コンテナは友だち！ in RailsDM /container-ga-tokui-na-friends-in-railsdm

ා͘ͳ͍γεςϜϓϩάϥϛϯάGPS3BJMT%. ۙ౻Ӊஐ࿕(.01FQBCP *OD 3BJMT%FWFMPQFST.FFUVQ ίϯςφ͸༑ͩͪʂ

ΤϯδχΞ ۙ౻Ӊஐ࿕!VE[VSB ٕज़෦ٕज़ج൫νʔϜ ޷͖ͳϥʔϝϯ͸ΒʔΊΜ޻๪ཾ (.0ϖύϘॴଐ

ུྺ w&$αΠτɺιʔγϟϧήʔϜͷ։ൃͳͲΛܦͯɺ  ೥ΑΓ(.0ϖύϘٕज़ج൫νʔϜɺಉ೥෱ԬʹҠॅɻ  ޷͖ͳϥʔϝϯ͸ΒʔΊΜ޻๪ཾɺ޷͖ͳΧϨʔ͸5JLJɻ wஶॻʹʰύʔϑΣΫτ3VCZPO3BJMTʱ΄͔ɻ w3VCZ,BJHJʹࣗ࡞ίϯςφʮ)BDPOJXBʯͷ࿩͕࠾୒ɻ w3BJMT(JSMT'VLVPLBΦʔΨφΠβɺ෱Ԭ3VCZձ࣮ٞߦҕһ௕ɻ w΄͔ɺ3VCZ΍ίϯςφʹؔ͢Δ׆ಈଟ਺ɻ

࠷ۙͷ࢓ࣄͷએ఻Ͱ͢ w3VCZPO3BJMT͕࢖͑ΔϗεςΟϯάαʔϏεͷ  ΞʔΩςΫτʢࣗশʣΛ΍͍ͬͯ·͢ɻ wϑϩϯτΤϯυ͸/VYUKT &YQSFTTɺ443Ͱ͢ w಺෦"1*͸(Pͷ&DIPͰ͢ wྶΔͣ wࠓͷॴЋఏڙதɻ͓଴ͪΛ

෱Ԭ3VCZձٞ! IUUQSFHJPOBMSVCZLBJHJPSHGVLVPLB ചΓ੾Ε·ͨ͠

ؓ࿩ ٳ୊

ࠓ೔ͷΞδΣϯμ w ϓϩηεͱ͸ԿͩΖ͏ʁ w ίϯςφͱ͸ԿͩΖ͏ʁ w ΈΜͳ΋ίϯςφʹͳͬͯΈΑ͏ʁʁʁ

ϓϩηεͱ͸ʁ

'SPN෼ް͍ຊ w-*/69ϓϩάϥϛϯάΠϯλʔϑΣʔε  ΦϥΠϦʔ ͜ͷதͰ΋Ұ൪෼ް͍ຊ

ϓϩηεͱ͸ϓϩάϥϜͷ࣮ߦதͷ࢟Ͱ͢ ʮϓϩηεͱ͸ɺϓϩάϥϜͷ࣮ߦʹඞཁ ͳγεςϜϦιʔεΛׂΓ౰ͯΔͨΊɺΧʔ ωϧ͕ఆٛ͢Δந৅ΤϯςΟςΟͰ͋Δʯͱ ΋ݴ͍׵͑ΒΕ·͢ɻ ʰ-JOVYϓϩάϥϛϯάΠϯλʔϑΣʔεʱষϓϩηε

ϓϩηεͱ৮Ε߹͏ wʮϓϩάϥϜͷ࣮ߦʹඞཁͳϦιʔεʯΛ೷͍ͯΈΔ wͦΕ͕ɺ͢ͳΘͪϓϩηεଐੑͰ΋͋Δ wྫ w 1*%ɺ਌1*% w εςʔλεʢ࣮ߦՄೳɺ*0଴ͪɺʣ w ؀ڥม਺
w ϑΝΠϧσΟεΫϦϓλςʔϒϧ w 6TFS*%(SPVQ*% w ݖݶʢ,FSOFM$BQBCJMJUZʣ w ΧϨϯτσΟϨΫτϦ w ϝϞϦϚοϐϯά

