I am trying to setup a server where I would be running multiple apps. Mostly internal but could also be open source projects like Redmine. They would all be Rails/Ruby apps/test scripts running on headless browsers. In essence, I am trying to setup a heroku like environment internally and wanted some sort of process isolation between these running processes.
I first stumbled upon chroot jails and then learnt about LXC. LXC seems to offer a better control over plain chroot jails. I have an nginx frontend and I would like to run the webserver app processes (thin/mongrel/webrick) in isolated containers. Usually we simply start off these processes on the local ip address and have nginx proxy to them. What is the best way to get this done? Do people setup a static bridged IP for the container and have nginx point to it? How do I ensure that webservers running in the containers are only accessible to host outside?
Documentation about LXC seems to be a bit sparse. Pointers to some good tutorials or HOWTOs would be greatly appreciated. My target deployment environment is a Lucid 64 bit box.
P.S. I am not a linux guru. So, be gentle.
Let’s assume that your own IP is 192.168.1.1, your gateway is 192.168.1.254 and your network is 192.168.1.0/24.
You should make a bridged interface on your host machine, like this in /etc/network/interfaces file
auto lo iface lo inet loopback auto br0 iface br0 inet static address 192.168.1.1 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.254 bridge_ports eth0 bridge_stp off bridge_fd 3 bridge_hello 1 bridge_maxage 5
and then install a basic ubuntu in LXC:
apt-get install lxc vlan bridge-utils python-software-properties screen mkdir /lxc debootstrap oeniric /lxc/ubuntu chroot ubuntu locale-gen en_US.UTF-8 apt-get update apt-get install lxcguest ssh passwd rm /etc/mtab ln -s /proc/mounts /etc/mtab exit
create a file /lxc/ubuntu.config with the content
lxc.utsname = ubuntu lxc.tty = 8 lxc.rootfs = /lxc/ubuntu lxc.mount = /lxc/ubuntu.fstab lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth0 lxc.network.mtu = 1500 lxc.network.ipv4 = 192.168.1.10/24
none /lxc/ubuntu/dev/pts devpts defaults 0 0 none /lxc/ubuntu/proc proc defaults 0 0 none /lxc/ubuntu/sys sysfs defaults 0 0 none /lxc/ubuntu/run tmpfs defaults 0 0
add to /lxc/ubuntu/etc/rc.local
route add default gw 192.168.1.254
edit /lxc/ubuntu/etc/resolv.cont according your needs.
Then you can create your machine with
lxc-create -f /lxc/ubuntu.config -n ubuntu
lxc-start -n ubuntu
lxc-stop -n ubuntu
or finally destroy
lxc-destroy -n ubuntu
Your new virtual machine will have the IP 192.168.1.10 and will be accessible on the network.
No related posts.