TL;DR: ã³ã³ããå ã§ã¢ããªã±ãŒã·ã§ã³ãå®è¡ããããã®ãã¬ãŒã ã¯ãŒã¯ãæ¯èŒããããã®æŠèŠã¬ã€ãã Docker ããã³ä»ã®åæ§ã®ã·ã¹ãã ã®æ©èœãèæ ®ãããŸãã
ãã¹ãŠãã©ãããæ¥ãã®ãã«ã€ããŠã®å°ããªæŽå²
ã¹ããŒãªãŒ
ã¢ããªã±ãŒã·ã§ã³ãåé¢ããæåã®ããç¥ãããæ¹æ³ã¯ chroot ã§ãã åãååã®ã·ã¹ãã ã³ãŒã«ã«ãããã«ãŒã ãã£ã¬ã¯ããªã確å®ã«å€æŽããããããã·ã¹ãã ã³ãŒã«ãåŒã³åºããããã°ã©ã ã¯ãã®ãã£ã¬ã¯ããªå ã®ãã¡ã€ã«ã®ã¿ã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã ããããããã°ã©ã ã«å éšçã« root æš©éãäžããããŠããå Žåãchroot ãããšã¹ã±ãŒããããã¡ã€ã³ã®ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã«ã¢ã¯ã»ã¹ã§ããå¯èœæ§ããããŸãã ãŸããã«ãŒã ãã£ã¬ã¯ããªã®å€æŽã«å ããŠãä»ã®ãªãœãŒã¹ (RAMãããã»ããµ)ãããã³ãããã¯ãŒã¯ ã¢ã¯ã»ã¹ãå¶éãããŸããã
次ã®æ¹æ³ã¯ããªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã«ãŒãã«ã®ã¡ã«ããºã ã䜿çšããŠãã³ã³ããå ã§æ¬æ Œçãªãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãèµ·åããããšã§ãã ãã®ã¡ãœããã¯ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã«ãã£ãŠåŒã³æ¹ãç°ãªããŸãããæ¬è³ªã¯åãã§ããè€æ°ã®ç¬ç«ãããªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãèµ·åãããããããã¡ã€ã³ ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãšåãã«ãŒãã«ãå®è¡ããŸãã ãããã«ã¯ãFreeBSD JailãSolaris ZoneãOpenVZãLinux çšã® LXC ãå«ãŸããŸãã åé¢ã¯ãã£ã¹ã¯é åã ãã§ãªããä»ã®ãªãœãŒã¹ã«ãã£ãŠãä¿èšŒãããŸããç¹ã«ãåã³ã³ããã«ã¯ããã»ããµæéãRAMããããã¯ãŒã¯åž¯åå¹ ã«å¶éãããå ŽåããããŸãã chroot ãšæ¯èŒãããšãã³ã³ããå ã®ã¹ãŒããŒãŠãŒã¶ãŒã¯ã³ã³ããã®å 容ã«ããã¢ã¯ã»ã¹ã§ããªããããã³ã³ããããé¢ããã®ã¯ããå°é£ã§ãããã³ã³ããå ã®ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãææ°ã®ç¶æ ã«ä¿ã€å¿ èŠãããããšãšãå€ãããŒãžã§ã³ã䜿çšããå¿ èŠãããããã§ããã«ãŒãã« (Linux ã«é¢é£ããããçšåºŠã¯äœãã FreeBSD) ã䜿çšãããšãã«ãŒãã«åé¢ã·ã¹ãã ããçªç ŽãããŠã¡ã€ã³ ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã«ã¢ã¯ã»ã¹ã§ããå¯èœæ§ããŒãã§ã¯ãããŸããã
æ¬æ Œçãªãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãã³ã³ããå 㧠(åæåã·ã¹ãã ãããã±ãŒãž ãããŒãžã£ãŒãªã©ã䜿çšããŠ) èµ·åãã代ããã«ãã¢ããªã±ãŒã·ã§ã³ãããã«èµ·åã§ããŸããäž»ãªããšã¯ãã¢ããªã±ãŒã·ã§ã³ã«ãã®ãããªæ©äŒ (å¿ èŠãªã©ã€ãã©ãªã®ååš) ãæäŸããããšã§ããããã³ãã®ä»ã®ãã¡ã€ã«)ã ãã®ã¢ã€ãã¢ã¯ãã³ã³ããåãããã¢ããªã±ãŒã·ã§ã³ä»®æ³åã®åºç€ãšãªãããã®æãèåã§ããç¥ããã代衚ã Docker ã§ãã 以åã®ã·ã¹ãã ãšæ¯èŒããŠãããæè»ãªåé¢ã¡ã«ããºã ãšãã³ã³ããéã®ä»®æ³ãããã¯ãŒã¯ããã³ã³ã³ããå ã®ã¢ããªã±ãŒã·ã§ã³ç¶æ 远跡ã®ãµããŒããçµã¿èŸŒãŸããŠãããããã³ã³ãããå®è¡ããããã®å€æ°ã®ç©çãµãŒããŒããåäžã®äžè²«ããç°å¢ãæ§ç¯ã§ããããã«ãªããŸãããæåã®ãªãœãŒã¹ç®¡çã¯å¿ èŠãããŸããã
ããã«ãŒ
Docker ã¯æãæåãªã¢ããªã±ãŒã·ã§ã³ ã³ã³ããåãœãããŠã§ã¢ã§ãã Go èšèªã§æžãããŠãããcgroupãåå空éãæ©èœãªã©ã® Linux ã«ãŒãã«ã®æšæºæ©èœã«å ããAufs ãã¡ã€ã« ã·ã¹ãã ãªã©ã®ãã£ã¹ã¯é åãç¯çŽããæ©èœã䜿çšããŸãã
åºå
ž: ãŠã£ãã¡ãã£ã¢
ã¢ãŒããã¯ãã£
ããŒãžã§ã³ 1.11 ããåã® Docker ã¯ãã³ã³ãããŒã®ã€ã¡ãŒãžã®ããŠã³ããŒããã³ã³ãããŒã®èµ·åãAPI ãªã¯ãšã¹ãã®åŠçãªã©ãã³ã³ãããŒã«é¢ãããã¹ãŠã®æäœãå®è¡ããåäžã®ãµãŒãã¹ãšããŠæ©èœããŠããŸããã ããŒãžã§ã³ 1.11 以éãDocker ã¯çžäºã«å¯Ÿè©±ããããã€ãã®éšåã«åå²ãããŸãããcontainerd ã¯ãã³ã³ãããŒã®ã©ã€ããµã€ã¯ã«å šäœãåŠçããŸã (ãã£ã¹ã¯é åã®å²ãåœãŠãã€ã¡ãŒãžã®ããŠã³ããŒãããããã¯ãŒã¯ã®æäœãèµ·åãã€ã³ã¹ããŒã«ãã³ã³ãããŒã®ç¶æ ã®ç£èŠ)ã runC ã¯ãcgroup ããã³ Linux ã«ãŒãã«ã®ãã®ä»ã®æ©èœã®äœ¿çšã«åºã¥ãã³ã³ãããŒå®è¡ç°å¢ã§ãã docker ãµãŒãã¹èªäœã¯æ®ããŸãããçŸåšã¯ãcontainerd ã«å€æããã API ãªã¯ãšã¹ãã®åŠçã®ã¿ãè¡ã£ãŠããŸãã
ã€ã³ã¹ããŒã«ãšæ§æ
docker ãã€ã³ã¹ããŒã«ããç§ã®ãæ°ã«å ¥ãã®æ¹æ³ã¯ docker-machine ã§ããããã¯ããªã¢ãŒã ãµãŒã㌠(ããŸããŸãªã¯ã©ãŠããå«ã) ã« docker ãçŽæ¥ã€ã³ã¹ããŒã«ããŠæ§æããããšã«å ããŠããªã¢ãŒã ãµãŒããŒã®ãã¡ã€ã« ã·ã¹ãã ãæäœããããããŸããŸãªã³ãã³ããå®è¡ãããã§ããããã«ããŸãã
