Contents
Preface
In the process of building a home data center, three virtual technologies are involved, namely the traditional Virtual Machine (VM), Linux Container (LXC), and the Docker technology that we mainly use when building applications.
Why do I use these 3 virtualization technologies at the same time?
To answer this question, we must first understand the relationship between these three technologies. In fact, these three technologies have a "inclusive" relationship, as shown in the following figure (drawn casually, it's quite casual, just understand it):
The inclusion relationship in the above figure should correctly be the amount of virtual content. The larger the circle, the more virtual content is required.
1. Virtual Machine (hereinafter referred to as VM)
VM technology requires virtualization of a full set of hardware, including CPU, memory, network card, hard disk, graphics card, etc. This level of virtualization will consume a certain amount of system resources, but the benefit is complete resource isolation, which is particularly important in the actual production environment and can ensure complete isolation between important businesses. Under normal circumstances, virtual machines built using VM technology are bare hardware and require the installation of the operating system by yourself, but you can improve deployment efficiency by making templates.
Essentially, a VM is virtual hardware.
2. Linux Containers (LXC)
VM technology consumes resources in exchange for complete resource isolation, but sometimes we may not care much about complete resource isolation but instead care about consumption. For example, I have an inter-cpu-mini host, an i5 13400 CPU (only 10 cores and they come in different sizes~), and 64g of memory. With these few resources, one more virtual machine means one more consumption. Even a small amount of money is still money. So in this case, I will not use Virtual Machine to build a virtual machine unless it is absolutely necessary.
At this time, LXC technology is particularly practical: if your host operating system is Linux, then LXC technology can provide you with virtual machines of various Linux distributions (including different versions of options) at almost no cost, and it only takes a few seconds to create a new virtual machine, and it even includes many basic component libraries. Isn’t it annoying?
Essentially, LXC is a virtual Linux system (by sharing the host kernel).
3. Docker
The virtual machine built with VM is bare hardware, and the virtual machine built with LXC is bare Linux system (and has requirements for the host operating system). However, for most people, they don’t care about the hardware and the host operating system (win, Linux, macos) used, but only care about the applications that need to be deployed. In this case, docker is the most ideal choice. The biggest advantage of docker is that as long as the operating environment can be successfully deployed, no matter the hardware is PC, NAS, server, soft router or any other messy hardware, it can all run. In terms of lineage, docker is actually the product of LXC after strengthening cgroup and namespace.
Selection of virtualization technology in different environments
After explaining the advantages and disadvantages of the three virtual technologies, we will return to the issue of choice in building a home data center.
Since I wanted to make use of the basic version of the m1 mac-mini (which only has 8g of memory and is too small for anything), I thought about it and decided to install Docker Desktop for Mac as the main Docker operating environment. It also serves as a TailScale relay server (I will write a separate article about this later), Apple cache server, proxy publishing server, and VNC remote operation and maintenance server, which is considered to be fully utilized.
The inter-cpu-mini host has installed the PVE virtual environment (Esxi is a paid software, which does not conform to our concept of free when building a home data center. The key host system cannot be tossed, such as installing tailscale). Its free version supports cluster deployment and migration functions, and also natively supports LXC. In addition, PVE7.4 itself is based on Debian 11, which is highly playable. Are there any other options besides this?
In the PVE virtual environment, two types of virtual machines (VM and LXC) are deployed at the same time. All applications that need to be deployed in source code are placed separately in different LXCs, which plays a certain isolation role (for example, different LXCs can be restarted separately). There are two virtual machines built through VM, one is win11 (as RDP remote operation and maintenance server, emby demonstration server), there is no other way but to use virtual machines; the other is debian12.
Why is there a debian12 virtual machine? This is related to some limitations of LXC. As mentioned earlier, LXC essentially shares the kernel with the host Linux. For security reasons, some permissions to call the host root are restricted by default (you can enable it by enabling privileged mode containers, but it is generally not recommended). Therefore, if you run docker in LXC ("container" in "container"), a small number of applications that need to use the host root permissions will report errors (such as Changting Lei Chi's WAF and Baota Cloud Control Platform). For this reason, I created a debian12 virtual machine as a backup docker environment, and LXC focuses on running source code deployed applications. In fact, LXC is the best for running docker, as long as docker does not have special permission requirements, but I have obsessive-compulsive disorder and don't want LXC to deploy a bunch of dockers, and the debian12 virtual machine to deploy a bunch of dockers, so I simply put all the dockers in the backup environment on the debian12 virtual machine.
To sum up, use docker if it is suitable for docker deployment, use LXC if it is suitable for source code deployment, and use VM when necessary.
