[Lxc-users] Proper way to use LXC to serve multiple apps execution from outside
Fajar A. Nugraha
list at fajar.net
Thu May 10 13:39:33 UTC 2012
On Thu, May 10, 2012 at 8:19 PM, Đỗ Hoàng Khiêm <dohoangkhiem at gmail.com> wrote:
> Thanks Fajar,
>
> I admit that something is not really clear in my description, but it seems
> that you misunderstood what I mean.
> My web application is just an entry point to receive application (in fact,
> script code) and execution request, the web application doesn't need to run
> inside an isolated environment, but the user application (code, for example
> a python script) which client submit to my system needs it. Each python
> script will be executed in an isolated environment, independently of each
> other or my main web application.
That makes more sense.
> And a Lxc probably what I need to achieve
> that goal?
>
> Does it make sense?
Possibly.
I actually think you'd probably need something similar to Ubuntu's
build farm. To achieve best isolation and security, you can create a
fresh environment (either using lxc template script, or using a
tar/filesystem/snapshot template) for each submitted script, and then
run it. I'd say ignore lxc-execute, it's too much hassle to get to
work properly for now. Instead, you could make sure that the script is
started automatically (e.g. put in rc.local), and start the container
normally with lxc-start. After it finished running, destroy the
container completely.
Of course that's just one option, not the ONLY option.
--
Fajar
More information about the lxc-users
mailing list