Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
コンテナは友だち! in RailsDM /container-ga-tokui-na-fri...
Search
KONDO Uchio
November 16, 2017
Technology
3
2.7k
コンテナは友だち! in RailsDM /container-ga-tokui-na-friends-in-railsdm
Rails Developers Meetup #7
https://techplay.jp/event/631428
KONDO Uchio
November 16, 2017
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.3k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
220
Narrative of Ruby & Rust
udzura
0
190
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.6k
Talk of RBS
udzura
0
410
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
740
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
700
Device access filtering in cgroup v2
udzura
1
820
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
770
Other Decks in Technology
See All in Technology
役員・マネージャー・著者・エンジニアそれぞれの立場から見たAWS認定資格
nrinetcom
PRO
3
5.9k
実は強い 非ViTな画像認識モデル
tattaka
2
1.2k
ESXi で仮想化した ARM 環境で LLM を動作させてみるぞ
unnowataru
0
170
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
350
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
190
Snowflakeの開発・運用コストをApache Icebergで効率化しよう!~機能と活用例のご紹介~
sagara
1
430
OPENLOGI Company Profile for engineer
hr01
1
20k
Exadata Database Service on Cloud@Customer セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
2
1.5k
(機械学習システムでも) SLO から始める信頼性構築 - ゆる SRE#9 2025/02/21
