Does docker run on a physical machine or a virtual machine?

Docker can run on either a physical machine or a virtual machine; whether it is a virtual machine or a physical machine, it is a delivery method of hardware and infrastructure, which is essentially a level, and containers It is mainly used to solve a series of software-centric problems. It is feasible to run containers on both virtual machines and physical machines.

The operating environment of this tutorial: linux7.3 system, docker version 19.03, Dell G3 computer.

Docker can run on a physical machine or a virtual machine

The docker container can run on a virtual machine or a physical machine

Whether it is a virtual machine or a physical machine Machines are both a delivery method of hardware/infrastructure and are essentially on the same level; while containers mainly solve a series of software-centric problems

Strictly speaking, containers and virtual machines are not the same The hierarchical thing is a packaged collection of software environments.

Running containers in virtual machines has become a common practice. For example, AWS's container service only runs in virtual machines.

The Docker daemon can communicate directly with the main operating system to allocate resources to each Docker container; it can also isolate the container from the main operating system and isolate each container from each other. Docker is often used to isolate different applications, such as front-end, back-end, and database.

Extended knowledge:

The Docker daemon can communicate directly with the main operating system to allocate resources to each Docker container; it can also isolate the container from the main operating system , and isolate each container from each other. Docker is often used to isolate different applications, such as front-end, back-end, and database.

Docker has the characteristics of compactness, fast migration and deployment, and efficient operation, but its isolation is worse than server virtualization: different containers belong to different waybills (different application instances run on Docker) and are independent of each other (isolation) . But it is managed by the same warehouse manager (host operating system kernel), so the warehouse manager can see the relevant information of all containers (because the operating system kernel is shared, relevant information will be shared).

Virtual machines are better at completely isolating the entire operating environment. For example, cloud service providers usually use virtual machine technology to isolate different users. A virtual machine takes minutes to start, while a Docker container can start in milliseconds. Without a bloated operating system, Docker can save a lot of disk space and other system resources.

Server virtualization is like establishing multiple independent "small docks" - warehouses (virtual machines) on the dock (physical host and virtualization layer). It has a completely independent (isolated) space and belongs to different customers (virtual machine owners). Each warehouse has its own warehouse manager (the operating system kernel of the current virtual machine) and cannot manage other warehouses. There is no sharing of information.

Therefore, we need to adopt different methods according to different application scenarios and needs, using Docker technology or using server virtualization technology.

Comparison of the implementation principles of docker and virtual machines

The following figures show the implementation frameworks of virtual machines and docker respectively.

Comparing the differences between the two pictures, the Guest OS layer and Hypervisor layer of the virtual machine in the left picture are replaced by the Docker Engine layer in docker. The Guest OS of a virtual machine is the operating system installed on the virtual machine, which is a complete operating system kernel; the Hypervisor layer of the virtual machine can be simply understood as a hardware virtualization platform, which exists as a kernel-state driver in the Host OS.

The method for virtual machines to achieve resource isolation is to use an independent OS and use the Hypervisor to virtualize CPU, memory, IO devices, etc. For example, for virtual CPUs, the hypervisor will create a data structure for each virtual CPU, simulate the values ​​of all registers of the CPU, and track and modify these values ​​when appropriate. It should be pointed out that in most cases, the virtual machine software code runs directly on the hardware without the intervention of the hypervisor. Only under some high-privilege requests, the Guest OS needs to run the kernel mode to modify the register data of the CPU, and the hypervisor will intervene to modify and maintain the virtual CPU state.

The way Hypervisor virtualizes memory is to create a shadow page table. Under normal circumstances, a page table can be used to translate from virtual memory to physical memory. In the case of virtualization, since the so-called physical memory is still virtual, the shadow page table must do: virtual memory -> virtual physical memory -> real physical memory.

For IO device virtualization, when the Hypervisor receives a page fault and finds that the virtual physical memory address actually corresponds to an I/O device, the Hypervisor uses software to simulate the working conditions of this device and returns . For example, when the CPU wants to write to the disk, the hypervisor writes the corresponding data to a host OS file. This file actually simulates a virtual disk.

Compared with the solution of virtual machine isolation of resources and environment, docker is much simpler. Docker Engine can be simply seen as an encapsulation of Linux's NameSpace, Cgroup, and image management file system operations. Docker does not use a completely independent Guest OS to achieve environment isolation like a virtual machine. It uses the container method currently supported by the Linux kernel itself to achieve resource and environment isolation. To put it simply, docker uses namespace to isolate the system environment; uses Cgroup to implement resource restrictions; and uses mirroring to isolate the root directory environment.

Recommended learning: "docker video tutorial"

The above is the detailed content of Does docker run on a physical machine or a virtual machine?. For more information, please follow other related articles on the PHP Chinese website!