Skip to main content
Topic: Containers for Linux: LXC, LXD, and Lima (Read 1931 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Containers for Linux: LXC, LXD, and Lima

Containers for Linux: LXC, LXD, and Lima

Lima is not in the Artix Repositories. In the past it was MacOS only, but today it runs on Linux and BSD. Lima is a tool to run Virtual Machines. A CLI front-end for Qemu?

LXC looks like a pretty good solution, native to Linux, doesn't require extra software. A traditional Virtualbox replacement is usually Qemu with Virt Manager.
Does this mean LXC's memory footprint will be smaller with equal performance to Qemu with Virt Manager?

LXD, built on LXC, with improved user functionality.
Does that mean they are building another 'Virt Manager', therefore, more software and a larger memory footprint?
How much more memory would be required to run LXD vs LXC?
How would LXD compare to Qemu with Virt Manager?
Would LXD's better user experience be a useful consideration?
What advantages does LXD have over LXC?


Quote
Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

LXC's main focus is system containers. That is, containers which offer an environment as close as possible as the one you'd get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware.

This is achieved through a combination of kernel security features such as namespaces, mandatory access control and control groups.

LXC works in the vanilla Linux kernel requiring no additional patches to be applied to the kernel sources.

The Linux kernel provides the cgroups functionality that allows limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and also the namespace isolation functionality that allows complete isolation of an application's view of the operating environment, including process trees, networking, user IDs and mounted file systems.
https://github.com/lxc/lxc
https://linuxcontainers.org/
https://en.wikipedia.org/wiki/LXC
https://packages.artixlinux.org/packages/?sort=&q=lxc

Quote
LXD is a modern, secure and powerful system container and virtual machine manager.

It provides a unified experience for running and managing full Linux systems inside containers or virtual machines. LXD supports images for a large number of Linux distributions (official Ubuntu images and images provided by the community) and is built around a very powerful, yet pretty simple, REST API. LXD scales from one instance on a single machine to a cluster in a full data center rack, making it suitable for running workloads both for development and in production.

LXD allows you to easily set up a system that feels like a small private cloud. You can run any type of workload in an efficient way while keeping your resources optimized.
https://github.com/canonical/lxd
https://packages.artixlinux.org/packages/?sort=&q=lxd

Quote
Lima launches Linux virtual machines with automatic file sharing and port forwarding (similar to WSL2).

The original goal of Lima was to promote containerd including nerdctl (contaiNERD ctl) to Mac users, but Lima can be used for non-container applications as well.

Lima also supports other container engines (Docker, Podman, Kubernetes, etc.).
Lima supports non-macOS hosts (Linux, NetBSD, etc.).

-Automatic file sharing
-Automatic port forwarding
-Built-in support for containerd (Other container engines can be used too)
-Intel on Intel
-ARM on Intel
-ARM on ARM
-Intel on ARM
-Various guest Linux distributions: AlmaLinux, Alpine, Arch Linux, Debian, Fedora, openSUSE, Oracle Linux, Rocky, Ubuntu (default), …
Related project: sshocker (ssh with file sharing and port forwarding)
https://github.com/lima-vm/lima
https://packages.artixlinux.org/packages/?sort=&q=lima  **Not in the Repository.

Re: Containers for Linux: LXC, LXD, and Lima

Reply #1
Lima on Linux offers no performance improvement as it runs on Qemu.
Qemu with Virt Manager is not a replacement for virtualbox, but far superior.
As an alternative to KVM Qemu you might have a look at the XEN kernel which runs natively on hardware.
As a frontend libvirt's tool virsh can be used.

artist

Re: Containers for Linux: LXC, LXD, and Lima

Reply #2
Quote from: Artist – on
Lima on Linux offers no performance improvement as it runs on Qemu.
Qemu with Virt Manager is not a replacement for virtualbox, but far superior.
As an alternative to KVM Qemu you might have a look at the XEN kernel which runs natively on hardware.
As a frontend libvirt's tool virsh can be used.

artist
Mostly I use wifi. Xen is built for servers with a nic.
This laptop has 4gb of RAM, max upgrade 8gb.
I'm looking for light solutions, Qemu Virtmanager + . heavy solution, depending on VM.
I saw that Lima uses Qemu and is basically a CLI for managing the virtual machines. I assumed it would be lighter than Virtmanager.

