Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
コンテナは友だち! in RailsDM /container-ga-tokui-na-friends-in-railsdm
Search
KONDO Uchio
November 16, 2017
Technology
3
2.5k
コンテナは友だち! in RailsDM /container-ga-tokui-na-friends-in-railsdm
Rails Developers Meetup #7
https://techplay.jp/event/631428
KONDO Uchio
November 16, 2017
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.2k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
160
Narrative of Ruby & Rust
udzura
0
150
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.5k
Talk of RBS
udzura
0
350
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
670
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
620
Device access filtering in cgroup v2
udzura
1
710
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
630
Other Decks in Technology
See All in Technology
累計ダウンロード数1億8000万を超えるアプリケーションプラットフォームのレガシーシステム脱却とモダン化への道
kmitsuhashi
0
120
テストケースの自動生成に生成AIの導入を試みた話と生成AIによる今後の期待
shift_evolve
0
180
ギークの理想が7つ集まるエムスリーで夢を叶えよう - エムスリー株式会社
m3_engineering
1
260
20240724_cm_odyssey_hibiyatech
hiashisan
0
110
CEL(Common Expression Language)で書いた条件にマッチしたIAM Policyを見つける / iam-policy-finder
fujiwara3
0
710
【基調講演】変える、今ここから ― IoTとAIで紡ぐ未来
soracom
PRO
0
310
セキュリティ研修 Day1【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
150
技術負債による事業の失敗はなぜ起こるのか / Why do business failures due to technical debt occur?
i35_267
0
190
Scaling Technical Excellence at 104: Evolution in AWS and Developer Empowerment