TUSVDUUBTL@TUSVDU

QSPDQSPDGT wγεςϜ΍ϓϩηεͷ৘ใΛऔಘͰ͖ΔಛघϑΝΠϧγεςϜ wQSPDͷԼʹ࠷ॳ͔ΒϚ΢ϯτ͞Ε͍ͯΔ৔߹͕ଟ͍ɻ wϚ΢ϯτ͞Ε͍ͯͳ͍ͱ࢖͑ͳ͍πʔϧ΋͋ΔʢQTɺUPQͦͷଞʣ

த਎ΛݟͯΈΑ͏ wԋश ௕͘ଘࡏ͢ΔΑ͏ͳϓϩηεΛ࡞ͬͯΈΑ͏ɻ w ͦͷϓϩηεͷ1*%Λಛఆ͠Α͏ɻ w ͦͷϓϩηεʹ͍ͭͯɺҎԼͷ৘ใΛऔಘͯ͠ΈΑ͏ɻ
w ΧϨϯτσΟϨΫτϦ IJOUQSPD1*%DXE w ؀ڥม਺ IJOUQSPD1*%FOWJSPO w ϝϞϦϚοϐϯά IJOUQSPD1*%NBQT w εϨουͷ਺ IJOUQSPD1*%UBTL

ղ౴ྫ wσϞ͠·͢ w(JTUIUUQCJUMZSENDPOUBJOFST

ίϯςφͱ͸ʁ

Ծ૝ԽͷछྨʢҰྫʣ wϋΠύʔόΠβܕʢωΠςΟϒϋΠύʔόΠβʣ wઐ༻ͷ04΍ɺ-JOVY,FSOFMࣗମΛϋΠύʔόΠβͱͯ͠࢖͍ɺͦͷ ্Ͱ04Λ૸ΒͤΔ wϗετ04ܕʢϗετϋΠύʔόΠβʣ w൚༻తͳ04ͷ্ʹɺ7JSUVBM#PYͷΑ͏ͳԾ૝ԽͷͨΊͷઐ༻ιϑτ ΢ΣΞΛೖΕͯ૸ΒͤΔ wίϯςφܕˠ

ίϯςφͱ͸ wখ͞ͳಠཱͨ͠؀ڥΛɺҰͭͷ04ͷ্ʹ࡞Δٕज़ɻ wͨͩ͠ɺԾ૝Խٕज़ͷΑ͏ʹѻΘΕΔ͕ɺԿ͔ΛԾ૝తʹ࡞͍ͬͯΔ ͱ͍͏͜ͱͰ͸ͳ͍

ίϯςφ͸ ಛघͳϓϩηεͰ͋Δ

͜Ε͚֮ͩ͑ͯؼͬͯ͘Εʂʂ̍

ίϯςφͷ࣮૷ w%PDLFS(PMBOH੡ɻ,VCFSOFUFTͳͲͱ࿈ܞ͠ɺঃʑʹ׆༻γʔϯ ͕޿·͍ͬͯΔ w-9$-9%ΧʔωϧͷίϯςφϨϑΝϨϯε࣮૷తཱͪҐஔɻ  $ (PMBOH੡ w)BDPOJXBNSVCZ $ݴޠͰͰ͖ͨίϯςφɻ3VCZͷ%4-Ͱίϯ ςφΛఆٛͰ͖Δɻ(.0ϖύϘͱ͍͏ձ͕ࣾϚωʔδυΫϥ΢υͷ όοΫΤϯυʹ࠾༻͠࿩୊ʹɻ

ίϯςφ͸Ͳ͏΍ͬͯ࡞ΒΕ͍ͯΔ͔ wࠓ͋͛ͨ-JOVYίϯςφͷ࣮૷Ͱ͸ɺجຊతʹಉ͡ΧʔωϧͷػೳΛ ૊Έ߹Θͤͯɺʮখ͘͞ಠཱͨ͠؀ڥʯΛ࡞͍ͬͯΔɻ wͦͷػೳ͕ద༻͞Ε͍ͯΔ͔͍ͳ͍͔͸ɺϓϩηεͷଐੑͰ΋͋Δͷ ͰɺQSPDͷԼͳͲ͔Β֬ೝ͢Δ͜ͱ͕Ͱ͖·͢

