Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
人間たちとsystemd
Search
KONDO Uchio
April 23, 2016
Technology
18
4.9k
人間たちとsystemd
@コンテナ勉強会
http://ct-study.connpass.com/event/28449/
KONDO Uchio
April 23, 2016
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
250
Narrative of Ruby & Rust
udzura
0
220
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
450
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
780
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
730
Device access filtering in cgroup v2
udzura
1
920
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
840
Other Decks in Technology
See All in Technology
20250718_ITSurf_“Bet AI”を支える文化とコストマネジメント
helosshi
1
180
The Madness of Multiple Gemini CLIs Developing Simultaneously with Jujutsu
gunta
1
2k
LIXIL基幹システム刷新に立ち向かう技術的アプローチについて
tsukuha
1
1k
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
tomzoh
2
360
ソフトウェアQAがハードウェアの人になったの
mineo_matsuya
3
250
AIでテストプロセス自動化に挑戦する
sakatakazunori
1
630
OTel 公式ドキュメント翻訳 PJ から始めるコミュニティ活動/Community activities starting with the OTel official document translation project
msksgm
0
110
Step Functions First - サーバーレスアーキテクチャの新しいパラダイム
taikis
1
240
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
170
スプリントレビューを効果的にするために
miholovesq
7
1.3k
Building GoReleaser - from shell script to paid product
caarlos0
0
210
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
13k
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1031
460k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Become a Pro
speakerdeck
PRO
29
5.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
A Modern Web Designer's Workflow
chriscoyier
695
190k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
The Cult of Friendly URLs
andyhume
79
6.5k
Transcript
