Performance analysis: Docker > KVM


#1

I tried to create an oversimplified topic title to save time. It’s not that simple, but that’s the gist of it:

  • Docker containers may be better for MaidSafe hosting
  • Various combos (Docker inside of a KVM VM, two dockers inside of 2 KVMs, one of which is used for farming, another as client)

In this paper, we explore the performance of traditional
virtual machine deployments, and contrast them with the use
of Linux containers. We use a suite of workloads that stress
the CPU, memory, storage and networking resources.

WARNING
Tile contains corporate logos and trademarks which may be construed as blatant advertising and spamming.


#2

Docker should be faster than virtual machines. A process in docker is scheduled by the same kernel running on the host machine. The overhead is in the namespaces - a docker container can only “see” processes running in the container. A virtual machine is simulating an entire computer. A separate kernel schedules a process whose code is somehow shoveled to the process running on the host which is scheduled by the host kernel. I honestly have no idea how that portion works (the shoveling portion in particular), but it seems likely that it is more expensive than the namespacing concept.

One thing to keep in mind is that you won’t be simulating a linux distribution exactly with docker. The init scripts, filesystem layout, etc. will all match the distribution, but the kernel may not. This is the side effect of running everything in one kernel. So any QA trying to test the exact environment of a linux distribution x.x will have to install it as a host or use a virtual machine.


#3

Yes, hence the combos (can run a VM or two for various QA tasks, but then can also have 1 or more Docker setups inside of each, such as 1 container for Vaults, 1 for app development/testing).
It seems Ubuntu 14.04 is quite popular here so I may run Docker on that, although I haven’t decided yet (I may buy a dedicated Atom server and just run on top of physical h/w).


#4

But why run docker in the kvm instance as the original post seemed to suggest? I guess if docker didn’t play nicely with the host…


#5

If my OS/hypervisor is KVM (presumably it’s CentOS or RHEL) and I don’t want to deal with that OS, then I’d need to have a VM - for example Ubuntu 14.04 which seems popular among MaidSafe devs - and in it I may stick 2 containers (my MaidSafe vaults + a MaidSafe client).

And if I’m developing (I won’t be, I’m not a dev, but maybe I’ll be testing/evaluating/integrating) MaidSafe for Windows, Ubuntu 12.04, etc. I may want to have additional VMs and maybe even multiple app containers in each (say, you want different versions of PHP for different apps, and so on).

I’m hoping to contain such madness to my VMware Workstation and keep my “production” MaidSafe system much simpler, of course… Hopefully Ubuntu 14.04 with 3 Docker app containers (prod, test/dev, and client?).


#6

I found this nice explanation of Docker and how it works.

It starts with quite a long winded explanation of what docker is and what problems it is designed to solve, but still worth it for me, and then goes into some really nice hands on demos that show how to create, manage and publish docker images. It explains how only diffs are shipped because it works similar to git, making deploying incremental builds very efficient. Also how docker containers can expose and discover ports, and so on.

He doesn’t mention @vtnerd’s point about kernel versions so that was useful to note.

Introduction to Docker: dotCloud founder and CTO Solomon Hykes recently stopped by Twitter HQ to show us Docker, an open source project designed to easily create
lightweight, portable, self-sufficient containers from any application.

47 minutes…


#7