Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
人間たちとsystemd
Search
KONDO Uchio
April 23, 2016
Technology
18
4.9k
人間たちとsystemd
@コンテナ勉強会
http://ct-study.connpass.com/event/28449/
KONDO Uchio
April 23, 2016
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
240
Narrative of Ruby & Rust
udzura
0
210
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
440
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
770
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
720
Device access filtering in cgroup v2
udzura
1
890
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
810
Other Decks in Technology
See All in Technology
Contract One Dev Group 紹介資料
sansan33
PRO
0
6k
ITエンジニアを取り巻く環境とキャリアパス / A career path for Japanese IT engineers
takatama
4
1.5k
iOS/Androidで無限循環Carousel表現を考えてみる
fumiyasac0921
0
130
プラットフォームとしての Datadog / Datadog as Platforms
aoto
PRO
1
340
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
24k
金融システムをモダナイズするためのAmazon Elastic Kubernetes Service(EKS)ノウハウ大全
daitak
0
120
CSSDay, Amsterdam
brucel
0
120
それでもぼくらは貢献をつづけるのだ(たぶん) @FOSS4GLT会#002
furukawayasuto
1
280
Introduction to Bill One Development Engineer
sansan33
PRO
0
240
大事なのは、AIの精度だけじゃない!〜1円のズレも許されない経理領域とAI〜
jun_nemoto
11
5.2k
オープンソースのハードウェアのコンテストに参加している話
iotengineer22
0
600
mnt_data_とは?ChatGPTコード実行環境を深堀りしてみた
icck
0
210
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.3k
Art, The Web, and Tiny UX
lynnandtonic
298
21k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.3k
Adopting Sorbet at Scale
ufuk
76
9.4k
We Have a Design System, Now What?
morganepeng
52
7.6k
RailsConf 2023
tenderlove
30
1.1k
Rails Girls Zürich Keynote
gr2m
94
13k
Automating Front-end Workflow
addyosmani
1370
200k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.6k
Transcript