scotthsieh825
1
150
エンジニア向け会社紹介資料
caddi_eng
14
220k
OSSコミットしてZennの課題を解決した話
dyoshikawa1993
0
150
Luupの開発組織におけるインシデントマネジメントの変遷 ver.RoadtoSRENEXT2024
grimoh
1
270
Featured
See All Featured
Leading Effective Engineering Teams 2024
addyosmani
3
300
The World Runs on Bad Software
bkeepers
PRO
63
11k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
26
1.8k
It's Worth the Effort
3n
181
27k
Happy Clients
brianwarren
94
6.5k
Pencils Down: Stop Designing & Start Developing
hursman
118
11k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.3k
How to name files
jennybc
67
96k
Code Reviewing Like a Champion
maltzj
517
39k
Creatively Recalculating Your Daily Design Routine
revolveconf
214
11k
Designing Experiences People Love
moore
136
23k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
129
32k
Transcript
ා͘ͳ͍γεςϜϓϩάϥϛϯάGPS3BJMT%. ۙ౻Ӊஐ࿕(.01FQBCP *OD 3BJMT%FWFMPQFST.FFUVQ ίϯςφ༑ͩͪʂ
ΤϯδχΞ ۙ౻Ӊஐ࿕!VE[VSB ٕज़෦ٕज़ج൫νʔϜ ͖ͳϥʔϝϯΒʔΊΜཾ (.0ϖύϘॴଐ
ུྺ w&$αΠτɺιʔγϟϧήʔϜͷ։ൃͳͲΛܦͯɺ ΑΓ(.0ϖύϘٕज़ج൫νʔϜɺಉԬʹҠॅɻ ͖ͳϥʔϝϯΒʔΊΜཾɺ͖ͳΧϨʔ5JLJɻ wஶॻʹʰύʔϑΣΫτ3VCZPO3BJMTʱ΄͔ɻ w3VCZ,BJHJʹࣗ࡞ίϯςφʮ)BDPOJXBʯͷ͕࠾ɻ w3BJMT(JSMT'VLVPLBΦʔΨφΠβɺԬ3VCZձ࣮ٞߦҕһɻ w΄͔ɺ3VCZίϯςφʹؔ͢Δ׆ಈଟɻ
࠷ۙͷࣄͷએͰ͢ w3VCZPO3BJMT͕͑ΔϗεςΟϯάαʔϏεͷ ΞʔΩςΫτʢࣗশʣΛ͍ͬͯ·͢ɻ wϑϩϯτΤϯυ/VYUKT &YQSFTTɺ443Ͱ͢ w෦"1*(Pͷ&DIPͰ͢ wྶΔͣ wࠓͷॴЋఏڙதɻ͓ͪΛ
Ԭ3VCZձٞ! IUUQSFHJPOBMSVCZLBJHJPSHGVLVPLB ചΓΕ·ͨ͠
ؓ ٳ
ࠓͷΞδΣϯμ w ϓϩηεͱԿͩΖ͏ʁ w ίϯςφͱԿͩΖ͏ʁ w ΈΜͳίϯςφʹͳͬͯΈΑ͏ʁʁʁ
ϓϩηεͱʁ
'SPNް͍ຊ w-*/69ϓϩάϥϛϯάΠϯλʔϑΣʔε ΦϥΠϦʔ ͜ͷதͰҰ൪ް͍ຊ
