ã‚³ãƒ³ãƒ†ãƒŠã§è¤‡æ•°ãƒ—ãƒã‚»ã‚¹ã‚’èµ·å‹•ã•ã›ã‚‹

1ã‚³ãƒ³ãƒ†ãƒŠä¸Šã§ã€nginxã¨fluentdã‚’å‹•ã‹ã—ãŸè©±ã€‚

ã©ã†ã—ã¦è¤‡æ•°ãƒ—ãƒã‚»ã‚¹ã‚’èµ·å‹•ã—ã¦ã¯ã„ã‘ãªã„ã®

Dockerã‚³ãƒ³ãƒ†ãƒŠã§ã¯ãƒ—ãƒã‚»ã‚¹ã‚’1ã¤ã ã‘èµ·å‹•ã•ã›ã‚‹ã€ã¨ã¯æœ‰åãªContainerãƒ™ã‚¹ãƒˆãƒ—ãƒ©ã‚¯ãƒ†ã‚£ã‚¹ã§ã™ãŒã€ã“ã‚Œã¯ã©ã†ã—ã¦ã§ã—ã‚‡ã†ã€‚ã„ã‚ã„ã‚ç†ç”±ãŒã‚ã‚‹ã¨æ€ã„ã¾ã™ãŒã€æ˜Žç¢ºãªæŠ€è¡“çš„ç†ç”±ã¨ã—ã¦ã€Dockerã§ã¯CMDã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚„ENTRYPOINTã‚ªãƒ—ã‚·ãƒ§ãƒ³ã§èµ·å‹•ã—ãŸãƒ—ãƒã‚»ã‚¹ãŒã‚³ãƒ³ãƒ†ãƒŠä¸Šã®PID1ã«ãªã‚‹ã‹ã‚‰ã ã€ã¨æ€ã£ã¦ã„ã¾ã™ã€‚

è©¦ã—ã«ã€nginxã®ã‚³ãƒ³ãƒ†ãƒŠã‚’èµ·å‹•ã—ã¦ãƒ—ãƒã‚»ã‚¹ã‚’ç¢ºèªã—ã¦ã¿ã‚‹ã¨ã€PID1ã¯ã€nginxã®master processã¨ãªã£ã¦ã„ã¾ã™ã€‚

$ docker run --rm -d --name nginx nginx
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
1d4d0754f57a        nginx               "nginx -g 'daemon ofâ€¦"   6 seconds ago        Up 4 seconds        80/tcp              nginx
$ docker exec -it 1d4d0754f57a bash
root@1d4d0754f57a:/# apt update && apt install -y procps
root@1d4d0754f57a:/# ps -aef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 06:28 ?        00:00:00 nginx: master process nginx -g daemon off;
nginx        6     1  0 06:28 ?        00:00:00 nginx: worker process
root       427     0  0 06:35 pts/0    00:00:00 bash
root       676   427  0 06:37 pts/0    00:00:00 ps -aef

ã¤ã¾ã‚Šinitãƒ—ãƒã‚°ãƒ©ãƒ ãŒãŠã‚‰ãšã€Supervisorã®æ©Ÿèƒ½ã‚‚ãªã„ã®ã§ã€è¤‡æ•°ãƒ—ãƒã‚»ã‚¹ã‚’èµ·å‹•ã•ã›ã‚‹å ´åˆã«ã¯UNIXã®ä¸–ç•Œã§ã®ãƒ«ãƒ¼ãƒ«é•åã«ãªã£ã¦ã—ã¾ã†ã€ã¨ã€‚ä»¥ä¸‹ã®ãƒ–ãƒã‚°ã§è©³ã—ãèª¬æ˜Žã—ã¦ãã‚Œã¦ã„ã¾ã™ã€‚

Docker and the PID 1 zombie reaping problem

ã“ã®ã‚ãŸã‚ŠãŒåˆ†ã‹ã‚Šã‚„ã™ã„è¨˜è¿°ã§ã—ã‚‡ã†ã‹ã€‚

Let's look at a concrete example. Suppose that your container contains a web server that runs a CGI script that's written in bash. The CGI script calls grep. Then the web server decides that the CGI script is taking too long and kills the script, but grep is not affected and keeps running. When grep finishes, it becomes a zombie and is adopted by the PID 1 (the web server). The web server doesn't know about grep, so it doesn't reap it, and the grep zombie stays in the system.

ã¤ã¾ã‚Šã€PID1ãŒinitã˜ã‚ƒãªã„ã‹ã‚‰ã€è¦ªãƒ—ãƒã‚»ã‚¹ã‚’æ®ºã•ã‚ŒãŸå«ãƒ—ãƒã‚»ã‚¹ã¯ã‚¾ãƒ³ãƒ“ãƒ—ãƒã‚»ã‚¹ã«ãªã£ã¦ã—ã¾ã„ã¾ã™ã€‚ã¾ã‚ã€initã„ãªã„ã®ã«ã€ãƒ—ãƒã‚»ã‚¹ã‚’forkã‚„spawnã—ã¾ãã‚‹ã®ã¯å±é™ºã§ã™ã‚ˆãã€‚