daigo0927
0
260
1行のコードから社会課題の解決へ: EMの探究、事業・技術・組織を紡ぐ実践知 / EM Conf 2025
9ma3r
11
3.7k
Visualize, Visualize, Visualize and rclone
tomoaki0705
9
82k
手を動かしてレベルアップしよう!
maruto
0
200
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
Visualization
eitanlees
146
15k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
10
1.3k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
250
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Transcript
ා͘ͳ͍γεςϜϓϩάϥϛϯάGPS3BJMT%. ۙ౻Ӊஐ࿕(.01FQBCP *OD 3BJMT%FWFMPQFST.FFUVQ ίϯςφ༑ͩͪʂ
ΤϯδχΞ ۙ౻Ӊஐ࿕!VE[VSB ٕज़෦ٕज़ج൫νʔϜ ͖ͳϥʔϝϯΒʔΊΜཾ (.0ϖύϘॴଐ
ུྺ w&$αΠτɺιʔγϟϧήʔϜͷ։ൃͳͲΛܦͯɺ ΑΓ(.0ϖύϘٕज़ج൫νʔϜɺಉԬʹҠॅɻ ͖ͳϥʔϝϯΒʔΊΜཾɺ͖ͳΧϨʔ5JLJɻ wஶॻʹʰύʔϑΣΫτ3VCZPO3BJMTʱ΄͔ɻ w3VCZ,BJHJʹࣗ࡞ίϯςφʮ)BDPOJXBʯͷ͕࠾ɻ w3BJMT(JSMT'VLVPLBΦʔΨφΠβɺԬ3VCZձ࣮ٞߦҕһɻ w΄͔ɺ3VCZίϯςφʹؔ͢Δ׆ಈଟɻ
࠷ۙͷࣄͷએͰ͢ w3VCZPO3BJMT͕͑ΔϗεςΟϯάαʔϏεͷ ΞʔΩςΫτʢࣗশʣΛ͍ͬͯ·͢ɻ wϑϩϯτΤϯυ/VYUKT &YQSFTTɺ443Ͱ͢ w෦"1*(Pͷ&DIPͰ͢ wྶΔͣ wࠓͷॴЋఏڙதɻ͓ͪΛ
Ԭ3VCZձٞ! IUUQSFHJPOBMSVCZLBJHJPSHGVLVPLB ചΓΕ·ͨ͠
ؓ ٳ
ࠓͷΞδΣϯμ w ϓϩηεͱԿͩΖ͏ʁ w ίϯςφͱԿͩΖ͏ʁ w ΈΜͳίϯςφʹͳͬͯΈΑ͏ʁʁʁ
ϓϩηεͱʁ
'SPNް͍ຊ w-*/69ϓϩάϥϛϯάΠϯλʔϑΣʔε ΦϥΠϦʔ ͜ͷதͰҰ൪ް͍ຊ
ϓϩηεͱϓϩάϥϜͷ࣮ߦதͷ࢟Ͱ͢ ʮϓϩηεͱɺϓϩάϥϜͷ࣮ߦʹඞཁ ͳγεςϜϦιʔεΛׂΓͯΔͨΊɺΧʔ ωϧ͕ఆٛ͢ΔநΤϯςΟςΟͰ͋Δʯͱ ݴ͍͑ΒΕ·͢ɻ ʰ-JOVYϓϩάϥϛϯάΠϯλʔϑΣʔεʱষϓϩηε
ϓϩηεͱ৮Ε߹͏ wʮϓϩάϥϜͷ࣮ߦʹඞཁͳϦιʔεʯΛ͍ͯΈΔ wͦΕ͕ɺ͢ͳΘͪϓϩηεଐੑͰ͋Δ wྫ w 1*%ɺ1*% w εςʔλεʢ࣮ߦՄೳɺ*0ͪɺʣ w ڥม
w ϑΝΠϧσΟεΫϦϓλςʔϒϧ w 6TFS*%(SPVQ*% w ݖݶʢ,FSOFM$BQBCJMJUZʣ w ΧϨϯτσΟϨΫτϦ w ϝϞϦϚοϐϯά