Are you saying Virsh is a CLI, like Lima, to manage machines?

LXC would use the existing Kernel to run OS's in containers.
I'm thinking of running Grafana/Loki/Alloy. An Ubuntu minimal server would work.
As an alternative, Syslog-NG has a Linux Auditd Parse function that I could probably run local without a container.

Maybe a container to get Auditd log baselines to see what an isolated environment generates.

Other things I would like to do, ASM programming, Forth Programming, so maybe a container for development.
Learning and projects would be text editor builds (Micro Editor and Micro Emacs are really interesting.)  and maybe a GUI desktop environment like Menuet OS has so I don't have to put up with Xorg vulnerabilities.

X originated at Massachusetts Institute of Technology (MIT) in 1984.
The X protocol has been at version 11 since September 1987.  ???

Re: Containers for Linux: LXC, LXD, and Lima

Reply #3
Quote from: tsedek1 – on
LXC would use the existing Kernel to run OS's in containers.
I'm thinking of running Grafana/Loki/Alloy. An Ubuntu minimal server would work.
Are you sure you need LXC for what? AFAIK OCI containers are better suited for just running single applications whereas LXC is closer to VM by design. Though, i don't have any experience with the latter
To be precise, libvirt runs as a set of daemons managing qemu (or lxc) processes and virsh is default cli to access them
ARMtix
If you need to contact me, use email

Re: Containers for Linux: LXC, LXD, and Lima

Reply #4
Quote from: phoenix_king_rus – on
Quote from: tsedek1 – on
LXC would use the existing Kernel to run OS's in containers.
I'm thinking of running Grafana/Loki/Alloy. An Ubuntu minimal server would work.
Are you sure you need LXC for what? AFAIK OCI containers are better suited for just running single applications whereas LXC is closer to VM by design. Though, i don't have any experience with the latter
To be precise, libvirt runs as a set of daemons managing qemu (or lxc) processes and virsh is default cli to access them
From what I've been reading, LXC is partial virtualization/isolation, where Qemu is full virtualization/isolation.
Full virtualization/Isolation requires more hardware resources (RAM). I'm limited to 4gb.

I would like to have the ability to view logs in a visualization tool to help narrow down searches. Most of the log viz tools are included in log collection suites, usually targeting medium to large organizations, ELK as one example.

If LXC can run an Ubuntu minimal server, then that would keep the resource usage low.
 

Re: Containers for Linux: LXC, LXD, and Lima

Reply #5
Quote from: tsedek1 – on
Quote from: phoenix_king_rus – on

Are you sure you need LXC for what? AFAIK OCI containers are better suited for just running single applications whereas LXC is closer to VM by design. Though, i don't have any experience with the latter
To be precise, libvirt runs as a set of daemons managing qemu (or lxc) processes and virsh is default cli to access them
From what I've been reading, LXC is partial virtualization/isolation, where Qemu is full virtualization/isolation.
Full virtualization/Isolation requires more hardware resources (RAM). I'm limited to 4gb.

I would like to have the ability to view logs in a visualization tool to help narrow down searches. Most of the log viz tools are included in log collection suites, usually targeting medium to large organizations, ELK as one example.

If LXC can run an Ubuntu minimal server, then that would keep the resource usage low.
I mean, OCI containers should have even less footprint compared to LXC
As for logs, a heard about loki by grafana developers which could probably suit you
ARMtix
If you need to contact me, use email

Re: Containers for Linux: LXC, LXD, and Lima

Reply #6
Quote from: phoenix_king_rus – on
Quote from: tsedek1 – on

From what I've been reading, LXC is partial virtualization/isolation, where Qemu is full virtualization/isolation.
Full virtualization/Isolation requires more hardware resources (RAM). I'm limited to 4gb.

I would like to have the ability to view logs in a visualization tool to help narrow down searches. Most of the log viz tools are included in log collection suites, usually targeting medium to large organizations, ELK as one example.