TZTUFNEͬ͘͟Γೖ GMO Pepabo, Inc. Uchio Kondo 2016/04/23 ίϯςφܕԾԽͷใަձˏԬ ਓؒͨͪͱTZTUFNE
ਓؒͷհ
None
ۙ౻͏͓ͪ (.0ϖύϘॴଐ ٕज़ج൫νʔϜ Ԭࢧࣾۈ 'VLVPLBSC
3BJMT(JSMT'VLVPLB૯߹ࡶ༻ίʔν·ͱΊ
None
None
ڵຯ 3VCZ(PMBOHΛগʑ %PDLFS-9$ 1VQQFU )BTIJDPSQUPPMT
0QFO4UBDL &MFDUSPO3FBDU IUUQXXXTMJEFTIBSFOFUVE[VSBIBTIJDPSQUPPMT
ZFBSTPME3VCZJTU 3BJMT͝Ζ͔ΒͷϧϏʔετ d 3VCZΛ͜͡Βͤͯஶ࡞͋Γ 8FC %#1SFTT3VCZ࿈ࡌ
d ύʔϑΣΫτ3VCZ ύʔϑΣΫτ3BJMT 8FC %#1SFTTWPM৽ਓಛू߸</FX>
None
None
'PVOEFSPG
None
੍ݶࣄ߲ 04ͳͲͷϨΠϠʔɺਖ਼Θ͔͍ͬͯͳ͍͠ɺ ΧʔωϧͷίʔυಡΜͩ͜ͱ͕͋Γ·ͤΜ ʮ࣮ʜʜ͖͔ͬ͞Β͕͍͑ͯΔοʜʜʯ
ਓؒͨͪͷͨΊͷ TZTUFNE֓ཁ
JOJUʢ͋Δ͍ͦͷସʣ ࠷ॳʹىಈͯ͠ɺͨ͘͞ΜͷαʔϏεͲΛ ্ཱͪ͛ͯཧ͢Δ $FOU04ͳͲʜTZTWJOJU $FOU046CVOUVʜ6QTUBSU 049ʜMBVODIE
ʜʜ
JOJUTDSJQU
6QTUBSU
TZTUFNEͬ͘͟Γ ࠾༻ σΟετϦ αʔϏε ఆٛ 04 റΓ DHSPVQ OBNFTQBDF ͱ࿈ܞ
ૢ࡞ίϚϯυ JOJU TDSJQU $FOU04 ͳͲ͍Ζ͍Ζ JOJUTDSJQU 4IFMMεΫϦϓτ ͳ͍ εΫϦϓτ TFSWJDF 6QTUBSU $FOU04 ࠷ۙ·Ͱͷ 6CVOUV ಠࣗܗࣜͷ DPOG FUDJOJU DPOG ͳ͍ TFSWJDFJOJUDUM TZTUFNE $FOU04d 6CVOUVd ΄͔ 6OJUϑΝΠϧ -JOVY ͷΈ ͍ͬͯ͘ TZTUFNDUM TFSWJDF ˞6CVOUV͔Βར༻Մೳ
3FUIJOLJOHPG1*% จ͕ͩʜ ͬ͘͟Γ ىಈεΫϦϓτɺ݁ہશ෦γΣϧεΫϦϓτͩͬͨΓɺҰ ݸҰݸىಈͰ͠ΜͲ͔ͬͨΓɺDHSPVQͱ͔φౕ͍ͱͷ ࿈ܞେมͩΑͶʜʜ
ͦ͜ͰTZTUFNEɺͱ͍͏ײ͡Β͍͠ ˞IUUQQPJOUFSEFCMPHQSPKFDUTTZTUFNEIUNM
TZTUFNEΛ ͬͯΈΔ
6OJUϑΝΠϧ ಠࣗܗࣜ JOJ෩ એݴత ʮUBSHFUʯʮNPVOUʯʮTFSWJDFʯʮEFWJDFʯ ͳͲͷछྨ͕͋Δ
6OJUಉ࢜ґଘ͕ؔ͋Δ
ྫόΠφϦҰݸͷαʔϏε
ྫόΠφϦҰݸͷαʔϏε આ໌ͷ΄͔ɺґଘ͢Δ6OJUϑΝΠϧɺ ىಈॱংΛهड़ ίϚϯυɺ࣮ߦϢʔβʔɺ લޙʹൃߦ͢ΔίϚϯυɺڥมɺ DHSPVQTͷ੍ݶͳͲ ϥϯϨϕϧ૬Λهड़
ྫఆظ࣮ߦλΠϚʔ
-PHHJOH KPVSOBMEͱ͍͏αʔϏε͕୲͢Δ TZTUFNEͷҰ෦ͱ͍͏ѻ͍ αʔϏεଆɺجຊͱʹ͔͘ඪ४ग़ྗʹϩάΛग़͍͍ͤ ʢGBDUPSBQQײʣ ᠘TZTUFNEͰɺKPVSOBMEΛ࠶ىಈ͢Δͱ
αʔϏε͕མͪΔ͜ͱ͋Δʜʜ $FOU04ͷσϑΥϧτ $FOU04ͰTZTUFNEʹͳΓɺͬͯΔ
TZTUFNEͱ Ϧιʔε੍ݶ
VMJNJU ϦιʔεΛ͍͍ײ͡ʹ੍ݶ͢Δͭ $16ɺϝϞϦɺϑΝΠϧσΟεΫϦϓλʜʜ
6OJUϑΝΠϧ 6OJUϑΝΠϧγΣϧεΫϦϓτ͡Όͳ͍ JOJUεΫϦϓτΈ͍ͨʹVMJNJUΛॻ͚͍͍ͱ͍ ͏͡Όͳ͍ VMJNJUόΠφϦͰͳ͍ͷͰ&YFD4UBSU1SFͰΩοΫͰ͖ ͳ͍ɺͳͲ
όΠφϦͻͱͭΈ͍ͨͳͱ͖ɺϥούʔΛ͔· ͢ʁ͍͍ʜʜ
NBOTZTUFNEFYFD IUUQXXXGSFFEFTLUPQPSHTPGUXBSFTZTUFNENBOTZTUFNEFYFDIUNM-JNJU$16
NBOTZTUFNEFYFD 6OJUϑΝΠϧʹએݴతʹॻ͘ˠΘ͔Γ͍͢ʂ VMJNJUͰ͍͏ͲΕʹ૬͢Δ͔͕ॻ͍ͯ͋ͬͯ ศར > LimitCPU= ➡ ulimit