ãã ãã2018 幎以éããã®ãããžã§ã¯ãã¯ã»ãšãã©éçºãããŠããªããããã»ãšãã©ã® Linux ãã£ã¹ããªãã¥ãŒã·ã§ã³ã®æšæºçãªæ¹æ³ (ãªããžããªãè¿œå ããŠå¿ èŠãªããã±ãŒãžãã€ã³ã¹ããŒã«ãã) ã§ã€ã³ã¹ããŒã«ããŸãã
ãã®æ¹æ³ã¯ãããšãã° Ansible ãä»ã®åæ§ã®ã·ã¹ãã ã䜿çšããèªåã€ã³ã¹ããŒã«ã«ã䜿çšãããŸããããã®èšäºã§ã¯èæ ®ããŸããã
ã€ã³ã¹ããŒã«ã¯ Centos 7 äžã§å®è¡ãããŸããä»®æ³ãã·ã³ããµãŒããŒãšããŠäœ¿çšããŸããã€ã³ã¹ããŒã«ããã«ã¯ã以äžã®ã³ãã³ããå®è¡ããã ãã§ãã
# yum install -y yum-utils
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.io
ã€ã³ã¹ããŒã«åŸããµãŒãã¹ãéå§ããŠã¹ã¿ãŒãã¢ããã«å ¥ããå¿ èŠããããŸãã
# systemctl enable docker
# systemctl start docker
# firewall-cmd --zone=public --add-port=2377/tcp --permanent
ããã«ãDocker ã°ã«ãŒããäœæãããšããŠãŒã¶ãŒã¯ sudo ã䜿çšããã« docker ãæäœãããããã°ãèšå®ããããå€éšãã API ãžã®ã¢ã¯ã»ã¹ãæå¹ã«ãããããã¡ã€ã¢ãŠã©ãŒã«ãããæ£ç¢ºã«æ§æãããããããšãå¿ããªãã§ãã ãã (èš±å¯ãããŠããªããã¹ãŠã®ãã®)ã¯äžèšãšä»¥äžã®äŸã§ã¯çŠæ¢ãããŠããŸããç°¡ç¥åãšæ確åã®ããã«ããã¯çç¥ããŸããïŒããããã§ã¯ãã以äžè©³ãã説æããŸããã
ãã®ä»ã®æ©èœ
åè¿°ã® Docker ãã·ã³ã«å ããŠãã³ã³ãããŒã®ã€ã¡ãŒãžãä¿åããããŒã«ã§ãã docker registry ããã³ã³ãããŒãžã®ã¢ããªã±ãŒã·ã§ã³ã®ãããã€ã¡ã³ããèªååããããŒã«ã§ãã docker compose ããããŸããYAML ãã¡ã€ã«ã¯ã³ã³ãããŒã®æ§ç¯ãšæ§æã«äœ¿çšãããŸããããã³ãã®ä»ã®é¢é£ãããã® (ãããã¯ãŒã¯ãã¹ãã¬ãŒãž ããŒã¿çšã®æ°žç¶ãã¡ã€ã« ã·ã¹ãã ãªã©)ã
CICDçšã®ã³ã³ãã¢ã®æŽçã«ã䜿çšã§ããŸãã ãã 1.12 ã€ã®èå³æ·±ãæ©èœã¯ãã¯ã©ã¹ã¿ãŒ ã¢ãŒãããããã swarm ã¢ãŒã (ããŒãžã§ã³ XNUMX ããå㯠docker swarm ãšããŠç¥ãããŠããŸãã) ã§åäœããããšã§ããããã«ãããã³ã³ãããŒãå®è¡ããããã«è€æ°ã®ãµãŒããŒããåäžã®ã€ã³ãã©ã¹ãã©ã¯ãã£ãçµã¿ç«ãŠãããšãã§ããŸãã ãã¹ãŠã®ãµãŒããŒäžã®ä»®æ³ãããã¯ãŒã¯ã®ãµããŒããçµã¿èŸŒã¿ã®ããŒã ãã©ã³ãµãŒãããã³ã³ã³ãããŒã®ã·ãŒã¯ã¬ããã®ãµããŒãããããŸãã
docker compose ã® YAML ãã¡ã€ã«ãå°ãå€æŽãããšããã®ãããªã¯ã©ã¹ã¿ãŒã«äœ¿çšã§ããããŸããŸãªç®çã§äžå°èŠæš¡ã®ã¯ã©ã¹ã¿ãŒã®ã¡ã³ããã³ã¹ãå®å
šã«èªååã§ããŸãã 倧èŠæš¡ãªã¯ã©ã¹ã¿ãŒã®å Žåã¯ãswarm ã¢ãŒãã®ã¡ã³ããã³ã¹ ã³ã¹ãã Kubernetes ã®ã¡ã³ããã³ã¹ ã³ã¹ããè¶
ããå¯èœæ§ããããããKubernetes ãæšå¥šãããŸãã ã³ã³ããå®è¡ç°å¢ãšããŠã¯runCã®ä»ã«äŸãã°ã€ã³ã¹ããŒã«å¯èœ
Docker ã®æäœ
ã€ã³ã¹ããŒã«ãšæ§æãå®äºããããéçºããŒã çšã« GitLab ãš Docker Registry ããããã€ããã¯ã©ã¹ã¿ãŒãçµã¿ç«ãŠãŠã¿ãŸãã XNUMX å°ã®ä»®æ³ãã·ã³ããµãŒããŒãšããŠäœ¿çšãããã®äžã«åæ£ FS GlusterFS ãè¿œå ãããã€ããŸããããšãã°ããã©ãŒã«ã ãã¬ã©ã³ã ããŒãžã§ã³ã® Docker ã¬ãžã¹ããªãå®è¡ããããã® Docker ããªã¥ãŒã ã¹ãã¬ãŒãžãšããŠäœ¿çšããŸãã å®è¡ããäž»èŠã³ã³ããŒãã³ã: Docker RegistryãPostgresqlãRedisãSwarm äžã§ GitLab Runner ããµããŒããã GitLabã ã¯ã©ã¹ã¿ãªã³ã°ã䜿çšã㊠Postgresql ãèµ·åããŸã
GlusterFS ããã¹ãŠã®ãµãŒã㌠(node1ãnode2ãnode3 ãšåŒã°ããŸã) ã«ãããã€ããã«ã¯ãããã±ãŒãžãã€ã³ã¹ããŒã«ãããã¡ã€ã¢ãŠã©ãŒã«ãæå¹ã«ããŠãå¿ èŠãªãã£ã¬ã¯ããªãäœæããå¿ èŠããããŸãã
# yum -y install centos-release-gluster7
# yum -y install glusterfs-server
# systemctl enable glusterd
# systemctl start glusterd
# firewall-cmd --add-service=glusterfs --permanent
# firewall-cmd --reload
# mkdir -p /srv/gluster
# mkdir -p /srv/docker
# echo "$(hostname):/docker /srv/docker glusterfs defaults,_netdev 0 0" >> /etc/fstab
ã€ã³ã¹ããŒã«åŸãGlusterFS ã®æ§æäœæ¥ã¯ 1 ã€ã®ããŒã (ããšãã°ãnodeXNUMX) ããç¶è¡ããå¿ èŠããããŸãã
# gluster peer probe node2
# gluster peer probe node3
# gluster volume create docker replica 3 node1:/srv/gluster node2:/srv/gluster node3:/srv/gluster force
# gluster volume start docker
次ã«ãçµæã®ããªã¥ãŒã ãããŠã³ãããå¿ èŠããããŸã (ã³ãã³ãã¯ãã¹ãŠã®ãµãŒããŒã§å®è¡ããå¿ èŠããããŸã)ã