If LXC can run an Ubuntu minimal server, then that would keep the resource usage low.
I mean, OCI containers should have even less footprint compared to LXC
As for logs, a heard about loki by grafana developers which could probably suit you


You are talking to someone who doesn't know what journalctl is but understands Linux containers....and slips anti-semetic tirades into his posting.

Re: Containers for Linux: LXC, LXD, and Lima

Reply #7
Quote from: phoenix_king_rus – on
Quote from: tsedek1 – on

From what I've been reading, LXC is partial virtualization/isolation, where Qemu is full virtualization/isolation.
Full virtualization/Isolation requires more hardware resources (RAM). I'm limited to 4gb.

I would like to have the ability to view logs in a visualization tool to help narrow down searches. Most of the log viz tools are included in log collection suites, usually targeting medium to large organizations, ELK as one example.

If LXC can run an Ubuntu minimal server, then that would keep the resource usage low.
I mean, OCI containers should have even less footprint compared to LXC
As for logs, a heard about loki by grafana developers which could probably suit you

I trigger the OCI containers by using software like 'podman'?

Buildah - A tool which facilitates building OCI images
--The Arch version is compiled with SystemD, and there isn't a version in the artix repo.

Podman - Tool and library for running OCI-based containers in pods
--Is in the Artix repositories

Podman-desktop - Manage Podman and other container engines from a single UI and tray.
--Is not in the Artix Repositories. The Arch Extra Repo version is not compiled with systemd.

Quote
Building disk images

One of the most obvious ways to use a bootable container as an operating system is to build it into a disk image.
The new Bootc Image Builder project is a tool that does exactly that.
Depending on your needs, it can generate different types of disk images:

raw
qcow
iso
vmdk
ami

Podman Desktop provides an easy way to get started with bootable containers and building disk images.

Because bootable containers are just regular containers, you can use all the tools in Podman Desktop to view, push, pull, and tag them using Podman.
You can even build custom bootable container images by including a bootc-compatible base image in the FROM entry of the containerfile.
https://developers.redhat.com/articles/2024/05/07/image-mode-rhel-bootable-containers

From researching using the OCI structure, I would install podman and podman-desktop, then install the Bootable Containers extension from the catalog of podman-desktop.

Do you have an alternative method for using OCI containers?

Re: Containers for Linux: LXC, LXD, and Lima

Reply #8
Quote from: mrbrklyn – on
You are talking to someone who doesn't know what journalctl is but understands Linux containers....and slips anti-semetic tirades into his posting.
My HOW the oldest in the Old City is, yes.

Re: Containers for Linux: LXC, LXD, and Lima

Reply #9
Quote from: Artist – on
Lima on Linux offers no performance improvement as it runs on Qemu.
Qemu with Virt Manager is not a replacement for virtualbox, but far superior.
As an alternative to KVM Qemu you might have a look at the XEN kernel which runs natively on hardware.
As a frontend libvirt's tool virsh can be used.

artist
I did not understand this post with reference to XEN kernel.

Did you mean I should use the Arch 'linux-xen and linux-xen-headers' as a kernel to run in place of the standard Arch 'linux' kernel?
Or did you literally mean using a XEN kernel instead of the Arch Linux Kernels?

Re: Containers for Linux: LXC, LXD, and Lima

Reply #10
Quote from: tsedek1 – on
Podman - Tool and library for running OCI-based containers in pods
--Is in the Artix repositories

Do you have an alternative method for using OCI containers?
Podman or docker is all you need
ARMtix
If you need to contact me, use email

Re: Containers for Linux: LXC, LXD, and Lima

Reply #11
Quote from: phoenix_king_rus – on
Quote from: tsedek1 – on
Podman - Tool and library for running OCI-based containers in pods
--Is in the Artix repositories

Do you have an alternative method for using OCI containers?
Podman or docker is all you need
OK. I'll focus on that then.
Trying to use 'ausearch' to parse a 1gb audit.log is difficult and time intensive. Grafana, Loki, and Alloy can help me focus on what is important within the logs and research potential issues with less guess work.