LXD

The Linux Container Daemon

The new hypervisor isn’t a hypervisor, and it’s much, much faster

LXD

What is LXD (“lex-dee”)?

Take all the speed and efficiency of docker, and turn it into a full virtualisation experience. That’s the goal of Canonical’s new initiative to create the next big hypervisor around Linux container technologies.

Imagine you could launch a new machine in under a second, and that you could launch hundreds of them on a single server. Hundreds! Now, imagine that you have hardware-guaranteed security to ensure that those machines can’t pry or spy on one another. Imagine you can connect them separately and securely to networks. And imagine that you can run that on a single node or a million, live migrate machines between those nodes, and talk to all of it through a clean, extensible REST API. That’s what LXD sets out to deliver.

Building on LXC (“lex-cee”)?

Today, Canonical leads the open community which develops LXC. Ubuntu is the most popular platform for all kinds of container engineering - including docker and LXC. And we’re passionate about enabling all of that innovation to go further and faster.

In the new hypervisor system, LXC will be the client, LXD the server. Developers love LXC today for giving them almost instant lightweight container in which they can run a wide range of Linux operating environments. In the future, developers will run LXD on all the machines where they want to create and tear down these environments, and use LXC to drive the process from anywhere on the network.

And it’s going to be a real hypervisor?

Yes. We’re working with silicon companies to ensure hardware-assisted security and isolation for these containers, just like virtual machines today. We’re working to ensure that the kernel security cross-section for individual containers can be tightened up for each specific workload. We’ll make sure you can live-migrate these containers from machine to machine. And we’re adding the ability to bind storage and network interfaces to the containers, just like virtual machines.

All of this work is aimed at giving you the full experience of virtual machines, the full security of a hypervisor, but much, much faster. Without all that virtualization overhead, you get the full underlying performance of your host environment.

On bare metal, these containers are just as fast as the native OS on bare metal. In the cloud, you are getting subdivided machines without getting sub-par performance.

There is a catch; however, LXD is only for Linux on Linux. You’ll be able to run LXD on Ubuntu and spin up instances of RHEL, CentOS, SUSE, Debian, Ubuntu and just about any other Linux too, instantly, but if you want to run Windows, then you’ll need a traditional hypervisor like KVM or ESX.

And docker?

Docker is an amazing application delivery mechanism, which we think is changing the world of devops forever. For the most efficient way to deliver your binaries to a platform for execution, docker is the dance for us. LXD and docker share some underlying kernel capabilities, we hope to bring much of the awesome security and isolation of LXD to docker as well.

Why use LXD?

  • Complete operating system functionality within containers, not just single processes
  • Maximum density of guests per host, providing a cost benefit when running in a public cloud
  • Allows easy management and sharing of hardware resources, and easy monitoring of customer processes directly from the host level
  • REST API, and simple, single command line with proper help and documentation
  • Support for architectures under-served by full virtualisation
  • Rapid provisioning, instant guest boot
  • Tightly integrated with remote image services
  • Secure by default, with AppArmor, user namespaces, SECCOMP
  • Implemented in Go, offering improved performance, concurrency, typing, and networking
  • Intelligent, extensible storage and networking

Integration with OpenStack

The combination of LXD and OpenStack makes for a very happy system administrator in a Linux-oriented private cloud. All the agility of OpenStack, all the performance of your metal with no virt overhead.

As a validation point, we’re delighted to share the cunningly codenamed nova-compute-flex driver in Ubuntu OpenStack for Juno, and commit to steering this into upstream OpenStack for Kilo or M. The driver allows OpenStack instances to be scheduled as Linux Containers. Images are booted from OpenStack’s image service, Glance, and instances communicate over Neutron’s networking functionality. The next step is to utilise storage from Cinder and Ceph.

Getting started with LXD

Our OpenStack container capability, codenamed nova-compute-flex is included in Ubuntu OpenStack for Juno, which you can download via the Ubuntu Cloud Archive. Simply type the following commands to enable and use it:

sudo add-apt-repository cloud-archive:juno
sudo apt-get update
sudo apt-get install nova-compute-flex

OpenStack Juno is available for Ubuntu Server 14.04 LTS and 14.10.

Download Ubuntu Server ›