Difference between Docker and Hypervisor? How it all started? #Docker #Hypervisor #VirtualMachine

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you want to work with containers on aws but what if you're really new to this so let's start from the basics if you want to learn this the easiest way this is your blueprint so if you're ready let's begin [Music] so let's start from where it all began you have your computer that you're using it might be your own pc or laptop the components that actually make up for the engine for your computation are basically your cpu ram storage motherboard graphics card ethernet and other devices that you have in your system to use this hardware we need an interface that is the operating system older computers were based on the command line based operating systems i hope you remember the docs or the unix-based operating systems old school isn't it but then we went for the gui based operating systems like windows xp windows 8 windows 10 linux based operating systems like red hat ubuntu and mac os as well and these operating system allowed us to install applications that helped us execute instructions on our system which were basically installed on the operating system itself so by now we had an actual understanding that in order to make use of the power of the computational resource that we have we need a certain feature on top of that on which we can work but there is something else we realized that is we can run multiple operating systems as well like linux and windows or even mac os on the same machine that we are currently working on so the same hardware can be used as a placeholder for users to run multiple operating systems on the same machine but what if we had 10 to 15 users who want to execute their instruction set on the same hardware that we are currently using by sharing the resources of course yes you guessed it right i'm talking about virtualization or virtual machines and if you think this technology is something that was invented recently i would advise you to hold on to that thought for a little longer and to know more about this we actually need to go back in time and precisely to 1972. with the growing demand for the mainframe computers to be accessed by multiple users to increase productivity it was in 1972 when ibm launched its vm 370 which was also known as virtual machine facility 370. it was the first hardware assisted virtualization to be introduced on the ibm system 370 which was a very popular ibm mainframe computer back in 1972 that was supposed to be used with vm 370. the hardware assisted virtualization if you don't know is the capability to use a physical component to create and manage virtual machines so in turn what we are saying is with the hardware that you have you provide a capability so that you can create virtual machines and there is one more request that i have from you is to keep an eye on the timeline that we have here and for the virtualization to work with vm 370 we needed something called as cp or what we also call as control program and you will be surprised to know that cp40 or control program or vm hyphen cp that we call was launched way back in 1960 by ibm which was the first research-based operating system that implemented complete virtualization and which later on gave birth to the legendary cp67 but you might be thinking but sam virtual machines can run because of the hypervisor and you might be just wrong here where is the hypervisor and i want to tell you that the cp or the control program that you see here is what we in today's time call as the hypervisor and this is what the virtualization looked like you have the system 370 that is the mainframe as the hardware you have the control program which was able to create an environment for the resources to be shared that's the job of the hypervisor and the virtual machine ran on top of the time sharing operating system that we had like cms or what we also called as conversational monitor system so your hardware was system 370 that was your mainframe your hypervisor was cp and the time sharing operating system was which later on was succeeded by vbcss in 1968 then in 1972 we had the full hardware virtualization using vm 370. so these are virtual machine operating systems and later on in 2000 ibm also released the z series architecture for the zvms and those actually might be also used till now so so that was a really big deal back then and you might be thinking why am i telling you all this so don't worry about this you will get to know the answers so keep watching now if your google search for virtual machines or virtualization you will see something like this and there is nothing wrong with this this as well encapsulates the basic idea of how virtualization works so you have the hardware there is your resource powerhouse on which a hypervisor sits on the hypervisor abstracts the hardware on top of which you host your guest operating system and then install your applications in a way you can say the hypervisor actually creates a virtual environment virtual here means you're not using the physical hardware directly but the abstract of that and on which you host the application but the elephant in the room still remains to the point that what exactly is a hypervisor so let's check that out if you check online right now you will see a lot of companies having a virtualization platform that is the hypervisor like vmware microsoft hyper-v every child in the room right now knows about hyper-v i think or maybe has heard of in his life and we also have oracle ibm of course and we have citrix and red hat as well but let's jump back to visualizing how actually the people who created this came up with this wonderful concept so imagine you have a plot of land which you're planning to farm on so it's a 30 by 30 plot lush green and ready to be formed but as this is a large scale farming there will be a set of prerequisites isn't it so you actually need the land to cultivate you need the fertilizers you need water you need electricity you need the right equipment and the farming vehicles as well and you're ready to farm but what if we need to farm different crops on the same land yes we can hire more people that's the start but the first thing that you have to keep in mind is that you are limited on resources so here you can see the available resources that we have we hire three people to work with us assign them a crop to farm on to have the segregation in place we bifurcated the land in such a way that we can farm on a segment of the land that we own and we can assign the same to one of the farmers we hired and we allocated a segment of the resource to each of the three farmers based on the land they occupy and we actually got the best output from that and if we wanted to plant another crop we can assign a piece of land to the new farmer that we hire from the resource pool that we currently have and there is one point that you should always remember that it should only be within the capacity limits or the available resources not more than that so i'm sure you're getting the point here and keep this example in your mind but change the farmland to your own system and the farmers to be the operating system and you being the hypervisor and this is actually