LXCs vs VMs - What Was My Rationale?

Good points for using LXC’s over VM’s! I’ve seen multiple ways to passthrough hardware to LXC’s. I’d love to see a definitive video on hardware passthrough to LXC’s! Especially for unprivileged LXC’s

Whilst I completely agree with your rationale Dave and do things the same way (and get flamed on Reddit for it), you could restore a single container on a VM. If you go into the interface of PBS and click on the backup of that machine you want to use, you can actually access to the folder structure of that VM and can download folders directly to your desktop, where you could just scp it back in to your VM.
I don’t myself, as I prefer the simplicity of LXC containers and splitting all my services out.

Just make regular backups of your docker volumes.

I had the same dilemma with my home server.
The reason I use VMs on some mission critical services is due to HA and Backups.
Since I use my NAS's SSD pool as storage via NFS, if 1 node shuts down, the HA manager can migrate without any issues. If I use local-lvm and my node powers off for any reason, HA cannot migrate since the storage is on the offline PVE node. If I use LXC with NFS as storage, backups will fail.
So It's mix and match for me until I upgrade my hardware and move to CEPH, this is my setup.

I am also a total fan of LXC. Fast, small and uses little hard disk space.
The reason why you install Docker in a VM (should not have to) is the security of the Horst server.
We visited the Proxmox developers.
When I asked why not Docker in LXC?
We were shown how. With one LXC (docker ) you can bring down the entire Proxmox Horst.
Nothing happened in a VM.
VM containers use more resources, but prevent a total failure of the server.
The backup strategy for VMs is snapshots + a weekly full backup (stop mode) in individual operation.
Proxmox Backup Server & Cluster Nodes is a separate topic.
It was a very impressive seminar with the developer.
I apologize for my English, writing in a foreign language on a cell phone is a disaster.
Greetings from Germany

I had this exact question while watching the video. I like, and would almost say that I prefer, LXC containers to a VM running multiple Docker containers but think there's a balance to be struck between the two. I think I saw/read from another UA-camr I follow (can't remember who it was at the moment) that hosted LXC's for internal-only applications and did a VM with Docker for anything that was exposed to the internet, which probably makes sense from a threat surface standpoint. Great to hear your rationale!

I like the new yellow backgrounds you are using in your last two videos, it really does make them stand out from the crowd.

Great video and I completely agree with you. I have had one of the containers within a proxmox VM get corrupted by an update, and had to revert to an earlier backup of the whole VM to recover, but that meant I was restoring to an older version of everything else in that VM which was annoying as well. So now I strategically choose what can be in the same VM and what I split across multiple VMs.

Only the ignorant would “need” convinced!
But the TRUE geeks, it’s just another FAD for the WEAK!

If you can containerise it then it should be containerised, the real question I keep going back and forth between docker and lxc. Half my services are on LXC and the other half are on docker.

Totally you are right 👍👍👍

I wish I had that "monkey brain" Great video, man! ❤

@db tech just curious what are the machines specs for these LXC containers for the single services? Just started setting up my home lab so looking for some recommendations. Thanks

Man! That's starts like a soapy opera 2.30 min same 6 words different order

2:27 'isn't a VM' ???, thought it was, or not ?. I must dip out here before total confusion sets in as I am a very new Proxmox user and fear taking the wrong road in the early days. But thks for the attempt at the compare but I guess unless you already know what you are doing I feel this vid will confuse, I need a clear and concise vid to get me through this, better luck next time, thks for the effort and Kind Rgds.

Makes complete sense. I may be wrong, but an LXC is essentially a container just running in proxmox natively instead of something like portainer on a VM. Least that's how I understand them

I have two points. 1. I do agree with you on LXC vs Docker. Of course, majority of us do the easy docker-compose templates mixing quite stagnant configuration files with databases (mysql, postgress...). The recovery dilemma could be solved by keeping databases in separate dedicated LXC/VMs replicated at least to one extra instance. There is no reason to create separate mysql installation for every application. They could be combined, which long term simplifies backups and recoveries (IMHO).
2. The issue of having multiple instances of DNS (or homepage) apps. Implementing vip failover with Keepalived solves it beautify. Quick and easy installation, but the benefit of losing DNS resolution for 1 second is just priceless. My pain Pihole runs as LXC container on Proxmox, and its failover backup (updated by gravity-sync every 15 mins) on a raspberry pi 3.
Also on question: why don't your production Proxmox server run in a cluster? Just wondering.

