How are operating system containers different from virtual machines? - operating-system

Everywhere I can see is how Docker can be different from virtual machine but nowhere there is a answer on how basic OS containers are different from virtual machine.
If we consider the basics, it looks like both are same i.e. an operating system is running within a operating system.
Would anybody explain the underlying difference?

Virtual machines
Virtual machines use hardware virtualization. There is an additional layer between the original hardware and the virtual one, that the virtual machine thinks it's real.
This model doesn't reutilize anything from the host's OS. This way, you can run a Windows VM on a Linux host and vice-versa.
System Containers
Systems containers use operating-system-level virtualization. It reutilizes the host kernel from the host OS, and subdivide the real hardware directly to the containers. There isn't an additional layer to access the real hardware and, for this reason, the overhead (or loss of performance) is practically zero.
On the other hand, you can't run a Windows container inside a Linux host OS, since the kernel isn't the same.

Related

Virtual Machine on top of hypervisor(which is on bare metal) without host operating system

Suppose I have a bare metal on which I put Hypervisor. And then I put Oracle Virtual box (which has Linux OS in it).
Is it possible to do this ie is it possible to have a virtual box on top of hypervisor without the host OS on my bare metal hardware?

Turning multiple end user machines (PCs, Macs, RPi ... etc) into one giant k8s cluster

I am new to kuberenetes.
is it possible to turn every end user machine (PCs, Macs, RPi ... etc) who with full consent downloaded my electron research app that should turn their machines into nodes that ultimately comprise a k8s cluster which then i can run kubeflow.org on to do ML research?
Thanks
Kubernetes relies on some container engine. Usually that's docker, there are efforts to create a common container interface for kubernetes and that's where CRI-O comes in, an abstraction that would allow any container engine to run underneath it.
That being said, containers "don't exist" they are a native abstraction in the linux kernel comprised of cgroups and namespaces and what that means is that the abstraction and isolation doesn't live in the hypervisor (which usually talks to the kernel) as is the case with regular virtual machines, but rather in the actual linux kernel.
MacOS uses its own kernel which, to the extent of my knowledge, doesn't support any sort of containers.
Windows does support containers via Hyper-V and i believe that windows server has a more native built-in support for them. See this link for a better explanation https://learn.microsoft.com/en-us/virtualization/windowscontainers/about/ and also for kubernetes https://kubernetes.io/docs/getting-started-guides/windows/.
As far as Raspberry PI goes there is an ongoing effort that brought k8s to ARM see this link (https://github.com/luxas/kubernetes-on-arm). That being said, you need an entire cluster of raspberry pis to actually make that work, as it would require a lot of resources. One raspberry pi won't get you very far.
How to go about this?
You need linux to run kubernetes. Everywhere.
If you want to create a "giant" kubernetes cluster your best bet is to use a virtualization technology for the PC that is running windows or for the Mac and create virtual machines that you can use as kubernetes nodes.
In short, you create virtual machines where there's no Linux and install kubernetes natively where there is.
Parallels, Veertu or plain Xhyve is a good way of running virtualization on MacOs.
VmWare or VirtualBox are good virtualizations for both windows and mac.
Libvirt and virtualbox are good solutions for linux virtualisation.

How does Virtualization works internally?

I was reading about virtualization and a doubt popped in my head. How does virtualization works internally at Operating System level? The topic was discussed in my class and I came across this.
A virtual box runs like a process with some extra privileges on the host operating system.
My doubt is, If VM is running as a process then who provides this extra privilege to it so that it could actually interfere with the underlying OS and hardware resources.
I read what a Hypervisor is: http://searchservervirtualization.techtarget.com/definition/hypervisor
A hypervisor is the connection between VM and host OS. Running hypervisor on a host OS means we will run it as a user process. Again my doubt is the same.
How can a user process (which is a hypervisor) control the host processor and resources? As far as I knew user processes dont have those rights.
Thanks in advance.