close to what actually happens in virtualization and that is the point where i tell you that a hypervisor is a software firmware or even a hardware that helps you run virtual machines on your system that you currently have so if you see the design here we have the base hardware the hypervisor that sits on top of that like a vmware or windows hyper-v and you create your virtual machines on top of that and you're good to go and you can install your applications and make use of them like you would on a regular desktop or laptop but the main thing that you have to understand is that think from the perspective of the operating system as an operating system you are not worried about if you are running on an actual hardware or if you are not the only operating system that is installed on that machine you just want the resources and you are fine with that similarly the other operating system we have here runs in isolation not getting affected with the ubuntu operating system that is running on the same machine and this kind of hypervisor that is routed onto the bios and sits in between the vms and the hardware is what we call as a bare metal hypervisor or also known as the type 1 hypervisor and this is the kind of setups you will see in your organizations as well a bad metal hypervisor runs directly on the host machine hardware to manage the guest operating systems yes the os that is installed on the machine as a part of the vm is basically called a guest operating system and now you have to tell me what kind of hypervisor cp was yes it was a bad metal hypervisor and that is why vm 370 was a hardware assisted virtual machine operating system so i hope you got the point here but wait i am still not convinced yet i didn't understand a few things here so if a hypervisor sits in between vm and the hardware what does it actually do how does it assign cpu or memory and for that i think we need to dig a bit deeper i hope you're not bored yet it's really going to be interesting moving on just hold on to that so back in the day we had a pool of people who wanted to work on the same mainframe computer or system which were very scarce and way more expensive than you may actually think and giving every user their own system was not feasible so what these mainframes did is they provided their users with a capability called time sharing what this meant was the machine will service users by providing them a slice of its time to perform or execute the instructions they wanted to carry out as and when the time slice was completed it would move on to the next user to take up the pending task or move on to the next task and give that user its share of time still not getting the example here let's simplify it further so you have a task scheduler which would hold the task list that are supposed to be executed from all the users the scheduler would then pass the instruction to the central processing unit for execution if it's completed within the time slice it's awesome you're done and if it did not complete the schedule task within the time slice that was allotted the task moves back to the preempted program list and here you can see we have the time slice of around 2 hours and i know you might feel what will happen if my task execution is not completed here the word that you see preempted is your answer so preemption or preempted is the act of temporarily interrupting an executing task with the intention of resuming it on a later point of time so based on the scheduling policy that we have here i think we have the round robin so your task will be executed in that particular time so still having doubts is it okay let's simplify this even further so each user that you see here was provided with a virtual machine yes they were provided with a virtual machine so in a way each of these users felt that or if you have to use an appropriate word for this it would be perceived so they perceived that they were actually using the real machine or real mainframe all by themselves the mainframe that we have provided is the hypervisor which is also called as the vmm or the virtual machine manager which would actually help us manage and coordinate these virtual machines and first the name vmm it's a kind of a notion here so but the best part about this was that the hypervisor was such a boon to the system designers because it took the overhead from them in locating resources and managing multiple vms running on the same mainframe and that would do the job for them so what does the hypervisor actually do so the hypervisor takes care of allocating resources such as cpu time memory storage to the virtual machines giving them their share of computing resources and on the other hand the virtual machine is a compute resource that uses software instead of the physical hardware or the components or the computer itself to run its program and deploy applications but the time sharing is not used that much because we moved on to the real-time multi-processing systems or the rtos and then to the gpus that is general purpose operating systems like windows and others and that is what exactly gave birth to the other type of hypervisor that we use in today's time and this is where we have actually reached so here you have the hardware that is your resource powerhouse on top of that you install the host operating system like windows or linux and on top of that you install a special type of hypervisor on the operating system alongside with your existing applications which would help you run your virtual machines and this is the type 2 hypervisor and also called as a hosted hypervisor the name is basically no brainer because it's hosted on the operating system itself so hosted hypervisor runs on the conventional operating system just as other computer programs would run and in a way you can run multiple operating systems on your machine with the help of the hypervisor which is called the guest operating system that runs as a process on the host so the operating system that you install as part of the vm on the type 2 hypervisors is called the guest operating system for this type of hypervisor and that actually runs as a process on the host and if you see here we have the hardware configuration of 16 gb 8 core cpu 10 gb of hard disk the hypervisor has the capability to take a portion of this resource and allocate it to the vm for it to operate and function so with the help of a hypervisor what we did was we created a vm with 4gb ram two vcpus or virtual cpu and for storage we are located 10 gb of hard drive and we created one more with the same configuration but one thing that you need to understand is that you cannot use the already allocated resource so you must ensure it does not impact the overall performance of your system because if you have 16 gb and you assign most of them to the vm you will risk having a very slow performance for your own system itself because you will not have enough memory to run other applications and for that vm apps actually come with a restriction on how much resource you are allowed to allocate so that actually is one less thing to worry about and coming back to the topic again the biggest difference here is that unlike the type one hypervisor that abstracts the actual underlying hardware the type 2 hypervisor