I'm using Amazon EC2. I am creating a system to allow me to do cluster computing where I can control processes on multiple compute nodes. Each compute node, which will run on one Amazon EC2 instance, will run multiple worker processes. I want each worker process to be as isolated from each other as possible, while still allowing them to share read only access to binaries that they will have in common, such as Python, R, Octave, etc.
Possible solutions I've found:
* FreeBSD Jails : (Using FreeBSD on EC2 is more expensive than Ubuntu)
* OpenVZ - linux virtualization solution that supports page sharing
* LXC - new linux containers. however, I'm not sure if it is mature enough to be secure.
I want to hire someone who can choose the right solution and set up an AMI for me. The AMI should make it possible for me to launch binaries in their own container and communicate with the binary in some way, either through TTY or through networks sockets directly. The binary should be able to fork additional processes, which should of course remain in the container. Each binary should be chrooted into its own filesystem, and only have read only access to the shared information.
Skills: amazon, linux