Hey folks.
I have a small hobby website which has been running for the past 15 years.
It is a Ruby on Rails application. The architecture is nginx proxying to unicorn which wraps the ruby codebase. There are also a couple Resque processes (leveraging Redis) to handle async jobs which need access to the same codebase. The code connects to a database and calls downstream HTTP services over the Internet. Finally there are cronjobs that run application commands.
All of this is currently deployed on an AWS Ubuntu VM which is dedicated to this website.
I want to migrate to an existing Azure FreeBSD 13 VM (henceforth the host), but my lack of experience with a couple key concepts (virtualization and networking) is making things a bit confusing.
First, the host already runs nginx and PostgreSQL without virtualization and I want to re-use them. I am expecting to further leverage these 2 pieces of technology in the future, hence I am okay with having them on the host, easily accessible and manageable. I understand that I could manage them in jails and still re-use them and improve isolation but at this point I don't see enough extra value to do the work. Please let me know if you disagree.
Second, for the rest of the infrastructure I suppose I have multiple options:
Third and finally, I have experimented with jails and vnet, but I am facing confusing issues. I think I will create another thread in the networking section for this but to describe it in a few words:
I am mainly trying the vnet + bridge + epair method following multiple tutorials (ex 1, 2, 3, but also multiple others), but I am not able to get to a state where the jail can access the host or the Internet.
I was able to get a single jail working using vnet + ipv4 = inherit method, but I don't know if that will work for multiple jails and I want them to be able to communicate with each other for future looking reasons.
I am looking for any advice and suggestions related to the overall approach, design of the virtualization/isolation, and dealing with the networking questions.
Please let me know if I can clarify anything.
Thank you in advance for reading this and sharing your inputs.
Cheers!
- ppbitb
I have a small hobby website which has been running for the past 15 years.
It is a Ruby on Rails application. The architecture is nginx proxying to unicorn which wraps the ruby codebase. There are also a couple Resque processes (leveraging Redis) to handle async jobs which need access to the same codebase. The code connects to a database and calls downstream HTTP services over the Internet. Finally there are cronjobs that run application commands.
All of this is currently deployed on an AWS Ubuntu VM which is dedicated to this website.
I want to migrate to an existing Azure FreeBSD 13 VM (henceforth the host), but my lack of experience with a couple key concepts (virtualization and networking) is making things a bit confusing.
First, the host already runs nginx and PostgreSQL without virtualization and I want to re-use them. I am expecting to further leverage these 2 pieces of technology in the future, hence I am okay with having them on the host, easily accessible and manageable. I understand that I could manage them in jails and still re-use them and improve isolation but at this point I don't see enough extra value to do the work. Please let me know if you disagree.
Second, for the rest of the infrastructure I suppose I have multiple options:
- A single bhyve guest with the same infrastructure pieces that exists on the Ubuntu host today, minus nginx and PostgreSQL.
- A single "complete" jail with a similar setup.
- Multiple "service" jails: one for unicorn, one for Resque/Redis, etc... But in that case, I anticipate some challenges: how do I get them to work of the same files for the ruby application, how do I handle the cronjobs?
Third and finally, I have experimented with jails and vnet, but I am facing confusing issues. I think I will create another thread in the networking section for this but to describe it in a few words:
I am mainly trying the vnet + bridge + epair method following multiple tutorials (ex 1, 2, 3, but also multiple others), but I am not able to get to a state where the jail can access the host or the Internet.
I was able to get a single jail working using vnet + ipv4 = inherit method, but I don't know if that will work for multiple jails and I want them to be able to communicate with each other for future looking reasons.
I am looking for any advice and suggestions related to the overall approach, design of the virtualization/isolation, and dealing with the networking questions.
Please let me know if I can clarify anything.
Thank you in advance for reading this and sharing your inputs.
Cheers!
- ppbitb