What’s the difference between LXC and manually doing cgroups and namespaces?
So to talk about the power of containers, here’s what I think is interesting and cool. I have ~110 RHEL/CentOS VMs running in my VMware cluster. They have about ~170 vCPUs allotted to them and 532GB of RAM (Disk IO is shared on an all-flash storage array so I’m not considering that). Currently I have about 1.5 vCPUs allotted per VM, but all those VMs are only doing about 12 cores worth of work. That means my hypervisor is spending quite a lot of time scheduling idle cores. I can take these and cram them all on one VM, provision it with 12 cores and cover that load with a lot less CPU overhead. Same thing with RAM, a minimal RHEL/CentOS uses 128MB to just run itself, that’s ~14GB of RAM I can reclaim and use elsewhere.
Looking forward to playing with this stuff more.
At the risk of sounding like an asshole unless you find a specific need for using containers, don’t use containers. It seems analogous to cameras. Don’t go out and buy all the lenses, tried and true methods work just fine for most cases. Software development seems to lend itself to over-complexity way too often. I see this a lot in even senior developers. Take the simplistic approach, add complexity only when it’s necessary.
Except containers are just software. The only inherent cost is learning about containers and having a machine to run docker on.
You don’t need to switch everything over to docker, but it’s easy to get started and play neat tricks like running multiple versions of software simultaneously and testing different Linux distributions.
Containers are great for both software development and deployment. And for software development, I can speak from experience that you can create a minimal and consistent development environment for your project across developers and, more importantly, create sandboxed and disposable test environments for testing, continuous integration testing in particular.
So, funny story, this happened to me a few days ago at work.
I had written a little command line tool to import/export stuff (and do other helpful things) for our content management system, and a lot of developers use it to quickly pull in articles from the production server to diagnose issues and test edge cases against the code they’re writing.
One day, I got a slack message from one of our developers, asking me if the api keys for our qa servers have changed. I immediately assumed they were using the current one and that something had gone wrong with our (somewhat jury-rigged, because our ops team is still in the process of learning Docker) QA servers, and I started testing the tool against them. Everything was fine. I thought they might have been trying to run the command against a different server, but they sent me the url they used and it was fine as well.
Then I asked them to send me the full command they had typed in, and it looked like this:
clay import --key 8quwqwer09ewr0w9uer http://qa.ourwebsite.com < path/to/a/file
Where did that api key come from? The README from the tool’s public github repo.
(My bad assumption, of course, was that developers would understand that api keys used as examples in a public github repo wouldn’t be the real ones. Correcting assumptions is the hardest problem in computer science.)
3 Likes
Has anyone here used firecracker? How do you like it?
Apparently it’s what AWS uses to run lambda. Supposedly can launch a “microvm” in 125ms.
This sounds much better to me than Dockers.
Never heard of it before now. I generally try to avoid vm/container stuff unless it’s truly necessary. If you get a cloud hosted instance, it’s already a virtual machine. Yo dawg, why run vms in a vm? Instead of paying for one big instance and having it run many things in different containers, just spin up a lot of instances. You don’t have to worry about containerizing if every part of your stack has its own computer to itself.
1 Like
I mean, yeah. No containers is ideal.
Sounds better than Dockers, for something like AI Ants Challenge.