$30 off During Our Annual Pro Sale. View Details »

ペパボ新卒研修座学、コンテナのお話 /the-skelton-of-whales

KONDO Uchio
August 18, 2016
Technology
13
2.4k

ペパボ新卒研修座学、コンテナのお話 /the-skelton-of-whales

https://github.com/udzura/container-zagaku

KONDO Uchio

August 18, 2016
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
80
Narrative of Ruby & Rust
udzura
0
120
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.2k
Talk of RBS
udzura
0
270
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
610
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
510
Device access filtering in cgroup v2
udzura
0
570
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
500

Other Decks in Technology

See All in Technology
更新”しない”ドキュメント管理 「イミュータブルドキュメントモデル」の実運用
kosui
11
1.6k
2023 Digital Accessibility Legal Update – Part One
3playmarketing
0
110
提案段階のVS CodeのチャットエージェントAPIを動かしてみた
masa5555
0
130
朝起こしてくれるメイドさんが欲しい (LT) - NIFTY Tech Day 2023
niftycorp
1
120
ニフティの過去・現在・未来 - NIFTY Tech Day 2023
niftycorp
0
160
Go Getでのchecksum不一致に遭遇した話とその対応
replu
0
290
開発生産性向上へのコミットについて理解してもらうためのスライドテンプレートを作った話
ouchi2501
0
270
device mapperによるディスクI/O障害のエミュレーション
sat
PRO
7
2.3k
ECサイト向け決済機能の開発で学んだ外部決済サービスの活用ポイント
k1style
1
210
Kamuee: A Pure-Software-Approach Router
nttcom
0
150
APIシナリオテストツールとしてのrunn / 4 API testing tools
k1low
1
540
re:Invent2023で登場した運用開発用の可視化ツールたちを実際に見てみよう
yoshimi0227
0
360

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
23
5.4k
The Mythical Team-Month
searls
214
41k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.7k
RailsConf 2023
tenderlove
0
360
How STYLIGHT went responsive
nonsquared
89
4.5k
KATA
mclloyd
13
11k
Web development in the modern age
philhawksworth
201
9.9k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
The Cost Of JavaScript in 2023
addyosmani
10
3.1k
Teambox: Starting and Learning
jrom
125
8.2k
The Cult of Friendly URLs
andyhume
71
5.4k

Transcript

  1. Զࣗ਎͕ίϯςφʹͳΔ͜ͱͩ
    6DIJP,POEP(.01&1"#0JOD
    99UIF࠲ֶ
    ίϯςφܕԾ૝Խೖ໳
    IUUQTXXXqJDLSDPNQIPUPT!/$$#:4"

    View Slide

  2. ൪௕ɺΤϯδχΞ
    ۙ౻͏͓ͪ!VE[VSB
    ٕज़ج൫νʔϜϓϦϯγύϧ

    View Slide

  3. ൪௕ɺΤϯδχΞ
    ۙ౻͏͓ͪ!VE[VSB
    ٕज़ج൫νʔϜϓϦϯγύϧ
    ࣮͸ͦ͏ͩͬͨΜͰ͢ʂ
    ஌ͬͯ·ͨ͠ʁ

    View Slide

  4. Ծ૝Խͷ͓͞Β͍
    1.

    View Slide

  5. Ծ૝Խʹ͸͍Ζ͍Ζ͋Δͦ͏ͳ
    wͻͱ·ͣͭԡ͓͖͑ͯ͞·͠ΐ͏
    wϋΠύʔόΠβʔܕ
    wϗετ04ܕ
    wίϯςφܕʢ04ϨϕϧͷԾ૝Խʣ

    View Slide

  6. ϋΠύʔόΠβʔܕʢωΠςΟϒϋΠύʔόΠβʣ
    w9FOɺ,7.ͳͲɺଞʹ7.8BSF&49Jɺ)ZQFS7ʜʜ
    wઐ༻ͷ04Λར༻ͯ͠ɺͦͷ্ʹͨ͘͞Μ04Λฒ΂Δʢ&49JͳͲʣ
    w-JOVY,FSOFMࣗମΛϋΠύʔόΠβʔͱͯ͠׆༻ʢ,7.ʣ
    w४Ծ૝Խͱ׬શԾ૝Խͷҧ͍
    w͍ͣΕʹͤΑɺʮҰͭͷϋʔυ΢ΣΞʯͷ্ʹͨ͘͞Μ04Λ্ཱͪ͛Δ͜ͱ
    ͕Ͱ͖Δ