%PDLFSͰίϯςφΛ࡞ͬͯΈΑ͏

QSPD1*%OTͷԼΛݟͯΈΑ͏

͜Ε͸ɺଞͷϓϩηεͱҧ͍ͬͯΔ wͱ͍͏͜ͱΛ֬ೝ͢Δ

͜Ε͸ɺଞͷϓϩηεͱҧ͍ͬͯΔ wͱ͍͏͜ͱΛ֬ೝ͢Δ ◀ ◀ ◀ ◀ ◀

-JOVY/BNFTQBDF

-JOVY/BNFTQBDFͱ͸ wΧʔωϧ͸ɺάϩʔόϧͰ؅ཧ͍ͯ͠ΔϦιʔε͕ͨ͘͞Μ͋Δɻ wͦ͏͍͏Ϧιʔεͷ͏ͪҰ෦͸ɺ໊લۭؒΛ੾ͬͯɺಛఆͷϓϩηε ͨͪͷͨΊʹผͷϦιʔεΛ֬อ͢Δ͜ͱ͕Ͱ͖Δ w654/BNFTQBDFϗετ໊ͳͲ w1*%/BNFTQBDFϓϩηε*% w/FUXPSL/BNFTQBDFωοτϫʔΫઃఆʢ/*$ଞʣ wͳͲͳͲɻ࠷৽ͷ-JOVYͰ͸ਓͷࣆͭͷ/BNFTQBDF

QSPD1*%OTͱ͸ wʮͦͷϓϩηε͕ॴଐ͢Δ/BNFTQBDFΛදݱ͢ΔϑΝΠϧʯΛ  ݟ͚ͭΔ͜ͱ͕Ͱ͖ΔσΟϨΫτϦ w͋Δϓϩηεͱɺผͷϓϩηε͕ҧ͏ϑΝΠϧʢJOPEF൪߸ʣΛ  ͍ࠩͯ͠Ε͹ɺͦͷϓϩηεͨͪ͸ผʑͷ໊લۭؒʹ͍ΔͶɺ  ͱ֬ೝͰ͖Δ

DHSPVQ

QSPD1*%DHSPVQͱ͍͏ϑΝΠϧ wͳʹ΍Βಛघͳจࣈྻ͕ॻ͔Ε͍ͯΔ

࣮ࡍͷσΟϨΫτϦʹରԠ͢Δ wTZTGTDHSPVQͱ͍͏ͱ͜ΖΛௐ΂Δͱ

͜Ε͕DHSPVQ wDHSPVQ͸ɺ΋ͱ΋ͱϓϩηεΛάϧʔϐϯά͢ΔͨΊͷػೳɻ wϓϩηεͷάϧʔϓຖʹɺ$16ͷར༻཰Ͱ͋ͬͨΓɺϝϞϦͰ͋ͬͨ Γɺ1*%ͷ਺Ͱ͋ͬͨΓɺͷ੍ݶΛ͔͚Δ͜ͱ͕Ͱ͖Δɻ͋Δ͍͸ɺ άϧʔϓผͷར༻ঢ়گΛ֬ೝͨ͠Γ΋Ͱ͖Δ wDHSPVQʹؔ͢Δૢ࡞͸ɺDHSPVQGTͱ͍͏ಛघϑΝΠϧγεςϜΛ ܦ༝ͯ͠Ͱ͖Δ

࣮ࡍͷ੍ݶΛ֬ೝ •docker run --pids-limit=128 -ti debian:jessie /bin/bash wͷΑ͏ͳίϚϯυͰɺϓϩηε਺ͷDHSPVQ੍ݶΛ͔͚ΒΕΔ w͜ͷγΣϧͰɺGPSLCPNC߈ܸΛͯ͠΋ɺؼͬͯ͘Δ

