Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
人間たちとsystemd
Search
KONDO Uchio
April 23, 2016
Technology
18
4.8k
人間たちとsystemd
@コンテナ勉強会
http://ct-study.connpass.com/event/28449/
KONDO Uchio
April 23, 2016
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.2k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
160
Narrative of Ruby & Rust
udzura
0
150
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.5k
Talk of RBS
udzura
0
350
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
670
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
620
Device access filtering in cgroup v2
udzura
1
710
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
630
Other Decks in Technology
See All in Technology
Docker互換のセキュアなコンテナ実行環境「Podman」超入門
devops_vtj
6
3.2k
累計ダウンロード数1億8000万を超えるアプリケーションプラットフォームのレガシーシステム脱却とモダン化への道
kmitsuhashi
0
120
CEL(Common Expression Language)で書いた条件にマッチしたIAM Policyを見つける / iam-policy-finder
fujiwara3
0
710
[NIKKEI Tech Talk] KDDI/KAG Scrum & Community for Engineering Training
curanosuke
2
220
20240724_cm_odyssey_hibiyatech
hiashisan
0
110
AWSでRAGを作る法方
sonoda_mj
1
140
CTOから見た事業開発とプロダクト開発 / My Perspective on Business and Product Development as CTO
keisuke69
4
960
「我々はどこに向かっているのか」を問い続けるための仕組みづくり / Establishing a System for Continuous Inquiry about where we are
daitasu
0
170
AutomatedLabを使って内部ペンテストを勉強しよう! -やられ社内ネットワークの自動構築-
n_etupirka
1
610
[I/O Extended Android 2024] What`s new in Android 2024
kyeongwan
0
220
Github Actions 로 Android 팀의 효율성 극대화
hadonghyun
0
160
Classmethod Odyssey 登壇資料
yamahiro
0
390
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
29
6.1k
Why Our Code Smells
bkeepers
PRO
332
56k
Making Projects Easy
brettharned
111
5.7k
What's new in Ruby 2.0
geeforr
338
31k
Speed Design
sergeychernyshev
9
270
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
189
16k
Principles of Awesome APIs and How to Build Them.
keavy
124
16k
