Does anyone actually use LXD? I never could figure out the deal with this.
I used to use LXC maybe 5 years ago but I’ve since replaced everything with docker/compose. The main difference between LXC and Docker is that LXC is meant to be more like a Virtual Machine than a container. LXC containers run their own instance of systemd and can run multiple processes easily. Docker is meant to run a single process although people sometimes do hacks with supervisord or s6 overlay to run multiple processes.
At the time LXC didn’t really have a concept of images like Docker, it was just base images like Ubuntu 18.04 or Debian 9 and you’d shell in the container and install your stuff.
LXD is a tool built on top of LXC, confusingly enough the LXD client is called lxc… It’s higher level and might have the ability to use images, not sure, I never felt the need to learn it.
I’ve always used lxc and only recently tried docker.
I really cant wrap my head around all the crazy shit docker alters on your network settings like rewriting a bunch of firewall rules without telling you
Not sure if i was doing something wrong but that was my experience with docker
Docker is spaghetti-ware, they try to control everything, which ironically makes me Isolate my dockers in a vm.
I love it. It’s like a cross between virtual box and docker. You get a container that spins up fast but behaves more like a vm. You can install services, you get an ip address, etc.
But you can do all that in docker? Heck I have full GNOME installs with novnc in docker.
There are a few differences because lxc runs along side the reast of host system rather than the daemonized container service that Docker does.
From the host you can access kernel related controls within the target system. You can see the processes running, perform tuning on them, etc while also having the same kernel level control inside the target. This also means you can have better control over security bu setting group policies, apparmor profiles and system aware firewall rules because you aren’t running your target in a black box.
Their purposes are very different. If you are running a single process for a single purpose you use Docker. When you want yo run a system for a specific service you run lxc. Can you do the opposite within each type? Yep. But that’s not what they are designed for. Can you run a full blown email service with imap and pop, a web server for a webmail client and antivirus services inside a docker container…of course. But all the tuning and configuration is done at the container level which means that we assume all installs and replication must be the same. In lxc i can install the same system but if we want to tweak max memory usage or niceness of a given service you can do that globally or target a specific container while on docker youd have to go to each container to do that work.
