Juju feedback from the Launchpad Yellow Squad
Kapil Thangavelu
kapil.thangavelu at canonical.com
Tue Feb 21 15:31:16 UTC 2012
Excerpts from Serge E. Hallyn's message of Thu Feb 16 13:29:01 -0500 2012:
> Quoting Clint Byrum (clint at ubuntu.com):
> > Interesting.. I wonder if there is a way to have LXC namespace DBUS
> > without namespacing TCP/IP.
>
> No. Though you theoretically could have LSM deny the container access
> to "/com", but not (yet) with apparmor today.
>
> What exactly is the problem that you have with lxc, which you don't
> have with kvm? Does it help at all to use macvlan or vlan in the
> container with host's eth0 as link?
>
> We should probably discuss and test at UDS.
>
> -serge
Its not really a problem with lxc, or something that we could do with kvm.
We wanted to isolate a charm to always running in a full container, but one of
the challenging aspects is routing the inter host requests between containers
and allowing external access to the containers in a public cloud environment.
Looking over other tools that do full containers in ec2, it appears most of them
do it via higher level application mechanisms for http request routing
(effectively a named virtual host on the host machine forwarding to
backend app servers) combined with dynamic port forwarding on the host for other
protocols with a custom cli frontend that hides the dynamic port for external
access.
cheers,
Kapil
More information about the Juju
mailing list