actually abstracts the guest operating systems from the host operating systems giving it the illusion that the vm is directly talking to the hardware but instead it actually in reality gets its resources from the hypervisor itself because if you're running a windows operating system as your host operating system and you have a linux guest operating system or the vm operating system how does it matter to the vm that you're running a windows machine it's not like it'll unfriend you it actually doesn't know what you actually have because the type 2 hypervisor actually tells the guest operating system that this is your 2v cpu or the virtual cpu 8gb of ram 20 gb of hard drive go and work as if you are the actual operating system on that particular hardware and this type of hypervisor is what we have used a lot i'm sure you guys have used oracle virtualbox or the vmware workstation and please let me know what's your favorite vm host in the comment section so we can have a debate there but wait a minute i just told you that we allocate virtual cpus and not actual cpu isn't it how does the cpu that you have gets allocated then to understand this let's journey back to the present time so you will be aware that the heart of the computer is the cpu that is the processor that we use and the processor come in a lot of variations so you might have heard about single core dual core quad-core cpus and the next-gen actually is really insane and the ones that we are using on the data center servers are actually mind blowing but what does it actually help with virtualization and how can we assign virtual cpus is the question here so this is the intel xeon pentium 9282 processor which is a xeon 9200 series processor which has a whopping 56 cores and 112 threads so you must be thinking what's so special about this but i want to tell you that back in the day when we used to have pentium i3 processors like i38130u it had only two cores and four threads that's all and the pc that i'm recording right now is the ryzen 5900x which is 12 cores 24 thread cpu which right now might cost you around sixty thousand can you imagine what the cost of the data center cpus would be and don't worry we will get to that so keep watching so all these processors that you see have cores and threads isn't it what it means is that each core that you have on a cpu is the physical computational unit present on the cpu that you own like this so this is a core i7 cpu with four scores as you can see here the four cores present on the chipset die we actually won't go in depth on this but let me know if you need to learn more on this we can actually make a whole video on how processor actually designed so do let me know on the comment section below so a core actually works on a particular task and the other code will work on the other task and so on and logically the more cores that you have the better performance you get not exactly but there are other things involved which we won't discuss right now but just keep in mind that the more cores that you have the better performance you will get and the threads that you have here are responsible for you to have a higher throughput and speed at which you can accomplish the task so if you have to draw an analogy here so eight people working with ten hands each is better than two people working with four hands i know that's a very bad analogy but i hope you get the point so let's just remove this now that you have an idea of what a cpu core and thread is and why is it important let's talk about virtual cpu so imagine the cpu that you have what if i tell you each code that you have can act as a vcpu and more because you can have multiple vcpus by assigning time slots within a cpu core to create a virtual cpu on its own yes that's how it works virtual cpu is not the actual physical cpu core but the time slot within the feasible cpu across all the cpu cores that you have or your processor has so with one cpu core you can have multiple vcpus created because vcpu or virtual processors does not represent one to one allocation between the physical core and the actual vcpu that you have but instead it represents the time on the physical cpu resource pool and that is why you might have seen even if we have a processor with two cores you can still run two or three virtual machines on the same hardware so let's assign these vcpus to our virtual machines if you see we are assigning three to four time slots also called as vcpus and we are able to create the virtual machine here and this is done by the hypervisor but how do you know how many vcpus that you have so let's see the calculations for vcpu count for the 9282 processor that we have here right now so this is a simple formula that is based on my reading on the ibm documentations so you multiply the number of threads and the number of cores and to that you multiply the number of physical cpus that you have so in our case we have 56 cores multiplied to 112 threads and as we have one physical cpu the unit will remain as one so we get a total of 6272 vcpus this amount of computational power is beyond what you will use so this cpu is obviously not for personal use unless you're running a mad in-house server at this point of time the price of this ranges from it comes somewhere around 18 lakhs to 36 lakh rupees might as well get two cars from this but moving on so now we have learnt about two types of hypervisors so the first type being the bare metal hypervisor where the hypervisors are present on the hardware and lets you install multiple vms on the machine that is why it is called a bare metal hypervisor and the other thing that we have or the other type that we have is the type 2 that is hosted hypervisor so hosted hypervisor runs on a conventional operating system or os just as any other computer program does so the type 1 hypervisor also called as the bare metal hypervisor comes as a part of the physical hardware and sometimes has to be enabled from the bios if not enabled by default and that is also called as the host and the vm that is hosted on that is called the guest operating system and hypervisor actually treats the resources that you have such as cpu memory storage as a part of the resource pool and thus are able to allocate these resources for the vms that are created on top of them so the common type of type one hypervisor are the esxi hypervisors from vmware are also called as esx integrated or the hyper-v that we have which is also type one hypervisor and this type of hypervisor can help you with the hardware assisted virtualization now let's come back to the type 2 hypervisor also called as the hosted hypervisor that runs on the conventional general operating system just like a software application so you have the hardware on top of which you install the operating system that is your host operating system and you install the hypervisor as an application on your host operating system and which will help you run multiple operating systems as a part of your vm creation list these hypervisors can be installed on the data center or the local computer that you have oh wait this is same for the type 1 hypervisor as well but that also can be installed in the local computer if you have an embedded hypervisor that comes along with your