-
Notifications
You must be signed in to change notification settings - Fork 1
/
NOTES.txt
26 lines (18 loc) · 1.59 KB
/
NOTES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
GENERAL
[ ] split admin and web django applications into dedicated repositories
CORE
[ ] create core containers with "--restart=always" so they are auto started on restart (https://docs.docker.com/reference/run/#restart-policies-restart)
[ ] define the Open vSwitch bridge as a regular interface (rather than through ovs-vsctl tool)
[ ] create Dockerfiles for the core containers and push them to the registry
[ ] use a process supervisor like monit/supervisord to ensure the coco_hostapi process is always running
[ ] (optional) put the coco_hostapi behind a proxy (gevent, ...). flask debug server should not be used
[ ] (optional) run django application in app container as non-root user
[ ] (optional) enable container resource limits so a container cannot eat all i.e. memory (https://docs.docker.com/reference/run/#runtime-constraints-on-resources)
[ ] outsource ServerSelectionAlgorithm to contract package
[ ] make the directory<->"mount point" mapper ContainerBackend aware (the backend should say how this mapping should be done)
IMPROVEMENTS / TODOS
[ ] define and implement an error handling concept. at least log all errors
[ ] find another way to identify users/check permissions in the nginx reverse proxy (to minimize load on the django app)
[ ] django app model validation via the in 1.8 newly introduced mechanisms (https://docs.djangoproject.com/en/1.8/ref/models/instances/#validating-objects)
[ ] define VLANs per user so his containers can communicate (but not others)
[ ] use cookie based access check in nginx to prevent high load on the django app (subrequests)