Virtualisation
General
- http://en.wikipedia.org/wiki/Virtual_machines
- http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements
- http://en.wikipedia.org/wiki/Hypervisor
- Containers vs Hypervisors: The Battle Has Just Begun [1]
- http://blog.xen.org/index.php/2014/09/08/xen-docker-made-for-each-other
- http://www.brendangregg.com/blog/2014-05-07/what-color-is-your-xen.html [2]
- http://gfxmonk.net/2015/01/04/os-technologies-to-watch.html [3]
Hardware level
grep -E "(vmx|svm)" --color=always /proc/cpuinfo
QEMU
- http://virt-manager.org/
- http://gna.org/projects/qemulaunch
- http://qtemu.org/
- http://sourceforge.net/projects/aqemu/
- https://wiki.gnome.org/action/show/Apps/Boxes?action=show&redirect=Boxes
KVM
- KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko. KVM also requires a modified QEMU although work is underway to get the required changes upstream. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
grep -E "(vmx|svm)" --color=always /proc/cpuinfo
If nothing is displayed after running that command, then your processor does not support hardware virtualization, and you will not be able to use KVM.
Xen
- Xen Hypervisor is an open source virtualization platform that powers the world's largest clouds in production and is the foundation of many commercial products. Xen powers public clouds such as Amazon Web Services, Rackspace Public Cloud and many others. Examples of Xen based server products include Huawei UVP, Oracle VM and XenServer. Examples of client products and appliances include QubesOS, XenClient and Netscaler. Xen is 9 years old, mature and its stability and versatility is second to none.
- http://www.asplund.nu/xencluster/xen-cluster-howto.html
- http://onlamp.com/onlamp/2008/02/05/using-xen-for-high-availabilty-clusters.html
- http://www.tanasi.it/991-making-clusters-with-xen-and-heartbeat.html
VMWare
VirtualBox
VirtualBox config;
- Enable host Linux modules: vboxnetflt and vboxnetadp
- Enable host-only adapter 'virtualbox0' in VB Preferences > Network if not previously enabled, then select in guest preferences
- Keep VM names lowercase and no spaces for easier command-line stuff
Install guest additions for mouse, etc.
Provisioning VirtualBoxes for local dev work;
- Vagrant - VirtualBox provisioning with Puppet, etc.
Vargrant
- Vagrant uses Oracle’s VirtualBox to build configurable, lightweight, and portable virtual machines dynamically. The first couple pages serve to introduce you to Vagrant and what it has to offer while the rest of the guide is a technical walkthrough for building a fully functional web development environment. The getting started guide concludes by explaining how to package the newly created vagrant environment so other developers can get up and running in just a couple commands.
vagrant package --vagrantfile Vagrantfile.pkg --include README.txt stored in ~/.vagrant.d/boxes vagrant box add lucid32 http://files.vagrantup.com/lucid32.box vagrant box remove lucid32 vagrant box list
- Veewee is a tool for easily (and repeatedly) building custom Vagrant base boxes, KVMs, and virtual machine images.
- PuPHPet - A simple GUI to set up virtual machines for PHP Web development.
Other
- bhyve - the "BSD hypervisor" is a legacy-free hypervisor/virtual machine manager developed on FreeBSD and relies on modern CPU features such as Extended Page Tables (EPT) and VirtIO network and storage drivers. bhyve was officially released on January 20th, 2014 as part of FreeBSD 10.0.
Operating system level
- Operating system-level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.
- http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines
- Containers, Not Virtual Machines, Are the Future Cloud [5]
- http://blog.appfog.com/docker-and-the-future-of-the-paas-layer/
- http://www.rackspace.com/blog/get-faster-more-affordable-cloud-applications-with-os-virtualization-containers/
chroot
FreeBSD jail
User-mode Linux
LinuX Containers
- http://l3net.wordpress.com/2013/08/25/debian-virtualization-lxc-network-isolation/
- http://containerops.org/2013/11/19/lxc-networking/ [9]
- http://techblog.stickyworld.com/just-in-time-staging-environments-using-lxc.html
- lmctfy is the open source version of Google’s container stack, which provides Linux application containers.
- warden - Manages isolated, ephemeral, and resource controlled environments.
- wsh - execute command in a Linux Container through unix socket
- Pipework lets you connect together containers in arbitrarily complex scenarios. Pipework works with "plain" LXC containers (created with lxc-start), and therefore, it also works with the awesome Docker.