system so don't worry about that just like the dual boot that you used to do but the difference is that you install type 2 on the os itself here what the hypervisor does is it actually abstracts the guest operating system from the host operating system and that is how you are able to allocate resources to your vm without having the host operating system object you from what you're doing the best examples are vmware workstation and oracle virtualbox because i have used them so it should be good just kidding with that you will be able to create your own vm and you will be able to run ubuntu or any other linux or even windows on the same operating system at once but even though i have shown you a great deal of why virtual machines are awesome they do come with their own shortcomings let's see that so the virtual machines that we have here provide an isolated environment for your applications to run and even though your vm is compromised it won't have much impact on the other vms but what if the hypervisor is itself hacked then it will have an impact on all the vms that you have provisioned that would be bad isn't it so you need to understand here that the virtualization comes at a cost and the cost is that the hypervisor virtualizes the physical hardware itself and each vm that you see here runs a full fledged operating system and utilizes more resource which could be very frustrating if you are tight on budget and resource scaling even though you allocate more cpu ram or storage to your vms there will be a time when you will feel the heat of the sluish vms for example running multiple applications like microservices can it be done using vms yes it can will it cost yes it will and that's why we start off with the containers what does google say about containers containers offer a logical packing mechanism in which applications can be abstracted from the environment in which they actually run i know this doesn't make much sense here we will break it down but before that i want to tell you that containers are based on process isolation and because of which we can run multiple applications on a single host obviously by taking the help of the isolation provided through namespaces and resource control don't worry we will talk more about this in a bit but this concept of process isolation that i said just now is also not new this also started with the unix v7 when ch root system call was introduced back in 1972 my father was in high school back then and it was in 2013 that docker was launched after a few hiccups and containers boomed and exploded and everyone went crazy so when it comes to a container we have the hardware the host operating system that sits on the top of the hardware like windows or linux and then we have the container engine on top of which you can run multiple applications in isolation that's it that's where actually docker comes in and don't worry this is not the only thing we will discuss so chill we will dig deep into this as well this is just the introduction now let's bring up the virtual machine environment look at these two images carefully and try and find the things that make you feel it's different or make you feel the containers are different i know what you might be thinking but more or less the first thing that you might feel that we only have the applications what about the operating systems the second one that you might feel is instead of the hypervisors we have the container engine here thirdly no hypervisor in the containers how is the resource allocation working then fourth one where is the virtual machine how will we install the guest operating system and most importantly you might ask yourself so does it mean that docker is the hypervisor you might be thinking okay okay the containers might be the hypervisor and the answer is no and no when you see this image it gives you the impression that the container engine is the perfect replacement for the hypervisor and that is why it creates confusion so let's change things here and let's see what it actually looks like let's remove the container engine and the application containers and let's switch things around so don't get confused here it is simple you need to keep in mind that the application that you have here are not running on top of the container engine you need to understand the binary files and the library files actually make use of the same kernel to execute the instruction and the same reason why i just said the engine provides you the so-called namespace but the actual execution happens in the underlying os and its kernel and the daemon or the docker daemon that you have here is just to provide the application that you have the proper process isolation it needs from other applications of course so you might ask me if this is interpreting the instructions using the same kernel from the underlying os yeah if we are using linux as a host then it is fine but how is it possible that linux containers are able to run on windows operating system that's a very valid question and i know you will be asking this question and that's what i asked myself as well and hence i reached a point where i realized there is a lot more to docker on windows than you actually think wait for that for a bit longer let's understand some things which are very important before that that is abstraction so what is abstraction when you go to the atm to get the cache you enter your pin and you enter the amount that you need and you draw the cache that's it you're not bothered about how that atm machine works and you don't need to know that as well isn't it other than how to use the atm itself that's called abstraction hiding the unwanted details and just showing you the required information that you need when it comes to the hypervisors you actually abstract the actual physical hardware from the virtual machines that you have as we discussed right now and when it comes to the containers what do we abstract here oh yes you abstract the operating system itself and this point is something that you need to understand very very carefully you are abstracting the operating system itself and you may agree to disagree with me here on this point but we will discuss on why this is the case but having said that i have still not answered your question the application use the underlying os kernel how is it that we are able to run linux based operating systems on windows more like linux distributions to be precise like alpine photon os ubuntu so if you were trying to find a solution to run a linux as a guest on the windows host operating system and if you are already aware that docker doesn't run natively on windows what could be the next best solution yes the first thing that comes to the mind is basically hypervisor that's so obvious isn't it seriously so is that the only solution creating a virtual machine let's check if that's the case but before that let's try and install docker on windows and let's see if we face any issues i hope we don't so in order to install docker for windows just type in install docker in windows in google and you'll get the first site and you have to click on that and once you click on that you will come back to the docker site and where you will get the download option and you will see some of the information