ϓϩηεͱϓϩάϥϜͷ࣮ߦதͷ࢟Ͱ͢ ʮϓϩηεͱɺϓϩάϥϜͷ࣮ߦʹඞཁ ͳγεςϜϦιʔεΛׂΓͯΔͨΊɺΧʔ ωϧ͕ఆٛ͢ΔநΤϯςΟςΟͰ͋Δʯͱ ݴ͍͑ΒΕ·͢ɻ ʰ-JOVYϓϩάϥϛϯάΠϯλʔϑΣʔεʱষϓϩηε
ϓϩηεͱ৮Ε߹͏ wʮϓϩάϥϜͷ࣮ߦʹඞཁͳϦιʔεʯΛ͍ͯΈΔ wͦΕ͕ɺ͢ͳΘͪϓϩηεଐੑͰ͋Δ wྫ w 1*%ɺ1*% w εςʔλεʢ࣮ߦՄೳɺ*0ͪɺʣ w ڥม
w ϑΝΠϧσΟεΫϦϓλςʔϒϧ w 6TFS*%(SPVQ*% w ݖݶʢ,FSOFM$BQBCJMJUZʣ w ΧϨϯτσΟϨΫτϦ w ϝϞϦϚοϐϯά
TUSVDUUBTL@TUSVDU
QSPDQSPDGT wγεςϜϓϩηεͷใΛऔಘͰ͖ΔಛघϑΝΠϧγεςϜ wQSPDͷԼʹ࠷ॳ͔ΒϚϯτ͞Ε͍ͯΔ߹͕ଟ͍ɻ wϚϯτ͞Ε͍ͯͳ͍ͱ͑ͳ͍πʔϧ͋ΔʢQTɺUPQͦͷଞʣ
தΛݟͯΈΑ͏ wԋश ͘ଘࡏ͢ΔΑ͏ͳϓϩηεΛ࡞ͬͯΈΑ͏ɻ w ͦͷϓϩηεͷ1*%Λಛఆ͠Α͏ɻ w ͦͷϓϩηεʹ͍ͭͯɺҎԼͷใΛऔಘͯ͠ΈΑ͏ɻ
w ΧϨϯτσΟϨΫτϦ IJOUQSPD1*%DXE w ڥม IJOUQSPD1*%FOWJSPO w ϝϞϦϚοϐϯά IJOUQSPD1*%NBQT w εϨουͷ IJOUQSPD1*%UBTL
ղྫ wσϞ͠·͢ w(JTUIUUQCJUMZSENDPOUBJOFST
ίϯςφͱʁ
ԾԽͷछྨʢҰྫʣ wϋΠύʔόΠβܕʢωΠςΟϒϋΠύʔόΠβʣ wઐ༻ͷ04ɺ-JOVY,FSOFMࣗମΛϋΠύʔόΠβͱ͍ͯ͠ɺͦͷ ্Ͱ04ΛΒͤΔ wϗετ04ܕʢϗετϋΠύʔόΠβʣ w൚༻తͳ04ͷ্ʹɺ7JSUVBM#PYͷΑ͏ͳԾԽͷͨΊͷઐ༻ιϑτ ΣΞΛೖΕͯΒͤΔ wίϯςφܕˠ
ίϯςφͱ wখ͞ͳಠཱͨ͠ڥΛɺҰͭͷ04ͷ্ʹ࡞Δٕज़ɻ wͨͩ͠ɺԾԽٕज़ͷΑ͏ʹѻΘΕΔ͕ɺԿ͔ΛԾతʹ࡞͍ͬͯΔ ͱ͍͏͜ͱͰͳ͍
ίϯςφ ಛघͳϓϩηεͰ͋Δ
͜Ε͚֮ͩ͑ͯؼͬͯ͘Εʂʂ̍
ίϯςφͷ࣮ w%PDLFS(PMBOHɻ,VCFSOFUFTͳͲͱ࿈ܞ͠ɺঃʑʹ׆༻γʔϯ ͕·͍ͬͯΔ w-9$-9%ΧʔωϧͷίϯςφϨϑΝϨϯε࣮తཱͪҐஔɻ $ (PMBOH w)BDPOJXBNSVCZ $ݴޠͰͰ͖ͨίϯςφɻ3VCZͷ%4-Ͱίϯ ςφΛఆٛͰ͖Δɻ(.0ϖύϘͱ͍͏ձ͕ࣾϚωʔδυΫϥυͷ όοΫΤϯυʹ࠾༻͠ʹɻ
ίϯςφͲ͏ͬͯ࡞ΒΕ͍ͯΔ͔ wࠓ͋͛ͨ-JOVYίϯςφͷ࣮Ͱɺجຊతʹಉ͡ΧʔωϧͷػೳΛ Έ߹Θͤͯɺʮখ͘͞ಠཱͨ͠ڥʯΛ࡞͍ͬͯΔɻ wͦͷػೳ͕ద༻͞Ε͍ͯΔ͔͍ͳ͍͔ɺϓϩηεͷଐੑͰ͋Δͷ ͰɺQSPDͷԼͳͲ͔Β֬ೝ͢Δ͜ͱ͕Ͱ͖·͢
%PDLFSͰίϯςφΛ࡞ͬͯΈΑ͏
QSPD1*%OTͷԼΛݟͯΈΑ͏
͜Εɺଞͷϓϩηεͱҧ͍ͬͯΔ wͱ͍͏͜ͱΛ֬ೝ͢Δ
͜Εɺଞͷϓϩηεͱҧ͍ͬͯΔ wͱ͍͏͜ͱΛ֬ೝ͢Δ ◀ ◀ ◀ ◀ ◀
-JOVY/BNFTQBDF
-JOVY/BNFTQBDFͱ wΧʔωϧɺάϩʔόϧͰཧ͍ͯ͠ΔϦιʔε͕ͨ͘͞Μ͋Δɻ wͦ͏͍͏Ϧιʔεͷ͏ͪҰ෦ɺ໊લۭؒΛͬͯɺಛఆͷϓϩηε ͨͪͷͨΊʹผͷϦιʔεΛ֬อ͢Δ͜ͱ͕Ͱ͖Δ w654/BNFTQBDFϗετ໊ͳͲ w1*%/BNFTQBDFϓϩηε*% w/FUXPSL/BNFTQBDFωοτϫʔΫઃఆʢ/*$ଞʣ wͳͲͳͲɻ࠷৽ͷ-JOVYͰਓͷࣆͭͷ/BNFTQBDF