    View Slide

  7. ϗετ04ܕʢϗετϋΠύʔόΠβʣ
    w7JSUVBM#PY΍7.8BSF1MBZFS'VTJPO͕୅දత
    w൚༻తͳ04ͷ্ʹઐ༻ͷιϑτ΢ΣΞΛಋೖ
    wϋΠύʔόΠβܕΑΓ͸ख͕ܰͩɺΦʔόʔϔου΋͋Δ
    w͜ΕΛ࢖ͬͯ΋ɺʮҰͭͷϋʔυ΢ΣΞʯͷ্ʹͨ͘͞Μ04Λ্ཱͪ͛Δ͜
    ͱ͕Ͱ͖Δ

    View Slide

  8. ϏϧͷςφϯτͷΑ͏ʹɺͨ͘͞Μ04͕ࡌ͍ͬͯΔ
    IUUQTKBXJLJQFEJBPSHXJLJϋΠύʔόΠβ
    ϋΠύʔόΠβ ϗετܕ

    View Slide

  9. ίϯςφܕ
    wҰͭͷ04ͷ্ʹͨ͘͞Μͷʮίϯςφʹϛχ04ʯΛ্ཱͪ͛Δ͜ͱ͕Ͱ͖Δ
    wʮϛχ04ʯ͸͍ΘΏΔຊ෺ͷ04ΑΓখ͍͞ͷͰɺ্ཱ͕ͪΓ͕ૣ͘ɺಈ͖΋
    ͍ܰʢޙड़ʣ
    w·ͨɺϗετ04ࣗମ͕ʢϗετܕϋΠύόΠβܕͰʣԾ૝Խ͞Εͯͯ΋0,
    wʢଞͷԾ૝ԽํࣜͰ͸ଟ͘ͷ৔߹OFTUFE7.͸੍ݶ͕͋ͬͨΓɺಛघͳઃఆ
    ͕ඞཁͩͬͨΓɺ͋Δ͍͸ෆՄೳʣ

    View Slide

  10. ͋ͷֆͰ͢
    IUUQXXXKBZXBZDPNXQDPOUFOUVQMPBETEPDLFSJNBHFQOH

    View Slide

  11. ίϯςφԾ૝Խʹֶ͍ͭͯ΅͏ɻ
    Ή͠ΖखΛಈ͔ͦ͏ɻ
    2.

    View Slide

  12. ίϯςφͱ͸Կ͔ʁ
    wϛχ04ʜʜ04ͱݴͬͨͳ
    w͋Ε͸ӕͩ

    View Slide

  13. ίϯςφͱ͸

    View Slide

  14. ಛผͳଐੑΛ࣋ͬͨ
    ϓϩηεʹଞͳΒͳ͍

    View Slide

  15. ϓϩηεͱ͸
    w04͕࣮ߦ͞Εͨιϑτ΢ΣΞΛ؅ཧ͢Δ୯Ґ
    wϓϩάϥϜΛ࣮ߦ͢ΔͱɺͦΕ͕ϝϞϦʹ৐ͬͯɺ࣮ߦͷࡍͷίϯςΫετ͕
    Ӡʑ͔Μ͵Μ
    w04ʢΧʔωϧʣ͔Β΋ɺ·ͨϢʔβ͔Β΋؆୯ʹѻ͑Δ୯Ґ
    wʢຊߨٛͰ͸ࠓޙίϯςφԾ૝ԽʹΑΔ؀ڥΛ04ͱ͸ݺ͹ͳ͍ɻ

    ɹ04ʹίϯςφͷ฼؋ͱͳΔϗετ04ɹͱߟ͑ͯ0,ʣ

    View Slide

  16. ಛผͱ͸
    wϓϩηε͸ɺͦ΋ͦ΋͍Ζ͍ΖͳଐੑΛ͍࣋ͬͯΔ
    w࣮ߦϢʔβʔɺΧϨϯτσΟϨΫτϦɺϓϩάϥϜຊମͷ৔ॴͳͲ
    wͦͷதͰ΋
    wଞͷϓϩηεͱͷϦιʔεͷִ཭
    w04ͷϦιʔεͷར༻ʹର͢Δ੍ݶ
    wʹؔ͢ΔػೳΛ૊Έ߹ΘͤΔͱɺ͔͋ͨ΋ಠཱͨ͠ϚγϯͬΆ͘ѻ͑ΔͷͰɺ
    ͦͷΑ͏ͳٕज़ͷ૊Έ߹ΘͤΛʮίϯςφܕԾ૝ԽʯͱݺͿ͜ͱ͕͋Δ

    View Slide

  17. ͔͜͜Β࣮शʹೖΓ·͢
    IUUQTFOXJLJQFEJBPSHXJLJ*OUFSNPEBM@DPOUBJOFS

    View Slide

  18. -JOVY/BNFTQBDF
    2.1.

