Re: [lxc-users] Am I misusing LXCs?

[Scott Lopez]

Is it functioning for you? Yes? Then it isn't wrong. In *nix there are
a dozen ways to skin a cat, and that's before you start scripting in
your language of choice.

Is it the most efficient use? Maybe not. Running a single application
in a LXC container? Maybe you'd be better off with Docker or Rkt. Have
multiple containers to run? Look at CoreOS. Worried about security?
Then maybe separate everything into completely different VMs. Set up
firewalls, vlans and proxies.

So no, you're not misusing LXC. It may not be the best tool for your
job, but your job is running. Be happy!


On Thu, Mar 30, 2017 at 3:20 PM, John Lewis  wrote:
> It is traditional LXC because LXD wasn't out when I set it up
> originally.  I won't build the packages for LXD if I am not even using
> it properly.
>
> I direct incoming connections using iptables with both the the host and
> the virtual router.
>
> I am extremely confident about moving my installation. I will use
> Ansible for the provisioning and the configuration. I will install all
> of the packages I need on a simple VPS. I can still use cgroups to
> control the resource usage of the processes. It will be moderately
> easier for me to secure because it is easy to see where everything is
> and what state everything is in.
>
> I backup the VPS with rsnapshot that is running on a host that I have
> physical access too and I rotate the backup drive to another location.
> The LXCs are disk images.
>
> Could you elaborate on separating data from services?
>
> On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote:
>> Is that the traditional LXC or is it LXD/LXC containers?
>> I have a similar set-up (the latter, with LXD/LXC) and there is also a
>> vsftpd in the mix.
>>
>> I think your question is about best practices and whether your
>> installation adheres
>> to some best practices.
>> How do you direct incoming connections to each container? Do you use
>> iptables or something else?
>> If you where to migrate your installation to another VPS, how
>> confident would you be to do that?
>> How do you get backups? Do you take snapshots as backups?
>>
>> I think that if you reach a point where you separate your data from
>> the services, the management of the containers
>> will become much easier and you will feel more confident with the 
>> installation.
>>
>> Simos
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Am I misusing LXCs?

[John Lewis]

It is traditional LXC because LXD wasn't out when I set it up
originally.  I won't build the packages for LXD if I am not even using
it properly.

I direct incoming connections using iptables with both the the host and
the virtual router.

I am extremely confident about moving my installation. I will use
Ansible for the provisioning and the configuration. I will install all
of the packages I need on a simple VPS. I can still use cgroups to
control the resource usage of the processes. It will be moderately
easier for me to secure because it is easy to see where everything is
and what state everything is in. 

I backup the VPS with rsnapshot that is running on a host that I have
physical access too and I rotate the backup drive to another location.
The LXCs are disk images.

Could you elaborate on separating data from services?

On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote:
> Is that the traditional LXC or is it LXD/LXC containers?
> I have a similar set-up (the latter, with LXD/LXC) and there is also a
> vsftpd in the mix.
> 
> I think your question is about best practices and whether your
> installation adheres
> to some best practices.
> How do you direct incoming connections to each container? Do you use
> iptables or something else?
> If you where to migrate your installation to another VPS, how
> confident would you be to do that?
> How do you get backups? Do you take snapshots as backups?
> 
> I think that if you reach a point where you separate your data from
> the services, the management of the containers
> will become much easier and you will feel more confident with the 
> installation.
> 
> Simos
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Am I misusing LXCs?

[Simos Xenitellis]

On Thu, Mar 30, 2017 at 8:53 PM, John Lewis  wrote:
> I build an LXC network on my VPS to separate all of my personal service
> from each other how similar they are to each other while not having to
> buy more VPS that I don't utilize intensely. Both my containers and my
> host are running Debian 8.
>
> I made a container for Email communications (Email and PBX) Two for
> authentication, One for web sites one for SQL Database and one for DNS
> DHCP.
>
> It was a nice learning experience, but right now, I think the setup is
> annoying to maintain because this wasn't the simplest configuration I
> could have used.
>
> Should I even use containers for this kind of thing? If I should use
> containers at all, how should I use them?
>

Is that the traditional LXC or is it LXD/LXC containers?
I have a similar set-up (the latter, with LXD/LXC) and there is also a
vsftpd in the mix.

I think your question is about best practices and whether your
installation adheres
to some best practices.
How do you direct incoming connections to each container? Do you use
iptables or something else?
If you where to migrate your installation to another VPS, how
confident would you be to do that?
How do you get backups? Do you take snapshots as backups?

I think that if you reach a point where you separate your data from
the services, the management of the containers
will become much easier and you will feel more confident with the installation.

Simos
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users