here regarding the docker desktop just click on that and save it and here you have both the options mentioned like wcl2 backend and the hyper-v back-end that we will be seeing in a short while so don't worry about that for now we'll just install the docker desktop on windows and we'll see how it works so now that it has downloaded just click on that and start installation install required windows component for wsl2 okay just click ok not a problem we'll go ahead with the wsl2 integration wait for it to complete the installation okay so we have encountered an error so what is that so hardware assisted virtualization and data execution protection must be enabled in the bios okay so what it is saying is for your docker to work you have to enable hardware assisted virtualization and that's what we are going to do right now just copy the site and paste it here you will find the options to basically enable this this can be done using the windows feature on and off so you can just go directly to the windows feature on and off section in your operating system and you can enable this feature and that's what i'll do right now and once it is done what you can do is you can actually validate it using your task manager by going to the performance section you will see the virtualization as enabled so let's see and check the task manager here we'll go to the performance section and we'll see the virtualization here is disabled yes so not a problem we'll enable this go to your windows feature on and off and here you will see the option to enable hyper-v i'll just expand it for you to see clearly what am i trying to do here so first one is virtual machine platform there's already enabled so not a problem with this the second one is windows subsystem for linux so i've already enabled this and the third one that we have here is for the hyper-v so i'll just go to the hyper-v section and i'll just check this so we have a lot of options here but i don't think so we have to enable everything right now just click on this check that and just click on ok and it will start applying the changes once it is done just close this so you can see even if we have enabled the feature on the windows feature on and off the virtualization still is disabled because we have not enabled it in the bios so the hardware resistor virtualization is currently not working so for that what we need to do is we need to go to the bios and we have to enable it so for that what you can do there are two options you can just restart your machine and just hit f12 or f11 based on your motherboard and it will go to the bios settings and the other thing that you can do is you can just go to the recovery section in your windows settings and under advanced setup you can just click on restart now so once your system actually restarts it will ask you for option so you can either continue so that you can exit and continue to windows or you can just move on to the troubleshooting section where you can actually reset your pc and see advanced options so that is where we will go click on the troubleshoot button and you will see advanced option and here you have to select the firmware settings just click on that and restart so once you have restarted your machine you will reach the section where you have your bios settings so this is the bios so once you have restarted you will reach the bios settings and this will be different based on your motherboard so currently i am using a msi meg x570a so if you're using this motherboard then you are then you are already in the right place you can follow the same instruction that i am seeing right now but for the vmware virtualization of the hardware virtualization settings may vary from motherboard to motherboard and the bios to bios and the version as well the bios version as well so you can just check the manual of your motherboard before actually operating on this one for me i know what exactly to be done so i am doing that you can follow the same if you just want to learn i don't have much to do here so i'll just go to search so in the search you have to just type vm and you will reach to a point where it'll show a setting for svm mode so what svm mode actually does is is it allows you to enable or disable cpu virtualization so currently as you can see this is in the disabled state so what we have to do exactly we have to enable this so just double click on this and click on enable and close this and come back to the settings and click on save and exit save changes and reboot so it will show you what are the changes that you have made you can just click yes and it will restart the system once again so once you go back you go back to the task manager you go back to the performance section now you see the virtualization is enabled so once the virtualization is enabled i encountered one more error that was wsl2 installation is incomplete the wsl2 linux kernel is now installed using a separate msi update package please click the link and follow the instruction to install the kernel update and please make a restart after installing the linux kernel so we'll follow the same procedure i'll click on the ms wsl 2 kernel link and i am going to install it just click on the link right now and here you will find the setup for wsl to linux update package just download it save it and install it so this is the setup for wsl2 so once the installation is done you can actually make wsl2 as the default setting or the default version by using the wsl hyphen hyphen set hyphen default hyphen version space 2 command that you can see here the partial command so that's what we will do right now so just open up the partial and hit the command and just press enter and then just restart the machine so once it is restarted what will happen is your docker is now started and just click on start you will see all the options here and you will reach the no container running page because we don't have any containers running isn't it and now if you click on settings you will see use the wsl2 based engine so just take a moment and think this is the setting for the docker desktop and if you haven't used docker on windows before you may not see any change to this but in case you already have then you will relate to what i'm pointing at right now if you see it is mentioned here that use the wsl2 based engine as it provides better performance than the legacy hyper-v backend it sounds confusing isn't it but just for a moment if you look at the right hand side we have executed the docker version command and it tells us that the client is having an architecture of 64-bit windows but on the other hand the docker engine itself is running on linux so how is that possible is it a linux vm or is docker still using a hyper-v as i already told you there is a lot more to docker for windows that we actually think let's keep digging on that and don't worry we will do the demo on the tool at the end of this video to understand all the options i know some of you might be thinking i didn't show things that actually matter so don't worry we'll get to that so please watch this till then else you might just miss out on some things that are really very important but before that you need to understand a concept that will help you get to the root of this investigation