[lxc-users] `lxc_attach_run_command` vs normal fork/exec

Ranjib Dey dey.ranjib at gmail.com
Fri Mar 14 19:26:53 UTC 2014


I do have the isolation right? ruby code thats running inside attach can
not touch host file system,has all the namespace isolation in effect, and
 is under cgroup controls of the container. any ruby code (say getting
local users list) executed via attach yields the containers information,
not host information.

if i want to run ruby process as service (like a rails based web app) i'll
certainly install ruby inside the container (might as well just read only
mount the whole app/ruby installation from host, so that its not duplicate,
and i have only one version of my deployement code across containers), but
for management services (like building the container, injecting dynamic
properties like ldap, apache config etc) which can be facilitated by
salt/puppet/chef etc.. why those softwares need to be installed inside the
container? What about monitoring agents .. will you recommend installing an
NRPE daemon inside every container?

apologies if im missing something obvious.. i want isolation, but only for
the deployed services.. for the rest.. i would prefer to reuse host
apparatus . any my understanding is with LXC (container in general) this is
feasible ..

best, ranjib


On Fri, Mar 14, 2014 at 11:45 AM, Dan Kegel <dank at kegel.com> wrote:

> On Fri, Mar 14, 2014 at 11:39 AM, Ranjib Dey <dey.ranjib at gmail.com> wrote:
> > I am trying to understand what is the benefit of lxc_attach_run_command
> over
> > normal fork exec.
>
> Isolation.  It's kind of a basic property of containers.  If you don't want
> isolation, why are you using lxc?
>
> lxc_attach_run_command brings nothing over from
> the host system.  If you want a ruby environment inside the
> container, you need to set it up there before (or during) doing
> lxc_attach_run_command.
> - Dan
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140314/28546bd0/attachment-0001.html>


More information about the lxc-users mailing list