Love the plan. But I moved away from proxmox because of kernel error which crashed my system. Backup was on the same disk so that was quite a nightmare for me. Maybe another video for us if you have a backup plan for this scenario?

Loved the rational, especially the snapshot restore. I guess my two lazy points are what would keep from doing it.
1. Manually updating by logging in and pulling images, etc.
2. Having to think about resources for each lxc.
My favorite thing about docker in a VM is I don't have to care if one container uses more resources than another. Only have to monitor the overall VM system usage.
Either way though, going to move pi hole to an lxc for sure!

Good thing about LXC you can run docker inside of it as well. Outside of running desktops, security onion, and a few rdp managers, VM not really needed.

I hope those are all unprivelaged lxcs.
For security you could run one VM and all the services on their own LXC in that VM and backup each lxc separately, like you do, and just save backups to a smb share. Backing up method would be a bit different, but you could probably make it work for you. Passing through, or different backup solution that produces same backup file type, or something.
Fun challenge, if nothing else.

hi, the way you suggested doing things in terms of easy backup also exist for a monolithic docker host too. most of the ways people do it (like me) are to make use of BTRFS snapshotting and also to make use of docker compose bindmounts. so you'd create a directory like /appdata/utility_name and then you'd have timeshift or snapper or btrfs-progs or whatever similar utility then snapshot that /appdata/ at regular intervals (either on another separate disk or as part of a mirror) and should something bad happen to any specific docker container then its as simple as just going into that specific subvolume (snapshot) for the files and yoinking them out

What template/OS do you use for your LXCs?

So very happy that you are back to posting videos. Missed ya man!

I go for an LXC out of the gate because my lab doesn't have a lot of horsepower and I like how lightweight they are. I tried getting AWX running in an LXC and couldn't make it work. It's a hobby for me and getting frustrated makes me stop before pulling my hair out so i don't completely give up on it from burnout. I'd be curious to see if anyone has won that battle and what their process was.

I use LXC's exclusively too. So much better.

Great point never thought of it like that. Can you do a video on how you created your lxc template and how you map external storage to it please?

good to see you back :)
also just realised i've been spruiking your vids and i wasn't even subbed 🤦‍♀

well, that is very interesting but can i go one step further? I run my services in docker on ubuntu server. what would be the difference from that to running docker inside an lxc. Sounds to me like an inception of containers... I mean there might be a reason why people recommend doing it that way, but I just can't get the reason why.

Makes sense to me. Thanks for sharing.

As per usual - Really great info.

I think I was with you until 5:35. From my understanding, since the data (shouldn't) be in the VM itself, just mounted, it's just the configurations that needs to be restored. And even if you don't have something like Anisble, Terraform, or something like that for auto-deployments, even just making a backup of the docker compose file used to setup the docker in the VM should be good enough. Now, this only doesn't make sense if you don't update your docker compose file each time any updates are done, and I would encourage you to do that, if you don't already. Of course, the other reason why this approach wouldn't work is that you're storing your VM data directly on the VM, instead of stored outside, to be mounted inside. Depending on your setup, this may the best way, and then your rational sorta makes sense, but even then, not really. Because data compromise is data compromise, regardless of what manner of container you're using. And you're already using Proxmox, so setting up your storage in Proxmox (NFS, ISCSI) shouldn't be that much more difficult than your current setup.
Your rational at 7:30 is probably the only one that is objectively true. Memory usage should also decrease slightly using LXCs vs VMs, which allows you to have much more LXCs at the same time running than that amount of VMs. At this point, I must ask: What's the point of using Docker if you're just running 1-2 apps per LXC? Shave down the resources more and just run them 'baremetal' on the LXC.

Sad that your main reason is “backups”!
If so, you are only one full generation BEHIND!
(Backups are NOT an issue for “some”).