On 01/22/2016 04:09 PM, Steve Hayman wrote: > I'm currently running 1270 LXC containers in my production > environment, all serving a similar function to that which you describe.
Hello Steve, Nice, I suppose you're happy with the stability, considering the number of containers you run :) > 3.Ansible/bash and the LXC clone function are extremely useful for this! > 4.We specifically have some ansible scripts that create the base > container on each new host, pre-seeded with all the other keys and > setup scripts. When we need a new container we clone this one and then > execute the setup scripts passing in the relevant variables. Seems like a sane approach, I like it. Do you do the pre-seed of all the necessary packages by means of a series of "lxc-execute" commands on the host, by chance? I was thinking of pushing a bash script to the container and running it from inside, but that becomes a bit unreadable. I'd rather have the "lxc-execute" commands listed one by one in ansible and run the playbook against the host, if possible. I wonder if that's the approach you use. Thanks for the helpful reply, I'll be happily get in contact with you in case of questions! > > I'd be happy to go into greater detail if you were interested in > hearing more granular details about how we make it all work! > > Thanks, > -Steve > > On Fri, Jan 22, 2016 at 4:46 AM, Nicola Volpini > <nicola.volp...@kambi.com <mailto:nicola.volp...@kambi.com>> wrote: > > Hello, > > I've been closely observing LXC's development and I'm thrilled by how > fast it grew. Well done! > > We are currently planning to deploy a software load balancer solution. > The LB will serve various VIPs, some exposed to the internet, some > used > internally. > Based on this, we would like to use LXC unprivileged containers to > isolate the load balancer processes, in a setup like this: > > Host: > Br0 - connected to the internal network > Br1 - exposed to the internet > > Container0: > eth0 - attached to br0 > > Container1 (internet facing): > eth0 - attached to br0 > eth1 - attached to br1 > > I initially ruled out LXD since it's apparently very young and > wanted to > base everything on LXC, solid and tested. > Playing with LXD, though, I realized how much more convenient it > is from > an automation point of view: we could configure our containers in > non-modal mode via ansible instead of creating/editing files, and > stuff > like that. > > So, a few questions: > 1. would the setup layout described above make sense? > 2. would it be a risky bet to base the project on LXD instead of pure > LXC? Since LXD uses LXC, I can't see any big security/stability > risks. I > suppose the only concern would be related to changes in the file > format > or in the CLI in later versions. > 3. would it be convenient to build our own templates? I need to be > able > to preseed certain files like the monitoring agent, the > authentication, > and so on into the containers during the installation. An alternative > would be to use Ansible but that would require me to specify the > initial > users anyway, one way or another. > 4. related to templates: I can't find any documentation in the > wild. Any > good resource you can point me to, so I can start studying? > > Thank you! > > > CONFIDENTIALITY NOTICE: This email message (and any attachment) is > intended only for the individual or entity to which it is > addressed. The information in this email is confidential and may > contain information that is legally privileged or exempt from > disclosure under applicable law. If you are not the intended > recipient, you are strictly prohibited from reading, using, > publishing or disseminating such information and upon receipt, > must permanently delete the original and destroy any copies. We > take steps to protect against viruses and other defects but advise > you to carry out your own checks and precautions as Kambi does not > accept any liability for any which remain. Thank you for your > co-operation. > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > <mailto:lxc-users@lists.linuxcontainers.org> > http://lists.linuxcontainers.org/listinfo/lxc-users > > > > > -- > > Stephen Hayman | Zoey Commerce | Ops > > http://www.zoeycommerce.com >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
