Content deleted Content added
→{{Anchor|IMPLEMENTATIONS}}Implementations: add missing author in reference |
No edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
Line 2:
{{More citations needed|date=November 2020}}
'''OS-level virtualization''' is an [[operating system]] (OS) [[virtualization]] paradigm in which the [[Kernel (operating system)|kernel]] allows the existence of multiple isolated [[user space and kernel space|user space]] instances, including '''containers''' ([[LXC]], [[Solaris Containers]], AIX [[Workload_Partitions|WPARs]], HP-UX SRP Containers, [[Docker (software)|Docker]], [[Podman]], [[Guix]]), '''zones''' ([[Solaris Containers]]), '''virtual private servers''' ([[OpenVZ]]), '''partitions''', '''virtual environments''' ('''VEs'''), '''virtual kernels''' ([[vkernel|DragonFly BSD]]), and '''jails''' ([[FreeBSD jail]] and [[chroot]]).<ref>{{Cite web |url=https://www.networkworld.com/article/749098/cisco-subnet-software-containers-used-more-frequently-than-most-realize.html |title=Software containers: Used more frequently than most realize |last1=Hogg |first1=Scott |date=2014-05-26 |website=[[Network World]] |publisher=Network world, Inc. |access-date=2015-07-09 |quote=There are many other OS-level virtualization systems such as: Linux OpenVZ, Linux-VServer, FreeBSD Jails, AIX Workload Partitions (WPARs), HP-UX Containers (SRP), Solaris Containers, among others. }}</ref> Such instances may look like real computers from the point of view of programs running in them. A [[computer program]] running on an ordinary operating system can see all resources (connected devices, files and folders, [[Shared resource|network shares]], CPU power, quantifiable hardware capabilities) of that computer. Programs running inside a [[Containerization (computing)|container]] can only see the container's contents and devices assigned to the container.
On [[Unix-like]] operating systems, this feature can be seen as an advanced implementation of the standard [[chroot]] mechanism, which changes the apparent root folder for the current running process and its children. In addition to isolation mechanisms, the kernel often provides [[Resource management (computing)|resource-management]] features to limit the impact of one container's activities on other containers. Linux containers are all based on the virtualization, isolation, and resource management mechanisms provided by the [[Linux kernel]], notably [[Linux namespaces]] and [[cgroups]].<ref>{{cite web|url=http://www.netdevconf.org/1.1/proceedings/slides/rosen-namespaces-cgroups-lxc.pdf|title=Namespaces and Cgroups, the basis of Linux Containers|first=Rosen|last=Rami|access-date=18 August 2016}}</ref>
Line 28:
=== Flexibility ===
Operating-system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with [[Linux]], different distributions are fine, but other operating systems such as Windows cannot be hosted. Operating systems using variable input systematics are subject to limitations within the virtualized architecture. Adaptation methods including cloud-server relay analytics maintain the OS-level virtual environment within these applications.<ref>{{Cite book |last1=Huang |first1=D. |title=Proceedings of the 10th Parallel Data Storage Workshop |chapter=Experiences in using os-level virtualization for block I/O |year=2015|pages=13–18 |url=https://www.pdsw.org/pdsw15/papers/p13-huang.pdf |doi=10.1145/2834976.2834982 |isbn=9781450340083 |s2cid=3867190 }}</ref>
