LXCs vs VMs - What Was My Rationale?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey you made it thank you so much for stopping by I really do appreciate you taking a couple of minutes of your day to hang out with me and listen to what my dump base has to say so in my last video we took a look at kind of what I've got running in my home lab back here and we took a look at the hardware briefly and then kind of talked about uh the two prox servers that I've got for production and then the one that I've got for testing and development not development I don't develop but like testing and and and tutorials that sort of thing I guess that's the better way to word that so in that video I I talked about all of that right and that video is doing remarkably well I want to thank everybody who has watched that for checking it out really appreciate it it really does help me out a lot also gives me more motivation to create more videos like this so uh thank you for for for watching for the comments for the likes the shares all of that really does mean a lot to me so in the comment section of the last video I released about all of this stuff uh a couple of people or a few people asked kind of what was my rationale in deploying um l C's or Linux containers for each of my Individual Services rather than throwing up a couple of VMS installing Docker and then putting all of my services in those couple of VMS and I think that's a great question um and I've got some rationale that I would like to to to kind of put out there for you guys um not necessarily to change your minds but if I do uh cool if not and you want to keep doing things the way you've been doing it that is perfectly acceptable one of the things that I really dig about home labs and and this kind of Hobby and this kind of thing is that there isn't really one right way to do things across the board like the the the way that I do things may not be right for you and the way you do things may not be right for me and I love that we can all kind of do things differently and share our ideas and and maybe maybe learn something new when we're doing that so so again the question was why didn't I just put up a couple of VMS in Stall doer and put all of my services in that rather than deploying an lxc for each of my different services so let's talk about that for a couple of minutes so there are actually a couple of reasons why I use lxc for my Individual Services rather than uh full-on VMS um and and I'm going to talk about a couple of those reasons but the first reason um is is basically data backup data uh protection and data recovery um I said let's just go to my desktop it'll make more sense right so here we are we're at we're on my desktop and um you know this is pro prod 2 and I've got an lxc for adguard and I've got an lxc for my password manager I've got an lxc for my speed test to my analytics and that sort of thing now I've got this VM down here that's for active pieces that is a standalone service that actually required uh more than just an lxc for this uh so I spun up in a boon server uh uh VM and and deployed it there and that's why that one isn't a VM um because it required it is basically the the long and the short of that so let's say something goes wrong with uh with my ad guard right uh let's say it crashes it gets corrupted an update fails something goes wrong and I need to to bring it back online well the easy way for me to do that is to then come over here to this backup right here uh come over to my backup server um and then I can pick uh basically any any day over the last month that I want to restore to and I can you know I can just click here and I can click restore and it will restore back to April 17th now the reason I I I bring this up is because if for whatever reason I had to restore an entire virtual machine full of Docker containers back to a specific date all of the containers in that virtual machine get restored back to that date right so so if I come over here let's let's look at my demo server right and it might make more sense this way right so I've got all of these different lxs up here none of these are being backed up I don't need them to be this is just for testing purposes but I do have this abutu server uh VM down here that's almost maxed out but but you know if I come into here um there I am I'm I'm logged in um you know I can do a Docker PS oops pseudo uh Docker PS I sud do I guess right and here we can see let's move that down up the screen a little bit okay so here we can see that I've got Wallace I've got a sterling PDF I've got Hasty paste uh I've got an Alpine redus container or a redus Alpine container rather uh for for something I don't remember what I just threw all of this up uh just just for the sake of of this this rationale video of course I've got painer there um I'm I actually want to talk about painer in another video they're doing some weird stuff I think nothing bad I want to clarify I'm not trying to throw shade I just I noticed something weird this morning with this instance up painer okay so all of these containers that I've got you know here and here and here all of those are running inside this VM right so let's say for whatever reason let's say Wallace it's not set up yet but let's say that Wallace uh gets corrupted backup fails um something goes wrong it gets hacked whatever right and so I want to restore Wallace to a previous uh to a previous known good State well because it's inside of this VM I can't restore this entire VM back to that last known good State without affecting Sterling PDF and Hasty paste also restoring those back to that previous known good dat for Wallace does that make sense so basically what it boils down to is that I want each of my services to run in its own lxc for a couple of reasons one I want all of my containers to be isolated from each other so that if if one of them is compromised it will be harder not impossible but harder for for the bad actor the bad guy the hacker the whatever to then uh infiltrate and and compromise my other services I hadn't mentioned that yet but that is one of those things is keeping them each individually isolated add another layer of protection um and of course the other reason is is not only isolation for security purposes but isolation of individual data sets for their databases for their for all of the storage that each individual uh service needs if I need to back or if I need to restore one of those Services back to a previously known good date I don't want to lose data on my other services on that VM so I went ahead and just put each of my services in their own lxc with the one exception of the VM as it just just because it needed it but but all of my services run in lxc so that they're each isolated from each other um as far as where they're running but also their data is separate from each other so if I have to restore then I can just restore that one application and not have to basically lose uh data from other applications by restoring back to a previous date um so hopefully that helps kind of explain what my rationale is there why I did what I did um there there's also other little things like I've got notes here um that I took uh because my memory sucks um basically I'm just going to read this it says LC's share the host systems kernel making them much faster to start and they use fewer resources than virtual machines so basically each lxc each Linux container uh shares the the proxmox kernel um and doesn't load its own kernel on top of the the proxmox kernel right so you're so you're reducing necessary resources to spin up those Services by putting them in an lxc versus a v M and I and I know that there's somebody and you're you're probably right U having all of those lxc is probably the same uh resource usage as a single VM um but again my argument is mostly the separation of each individual container uh for security purposes and then also the data backup and Recovery um and of course the the there there are some cons to doing it this way I've got those notes here as well right um they uh LC's uh provide some isolation but since they share the kernel there a security issue in one container could possibly impact others if they manag to hit the kernel right so so so my my my logic isn't isn't foolproof but uh there there's some logic there in in in my own in my own monkey brain right so I hope that kind of helps make sense of the rationale that I've got in my setup and why I went with lxc uh for each individual service rather than a single VM or even a couple of VMS for multiple Services um just that's how my monkey brain works um and I wanted to to just kind of explain that to you guys and of course if you've got um ideas on why I'm wrong or ideas why I'm right definitely leave that in the comment section down below uh if you're interested in this kind of content where I talk about home lab stuff and the rationale about why I do certain things and when I cover Docker containers we're just kind of all over the place here but if you're interested in my content definitely don't forget to get subscribed uh if you want to support the channel of course you can become a channel member or become a patron uh neither of those are required but if you do either of those things you will get access to my content with no ads in it at all so that's something to take into consideration if you're interested in supporting the channel besides a subscribe and a like so I want to go ahead and wrap this up I know you guys have got other things to get done today um but but thank you guys for spending a few minutes of your day with me today and I'll talk to you the next video

Info

Channel: DB Tech

Views: 5,413

Rating: undefined out of 5

Keywords: DB Tech, DBTech, Docker tutorial, Home lab setup, Linux containers (LXC), Virtual machines (VM), Proxmox server, Data backup and recovery, Docker containers, Security isolation, Kernel sharing, Resource usage, Data Protection

Id: 8E4B4b-7wAM

Channel Id: undefined

Length: 9min 16sec (556 seconds)

Published: Wed May 01 2024