Regd Harware assisted Virtualization

I am trying to understand hardware assisted virtualization for a project with ARM CortexA8 and using the ARM Trustzone feature. I am new to this topic therefore I started with Wiki entries to understand more.
Wikipedia explains hardware assisted virtialization and adds a line in the definitionas:
Full virtualization is used to simulate a complete hardware
environment, or virtual machine, in which an unmodified guest
operating system (using the same instruction set as the host machine)
executes in complete isolation.
The text in bold is a bit confusing. How is the same instruction set of the processor used to provide two isolated environment? Can someone explain it? ArmTrustzone manual also talk of a "virtual processor core" to provide security. Please throw some light.
thanks
The phrase "using the same instruction set as the host machine" means that the guest OS is not aware of the virtualization layer and behaves as if it is executed on a real machine (with the same instruction set). This is in contrast to the para-virtualization paradigm in which the guest OS is aware of virtualization and calls some specific VMM functions, i.e. hypercalls.
No, CPU has not additional instructions. Virtual machine instruction set is translated by a hypervisor component called VMM (virtual machine manager) to be executed on the physical CPU.
Physical CPU with assisted Virtualization introduced only a new ring 0 mode called VMX that allow the virtual machine to execute some instructions in ring 0.

Non-Hypervisor Virtualization vs Type2 Hypervisor

According to a marked answer on stackoverflow.com here and another reference here, I understand that :
Hypervisor virtualization = below the OS and a hardware virtualization where the hardware is designed to support virtualization
Non-Hypervisor virtualization = on top of the OS (like an application software), that is purely software virtualization
But we do also have Type1 and Type2 classifications for hypervisors and it seems to me that Type2 is purely Software Virtualization ... so does this mean that Non-Hypervisor Virtualization is equivalent to Type 2 Hypervisor or are there some subtle differences??
Or is it the case that these terms all are loosely defined??
Thanks in advance.
it seems to me that Type2 is purely Software Virtualization
Don't conflate "Type 1 vs Type 2" and "Hardware vs Software" Virtualization. In fact, there is actually a middle ground between hardware and software: There is Full hardware (HVM), "partial" hardware (PVM), and Pure Software (SW).
I'll try to clarify by expanding all 6 combinations:
Type 1 + Full Hardware (HVM) - This allows a hypervisor like Xen HVM to boot an unmodified guest OS. This is actually slow because the hypervisor must decode "telegraph messages" that the guest OS is trying to send to the hardware. (i.e. writing to the disk drive involves repeatedly storing bytes in location 0xblahblah.)
Type 1 + Paravirtualization (PVM) - This is when you modify the guest OS a little to call the Hypervisor directly for some tasks, like disk I/O. This is faster because the guest just says "here, write this page of bytes" and doesn't have to do (virtualized) I/O on each byte. You know you're doing PVM when you install special drivers. Of course, sometimes the OS has virtual drivers built in already. For example, any modern Linux kernel will switch to PVM mode at boot automatically when it detects it's running under Xen, KVM, UML, etc.
Type 1 + Pure Software (SW) - I'm not sure if this exists, but it wouldn't be that hard to build. Since software emulation is slow, the overhead of booting a real OS and running Type 2 isn't a big deal.
Type 2 + Full Hardware (HVM) - This allows you to boot an un-modified Windows under VirtualBox or KVM. You know it's type 2 when you can reboot all your Guests and still play MP3s in the background :)
Type 2 + Paravirtualization (PVM) - This happens any time you install guest drivers, or boot a modern Linux kernel under VirtualBox/KVM.
Type 2 + Pure Software (SW) - early versions of Bochs and Qemu. (Latter versions actually have hardware assisted modes too.) You can tell they are "pure software" because they allow you to run software that you normally can't run without it. (i.e. I've run Windows '95 under Bochs on an ARM processor, and I've booted an ARM distro on an x86 under Qemu.)
There is also another subject that is unlike the above:
Container technology. Containers like Docker/Rkt/LXD don't fit in the above table. Applications in Containers are ordinary programs calling the kernel in ordinary ways, no Hypervisor involved.
It's just that containers use the Kernel features of cgroups and namespaces to make an app "feel" like it's in a VM. Each container gets a 'partitioned' view of the system: It's own filesystem, it's own user IDs, it's own process IDs, it's own hostname + IP address, etc. But from the outside, you can see all processes in all containers with 'ps'.