TZTUFNEͬ͘͟Γೖ GMO Pepabo, Inc. Uchio Kondo 2016/04/23 ίϯςφܕԾԽͷใަձˏԬ ਓؒͨͪͱTZTUFNE
ਓؒͷհ
None
ۙ౻͏͓ͪ (.0ϖύϘॴଐ ٕज़ج൫νʔϜ Ԭࢧࣾۈ 'VLVPLBSC
3BJMT(JSMT'VLVPLB૯߹ࡶ༻ίʔν·ͱΊ
None
None
ڵຯ 3VCZ(PMBOHΛগʑ %PDLFS-9$ 1VQQFU )BTIJDPSQUPPMT
0QFO4UBDL &MFDUSPO3FBDU IUUQXXXTMJEFTIBSFOFUVE[VSBIBTIJDPSQUPPMT
ZFBSTPME3VCZJTU 3BJMT͝Ζ͔ΒͷϧϏʔετ d 3VCZΛ͜͡Βͤͯஶ࡞͋Γ 8FC %#1SFTT3VCZ࿈ࡌ
d ύʔϑΣΫτ3VCZ ύʔϑΣΫτ3BJMT 8FC %#1SFTTWPM৽ਓಛू߸</FX>
None
None
'PVOEFSPG
None
੍ݶࣄ߲ 04ͳͲͷϨΠϠʔɺਖ਼Θ͔͍ͬͯͳ͍͠ɺ ΧʔωϧͷίʔυಡΜͩ͜ͱ͕͋Γ·ͤΜ ʮ࣮ʜʜ͖͔ͬ͞Β͕͍͑ͯΔοʜʜʯ
ਓؒͨͪͷͨΊͷ TZTUFNE֓ཁ
JOJUʢ͋Δ͍ͦͷସʣ ࠷ॳʹىಈͯ͠ɺͨ͘͞ΜͷαʔϏεͲΛ ্ཱͪ͛ͯཧ͢Δ $FOU04ͳͲʜTZTWJOJU $FOU046CVOUVʜ6QTUBSU 049ʜMBVODIE
ʜʜ
JOJUTDSJQU
6QTUBSU
TZTUFNEͬ͘͟Γ ࠾༻ σΟετϦ αʔϏε ఆٛ 04 റΓ DHSPVQ OBNFTQBDF ͱ࿈ܞ
ૢ࡞ίϚϯυ JOJU TDSJQU $FOU04 ͳͲ͍Ζ͍Ζ JOJUTDSJQU 4IFMMεΫϦϓτ ͳ͍ εΫϦϓτ TFSWJDF 6QTUBSU $FOU04 ࠷ۙ·Ͱͷ 6CVOUV ಠࣗܗࣜͷ DPOG FUDJOJU DPOG ͳ͍ TFSWJDFJOJUDUM TZTUFNE $FOU04d 6CVOUVd ΄͔ 6OJUϑΝΠϧ -JOVY ͷΈ ͍ͬͯ͘ TZTUFNDUM TFSWJDF ˞6CVOUV͔Βར༻Մೳ
3FUIJOLJOHPG1*% จ͕ͩʜ ͬ͘͟Γ ىಈεΫϦϓτɺ݁ہશ෦γΣϧεΫϦϓτͩͬͨΓɺҰ ݸҰݸىಈͰ͠ΜͲ͔ͬͨΓɺDHSPVQͱ͔φౕ͍ͱͷ ࿈ܞେมͩΑͶʜʜ
ͦ͜ͰTZTUFNEɺͱ͍͏ײ͡Β͍͠ ˞IUUQQPJOUFSEFCMPHQSPKFDUTTZTUFNEIUNM
TZTUFNEΛ ͬͯΈΔ
6OJUϑΝΠϧ ಠࣗܗࣜ JOJ෩ એݴత ʮUBSHFUʯʮNPVOUʯʮTFSWJDFʯʮEFWJDFʯ ͳͲͷछྨ͕͋Δ
6OJUಉ࢜ґଘ͕ؔ͋Δ
ྫόΠφϦҰݸͷαʔϏε
ྫόΠφϦҰݸͷαʔϏε આ໌ͷ΄͔ɺґଘ͢Δ6OJUϑΝΠϧɺ ىಈॱংΛهड़ ίϚϯυɺ࣮ߦϢʔβʔɺ લޙʹൃߦ͢ΔίϚϯυɺڥมɺ DHSPVQTͷ੍ݶͳͲ ϥϯϨϕϧ૬Λهड़
ྫఆظ࣮ߦλΠϚʔ
-PHHJOH KPVSOBMEͱ͍͏αʔϏε͕୲͢Δ TZTUFNEͷҰ෦ͱ͍͏ѻ͍ αʔϏεଆɺجຊͱʹ͔͘ඪ४ग़ྗʹϩάΛग़͍͍ͤ ʢGBDUPSBQQײʣ ᠘TZTUFNEͰɺKPVSOBMEΛ࠶ىಈ͢Δͱ
αʔϏε͕མͪΔ͜ͱ͋Δʜʜ $FOU04ͷσϑΥϧτ $FOU04ͰTZTUFNEʹͳΓɺͬͯΔ
TZTUFNEͱ Ϧιʔε੍ݶ
VMJNJU ϦιʔεΛ͍͍ײ͡ʹ੍ݶ͢Δͭ $16ɺϝϞϦɺϑΝΠϧσΟεΫϦϓλʜʜ
6OJUϑΝΠϧ 6OJUϑΝΠϧγΣϧεΫϦϓτ͡Όͳ͍ JOJUεΫϦϓτΈ͍ͨʹVMJNJUΛॻ͚͍͍ͱ͍ ͏͡Όͳ͍ VMJNJUόΠφϦͰͳ͍ͷͰ&YFD4UBSU1SFͰΩοΫͰ͖ ͳ͍ɺͳͲ
όΠφϦͻͱͭΈ͍ͨͳͱ͖ɺϥούʔΛ͔· ͢ʁ͍͍ʜʜ
NBOTZTUFNEFYFD IUUQXXXGSFFEFTLUPQPSHTPGUXBSFTZTUFNENBOTZTUFNEFYFDIUNM-JNJU$16
NBOTZTUFNEFYFD 6OJUϑΝΠϧʹએݴతʹॻ͘ˠΘ͔Γ͍͢ʂ VMJNJUͰ͍͏ͲΕʹ૬͢Δ͔͕ॻ͍ͯ͋ͬͯ ศར > LimitCPU= ➡ ulimit