QSPD1*%OTͱ wʮͦͷϓϩηε͕ॴଐ͢Δ/BNFTQBDFΛදݱ͢ΔϑΝΠϧʯΛ ݟ͚ͭΔ͜ͱ͕Ͱ͖ΔσΟϨΫτϦ w͋Δϓϩηεͱɺผͷϓϩηε͕ҧ͏ϑΝΠϧʢJOPEF൪߸ʣΛ ͍ࠩͯ͠Εɺͦͷϓϩηεͨͪผʑͷ໊લۭؒʹ͍ΔͶɺ ͱ֬ೝͰ͖Δ
DHSPVQ
QSPD1*%DHSPVQͱ͍͏ϑΝΠϧ wͳʹΒಛघͳจࣈྻ͕ॻ͔Ε͍ͯΔ
࣮ࡍͷσΟϨΫτϦʹରԠ͢Δ wTZTGTDHSPVQͱ͍͏ͱ͜ΖΛௐΔͱ
͜Ε͕DHSPVQ wDHSPVQɺͱͱϓϩηεΛάϧʔϐϯά͢ΔͨΊͷػೳɻ wϓϩηεͷάϧʔϓຖʹɺ$16ͷར༻Ͱ͋ͬͨΓɺϝϞϦͰ͋ͬͨ Γɺ1*%ͷͰ͋ͬͨΓɺͷ੍ݶΛ͔͚Δ͜ͱ͕Ͱ͖Δɻ͋Δ͍ɺ άϧʔϓผͷར༻ঢ়گΛ֬ೝͨ͠ΓͰ͖Δ wDHSPVQʹؔ͢Δૢ࡞ɺDHSPVQGTͱ͍͏ಛघϑΝΠϧγεςϜΛ ܦ༝ͯ͠Ͱ͖Δ
࣮ࡍͷ੍ݶΛ֬ೝ •docker run --pids-limit=128 -ti debian:jessie /bin/bash wͷΑ͏ͳίϚϯυͰɺϓϩηεͷDHSPVQ੍ݶΛ͔͚ΒΕΔ w͜ͷγΣϧͰɺGPSLCPNC߈ܸΛͯ͠ɺؼͬͯ͘Δ
None
ͦͷଞͷػೳ wDISPPU Ͱɺಠཱͨ͠ϑΝΠϧγεςϜπϦʔʹʮೖΓࠐΉʯ wηΩϡϦςΟपΓͷػೳ੍ݶ w,FSOFM$BQBCJMJUZͰSPPUͷػೳΛߜΓࠐΉʢٯવΓʣ wTFDDPNQͰɺγεςϜίʔϧ୯Ґͷݺͼग़͠ΛϑΟϧλʔ w."$ .BOEBUPSZ"DDFTT$POUSPM 4&-JOVY
"QQ"SNPS
ΈΜͳίϯςφʹ ͳͬͯΈΑ͏ʁʁʁ
͜͜·Ͱͷ·ͱΊ wίϯςφͨͩͷ ϓϩηεɻා͘ͳ͍Αʂ
ͱ͍͏͜ͱͰ wίϯςφΛܰʙ͘ϋϯυϝΠυͯ͠Έ·͠ΐ͏͔ɻ
ಠཱͨ͠SPPUʹ͍Δ wEFCPPUTUSBQͱݴ͏ίϚϯυͰɺ%FCJBOͷϑΝΠϧγεςϜ͚ͩΛ ४උͰ͖Δɻ wDISPPU ͱݴ͏ίϚϯυͰɺͦͷதʹೖΔ͜ͱ͕Ͱ͖·͢ w ࣮%PDLFSͳ͠Ͱɺ6CVOUVͷதͰ%FCJBOڥΛಘΔ͜ͱͰ͖Δ mkdir
/root/railsdm-7th debootstrap --variant=minbase \ jessie \ /root/railsdm-7th \ http://ftp.jp.debian.org/debian
None
/BNFTQBDFΛ͢Δ wVOTIBSFͱݴ͏ίϚϯυΛ͏ͱͰ͖Δ •unshare --fork --pid --mount --uts wͷΑ͏ʹͯ͠ɺ1*%/BNFTQBDFɺ.PVOU/BNFTQBDFɺ654 /BNFTQBDFΛͰ͖Δ
ʢGPSL1*%/BNFTQBDFͷ༷ʹΑΔ੍ݶʣ
DHSPVQͷ੍ݶΛ͔͚Δ w৽͍͠DHSPVQɺ NLEJSͳͲͰ؆୯ʹ࡞ΕΔ wࣗΛॴଐͤ͞ΔʹɺUBTLTͱ͍͏ϑΝΠϧʹࣗͷ1*%Λॻ͖ࠐ Ί0,ɻ •echo $$ > /sys/fs/cgroup/cpu/7th-engineer/tasks
