Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News FOSDEM Virtualization: Docker Containers in Foreman and LXD

FOSDEM Virtualization: Docker Containers in Foreman and LXD

This item in japanese


Daniel Lobato, software engineer at Red Hat, presented the new Foreman features to manage Docker containers, and Serge Hallyn, member of Ubuntu server team, introduced the new LXD project, the Linux container daemon, at the FOSDEM virtualization developer room.

Provision and Manage Docker Containers with Foreman

Daniel Lobato presented on Foreman, an open source lifecycle management tool for physical and virtual servers, allowing system administrators to automate repetitive tasks and server configuration, a project used by Mozilla, BBC and the CERN.

Foreman centralizes the systems infrastructure management, including physical hosts, virtual machines and now containers, and also managing configurations, integrating with Puppet or Chef.

Foreman integrates with Katello and Pulp, which includes Docker repository management since version 2.5, allowing staging Docker images across multiple environments, i.e. development and production. It provides a REST API that can be used with machines in multiple virtual and cloud environments (GCE, EC2, OpenStack,...) as well as bare metal. The operations can be done through the web UI or the API.

Foreman provides a central space to provision and manage containers, managing combined environments that include virtual and physical servers too. Provisioning can be done with iPXE, Cloud-init, user data,... depending on the environment and the operating system, and now it can be done with Dockerfiles too.

Features role based access control (RBAC), using different roles to handle operations on containers such as view or create container, with the ability of applying them based on location, i.e. datacenter. The goal is to handle the Docker host security, because if a user has access to the host it means having access to all the containers running, so Foreman provides that layer of authorization and access control to containers.

Foreman adds on top of Docker:

  • Compute resource security.
  • Registry management.
  • Multi-container operations.
  • Monitoring.

Plus more features that can be added in the form of Foreman plugins, for instance the planned orchestration through Kubernetes.

LXD: the Container Hypervisor

Serge Hallyn, member of Ubuntu server team and upstream LXC developer, presented about the new LXD project, the Linux container daemon.

LXC was designed from scratch after the work in Linux-VServer, a virtual private server implementation created by adding operating system-level virtualization capabilities to the Linux kernel, and OpenVZ, container-based virtualization for Linux, was not accepted in the kernel.

LXD is a new project under the LXC community, based on LXC, and using LXC golang API bindings. LXD can run on Ubuntu and spin up instances of any other Linux.

It is composed of a daemon that can do hypervisor-like operations, a REST API for managing system containers, and a framework for managing container images, providing security by default, with user namespaces, cgroups, AppArmor and seccomp.

LXD 0.1 has just been released, with basic container management. Planned features for next versions include live migration, legacy image stores, local image server or an events interface for long running operations.

Rate this Article