汉英对照:
Chinese-English Translation:
LXC是一种操作系统层虚拟化技术,为Linux内核容器功能的一个用户空间接口。它将应用软件系统打包成一个软件容器,内含应用软件本身的代码,以及所需要的操作系统核心和库。
LxC is an operating system layer virtualization technology, which is a user space interface of Linux kernel container function. It packages the application software system into a software container, containing the code of the application software itself, as well as the required operating system core and library.
LXC,其名称来自 Linux 软件容器的缩写,一种操作系统层虚拟化技术,为 Linux 内核容器功能的一个用户空间接口。它将应用软件系统打包成一个软件容器,内含应用软件本身的代码,以及所需要的操作系统核心和库。
LxC, whose name comes from the abbreviation of Linux Software container, is an operating system layer virtualization technology and a user space interface of Linux kernel container function. It packages the application software system into a software container, containing the code of the application software itself, as well as the required operating system core and library.
透过统一的名字空间和共享 API 来分配不同软件容器的可用硬件资源,创造出应用程序的独立沙箱运行环境,使得 Linux 用户可以容易的创建和管理系统或应用容器。
Through the unified name space and shared API, the available hardware resources of different software containers are allocated, and the independent sandbox running environment of application programs is created, so that Linux users can easily create and manage system or application containers.
在 Linux 内核中,提供了 cgroups 功能,来达成资源的区隔化。它同时也提供了名称空间区隔化的功能,使应用程序看到的操作系统环境被区隔成独立区间,包括行程树,网络,用户 id,以及挂载的文件系统。但是 cgroups 并不一定需要引导任何虚拟机。
In Linux kernel, cgroups function is provided to achieve resource partition. At the same time, it also provides the function of distinguishing the name space, so that the operating system environment seen by the application is partitioned into independent intervals, including itinerary tree, network, user ID, and mounted file system. But cgroups doesn’t have to boot any virtual machines.
LXC 利用 cgroups 与名称空间的功能,提供应用软件一个独立的操作系统环境。LXC 不需要 Hypervisor 这个软件层,软件容器(Container)本身极为轻量化,提升了创建虚拟机的速度。软件 Docker 被用来管理 LXC 的环境。
LxC provides an independent operating system environment for application software by using the functions of cgroups and namespace. LxC does not need the hypervisor software layer, and the software container itself is extremely lightweight, which improves the speed of creating virtual machines. The software docker is used to manage the LxC environment.
特点
characteristic
目前的 LXC 使用下列内核功能来控制进程:
The current LxC uses the following kernel functions to control processes:
内核名字空间(进程间通信、uts、mount、pid、network 和 user)
Kernel namespace (interprocess communication, UTS, mount, PID, network, and user)
AppArmor 和 SELinux 配置
AppArmor and SELinux configuration
Seccomp 策略
Seccomp policy
chroot(使用 pivot_root)
Chroot (using pivot_ root)
Kernel Capibilities
Kernel Capibilities
控制组(cgroups)
Control group (cgroups)
因此,LXC 通常被认为介于“加强版”的 chroot 和完全成熟的虚拟机之间的技术。LXC 的目标是创建一个尽可能与标准安装的 Linux 相同但又不需要分离内核的环境。
As a result, LxC is generally considered to be between the “enhanced” chroot and a fully fledged virtual machine. The goal of LxC is to create an environment as similar to the standard Linux installation as possible, but without separating the kernel.
使用
use
Proxmox VE: 它直到 4.0 版才使用 LXC 技术,在此之前的版本都是使用 OpenVZ 技术。
Proxmox ve: it didn’t use LxC technology until version 4.0, and previous versions used OpenVZ technology.
Docker:它在 0.9 版之前都是使用 LXC 技术,但在 0.9 版之后,已不再是唯一且默认的运行环境。
Docker: it used LxC technology before version 0.9, but after version 0.9, it is no longer the only and default running environment.
