Linux virtualization technology is the foundation of modern cloud computing and containerized deployment. Mastering virtualization technology is crucial for system architecture and operations.
Virtualization types:
- Full Virtualization: simulates a complete hardware environment through hypervisor, guest operating system requires no modification
- Para-virtualization: guest operating system needs modification to work with hypervisor
- OS-level Virtualization: runs multiple isolated user space instances on the same operating system kernel
KVM (Kernel-based Virtual Machine):
- Virtualization module of the Linux kernel
- Transforms the Linux kernel into a hypervisor
- Requires CPU support for hardware virtualization (Intel VT-x or AMD-V)
- Uses QEMU as device emulator
- Command examples:
- Install KVM: apt install qemu-kvm libvirt-daemon-system libvirt-clients
- Check KVM support: kvm-ok or lsmod | grep kvm
- Create virtual machine: virt-install --name vm1 --ram 2048 --vcpus 2 --disk path=/var/lib/libvirt/images/vm1.qcow2,size=20 --cdrom /path/to/iso
Xen:
- Open source hypervisor
- Supports paravirtualization and full virtualization
- Domain 0 (Dom0): privileged domain, responsible for hardware access and management
- Domain U (DomU): unprivileged domain, runs guest operating system
- Command examples: xl create vm.cfg, xl list
VMware:
- Commercial virtualization solution
- VMware ESXi: enterprise-level hypervisor
- VMware Workstation: desktop virtualization software
- VMware vSphere: virtualization management platform
Docker containers:
- Lightweight virtualization technology
- Shares host kernel, isolates user space
- Image: read-only filesystem template
- Container: running instance of an image
- Common commands:
- docker run: run container
- docker ps: view running containers
- docker images: view images
- docker build: build image
- docker exec: execute command in container
- docker logs: view container logs
- docker stop/start: stop/start container
Kubernetes (K8s):
- Container orchestration platform
- Manages deployment, scaling, and management of containerized applications
- Core concepts:
- Pod: smallest deployment unit
- Service: provides stable network access for Pods
- Deployment: manages Pod replicas and updates
- ConfigMap: configuration data
- Secret: sensitive data
- Common commands:
- kubectl get pods: view Pods
- kubectl get services: view services
- kubectl apply -f yaml: apply configuration
- kubectl logs pod: view logs
LXC (Linux Containers):
- OS-level virtualization
- Shares kernel, isolates processes and network
- Closer to traditional virtual machines than Docker
- Command examples:
- lxc-create: create container
- lxc-start: start container
- lxc-stop: stop container
- lxc-ls: list containers
libvirt:
- Virtualization management API and toolset
- Supports multiple virtualization technologies including KVM, QEMU, Xen, LXC
- Provides unified virtualization management interface
- Command examples:
- virsh list: list virtual machines
- virsh start vm: start virtual machine
- virsh shutdown vm: shutdown virtual machine
- virsh dumpxml vm: view virtual machine configuration
Virtualization networking:
- Bridge: connects virtual machines to physical network
- NAT (Network Address Translation): virtual machines access external network through host
- Host-only: network only between host and virtual machines
- VLAN: virtual local area network
Virtualization storage:
- Image formats: qcow2, raw, vmdk, vdi
- Storage pools: libvirt storage pool management
- Shared storage: NFS, iSCSI, Ceph
Performance optimization:
- CPU affinity: bind virtual machines to specific CPU cores
- Memory ballooning: dynamically adjust virtual machine memory
- Huge Pages: improve memory performance
- virtio: paravirtualized I/O drivers
Virtualization security:
- SELinux/AppArmor: mandatory access control
- Resource limits: cgroups limit CPU, memory, disk I/O
- Network isolation: VLAN, firewall rules
- Image security: regular updates, vulnerability scanning