    View Slide

  19. ՝୊
    wunshareͱ͍͏ίϚϯυͷϔϧϓΛද͍ࣔͯͩ͘͠͞
    wೋͭλʔϛφϧΛ্ཱͪ͛ͯɺ
    wҰͭͷλʔϛφϧͰsudo unshare --uts -- /bin/bashΛ࣮ߦ
    whostnameίϚϯυͰϗετ໊Λมߋͯ͠Έ·͠ΐ͏
    wuname -a, hostname ͷ݁ՌΛɺλʔϛφϧͦͷ̍ͱɺͦͷ̎ͰʢVOTIBSF
    ͯ͠ͳ͍ํʣͰൺֱ͍ͯͩ͘͠͞

    View Slide

  20. ͍Ζ͍ΖͱVOTIBSFͰ͖Δ༷ࢠ

    View Slide

  21. -JOVY/BNFTQBDFͱ͸
    w04ʹؔ͢Δ༷ʑͳϦιʔεʹ͍ͭͯɺʮ໊લۭؒʯΛ࡞ΓɺҰͭͷΧʔωϧ
    ͷ্Ͱ༷ʑͳϦιʔεΛڞଘͤ͞Δ͜ͱ͕Ͱ͖Δٕज़
    wྫ͑͹
    w654/BNFTQBDFʜϗετͱผͷϗετ໊ʢͳͲʣΛར༻Ͱ͖Δ
    w.PVOU/BNFTQBDFʜಠཱͨ͠Ϛ΢ϯτϙΠϯτΛར༻Ͱ͖Δ
    w1*%/BNFTQBDFʜ͋Δϓϩηε͔ΒԼͷϓϩηεʹ͍ͭͯɺಠཱͨ͠࠾൪
    ͕Ͱ͖Δ

    View Slide

  22. ௥Ճ՝୊
    wҎԼͷίϚϯυΛ࣮ߦͯ͠Έ͍ͯͩ͘͞
    • sudo unshare --uts -- /bin/bash -c \

    'hostname udzura.example.jp; echo new process: $$; exec /bin/sleep 9999' &
    wͦͷޙɺʮOFXQSPDFTTʯͱ͍ͬͨද͕ࣔग़·͢ͷͰɺ
    wͦͷදࣔΛ΋ͱʹOTFOUFSΛ࢖ͬͯΈ͍ͯͩ͘͞ɻ
    •sudo nsenter --uts=/proc/23639/ns/uts /bin/bash
    wͦ͜Ͱ্ཱ͕ͪΔCJOCBTI͸Ͳ͏͍͏؀ڥͰ͔͢

    View Slide

  23. DISPPUCJOENPVOU
    2.2.

    View Slide

  24. -JOVY 6/9
    ͷجຊ͸ϑΝΠϧγεςϜ
    w'JMFTZTUFN)JFSBSDIZ4UBOEBSE
    wVTS WBS UNQ IPNF ʜʜ
    wز͔ͭͷσΟϨΫτϦʹ͸ಛผͳҙຯ͕͋Γɺٯʹݴ͏ͱ

    ن໿ʹ൓͢ΔΑ͏ͳϑΝΠϧ΍σΟϨΫτϦΛ࡞੒͢Δͱେมͳ͜ͱʹ΋
    wຊ෺ͷϑΝΠϧʢʁʣͷ΄͔ɺ

    ͋ΒΏΔ৘ใ͕ϑΝΠϧʢQSPDσΟϨΫτϦɺEFWσΟϨΫτϦʜʣ

    View Slide

  25. ՝୊
    wEFCPPUTUSBQ
    ίϚϯυΛΠϯετʔϧ͍ͯͩ͘͠͞
    wࠓͷϗετ04͸6CVOUV9FOJBMͱ͠·͢ɻ
    w%FCJBOKFTTJFͷ؀ڥΛEFCPPUTUSBQͰ࡞ͬͯΈ͍ͯͩ͘͞ɻ
    •debootstrap --components=main --variant=minbase 

    jessie /tmp/myjessie http://ftp.jp.debian.org/debian/
    wͦͷϑΝΠϧγεςϜͷதʹʮೖͬͯʯΈ·͠ΐ͏ɻ

