

Build Your Own SaaS Using Docker (cs50x project) - julien421
http://www.memcachedasaservice.com/

======
julien421
Hello!

This website is a proof of concept with a simple Memcached SaaS. It is my
final project for cs50x that ended this sunday. Please tell me what you think
:)

\+ You can read the how-to on SlideShare:
[http://www.slideshare.net/julienbarbier42/building-a-saas-
us...](http://www.slideshare.net/julienbarbier42/building-a-saas-using-docker)

\+ You can see the source on GitHub:
<https://github.com/jbarbier/SaaS_Memcached>

~~~
chrisfarms
Fun little project. Well done.

Giving a public facing application sudo powers (even limited ones) is a little
scarey. If I understood your documentation I believe if I somehow got onto
your box I could escalate to root just by editing your iptables scripts. You
probably want to ensure www-data (or anyone) cannot write to these files :-)

~~~
julien421
ouch! thank you! :) let's -w!

~~~
chrisfarms
Here's a nice comment on some of the dangers of setuid/sudo on shell scripts.
The more you know...

[http://unix.stackexchange.com/questions/364/allow-setuid-
on-...](http://unix.stackexchange.com/questions/364/allow-setuid-on-shell-
scripts/2910#2910)

~~~
julien421
Thank you Chris. So a better way would be a compile an executable instead of
using a shell script?

~~~
shykes
Or run the webapp itself inside a docker container? :)

------
siliconc0w
What would be a good way of reliably farming out docker daemons to worker
nodes? Mesos is a bit heavyweight but a docker-mesos framework could be pretty
cool for programmatically scaling up or down dockers across worker nodes.

~~~
shykes
Yes, I agree it would be awesome. And the heavyweight problem could be solved
by bootstrapping mesos itself from a nicely packaged docker container. Turtles
all the way down :)

~~~
shykes
I created an issue for integrating Docker as a Mesos agent.
<https://github.com/dotcloud/docker/issues/410>

If anybody with Mesos experience wants to lend a hand, I would love to give
this a try. Say hi on the issue!

------
jmsduran
A very informative paper on Docker, will definitely help me out when I start
playing around with it. Well done!

------
instakill
Also, I've just submitted some tips for getting the best out of memcached in
case anyone is interested <https://news.ycombinator.com/item?id=5560764>

------
steeve
Nice job, damn docker is nice!

~~~
tachion
I would love to see something like that built on piece of a bit better
technology, like FreeBSD Jails. I've tried to use LXC but it seems to be
heavily fragmented (works a bit differently on Ubuntu, Debian and other
distros), less secure (issues with remountability filesystems of root from
inside of the container, and others) and in addition to that FreeBSD has some
other neat things, like ZFS and CARP.

~~~
bcantrill
For whatever it's worth, OS-based virtualization is one of the core tenants of
SmartOS[1] -- an illumos derivative that makes heavy use of zones (which were
inspired by FreeBSD jails). And it also has ZFS, natch. ;)

[1] <http://smartos.org>

Update/clarification: SmartOS is running tens of thousands of VMs and virtual
OS containers in production at Joyent -- and has for years. It is new in
nomenclature and exposure, perhaps, but not in terms of core technology or
production readiness.

~~~
tachion
I am familiar with remainings of Solaris, that is Illumos and its
technologies, likes zones, dtrace and native ZFS, but the problem is that I
personally wouldnt be very hasty to use such young OS in production, and I
think I would have even more issues with convincing the management layer to do
so, once I would manage to convince myself ;) But, even if that'd happen,
that's again just another good stack, like FreeBSD and Jails, and not fancy
framework like Docker.

~~~
jpetazzo
I'm not sure what you're referring to when you say "such young OS". Solaris
zones and ZFS have been around for almost a decade. Docker is young, but it
wraps around LXC, cgroups, AUFS, and namespaces. Cgroups and AUFS were
introduced in 2006. Namespaces are more recent, but they are basically a
reimplementation of concepts from OpenVZ and VServer (and the latter is more
than 10 years old). FreeBSD jails are great, and they have also been around
for a while; but they are still lacking a lot of features (a jail doesn't have
its own network stack, and resource accounting and limiting isn't as evolved
as what cgroups provide), and unionfs is far from being as stable as AUFS.

Don't misunderstand me: FreeBSD jails are awesome if you're doing FreeBSD and
want lightweight virtualization. For the rest of us, LXC is just as awesome,
and docker lowers the barrier of entry considerably!

My 2c.

