Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ドはDockerのド

tondol
June 24, 2015

 ドはDockerのド

tondol.comをDocker運用化したときの知見

tondol

June 24, 2015
Tweet

More Decks by tondol

Other Decks in Programming

Transcript

  1. Dockerӡ༻Խͷର৅ •  ΢ΣϒΞϓϦ – www.tondol.com : ͱΜͲΔͲͬͱ͜Ή – tmp.tondol.com : koeradi, SOretter౳

    – anime.tondol.com : NicoAnime – kako.tondol.com : NicoKako – oretter.tondol.com : Oretter •  ͦͷଞTwitter BOTͳͲ
  2. ϨΨγʔ؀ڥͷҰྫ •  ίϚϯυ͸ඞཁʹͳͬͨΒyumͰೖΕΔ –  ͨ·ʹιʔε͔ΒϏϧυ͢Δ •  ๨Εͦ͏ͳઃఆ͸ؾ͕޲͍ͨΒϒϩάʹϝϞ –  ΋ͪΖΜυΩϡϝϯτԽ͞Ε͍ͯͳ͍ઃఆ΋͋Δ • 

    εΫϦϓτͱઃఆϑΝΠϧ͕͍ࠞͬͯ͟Δ •  ӬଓԽσʔλ͕εΫϦϓτͱಉ͡σΟϨΫτϦʹ͋Δ •  ϝʔϧαʔόʔͷઃఆํ๏ͱ͔΋͏๨Εͨ •  ঢ়ଶ͕มԽ͢Δʹϛϡʔλϒϧ •  ࠓͷঢ়ଶʹ͢ΔͨΊͷϨγϐ͕ࣦΘΕ͍ͯΔ •  ෆඞཁͳίϚϯυ΍ϥΠϒϥϦ͕ͨ͘͞Μ͋Δ
  3. ಋೖલ VPS (CentOS) Apache mod_php tmp. www. oretter. anime. kako.

    Ruby MySQL Crond ఆظతʹRuby εΫϦϓτΛୟ͘ VirtualHostઃఆ
  4. ίϯςφಉ࢜ͷґଘ base data-kako data-anime data-tmp data-mysql nginx www tmp oretter

    anime kako mysql postfix ੺ɿΞϓϦίϯςφʗਫ৭ɿσʔλίϯςφ ੺໼ҹɿProxyઌ΁ͷࢀর ࠠ໼ҹɿσʔλίϯςφ΁ͷࢀর
  5. DockerίϚϯυ docker pull centos:centos6 docker build nginx docker run -d

    --name nginx1 nginx docker ps docker stop docker images docker rm/rmi docker push DockerHub্ͷެࣜΠϝʔδ Dockerfileͷ৔ॴΛࢦఆ ίϯςφ໊ʗΠϝʔδΛࢦఆ
  6. ࣮૷ৄࡉ 2. baseΠϝʔδΛ࡞੒͢Δ ֤ίϯςφʹඞཁͳॲཧܥͳͲΛΠϯετʔϧͨ͠ ϕʔεΠϝʔδΛ༻ҙ͠ɺଞίϯςφͷϏϧυΛߴ଎Խ FROM  centos:centos6   MAINTAINER  tondol

      ...   RUN  rpm  -­‐Uvh  http://dl.fedoraproject.org/pub/epel/6/i386/epel-­‐ release-­‐6-­‐8.noarch.rpm   RUN  rpm  -­‐Uvh  http://rpms.famillecollet.com/enterprise/remi-­‐release-­‐6.rpm   RUN  yum  -­‐y  install  initscripts  sudo  passwd   RUN  yum  -­‐y  install  openssh  openssh-­‐clients  openssh-­‐server   RUN  yum  -­‐y  install  python-­‐setuptools  vim  wget   ...   #  ruby   RUN  yum  -­‐y  groupinstall  'Development  tools'   ...   RUN  git  clone  https://github.com/sstephenson/ruby-­‐build.git  &&  \      ruby-­‐build/install.sh  &&  ruby-­‐build  2.1.5  /usr/local  &&  \      gem  update  -­‐-­‐system  &&  gem  install  bundler  pry  -­‐-­‐no-­‐document   ...
  7. ࣮૷ৄࡉ 3. MySQL༻ɾσʔλ༻ίϯςφΛ࡞੒͢Δ MySQL༻ίϯςφ σʔλ༻ίϯςφ FROM  tondol/base:latest   MAINTAINER  tondol

