFS yourself manually with LXC, but Docker uses it as a standard. 您可以使用LXC手动设置AUFS,但Docker将其用作标准。
5) Logging : the standard streams (stdout/stderr/stdin) of each process container is collected and logged for real-time or batch retrieval. 5) 记录 :收集并记录每个过程容器的标准流(stdout / stderr / stdin)以进行实时或批量检索。
Docker provides this. Docker提供了这个。
6) Change management : changes to a container's filesystem can be committed into a new image and re-used to create more containers. 6) 变更管理 :对容器文件系统的更改可以提交到新映像中,并重新用于创建更多容器。 No templating or manual configuration required. 无需模板或手动配置。
"Templating or manual configuration" is a reference to LXC, where you would need to learn about both of these things. “模板或手动配置”是对LXC的引用,您需要了解这两个方面。 Docker allows you to treat containers in the way that you're used to treating virtual machines, without learning about LXC configuration. Docker允许您以用于处理虚拟机的方式处理容器,而无需了解LXC配置。
7) Interactive shell : docker can allocate a pseudo-tty and attach to the standard input of any container, for example to run a throwaway interactive shell. 7) 交互式shell :docker可以分配一个伪tty并附加到任何容器的标准输入,例如运行一次性交互式shell。
LXC already provides this. LXC已经提供了此功能。
I only just started learning about LXC and Docker, so I'd welcome any corrections or better answers. 我刚开始学习LXC和Docker,所以我欢迎任何更正或更好的答案。
#3楼
From the Docker FAQ : 来自Docker FAQ :
Docker is not a replacement for lxc. Docker不是lxc的替代品。 "lxc" refers to capabilities of the linux kernel (specifically namespaces and control groups) which allow sandboxing processes from one another, and controlling their resource allocations. “lxc”指的是Linux内核(特别是名称空间和控制组)的功能,它们允许相互之间的沙箱进程,并控制其资源分配。
On top of this low-level foundation of kernel features, Docker offers a high-level tool with several powerful functionalities: 除了内核功能的低级基础之外,Docker还提供了一个具有几个强大功能的高级工具:
Portable deployment across machines. 跨机器的可移植部署。 Docker defines a format for bundling an application and all its dependencies into a single object which can be transferred to any docker-enabled machine, and executed there with the guarantee that the execution environment exposed to the application will be the same. Docker定义了一种格式,用于将应用程序及其所有依赖项捆绑到一个对象中,该对象可以传输到任何支持docker的机器,并在那里执行,并保证暴露给应用程序的执行环境是相同的。 Lxc implements process sandboxing, which is an important pre-requisite for portable deployment, but that alone is not enough for portable deployment. Lxc实现了进程沙箱,这是便携式部署的一个重要先决条件,但仅凭这一点对于可移植部署来说还不够。 If you sent me a copy of your application installed in a custom lxc configuration, it would almost certainly not run on my machine the way it does on yours, because it is tied to your machine's specific configuration: networking, storage, logging, distro, etc. Docker defines an abstraction for these machine-specific settings, so that the exact same docker container can run - unchanged - on many different machines, with many different configurations. 如果您向我发送了一个安装在自定义lxc配置中的应用程序的副本,它几乎肯定不会像在您的计算机上那样在您的计算机上运行,因为它与您的计算机的特定配置相关联:网络,存储,日志记录,发行版, Docker为这些特定于机器的设置定义了一个抽象,以便完全相同的docker容器可以在许多不同的机器上运行 - 不变 - 具有许多不同的配置。
Application-centric. 以应用为中心。 Docker is optimized for the deployment of applications , as opposed to machines. Docker针对应用程序的部署进行了优化,而不是机器。 This is reflected in its API, user interface, design philosophy and documentation. 这体现在其API,用户界面,设计理念和文档中。 By contrast, the lxc helper scripts focus on containers as lightweight machines - basically servers that boot faster and need less ram. 相比之下,lxc帮助程序脚本将容器作为轻量级计算机集中在一起 - 基本上是服务器启动速度更快,需要更少的内存。 We think there's more to containers than just that. 我们认为容器不仅仅是那个。
