I think that's the way the landscape is changing.. light weight and easily-managed containers rather than virtualizing entire systems.
It's just one level of abstraction up. First the hardware was abstracted, and now the OS is abstracted. Once we can reliably and seamlessly shift applications (not VMs) around generic pools of compute resources, to coin a phrase, you're going to see some serious shit!
It may very well go that way, but I think unikernels (like MirageOS (http://http://www.openmirage.org/) are very interesting as well. A paravirtualized unikernel should be able to carry less overhead than regular virtualized OSs and be able to operate completely in ring0/kernelspace.
Pair that with all the hw acceleration for virtualization available these days and you may get some pretty lean and fast virtualization that also more easily support hybrid deployments (Container software needs to be built for specific container host OSs and libs(depending on how much is bundled in each container)).
Also, the security implications of containers vs (para)-virtualization are different, so I think my personal jury's still out on that one too.
But I do agree that these are interesting times, for sure. And containers may win, I just don't think it's a done deal just yet. :)
This is not a swipe at Docker; it's an interesting technology if you're running Linux and I'm sure it will be very valuable to many.
However, let's not forget that Solaris had this functionality first.
Solaris has offered hypervisor-level virtualization (LDOMS) on SPARC, light-weight "virtualization" (Containers/Zones) on SPARC/x86, and now offers full system virtualization out of the box (Kernel Zones) SPARC/x86.
And there's also OpenStack and Puppet system management integration in Solaris 11.2+.
Not really. Even in an absolute sense, linux-vserver is/was contemporary with zones.
Yes, in the sense that partitioning technology isn't new. zones and jails are comparable to vserver/openvz/lxc. vpars, lpars, and ldoms have analogues on mainframes. Various hypervisor technologies (xen, kvm, vmkernel) are also not unique to solaris, and were done on Linux.
What Docker offers that none of these do not is that it's containerization for applications without the "weight" of even zones. It's not virtualizing systems. It's starting one application in its own container. That's it.
I don't know who's spreading this "Docker is just like zones" FUD, but it's wrong. Linux has had container-level virtualization for a decade, and LXC has had mainline support for a while. Docker builds on that, but it's different.
At the same time, EMC is not shitting themselves over docker. Application containers will not replace traditional or container virtualization for all workloads. But they will for some.
linux-vserver is not contemporary with zones. If you think that it is, you haven't looked at Solaris zones technology very carefully.
linux-vserver requires the kernel to be patched; Solaris zones does not.
linux-vserver has no clustering or process migration capability; Solaris zones in combination with LDOMs gives you a path for live migration.
linux-vserver networking is based on isolation, not virtualization. This means each virtual server can't create its own internal routing or firewall setup -- Solaris zones can.
linux-vserver doesn't fully virtualize the system; clock, parts of /proc and /sys are not virtualized.
So no, linux-vservers are not equivalents.
Yes, docker offers containerization -- but not sufficient containerization. Certainly not sufficient for security purposes as have come up repeatedly in recent history.
As for the "weight" of zones; I don't know what "weight" you're talking about. Solaris zones have almost no overhead at all. They use some disk space, but we're talking less than 300MB if I recall correctly at most in a default configuration. And Solaris Zones give you several advantages that Docker doesn't provide.
Regardless, I'm certain that for some specific use cases, Docker will prove an appropriate technology.
This is not something you agree or disgree with. The Linux technologies mentioned _was_ contemporary, or in specific cases even pre-dates, zones.
The rest is just not a one-to-one comparison. The fact that Linux requires the kernel to be patched is a cultural thing. That is how new functionality is distributed in Linux land.
Linux-vserver also does not, as you mention, offer comparable functionality. Solaris Zones works differently, and the only cases where you can compare them is where their use cases overlap. But you will see much more overlap with something like LXC.
Any direct comparion is moot however, as Sun/Oracle does not want these technologies to be adopted in Linux. They can at most serve as (valuable) proof of concepts on how the implementation works in the real world as Linux slowly gains corresponding functionality. And it increasingly looks like Docker is part of this picture.
Regardless, I disagree with the assertion. linux-vservers barely had their first 1.0 release about a year (2004) before the release of Solaris Zones as a beta. It's likely that the actual development of Solaris zones started around the same time as linux-vservers.
Even if you were to successfully argue that it "predates" Solaris zones -- it doesn't predate them by very much.
The fact that Linux requires the kernel to be patched is not just a cultural thing; it's a very large additional maintenance cost and proves that linux-vserver wasn't valuable to go and stay in the mainline kernel. I spent enough years maintaining Linux servers that required mainline kernel patches (such as a workstation at home) that I grow tired of it.
You can't blame Sun/Oracle for the failure of Linux to produce a completely equivalent technology.
The primary problem is that none of the mainstream Linux distributions have chosen to actually build a fully-architected platform including both the kernel and userland. The OpenStack project is finally forcing some of them to do that, but until they have a filesystem just as capable as ZFS (btrfs someday?), a packaging system that's just as deterministic and capable as IPS (Nix someday?), they'll always be a little bit behind.
