> 2014-09-11 2:37 GMT+02:00 Damjan Georgievski <[email protected]>: > >> On 11 September 2014 01:15, Jacob Rief <[email protected]> wrote: >> > When building Docker containers, one must run services such as nginx, >> sshd >> > and uwsgi controlled by supervisord. >> >> http://jpetazzo.github.io/2014/06/23/docker-ssh-considered-evil/ >> "If you run SSHD in your Docker containers, you're doing it wrong!" >> >> > I fully agree on that for medium to big deployments. But sometimes you > want > to deploy a self-contained web-application which just runs out of the box > and has everything inside: MySQL, NGiNX, uWSGI+Django. Here sshd is > required to run fabric, and Docker is a nice alternative to OpenVZ. > Obviously not very scalable, but sometimes you just have a few 100 page > views a day. > _______________________________________________ >
in the uwsgi.it platform every user can spawn the service he/she needs but ssh is a service running on the main host and (thanks to a pam module) 'attaching' a session to a specific namespace using the setns() call soon after authentication. This is the pam module (you need to adapt some #define for beign useful in every context): https://github.com/unbit/pam-unbit and to expose the 'setns' socket you only need to add the --setns-socket <path> option. That socket will allow a process running in the host (like the sshd session) to 'enter' a new namespace (the one, in uwsgi.it case, managed by the Emperor) -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