TUSVDUUBTL@TUSVDU
QSPDQSPDGT wγεςϜϓϩηεͷใΛऔಘͰ͖ΔಛघϑΝΠϧγεςϜ wQSPDͷԼʹ࠷ॳ͔ΒϚϯτ͞Ε͍ͯΔ߹͕ଟ͍ɻ wϚϯτ͞Ε͍ͯͳ͍ͱ͑ͳ͍πʔϧ͋ΔʢQTɺUPQͦͷଞʣ
தΛݟͯΈΑ͏ wԋश ͘ଘࡏ͢ΔΑ͏ͳϓϩηεΛ࡞ͬͯΈΑ͏ɻ w ͦͷϓϩηεͷ1*%Λಛఆ͠Α͏ɻ w ͦͷϓϩηεʹ͍ͭͯɺҎԼͷใΛऔಘͯ͠ΈΑ͏ɻ
w ΧϨϯτσΟϨΫτϦ IJOUQSPD1*%DXE w ڥม IJOUQSPD1*%FOWJSPO w ϝϞϦϚοϐϯά IJOUQSPD1*%NBQT w εϨουͷ IJOUQSPD1*%UBTL
ղྫ wσϞ͠·͢ w(JTUIUUQCJUMZSENDPOUBJOFST
ίϯςφͱʁ
ԾԽͷछྨʢҰྫʣ wϋΠύʔόΠβܕʢωΠςΟϒϋΠύʔόΠβʣ wઐ༻ͷ04ɺ-JOVY,FSOFMࣗମΛϋΠύʔόΠβͱ͍ͯ͠ɺͦͷ ্Ͱ04ΛΒͤΔ wϗετ04ܕʢϗετϋΠύʔόΠβʣ w൚༻తͳ04ͷ্ʹɺ7JSUVBM#PYͷΑ͏ͳԾԽͷͨΊͷઐ༻ιϑτ ΣΞΛೖΕͯΒͤΔ wίϯςφܕˠ
ίϯςφͱ wখ͞ͳಠཱͨ͠ڥΛɺҰͭͷ04ͷ্ʹ࡞Δٕज़ɻ wͨͩ͠ɺԾԽٕज़ͷΑ͏ʹѻΘΕΔ͕ɺԿ͔ΛԾతʹ࡞͍ͬͯΔ ͱ͍͏͜ͱͰͳ͍
ίϯςφ ಛघͳϓϩηεͰ͋Δ
͜Ε͚֮ͩ͑ͯؼͬͯ͘Εʂʂ̍
ίϯςφͷ࣮ w%PDLFS(PMBOHɻ,VCFSOFUFTͳͲͱ࿈ܞ͠ɺঃʑʹ׆༻γʔϯ ͕·͍ͬͯΔ w-9$-9%ΧʔωϧͷίϯςφϨϑΝϨϯε࣮తཱͪҐஔɻ $ (PMBOH w)BDPOJXBNSVCZ $ݴޠͰͰ͖ͨίϯςφɻ3VCZͷ%4-Ͱίϯ ςφΛఆٛͰ͖Δɻ(.0ϖύϘͱ͍͏ձ͕ࣾϚωʔδυΫϥυͷ όοΫΤϯυʹ࠾༻͠ʹɻ
ίϯςφͲ͏ͬͯ࡞ΒΕ͍ͯΔ͔ wࠓ͋͛ͨ-JOVYίϯςφͷ࣮Ͱɺجຊతʹಉ͡ΧʔωϧͷػೳΛ Έ߹Θͤͯɺʮখ͘͞ಠཱͨ͠ڥʯΛ࡞͍ͬͯΔɻ wͦͷػೳ͕ద༻͞Ε͍ͯΔ͔͍ͳ͍͔ɺϓϩηεͷଐੑͰ͋Δͷ ͰɺQSPDͷԼͳͲ͔Β֬ೝ͢Δ͜ͱ͕Ͱ͖·͢
%PDLFSͰίϯςφΛ࡞ͬͯΈΑ͏
QSPD1*%OTͷԼΛݟͯΈΑ͏
͜Εɺଞͷϓϩηεͱҧ͍ͬͯΔ wͱ͍͏͜ͱΛ֬ೝ͢Δ
͜Εɺଞͷϓϩηεͱҧ͍ͬͯΔ wͱ͍͏͜ͱΛ֬ೝ͢Δ ◀ ◀ ◀ ◀ ◀
-JOVY/BNFTQBDF
-JOVY/BNFTQBDFͱ wΧʔωϧɺάϩʔόϧͰཧ͍ͯ͠ΔϦιʔε͕ͨ͘͞Μ͋Δɻ wͦ͏͍͏Ϧιʔεͷ͏ͪҰ෦ɺ໊લۭؒΛͬͯɺಛఆͷϓϩηε ͨͪͷͨΊʹผͷϦιʔεΛ֬อ͢Δ͜ͱ͕Ͱ͖Δ w654/BNFTQBDFϗετ໊ͳͲ w1*%/BNFTQBDFϓϩηε*% w/FUXPSL/BNFTQBDFωοτϫʔΫઃఆʢ/*$ଞʣ wͳͲͳͲɻ࠷৽ͷ-JOVYͰਓͷࣆͭͷ/BNFTQBDF
QSPD1*%OTͱ wʮͦͷϓϩηε͕ॴଐ͢Δ/BNFTQBDFΛදݱ͢ΔϑΝΠϧʯΛ ݟ͚ͭΔ͜ͱ͕Ͱ͖ΔσΟϨΫτϦ w͋Δϓϩηεͱɺผͷϓϩηε͕ҧ͏ϑΝΠϧʢJOPEF൪߸ʣΛ ͍ࠩͯ͠Εɺͦͷϓϩηεͨͪผʑͷ໊લۭؒʹ͍ΔͶɺ ͱ֬ೝͰ͖Δ