    Ͳ͏͍͏؀ڥ͕ݟ͑·͔͢ʁ

    View Slide

  26. View Slide

  27. DISPPU
    wϓϩηεͷϧʔτϑΝΠϧγεςϜΛೖΕସ͑Δ
    wࣗ෼ΑΓ্ͷϑΝΠϧγεςϜ͸ݟ͑ͳ͍
    wʢൈ͚ग़͢ํ๏͸ز͔ͭ͋Δʣ

    View Slide

  28. ྫ͑͹ύοέʔδ͕ҧ͏

    View Slide

  29. ௥Ճ՝୊
    wDISPPU͞Εͨ؀ڥʹ͍ͭͯɺҎԼͷΑ͏ͳ؀ڥʹ͢Δʹ͸Ͳ͏͢Ε͹͍͍Ͱ͢
    ͔ɻ
    w഑Լ͸ϦʔυΦϯϦʔͰ͋Δ
    wϢʔβ͸SPPU഑Լ͚ͩߋ৽Ͱ͖Δ
    wߋ৽ͨ͠಺༰͸ɺϗετͷWBSMJCVTFS@SPPUҎԼʹอଘ͞ΕΔ

    View Slide

  30. ճ౴ྫ
    mkdir /var/lib/user_root
    mount --bind /tmp/myjessie /tmp/myjessie
    mount --bind -o remount,ro /tmp/myjessie
    mount --bind /var/lib/user_root /tmp/myjessie/root
    root@udzura:~# chroot /tmp/myjessie
    root@udzura:/# touch /test.txt
    touch: cannot touch '/test.txt': Read-only file system
    root@udzura:/# touch /root/test.txt
    root@udzura:/# ls -l /root/
    total 0
    -rw-r--r-- 1 root root 0 Aug 8 06:14 test.txt

    View Slide

  31. CJOENPVOUͱ͸
    wಉ͡ϑΝΠϧγεςϜΛෳ਺ͷσΟϨΫτϦʔʹඞཁͳ͚ͩϚ΢ϯτ͢Δػೳ
    wDISPPUͨ͠ઌͱɺ͢ΔલͷϗετͰϑΝΠϧγεςϜΛڞ༗Ͱ͖Δ
    wྫMJCͱCJOΛڞ༗ͯ͠ಉ͡ίϚϯυΛ࢖͏
    wྫIPNFEJSFDUPSZΛڞ༗͠ɺͦ͜ͷΈXSJUBCMFʹ͢Δ
    wྫΞϓϦέʔγϣϯͷσϓϩΠઌΛڞ༗͠ɺෳ਺ίϯςφͰ࢖͍ճ͢

    View Slide

  32. CJOENPVOUOBNFTQBDF
    w.PVOUOBNFTQBDFͱͷ૊Έ߹ΘͤͰɺ
    wϗετ͔Βɺήετ͕ͲͷΑ͏ͳCJOENPVOUΛߦ͍ͬͯΔ͔Λಠཱͤ͞Δ
    w͋Δ͍͸ήετͷؒͰͲͷΑ͏ͳϚ΢ϯτϙΠϯτ͕͋Δ͔Λִ཭͢Δ͜ͱ
    ͕Ͱ͖ΔΑ͏ʹͳΔ
    wʢͳ͓ɺOBNFTQBDFʹΑͬͯத਎͕มΘΔϚ΢ϯτϙΠϯτ΋͋Δɻ
    ɹɹFHQSPD TZT NRVFVFʜʣ