- http://techcrunch.com/2015/06/22/docker-coreos-google-microsoft-amazon-and-others-agree-to-develop-common-container-standard/ [11]
Docker
- Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider. Uses LXC.
- https://github.com/dotcloud/docker
- https://www.dotcloud.com/ - now renamed Docker Inc.
- Docker Index - container search
Setup
sysctl net.ipv4.ip_forward=1 enable network forwarding
net.ipv4.ip_forward=1 persistent network forwarding, goes in /etc/sysctl.d/docker.conf
sudo <path to>/docker -d & start docker in daemon mode sudo systemctl enable docker start docker as service sudo systemctl start docker start on system boot
ls -lah /var/run/docker.sock exists when docker is running
Notes
Add user to docker group to avoid sudo.
Docker isn't screen/tmux friendly due to tty handling. Easy fix is to ssh in to the instance.
sshd probably doesn't start by default. tis in root path.
/usr/sbin/sshd
If you are behind a proxy you can launch docker with this command
sudo HTTP_PROXY=http://youruserproxy:yourpassword@theaddressproxy:theportproxy/ docker -d &
Commands
# Download an ubuntu image docker pull [name]
docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] docker run ubuntu uname -a # Run an interactive shell in the ubuntu image, # allocate a tty, attach stdin and stdout # To detach the tty without exiting the shell, # use the escape sequence Ctrl-p + Ctrl-q docker run -i -t ubuntu /bin/bash # Bind TCP port 8080 of the container to TCP port 80 on 127.0.0.1 of the host machine. docker run -p 127.0.0.1:80:8080 <image> <cmd> # Bind TCP port 8080 of the container to a dynamically allocated TCP port on 127.0.0.1 of the host machine. docker run -p 127.0.0.1::8080 <image> <cmd> # Bind TCP port 8080 of the container to TCP port 80 on all available interfaces of the host machine. docker run -p 80:8080 <image> <cmd> # Bind TCP port 8080 of the container to a dynamically allocated TCP port on all available interfaces of the host machine. docker run -p 8080 <image> <cmd>
# List your containers docker images # Listing all running containers docker ps
Running docker command returns container ID
# run a process which echoes 'hello world' in every second CONTAINER_ID=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") # attach the console to the container docker attach $CONTAINER_ID # stop an active container docker stop $CONTAINER_ID
# kill an active container docker kill $CONTAINER_ID
# Commit your container to a new named image docker commit <container_id> <some_name>
Guides
- http://www.themiddlewareman.org/2013/09/27/docker-red-hat-openshift-tiping-point-open-paas/
- http://www.docker.io/static/img/about/docker_vm.jpg
- http://www.dockerbook.com/
- http://blog.docker.io/2013/07/docker-desktop-your-desktop-over-ssh-running-inside-of-a-docker-container/
- http://blog.docker.io/2013/07/docker-projects-from-the-docker-community/
- http://blog.docker.io/2013/07/effortless-monitoring-with-collectd-graphite-and-docker/
- http://blog.docker.io/2013/08/introducing-an-interactive-docker-tutorial/
- http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/
- How To Build A 2-Container App with Docker
- http://blog.docker.io/2013/06/14-great-tutorials-on-docker/
- http://crosbymichael.com/dockerfile-deep-dive.html
- Docker and GitHub: Continuous Deployment Made Simple - with linode
- http://3ofcoins.net/2013/09/22/flat-docker-images/
- Docker : The Good Parts [12]
- http://robknight.org.uk/blog/2013/05/drupal-on-docker/
- http://blog.docker.io/2013/09/docker-joyent-openvpn-bliss/
Extra
- boot2docker is a lightweight Linux distribution based on Tiny Core Linux made specifically to run Docker containers. It runs completely from RAM, weights ~38mb and boots in ~5-6s (YMMV).
- dockerlite lets you run Linux apps in lightweight, isolated environments, using LXC (Linux Containers). Using BTRFS snapshots, dockerlite can save the state of a given environment in a frozen "image", and later, create more environments ("containers") out of that image.
- DockerUI is a web interface to interact with the Remote API. The goal is to provide a pure client side implementation so it is effortless to connect and manage docker.
- Docker Desktop - Dockerfile that creates a docker image which, once executed, creates a container that runs X11 and SSH services. The ssh is used to forward X11 and provide you encrypted data communication between the docker container and your local machine. Xpra + Xephyr allows to display the applications running inside of the container such as Firefox, LibreOffice, xterm, etc. with recovery connection capabilities.