# mount /srv/docker
swarm ã¢ãŒãã¯ããªãŒããŒãšãªããµãŒããŒã® XNUMX ã€ã§æ§æãããæ®ãã®ãµãŒããŒã¯ã¯ã©ã¹ã¿ãŒã«åå ããå¿ èŠããããããæåã®ãµãŒããŒã§ã³ãã³ããå®è¡ããçµæãã³ããŒããŠä»ã®ãµãŒããŒã§å®è¡ããå¿ èŠããããŸãã
ã¯ã©ã¹ã¿ãŒã®åæã»ããã¢ããã§ã¯ãnode1 ã§ã³ãã³ããå®è¡ããŸãã
# docker swarm init
Swarm initialized: current node (a5jpfrh5uvo7svzz1ajduokyq) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0c5mf7mvzc7o7vjk0wngno2dy70xs95tovfxbv4tqt9280toku-863hyosdlzvd76trfptd4xnzd xx.xx.xx.xx:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
# docker swarm join-token manager
2 çªç®ã®ã³ãã³ãã®çµæãã³ããŒããããŒã 3 ãšããŒã XNUMX ã§å®è¡ããŸãã
# docker swarm join --token SWMTKN-x-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxx xx.xx.xx.xx:2377
This node joined a swarm as a manager.
ãã®æç¹ã§ããµãŒããŒã®äºåæ§æã¯å®äºããŸããããµãŒãã¹ã®ã»ããã¢ããã«é²ã¿ãŸããããç¹ã«æå®ããªãéããå®è¡ããã³ãã³ãã¯ããŒã 1 ããèµ·åãããŸãã
ãŸããã³ã³ããçšã®ãããã¯ãŒã¯ãäœæããŸãããã
# docker network create --driver=overlay etcd
# docker network create --driver=overlay pgsql
# docker network create --driver=overlay redis
# docker network create --driver=overlay traefik
# docker network create --driver=overlay gitlab
次ã«ããµãŒããŒãããŒã¯ããŸããããã¯ãããã€ãã®ãµãŒãã¹ããµãŒããŒã«ãã€ã³ãããããã«å¿ èŠã§ãã
# docker node update --label-add nodename=node1 node1
# docker node update --label-add nodename=node2 node2
# docker node update --label-add nodename=node3 node3
次ã«ãTraefik ãš Stolon ã«å¿ èŠãª etcd ããŒã¿ãä¿åããããã®ãã£ã¬ã¯ããªãKV ã¹ãã¬ãŒãžãäœæããŸãã Postgresql ãšåæ§ã«ããããã¯ãµãŒããŒã«é¢é£ä»ããããã³ã³ãããŒãšãªãããããã¹ãŠã®ãµãŒããŒã§ãã®ã³ãã³ããå®è¡ããŸãã
# mkdir -p /srv/etcd
次ã«ãetcd ãæ§æãããã¡ã€ã«ãäœæããŠäœ¿çšããŸãã
00etcd.yml
version: '3.7'
services:
etcd1:
image: quay.io/coreos/etcd:latest
hostname: etcd1
command:
- etcd
- --name=etcd1
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd1:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd1:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd1vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
etcd2:
image: quay.io/coreos/etcd:latest
hostname: etcd2
command:
- etcd
- --name=etcd2
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd2:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd2:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd2vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
etcd3:
image: quay.io/coreos/etcd:latest
hostname: etcd3
command:
- etcd
- --name=etcd3
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd3:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd3:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd3vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
volumes:
etcd1vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd2vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd3vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
networks:
etcd:
external: true
# docker stack deploy --compose-file 00etcd.yml etcd
ãã°ããããŠãããetcd ã¯ã©ã¹ã¿ãŒãèµ·åããŠããããšã確èªããŸãã
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl member list
ade526d28b1f92f7: name=etcd1 peerURLs=http://etcd1:2380 clientURLs=http://etcd1:2379 isLeader=false