ͦͷଞͷػೳ wDISPPU Ͱɺಠཱͨ͠ϑΝΠϧγεςϜπϦʔʹʮೖΓࠐΉʯ wηΩϡϦςΟपΓͷػೳ੍ݶ w,FSOFM$BQBCJMJUZͰSPPUͷػೳΛߜΓࠐΉʢٯ΋વΓʣ wTFDDPNQͰɺγεςϜίʔϧ୯Ґͷݺͼग़͠ΛϑΟϧλʔ w."$ .BOEBUPSZ"DDFTT$POUSPM 4&-JOVY
"QQ"SNPS

ΈΜͳ΋ίϯςφʹ ͳͬͯΈΑ͏ʁʁʁ

͜͜·Ͱͷ·ͱΊ wίϯςφ͸ͨͩͷ ϓϩηεɻා͘ͳ͍Αʂ

ͱ͍͏͜ͱͰ wίϯςφΛܰʙ͘ϋϯυϝΠυͯ͠Έ·͠ΐ͏͔ɻ

ಠཱͨ͠SPPUʹ͸͍Δ wEFCPPUTUSBQͱݴ͏ίϚϯυͰɺ%FCJBOͷϑΝΠϧγεςϜ͚ͩΛ  ४උͰ͖Δɻ wDISPPU ͱݴ͏ίϚϯυͰɺͦͷதʹೖΔ͜ͱ͕Ͱ͖·͢ w ࣮͸%PDLFSͳ͠Ͱ΋ɺ6CVOUV౳ͷதͰ%FCJBO؀ڥΛಘΔ͜ͱ͸Ͱ͖Δ mkdir
/root/railsdm-7th debootstrap --variant=minbase \ jessie \ /root/railsdm-7th \ http://ftp.jp.debian.org/debian

/BNFTQBDFΛ෼཭͢Δ wVOTIBSFͱݴ͏ίϚϯυΛ࢖͏ͱͰ͖Δ •unshare --fork --pid --mount --uts wͷΑ͏ʹͯ͠ɺ1*%/BNFTQBDFɺ.PVOU/BNFTQBDFɺ654 /BNFTQBDFΛ෼཭Ͱ͖Δ 
ʢGPSL͸1*%/BNFTQBDFͷ࢓༷ʹΑΔ੍ݶʣ

DHSPVQͷ੍ݶΛ͔͚Δ w৽͍͠DHSPVQ͸ɺ  NLEJSͳͲͰ؆୯ʹ࡞ΕΔ wࣗ෼Λॴଐͤ͞Δʹ͸ɺUBTLTͱ͍͏ϑΝΠϧʹࣗ෼ͷ1*%Λॻ͖ࠐ Ί͹0,ɻ •echo $$ > /sys/fs/cgroup/cpu/7th-engineer/tasks

Ұ࿈ͷॲཧΛͭͳ͛Δ $ cat after-unshare.rb #!/usr/bin/env ruby container_name = ARGV[0]
raise unless container_name Dir.mkdir "/sys/fs/cgroup/cpu/#{container_name}" rescue puts("skip") File.write "/sys/fs/cgroup/cpu/#{container_name}/tasks", $$.to_s Dir.chroot "/root/#{container_name}" Dir.chdir "/" system "mount -t proc proc /proc" system "hostname #{container_name}.example.jp" exec "bash -l" ࠷ॳʹɺʮVOTIBSFޙʯͷॲཧΛ3VCZͰॻ͘

Ұ࿈ͷॲཧΛͭͳ͛Δɻ $ sudo unshare \ > --fork \ >
--pid \ > --mount \ > --uts \ > `pwd`/after-unshare.rb railsdm-7th ઌ΄ͲͷεΫϦϓτʹ࣮ߦݖݶΛ͚ͭͯVOTIBSFͷҾ਺ʹ

