[lxc-users] base container for multiple children on zfs
Fajar A. Nugraha
list at fajar.net
Wed Dec 14 02:49:23 UTC 2016
On Wed, Dec 14, 2016 at 12:51 AM, Volker Cordes <mail at vcordes.info> wrote:
> Hello,
>
> I would like to set up a hosted web app with lxd. I was thinking of
> using a separate container for each user by creating a base container
> with the webapp preinstalled, publishing it as an image and create the
> user containers using this image. While thinking about this, some
> question came into mind:
>
> - Is it correct, that when the base container has to be updated, I still
> have to update every user container,
Yes
> because zfs is block based and not
> file based?
Not really
> Would it be better to use overlayfs as a backend?
>
>
I wouldn't recommend that. Using overlayfs, and updating the base, might
actually lead to unpredicatable results in some cases. In general, if
you're using overlayfs/aufs/similar, you shouldn't touch the base.
IIRC solaris zones allows update-in-the-hosts to propagate to the guest
(non-global zone). But they achieve that by read-only-bind-mounting /usr
from the global zone.
Docker has something similar to "upgrade one image, upgrade all" feature.
But they achieve it basically by rebuilding the container when one of the
base image is updated.
> - I would like to have a separate data partition inside each user
> container, where user specific data is stored.
Yes
> Is it possible to create
> manual file systems inside the lxd zfs pool? Or could it happen that
> they get lost (deleted by lxd for example) so that I should use a
> different zfs pool for that?
Use different dataset
> How can I mount the filesystem inside the
> container - is this supported by the disk device or do I have to mount
> them on the host and use a bind mount?
Basically bind mount. Even if you specifiy a block device, it will be
mounted on the host first, and then bind-mounted to the container.
> This would allow me to update
> only the base image, create a new container and just mount the data
> partition, so I wouldn't have to update every user container.
>
>
lxc config edit ...
https://github.com/lxc/lxd/blob/master/doc/configuration.md
> - How do I back up the data? Would zrep work? If yes, is it possible to
> back up the whole pool or do I have to backup the containers and the
> images filesystem separately? For fast recovery it would be nice to just
> mirror the whole pool to another server. Or should I use DRBD for that?
>
>
Depends on what you need.
If you backup the whole dataset used by lxd (e.g. data/lxd and its
children), as well as /var/lib/lxd (I put this on zfs too, on a separate
dataset, e.g. data/lib/lxd), and other relevant host-side config (e.g.
ufw's NAT config for the containers), then you should be able to bring up
the complete containers on another host using backup data. If you ONLY need
to backup ONE container, then just use whatever method to backup that one
dataset, as well as the lxc config (lxc config show ... )
Based on my experience with drbd, I wouldn't use that (added complexity,
reduced performance esp. in dual-active setup). At least, not if you don't
need (near)-realtime backups.
I'd just use zfs incremental send (using whatever frontend you're familiar
with), with the consequence that you have some delay (e.g. 1 hour, 1 day,
whatever), depending on your sync schedule.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161214/1c2744fb/attachment.html>
More information about the lxc-users
mailing list