bd388e7810915853: name=etcd3 peerURLs=http://etcd3:2380 clientURLs=http://etcd3:2379 isLeader=false
d282ac2ce600c1ce: name=etcd2 peerURLs=http://etcd2:2380 clientURLs=http://etcd2:2379 isLeader=true
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl cluster-health
member ade526d28b1f92f7 is healthy: got healthy result from http://etcd1:2379
member bd388e7810915853 is healthy: got healthy result from http://etcd3:2379
member d282ac2ce600c1ce is healthy: got healthy result from http://etcd2:2379
cluster is healthy
Postgresql çšã®ãã£ã¬ã¯ããªãäœæãããã¹ãŠã®ãµãŒããŒã§ã³ãã³ããå®è¡ããŸãã
# mkdir -p /srv/pgsql
次ã«ãPostgresql ãæ§æããããã®ãã¡ã€ã«ãäœæããŸãã
01pgsql.yml
version: '3.7'
services:
pgsentinel:
image: sorintlab/stolon:master-pg10
command:
- gosu
- stolon
- stolon-sentinel
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
- --log-level=debug
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: pause
pgkeeper1:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper1
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper1
- --pg-repl-username=replica
- --uid=pgkeeper1
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper1:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
pgkeeper2:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper2
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper2
- --pg-repl-username=replica
- --uid=pgkeeper2
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper2:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
pgkeeper3:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper3
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper3
- --pg-repl-username=replica
- --uid=pgkeeper3
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper3:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
postgresql:
image: sorintlab/stolon:master-pg10
command: gosu stolon stolon-proxy --listen-address 0.0.0.0 --cluster-name stolon-cluster --store-backend=etcdv3 --store-endpoints http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: rollback
volumes:
pgkeeper1:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper2:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper3:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
secrets:
pgsql:
file: "/srv/docker/postgres"
pgsql_repl:
file: "/srv/docker/replica"
networks:
etcd:
external: true
pgsql:
external: true
ã·ãŒã¯ã¬ãããçæãããã¡ã€ã«ã䜿çšããŸãã
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/replica
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/postgres
# docker stack deploy --compose-file 01pgsql.yml pgsql
ãã°ããããŠãã (ã³ãã³ãã®åºåãåç §) ããã«ãŒãµãŒãã¹lsãã¹ãŠã®ãµãŒãã¹ã皌åããŠããããšã確èªããŸã)ãPostgresql ã¯ã©ã¹ã¿ãŒãåæåããŸãã
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 init
Postgresql ã¯ã©ã¹ã¿ãŒã®æºåãã§ããŠãããã確èªããŸãã
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 status
=== Active sentinels ===
ID LEADER
26baa11d false
74e98768 false
a8cb002b true
=== Active proxies ===
ID
4d233826
9f562f3b
b0c79ff1
=== Keepers ===
UID HEALTHY PG LISTENADDRESS PG HEALTHY PG WANTEDGENERATION PG CURRENTGENERATION
pgkeeper1 true pgkeeper1:5432 true 2 2
pgkeeper2 true pgkeeper2:5432 true 2 2