-t > LimitRSS= ➡ ulimit -m > LimitNOFILE= ➡ ulimit -n
ηοτ͢ΔͱͲ͏ͳΔʁ
͜͏͍͏ײ͡ʹͳΔ ແࣄɺ$16Λඵ༗ͨ͠ޙLJMM͞ΕΔ
͏Ұͭͷํ๏ NBOTZTUFNESFTPVSDFDPOUSPM
DHSPVQͱͷ ࿈ܞ
None
TZTUFNEDHUPQ
$162VPUBͯ͠Έ·͠ΐ͏
ͳΔ΄Ͳ
ʙ
DHSPVQͳͷͰ ಈతʹϦιʔεͷར༻Λมߋ͢Δ͜ͱՄೳ EFNP͠·͢
None
Ͳ͕͍͍ͬͪΜͩΖ͏ʜʜ NBOݟͨײ͡ͷҹɺSFTPVSDFDPOUSPMԡ͠ɻ l"MTPOPUFUIBU-JNJU344JTOPU JNQMFNFOUFEPO-JOVY BOETFUUJOHJUIBTOP F⒎FDUz
VMJNJU͔ΒҠߦ͍͢͠Α͏ʹ-JNJU ͕͋Δײ͡ɻ ͳΔ͘SFTPVSDFDPOUSPMͨ͠΄͏͕͍͍ͷͰ
TZTUFNEͱ ϑΝΠϧγεςϜͷlz
1SJWBUF5NQઃఆ
ࣗಈͰσΟϨΫτϦ͕Ͱ͖Δ ˞αʔϏεΛམͱ͢ͱσΟϨΫτϦফ͑Δ
αʔϏεଆͰUNQ
ਂ͍ ىಈલʹ ϑΝΠϧγεςϜΛVOTIBSF͢Δ UNQΛUNQTZTUFNEQSJWBUF ʹ όΠϯυϚϯτ͢Δ
ͱ͍͏͚ͩ ͳͷͰਖ਼֬ʹɺNPVOUOBNFTQBDFͷΛ ར༻͍ͯ͠Δ
VOTIBSF ͱ -JOVYOBNFTQBDFͱ ϓϩηε͝ͱʹɺΞΫηεͰ͖ΔϦιʔεΛ͚Δ͜ͱ͕ Ͱ͖Δػೳ VOTIBSFΛݺͿͱ֘ϓϩηεͰ
৽͍͠ωʔϜεϖʔεΛ࡞Δ ʢNPVOUɺωοτϫʔΫɺ1*%ʜʜʣ
TZTUFNEͷྫ NOUͷωʔϜεϖʔε ͚͕ͩมΘ͍ͬͯΔ ͜ͱ͕Θ͔Δ
ͦͷଞͷNPVOU IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
3FBE0OMZ%JSFDUSJFT
ͦͷϓϩηε͔ΒมߋͰ͖ͳ͍ ҰํͰɺଞͷϓϩηε͔ΒՄೳ
ͦͷϓϩηεͰ ͪ͜ΒɺVOTIBSF͞Εͨ͋ͱɺ FUDSFBEPOMZUFTUΛSPͰόΠϯυϚϯτ͠ͳ͓ ͍ͯ͠Δ͜ͱ͕Θ͔Δ ҰํɺଞͷϓϩηεͰͦͷϚϯτ͕֬ೝͰ͖ͳ͍
͏গ͚ͩ͠ ਂ͍
VOTIBSFʹͳΖ͏ IJCPNB͞Μͱ͍͏ํͷهࣄ SVCZͰVOTIBSF ݺͼग़ͯ͠Ϛϯτ໊લۭؒΛ IUUQEIBUFOBOFKQIJCPNB
֦ுϥΠϒϥϦॻ͔ͳͯ͘ݺͼग़ͤΔΑ͏ͳͷ Ͱศར
JSCͰΖ͏
JSCͰΖ͏
૯ׅ
TZTUFNE ͨͩͷJOJUͷସͰͳ͍ DHSPVQ-JOVYOBNFTQBDFͱ ݁ߏີʹ࿈ܞͰ͖ɺ৭ʑͳ͍ಓ͕͋Γͦ͏ ʢͦ͏ׂ͍͑Ѫ͠·͕ͨ͠ɺDBQBCJMJUZ͍͡Ε·͢ʣ > CapabilityBoundingSet=CAP_NET_ADMIN
CAP_NET_RAW …
TZTUFNEͷϝϦοτॴײ 6OJUϑΝΠϧͰએݴతʹαʔϏεఆٛɺ ґଘɺϦιʔεͷɺΛఆٛͰ͖Δ DHSPVQMJOVYOBNFTQBDFͷৄࡉͳ"1*ʹ ৄ͘͠ͳͯ͘ɺTZTUFNEͷσΟϨΫςΟϒ͕ ϥοϓͯ͘͠ΕΔͷͰɺ༰қʹར༻Ͱ͖Δ TZTUFNEਓؒͨͪʹ༏͍͠ʂ
DPOUBJOFSWTTZTUFNE TZTUFNE͚ͩͰͰ͖Δ͜ͱ͕݁ߏ͋Δ Ͱ͖ͳ͍͜ͱ͋Δɻ1*%ͷͱ͔͕ͦ͏ %PDLFSͱTZTUFNEͷ࿈ܞͷྫ͋Δ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
૬͢ΔͷͰͳ͘ɺಘҙͰ͍͚
5SZ TZTUFNE
ࢀߟจݙ 4ZTUFNEೖγϦʔζ JEFOBLBJ͞Μ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ ͱ͍͏͔ඇৗʹৄ͘͠ɺͷൃදཁΔΜͩΖ͏͔ʜʜ
TZTUFNEపఈೖ!-JOVYঁࢠ෦ ಉ IUUQXXXTMJEFTIBSFOFUFOBLBJMJOVY ͷൃදSZ DPOTVMUFNQMBUFΛTZTUFNEͰಈ͔͢ͱ͖ͷֶͼ IUUQUPNPIJTBPEBDPNQPTUTVTF@TZTUFNE@XJUI@DPOTVMUFNQMBUFIUNM