DHSPVQ
QSPD1*%DHSPVQͱ͍͏ϑΝΠϧ wͳʹΒಛघͳจࣈྻ͕ॻ͔Ε͍ͯΔ
࣮ࡍͷσΟϨΫτϦʹରԠ͢Δ wTZTGTDHSPVQͱ͍͏ͱ͜ΖΛௐΔͱ
͜Ε͕DHSPVQ wDHSPVQɺͱͱϓϩηεΛάϧʔϐϯά͢ΔͨΊͷػೳɻ wϓϩηεͷάϧʔϓຖʹɺ$16ͷར༻Ͱ͋ͬͨΓɺϝϞϦͰ͋ͬͨ Γɺ1*%ͷͰ͋ͬͨΓɺͷ੍ݶΛ͔͚Δ͜ͱ͕Ͱ͖Δɻ͋Δ͍ɺ άϧʔϓผͷར༻ঢ়گΛ֬ೝͨ͠ΓͰ͖Δ wDHSPVQʹؔ͢Δૢ࡞ɺDHSPVQGTͱ͍͏ಛघϑΝΠϧγεςϜΛ ܦ༝ͯ͠Ͱ͖Δ
࣮ࡍͷ੍ݶΛ֬ೝ •docker run --pids-limit=128 -ti debian:jessie /bin/bash wͷΑ͏ͳίϚϯυͰɺϓϩηεͷDHSPVQ੍ݶΛ͔͚ΒΕΔ w͜ͷγΣϧͰɺGPSLCPNC߈ܸΛͯ͠ɺؼͬͯ͘Δ
None
ͦͷଞͷػೳ wDISPPU Ͱɺಠཱͨ͠ϑΝΠϧγεςϜπϦʔʹʮೖΓࠐΉʯ wηΩϡϦςΟपΓͷػೳ੍ݶ w,FSOFM$BQBCJMJUZͰSPPUͷػೳΛߜΓࠐΉʢٯવΓʣ wTFDDPNQͰɺγεςϜίʔϧ୯Ґͷݺͼग़͠ΛϑΟϧλʔ w."$ .BOEBUPSZ"DDFTT$POUSPM 4&-JOVY
"QQ"SNPS
ΈΜͳίϯςφʹ ͳͬͯΈΑ͏ʁʁʁ
͜͜·Ͱͷ·ͱΊ wίϯςφͨͩͷ ϓϩηεɻා͘ͳ͍Αʂ
ͱ͍͏͜ͱͰ wίϯςφΛܰʙ͘ϋϯυϝΠυͯ͠Έ·͠ΐ͏͔ɻ
ಠཱͨ͠SPPUʹ͍Δ wEFCPPUTUSBQͱݴ͏ίϚϯυͰɺ%FCJBOͷϑΝΠϧγεςϜ͚ͩΛ ४උͰ͖Δɻ wDISPPU ͱݴ͏ίϚϯυͰɺͦͷதʹೖΔ͜ͱ͕Ͱ͖·͢ w ࣮%PDLFSͳ͠Ͱɺ6CVOUVͷதͰ%FCJBOڥΛಘΔ͜ͱͰ͖Δ mkdir
/root/railsdm-7th debootstrap --variant=minbase \ jessie \ /root/railsdm-7th \ http://ftp.jp.debian.org/debian
None
/BNFTQBDFΛ͢Δ wVOTIBSFͱݴ͏ίϚϯυΛ͏ͱͰ͖Δ •unshare --fork --pid --mount --uts wͷΑ͏ʹͯ͠ɺ1*%/BNFTQBDFɺ.PVOU/BNFTQBDFɺ654 /BNFTQBDFΛͰ͖Δ
ʢGPSL1*%/BNFTQBDFͷ༷ʹΑΔ੍ݶʣ
DHSPVQͷ੍ݶΛ͔͚Δ w৽͍͠DHSPVQɺ NLEJSͳͲͰ؆୯ʹ࡞ΕΔ wࣗΛॴଐͤ͞ΔʹɺUBTLTͱ͍͏ϑΝΠϧʹࣗͷ1*%Λॻ͖ࠐ Ί0,ɻ •echo $$ > /sys/fs/cgroup/cpu/7th-engineer/tasks
Ұ࿈ͷॲཧΛͭͳ͛Δ $ cat after-unshare.rb #!/usr/bin/env ruby container_name = ARGV[0]