pgkeeper3 true pgkeeper3:5432 true 3 3
=== Cluster Info ===
Master Keeper: pgkeeper3
===== Keepers/DB tree =====
pgkeeper3 (master)
ââpgkeeper2
ââpgkeeper1
å€éšããã³ã³ãããŒãžã®ã¢ã¯ã»ã¹ãéãããã« traefik ãæ§æããŸãã
03traefik.yml
version: '3.7'
services:
traefik:
image: traefik:latest
command: >
--log.level=INFO
--providers.docker=true
--entryPoints.web.address=:80
--providers.providersThrottleDuration=2
--providers.docker.watch=true
--providers.docker.swarmMode=true
--providers.docker.swarmModeRefreshSeconds=15s
--providers.docker.exposedbydefault=false
--accessLog.bufferingSize=0
--api=true
--api.dashboard=true
--api.insecure=true
networks:
- traefik
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 3
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.example.com`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.docker.network=traefik
networks:
traefik:
external: true
# docker stack deploy --compose-file 03traefik.yml traefik
Redis ã¯ã©ã¹ã¿ãŒãèµ·åããŸãããããè¡ãããã«ããã¹ãŠã®ããŒãã«ã¹ãã¬ãŒãž ãã£ã¬ã¯ããªãäœæããŸãã
# mkdir -p /srv/redis
05redis.yml
version: '3.7'
services:
redis-master:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379:6379'
environment:
- REDIS_REPLICATION_MODE=master
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: global
restart_policy:
condition: any
volumes:
- 'redis:/opt/bitnami/redis/etc/'
redis-replica:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379'
depends_on:
- redis-master
environment:
- REDIS_REPLICATION_MODE=slave
- REDIS_MASTER_HOST=redis-master
- REDIS_MASTER_PORT_NUMBER=6379
- REDIS_MASTER_PASSWORD=xxxxxxxxxxx
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
redis-sentinel:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '16379'
depends_on:
- redis-master
- redis-replica
entrypoint: |
bash -c 'bash -s <<EOF
"/bin/bash" -c "cat <<EOF > /opt/bitnami/redis/etc/sentinel.conf
port 16379
dir /tmp
sentinel monitor master-node redis-master 6379 2
sentinel down-after-milliseconds master-node 5000
sentinel parallel-syncs master-node 1
sentinel failover-timeout master-node 5000
sentinel auth-pass master-node xxxxxxxxxxx
sentinel announce-ip redis-sentinel
sentinel announce-port 16379
EOF"
"/bin/bash" -c "redis-sentinel /opt/bitnami/redis/etc/sentinel.conf"
EOF'
deploy:
mode: global
restart_policy:
condition: any
volumes:
redis:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: "/srv/redis"
networks:
redis:
external: true
# docker stack deploy --compose-file 05redis.yml redis
Docker ã¬ãžã¹ããªãè¿œå ããŸãã
06ã¬ãžã¹ããª.yml
version: '3.7'
services:
registry:
image: registry:2.6
networks:
- traefik
volumes:
- registry_data:/var/lib/registry
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.registry.rule=Host(`registry.example.com`)
- traefik.http.services.registry.loadbalancer.server.port=5000
- traefik.docker.network=traefik
volumes:
registry_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/registry"
networks:
traefik:
external: true
# mkdir /srv/docker/registry
# docker stack deploy --compose-file 06registry.yml registry
ãããŠæåŸã« - GitLab:
08gitlab-runner.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
networks:
- pgsql
