> Well, we would use docker internally, as a way of managing the different > system images we offer our users, so it wouldn't be a matter of allowing > users to ask to run arbitrary docker images. The assumption is that we > would have the images locally.
This is exactly what we are doing internally, we are tired of rolling up our images, that is why we developed dockstrap: access to dozens of ready to use root filesystems from docker :) > > Instead, we want to be able to run our uwsgi vassal workers from inside > docker containers, instead of just running them as regular chrooted > processes... Does that make sense? if you already have a name-space based setup in your current infrastructure you only need to directly use the docker images (for example if you are already using emperor-use-clone or unshare you do not need another layer with docker). Compared with plain chroot docker is absolutely better as it uses a more strong approach (in terms of security and isolation). In addition to this docker has pretty transparent network namespaces too, that in some context could be a great addition (no idea if it could be useful for pythonanywhere) -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
