We're not using emperor-use-clone or unshare. We do have a script that
builds a root filesystem (manually) for each user using a base template
directory, plus overlayfs and some bind mounts, but we'd like to be able
to switch that out for using docker/aufs...
--
Harry Percival
Developer
[email protected]
PythonAnywhere - a fully browser-based Python development and hosting
environment
<http://www.pythonanywhere.com/>
PythonAnywhere LLP
17a Clerkenwell Road, London EC1M 5RD, UK
VAT No.: GB 893 5643 79
Registered in England and Wales as company number OC378414.
Registered address: 28 Ely Place, 3rd Floor, London EC1N 6TD, UK
On 11/09/14 12:10, Roberto De Ioris wrote:
Well, we would use docker internally, as a way of managing the different
system images we offer our users, so it wouldn't be a matter of allowing
users to ask to run arbitrary docker images. The assumption is that we
would have the images locally.
This is exactly what we are doing internally, we are tired of rolling up
our images, that is why we developed dockstrap: access to dozens of ready
to use root filesystems from docker :)
Instead, we want to be able to run our uwsgi vassal workers from inside
docker containers, instead of just running them as regular chrooted
processes... Does that make sense?
if you already have a name-space based setup in your current
infrastructure you only need to directly use the docker images (for
example if you are already using emperor-use-clone or unshare you do not
need another layer with docker). Compared with plain chroot docker is
absolutely better as it uses a more strong approach (in terms of security
and isolation). In addition to this docker has pretty transparent network
namespaces too, that in some context could be a great addition (no idea if
it could be useful for pythonanywhere)
_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
