Things were going smooth with the feature set we had in Projspace. It was doing well with whatever it promised, then suddenly it occurred to us that clients may care about having root access and those who ask for dedicated resources like RAM and CPU. This would have resulted in numerous instances from EC2.

What’s Projspace?

Projspace is a release management tool with isolated dev, test, and prod environments for web based applications. It now includes the handy project and issue tracker, Redmine.

Thanks to Daniel Lezcano for creating control groups in Linux kernel. Because of this, we’ve decided to unleash the power of LXC. There are many challenges we have if we go with Amazon’s instances. Reboots won’t persist IP addresses; Projspace would require a lot of management with multiple instances, and a lot of API transactions would happen. So we decided to go with an instance in Amazon VPC and have containers in it.

We’ve defined our subnet, created LXC container, reserved an IP for the container, made Projspace reach it, and do whole operations. Amazon won’t be aware of the IP address we have in the container because we use a host bridge, but it didn’t become a great problem for us to maintain it in an XML or JSON. Also, we’re hosting sites in the containers using Apache Reverse Proxy.

This added extra elasticity to the popular EC2. As we use Cgroups, we can offer clients to choose whatever amount of RAM and CPU they require. Thereby, giving them fine-grained control to existing EC2 offerings. However, after solving the issue of isolating instances, it was hard to associate the private IP addresses of the containers to an Elastic IP which made SSH root access a problematic.

Now, thanks to using GateOne, we can hop onto any container. We would offer the credentials of the container in the Projspace’s Configuration page and provide a way for the client to get the SSH access.

However, we haven’t gone public with this architecture. We do have a well tested POC (Proof of Concept) in hand. On the whole, with this architecture we are still able to keep Projspace simple and make it do whatever it used to do, but in isolated containers from now on.

Related Articles

This article was originally published September 18, 2013. It has been updated since then for clarity.