Integration matters in the operating system; it makes a huge difference in terms of capability, reliability, and user experience.
In the end, use the right OS for the right job. I happen to believe Solaris is the right OS for servers, but I develop and distribute software for Windows, Mac OS X, Solaris, and Linux as I think they are either great or generally reasonable desktop OS systems.
It's unreasonable to compare the functionality of zones in 2014 with their functionality in 2005, when vserver was contemporary and the principal containerization solution.
In 2014, you'll find that LXC or OpenVZ (or Xen paravirt in some environments) are the preferred virtualization solutions and have been for years, which have every advantage zones have.
By "weight" of zones, I mean that they're still effectively Solaris containers running init and basic services. Linux containers do this. Docker doesn't. It's app virtualization.
How is it unreasonable to compare the functionality of zones in 2014 to linux-vservers which are also under active development in 2014?
You're going to have to provide some actual data to support your assertion that linux-vserver was ever the "principal containerization solution".
LXC and OpenVZ do not have every advantage zones have; zones have other advantages because they're integrated with OS features that only Solaris (and derivative) operating systems have out-of-the-box -- such as ZFS. Which provides the ability to rapidly snapshot, clone and deploy containers. Zones also have other advantages that LXC and OpenVZ do not because of the networking stack features offered in Solaris.
The so-called "weight" of init and basic services is meaningless. But don't take my word for it, just download the Solaris 11.2 Beta and try it for yourself. Theorising about the potential "weight" of init and basic services (which are fairly minimal) is premature optimisation.
As I said before, Docker doesn't provide the full security isolation that Solaris Zones does; I'm sure it's the right style of solution for specific cases, but it is not an appropriate general solution for isolation or containerisation.
You wrote whole paragraph about what it isn't. But what is it then that make Docker not just LXC (other container) + scripts to manage applications in it. One could presumable still spawn a single application on any OS...
While Docker is built on top of libcontainer and cgroups (used to be LXC), traditional containers, including LXC and zones, start init and enough services to look like a "normal" system. You can still use rc.local to manage applications if you want to, I guess.
Docker is a build system for containers which run /bin/foo as PID1, with no services, no ssh, and no init (which presents other problems reaping children, handling sigterm, etc). It's containerization for application virtualization.
It's analogous to App-V or an Application LPAR, if such a thing existed, but these are both good examples.
My complaint to the previous poster is mostly that it differs in the same way that an Application WPAR differs from a WPAR. Yes, they're the same base. No, they're not the same thing.
> light weight and easily-managed containers rather than virtualizing entire systems.
Not if lighweight easily-manage containers can run Windows. Not just windows but any non-matching-with-host-kernel OS-es so nobody is eating VMWare's lunch yet.
I think after the baby boomers have left the picture in business, windows will slowly die out. Developers today are using OSX and Linux. Don't quote me, but traditional schools are the only ones using windows. My college does, and I honestly think its a learning point for all developers to know Linux over windows because of usage around the world. Tech companies are dropping windows for the opposing systems because of speed, reliability, and the current trend in design. With this happening all development, or at least what I'm seeing in the web, is mainly done on OSX or Linux. Therefore it make sense that lightweight containers will eventually eat VMWares lunch.
I was just thinking what a pain it is to have to use VMs/ssh in order to get access to containers from my Mac OS machine. It made be (semi-seriously) consider getting a Linux machine as my next laptop. I'm still a bit skeptical but it is a start to think about it.
I think the only ones that really ran with KVM were/are Joyent with their Smart OS - combining (some of the) tooling/tech that makes Solaris Zones great with a Free and Open operating system, freedom from Sun/Oracle and support for many guest platforms (and/or low overhead "native" zones).
I think the only real downside of Smart OS is the same as with Open Solaris (or pretty much any other "it isn't Linux"-unix-like OS'): drivers and hw support.
The great thing with Linux as a host, is that (edge cases excepted) you can literally run in on your entire infrastructure (right now, or in the near probable future) -- from phones and tablets via desktops and laptops through servers, clusters and pretty much anything beyond.
I'm sure we'll see some backlashes from the new monoculture, but I think overall it's a bright future.
And we can have our occasional parties arguing for why everyone should really use (Dragonfly|Free|Open)BSD/(Open)Solaris/Plan9 because it has X, does Y better and has more consistent and better documentation.
lxc is lighter weight. just like 5% page size saves millions in bandwidth. 5% cpu overhead saves in electricity and hardware costs. Assuming all other things being equal (I know they aren't - but security, tooling, and management can be improved) vmware has inherent overhead of the hypervisor that's not an issue with lxc.
It's just one level of abstraction up. First the hardware was abstracted, and now the OS is abstracted. Once we can reliably and seamlessly shift applications (not VMs) around generic pools of compute resources, to coin a phrase, you're going to see some serious shit!
Interesting times we live in.