yes let's talk about linux kit and the legendary mobi project before moving forward what if i tell you that the docker engine is just a linux vm made with linux kit now that we have reached to the moment of truth i want to tell you that docker has always been able to run linux containers on windows desktop since it was first released back in 2016 using a linux kit-based virtual machine running on hyper-v yes i said it and it burst your bubble but we can't do much about it so let's understand how we can create one using linux kit so to create containers or customize containers docker came up with a solution called the mobi project it's an open source framework or open framework to assemble specialized container systems without reinventing the wheel of course so with mobi project you will be getting all the necessary library components and what we call the layers to create specialized containers like the operating system container runtime orchestration infrastructure management networking storage security and the build image distribution and it also provisions you the tools to run on cross platform architectures and if you are an enthusiast and want to learn more about the internals of docker you can surely make use of it now let's see how does the linux container running on windows looks like so as we already know running linux natively on windows is not an option we will make use of yes virtualization so you will be thinking every time there is something related to linux and windows this guy just slaps in virtualization everywhere i am with you on this okay have some patience and that's where the hypervisor comes into the picture next we need the placeholder on windows that can support the container host so this is the windows container host where you have your docker client which sets the properties and settings and calls on to the docker daemon which is present on the mobi vm or what we also call the linux kit vm os which is also your linux container host you should understand by seeing this image that docker client sits on the windows host but actively communicates with the docker daemon on the linux host but why because it helps the docker daemon to listen to the api calls and manage images and containers and other docker objects and as this is a linux vm running on the hypervisor the linux process containers on this linux host will have consistent storage and networking handy isn't it and that's the reason why when you see an older version of docker you will find resource allocation available to you on your docker engine properties when you install the docker desktop for windows with hyper-v that's why a lot of people had doubts as to why do we need to limit resources docker engine and when you change these settings why does docker need to restart if it's not a vm or if it's not using hyper-v but if you look closely the path to the disk image location is pointing to the mobi linux vmdk so yes docker is always running on the linux vm which made use of the hyper-v for resource allocation but wait a minute i just said it was running on hyper-v or should i say it's still running let's keep that thought in our mind so now we have reached a position to answer these questions so can you run docker natively on all the operating systems our container is same as virtual machines and is docker for windows and linux vm installed on the windows machine and the answer would be no no and yes but having said that do we have a solution for this virtualization concept and for that we need to discuss about wsl or windows subsystem for linux so is this the ultimate matchmaker for windows and docker it's not that simple so keep watching so when we installed docker you might have seen we ended up with errors related to wsl and finally we got it sorted by installing a piece of software called windows subsystem for linux or wsl so what does wsl actually help us with so this is something that you can see here it's been mentioned that run linux on windows install and run linux distribution side by side on the windows subsystem for linux interesting isn't it but what is wsl so wsl is a feature of windows 10 that enables you to run native linux command line tools directly on windows alongside your traditional windows desktop applications so you might be right in thinking that if it is a feature then you might have an option to enable it on windows isn't it yes you are right and you can do that using the windows feature on and off like this so let's see what else wsl can help us with so with this you get the capability to run linux in a bash shell with distributions such as ubuntu alpine and other great distributions but of course you need to install the distros first and that is a very important feature that wsl provides us and it's really a boon for many developers who wish to work on linux alongside windows so wsl actually helps us to run a gnu linux environment including most command line tools utilities and applications directly on windows unmodified without the overhead of a traditional virtual machine or dual board setup so you remember the days when we used to install a linux operating system along with the windows using dual boot and we had to choose the os before logging into the system yes that's old now so with wsl you get to run your favorite gnu linux distributions like ubuntu alpine fedora as i already mentioned just now and if you want to run linux command tools you can do that too and you can run bash cell scripts and command line applications as well and you can as well install additional softwares using the distribution package manager and most importantly you can invoke windows applications using a unix like command line shell that's something we can try isn't it that should be fun and also we can invoke linux applications on windows but as we discussed before docker went for the integration with wsl 2 but before that we had a wsl generation one so let's understand why wsl1 was not a good option and what is the difference between wsl1 and wsl2 so let's start off by comparing both the architectures so i know some of these topics might be very tricky and you might feel you aren't able to catch up but trust me i am trying my best to keep this as simple as possible for users who are new to this because each word that you see here can be made into a separate video so don't worry if you have any doubts we can clear them in the next one okay let's get back so regarding the differences between wsl1 and wsl2 what microsoft tells us is that the primary difference and reasons for updating the windows subsystem for linux from wsl1 to wsl2 was to increase full system performance and support full system call compatibility but what was the problem and what was the solution so let's find out by checking what was the architecture that made the difference here so if you see the architecture here you have the nt kernel and the wsl sits in between the linux distributions and this wsl1 here acts as a translational layer which helps interpret the system calls okay if you don't know what system call is so let's suppose you want to execute a program so you have to tell your operating system by clicking on the gui that please execute it by performing an operation isn't it but in reality there will