- Autodock is a docker automation tool. It automatically sorts servers in your Docker cluster by lowest load. It then distributes the containers you want to create among them. After bootstrapping the containers with Paramiko and Salt it saves this information to the ETCD cluster. Autodock was designed to use saltstack and etcd for configuration management and replication. [14]
- https://github.com/zettio/weave/ - virtual network [17]
Toolbox
Linux-VServer
- Linux-VServer provides virtualization for GNU/Linux systems. This is accomplished by kernel level isolation. It allows to run multiple virtual units at once. Those units are sufficiently isolated to guarantee the required security, but utilize available resources efficiently, as they run on the same kernel.
OpenVZ
- OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated Linux containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files.
CoreOS
- CoreOS is Linux for the container world. Linux kernel + systemd. That's about it. CoreOS has just enough bits to run containers, but does not ship a package manager itself. In fact, the root partition is completely read-only, to guarantee consistency and make updates reliable. Use docker as a package manager to build and push your app. The primitive of an application is a container, not a one-off package. Build containers using docker, by hand, or however you see fit! [21]
- http://www.wired.com/wiredenterprise/2013/08/coreos-the-new-linux/
- https://news.ycombinator.com/item?id=8725222
Lguest
Solaris Containers / Zones
systemd-nspawm
Other
- bhyve - the "BSD hypervisor" is a hypervisor/virtual machine manager developed on FreeBSD and relies on modern CPU features such as Extended Page Tables (EPT) and VirtIO network and storage drivers. [22]
- runC - a CLI tool for spawning and running containers according to the OCP specification. The code can be found on Github. Containers are started as a child process of runC and can be embedded into various other systems without having to run a Docker daemon. runC is built on libcontainer, the same container technology powering millions of Docker Engine installations. Docker images can be run with runC. [23]
- ZeroVM is an open source virtualization technology that is based on the Chromium Native Client (NaCl) project. ZeroVM creates a secure and isolated execution environment which can run a single thread or application. ZeroVM is designed to be lightweight, portable, and can easily be embedded inside of existing storage systems. This functionality allows developers to push their application to their data instead of having to pull their data to their application, as is the case with more traditional architectures.
- Jailhouse is a partitioning Hypervisor based on Linux. It is able to run bare-metal applications or (adapted) operating systems besides Linux. For this purpose it configures CPU and device virtualization features of the hardware platform in a way that none of these domains, called "cells" here, can interfere with each other in an unacceptable way. Jailhouse is optimized for simplicity rather than feature richness. Unlike full-featured Linux-based hypervisors like KVM or Xen, Jailhouse does not support overcommitment of resources like CPUs, RAM or devices. It performs no scheduling and only virtualizes those resources in software, that are essential for a platform and cannot be partitioned in hardware.
- Rump kernels enable you to build the software stack you need without forcing you to reinvent the wheels. The key observation is that a software stack needs driver-like components which are conventionally tightly-knit into operating systems — even if you do not desire the limitations and infrastructure overhead of a given OS, you do need drivers.
We solve the problem by providing free, reusable, componentized, kernel quality drivers such as file systems, POSIX system calls, PCI device drivers and TCP/IP and SCSI protocol stacks. As a production-ready example, we offer the Rumprun unikernel, which clocks in at a few thousand lines of code plus rump kernel components, and supports POSIX'y software directly on both raw hardware and cloud hypervisors such as KVM and Xen.
- https://github.com/rumpkernel/wiki/wiki/Info%3A-Comparison-of-rump-kernels-with-similar-technologies
- https://medium.com/@darrenrush/after-docker-unikernels-and-immutable-infrastructure-93d5a91c849e#.9zoznokpf [24]
Desktop level
Virtual machines
- https://en.wikipedia.org/wiki/Virtual_machine
- https://en.wikipedia.org/wiki/Virtual_appliance - pre-configured virtual machine image, ready to run on a hypervisor
- Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
Disk images
- OVF? OVA? VMDK? – File Formats and Tools for Virtualization
- Converting a virtual disk image: VDI or VMDK to an ISO you can distribute
- http://fds-team.de/cms/articles/2013-12/use-a-real-windows-7-partition-in-virtualbox-kvm-vmware-player-u.html [25]
Bitnami
- http://bitnami.com/stacks
- http://wiki.bitnami.com/Virtual_Appliances_Quick_Start_Guide
- https://en.wikipedia.org/wiki/Bitnami
ZeroVM
Networking
See also Network