    View Slide

  33. DHSPVQ
    2.3.

    View Slide

  34. $POUSPM(SPVQ
    wϓϩηεΛάϧʔϓԽ͠ɺͻͱ·ͱΊͰ༷ʑͳ੍ݶΛ͔͚ͨΓɺ؅ཧΛͨ͠Γ
    ͢Δػೳ
    w۩ମతʹ͸ɺ$16΍ϝϞϦͷϦιʔεར༻΍ɺϒϩοΫσόΠε΁ͷ*0ɺQJE
    ਺ͷ্ݶͳͲɺ༷ʑͳ΋ͷΛ؅ཧͰ͖Δ
    wίϯςφతʹ͸ɺ$16΍ϝϞϦΛϓϩηεͷ·ͱ·ΓͰԾ૝తʹ؅ཧͰ͖Δͷ
    ͰɺΑΓಠཱͨ͠04Β͘͠࢖͑ΔͨΊʹศརͳػೳ

    View Slide

  35. ՝୊
    w$16ͭͷ7.Λ࡞ΓɺͭͷίΞΛ࢖͍੾ΔΑ͏ͳϓϩάϥϜΛॻ͍ͯ͘
    ͍ͩ͞ɻݴޠɺ؀ڥ౳ԿͰ΋0,Ͱ͢ɻ
    wUPQίϚϯυͰ࢖͍ͬͯΔ༷ࢠΛ

    ֬ೝ͠·͠ΐ͏ɻ

    View Slide

  36. ίΞΛ࢖͏ϓϩάϥϜͷࡶͳճ౴ྫ
    cat <def fib(n); n<2?1:fib(n-2)+fib(n-1); end
    8.times.map do
    fork do
    loop do fib(rand(128)) end
    end
    end.each {|p| Process.waitpid p }
    RUBY
    ## ఀࢭ: killall ruby

    View Slide

  37. ൃల՝୊
    wDHSPVQΛ࢖ͬͯɺಉ͡ϓϩάϥϜΛ૸Βͤͯ΋

    ϗετͷ$16ͷ͏͚ͪͭͩΛ࢖͏Α͏ʹม͑ͯΈ·͠ΐ͏
    wগ͚ͩ͠᠘͕͋ΔͷͰώϯτɿ
    wDQVTFUDQVTͱDQVTFUDQVT͸྆ํʹ஋͕ͳ͍ͱϓϩηεΛొ࿥Ͱ͖ͳ͍
    wSFGTIUUQEIBUFOBOFKQEFpBOU

    View Slide

  38. ճ౴ྫ
    mkdir /sys/fs/cgroup/cpuset/ruby001
    echo 0 > /sys/fs/cgroup/cpuset/ruby001/cpuset.mems
    echo 0-1 > /sys/fs/cgroup/cpuset/ruby001/cpuset.cpus
    echo $$ > /sys/fs/cgroup/cpuset/ruby001/tasks
    cat <def fib(n); n<2?1:fib(n-2)+fib(n-1); end
    8.times.map do
    fork do
    loop do fib(rand(128)) end
    end
    end.each {|p| Process.waitpid p }
    RUBY
    top # then hit `1'

    View Slide

  39. View Slide

  40. ௥Ճ՝୊
    w6CVOUV9FOJBMͷLFSOFM͸ͰɺQJETαϒγεςϜΛαϙʔτ͍ͯ͠·͢





    wίϯςφͷྗͰɺGPSLCPNC߈ܸΛճආ͢ΔσϞΛ࡞ͬͯΈ͍ͯͩ͘͞ɻ
    wΦϖϛεΛ͢Δͱ໭ͬͯ͜ͳ͍ͷͰɺ৻ॏʹɺ҆શͳ7.Ͱʜ

    View Slide

  41. -JOVY$BQBCJMJUJFT
    2.4.

    View Slide

  42. έʔύϏϦςΟͱ͸
    w௚༁͢Δͱɺʮݖݶʯ
    w͍ΘΏΔSPPUϢʔβͷݖݶ͸ઈେͰɺͦΕΏ͑ʹةݥ΋൐͏
    w҆શ͔ͭศརʹαʔόӡ༻౳Λ͢΂͘ɺʮݖݶΛ੾Γ෼͚Δʯൃ૝͕ੜ·Ε
    ͨɻͦΕ͕έʔύϏϦςΟ

    View Slide

  43. έʔύϏϦςΟͷྫ
    wྫ͑͹ɺ
    wϙʔτ൪ະຬͷ͍ΘΏΔʮಛݖϙʔτʯΛϓϩηεͰ࢖༻͢Δݖར
    wੜͷ*1σʔλτϥϑΟοΫΛݟΔݖར
    w࣌ࠁΛઃఆ͢Δݖར
    wϓϩηεΛLJMM͢Δݖར
    wΦϓʔφΛങ͏ݖར͸ͳ͍

