[lxc-users] Am I misusing LXCs?
Scott Lopez
scottjl at gmail.com
Thu Mar 30 20:25:53 UTC 2017
Is it functioning for you? Yes? Then it isn't wrong. In *nix there are
a dozen ways to skin a cat, and that's before you start scripting in
your language of choice.
Is it the most efficient use? Maybe not. Running a single application
in a LXC container? Maybe you'd be better off with Docker or Rkt. Have
multiple containers to run? Look at CoreOS. Worried about security?
Then maybe separate everything into completely different VMs. Set up
firewalls, vlans and proxies.
So no, you're not misusing LXC. It may not be the best tool for your
job, but your job is running. Be happy!
On Thu, Mar 30, 2017 at 3:20 PM, John Lewis <oflameo2 at gmail.com> wrote:
> It is traditional LXC because LXD wasn't out when I set it up
> originally. I won't build the packages for LXD if I am not even using
> it properly.
>
> I direct incoming connections using iptables with both the the host and
> the virtual router.
>
> I am extremely confident about moving my installation. I will use
> Ansible for the provisioning and the configuration. I will install all
> of the packages I need on a simple VPS. I can still use cgroups to
> control the resource usage of the processes. It will be moderately
> easier for me to secure because it is easy to see where everything is
> and what state everything is in.
>
> I backup the VPS with rsnapshot that is running on a host that I have
> physical access too and I rotate the backup drive to another location.
> The LXCs are disk images.
>
> Could you elaborate on separating data from services?
>
> On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote:
>> Is that the traditional LXC or is it LXD/LXC containers?
>> I have a similar set-up (the latter, with LXD/LXC) and there is also a
>> vsftpd in the mix.
>>
>> I think your question is about best practices and whether your
>> installation adheres
>> to some best practices.
>> How do you direct incoming connections to each container? Do you use
>> iptables or something else?
>> If you where to migrate your installation to another VPS, how
>> confident would you be to do that?
>> How do you get backups? Do you take snapshots as backups?
>>
>> I think that if you reach a point where you separate your data from
>> the services, the management of the containers
>> will become much easier and you will feel more confident with the installation.
>>
>> Simos
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list