- redis
- traefik
- gitlab
ports:
- 22222:22
environment:
GITLAB_OMNIBUS_CONFIG: |
postgresql['enable'] = false
redis['enable'] = false
gitlab_rails['registry_enabled'] = false
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "XXXXXXXXXXX"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['redis_host'] = 'redis-master'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_password'] = 'xxxxxxxxxxx'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.yandex.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "xxxxxxxxx"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
external_url 'http://gitlab.example.com/'
gitlab_rails['gitlab_shell_ssh_port'] = 22222
volumes:
- gitlab_conf:/etc/gitlab
- gitlab_logs:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)
- traefik.http.services.gitlab.loadbalancer.server.port=80
- traefik.docker.network=traefik
gitlab-runner:
image: gitlab/gitlab-runner:latest
networks:
- gitlab
volumes:
- gitlab_runner_conf:/etc/gitlab
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
gitlab_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/conf"
gitlab_logs:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/logs"
gitlab_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/data"
gitlab_runner_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/runner"
networks:
pgsql:
external: true
redis:
external: true
traefik:
external: true
gitlab:
external: true
# mkdir -p /srv/docker/gitlab/conf
# mkdir -p /srv/docker/gitlab/logs
# mkdir -p /srv/docker/gitlab/data
# mkdir -p /srv/docker/gitlab/runner
# docker stack deploy --compose-file 08gitlab-runner.yml gitlab
ã¯ã©ã¹ã¿ãŒãšãµãŒãã¹ã®æçµç¶æ :
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lef9n3m92buq etcd_etcd1 replicated 1/1 quay.io/coreos/etcd:latest
ij6uyyo792x5 etcd_etcd2 replicated 1/1 quay.io/coreos/etcd:latest
fqttqpjgp6pp etcd_etcd3 replicated 1/1 quay.io/coreos/etcd:latest
hq5iyga28w33 gitlab_gitlab replicated 1/1 gitlab/gitlab-ce:latest *:22222->22/tcp
dt7s6vs0q4qc gitlab_gitlab-runner replicated 1/1 gitlab/gitlab-runner:latest
k7uoezno0h9n pgsql_pgkeeper1 replicated 1/1 sorintlab/stolon:master-pg10
cnrwul4r4nse pgsql_pgkeeper2 replicated 1/1 sorintlab/stolon:master-pg10
frflfnpty7tr pgsql_pgkeeper3 replicated 1/1 sorintlab/stolon:master-pg10
x7pqqchi52kq pgsql_pgsentinel replicated 3/3 sorintlab/stolon:master-pg10
mwu2wl8fti4r pgsql_postgresql replicated 3/3 sorintlab/stolon:master-pg10
9hkbe2vksbzb redis_redis-master global 3/3 bitnami/redis:latest *:6379->6379/tcp
l88zn8cla7dc redis_redis-replica replicated 3/3 bitnami/redis:latest *:30003->6379/tcp
1utp309xfmsy redis_redis-sentinel global 3/3 bitnami/redis:latest *:30002->16379/tcp
oteb824ylhyp registry_registry replicated 1/1 registry:2.6
qovrah8nzzu8 traefik_traefik replicated 3/3 traefik:latest *:80->80/tcp, *:443->443/tcp
ä»ã«æ¹åã§ããç¹ã¯äœã§ãããã? https çµç±ã§ã³ã³ãããå®è¡ããPostgresql ãš Redis ã® TLS æå·åãè¿œå ããããã« Traefik ãæ§æããŠãã ããã ãã ããäžè¬çã«ã¯ãPoC ãšããŠéçºè ã«æäŸããããšãã§ããŸãã 次ã«ãDocker ã®ä»£æ¿æ段ãèŠãŠã¿ãŸãããã
ããããã³
