Introduction to Containers and Docker. Containerization is an approach to software development in which an application or service, its dependencies, and its configuration (abstracted as deployment manifest files) are packaged together as a container image. The containerized application can be tested as a unit and deployed as a container image. Concerning the disk space, you can use qcow2 images that will grow as needed and consume much less space. For example to convert a raw image to a compressed qcow2 file you can use this command: $ qemu-img convert -f raw -O qcow2 -c image.raw image.qcow2. These compressed images can be used directly as golden images. @alexskysilk, Raw format can be used with NFS too and allows clone VM at runtime. Despite of more features that qcow may offer, I think they are useless for many people. I think Performance gain is above any other feature (as far as I know) provided by qcow2 format. Create a Docker image of the raw disk and upload it into a public registry like Oracle Cloud Infrastructure Registry. Clone a disk and create a persistent volume claim with it. All of these options are explained in the KubeVirt GitHub repo and KubeVirt documentation.
| Note: This comparison doesn't include Docker, because Docker is not a virtualization solution. It automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization.[1] |
Disclaimer[edit]
The information regarding Virtuozzo 7 is provided by Virtuozzo. Here is the Virtuozzo's statement regarding this information:
- The information contained herein is intended to outline general product direction and should not be relied upon in making purchasing decisions.
- The content is for informational purposes only and may not be incorporated into any contract.
- The information presented is not a commitment, promise, or legal obligation to deliver any material, code or functionality.
- Any references to the development, release, and timing of any features or functionality described for these products remains at Virtuozzo’s sole discretion.
- Product capabilities, timeframes and features are subject to change and should not be viewed as Virtuozzo commitments.
The information regarding all other solutions are taken by authors from public sources only. This information can be changed by any OpenVZ Wiki user without any notice and author's review or approval.
Feature comparison of different virtualization solutions[edit]
| Feature | Description | OpenVZ | Virtuozzo 6 (PCS 6) | OpenVZ 7 | Virtuozzo 7 | LXC | Proxmox VE | Microsoft Hyper-V 2012 R2 | RHEV 3.5 | Citrix XenServer 6.5 |
|---|---|---|---|---|---|---|---|---|---|---|
| 1. Virtualization platform | ||||||||||
| 1.1. Overview | ||||||||||
| HW virtualization support (Hypervisor) | Full emulation of underneath hardware level: full isolation guest environment, no dependencies from host OS, overhead for hypervisor layer. | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
| OS-level virtualization (Containers) | Sharing the same instance of host OS: high density, high performance, high dependencies from host OS. | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
| Hypervisor technology | Technology that enables to run Virtual Machines. | No | Parallels Desktop Monitor | KVM | KVM | No | KVM | Hyper-V | KVM | Xen |
| Windows guest OS additional support | WHQL-signed drivers, SVVP certification | N/A | Yes | No | Yes | Yes | No | Yes | Yes | Yes |
| Containers technology | Technology that enables to run Containers. | Virtuozzo Containers | Virtuozzo Containers with enhancements | Virtuozzo Containers with enhancements | Virtuozzo Containers with enhancements | Linux containers | LXC (moved from OpenVZ since 4.0) | No | No | No |
| 1.2. Memory | ||||||||||
| Memory Overcommit | Ability to present more memory to virtual machines than physically available | Yes | Yes | Yes, with new VCMMD memory management | Yes, with new VCMMD memory management and different policies | Yes | Yes | Yes | Yes | Yes |
| Page sharing | Memory (RAM) savings through sharing identical memory pages across virtual machines | Yes | Yes, only for CTs | Yes | Yes | Yes | Yes | No | Yes | No |
| Online Memory Management for VM | Ability to change amount of RAM for CT and VM without reboot | No | No | Yes | Yes | N/A | Yes | Yes | No | No |
| 2. Management | ||||||||||
| 2.1. General | ||||||||||
| Unified management tool for CTs and VMs | Single tool for managing both containers and virtual machines (if applicable) | N/A | Yes | Yes | Yes | No | Yes | N/A | N/A | N/A |