[[Oracle Solaris|Solaris]] partially overcomes the limitation described above with its [[branded zones]] feature, which provides the ability to run an environment within a container that emulates an older [[Solaris 8]] or 9 version in a Solaris 10 host. Linux branded zones (referred to as "lx" branded zones) are also available on [[x86]]-based Solaris systems, providing a complete Linux [[user space and kernel space|user space]] and support for the execution of Linux applications; additionally, Solaris provides utilities needed to install [[Red Hat Enterprise Linux]] 3.x or [[CentOS]] 3.x [[Linux distribution]]s inside "lx" zones.<ref>{{Cite web |url=http://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/zones.intro-1/index.html |title=System administration guide: Oracle Solaris containers-resource management and Oracle Solaris zones, Chapter 16: Introduction to Solaris zones |year=2010 |access-date=2014-09-02 |publisher=[[Oracle Corporation]] }}</ref><ref>{{Cite web |url=http://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/gchhy/index.html |title=System administration guide: Oracle Solaris containers-resource management and Oracle Solaris zones, Chapter 31: About branded zones and the Linux branded zone |year=2010 |access-date=2014-09-02 |publisher=[[Oracle Corporation]] }}</ref> However, in 2010 Linux branded zones were removed from Solaris; in 2014 they were reintroduced in [[Illumos]], which is the [[open source]] Solaris fork, supporting 32-bit [[Linux kernel]]s.<ref>{{Cite web |url=http://www.slideshare.net/bcantrill/illumos-lx |title=The dream is alive! Running Linux containers on an illumos kernel |date=2014-09-28 |access-date=2014-10-10 |author=Bryan Cantrill |website=slideshare.net }}</ref>
Line 187:
| {{Yes}}
| {{Yes}}
| {{Yes}}{{Efn|name="crossbow"|See [[Solaris network virtualization and resource control]] for more details.}}<ref>[http://www.opensolaris.org/os/project/crossbow/faq/ Network virtualization and resource control (Crossbow) FAQ] {{Webarchive|url=https://web.archive.org/web/20080601182802/http://www.opensolaris.org/os/project/crossbow/faq/ |date=2008-06-01 }}</ref><ref>{{Cite web |url=https://docs.oracle.com/cd/
| {{Partial}}{{Efn|name="solaris-nested"|Only when top level is a KVM zone (illumos) or a kz zone (Oracle).}}
| {{Partial}}{{Efn|name="kernelzone"|Starting in Solaris 11.3 Beta, Solaris Kernel Zones may use live migration.}}{{Efn|name="coldmig"|Cold migration (shutdown-move-restart) is implemented.}}
Line 332:
* [[LXC#LXD|LXD]], an alternative wrapper around [[LXC]] developed by [[Canonical (company)|Canonical]]<ref>{{Cite web |access-date=2021-02-11 |title=LXD |url=https://linuxcontainers.org/lxd/ |website=linuxcontainers.org }}</ref>
*[[Podman]],<ref>[https://indico.cern.ch/event/757415/contributions/3421994/attachments/1855302/3047064/Podman_Rootless_Containers.pdf Rootless containers with Podman and fuse-overlayfs], CERN workshop, 2019-06-04</ref> an advanced Kubernetes ready root-less secure drop-in replacement for Docker with support for multiple container image formats, including OCI and Docker images
* [[Charliecloud]], a set of container tools used on HPC systems<ref>{{Cite web |url=https://
* [[Kata Containers]] MicroVM Platform<ref>{{Cite web |url=https://katacontainers.io/ |title=Home |website=katacontainers.io}}</ref>
* Bottlerocket is a Linux-based open-source operating system that is purpose-built by [[Amazon Web Services]] for running containers on virtual machines or bare metal hosts<ref>{{Cite web |url=https://aws.amazon.com/bottlerocket/ |title=Bottlerocket
* [[Azure Linux]] is an open-source Linux distribution that is purpose-built by [[Microsoft Azure]] and similar to [[Fedora Linux#CoreOS|Fedora CoreOS]]
Line 363:
* [https://www.kernelthread.com/publications/virtualization/ An introduction to virtualization] {{Webarchive|url=https://web.archive.org/web/20191128152118/http://www.kernelthread.com/publications/virtualization |date=2019-11-28 }}
* [https://wiki.openvz.org/Introduction_to_virtualization A short intro to three different virtualization techniques]
* [https://thijs.ai/papers/scheepers-virtualization-containerization.pdf Virtualization and containerization of application infrastructure: A comparison] {{Webarchive|url=https://web.archive.org/web/20230315103310/https://thijs.ai/papers/scheepers-virtualization-containerization.pdf |date=2023-03-15 }}, June 22, 2015, by Mathijs Jeroen Scheepers
* [https://lwn.net/Articles/646054/ Containers and persistent data], [[LWN.net]], May 28, 2015, by Josh Berkus
| |||