

Ask HN: LXC container inside a VM : is it good for scalability? - yannovitch

Hello,<p>Who am I ? 
I'm a french "studentrepeneur", doing distance studies in Computer Science &#38; Business, and working on my companies during the day.<p>What is my problem ?
(/!\ Test conditions, not in production /!\) 
I have implemented an hybrid private/public cloud (using OpenStack &#38; OpenNebula) with AMI provisioning. As such, I can use by default my own dedicated servers, then scale up with Amazon EC2 instances if I get too much charge on my private instances.
As such, I have one pool of VM by function : load balancer, one pool for webserver , one pool for proxy, one for DBB, and so forth ...
I use a mix of different technologies, PHP, Python, and I'm even thinking of trying Go. I use Nginx as reverse proxy and as webserver.<p>Now, all the domains are grouped ( clusterized) together, so they are VM agnostic : I can add as much instance as I want, it will always be presented to the domain as just one big resourceful physical server, not many VM.<p>What I would like to do now is to add more security  by putting each domain in a LXC container.
But I wonder, if I include container, won't it break my scalability model ?
If yes, should I use a totally different model ? Like, not using a clusterized model but rather a lot of different instances with one per domain ?
As it's in test and not in production, I can still break everything ;).<p>Yann
======
dilithiumhe3
This is a pretty common thing if you want to get absolute separation for
applications within a single (large) vm and is used extensively in the PaaS
world. Have a look at cloudfoundry (look on github). This is how it manages
containers for each application. Heroku, dotCloud and others seems to follow
similar approaches.

Long answer short, a lxc container would look like a self-contained vm to
everything outside and from within (except for the controlling vm). You can go
with the existing model but I would recommend using one container per
application/service. Also have a look at:
<https://github.com/dotcloud/docker‎>

~~~
yannovitch
When you say "one container per application/service", you mean I should use

\- one container = one domain ? with www.example.com, have one container for
www.example1.com with all the services included (webserver_example1,
database_example1,...) in one container ? and so forth with www.example2.com,
...

\- one container = one service ? have a VM_DB for all the database with
container1 = database_example1, container2 = database_example2, ... have a
VM_WebServer with container1 = webserver_example1, ... ?

which approach work the best if i keep adding more and more VM (with container
inside this VM) ??

------
yannovitch
OK, after having read the whole night, I think I will go with OpenShift to
have Paas on top of the OpenStack Iaas.

This kind of thing looks like what I want to have :
<https://www.openshift.com/wiki/architecture-overview>

Moreover, when I will have other Saas needs, looks like it will be more easy
to deploy.

Y

