[lxc-users] Thoughts on containers to virtualize a Load Balancer's virtual contexts

Nicola Volpini nicola.volpini at kambi.com
Fri Jan 22 09:46:15 UTC 2016 

Hello,

I've been closely observing LXC's development and I'm thrilled by how
fast it grew. Well done!

We are currently planning to deploy a software load balancer solution.
The LB will serve various VIPs, some exposed to the internet, some used
internally.
Based on this, we would like to use LXC unprivileged containers to
isolate the load balancer processes, in a setup like this:

Host:
Br0 - connected to the internal network
Br1 - exposed to the internet

Container0:
eth0 - attached to br0

Container1 (internet facing):
eth0 - attached to br0
eth1 - attached to br1

I initially ruled out LXD since it's apparently very young and wanted to
base everything on LXC, solid and tested.
Playing with LXD, though, I realized how much more convenient it is from
an automation point of view: we could configure our containers in
non-modal mode via ansible instead of creating/editing files, and stuff
like that.

So, a few questions:
1. would the setup layout described above make sense?
2. would it be a risky bet to base the project on LXD instead of pure
LXC? Since LXD uses LXC, I can't see any big security/stability risks. I
suppose the only concern would be related to changes in the file format
or in the CLI in later versions.
3. would it be convenient to build our own templates? I need to be able
to preseed certain files like the monitoring agent, the authentication,
and so on into the containers during the installation. An alternative
would be to use Ansible but that would require me to specify the initial
users anyway, one way or another.
4. related to templates: I can't find any documentation in the wild. Any
good resource you can point me to, so I can start studying?

Thank you!


CONFIDENTIALITY NOTICE: This email message (and any attachment) is intended only for the individual or entity to which it is addressed. The information in this email is confidential and may contain information that is legally privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you are strictly prohibited from reading, using, publishing or disseminating such information and upon receipt, must permanently delete the original and destroy any copies. We take steps to protect against viruses and other defects but advise you to carry out your own checks and precautions as Kambi does not accept any liability for any which remain. Thank you for your co-operation.

More information about the lxc-users mailing list