    View Slide

  44. έʔύϏϦςΟͷϧʔϧ
    IUUQNBOPSHMJOVYNBOQBHFTNBODBQBCJMJUJFTIUNM

    View Slide

  45. έʔύϏϦςΟͷϧʔϧ
    wԡ͑͞Δͱ͍͍͜ͱɿ
    wέʔύϏϦςΟͷू߹ʢέʔύϏϦςΟηοτʣ͕ɺ

    ʙʢΧʔωϧʹΑΓʣछྨ͋Δ
    wϓϩηεͱϑΝΠϧʹέʔύϏϦςΟ͕͋Δ
    wό΢ϯσΟϯάηοτͱ͍͏ɺFYFDϑΝϛϦͷؔ਺Λ࣮ߦ͢Δʢผͷϓϩά
    ϥϜʹੜ·ΕมΘΔʣࡍͷ৽͍͠έʔύϏϦςΟͷࡍʹॏཁͳηοτ͕͋Δ
    w-JOVY͔Β௥Ճ͞Εͨ"NCJFOUέʔύϏϦςΟηοτ

    View Slide

  46. ՝୊
    wDBQTIΛΠϯετʔϧ͍ͯͩ͘͠͞
    wDBQTIͷϚχϡΞϧΛݟͯɺݱࡏར༻Ͱ͖Δʢ&⒎FDUJWFͳʣ

    έʔύϏϦςΟΛ֬ೝ͢ΔίϚϯυΛ࣮ߦ͍ͯͩ͘͠͞

    View Slide

  47. ͞ΒͳΔ՝୊
    wSPPUϢʔβʹ΋͔͔ΘΒͣɺҎԼͷΦϖϨʔγϣϯ͕Ͱ͖ͳ͘ͳΔΑ͏ͳ؀ڥ
    Λ࡞੒͍ͯͩ͘͠͞ɻ࣮ࡍʹͰ͖ͳ͍Τϥʔϝοηʔδ΋ද͍ࣔͯͩ͘͠͞
    w࣌ࠁͷઃఆ͕Ͱ͖ͳ͍
    wLJMM͕Ͱ͖ͳ͍
    wϢʔβ੾Γସ͑ suίϚϯυͷൃߦ
    ͕Ͱ͖ͳ͍
    wNPVOUίϚϯυ͕ൃߦͰ͖ͳ͍
    wDBQBCJMJUZΛมߋͨ͠؀ڥΛ৽͘͠࡞੒Ͱ͖ͳ͍

    ɹɹʢͨͩ͠ɺό΢ϯσΟϯάηοτΛར༻͢Δ৔߹ʣ

    View Slide

  48. ͦͷଞ
    2.5.

    View Slide

  49. ҎԼͷػೳ΋࢖͏ͷͰݴٴ·Ͱ
    wTFUVJETFUHJE
    w࣮Ϣʔβ*%ɺ༗ޮϢʔβ*%ɺอଘϢʔβ*%ʜ
    w3FTPVSDF-JNJU SMJNJU

    wϑΝΠϧσΟεΫϦϓλ਺ͷ੍ݶͳͲ
    wʮVMJNJUͰ࢖͏΍ͭʯ vagrant@localhost:~$ ulimit -n 10
    vagrant@localhost:~$ ruby -e "(1..30).to_a.map { p open('/dev/urandom') }"
    #
    #
    #
    -e:1:in `initialize': Too many open files @ rb_sysopen - /dev/urandom (Errno::EMFILE)
    from -e:1:in `open'
    from -e:1:in `block in '
    from -e:1:in `map'
    from -e:1:in `'

    View Slide

  50. ͦͯ͠఻આ΁ʜʜ
    3.

    View Slide

  51. ͜͜·Ͱ঺հͨ͠-JOVYͷػೳͳΜͰ͕͢
    wجຊతʹશ෦γεςϜίʔϧͱ͍͏΍ͭ

    ʢ͋Δ͍͸ͦΕΛϥοϓͨ͠ϥΠϒϥϦؔ਺ʣΛܦ༝ͯ͠࢖͏͜ͱ͕ଟ͍
    wͳͷͰɺ$ݴޠΛ͍֮͑ͯͳ͍ͱͳ͔ͳ͔ෑډͷߴ͍ػೳͰ΋͋Δ
    wͰ͕͢ɺࠓͷ๻Β͸ɺ͜ΕΒͷػೳΛNSVCZΛ௨ͯ͠࢖͏͜ͱ͕Ͱ͖·͢