Automatic build . 自动构建 。 Docker includes a tool for developers to automatically assemble a container from their source code, with full control over application dependencies, build tools, packaging etc. They are free to use make, maven, chef, puppet, salt, debian packages, rpms, source tarballs, or any combination of the above, regardless of the configuration of the machines . Docker包含一个工具,供开发人员从源代码中自动组装容器,完全控制应用程序依赖性,构建工具,打包等。他们可以免费使用make,maven,chef,puppet,salt,debian软件包,rpms,source 无论机器的配置如何 , 都可以使用tarball或上述任意组合。
Versioning. 版本。 Docker includes git-like capabilities for tracking successive versions of a container, inspecting the diff between versions, committing new versions, rolling back etc. The history also includes how a container was assembled and by whom, so you get full traceability from the production server all the way back to the upstream developer. 泊坞窗包括用于跟踪容器的后续版本,检查版本之间的差异,提交新版本,回滚等历史还包括容器是如何组装以及由谁混帐般的功能,让你从生产服务器完全可追溯一直回到上游开发者。 Docker also implements incremental uploads and downloads, similar to "git pull", so new versions of a container can be transferred by only sending diffs. Docker还实现了增量上传和下载,类似于“git pull”,因此只能通过发送差异来传输容器的新版本。
Component re-use. 组件重用。 Any container can be used as an "base image" to create more specialized components. 任何容器都可以用作“基本图像”来创建更专业的组件。 This can be done manually or as part of an automated build. 这可以手动完成,也可以作为自动构建的一部分完成。 For example you can prepare the ideal python environment, and use it as a base for 10 different applications. 例如,您可以准备理想的python环境,并将其用作10个不同应用程序的基础。 Your ideal postgresql setup can be re-used for all your future projects. 您理想的postgresql设置可以重复用于您未来的所有项目。 And so on. 等等。
Sharing. 共享。 Docker has access to a public registry ( https://registry.hub.docker.com/ ) where thousands of people have uploaded useful containers: anything from redis, couchdb, postgres to irc bouncers to rails app servers to hadoop to base images for various distros. Docker可以访问公共注册表( https://registry.hub.docker.com/ ),其中有数千人上传了有用的容器:从redis,couchdb,postgres到irc保镖到rails app服务器到hadoop到base图像的任何东西各种发行版。 The registry also includes an official "standard library" of useful containers maintained by the docker team. 该注册表还包括由docker团队维护的有用容器的官方“标准库”。 The registry itself is open-source, so anyone can deploy their own registry to store and transfer private containers, for internal server deployments for example. 注册表本身是开源的,因此任何人都可以部署自己的注册表来存储和传输私有容器,例如用于内部服务器部署。
Tool ecosystem. 工具生态系统 Docker defines an API for automating and customizing the creation and deployment of containers. Docker定义了一个API,用于自动化和自定义容器的创建和部署。 There are a huge number of tools integrating with docker to extend its capabilities. 有大量工具与docker集成以扩展其功能。 PaaS-like deployment (Dokku, Deis, Flynn), multi-node orchestration (maestro, salt, mesos, openstack nova), management dashboards (docker-ui, openstack horizon, shipyard), configuration management (chef, puppet), continuous integration (jenkins, strider, travis), etc. Docker is rapidly establishing itself as the standard for container-based tooling. 类似PaaS的部署(Dokku,Deis,Flynn),多节点编排(maestro,salt,mesos,openstack nova),管理仪表板(docker-ui,openstack horizon,造船厂),配置管理(厨师,木偶),持续集成(jenkins,strider,travis)等.Docker正在迅速建立自己作为基于容器的工具的标准。
I hope this helps! 我希望这有帮助!