be a service that will execute it and for that you have to talk to the kernel of the operating system who can give you the service that actually does the job and the programmatic way by which a computer program requests a service from the kernel is basically the system call so here the wsl1 acts as a transactional layer which helps interpret the system calls so that they can work on the windows nt kernel and this is why it became slower and slower when the system calls increased when it came to performing operations such as accessing files requesting memory creating process and that's where we went on to the wsl2 the no transitional layer approach so here you get back to the vm approach using the hypervisor these guys just went back to the hype i'm sorry let's let's continue with this so now the windows subsystem for linux 2 or wsl2 started using a virtual machine with an actual linux kernel that can respond to system calls much faster than wsl1 and i was thinking what is with not letting the virtual machines go and if we had to always come back to the virtual machines then why did we criticize them in the first place but hold on it's not just any other vm it's a lightweight virtual machine which uses a microsoft developed open source linux kernel so it better be good isn't it yes absolutely it's good and i have tried it myself so and now that wsl 2 includes its own linux kernel it has the full system called capability so now you get better file io operations you get better network operations and as well you get better performance than wsl1 so now that you have the linux kernel you can use it with the docker as well isn't it so let's see some of the comparison between wsl1 and wsl2 so with both you get the integration between windows and linux faster boot time and you have a smaller resource footprint compared to the traditional virtual machines that you have so footprint actually means how much space and resources are consumed by the software or hardware so that's why a reduced footprint for resources is always a better thing to aim for and both actually can run on the current versions of vmware and virtualbox and next is even though wsl 2 runs on vm you don't have to manage it it only uses resources when it needs and the best part is it runs behind the scenes so here you will get full linux kernel support in wsl 2 and full system call compatibility and the last point that we have here is performance across os file systems that you see it's not that great with wsl too so what microsoft tells us is that you should avoid using cross operating system file systems for your files and for the fast performance speeds store your files in wsl file system if you're working in a linux command line and if you're working on the windows command line store your files on the windows file system makes sense isn't it and now that you know the vast improvements with wsl2 that's the reason why around october 2019 we had wsl2 integrated with docker and docker had mentioned as once wsl 2 is generally available the wave will automatically switch onto the wsl2 backend on compatible machines like windows 10 of course and basically moving away from the hyper-v backend and that's what we experienced we are now using the wsl backend and what docker did was it listen to its users and that's something that i'm happy with as well but having said that they actually wanted to change a few things regarding the wsl integration so the first thing running in an isolated environment so in order to avoid interlocking and other side effects from other apps running with wsl2 they wanted to run it on a separate namespace for network bid and mount the namespace is like the kernel partitioning its resources so that one set of the process sees one set of resources and another set of process sees another set of resources or in simple terms so that they don't overlap or collide with each other there are various namespaces like username space mount namespace network namespace and more and you can read about them in the documentation second they didn't want to re-implement everything that they had already done with the hyper-v vm they did not want to take the additional overhead for that and the third one was to have complete integration with the existing ui so that it does not create confusions for the users currently using the application that's good isn't it now let's see what and how things changed from hyper-v vm backend to wsl-2 based engine for docker so before moving on to the wsl-2 integration with docker let's get a better context and talk more about the hyper-v back-end architecture so first things first by now we are already sorted and we are fully sorted and we know in the hype we backend the linux vm that docker used ran on hyper-v which was built using the linux kit which we already had discussed a couple of minutes back i hope you remember that so here running a linux kit vm gave docker the flexibility to incorporate the components that they wanted which could be used for both hyper-v and mac vms so what they did was they packaged all the components into the docker desktop like life cycle control service diagnostic service aggregation log service into a iso that was docker desktop iso and on top of the base distribution they mounted another iso that was version pack iso which contained the binaries deployment scripts and upgrade scripts related to the specific version of docker engine and then in order to store container images and configuration files they attached a virtual hard drive before starting the virtual machine and they did a very interesting and logical thing by introducing a proxy that would expose the unique socket as windows named pipes using the hyper-v sockets so that the services mentioned above could be reachable to the windows side smart isn't it so if you're not aware of what named pipes are you have to ask yourself are you aware of pipes in general so the easiest way to remember pipes is to imagine a real pipe so you can push water from one end to another using a pipe so it tells you the pipe velocity and the amount of water that can flow from it so one opens the tap and the other collects but in windows the pipes are a bit more complicated than this so pipes in windows are used for inter process communication or ipc where a section of memory is used by process for the sake of communication so the process that creates the pipe is called the pipe server and the one that connects to that is the client pipe so one process rights to the pipe and the other one reads from that and there are two types of pipes so one is anonymous and the other one is named pipes so anonymous pipes or what we also know as pipes in linux are used for simplex communication or in other terms we say we use it for one-way inter-process communication and this is unidirectional and here from one end the process a can either write and read and from another end the process b can read and write but even though we can perform read and write operations at the same time this cannot be used over the network that's why we jump onto the named pipes in windows we also know this as make fifo for people who are well versed with linux so they might know this as make fifo so this is more popular because it supports client server