    View Slide

  52. )BDPOJXB
    IUUQTXXXqJDLSDPNQIPUPTNPPOMJHIUCVMC$$#:

    View Slide

  53. )PXUPJOTUBMM
    wQBDLBHFDMPVEͰ഑෍த
    w6CVOUV9FOJBMͳΒ͖ͬͱεοͱೖΔɻ
    curl -s https://packagecloud.io/install/repositories/
    udzura/haconiwa/script.deb.sh | sudo bash
    sudo apt-get install haconiwa

    View Slide

  54. ࢖͏ͷ͸
    wࠓճ͸IBDPOJXBίϚϯυ͡Όͳ͍Αʂ
    wIBDPSCͱ͍͏όΠφϦ͕ೖ͍ͬͯΔͷͰɺͦͬͪΛ࢖͏
    wਖ਼ମ͸ɺ༷ʑͳίϯςφؔ܎ͷNHFNΛ૊ΈࠐΜͩNSVCZ

    View Slide

  55. TBNQMFDPEF
    #!/usr/bin/hacorb
    Namespace.unshare(Namespace::CLONE_NEWPID)
    Namespace.unshare(Namespace::CLONE_NEWNS)
    p = Process.fork do
    Dir.chdir “/tmp/myjessie" # લ൒Ͱ࡞ͬͨDebianͷrootfs
    Dir.chroot "/tmp/myjessie"
    Mount.new.mount "proc", "/proc", type: "proc"
    exec "/bin/bash"
    end
    Process.waitpid p

    View Slide

  56. ·ͬ͞Βͳ1*%OBNFTQBDFΛͭ͘Δαϯϓϧ

    View Slide

  57. ίϯςφػೳͱNHFNͷରԠ
    ػೳ ରԠ͢ΔNSVCZHFN
    /BNFTQBDF NSVCZOBNFTQBDF
    ϑΝΠϧγεςϜͷૢ࡞
    NSVCZEJS
    NSVCZNPVOU
    HSPVQ NSVCZDHSPVQ
    έʔύϏϦςΟ NSVCZDBQBCJMJUZ
    ͦͷଞɺϓϩηεૢ࡞
    NSVCZQSPDFTT
    NSVCZFYFD

    View Slide

  58. IBDPSC͸
    ͪΐͬͱͨ͠ௐࠪɺ࣮ݧʹศར͔΋ʁ

    View Slide

  59. ૯ׅ
    4.

    View Slide

  60. ศརͳࢿྉͰ͢
    wֶͭͬͯ͘Ϳ-JOVYίϯςφͷཪଆ
    wIUUQTTQFBLFSEFDLDPNIBZBKPUVLVUVUFYVFCVMJOVYLPOUFOBGBMTFMJDF
    w͍·͞Βฉ͚ͳ͍-JOVYίϯςφͷجૅ04$,ZPUP
    wIUUQTTQFBLFSEFDLDPNUFOGPSXBSEPTDLZPUP
    w 5FO'PSXBSE͞Μ͸ϒϩάɺHJIZPͷهࣄɺͦͷଞ΋શ෦ཁνΣοΫ

    View Slide

  61. ʮશ෦ೖΓʯ΋͍͍͚ΕͲ

    View Slide

  62. ਂ۷Γͯ͠΋໘ന͍
    ͦΕ͕ίϯςφٕज़
    IUUQTDPNNPOTXJLJNFEJBPSHXJLJ'JMF)VNQCBDL@8IBMF@[email protected]@PG@0TUFPMPHZKQH

    View Slide

  63. ʮશ෦ೖΓʯͷҰาઌʹ
    ڵຯΛ࣋ͬͯΈΑ͏
    IUUQTDPNNPOTXJLJNFEJBPSHXJLJ'JMF%SJGU@PG@)[email protected]@
    KQH$$#:@4"

    View Slide

  64. ࣌ؒͳͲ͕ͳ͘ೖΒͳ͔ͬͨ͜ͱʜʜ
    wTUSBDF͕ΊͪΌͪ͘Όศརͳ݅
    wίϯςφͷษڧʹݶΒͣศརͳͷͰɺ࢖͍͜ͳͤΔͱ͍͍Ͱ͢Ͷ

    View Slide