runitã«ã¤ã„ã¦

ã˜ã‚ƒã‚è¤‡æ•°ãƒ—ãƒã‚»ã‚¹ã‚’èµ·å‹•ã•ã›ãŸã„å ´åˆã«ã¯ã©ã†ã™ã‚Œã°ã„ã„ã®ã•ã€ã¨ã„ã†è©±ã§ã™ãŒã€ã‚³ãƒ³ãƒ†ãƒŠä¸Šã§initçš„ãªã‚‚ã®ã‚’PID1ã§å‹•ã‹ã—ã¦ã‚ã’ã‚Œã°è‰¯ã„è¨³ã§ã™ã€‚ãã‚Œã«ã‚ãŸã‚‹ã‚‚ã®ã¨ã—ã¦ runit ã¨ã„ã†ã‚‚ã®ãŒã‚ã‚Šã¾ã™ã€‚

å„èª¬æ˜Žã‚µã‚¤ãƒˆãŸã¡ã€‚

runit - a UNIX init scheme with service supervision

arch linux - Runit

`phusion/baseimage` ã«ã¤ã„ã¦

`phusion/baseimage` ã¨ã¯

ã§ã€ã“ã® runit ã‚’åŒæ¢±ã—ã¦ãã‚ŒãŸã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ãŒã‚ã‚Šã€ãã‚ŒãŒ phusion/baseimage ã§ã™ã€‚

phusion/baseimage

phusion/baseimage ã¯ã€ runit ä»¥å¤–ã«ã‚‚ä»¥ä¸‹ã®ã‚ˆã†ãªã‚µãƒ¼ãƒ“ã‚¹ã‚’ã‚³ãƒ³ãƒ†ãƒŠä¸Šã§èµ·å‹•ã—ã¦ãã‚Œã¾ã™ã€‚

Ubuntu 16.04 LTS as base system
A correct init process
Fixes APT incompatibilities with Docker
syslog-ng
The cron daemon
An optional SSH server (disabled by default)
Runit for service supervision and management

ã‚³ãƒ³ãƒ†ãƒŠã¨ã„ã†ã‚ˆã‚Šã€ä»®æƒ³ã‚µãƒ¼ãƒã£ã¦æ„Ÿã‚ã‚Šã€‚

Dockerfileæ§‹æˆ

ã“ã® phusion/baseimage ã‚’åˆ©ç”¨ã—ã¦ã€1ã‚³ãƒ³ãƒ†ãƒŠä¸Šã§nginxã¨fluentdã‚’å‹•ã‹ã—ã¦ã¿ã¾ã™ã€‚ä¸‹è¨˜ã®ã‚ˆã†ãªã‚³ãƒ³ãƒ†ãƒŠã‚’ä½œæˆã—ã¾ã™ã€‚

nginxãƒ—ãƒã‚»ã‚¹ã‚’èµ·å‹•
- ä¸€èˆ¬çš„ãªwebã‚µãƒ¼ãƒãƒ¼ã¨ã—ã¦å‹•ä½œ
flutendãƒ—ãƒã‚»ã‚¹ã‚’èµ·å‹•
- nginxã‚¢ã‚¯ã‚»ã‚¹ãƒã‚°ã‚’s3ã«è»¢é€

folder/file structure

.
â”œâ”€â”€ Dockerfile
â”œâ”€â”€ service
â”‚Â Â  â”œâ”€â”€ nginx
â”‚Â Â  â”‚Â Â  â””â”€â”€ run
â”‚Â Â  â””â”€â”€ td-agent
â”‚Â Â      â””â”€â”€ run
â””â”€â”€ td-agent
    â””â”€â”€ td-agent.conf

Dockerfile

FROM phusion/baseimage:0.11

ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
ENV DEBIAN_FRONTEND=noninteractive

# install nginx
# https://nginx.org/en/linux_packages.html#Ubuntu

RUN apt-get update && \
apt-get install -y --no-install-recommends curl=7.58.0-2ubuntu3.7 gnupg2=2.2.4-1ubuntu1.2 ca-certificates=20180409 lsb-release=9.20170808ubuntu1 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

RUN echo "deb http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" > /etc/apt/sources.list.d/nginx.list

RUN curl -o nginx_signing.key -fsSL https://nginx.org/keys/nginx_signing.key && \
apt-key add nginx_signing.key

RUN apt-get update && \
apt-get install -y --no-install-recommends nginx=1.14.0-0ubuntu1.2 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

RUN rm /etc/init.d/nginx

EXPOSE 80

# install td-agent
# https://toolbelt.treasuredata.com/sh/install-ubuntu-bionic-td-agent3.sh

RUN curl -o GPG-KEY-td-agent -fsSL https://packages.treasuredata.com/GPG-KEY-td-agent && \ 
apt-key add GPG-KEY-td-agent

RUN echo "deb http://packages.treasuredata.com/3/ubuntu/bionic/ bionic contrib" > /etc/apt/sources.list.d/treasure-data.list

RUN apt-get update && \
apt-get install -y --no-install-recommends td-agent=3.4.1-0 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

