13

A question came up as I was giving a presentation on Docker to my team that I didn't know how to answer.

Many of the prebuilt containers on Docker Hub, for just one example the jboss/wildfly container, are built on top of containers for a specific OS (Ubuntu, CentOS, etc.). A few of these containers ARE in fact nothing but containers for these OSes.

Yet Docker's main raison d'etre, it's prime claim to fame, the basis of its claim that it is better than Virtual Machine technologies, is that it is lighter weight because it doesn't need to be built on top of an OS. But if this is so and most containers include an OS does this not defeat the purpose and invalidate the claim?

So what IS in these OS Docker images, and how is the claim of lighter weight still able to be made? Is it some stripped down version of an OS?

Can one make a Docker image that is not built on top of an OS? What determines when an application gets OS services from the OS embedded in the container, as opposed to getting OS services from the host?

Steve Cohen
  • 4,679
  • 9
  • 51
  • 89
  • 1
    As far as I understand it, Docker gives close to native speeds as there is no emulation needed, It uses part of the Linux Kernel itself. The down side being that a container is not as portable, as it can no longer emulate code. Docker uses LXC. The containers linked are compatible with other OS, the base containers are more flexible for non standard software. – exussum Jun 09 '15 at 20:39
  • I think the "lightweight" claim of Docker is to be understood on a performance aspect. And indeed, containers run faster than usual VMs because they don't need to emulate stuff like hardware or the kernel. – Elouan Keryell-Even Dec 16 '15 at 07:29

1 Answers1

4

A Docker image (which will most likely contain the base system from a Linux distribution), is read only and is augmented with several layers that are enabled as you write to a location. So you can share the base image and have "add-ons" if you will. This is called a union file system. The docker documentation provides more information here. This kind of sharing makes Docker consume less resources (fs space in this case) compared to VMs, where you'd have to install a new distribution on each.

Note that you don't have to have a full Ubuntu installation (the kernel is shared with the host system, anyway), it is just that most of it is usually required by the applications you want to run in your container. You can easily find images that are stripped down, omitting files not needed to run most applications while still being viable for many targets (so you can still share the base image, see above).

mabi
  • 5,279
  • 2
  • 43
  • 78
  • this is interesting but doesn't quite answer my question. In the picture at your link, what is the size of the debian base image relative to the host os and why is it needed? Why doesn't the need for this inclusion of an OS invalidate the claim that it's a smaller footprint than a VM? Is it because it's only a subset, or some other reason? – Steve Cohen Jun 09 '15 at 21:14
  • Commenting in response to your modifications: ok, but how do I see what's in the base image? For a rough idea, I decided to compare the /bin directory in the host with the /bin directory of the container. The latter contains many files not contained in the former and when they are contained in both places, those in the container are larger. Can you give a rough idea of the kinds of things in the host os that are not included (repeated) in the image os? – Steve Cohen Jun 09 '15 at 21:51
  • 1
    The answer to that hugely depends on the base image you'd use. Images you download from the net have no specific target audience so are probably geared towards multi-purpose and thus not terribly efficient. [This guide](http://www.projectatomic.io/docs/docker-building-images/) also points out how to inspect images (via running `/bin/bash` for the base image). There are [several](https://github.com/phusion/baseimage-docker) [attempts](http://stackoverflow.com/a/27384694/785663) to cut the size of the base image down. Whether they help depends on your specific needs. – mabi Jun 10 '15 at 09:23
  • With that, I'm going to accept your answer. Thanks very much. – Steve Cohen Jun 10 '15 at 14:15
  • Glad it helped (somewhat). – mabi Jun 10 '15 at 14:24