Re: [lxc-users] Am I misusing LXCs?
Is it functioning for you? Yes? Then it isn't wrong. In *nix there are a dozen ways to skin a cat, and that's before you start scripting in your language of choice. Is it the most efficient use? Maybe not. Running a single application in a LXC container? Maybe you'd be better off with Docker or Rkt. Have multiple containers to run? Look at CoreOS. Worried about security? Then maybe separate everything into completely different VMs. Set up firewalls, vlans and proxies. So no, you're not misusing LXC. It may not be the best tool for your job, but your job is running. Be happy! On Thu, Mar 30, 2017 at 3:20 PM, John Lewiswrote: > It is traditional LXC because LXD wasn't out when I set it up > originally. I won't build the packages for LXD if I am not even using > it properly. > > I direct incoming connections using iptables with both the the host and > the virtual router. > > I am extremely confident about moving my installation. I will use > Ansible for the provisioning and the configuration. I will install all > of the packages I need on a simple VPS. I can still use cgroups to > control the resource usage of the processes. It will be moderately > easier for me to secure because it is easy to see where everything is > and what state everything is in. > > I backup the VPS with rsnapshot that is running on a host that I have > physical access too and I rotate the backup drive to another location. > The LXCs are disk images. > > Could you elaborate on separating data from services? > > On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote: >> Is that the traditional LXC or is it LXD/LXC containers? >> I have a similar set-up (the latter, with LXD/LXC) and there is also a >> vsftpd in the mix. >> >> I think your question is about best practices and whether your >> installation adheres >> to some best practices. >> How do you direct incoming connections to each container? Do you use >> iptables or something else? >> If you where to migrate your installation to another VPS, how >> confident would you be to do that? >> How do you get backups? Do you take snapshots as backups? >> >> I think that if you reach a point where you separate your data from >> the services, the management of the containers >> will become much easier and you will feel more confident with the >> installation. >> >> Simos >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Am I misusing LXCs?
It is traditional LXC because LXD wasn't out when I set it up originally. I won't build the packages for LXD if I am not even using it properly. I direct incoming connections using iptables with both the the host and the virtual router. I am extremely confident about moving my installation. I will use Ansible for the provisioning and the configuration. I will install all of the packages I need on a simple VPS. I can still use cgroups to control the resource usage of the processes. It will be moderately easier for me to secure because it is easy to see where everything is and what state everything is in. I backup the VPS with rsnapshot that is running on a host that I have physical access too and I rotate the backup drive to another location. The LXCs are disk images. Could you elaborate on separating data from services? On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote: > Is that the traditional LXC or is it LXD/LXC containers? > I have a similar set-up (the latter, with LXD/LXC) and there is also a > vsftpd in the mix. > > I think your question is about best practices and whether your > installation adheres > to some best practices. > How do you direct incoming connections to each container? Do you use > iptables or something else? > If you where to migrate your installation to another VPS, how > confident would you be to do that? > How do you get backups? Do you take snapshots as backups? > > I think that if you reach a point where you separate your data from > the services, the management of the containers > will become much easier and you will feel more confident with the > installation. > > Simos > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Am I misusing LXCs?
On Thu, Mar 30, 2017 at 8:53 PM, John Lewiswrote: > I build an LXC network on my VPS to separate all of my personal service > from each other how similar they are to each other while not having to > buy more VPS that I don't utilize intensely. Both my containers and my > host are running Debian 8. > > I made a container for Email communications (Email and PBX) Two for > authentication, One for web sites one for SQL Database and one for DNS > DHCP. > > It was a nice learning experience, but right now, I think the setup is > annoying to maintain because this wasn't the simplest configuration I > could have used. > > Should I even use containers for this kind of thing? If I should use > containers at all, how should I use them? > Is that the traditional LXC or is it LXD/LXC containers? I have a similar set-up (the latter, with LXD/LXC) and there is also a vsftpd in the mix. I think your question is about best practices and whether your installation adheres to some best practices. How do you direct incoming connections to each container? Do you use iptables or something else? If you where to migrate your installation to another VPS, how confident would you be to do that? How do you get backups? Do you take snapshots as backups? I think that if you reach a point where you separate your data from the services, the management of the containers will become much easier and you will feel more confident with the installation. Simos ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Am I misusing LXCs?
I build an LXC network on my VPS to separate all of my personal service from each other how similar they are to each other while not having to buy more VPS that I don't utilize intensely. Both my containers and my host are running Debian 8. I made a container for Email communications (Email and PBX) Two for authentication, One for web sites one for SQL Database and one for DNS DHCP. It was a nice learning experience, but right now, I think the setup is annoying to maintain because this wasn't the simplest configuration I could have used. Should I even use containers for this kind of thing? If I should use containers at all, how should I use them? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users