      #  supervisor   ADD  supervisord.conf  /etc/supervisord/conf.d/service.conf   #  mysql   RUN  echo  "NETWORKING=yes"  >  /etc/sysconfig/network   RUN  mv  /etc/my.cnf  /etc/my.cnf.orig   ADD  my.cnf  /etc/my.cnf   ADD  mysqld.sh  /home/tondol/mysqld.sh   RUN  chmod  +x  /home/tondol/mysqld.sh   EXPOSE  2222  3306   CMD  ["/usr/bin/supervisord"] FROM  busybox   VOLUME  /opt   CMD  /bin/true
  8. ࣮૷ৄࡉ 4. ΞϓϦվम / 5. ΞϓϦͷίϯςφ࡞੒ Dockerfile FROM  tondol/base:latest  

    MAINTAINER  tondol   ...   #  nicokako   ADD  dummy  /tmp/dummy   RUN  git  clone  https://github.com/tondol/NicoKako.git  /home/tondol/www  &&  \      cd  /home/tondol/www  &&  git  submodule  update  -­‐-­‐init  &&  \      cd  /home/tondol/www/ruby  &&  bundle  install   ADD  nicokako-­‐config.yml  /home/tondol/www/config.yml   ADD  .htpasswd  /home/tondol/www/.htpasswd   RUN  chmod  o+x  /home/tondol  &&  \      chown  -­‐R  tondol:tondol  /home/tondol/www  &&  \      chmod  o+w  /home/tondol/www/config.yml   ...
  9. ࣮૷ৄࡉ 4. ΞϓϦվम / 5. ΞϓϦͷίϯςφ࡞੒ Supervisord.conf [supervisord]   nodaemon=true

        [program:sshd]   command=/usr/sbin/sshd  -­‐D   autostart=true   autorestart=true     [program:nginx]   command=/usr/sbin/nginx  -­‐c  /etc/nginx/nginx.conf  -­‐g  "daemon  off;"   autostart=true   #autorestart=true     [program:php-­‐fpm]   command=/home/tondol/php-­‐fpm.sh   autostart=true   #autorestart=true     ...
  10. ࣮૷ৄࡉ 6. ϑϩϯτ༻ίϯςφΛ࡞Δ nginx.conf server  {        

     listen              80;          server_name    oretter.tondol.com;          return  301  https://$host$request_uri;          #location  /  {          #        proxy_pass  http://__ORETTER_HOST__:__ORETTER_PORT__/;          #}   }   server  {          listen              443;          server_name    oretter.tondol.com;          ssl  on;          ssl_certificate  /etc/pki/tls/certs/oretter.tondol.com.server.crt;          ssl_certificate_key  /etc/pki/tls/certs/oretter.tondol.com.server.key;          proxy_set_header  Host  $http_host;          proxy_set_header  X-­‐Forwarded-­‐For  $proxy_add_x_forwarded_for;          location  /  {                  proxy_pass  http://__ORETTER_HOST__:__ORETTER_PORT__/;          }   }
  11. ࣮૷ৄࡉ 7. docker-composeΛಋೖ docker-compose.yml mysql:      build:  mysql  

       volumes_from:          -­‐  datamysql      ports:          -­‐  12222:2222          -­‐  13306:3306      environment:          MYSQL_USER:  docker          MYSQL_PASSWORD:  xxxx   nginxkako:      build:  nginx-­‐kako      volumes_from:          -­‐  datakako      ports:          -­‐  12272:2222          -­‐  10110:80          -­‐  10473:443      links:          -­‐  mysql:mysql      environment:          MYSQL_USER:  docker          MYSQL_PASSWORD:  xxxx
  12. ิ଍ •  DockerfileԽ –  ຊདྷతʹ1ϓϩηεʗ1ίϯςφ –  Supervisorͱ͍͏πʔϧͰϚϧνϓϩηεԽ –  ઃఆϑΝΠϧ͸ADDσΟϨΫςΟϒͰίϐʔ • 

    docker-compose.ymlͷهड़ –  αʔϏε໊ͱର৅ΠϝʔδͷରԠ –  ىಈ࣌ͷΦϓγϣϯ •  σʔλϘϦϡʔϜ •  ϙʔτͷରԠ •  ίϯςφؒͷϦϯΫ •  ؀ڥม਺
  13. ՝୊ •  Ϗϧυʹֻ͔Δ࣌ؒ – base͔ΒϏϧυ͠௚͢ͱΊͬͪΌֻ͔࣌ؒΔ •  σϓϩΠ࣌ͷμ΢ϯλΠϜ – build -> stop ->

    restartͷؒʹμ΢ϯ͢Δ – Blue Green Deployment͢Δʹ͸ʁ •  ίϯςφ಺ͷϩάΛू໿͢Δʹ͸ʁ •  ࢮ׆؂ࢹ