-t > LimitRSS= ➡ ulimit -m > LimitNOFILE= ➡ ulimit -n
ηοτ͢ΔͱͲ͏ͳΔʁ
͜͏͍͏ײ͡ʹͳΔ ແࣄɺ$16Λඵ༗ͨ͠ޙLJMM͞ΕΔ
͏Ұͭͷํ๏ NBOTZTUFNESFTPVSDFDPOUSPM
DHSPVQͱͷ ࿈ܞ
None
TZTUFNEDHUPQ
$162VPUBͯ͠Έ·͠ΐ͏
ͳΔ΄Ͳ
ʙ
DHSPVQͳͷͰ ಈతʹϦιʔεͷར༻Λมߋ͢Δ͜ͱՄೳ EFNP͠·͢
None
Ͳ͕͍͍ͬͪΜͩΖ͏ʜʜ NBOݟͨײ͡ͷҹɺSFTPVSDFDPOUSPMԡ͠ɻ l"MTPOPUFUIBU-JNJU344JTOPU JNQMFNFOUFEPO-JOVY BOETFUUJOHJUIBTOP F⒎FDUz
VMJNJU͔ΒҠߦ͍͢͠Α͏ʹ-JNJU ͕͋Δײ͡ɻ ͳΔ͘SFTPVSDFDPOUSPMͨ͠΄͏͕͍͍ͷͰ
TZTUFNEͱ ϑΝΠϧγεςϜͷlz
1SJWBUF5NQઃఆ
ࣗಈͰσΟϨΫτϦ͕Ͱ͖Δ ˞αʔϏεΛམͱ͢ͱσΟϨΫτϦফ͑Δ
αʔϏεଆͰUNQ
ਂ͍ ىಈલʹ ϑΝΠϧγεςϜΛVOTIBSF͢Δ UNQΛUNQTZTUFNEQSJWBUF ʹ όΠϯυϚϯτ͢Δ
ͱ͍͏͚ͩ ͳͷͰਖ਼֬ʹɺNPVOUOBNFTQBDFͷΛ ར༻͍ͯ͠Δ
VOTIBSF ͱ -JOVYOBNFTQBDFͱ ϓϩηε͝ͱʹɺΞΫηεͰ͖ΔϦιʔεΛ͚Δ͜ͱ͕ Ͱ͖Δػೳ VOTIBSFΛݺͿͱ֘ϓϩηεͰ
৽͍͠ωʔϜεϖʔεΛ࡞Δ ʢNPVOUɺωοτϫʔΫɺ1*%ʜʜʣ
TZTUFNEͷྫ NOUͷωʔϜεϖʔε ͚͕ͩมΘ͍ͬͯΔ ͜ͱ͕Θ͔Δ
ͦͷଞͷNPVOU IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
3FBE0OMZ%JSFDUSJFT
ͦͷϓϩηε͔ΒมߋͰ͖ͳ͍ ҰํͰɺଞͷϓϩηε͔ΒՄೳ
ͦͷϓϩηεͰ ͪ͜ΒɺVOTIBSF͞Εͨ͋ͱɺ FUDSFBEPOMZUFTUΛSPͰόΠϯυϚϯτ͠ͳ͓ ͍ͯ͠Δ͜ͱ͕Θ͔Δ ҰํɺଞͷϓϩηεͰͦͷϚϯτ͕֬ೝͰ͖ͳ͍
͏গ͚ͩ͠ ਂ͍
VOTIBSFʹͳΖ͏ IJCPNB͞Μͱ͍͏ํͷهࣄ SVCZͰVOTIBSF ݺͼग़ͯ͠Ϛϯτ໊લۭؒΛ IUUQEIBUFOBOFKQIJCPNB
֦ுϥΠϒϥϦॻ͔ͳͯ͘ݺͼग़ͤΔΑ͏ͳͷ Ͱศར
JSCͰΖ͏
JSCͰΖ͏
૯ׅ
TZTUFNE ͨͩͷJOJUͷସͰͳ͍ DHSPVQ-JOVYOBNFTQBDFͱ ݁ߏີʹ࿈ܞͰ͖ɺ৭ʑͳ͍ಓ͕͋Γͦ͏ ʢͦ͏ׂ͍͑Ѫ͠·͕ͨ͠ɺDBQBCJMJUZ͍͡Ε·͢ʣ > CapabilityBoundingSet=CAP_NET_ADMIN
CAP_NET_RAW …
TZTUFNEͷϝϦοτॴײ 6OJUϑΝΠϧͰએݴతʹαʔϏεఆٛɺ ґଘɺϦιʔεͷɺΛఆٛͰ͖Δ DHSPVQMJOVYOBNFTQBDFͷৄࡉͳ"1*ʹ ৄ͘͠ͳͯ͘ɺTZTUFNEͷσΟϨΫςΟϒ͕ ϥοϓͯ͘͠ΕΔͷͰɺ༰қʹར༻Ͱ͖Δ TZTUFNEਓؒͨͪʹ༏͍͠ʂ
DPOUBJOFSWTTZTUFNE TZTUFNE͚ͩͰͰ͖Δ͜ͱ͕݁ߏ͋Δ Ͱ͖ͳ͍͜ͱ͋Δɻ1*%ͷͱ͔͕ͦ͏ %PDLFSͱTZTUFNEͷ࿈ܞͷྫ͋Δ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
૬͢ΔͷͰͳ͘ɺಘҙͰ͍͚
5SZ TZTUFNE
ࢀߟจݙ 4ZTUFNEೖγϦʔζ JEFOBLBJ͞Μ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ ͱ͍͏͔ඇৗʹৄ͘͠ɺͷൃදཁΔΜͩΖ͏͔ʜʜ
TZTUFNEపఈೖ!-JOVYঁࢠ෦ ಉ IUUQXXXTMJEFTIBSFOFUFOBLBJMJOVY ͷൃදSZ DPOTVMUFNQMBUFΛTZTUFNEͰಈ͔͢ͱ͖ͷֶͼ IUUQUPNPIJTBPEBDPNQPTUTVTF@TZTUFNE@XJUI@DPOTVMUFNQMBUFIUNM