In my mind, Non-Hypervisor virtualization means a virtualization layer that runs something OTHER than an OS on top of it -- most commonly virtualizing the user-level environment of some other operatoring system. For example, the WINE project is non-hypervisor virtualization -- it allows running win32 programs on a linux (or other) host. There's no attempt to run an actual Windows OS or emulate 'bare' hardware for a virtualized OS. Instead the virtual layer provides the user-level abstractions and system calls for windows directly.
Contrast this with a hypervisor which may be either type 1 (running on bare metal) or type2 (running on an OS) and which provides hardware-level abstractions and which you run an entire OS on top of.
A Hypervisor, by definition, emulates hardware. (That may or may not physically exist) - it may virtualize some as well.
Virtualization intercepts a call and redirects it elsewhere.
They are two different but interrelated topics.
Type 1 Hypervisors run on "bare metal" and sit between the hardware and your virtual operating systems (the hypervisor itself is the operating system). For example, VMWare ESX, Citrix XenServer or Microsoft Hyper-V
Type 2 Hypervisors run on top of your existing operating system and may support either hardware or software virtualization. For example both QEmu and Bochs) emulate an entire CPU, optionally even a different CPU architecture. Both are Type 2 Hypervisors but have significant overhead on performance due to the emulation required.
VMware Workstation/Server/Player/Fusion, Parallels, Virtualbox are all examples of Type 2 hypervisors that support Hardware-assisted Virtualization - this means rather than emulating the CPU instructions, the CPU instructions can pass through directly with no emulation or translation -- effectively running with no loss of performance if the processor supports it.
Next up, non-hypervisor virtualization which is (effectively) application virtualization. The hardware itself is not being emulated in any way at all, the virtualization layer is just intercepting certain system calls and virtualizing those. Examples in this category include VMWare Thinapp, Microsoft App-V and many more. Windows Vista itself virtualizes certain registry and disk writes to areas where the user doesn't have permission to write. This virtualization in Vista is critical for backwards compatibility with many legacy applications.
Finally we have pure emulators - no virtualization is happening here. In this category we have WINE and to some extent Cygwin. Also Bochs fits in this category as well as a Type 2 Hypervisor since there is no virtualization, just hardware emulation. DOSEMU is another one that fits in here.
I'm sure I've missed plenty of examples, but
(I'll post my comment to #answer-16868851 here since I miss few points to fulfill "You must have 50 reputation to comment" requirement)
BraveNewCurrency writes:
Type 1 + Pure Software (SW) - I'm not sure if this exists, but it wouldn't be that hard to build. Since software emulation is slow, the overhead of booting a real OS and running Type 2 isn't a big deal.
So far I've found only one Type 1 hypervisor capable of doing this -- it's VMware ESXi.
vSphere 5 Documentation Center | ESXi Hardware Requirements say:
■ To support 64-bit virtual machines, support for hardware virtualization (Intel VT-x or AMD RVI) must be enabled on x64 CPUs.
Hence, 32-bit guests work without VT-x in it.
As I see zero competition for it camed (either proprietary or opensource), I guess trapping sensitive CPU instructions without VT-x support (that is in Pure Software) is serious challenge in practice.
While following doesn't relate to the original question already, v5.0 (and v4.x) requires 64-bit support from CPU though:
■ ESXi 5.0 will install and run only on servers with 64-bit x86 CPUs.
■ ESXi 5.0 requires a host machine with at least two cores.
Those interested in running Type 1 + SW hypervisor on 32-bit machines (like me) may use it's earlier versions. Minimum system requirements for installing ESXi/ESX (1003661) says:
ESX 3.5.x
The hardware requirements for ESX 3.5.x are the same as those listed in the ESX 3.0.x section, with the following additions.
[...]
ESX 3.0.x
You need these hardware and system resources to install and use ESX 3:
At least two processors:
1500 MHz Intel Xeon and above, or AMD Opteron (32bit mode) for ESX
1500 MHz Intel Xeon and above, or AMD Opteron (32bit mode) for Virtual SMP
1500 MHz Intel Viiv or AMD A64 x2 dual-core processors
+ ESX 3.5 Installation Guide repeats this in following section / subsection:
ESX Server 3 Requirements
This section discusses the minimum and maximum hardware configurations supported by ESX Server 3 version 3.5.
Minimum Server Hardware Requirements
...
Hence, Pure (and 32-bit only) Software :)