daemontools-kobanashi

Transcript

1. daemontoolsখ࿩ @yudoufu 2015/08/11 ෦಺ษڧձ ͓ͬ͞ΜͬΆ͍࿩Λ͠·͢

2. daemontoolsͬͯͬͯ͠Δʁ • αʔϏεͷdaemonӬଓԽπʔϧͱͯ͠༗໊ • ͓ͬ͞Μ͸ΈΜͳ͓ੈ࿩ʹͳͬͯΔ • ࠷ۙ͸supervisord ೿ൊ;͑ͨͶ

3. ͦ΋ͦ΋daemontoolsͱ͸ • UNIX/LinuxͷαʔϏε؅ཧπʔϧ܈ͷ૯শ • djb࡞ • qmail / tcpserver౳ͷ࡞ऀͰ΋͋Δ •

   http://cr.yp.to/daemontools.html

4. daemontoolsͷத਎ • daemonӬଓԽπʔϧ (svscan/supervise) • daemontoolsͬͯݴ͏ͱී௨͜ΕΛࢦ͢ • ҆શͳϩάه࿥πʔϧ (multilog) •

   αʔϏε/daemonԽͷิॿɾศརπʔϧ • ࠓ೔͸͔͜͜ΒϐοΫΞοϓͯ͠঺հ

5. daemontoolsͷิॿπʔϧ܈ • ͍͍ͪͪ໘౗ͩΑͶɺΛ࣮ݱͯ͘͠ΕΔখ෺ • ୯඼Ͱ࢖͑Δ΋ͷ͕ଟͯ͘UNIXత

6. setlock % setlock -n /path/to/hoge.lock command • command࣮ߦલʹlockΛߦ͍ɺϓϩηεͷॏ ෳىಈΛ๷͍Ͱ͘ΕΔ •

   -n: ॏෳىಈ͸command࣮ߦͤͣଈऴྃ • -N: ॏෳىಈ͸ϩοΫͷղ์Λ଴࣮ͬͯߦ • cronͱ૊Έ߹Θͤͯ࢖͏ͱศར

7. setlock - ࢖༻ྫ 00 * * * * setlock -n

   /var/run/cron.lock hugeprocess.sh • ͍͢͝Ͱ͔͍ॲཧΛຖ࣌΍Δ৔߹ • ສ͕Ұ࣍ͷ࣮ߦ͕࣌ؒདྷͯ΋ɺ࣍ͷϓϩηε ͸࣮ߦ͞Εͣऴྃ͢Δ setlock: fatal: unable to lock /var/run/cron.lock: temporary failure

8. setlock - ࢖༻ྫ 00 * * * * setlock -N

   /var/run/cron.lock preprocess.sh 30 * * * * setlock -N /var/run/cron.lock postprocess.sh • લॲཧͷ݁ՌΛड͚ͯޙॲཧΛ࣮ߦ͍ͨ͠ɺ ͱ͍͏ͷΛຖ࣌΍Δ৔߹ͳͲ • ಉ͡lockϑΝΠϧͳΒίϚϯυ͕ҧͬͯ΋ॲཧ Λ଴ͬͯ͘ΕΔ

9. envdir % envdir /path/to/env command • ୈ1Ҿ਺Ͱࢦఆͨ͠σΟϨΫτϦ಺ͷϑΝΠϧ Λɺ؀ڥม਺ͱͯ͠ઃఆͯ͘͠ΕΔ

10. envdir - ࣮ߦྫ % cat /tmp/env/IP 192.168.1.1 % cat /tmp/env/LOGDIR

    /var/log/hoge % envdir /tmp/env env | egrep "(IP|LOGIDIR)" IP=192.168.1.1 LOGDIR=/var/log/hoge • dir಺ͷϑΝΠϧ໊Λม਺໊ʹɺ಺༰Λvalueʹ • ؀ڥม਺ͱεΫϦϓτΛผ؅ཧ͠΍͘͢ͳΔ

11. envuidgid % envuidgid user command • envͷ UID / GIDʹୈ1Ҿ਺ͷuserΛઃఆ

    • ࣮ߦϢʔβʔΛม͑ΔΘ͚͡Όͳ͍ envuidgid www-data env |egrep "(GID|UID|USER)" USER=yudoufu GID=33 UID=33

12. setuidgid % setuidgid user command • ࣮ߦ࣌ݖݶΛߜΓ͍ͨ৔߹ʹ࢖͏ • جຊతʹ͸root࣮ߦͷεΫϦϓτ಺Ͱ࢖͏ •

    αϒάϧʔϓΛ൓ө͠ͳ͍ͷͰͨ·ʹਏ͍ • https://github.com/bruceg/daemontools- encore • ༗ࢤ͕௚ͨ͠Γͯ͠Δ

13. softlimit % softlimit [-p… n] command • commandʹରͯ͠Ϧιʔε੍ݶΛ͔͚ΒΕΔ • ϓϩηε͝ͱͷdataηάϝϯτ੍ݶ

    • ಉҰUIDͰͷϓϩηε਺੍ݶ • etc…

14. ༨ஊ • εϥΠυΛmd2keyΛ࢖ͬͯ࡞ͬͯΈͨ • https://github.com/k0kubun/md2key • ίϚϯυͷhighlight͍͍ײ͡ • จͷ੔ܗ͸΍ͬͺΓਓ͕Կͱ͔͢Δ •

    ·ͩେࡶ೺ʹ͋ͯ͜Ήπʔϧɺͱ͍͏ײ͡

15. ·ͱΊ • daemontoolsͷαϙʔτπʔϧ܈͸ؾ͕ޮ͍ ͯͯศར