Practical Orchestrator
shlominoach
185
10k
How To Stay Up To Date on Web Technology
chriscoyier
784
250k
GraphQLの誤解/rethinking-graphql
sonatard
59
9.6k
Facilitating Awesome Meetings
lara
46
5.8k
Gamification - CAS2011
davidbonilla
78
4.9k
Transcript
TZTUFNEͬ͘͟Γೖ GMO Pepabo, Inc. Uchio Kondo 2016/04/23 ίϯςφܕԾԽͷใަձˏԬ ਓؒͨͪͱTZTUFNE
ਓؒͷհ
None
ۙ౻͏͓ͪ (.0ϖύϘॴଐ ٕज़ج൫νʔϜ Ԭࢧࣾۈ 'VLVPLBSC
3BJMT(JSMT'VLVPLB૯߹ࡶ༻ίʔν·ͱΊ
None
None
ڵຯ 3VCZ(PMBOHΛগʑ %PDLFS-9$ 1VQQFU )BTIJDPSQUPPMT
0QFO4UBDL &MFDUSPO3FBDU IUUQXXXTMJEFTIBSFOFUVE[VSBIBTIJDPSQUPPMT
ZFBSTPME3VCZJTU 3BJMT͝Ζ͔ΒͷϧϏʔετ d 3VCZΛ͜͡Βͤͯஶ࡞͋Γ 8FC %#1SFTT3VCZ࿈ࡌ
d ύʔϑΣΫτ3VCZ ύʔϑΣΫτ3BJMT 8FC %#1SFTTWPM৽ਓಛू߸</FX>
None
None
'PVOEFSPG
None
੍ݶࣄ߲ 04ͳͲͷϨΠϠʔɺਖ਼Θ͔͍ͬͯͳ͍͠ɺ ΧʔωϧͷίʔυಡΜͩ͜ͱ͕͋Γ·ͤΜ ʮ࣮ʜʜ͖͔ͬ͞Β͕͍͑ͯΔοʜʜʯ
ਓؒͨͪͷͨΊͷ TZTUFNE֓ཁ
JOJUʢ͋Δ͍ͦͷସʣ ࠷ॳʹىಈͯ͠ɺͨ͘͞ΜͷαʔϏεͲΛ ্ཱͪ͛ͯཧ͢Δ $FOU04ͳͲʜTZTWJOJU $FOU046CVOUVʜ6QTUBSU 049ʜMBVODIE
ʜʜ
JOJUTDSJQU
6QTUBSU
TZTUFNEͬ͘͟Γ ࠾༻ σΟετϦ αʔϏε ఆٛ 04 റΓ DHSPVQ OBNFTQBDF ͱ࿈ܞ
ૢ࡞ίϚϯυ JOJU TDSJQU $FOU04 ͳͲ͍Ζ͍Ζ JOJUTDSJQU 4IFMMεΫϦϓτ ͳ͍ εΫϦϓτ TFSWJDF 6QTUBSU $FOU04 ࠷ۙ·Ͱͷ 6CVOUV ಠࣗܗࣜͷ DPOG FUDJOJU DPOG ͳ͍ TFSWJDFJOJUDUM TZTUFNE $FOU04d 6CVOUVd ΄͔ 6OJUϑΝΠϧ -JOVY ͷΈ ͍ͬͯ͘ TZTUFNDUM TFSWJDF ˞6CVOUV͔Βར༻Մೳ
3FUIJOLJOHPG1*% จ͕ͩʜ ͬ͘͟Γ ىಈεΫϦϓτɺ݁ہશ෦γΣϧεΫϦϓτͩͬͨΓɺҰ ݸҰݸىಈͰ͠ΜͲ͔ͬͨΓɺDHSPVQͱ͔φౕ͍ͱͷ ࿈ܞେมͩΑͶʜʜ
ͦ͜ͰTZTUFNEɺͱ͍͏ײ͡Β͍͠ ˞IUUQQPJOUFSEFCMPHQSPKFDUTTZTUFNEIUNM
TZTUFNEΛ ͬͯΈΔ
6OJUϑΝΠϧ ಠࣗܗࣜ JOJ෩ એݴత ʮUBSHFUʯʮNPVOUʯʮTFSWJDFʯʮEFWJDFʯ ͳͲͷछྨ͕͋Δ
6OJUಉ࢜ґଘ͕ؔ͋Δ
ྫόΠφϦҰݸͷαʔϏε
ྫόΠφϦҰݸͷαʔϏε આ໌ͷ΄͔ɺґଘ͢Δ6OJUϑΝΠϧɺ ىಈॱংΛهड़ ίϚϯυɺ࣮ߦϢʔβʔɺ લޙʹൃߦ͢ΔίϚϯυɺڥมɺ DHSPVQTͷ੍ݶͳͲ ϥϯϨϕϧ૬Λهड़
ྫఆظ࣮ߦλΠϚʔ
-PHHJOH KPVSOBMEͱ͍͏αʔϏε͕୲͢Δ TZTUFNEͷҰ෦ͱ͍͏ѻ͍ αʔϏεଆɺجຊͱʹ͔͘ඪ४ग़ྗʹϩάΛग़͍͍ͤ ʢGBDUPSBQQײʣ ᠘TZTUFNEͰɺKPVSOBMEΛ࠶ىಈ͢Δͱ
αʔϏε͕མͪΔ͜ͱ͋Δʜʜ $FOU04ͷσϑΥϧτ $FOU04ͰTZTUFNEʹͳΓɺͬͯΔ
TZTUFNEͱ Ϧιʔε੍ݶ
VMJNJU ϦιʔεΛ͍͍ײ͡ʹ੍ݶ͢Δͭ $16ɺϝϞϦɺϑΝΠϧσΟεΫϦϓλʜʜ
6OJUϑΝΠϧ 6OJUϑΝΠϧγΣϧεΫϦϓτ͡Όͳ͍ JOJUεΫϦϓτΈ͍ͨʹVMJNJUΛॻ͚͍͍ͱ͍ ͏͡Όͳ͍ VMJNJUόΠφϦͰͳ͍ͷͰ&YFD4UBSU1SFͰΩοΫͰ͖ ͳ͍ɺͳͲ
όΠφϦͻͱͭΈ͍ͨͳͱ͖ɺϥούʔΛ͔· ͢ʁ͍͍ʜʜ