Ұ࿈ͷॲཧΛͭͳ͛Δ $ cat after-unshare.rb #!/usr/bin/env ruby container_name = ARGV[0]
raise unless container_name Dir.mkdir "/sys/fs/cgroup/cpu/#{container_name}" rescue puts("skip") File.write "/sys/fs/cgroup/cpu/#{container_name}/tasks", $$.to_s Dir.chroot "/root/#{container_name}" Dir.chdir "/" system "mount -t proc proc /proc" system "hostname #{container_name}.example.jp" exec "bash -l" ࠷ॳʹɺʮVOTIBSFޙʯͷॲཧΛ3VCZͰॻ͘
Ұ࿈ͷॲཧΛͭͳ͛Δɻ $ sudo unshare \ > --fork \ >
--pid \ > --mount \ > --uts \ > `pwd`/after-unshare.rb railsdm-7th ઌ΄ͲͷεΫϦϓτʹ࣮ߦݖݶΛ͚ͭͯVOTIBSFͷҾʹ
͜Είϯςφʁ wγεςϜ͕%FCJBOͰ͋Δ wϓϩηε͕ಠཱ͍ͯ͠Δɺϗετ໊ҧ͏
ԋशͦͷ w ઌ΄Ͳͷʮࣗ࡞ίϯςφʯʹ͍ͭͯɺ ผͷλʔϛφϧ͔ΒϗετʹೖΓɺҎԼΛ͔֬ΊͯΈΑ͏ɻ w ϗετ͔Βݟͯίϯςφ͕ʮϓϩηεʯͰ͋Δ͜ͱ w
1*%ɺ.PVOUɺ654/BNFTQBDF͕͍ͯ͠Δ͜ͱ w ίϯςφͰ$16Λ͍͘Βͬͯɺϗετͷ$16Λ͔͠ Θͳ͘ͳΔΑ͏ɺDHSPVQΛઃఆͯ͠ΈΑ͏ɻ·ͨɺ֬ೝ͠Α͏ IJOUIUUQTBDDFTTSFEIBUDPNEPDVNFOUBUJPOKB+13FE@)BU@&OUFSQSJTF@-JOVY IUNM
[email protected]
@(VJEFTFDDQVIUNM
॓
·ͱΊ
֮͑ͱ͘͜ͱͭ w-JOVYʹ͓͍ͯɺϓϩηεʹؔ͢Δͨ͘͞Μͷใ͕QSPDͷԼʹ ͋Δ͜ͱ w-JOVYίϯςφɺΧʔωϧͷϦιʔεʮʯͱʮ੍ݶʯͷػೳΛ ͬͨϓϩηεͰ͋Δ͜ͱ
֮͑ͱ͘͜ͱͭ w-JOVYʹ͓͍ͯɺϓϩηεʹؔ͢Δͨ͘͞Μͷใ͕QSPDͷԼʹ ͋Δ͜ͱ w-JOVYίϯςφɺΧʔωϧͷϦιʔεʮʯͱʮ੍ݶʯͷػೳΛ ͬͨϓϩηεͰ͋Δ͜ͱ wͲΜͳʹͦ͠͏ͳπʔϧͰɺ୭͔͕ॻ͍ͨͷͰ͋Γɺ ͦͯ͠044Ͱ͋ΔݶΓதΛਂ͘Δ͜ͱ͕Ͱ͖Δͱ͍͏͜ͱ
ࠓ͞ͳ͔ͬͨ͜ͱ wίϯςφؔ࿈ͷͦͷଞͷػೳͷօ͞Μ wQJWPU@SPPU w,FSOFM$BQBCJMJUZ w3FTPVSDF-JNJU SMJNJU wTFDDPNQ#1' w."$ 4&-JOVY"QQ"SNPS
-JOVY4FDVSJUZ.PEVMFT -4.
ѹతࢀߟจݙ w ϖʔδͷຊΛಡΉલʹಡΜͰ͓͖͍ͨ wʮͳΔ΄Ͳ6OJYϓϩηεʯ wIUUQTUBUTV[JOFDPNCPPLTOBSVIPVOJY
͞ΒͳΔਂΈ w(.0ϖύϘڈͷ࠲ֶࢿྉ wIUUQTTQFBLFSEFDLDPNVE[VSBUIFTLFMUPOPGXIBMFT
13
ίϯςφϨΠϠͷࣄ ԬͰͷࠊΛਾٕ͑ͨज़త ͝ڵຯ͕͋Ε૬ஊʹΓ·͢ GPMMPX!QC@SFDSVJU ͘͠!VE[VSBʹ