raise unless container_name Dir.mkdir "/sys/fs/cgroup/cpu/#{container_name}" rescue puts("skip") File.write "/sys/fs/cgroup/cpu/#{container_name}/tasks", $$.to_s Dir.chroot "/root/#{container_name}" Dir.chdir "/" system "mount -t proc proc /proc" system "hostname #{container_name}.example.jp" exec "bash -l" ࠷ॳʹɺʮVOTIBSFޙʯͷॲཧΛ3VCZͰॻ͘
Ұ࿈ͷॲཧΛͭͳ͛Δɻ $ sudo unshare \ > --fork \ >
--pid \ > --mount \ > --uts \ > `pwd`/after-unshare.rb railsdm-7th ઌ΄ͲͷεΫϦϓτʹ࣮ߦݖݶΛ͚ͭͯVOTIBSFͷҾʹ
͜Είϯςφʁ wγεςϜ͕%FCJBOͰ͋Δ wϓϩηε͕ಠཱ͍ͯ͠Δɺϗετ໊ҧ͏
ԋशͦͷ w ઌ΄Ͳͷʮࣗ࡞ίϯςφʯʹ͍ͭͯɺ ผͷλʔϛφϧ͔ΒϗετʹೖΓɺҎԼΛ͔֬ΊͯΈΑ͏ɻ w ϗετ͔Βݟͯίϯςφ͕ʮϓϩηεʯͰ͋Δ͜ͱ w
1*%ɺ.PVOUɺ654/BNFTQBDF͕͍ͯ͠Δ͜ͱ w ίϯςφͰ$16Λ͍͘Βͬͯɺϗετͷ$16Λ͔͠ Θͳ͘ͳΔΑ͏ɺDHSPVQΛઃఆͯ͠ΈΑ͏ɻ·ͨɺ֬ೝ͠Α͏ IJOUIUUQTBDDFTTSFEIBUDPNEPDVNFOUBUJPOKB+13FE@)BU@&OUFSQSJTF@-JOVY IUNM
[email protected]
@(VJEFTFDDQVIUNM
॓
·ͱΊ
֮͑ͱ͘͜ͱͭ w-JOVYʹ͓͍ͯɺϓϩηεʹؔ͢Δͨ͘͞Μͷใ͕QSPDͷԼʹ ͋Δ͜ͱ w-JOVYίϯςφɺΧʔωϧͷϦιʔεʮʯͱʮ੍ݶʯͷػೳΛ ͬͨϓϩηεͰ͋Δ͜ͱ
֮͑ͱ͘͜ͱͭ w-JOVYʹ͓͍ͯɺϓϩηεʹؔ͢Δͨ͘͞Μͷใ͕QSPDͷԼʹ ͋Δ͜ͱ w-JOVYίϯςφɺΧʔωϧͷϦιʔεʮʯͱʮ੍ݶʯͷػೳΛ ͬͨϓϩηεͰ͋Δ͜ͱ wͲΜͳʹͦ͠͏ͳπʔϧͰɺ୭͔͕ॻ͍ͨͷͰ͋Γɺ ͦͯ͠044Ͱ͋ΔݶΓதΛਂ͘Δ͜ͱ͕Ͱ͖Δͱ͍͏͜ͱ
ࠓ͞ͳ͔ͬͨ͜ͱ wίϯςφؔ࿈ͷͦͷଞͷػೳͷօ͞Μ wQJWPU@SPPU w,FSOFM$BQBCJMJUZ w3FTPVSDF-JNJU SMJNJU wTFDDPNQ#1' w."$ 4&-JOVY"QQ"SNPS
-JOVY4FDVSJUZ.PEVMFT -4.
ѹతࢀߟจݙ w ϖʔδͷຊΛಡΉલʹಡΜͰ͓͖͍ͨ wʮͳΔ΄Ͳ6OJYϓϩηεʯ wIUUQTUBUTV[JOFDPNCPPLTOBSVIPVOJY
͞ΒͳΔਂΈ w(.0ϖύϘڈͷ࠲ֶࢿྉ wIUUQTTQFBLFSEFDLDPNVE[VSBUIFTLFMUPOPGXIBMFT
13
ίϯςφϨΠϠͷࣄ ԬͰͷࠊΛਾٕ͑ͨज़త ͝ڵຯ͕͋Ε૬ஊʹΓ·͢ GPMMPX!QC@SFDSVJU ͘͠!VE[VSBʹ