Container 101

If you ever had to deal with repairing or modifying an installed Linux system (reset root password, resizing/checking partitions or file systems), you should be familiar with the concept of booting a live cd image and chroot-ing to the installed system.

As more features around cgroups & namespaces where introduced to Linux, I just experimented with these new features via LXC only for special purposes, while still relying on virtual machines for my daily work. The google project LMCTFY was a first wakeup call for me to pay closer attention. I was reminded again of a course in Plan 9, where many of the concepts had been imho already introduced:

Design Principles derived from Plan 9 from Bell Labs:

The foundations of the system are built on two ideas: a per-process name space and a simple message-oriented file system protocol. — Pike et al.

• Processes each have their own isolated view of the namespace (cf. Linux mount, pid, net, ..., cgroups).
• Processes can offer their services to other processes by providing virtual files that appear in the other processes' namespace, across the boundary of a single computer.
• Processes can collect the files from different directory trees in a single union directory (cf. Docker AUFS, device mapper, lvm, brtfs/zfs).
• ... combination of many other innovations (cf. Linux special filesystems like /proc or /sys, everything unicode).

I put together the following introduction to containers with the goal to jump start a newcomer into this subject with some very easy to understand exercises. And I have inserted links to many superb experts & bloggers and original documentation, so you can dive deeper into further material.

Exercises

01 Setup

02 Play with chroot

03 Play with cgroups & namespaces

04 Play with cgroups & namespaces (Part 2)

05 Let's create a Docker image and run it

06 Swarm Intelligence with Docker Registry

07 What about rkt?

08 Tuning of Permissions & Security

09 Inspect and Restrict Syscalls

Further Reading

• A Brief History of Containers: From the 1970s Till Now. And if you are interested in real containers, the history of containers has some good material
• A Practical Introduction to Container Terminology by Scott McCarty
• Docker Labs (docker specific)
• The Missing Introduction To Containerization by Aymen El Amri, a very nice in-depth article on the history with examples.