ãããããšã«ã°ã«ãŒãåãããã³ã³ãã㌠(ããããäžç·ã«ãããã€ãããã³ã³ãããŒã®ã°ã«ãŒã) ãå®è¡ããããã®ãã XNUMX ã€ã®ããç¥ããããšã³ãžã³ã§ãã Docker ãšã¯ç°ãªããã³ã³ãããŒãå®è¡ããããã®ãµãŒãã¹ã¯å¿ èŠãããŸããããã¹ãŠã®äœæ¥ã¯ libpod ã©ã€ãã©ãªãŒãéããŠè¡ãããŸãã ããã Go ã§æžãããŠãããã³ã³ãããå®è¡ããã«ã¯ runC ãªã©ã® OCI äºæã©ã³ã¿ã€ã ãå¿ èŠã§ãã
Podman ã§ã®äœæ¥ã¯äžè¬ã«ã次ã®ããã«å®è¡ã§ããç¹ã§ Docker ã®äœæ¥ãæãåºãããŸã (ãã®èšäºã®èè ãå«ããè©Šããããšã®ããå€ãã®äººãè¿°ã¹ãŠããããã«)ã
$ alias docker=podman
ãããŠä»äºãç¶ããããšãã§ããŸãã äžè¬ã«ãPodman ã®ç¶æ³ã¯éåžžã«èå³æ·±ããã®ã§ãããªããªããKubernetes ã®åæããŒãžã§ã³ã Docker ãšé£æºããŠãããšãããšãã³ã³ããã®äžçã®æšæºå (OCI - Open Container Initiative) ãš Docker ã® containerd ãš runC ãžã®åå²åŸã® 2015 幎é ããã§ãã Kubernetes ã§å®è¡ããããã® Docker ã®ä»£æ¿æ段ã§ãã CRI-O ãéçºãããŠããŸãã ãã®ç¹ã«ãããŠãPodman 㯠Docker ã®ä»£æ¿æ段ã§ãããã³ã³ããã®ã°ã«ãŒãåãªã©ãKubernetes ã®ååã«åºã¥ããŠæ§ç¯ãããŠããŸããããããžã§ã¯ãã®äž»ãªç®çã¯ãè¿œå ãµãŒãã¹ãªã㧠Docker ã¹ã¿ã€ã«ã®ã³ã³ãããèµ·åããããšã§ãã æãããªçç±ã§ãéçºè ã¯ã¯ã©ã¹ã¿ãŒãå¿ èŠãªå Žå㯠Kubernetes ã䜿çšãããšèšã£ãŠãããããswarm ã¢ãŒãã¯ãããŸããã
ã€ã³ã¹ããŒã«
Centos 7 ã«ã€ã³ã¹ããŒã«ããã«ã¯ãExtras ãªããžããªãã¢ã¯ãã£ãåãã次ã®ã³ãã³ãã䜿çšããŠãã¹ãŠãã€ã³ã¹ããŒã«ããŸãã
# yum -y install podman
ãã®ä»ã®æ©èœ
Podman 㯠systemd ã®ãŠããããçæã§ããããããµãŒããŒã®åèµ·ååŸã«ã³ã³ãããŒãèµ·åããåé¡ã解決ãããŸãã ããã«ãsystemd ã¯ã³ã³ãããŒå 㧠pid 1 ãšããŠæ£ããåäœããããã«å®£èšãããŠããŸãã ã³ã³ãããæ§ç¯ããããã®å¥ã® buildah ããŒã«ããããdocker-compose ã«é¡äŒŒãããµãŒãããŒã㣠ããŒã«ãããããããã Kubernetes ãšäºææ§ã®ããæ§æãã¡ã€ã«ãçæãããããPodman ãã Kubernetes ãžã®ç§»è¡ã¯å¯èœãªéãç°¡çŽ åãããŸãã
ããããã³ãšã®é£æº
swarm ã¢ãŒãããªããã (ã¯ã©ã¹ã¿ãŒãå¿ èŠãªå Žå㯠Kubernetes ã«åãæ¿ããããšã«ãªã£ãŠããŸã)ãå¥ã®ã³ã³ãããŒã«åéããŸãã
podman-compose ãã€ã³ã¹ããŒã«ããŸãã
# yum -y install python3-pip
# pip3 install podman-compose
çµæãšããŠåŸããã podman ã®æ§æãã¡ã€ã«ã¯è¥å¹²ç°ãªããããããšãã°ãå¥ã®ããªã¥ãŒã ã»ã¯ã·ã§ã³ããµãŒãã¹ã®ããã»ã¯ã·ã§ã³ã«çŽæ¥ç§»åããå¿ èŠããããŸããã
gitlab-podman.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: gitlab.example.com
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
ports:
- "80:80"
- "22222:22"
volumes:
- /srv/podman/gitlab/conf:/etc/gitlab
- /srv/podman/gitlab/data:/var/opt/gitlab
- /srv/podman/gitlab/logs:/var/log/gitlab
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- gitlab
volumes:
- /srv/podman/gitlab/runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab
networks:
gitlab:
# podman-compose -f gitlab-runner.yml -d up
çµæïŒ
# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da53da946c01 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab-runner_1
781c0103c94a docker.io/gitlab/gitlab-ce:latest /assets/wrapper About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab_1
systemd ãš kubernetes ã«å¯ŸããŠäœãçæãããããèŠãŠã¿ãŸãããããã®ããã«ã¯ããããã®ååãŸã㯠ID ã調ã¹ãå¿ èŠããããŸãã
# podman pod ls
POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
71fc2b2a5c63 root Running 11 minutes ago 3 db40ab8bf84b
KubernetesïŒ
# podman generate kube 71fc2b2a5c63
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.6.4
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-07-29T19:22:40Z"
labels:
app: root
name: root
spec:
containers:
- command:
- /assets/wrapper
env:
- name: PATH
value: /opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
value: gitlab.example.com
- name: container
value: podman
- name: GITLAB_OMNIBUS_CONFIG
value: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
