Architecture - acieroid/newsome GitHub Wiki

OS

  • (Hos) 1 host OS (FreeBSD | Linux) per computer
  • (Vos) 50 to 100 Virtual OS (Ezjails | Docker/chroot) per Hos

Storage with ZFS

  • 1 ZFS pool per partition
  • 10 Vos per ZFS pool
  • so, 5 to 10 partition per machine + 1 pool for Hos

Network

  • One IP per jail
  • Traffic with external network goes through the Hos.
  • FW on the Hos, fw rules automatically created (but manually checked before added) at service setup
  • http://swtch.com/plan9port/man/man7/ndb.html làlà
  • On the Hos, a dispatcher redirect traffic for services to the Vos following sub-domain name

Features

  • Possibility to download up to one zfs snapshot per day (see if this is ressources-reasonable)
  • We should make regular backup anyway
  • User come with a service he want to be deployed.
    • If the service needs security, give him a full jail with root@jail & encryption
    • If no, check if there are a jail out there where his project could fit, user@jail
  • Make WORKING backup
  • User needs an IP for himself:
    • give him a full jail but no root & no encryption
  • Did I mentionned backup before?