͜Ε͸ίϯςφʁ wγεςϜ͕%FCJBOͰ͋Δ wϓϩηε͕ಠཱ͍ͯ͠Δɺϗετ໊΋ҧ͏

ԋशͦͷ w ઌ΄Ͳͷʮࣗ࡞ίϯςφʯʹ͍ͭͯɺ  ผͷλʔϛφϧ͔ΒϗετʹೖΓɺҎԼΛ͔֬ΊͯΈΑ͏ɻ w ϗετ͔Βݟͯίϯςφ͕ʮϓϩηεʯͰ͋Δ͜ͱ w
1*%ɺ.PVOUɺ654/BNFTQBDF͕෼཭͍ͯ͠Δ͜ͱ w ίϯςφ಺Ͱ$16Λ͍͘Β࢖ͬͯ΋ɺϗετͷ$16Λ͔͠ ࢖Θͳ͘ͳΔΑ͏ɺDHSPVQΛઃఆͯ͠ΈΑ͏ɻ·ͨɺ֬ೝ͠Α͏  IJOUIUUQTBDDFTTSFEIBUDPNEPDVNFOUBUJPOKB+13FE@)BU@&OUFSQSJTF@-JOVY IUNM[email protected]@(VJEFTFDDQVIUNM

॓୊

·ͱΊ

֮͑ͱ͘͜ͱͭ w-JOVYʹ͓͍ͯ͸ɺϓϩηεʹؔ͢Δͨ͘͞Μͷ৘ใ͕QSPDͷԼʹ ͋Δ͜ͱ w-JOVYίϯςφ͸ɺΧʔωϧͷϦιʔεʮ෼཭ʯͱʮ੍ݶʯͷػೳΛ ࢖ͬͨϓϩηεͰ͋Δ͜ͱ

֮͑ͱ͘͜ͱͭ w-JOVYʹ͓͍ͯ͸ɺϓϩηεʹؔ͢Δͨ͘͞Μͷ৘ใ͕QSPDͷԼʹ ͋Δ͜ͱ w-JOVYίϯςφ͸ɺΧʔωϧͷϦιʔεʮ෼཭ʯͱʮ੍ݶʯͷػೳΛ ࢖ͬͨϓϩηεͰ͋Δ͜ͱ wͲΜͳʹ೉ͦ͠͏ͳπʔϧͰ΋ɺ୭͔͕ॻ͍ͨ΋ͷͰ͋Γɺ  ͦͯ͠044Ͱ͋ΔݶΓ͸த਎Λਂ͘஌Δ͜ͱ͕Ͱ͖Δͱ͍͏͜ͱ

ࠓ೔࿩͞ͳ͔ͬͨ͜ͱ wίϯςφؔ࿈ͷͦͷଞͷػೳͷօ͞Μ wQJWPU@SPPU w,FSOFM$BQBCJMJUZ w3FTPVSDF-JNJU SMJNJU wTFDDPNQ#1' w."$ 4&-JOVY"QQ"SNPS
΍-JOVY4FDVSJUZ.PEVMFT -4.

ѹ౗తࢀߟจݙ w ϖʔδͷຊΛಡΉલʹಡΜͰ͓͖͍ͨ wʮͳΔ΄Ͳ6OJYϓϩηεʯ wIUUQTUBUTV[JOFDPNCPPLTOBSVIPVOJY

͞ΒͳΔਂΈ w(.0ϖύϘڈ೥ͷ࠲ֶࢿྉ wIUUQTTQFBLFSEFDLDPNVE[VSBUIFTLFMUPOPGXIBMFT

ίϯςφ௿ϨΠϠͷ࢓ࣄ ෱ԬͰͷࠊΛਾٕ͑ͨज़త੒௕ ͝ڵຯ͕͋Ε͹૬ஊʹ৐Γ·͢ GPMMPX!QC@SFDSVJU ΋͘͠͸!VE[VSBʹ௚઀

コンテナは友だち！ in RailsDM /container-ga-tokui-na-friends-in-railsdm

コンテナは友だち！ in RailsDM /container-ga-tokui-na-friends-in-railsdm

More Decks by KONDO Uchio

Other Decks in Technology

Featured

Transcript