- name: LANG
value: C.UTF-8
image: docker.io/gitlab/gitlab-ce:latest
name: rootgitlab1
ports:
- containerPort: 22
hostPort: 22222
protocol: TCP
- containerPort: 80
hostPort: 80
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /var/opt/gitlab
name: srv-podman-gitlab-data
- mountPath: /var/log/gitlab
name: srv-podman-gitlab-logs
- mountPath: /etc/gitlab
name: srv-podman-gitlab-conf
workingDir: /
- command:
- run
- --user=gitlab-runner
- --working-directory=/home/gitlab-runner
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
- name: container
value: podman
image: docker.io/gitlab/gitlab-runner:alpine
name: rootgitlab-runner1
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /etc/gitlab-runner
name: srv-podman-gitlab-runner
- mountPath: /var/run/docker.sock
name: var-run-docker.sock
workingDir: /
volumes:
- hostPath:
path: /srv/podman/gitlab/runner
type: Directory
name: srv-podman-gitlab-runner
- hostPath:
path: /var/run/docker.sock
type: File
name: var-run-docker.sock
- hostPath:
path: /srv/podman/gitlab/data
type: Directory
name: srv-podman-gitlab-data
- hostPath:
path: /srv/podman/gitlab/logs
type: Directory
name: srv-podman-gitlab-logs
- hostPath:
path: /srv/podman/gitlab/conf
type: Directory
name: srv-podman-gitlab-conf
status: {}
ã·ã¹ãã :
# podman generate systemd 71fc2b2a5c63
# pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
Documentation=man:podman-generate-systemd(1)
Requires=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Before=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
ExecStop=/usr/bin/podman stop -t 10 db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
ExecStop=/usr/bin/podman stop -t 10 da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
ExecStop=/usr/bin/podman stop -t 10 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
æ®å¿µãªãããsystemd çšã«çæããããŠãããã¯ãã³ã³ãããŒã®èµ·å以å€ã«ã¯äœãå®è¡ããªããã (ããšãã°ããµãŒãã¹ã®åèµ·åæã«å€ãã³ã³ãããŒãã¯ãªãŒã³ã¢ãããããªã©)ããã®ãããªåŠçãèªåã§èšè¿°ããå¿ èŠããããŸãã
ååãšããŠãã³ã³ãããšã¯äœããè©Šããdocker-compose ã®å€ãæ§æã転éããã¯ã©ã¹ã¿ãŒãå¿ èŠãªå Žå㯠Kubernetes ã«ç§»è¡ããããDocker ã®ãã䜿ãããã代æ¿æ段ãå ¥æããã«ã¯ãPodman ã§ååã§ãã
rkt
ãããžã§ã¯ã
ãã©ãã·ã¥
å¥ã®
æèŠ
Kubernetes ã®ç¶æ³ã¯éåžžã«èå³æ·±ããã®ã§ããäžæ¹ã§ãDocker ã䜿çšãããšã¯ã©ã¹ã¿ãŒã (swarm ã¢ãŒãã§) æ§ç¯ã§ããã¯ã©ã€ã¢ã³ãåãã«è£œåç°å¢ãå®è¡ããããšãã§ããŸããããã¯ç¹ã«å°èŠæš¡ãªããŒã (3 ïœ 5 人) ã«åœãŠã¯ãŸããŸãã ããŸãã¯å šäœçãªè² è·ãå°ããããŸãã¯é«è² è·ãå«ã Kubernetes ã®ã»ããã¢ããã®è€éããç解ããæ欲ã®æ¬ åŠã
Podman ã¯å®å šãªäºææ§ãæäŸããŸããããè¿œå ããŒã« (buildah ãªã©) ãå«ã Kubernetes ãšã®äºææ§ãšããéèŠãªå©ç¹ã XNUMX ã€ãããŸãã ãããã£ãŠãç§ã¯æ¬¡ã®ããã«äœæ¥çšããŒã«ã®éžæã«åãçµã¿ãŸããå°èŠæš¡ãªããŒã ããŸãã¯äºç®ãéãããŠããå Žå - Docker (swarm ã¢ãŒãã®å¯èœæ§ãã)ãå人çšããŒã«ã«ãã¹ãã§ã®èªåçšã®éçº - Podman ã®åå¿ãããã³ä»ã®å šå¡çš- Kubernetesã
Docker ã®ç¶æ³ãå°æ¥ãå€ãããªãã®ãã©ããã¯ããããŸãããçµå±ã®ãšãããDocker ã¯å é§è ã§ããã段éçã«æšæºåãé²ããããŠããŸãããPodman ã«ã¯ãã¹ãŠã®æ¬ ç¹ããããŸã (Linux äžã§ã®ã¿åäœããã¯ã©ã¹ã¿ãªã³ã°ããªããã¢ã»ã³ããªããã®ä»ã®ã¢ã¯ã·ã§ã³ã¯ãµãŒãããŒãã£ã®ãœãªã¥ãŒã·ã§ã³ã§ã) å°æ¥ã¯ããæ確ã«ãªã£ãŠãããããã³ã¡ã³ãã§ãããã®èª¿æ»çµæã«ã€ããŠè°è«ããããšããå§ãããŸãã
PS 3æXNUMXæ¥ã«ã¯ã
çºå£²åã®äºçŽäŸ¡æ ŒïŒ5000ã«ãŒãã«ã Docker ãã㪠ã³ãŒã¹ ããã°ã©ã ãã芧ããã ããŸã
åºæïŒ habr.com