COPY td-agent /etc/td-agent/

RUN rm /etc/init.d/td-agent

# upload runit service script

COPY service /etc/service

RUN chmod 755 /etc/service/*/run

ä»¥ä¸‹ã¯runitã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ¬ãƒ™ãƒ«ã‚µãƒ¼ãƒ“ã‚¹ã‚’å®šç¾©ã—ã¦ã„ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã€‚initã«ãŠã‘ã‚‹ã€init.dã¿ãŸã„ãªã‚‚ã®ã€‚ã“ã“ã«ãŠã„ãŸå‡¦ç†ã‚’ã€èµ·å‹•æ™‚ã« runsvdir ã¨ã„ã†ãƒ—ãƒã‚°ãƒ©ãƒ ãŒèµ·å‹•ã—ã¦ãã‚Œã¾ã™ã€‚

service/nginx/run

#!/bin/sh
exec /usr/sbin/nginx -c /etc/nginx/nginx.conf  -g "daemon off;"

service/td-agent/run

#!/bin/sh
exec /usr/sbin/td-agent

ä»¥ä¸‹ã¯fluentdã®ã‚³ãƒ³ãƒ•ã‚£ã‚°ã€‚

td-agent/td-agent.conf

<source>
  @type tail
  path /var/log/nginx/access.log
  pos_file  /var/log/nginx/access.log.pos
  format nginx
  tag nginx
</source>
<match *>
  @type s3
  aws_key_id XXXXXXXXXXXXXXXXXXXXXX
  aws_sec_key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  s3_bucket fluentd-sample-kiritan
  path sample/
  s3_region ap-northeast-1
  time_slice_format %Y%m%d%H%M
</match>

ã‚³ãƒ³ãƒ†ãƒŠèµ·å‹•

ãƒ“ãƒ«ãƒ‰ã—ã¦èµ·å‹•ã€‚

$ docker build -t baseimage:latest .
$ docker run --rm --name baseimage -p 8000:80 baseimage:latest /sbin/my_init

ãƒ—ãƒã‚»ã‚¹ã‚’ç¢ºèªã™ã‚‹ã¨ã€/sbin/my_init(runitã®svã‚³ãƒžãƒ³ãƒ‰ã‚’èªã‚“ã§ã‚‹å‡¦ç†)ãŒPID1ã¨ãªã£ã¦ãŠã‚Šã€ runsvdir ã«ã‚ˆã‚Šå„ã‚µãƒ¼ãƒ“ã‚¹ã‚’èµ·å‹•ã—ã¦ã„ã¾ã™ã€‚

$ docker exec -it bb2d2028160b ps -ef awxf
UID        PID  PPID  C STIME TTY      STAT   TIME CMD
root        55     0  0 13:12 pts/0    Rs+    0:00 ps -ef awxf
root         1     0  0 12:30 ?        Ss     0:00 /usr/bin/python3 -u /sbin/my_init
root        13     1  0 12:30 ?        S      0:00 /usr/sbin/syslog-ng --pidfile /var/run/syslog-ng.pid -F --no-caps
root        21     1  0 12:30 ?        S      0:00 /usr/bin/runsvdir -P /etc/service
root        22    21  0 12:30 ?        Ss     0:00  \_ runsv sshd
root        23    21  0 12:30 ?        Ss     0:00  \_ runsv cron
root        26    23  0 12:30 ?        S      0:00  |   \_ /usr/sbin/cron -f
root        24    21  0 12:30 ?        Ss     0:00  \_ runsv nginx
root        28    24  0 12:30 ?        S      0:00  |   \_ nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf -g daemon
www-data    31    28  0 12:30 ?        S      0:00  |       \_ nginx: worker process
root        25    21  0 12:30 ?        Ss     0:00  \_ runsv td-agent
root        27    25  0 12:30 ?        S      0:00      \_ /bin/sh ./run
root        29    27  0 12:30 ?        Sl     0:01          \_ /opt/td-agent/embedded/bin/ruby /usr/sbin/td-agent
root        34    29  0 12:30 ?        Sl     0:02              \_ /opt/td-agent/embedded/bin/ruby -Eascii-8bit:ascii-8bit /usr/sbin

dockerãƒ›ã‚¹ãƒˆã®IPã‚’ç¢ºèªã—ã¦WEBã‚µã‚¤ãƒˆã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€

$ docker-machine ip
192.168.99.100
$ curl http://192.168.99.100:8000

ã—ã°ã‚‰ãã—ãŸå¾Œã€s3ä¸Šã«nginxã®ã‚¢ã‚¯ã‚»ã‚¹ãƒã‚°ãŒè»¢é€ã•ã‚Œã¦ã„ã¾ã™ã€‚

$ aws s3 ls s3://fluentd-sample-kiritan/sample/
2019-05-25 10:16:01        172 201905250105_0.gz

ã©ã†ã—ã¦è¤‡æ•°ãƒ—ãƒ­ã‚»ã‚¹ã‚’èµ·å‹•ã—ã¦ã¯ã„ã‘ãªã„ã®

runitã«ã¤ã„ã¦

phusion/baseimage ã«ã¤ã„ã¦

phusion/baseimage ã¨ã¯

Dockerfileæ§‹æˆ