| OpenStack integration | Integration with OpenStack components (see details) | Yes, only Nova | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes |
| Integrated GUI | Centralized multi-server management | Yes, 3rd party | Yes, Parallels Virtual Automation (PVA) | No | Yes, Automator | Yes, 3rd party | Yes | Yes, System Center Virtual Machine Manager | Yes, RHEV Manager | Yes, XenCenter |
| 2.2. Upgrade & Backup | ||||||||||
| Live VE snapshot | Ability to take a snapshot of a virtual environment while the guest OS is running (e.g. for roll-back or backup purposes) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Integrated Backup | Are backup plugins/tools provided to backup virtual environments (over and above the ability to perform classic backup using agents in the guests) | No | Yes | No | Yes | No | Yes | Yes | No | No |
| Backup Integration API | Integration with 3rd party backup applications for backup of the virtual environment. | No (only through snapshots) | Yes | No (only through snapshots, new version is not finished yet) | No (only through snapshots, new version is not finished yet) | No (only through snapshots) | Yes (vzdump) | Yes | Yes | No |
| 2.3. Others | ||||||||||
| VEs Templates (VM, CT) | Ability to create and store master images and deploy virtual machines from them | Yes (CT only) | Yes | Yes | Yes | Yes (OpenVZ templates) | Yes | Yes | Yes | Yes |
| P2V migration | Integrated or added P2V (or V2V) capability in order to convert physical systems to virtual environment. | No | Yes | Yes | No, 3rd party tools | No | No, 3rd party tools | Yes | No | No |
| 3. VE Mobility and HA | ||||||||||
| 3.1. VE Mobility | ||||||||||
| Live Migration | Ability to migrate virtual machines between hosts without perceived downtime | Yes, but with no zero downtime | Yes, Kernel-Level Migration | Yes, CRIU for containers | Yes, CRIU for containers | Yes | Yes | Yes | Yes | Yes |
| 3.2. HA / DR | ||||||||||
| Integrated HA | Recover virtual environment in case of host failures through restart on alternative hosts (downtime = restart time) | No | Yes | No | Yes | No | Yes | Yes | Yes | Yes |
| 4. Network and Storage | ||||||||||
| 4.1. Storage | ||||||||||
| Supported Storage | Supported types of Storage (DAS, NAS or SAN) | DAS (EXT4) | NAS (NFS), DAS (EXT4) | DAS (EXT4) | NAS (NFS), DAS (EXT4) | NAS (NFS), DAS (EXT4) | DAS, NAS (NFS, ZFS), SAN (iSCSI), Ceph | DAS, NAS (SMB), SAN (iSCSI, FC, FCoE) | DAS, NAS (NFS), SAN (iSCSI, FC, FCoE) | DAS, NAS (NFS), SAN (iSCSI, FC, FCoE) |
| Virtual Disk Format | Supported format(s) of the virtual disks for the virtual machines | CT - ploop | CT - ploop, VM - ploop | CT - ploop, VM - ploopQcow2 | CT - ploop, VM - ploopQcow2 | Any | Qcow2, vmdk, raw | vhdx, vhd, pass-though (raw) | Qcow2, raw disk | vhd, raw disk |
| Thin Disk Provisioning | Ability to over-commit overall disk space by dynamically growing the size of virtual disks based on actual usage rather than pre-allocating full size. | Yes | Yes | Yes | Yes | Yes, depends on disk format (dm-thin) | Yes, depends on underlying storage driver | Yes | Yes | Yes |
| Software-defined Storage | Enhanced storage capability e.g. providing a virtual SAN through virtualized 'local' storage | No | Yes, Virtuozzo Storage | No | Yes, Virtuozzo Storage | Yes, but 3rd party (DRBD 9, Ceph, GlusterFS) | Yes, but 3rd party (DRBD 9, Ceph, GlusterFS, sheepdog) | Yes, Storage Spaces | Yes, Red Hat Storage | No |
| Storage QoS | Ability to control Quality of Service for Storage I/O or Throughput for CT/VM | Yes | Yes | No | Yes | No | Yes, VMs only | Yes | Yes | Yes |
| 4.2. Network | ||||||||||
| Network QoS | Ability to create and store master images and deploy virtual machines from them | Only bandwidth limits | Only bandwidth limits | Only bandwidth limits | Only bandwidth limits | Only bandwidth limits | Yes, with Open vSwitch | Yes | Yes | Yes |
| 5. Others – most of features are relevant only for Virtuozzo editions | ||||||||||
| Memory deduplication for binary files | Memory and IOPS deduplication management that enables/disables caching for Container directories and files, verifies cache integrity, checks Containers for cache errors, and purges the cache if needed | No | Yes, pfcache | No | Yes, pfcache | No | No | N/A | N/A | N/A |
| Completely isolated disk subsystem for CTs | Yes, ploop | Yes, ploop | Yes, ploop | Yes, ploop | Yes, with LVM or ZFS | Yes, LVM, ZFS, or loop devices | N/A | N/A | N/A | |