NBOTZTUFNEFYFD IUUQXXXGSFFEFTLUPQPSHTPGUXBSFTZTUFNENBOTZTUFNEFYFDIUNM-JNJU$16
NBOTZTUFNEFYFD 6OJUϑΝΠϧʹએݴతʹॻ͘ˠΘ͔Γ͍͢ʂ VMJNJUͰ͍͏ͲΕʹ૬͢Δ͔͕ॻ͍ͯ͋ͬͯ ศར > LimitCPU= ➡ ulimit
-t > LimitRSS= ➡ ulimit -m > LimitNOFILE= ➡ ulimit -n
ηοτ͢ΔͱͲ͏ͳΔʁ
͜͏͍͏ײ͡ʹͳΔ ແࣄɺ$16Λඵ༗ͨ͠ޙLJMM͞ΕΔ
͏Ұͭͷํ๏ NBOTZTUFNESFTPVSDFDPOUSPM
DHSPVQͱͷ ࿈ܞ
None
TZTUFNEDHUPQ
$162VPUBͯ͠Έ·͠ΐ͏
ͳΔ΄Ͳ
ʙ
DHSPVQͳͷͰ ಈతʹϦιʔεͷར༻Λมߋ͢Δ͜ͱՄೳ EFNP͠·͢
None
Ͳ͕͍͍ͬͪΜͩΖ͏ʜʜ NBOݟͨײ͡ͷҹɺSFTPVSDFDPOUSPMԡ͠ɻ l"MTPOPUFUIBU-JNJU344JTOPU JNQMFNFOUFEPO-JOVY BOETFUUJOHJUIBTOP F⒎FDUz
VMJNJU͔ΒҠߦ͍͢͠Α͏ʹ-JNJU ͕͋Δײ͡ɻ ͳΔ͘SFTPVSDFDPOUSPMͨ͠΄͏͕͍͍ͷͰ
TZTUFNEͱ ϑΝΠϧγεςϜͷlz
1SJWBUF5NQઃఆ
ࣗಈͰσΟϨΫτϦ͕Ͱ͖Δ ˞αʔϏεΛམͱ͢ͱσΟϨΫτϦফ͑Δ
αʔϏεଆͰUNQ
ਂ͍ ىಈલʹ ϑΝΠϧγεςϜΛVOTIBSF͢Δ UNQΛUNQTZTUFNEQSJWBUF ʹ όΠϯυϚϯτ͢Δ
ͱ͍͏͚ͩ ͳͷͰਖ਼֬ʹɺNPVOUOBNFTQBDFͷΛ ར༻͍ͯ͠Δ
VOTIBSF ͱ -JOVYOBNFTQBDFͱ ϓϩηε͝ͱʹɺΞΫηεͰ͖ΔϦιʔεΛ͚Δ͜ͱ͕ Ͱ͖Δػೳ VOTIBSFΛݺͿͱ֘ϓϩηεͰ
৽͍͠ωʔϜεϖʔεΛ࡞Δ ʢNPVOUɺωοτϫʔΫɺ1*%ʜʜʣ
TZTUFNEͷྫ NOUͷωʔϜεϖʔε ͚͕ͩมΘ͍ͬͯΔ ͜ͱ͕Θ͔Δ
ͦͷଞͷNPVOU IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
3FBE0OMZ%JSFDUSJFT
ͦͷϓϩηε͔ΒมߋͰ͖ͳ͍ ҰํͰɺଞͷϓϩηε͔ΒՄೳ
ͦͷϓϩηεͰ ͪ͜ΒɺVOTIBSF͞Εͨ͋ͱɺ FUDSFBEPOMZUFTUΛSPͰόΠϯυϚϯτ͠ͳ͓ ͍ͯ͠Δ͜ͱ͕Θ͔Δ ҰํɺଞͷϓϩηεͰͦͷϚϯτ͕֬ೝͰ͖ͳ͍
͏গ͚ͩ͠ ਂ͍
VOTIBSFʹͳΖ͏ IJCPNB͞Μͱ͍͏ํͷهࣄ SVCZͰVOTIBSF ݺͼग़ͯ͠Ϛϯτ໊લۭؒΛ IUUQEIBUFOBOFKQIJCPNB
֦ுϥΠϒϥϦॻ͔ͳͯ͘ݺͼग़ͤΔΑ͏ͳͷ Ͱศར
JSCͰΖ͏
JSCͰΖ͏
૯ׅ
TZTUFNE ͨͩͷJOJUͷସͰͳ͍ DHSPVQ-JOVYOBNFTQBDFͱ ݁ߏີʹ࿈ܞͰ͖ɺ৭ʑͳ͍ಓ͕͋Γͦ͏ ʢͦ͏ׂ͍͑Ѫ͠·͕ͨ͠ɺDBQBCJMJUZ͍͡Ε·͢ʣ > CapabilityBoundingSet=CAP_NET_ADMIN
CAP_NET_RAW …
TZTUFNEͷϝϦοτॴײ 6OJUϑΝΠϧͰએݴతʹαʔϏεఆٛɺ ґଘɺϦιʔεͷɺΛఆٛͰ͖Δ DHSPVQMJOVYOBNFTQBDFͷৄࡉͳ"1*ʹ ৄ͘͠ͳͯ͘ɺTZTUFNEͷσΟϨΫςΟϒ͕ ϥοϓͯ͘͠ΕΔͷͰɺ༰қʹར༻Ͱ͖Δ TZTUFNEਓؒͨͪʹ༏͍͠ʂ
DPOUBJOFSWTTZTUFNE TZTUFNE͚ͩͰͰ͖Δ͜ͱ͕݁ߏ͋Δ Ͱ͖ͳ͍͜ͱ͋Δɻ1*%ͷͱ͔͕ͦ͏ %PDLFSͱTZTUFNEͷ࿈ܞͷྫ͋Δ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
૬͢ΔͷͰͳ͘ɺಘҙͰ͍͚
5SZ TZTUFNE
ࢀߟจݙ 4ZTUFNEೖγϦʔζ JEFOBLBJ͞Μ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ ͱ͍͏͔ඇৗʹৄ͘͠ɺͷൃදཁΔΜͩΖ͏͔ʜʜ
TZTUFNEపఈೖ!-JOVYঁࢠ෦ ಉ IUUQXXXTMJEFTIBSFOFUFOBLBJMJOVY ͷൃදSZ DPOTVMUFNQMBUFΛTZTUFNEͰಈ͔͢ͱ͖ͷֶͼ IUUQUPNPIJTBPEBDPNQPTUTVTF@TZTUFNE@XJUI@DPOTVMUFNQMBUFIUNM