#4楼
Dockers use images which are build in layers. Dockers使用构建在图层中的图像。 This adds a lot in terms of portability, sharing, versioning and other features. 这在可移植性,共享,版本控制和其他功能方面增加了很多。 These images are very easy to port or transfer and since they are in layers, changes in subsequent versions are added in form of layers over previous layers. 这些图像非常易于移植或传输,并且由于它们是分层的,因此后续版本中的更改将以层的形式添加到先前的层上。 So, while porting many a times you don't need to port the base layers. 因此,在移植很多次时,您不需要移植基础层。 Dockers have containers which run these images with execution environment contained, they add changes as new layers providing easy version control. Docker拥有容器,这些容器在包含执行环境的情况下运行这些映像,它们将更改添加为新层,从而提供简单的版
Apart from that Docker Hub is a good registry with thousands of public images, where you can find images which have OS and other softwares installed. 除了Docker Hub是一个包含数千个公共映像的良好注册表,您可以在其中找到安装了OS和其他软件的映像。 So, you can get a pretty good head start for your application. 因此,您可以为您的应用程序提供良好的开端。
#5楼
The above post & answers are rapidly becoming dated as the development of LXD continues to enhance LXC . 随着LXD的发展继续增强LXC ,上述帖子和答案正在迅速变得过时。 Yes, I know Docker hasn't stood still either. 是的,我知道Docker也没有停滞不前。
LXD now implements a repository for LXC container images which a user can push/pull from to contribute to or reuse. LXD现在为LXC容器映像实现了一个存储库,用户可以推送/拉出该存储库以贡献或重用。
LXD's REST api to LXC now enables both local & remote creation/deployment/management of LXC containers using a very simple command syntax. LXD的LxC REST API 现在可以使用非常简单的命令语法实现LXC容器的本地和远程创建/部署/管理。
Key features of LXD are: LXD的主要特点是:
- Secure by design (unprivileged containers, resource restrictions and much more) 设计安全(无特权的容器,资源限制等)
- Scalable (from containers on your laptop to thousand of compute nodes) 可扩展(从笔记本电脑上的容器到数千个计算节点)
- Intuitive (simple, clear API and crisp command line experience) 直观(简单,清晰的API和清晰的命令行体验)
- Image based (no more distribution templates, only good, trusted images) Live migration 基于图像(没有更多的分发模板,只有好的,可信的图像)实时迁移
There is NCLXD plugin now for OpenStack allowing OpenStack to utilize LXD to deploy/manage LXC containers as VMs in OpenStack instead of using KVM, vmware etc. 现在有针对OpenStack的NCLXD插件,允许OpenStack利用LXD在OpenStack中将LXC容器部署/管理为VM,而不是使用KVM,vmware等。
However, NCLXD also enables a hybrid cloud of a mix of traditional HW VMs and LXC VMs. 但是,NCLXD还支持混合使用传统硬件VM和LXC VM的混合云。
The OpenStack nclxd plugin a list of features supported include: OpenStack nclxd插件支持的功能列表包括:
stop/start/reboot/terminate container
Attach/detach network interface
Create container snapshot
Rescue/unrescue instance container
Pause/unpause/suspend/resume container
OVS/bridge networking
instance migration
firewall support
By the time Ubuntu 16.04 is released in Apr 2016 there will have been additional cool features such as block device support, live-migration support . 当Ubuntu 16.04于2016年4月发布时,还会有其他很酷的功能,例如块设备支持,实时迁移支持 。
#6楼
Going to keep this pithier, this is already asked and answered above . 为了保持这种精神,这已经被问到并在上面回答了。
I'd step back however and answer it slightly differently, the docker engine itself adds orchestration as one of its extras and this is the disruptive part. 然而,我退后一步,稍微不同地回答它,docker引擎本身增加了编排作为其附加功能之一,这是破坏性的部分。 Once you start running an app as a combination of containers running 'somewhere' across multiple container engines it gets really exciting. 一旦你开始运行一个应用程序作为跨多个容器引擎运行'某处'的容器的组合,它真的很令人兴奋。 Robustness, Horizontal Scaling, complete abstraction from the underlying hardware, i could go on and on... 稳健性,横向扩展,从底层硬件完全抽象,我可以继续......
Its not just Docker that gives you this, in fact the de facto Container Orchestration standard is Kubernetes which comes in a lot of flavours, a Docker one, but also OpenShift, SuSe, Azure, AWS... 它不仅仅是Docker为您提供的,实际上事实上的Container Orchestration标准是Kubernetes,它有很多种类,Docker,还有OpenShift,SuSe,Azure,AWS ......
Then beneath K8S there are alternative container engines; 然后在K8S下面有另外的容器引擎; the interesting ones are Docker and CRIO - recently built, daemonless, intended as a container engine specifically for Kubernetes but immature. 有趣的是Docker和CRIO - 最近建造的,无守护的,旨在作为专门用于Kubernetes但不成熟的容器引擎。 Its the competition between these that I think will be the real long term choice for a container engine. 我认为它们之间的竞争将是集装箱发动机真正的长期选择。