architecture or kind server communication and it also as well supports two-way or duplex communication so this way the server can communicate with multiple clients and if the server is communicating to the client one then client 2 and line 3 will be in the wait state but don't worry there are both synchronous and asynchronous name pipes that you can make use of but that's a topic for another time and the advantage here is that named pipes can be used over different systems over the network as well now let's see the wsl2 implementation of docker so here if you see it may not be that obvious but unlike the hyper-v back end the linux kit vm or the distribution that was running in a vm is now changed and is running in a container but for the process to work we need to create name spaces isn't it and as docker mentioned before they wanted to have separate namespaces so for this docker actually creates two wsl distributions which are docker desktop and docker desktop data so docker desktop here we'll call the bootstrapping distributions which eventually will create the linux namespaces and docker desktop data we'll call the data store distro which will help us for yes to act as a backup store for container images instead of using the virtual hard drive it's more evident when we see them side by side so you can as well understand just by looking at the comparison here that docker is hinting that the bootstrapping distribution replaces the hyper-v and the data so distro replaces the vhd or the virtual hard drive and moving on for the file and network shares the bootstrapping distro manages the mounting for windows 9p shares so if you know 9p or plan 9 as a file system or mounting protocol that is used in a distributed environment so the linux container can make use of it and this also manages the lifecycle of the linux kit container and last but not least the version pack iso that you see here remains the same as it was in the hyper-v back-end and what are the advantages to this yes it makes docker achieve 15 times faster start time it provides dynamic resource allocation and now it can run on environments with lower memory as well cool isn't it when we installed docker we installed it with wsl to enabled and that is why we did not get the option to provision spaces and resources to the docker engine but how does docker get this dynamic resource allocation so as we now have realized the main objective for docker was to move away from the concept of managed vm so with wsl 2 you get a feature for dynamic memory allocation which helped the cause for better performance what wsl provided was a property of memory reclaim previously when we created vms the memory would be kept occupied even after we were done with the workflow cycle or by the linux kernel and thus the memory requirement would increase for the wsl to vms but with memory reclaim the amount of memory which is no longer needed by linux will be returned back to the host and thus reducing the footprint this as well includes the caching and you may ask how so listen to this very carefully so this is a linux kernel feature and what it does is that it allows block of contiguous memory to be returned back to the host if and when they are no longer required by the linux guest so what wsl did is that they incorporated this feature to the linux kernel or wsl2 using a kernel patch and updated the hyper-v to support page reporting so if you know linux already had this feature long ago which was free page reporting which is basically an api by which a device can register a received list of pages that are currently unused by the system so that is the same thing that they have tried using but by using the patch so in wsl the host would periodically compact memory in order to ensure free memory is available and it's not that you can't change it yes you can do that now as well by modifying the dot wsl config file if you have enough permissions and this actually happens when the cpu is idle and you can validate this by looking for the message performing memory compaction in the d message command output but what if we still want to use the hyper-v backend approach can you do that yes you can let's check it out so what you can do is you can go to the settings and here you can see the option in general use the wsl2 backend engine wsl 2 provides better performance than the legacy hyper-v backend what you have to do is you have to just uncheck this and you have to apply and restart okay so the docker engine has started and i can just go to the settings and now as this has been disabled the wcl2 based engine is disabled it will fall back to the hyper-v back-end yes now you see the resources available to you here is where you can change it docker desktop vm data so you can assign the number of cpus that you want you can assign the amount of memory that you want it's currently a 2gb swap is at 1gb disk image size is 64gb there's the file sharing settings there's the proxy there's the network this remains same but the option that you get is the resources that you can change going back to the docker engine so this is the configuration file and here you can enable the kubernetes as well which will start a kubernetes single node cluster when every time the docker desktop actually starts so you can make use of it but we'll see this after the docker session is complete so we'll move on to kubernetes after that so that was interesting isn't it but you might still think that is it that we are going to do away with the hyper-v back-end approach but among these two which one is the most practical solution and for now i would say it depends and we also haven't discussed about how process isolation actually works among the docker objects and i know you might be thinking we still haven't executed our first docker command but for that you need to watch the next session which will be coming up shortly on this space that you are right now because this is the end of part 2 for the blueprint series so make sure that you don't miss out on any of these sessions and for that please hit the subscribe button right now and and please press the bell notification icon as well these videos take a lot of time to make so please make sure that you hit the like button and you let me know on what you liked and what you didn't and if you wish to support the channel or buy me a coffee then you can check the links in the description below so that's all from my side today don't miss out on the next session because we will be learning something very very interesting until next time stay safe stay healthy it's patholic signing off [Applause] [Music]

Info

Channel: Pythoholic

Views: 1,972

Rating: undefined out of 5

Keywords: Pythoholic, container vs hypervisor, vm hypervisor, hypervisor, docker vs vm, introduction to hypervisor, docker vs virtual machine, docker for beginners, docker introduction, docker tutorials, docker container, docker explained, docker technology, docker course, difference between container hypervisor, docker example, container vs vm, docker tutorial, container vs virtual machine, why docker, docker, container virtualization, introduction to docker, cloud containers

Id: ReWeUatU-QI

Channel Id: undefined

Length: 60min 13sec (3613 seconds)

Published: Tue Sep 07 2021