| APISDK | OpenVZ API for Ruby, LibVirt | Virtuozzo SDK, LibVirt | Virtuozzo SDK, LibVirt | Virtuozzo SDK, LibVirt | LibLXC, API for Ruby, Python 2, Haskell, Go | Proxmox VE uses a REST like API (JSON data format) | Windows SDK | RHEV-M API: REST API, SDKs | XenAPI, XenServer SDKs | |
| Image Catalog integration | Integration with 3rd-party image catalog services of popular server applications and development environments that can be installed with one click. | No | Yes Application Image Catalog Virtuozzo Application Catalog | No | No | No | Yes (Turnkey) | No | No | No |
| Kernel update without reboot | Integrated ability to upgrade kernel or install security patches without downtime. | No, only 3d party tools | Yes, Rebootless Kernel Update | No | Yes ReadyKernel Service | No, only 3d party tools | No, only 3d party tools | N/A | No, only 3d party tools | No, only 3d party tools |
| Power Panel | A tool used for managing particular virtual machines and containers by their end users. | No | Yes | No | Yes | No | No | No | No | No |
| Secure for using in public networks | Yes | Yes | Yes | Yes | No[2], [3] | No[2], [3] | Yes | Yes | Yes | |
| 6. Commercial | ||||||||||
| Open Source | Yes | No | Yes | No | Yes | Yes | No | No (but there is Open Source edition(oVirt)) | No (but there is Open Source edition) | |
| LicenseSubscription | No | Yes | No | Yes | No | Yes | Yes | Yes | Yes, Enterprise Edition | |
| Support | Both community and commercial support | Commercial support | Community support | Commercial Support | Yes, Canonical Ltd. | Both community and commercial support | Commercial support | Commercial support | Both community and commercial support | |
| EOL policy | 5 years of support | 7 years of support | TBD | 7 years of support | 11 years of support] | |||||
- ↑Wikipedia article about Docker
- ↑ 2.02.1LXC Security Analysis
- ↑ 3.03.1Security issues and mitigations with LXC
Question or issue on macOS:
(Post created on Oct 05 ’16)
I noticed that every time I run an image and delete, my system doesn’t return to the original amount of available space.
The lifecycle I’m applying to my containers is:
[ running on a default mac terminal ]
The containers that are created from custom images, running from node and a standard redis. My OS is OSX 10.11.6.
At the end of the day I see I keep losing Mbs. How can I face this problem?
EDITED POST
2020 and the problem persists, leaving this update for the community:
Today running:
The easiest way to workaround the problem is to prune the system with the Docker utilties.
How to solve this problem?
Solution no. 1:
WARNING:
By default, volumes are not removed to prevent important data from being deleted if there is currently no container using the volume. Use the –volumes flag when running the command to prune volumes as well:
Docker now has a single command to do that:
See the Docker system prune docs
Solution no. 2:
There are three areas of Docker storage that can mount up, because Docker is cautious – it doesn’t automatically remove any of them: exited containers, unused container volumes, unused image layers. In a dev environment with lots of building and running, that can be a lot of disk space.
These three commands clear down anything not being used:
docker rm $(docker ps -f status=exited -aq)– remove stopped containersdocker rmi $(docker images -f 'dangling=true' -q)– remove image layers that are not used in any imagesdocker volume rm $(docker volume ls -qf dangling=true)– remove volumes that are not used by any containers.
These are safe to run, they won’t delete image layers that are referenced by images, or data volumes that are used by containers. You can alias them, and/or put them in a CRON job to regularly clean up the local disk.
Solution no. 3:
Docker Qcow2 Vs Raw Download
It is also worth mentioning that file size of docker.qcow2 (or Docker.raw on High Sierra with Apple Filesystem) can seem very large (~64GiB), larger than it actually is, when using the following command:
ls -klsh Docker.raw
This can be somehow misleading because it will output the logical size of the file rather than its physical size.
To see the physical size of the file you can use this command:
du -h Docker.raw
Source: https://docs.docker.com/docker-for-mac/faqs/#disk-usage
Solution no. 4:
Docker on Mac has an additional problem that is hurting a lot of people: the docker.qcow2 file can grow out of proportions (up to 64gb) and won’t ever shrink back down on its own.
As stated in one of the replies by djs55 this is in the planning to be fixed, but its not a quick fix. Quote:
The .qcow2 is exposed to the VM as a block device with a maximum size
of 64GiB. As new files are created in the filesystem by containers,
new sectors are written to the block device. These new sectors are
appended to the .qcow2 file causing it to grow in size, until it
eventually becomes fully allocated. It stops growing when it hits this
maximum size.
…
We’re hoping to fix this in several stages: (note this is still at the
planning / design stage, but I hope it gives you an idea)
1) we’ll switch to a connection protocol which supports TRIM, and
implement free-block tracking in a metadata file next to the qcow2.
We’ll create a compaction tool which can be run offline to shrink the
disk (a bit like the qemu-img convert but without the dd if=/dev/zero
and it should be fast because it will already know where the empty
space is)
2) we’ll automate running of the compaction tool over VM reboots,
assuming it’s quick enough
3) we’ll switch to an online compactor (which is a bit like a GC in a
programming language)
We’re also looking at making the maximum size of the .qcow2
configurable. Perhaps 64GiB is too large for some environments and a
smaller cap would help?
Update 2019: many updates have been done to Docker for Mac since this answer was posted to help mitigate problems (notably: supporting a different filesystem).
Cleanup is still not fully automatic though, you may need to prune from time to time. For a single command that can help to cleanup disk space, see zhongjiajie’s answer.
Solution no. 5:
Solution no. 6:
Why does the file keep growing?
If Docker is used regularly, the size of the Docker.raw (or Docker.qcow2) can keep growing, even when files are deleted.
To demonstrate the effect, first check the current size of the file on the host:
Note the use of -s which displays the number of filesystem blocks actually used by the file. The number of blocks used is not necessarily the same as the file “size”, as the file can be sparse.
Next start a container in a separate terminal and create a 1GiB file in it:
Back on the host check the file size again:
Note the increase in size from 9964528 to 12061704, where the increase of 2097176512-byte sectors is approximately 1GiB, as expected. If you switch back to the alpine container terminal and delete the file:
then check the file on the host:
The file has not got any smaller! Whatever has happened to the file inside the VM, the host doesn’t seem to know about it.
Next if you re-create the “same” 1GiB file in the container again and then check the size again you will see:
It’s got even bigger! It seems that if you create and destroy files in a loop, the size of the Docker.raw (or Docker.qcow2) will increase up to the upper limit (currently set to 64 GiB), even if the filesystem inside the VM is relatively empty.
The explanation for this odd behaviour lies with how filesystems typically manage blocks. When a file is to be created or extended, the filesystem will find a free block and add it to the file. When a file is removed, the blocks become “free” from the filesystem’s point of view, but no-one tells the disk device. Making matters worse, the newly-freed blocks might not be re-used straight away – it’s completely up to the filesystem’s block allocation algorithm. For example, the algorithm might be designed to favour allocating blocks contiguously for a file: recently-freed blocks are unlikely to be in the ideal place for the file being extended.
Docker Qcow2 Vs Raw Dog Food
Since the block allocator in practice tends to favour unused blocks, the result is that the Docker.raw (or Docker.qcow2) will constantly accumulate new blocks, many of which contain stale data. The file on the host gets larger and larger, even though the filesystem inside the VM still reports plenty of free space.
TRIM
A TRIM command (or a DISCARD or UNMAP) allows a filesystem to signal to a disk that a range of sectors contain stale data and they can be forgotten. This allows:
- an SSD drive to erase and reuse the space, rather than spend time shuffling it around; and
- Docker for Mac to deallocate the blocks in the host filesystem, shrinking the file.
So how do we make this work?
Automatic TRIM in Docker for Mac
In Docker for Mac 17.11 there is a containerd “task” called trim-after-delete listening for Docker image deletion events. It can be seen via the ctr command:
When an image deletion event is received, the process waits for a few seconds (in case other images are being deleted, for example as part of a docker system prune ) and then runs fstrim on the filesystem.
Returning to the example in the previous section, if you delete the 1 GiB file inside the alpine container
then run fstrim manually from a terminal in the host:
then check the file size:
The file is back to (approximately) it’s original size – the space has finally been freed!
Hopefully this blog will be helpful, also checkout the following macos docker utility scripts for this problem:
Solution no. 7:
There are several options on how to limit docker diskspace, I’d start by limiting/rotating the logs: Docker container logs taking all my disk space
E.g. if you have a recent docker version, you can start it with an --log-opt max-size=50m option per container.
Also – if you’ve got old, unused containers, you can consider having a look at the docker logs which are located at /var/lib/docker/containers/*/*-json.log